========================================================================
The Secunia Weekly Advisory Summary
2008-04-10 - 2008-04-17
This week: 54 advisories
========================================================================
Table of Contents:
1.....................................................Word From Secunia
2....................................................This Week In Brief
3...............................This Weeks Top Ten Most Read Advisories
4.......................................Vulnerabilities Summary Listing
5.......................................Vulnerabilities Content Listing
========================================================================
1) Word From Secunia:
Try the Secunia Network Software Inspector (NSI) 2 for free!
Download the Secunia NSI 2:
https://psi.secunia.com/NSISetup.exe
Use it to scan up to five hosts in your network. The public Beta
testing will end on April 30, 2008. Send all your feedback to
support@private
========================================================================
2) This Week in Brief:
A highly critical vulnerability has been reported in Mozilla Firefox,
which can potentially be exploited by malicious people to compromise a
user's system.
The vulnerability is caused due to an error in the Javascript Garbage
Collector and can be exploited to cause a memory corruption via
specially crafted Javascript code.
Successful exploitation may allow execution of arbitrary code.
The vulnerability is reported in version 2.0.0.13. Prior versions may
also be affected. The vendor has released version 2.0.0.14 to resolve
the vulnerability.
For more information, refer to:
http://secunia.com/advisories/29787/
Secunia has constructed the Secunia Personal Software Inspector, which
you can use to check if your personal system is vulnerable:
https://psi.secunia.com/
Corporate users can request for a trial of the Secunia Network Software
Inspector, which you can use to check which systems in your network are
vulnerable:
http://secunia.com/network_software_inspector/
--
Some vulnerabilities have been reported in Safari, which can be
exploited by malicious people to conduct cross-site scripting attacks
or potentially to compromise a user's system.
An error in the handling of URLs containing a colon character in the
host name can be exploited to conduct cross-site scripting attacks when
a specially crafted URL is opened.
An integer overflow error in WebKit's regular expression compiler in
JavaScriptCore/pcre/pcre_compile.cpp can be exploited to cause a
heap-based buffer overflow via specially crafted regular expressions
with large, nested repetition counts.
Successful exploitation may allow execution of arbitrary code e.g. when
a user visits a malicious web page.
The vulnerabilities are reported in versions prior to 3.1.1.
Two vulnerabilities previously reported in Safari for Windows have also
been resolved in version 3.1.1. Users are urged to apply the update
immediately.
For more information, refer to:
http://secunia.com/advisories/29483/
http://secunia.com/advisories/29846/
Secunia has constructed the Secunia Personal Software Inspector, which
you can use to check if your personal system is vulnerable:
https://psi.secunia.com/
Corporate users can request for a trial of the Secunia Network Software
Inspector, which you can use to check which systems in your network are
vulnerable:
http://secunia.com/network_software_inspector/
--
Multiple vulnerabilities have been reported for various Oracle
products. Some vulnerabilities have unknown impacts while others can be
exploited by malicious users to bypass certain security restrictions,
conduct SQL injection attacks, cause a DoS (Denial of Service), or
potentially compromise a vulnerable system.
Input passed via unspecified parameters to the SDO_GEOM, SDO_IDX, and
SDO_UTIL packages is not properly sanitised before being used in SQL
queries. This can be exploited to manipulate SQL queries by injecting
arbitrary SQL code.
The problem is that the DBMS_STATS_INTERNAL package resets the OUTLN
password to a default value and grants DBA privileges to the OUTLN user
during the creation of a materialized view.
An error within the "flows_030000.wwv_execute_immediate.run_ddl()"
function included in Oracle Application Express can be exploited to
execute SQL commands with escalated privileges.
Successful exploitation requires access to the
"flows_030000.wwv_execute_immediate.run_ddl()" function (e.g. the
WMSYS, WKSYS, FLOWS_030000, and OUTLN accounts by default).
The remaining vulnerabilities are caused due to unspecified errors. No
more information is currently available.
Various Oracle products are affected. The vendor has released its
Critical Patch Update - April 2008 to resolve the vulnerabilities.
For more information, refer to:
http://secunia.com/advisories/29829/
--
VIRUS ALERTS:
During the past week Secunia collected 157 virus descriptions from the
Antivirus vendors. However, none were deemed MEDIUM risk or higher
according to the Secunia assessment scale.
