========================================================================
The Secunia Weekly Advisory Summary
2008-04-25 - 2008-05-02
This week: 63 advisories
========================================================================
Table of Contents:
1.....................................................Word From Secunia
2....................................................This Week In Brief
3...............................This Weeks Top Ten Most Read Advisories
4.......................................Vulnerabilities Summary Listing
5.......................................Vulnerabilities Content Listing
========================================================================
1) Word From Secunia:
Try the Secunia Network Software Inspector (NSI) 2.0 for free! The
Secunia NSI 2.0 is available as a 7-day trial download and can be used
to scan up to