========================================================================
3) This Weeks Top Ten Most Read Advisories:
1. [SA28083] Adobe Flash Player Multiple Vulnerabilities
2. [SA29000] ClamAV Multiple Vulnerabilities
3. [SA29772] Drupal Simple Access Module Security Bypass
4. [SA29692] CDNetworks Nefficient Download NeffyLauncher ActiveX
Control Directory Traversal
5. [SA29751] Openfire Unspecified Denial of Service
6. [SA29725] iScripts SocialWare SQL Injection and File Upload
Vulnerabilities
7. [SA29747] Nortel Networks Communication Server Multiple
Vulnerabilities
8. [SA29664] KwsPHP ConcoursPhoto Module "C_ID" SQL Injection
9. [SA29757] LightNEasy Administrator Password Hash Disclosure
10. [SA29783] Sun Solaris Self Encapsulated IP Packets Denial of
Service
========================================================================
4) Vulnerabilities Summary Listing
Windows:
[SA29837] CA Products DSM gui_cm_ctrls ActiveX Control Code Execution
[SA29831] BigAnt Messenger AntServer Module Directory Traversal and
Buffer Overflow
[SA29829] Oracle Products Multiple Vulnerabilities
[SA29827] Carbon Communities Cross-Site Scripting and SQL Injection
[SA29808] Nero MediaHome Denial of Service Vulnerability
[SA29805] Novell eDirectory "Connection" HTTP Header Processing Denial
of Service
[SA29796] HP OpenView Network Node Manager Multiple Vulnerabilities
UNIX/Linux:
[SA29864] Debian update for openoffice.org
[SA29863] Kolab Server ClamAV Multiple Vulnerabilities
[SA29850] xine-lib NSF Demuxer Buffer Overflow Vulnerability
[SA29828] Red Hat update for seamonkey
[SA29793] Red Hat update for firefox
[SA29862] Fedora update for nagios / nagios-plugins
[SA29861] Gentoo update for rsync
[SA29859] Fedora update for otrs
[SA29856] Fedora update for rsync
[SA29854] Fedora update for speex
[SA29845] Fedora update for libfishsound
[SA29840] AutoTutorials "id" SQL Injection Vulnerability
[SA29835] Red Hat update for speex
[SA29813] Ubuntu update for squid
[SA29785] VMware ESX Server Multiple Security Updates
[SA29809] CUPS PNG Filter Integer Overflow Vulnerability
[SA29839] Fedora update for gallery2
[SA29823] WORK system e-commerce main.php Cross-Site Scripting
[SA29806] IBM HTTP Server mod_imap and mod_status Cross-Site Scripting
[SA29803] MirBSD Korn Shell TTY Attachment Privilege Escalation
[SA29832] Cecilia "/tmp/csvers" Insecure Temporary File Handling
Other:
[SA29798] OmniPCX Office Information Disclosure Vulnerability
[SA29822] Cisco Network Admission Control Information Disclosure
Security Issue
Cross Platform:
[SA29860] Mozilla SeaMonkey Javascript Garbage Collector Vulnerability
[SA29852] OpenOffice Multiple Vulnerabilities
[SA29846] Safari Multiple Vulnerabilities
[SA29841] BEA JRockit Multiple Vulnerabilities
[SA29797] NewsOffice "newsoffice_directory" File Inclusion
Vulnerability
[SA29790] eGroupWare File Upload Vulnerability
[SA29787] Mozilla Firefox Javascript Garbage Collector Vulnerability
[SA29825] phpHotResources SQL Injection Vulnerability
[SA29820] Joomla Jom Comment Component Unspecified SQL Injection
[SA29815] Dating Club "age_to" SQL Injection Vulnerability
[SA29812] CcMail "this_cookie" Security Bypass Vulnerability
[SA29810] 1024 CMS SQL Injection and File Inclusion
[SA29807] cpCommerce Multiple Vulnerabilities
[SA29799] BosClassifieds Classified Ads System "cat" SQL Injection
[SA29794] Ruby WEBrick Information Disclosure
[SA29792] libpng Unknown Chunk Processing Uninitialized Memory Access
[SA29791] phpkb Knowledge Base "ID" SQL Injection Vulnerability
[SA29789] Koobi "poll_id" SQL Injection Vulnerability
[SA29788] cwRsync "xattr" Integer Overflow Vulnerability
[SA29849] HP OpenView Network Node Manager Multiple Vulnerabilities
[SA29819] DotClear "ecrire/images.php" File Upload Vulnerability
[SA29804] BusinessObjects XI "cms" Cross-Site Scripting Vulnerability
[SA29801] phpBB Two Security Bypass Vulnerabilities
[SA29795] Coppermine Photo Gallery "upload.php" SQL Injection
========================================================================
5) Vulnerabilities Content Listing
Windows:--
[SA29837] CA Products DSM gui_cm_ctrls ActiveX Control Code Execution
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2008-04-17
A vulnerability has been reported in various CA products, which can be
exploited by malicious people to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/29837/
--
[SA29831] BigAnt Messenger AntServer Module Directory Traversal and
Buffer Overflow
Critical: Highly critical
Where: From remote
Impact: Exposure of system information, Exposure of sensitive
information, System access
Released: 2008-04-16
Two vulnerabilities have been discovered in BigAnt Messenger, which can
be exploited by malicious people to disclose certain information or
compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/29831/
--
[SA29829] Oracle Products Multiple Vulnerabilities
Critical: Highly critical
Where: From remote
Impact: Unknown, Security Bypass, Manipulation of data, DoS,
System access
Released: 2008-04-16
Multiple vulnerabilities have been reported for various Oracle
products. Some vulnerabilities have unknown impacts while others can be
exploited by malicious users to bypass certain security restrictions,
conduct SQL injection attacks, cause a DoS (Denial of Service), or
potentially compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/29829/
--
[SA29827] Carbon Communities Cross-Site Scripting and SQL Injection
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting, Manipulation of data
Released: 2008-04-17
AmnPardaz Security Research Team have reported a vulnerability in
Carbon Communities, which can be exploited by malicious people to
conduct cross-site scripting and SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/29827/
--
[SA29808] Nero MediaHome Denial of Service Vulnerability
Critical: Less critical
Where: From local network
Impact: DoS
Released: 2008-04-14
Luigi Auriemma has discovered a vulnerability in Nero MediaHome, which
can be exploited by malicious people to cause a DoS (Denial of
Service).
Full Advisory:
http://secunia.com/advisories/29808/
--
[SA29805] Novell eDirectory "Connection" HTTP Header Processing Denial
of Service
Critical: Less critical
Where: From local network
Impact: DoS
Released: 2008-04-14
A vulnerability has been reported in Novell eDirectory, which can be
exploited by malicious people to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/29805/
--
[SA29796] HP OpenView Network Node Manager Multiple Vulnerabilities
Critical: Less critical
Where: From local network
Impact: Exposure of system information, Exposure of sensitive
information, DoS
Released: 2008-04-14
Some vulnerabilities have been reported in HP OpenView Network Node
Manager, which can be exploited by malicious people to disclose certain
information or cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/29796/
UNIX/Linux:--
[SA29864] Debian update for openoffice.org
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2008-04-17
Debian has issued an update for openoffice.org. This fixes some
vulnerabilities, which can be exploited by malicious people to
potentially compromise a user's system.
Full Advisory:
http://secunia.com/advisories/29864/
--
[SA29863] Kolab Server ClamAV Multiple Vulnerabilities
Critical: Highly critical
Where: From remote
Impact: DoS, System access
Released: 2008-04-17
Some vulnerabilities have been reported in Kolab Server, which can be
exploited by malicious people to cause a DoS (Denial of Service) or to
compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/29863/
--
[SA29850] xine-lib NSF Demuxer Buffer Overflow Vulnerability
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2008-04-17
Guido Landi has discovered a vulnerability in xine-lib, which can be
exploited by malicious people to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/29850/
--
[SA29828] Red Hat update for seamonkey
Critical: Highly critical
Where: From remote
Impact: DoS, System access
Released: 2008-04-17
Red Hat has issued an update for seamonkey. This fixes a vulnerability,
which can potentially be exploited by malicious people to compromise a
user's system.
Full Advisory:
http://secunia.com/advisories/29828/
--
[SA29793] Red Hat update for firefox
Critical: Highly critical
Where: From remote
Impact: DoS, System access
Released: 2008-04-17
Red Hat has issued an update for firefox. This fixes a vulnerability,
which can potentially be exploited by malicious people to compromise a
user's system.
Full Advisory:
http://secunia.com/advisories/29793/
--
[SA29862] Fedora update for nagios / nagios-plugins
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2008-04-17
Fedora has issued an update for nagios and nagios-plugins. This fixes a
vulnerability, which can be exploited by malicious people to compromise
a vulnerable system.
Full Advisory:
http://secunia.com/advisories/29862/
--
[SA29861] Gentoo update for rsync
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2008-04-17
Gentoo has issued an update for rsync. This fixes a vulnerability,
which can potentially be exploited by malicious users to cause a DoS
(Denial of Service) or to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/29861/
--
[SA29859] Fedora update for otrs
Critical: Moderately critical
Where: From remote
Impact: Security Bypass
Released: 2008-04-17
Fedora has issued an update for otrs. This fixes a vulnerability, which
can be exploited by malicious people to bypass certain security
restrictions.
Full Advisory:
http://secunia.com/advisories/29859/
--
[SA29856] Fedora update for rsync
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2008-04-17
Fedora has issued an update for rsync. This fixes a vulnerability,
which can potentially be exploited by malicious users to cause a DoS
(Denial of Service) or to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/29856/
--
[SA29854] Fedora update for speex
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2008-04-17
Fedora has issued an update for speex. This fixes a security issue,
which can potentially be exploited by malicious people to compromise an
application using the library.
Full Advisory:
http://secunia.com/advisories/29854/
--
[SA29845] Fedora update for libfishsound
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2008-04-17
Fedora has issued an update for libfishsound. This fixes a
vulnerability, which can potentially be exploited by malicious people
to compromise an application using the library.
Full Advisory:
http://secunia.com/advisories/29845/
--
[SA29840] AutoTutorials "id" SQL Injection Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2008-04-17
cO2 has discovered a vulnerability in AutoTutorials, which can be
exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/29840/
--
[SA29835] Red Hat update for speex
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2008-04-17
Red Hat has issued an update for speex. This fixes a vulnerability,
which can potentially be exploited by malicious people to compromise an
application using the library.
Full Advisory:
http://secunia.com/advisories/29835/
--
[SA29813] Ubuntu update for squid
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2008-04-15
Ubuntu has issued an update for squid. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service).
Full Advisory:
http://secunia.com/advisories/29813/
--
[SA29785] VMware ESX Server Multiple Security Updates
Critical: Moderately critical
Where: From remote
Impact: Exposure of sensitive information, DoS, System access
Released: 2008-04-16
VMware has issued an update for VMware ESX Server. This fixes some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service), disclose sensitive information, or potentially
compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/29785/
--
[SA29809] CUPS PNG Filter Integer Overflow Vulnerability
Critical: Moderately critical
Where: From local network
Impact: System access
Released: 2008-04-15
Thomas Pollet has reported a vulnerability in CUPS, which potentially
can be exploited by malicious people to compromise a vulnerable
system.
Full Advisory:
http://secunia.com/advisories/29809/
--
[SA29839] Fedora update for gallery2
Critical: Less critical
Where: From remote
Impact: Security Bypass
Released: 2008-04-17
Fedora has issued an update for gallery2. This fixes a vulnerability,
which can be exploited by malicious people to bypass certain security
restrictions.
Full Advisory:
http://secunia.com/advisories/29839/
--
[SA29823] WORK system e-commerce main.php Cross-Site Scripting
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2008-04-15
Russ McRee has discovered some vulnerabilities in WORK system
e-commerce, which can be exploited by malicious people to conduct
cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/29823/
--
[SA29806] IBM HTTP Server mod_imap and mod_status Cross-Site Scripting
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2008-04-14
IBM has acknowledged some vulnerabilities in IBM HTTP Server, which can
be exploited by malicious people to conduct cross-site scripting
attacks.
Full Advisory:
http://secunia.com/advisories/29806/
--
[SA29803] MirBSD Korn Shell TTY Attachment Privilege Escalation
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2008-04-14
A vulnerability has been reported in MirBSD Korn Shell, which can be
exploited by malicious, local users to gain escalated privileges.
Full Advisory:
http://secunia.com/advisories/29803/
--
[SA29832] Cecilia "/tmp/csvers" Insecure Temporary File Handling
Critical: Not critical
Where: Local system
Impact: Privilege escalation
Released: 2008-04-16
Felipe Sateler has discovered a security issue in Cecilia, which can be
exploited by malicious, local users to perform certain actions with
escalated privileges.
Full Advisory:
http://secunia.com/advisories/29832/
Other:--
[SA29798] OmniPCX Office Information Disclosure Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Exposure of sensitive information
Released: 2008-04-14
A vulnerability has been reported in OmniPCX Office, which can be
exploited by malicious people to disclose sensitive information.
Full Advisory:
http://secunia.com/advisories/29798/
--
[SA29822] Cisco Network Admission Control Information Disclosure
Security Issue
Critical: Moderately critical
Where: From local network
Impact: Exposure of sensitive information
Released: 2008-04-17
A security issue has been reported in Cisco Network Admission Control
(NAC), which can be exploited by malicious people to disclose sensitive
information.
Full Advisory:
http://secunia.com/advisories/29822/
Cross Platform:--
[SA29860] Mozilla SeaMonkey Javascript Garbage Collector Vulnerability
Critical: Highly critical
Where: From remote
Impact: DoS, System access
Released: 2008-04-17
A vulnerability has been reported in Mozilla SeaMonkey, which can
potentially be exploited by malicious people to compromise a user's
system.
Full Advisory:
http://secunia.com/advisories/29860/
--
[SA29852] OpenOffice Multiple Vulnerabilities
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2008-04-17
Some vulnerabilities have been reported in OpenOffice, which can be
exploited by malicious people to potentially compromise a user's
system.
Full Advisory:
http://secunia.com/advisories/29852/
--
[SA29846] Safari Multiple Vulnerabilities
Critical: Highly critical
Where: From remote
Impact: Cross Site Scripting, DoS, System access
Released: 2008-04-17
Some vulnerabilities have been reported in Safari, which can be
exploited by malicious people to conduct cross-site scripting attacks
or potentially to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/29846/
--
[SA29841] BEA JRockit Multiple Vulnerabilities
Critical: Highly critical
Where: From remote
Impact: Security Bypass, DoS, System access
Released: 2008-04-17
Some vulnerabilities have been reported in BEA JRockit, which can be
exploited by malicious people to bypass certain security restrictions,
cause a DoS (Denial of Service), or compromise a user's system.
Full Advisory:
http://secunia.com/advisories/29841/
--
[SA29797] NewsOffice "newsoffice_directory" File Inclusion
Vulnerability
Critical: Highly critical
Where: From remote
Impact: Exposure of system information, Exposure of sensitive
information, System access
Released: 2008-04-14
RoMaNcYxHaCkEr has discovered a vulnerability in NewsOffice, which can
be exploited by malicious people to disclose sensitive information or
to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/29797/
--
[SA29790] eGroupWare File Upload Vulnerability
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2008-04-17
A vulnerability has been reported in eGroupWare, which can be exploited
by malicious people to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/29790/
--
[SA29787] Mozilla Firefox Javascript Garbage Collector Vulnerability
Critical: Highly critical
Where: From remote
Impact: DoS, System access
Released: 2008-04-17
A vulnerability has been reported in Mozilla Firefox, which can
potentially be exploited by malicious people to compromise a user's
system.
Full Advisory:
http://secunia.com/advisories/29787/
--
[SA29825] phpHotResources SQL Injection Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2008-04-15
The-0utl4w has reported a vulnerability in phpHotResources, which can
be exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/29825/
--
[SA29820] Joomla Jom Comment Component Unspecified SQL Injection
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2008-04-17
Security Assurance Team of the National Australia Bank have reported a
vulnerability in the Jom Comment component for Joomla!, which can be
exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/29820/
--
[SA29815] Dating Club "age_to" SQL Injection Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2008-04-15
The-0utl4w has reported a vulnerability in Dating Club, which can be
exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/29815/
--
[SA29812] CcMail "this_cookie" Security Bypass Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Security Bypass
Released: 2008-04-14
t0pP8uZz has discovered a vulnerability in CcMail, which can be
exploited by malicious people to bypass certain security restrictions.
Full Advisory:
http://secunia.com/advisories/29812/
--
[SA29810] 1024 CMS SQL Injection and File Inclusion
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data, Exposure of system information,
Exposure of sensitive information
Released: 2008-04-14
__GiReX__ has discovered some vulnerabilities in 1024 CMS, which can be
exploited by malicious people to conduct SQL injection attacks or to
disclose sensitive information.
Full Advisory:
http://secunia.com/advisories/29810/
--
[SA29807] cpCommerce Multiple Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting, Manipulation of data, Exposure of
system information, Exposure of sensitive information
Released: 2008-04-14
AmnPardaz Security Research Team have discovered some vulnerabilities
in cpCommerce, which can be exploited by malicious people to conduct
cross-site scripting and SQL injection attacks, and to disclose
sensitive information.
Full Advisory:
http://secunia.com/advisories/29807/
--
[SA29799] BosClassifieds Classified Ads System "cat" SQL Injection
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2008-04-15
SoSo H H has reported a vulnerability in BosClassifieds Classified Ads
System, which can be exploited by malicious people to conduct SQL
injection attacks.
Full Advisory:
http://secunia.com/advisories/29799/
--
[SA29794] Ruby WEBrick Information Disclosure
Critical: Moderately critical
Where: From remote
Impact: Exposure of system information, Exposure of sensitive
information
Released: 2008-04-16
Luigi Auriemma has reported a vulnerability in Ruby, which can be
exploited by malicious people to disclose sensitive information.
Full Advisory:
http://secunia.com/advisories/29794/
--
[SA29792] libpng Unknown Chunk Processing Uninitialized Memory Access
Critical: Moderately critical
Where: From remote
Impact: Exposure of sensitive information, DoS, System access
Released: 2008-04-14
Tavis Ormandy has reported a vulnerability in libpng, which can be
exploited by malicious people to cause a DoS (Denial of Service),
disclose potentially sensitive information, or potentially compromise
an application using the library.
Full Advisory:
http://secunia.com/advisories/29792/
--
[SA29791] phpkb Knowledge Base "ID" SQL Injection Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2008-04-14
parad0x has reported a vulnerability in phpkb Knowledge Base, which can
be exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/29791/
--
[SA29789] Koobi "poll_id" SQL Injection Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2008-04-17
S@BUN has reported a vulnerability in Koobi, which can be exploited by
malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/29789/
--
[SA29788] cwRsync "xattr" Integer Overflow Vulnerability
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2008-04-14
A vulnerability has been reported in cwRsync, which can potentially be
exploited by malicious users to cause a DoS (Denial of Service) or to
compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/29788/
--
[SA29849] HP OpenView Network Node Manager Multiple Vulnerabilities
Critical: Moderately critical
Where: From local network
Impact: Cross Site Scripting, DoS, System access
Released: 2008-04-17
HP has acknowledged some vulnerabilities in OpenView Network Node
Manager, which can be exploited by malicious people to conduct
cross-site scripting attacks, cause a DoS (Denial of Service), or
compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/29849/
--
[SA29819] DotClear "ecrire/images.php" File Upload Vulnerability
Critical: Less critical
Where: From remote
Impact: System access
Released: 2008-04-16
Morgan ARMAND has discovered a vulnerability in DotClear, which can be
exploited by malicious users to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/29819/
--
[SA29804] BusinessObjects XI "cms" Cross-Site Scripting Vulnerability
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2008-04-17
Sebastien gioria has reported a vulnerability in BusinessObjects XI,
which can be exploited by malicious people to conduct cross-site
scripting attacks.
Full Advisory:
http://secunia.com/advisories/29804/
--
[SA29801] phpBB Two Security Bypass Vulnerabilities
Critical: Less critical
Where: From remote
Impact: Security Bypass, Exposure of sensitive information
Released: 2008-04-15
Two vulnerabilities have been reported in phpBB, which can be exploited
by malicious users to bypass certain security restrictions.
Full Advisory:
http://secunia.com/advisories/29801/
--
[SA29795] Coppermine Photo Gallery "upload.php" SQL Injection
Critical: Less critical
Where: From remote
Impact: Manipulation of data
Released: 2008-04-14
A vulnerability has been discovered in Coppermine Photo Gallery, which
can be exploited by malicious users to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/29795/
========================================================================
Secunia recommends that you verify all advisories you receive,
by clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only use
those supplied by the vendor.
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Subscribe:
http://secunia.com/secunia_weekly_summary/
Contact details:
Web : http://secunia.com/
E-mail : support@private
Tel : +45 70 20 51 44
Fax : +45 70 20 51 45
-==-
Let identityLoveSock take your personal information into
their wanting hands. http://www.identity-love-sock.com/
Because victims have money too.
This archive was generated by hypermail 2.1.3 : Fri Apr 18 2008 - 02:18:51 PDT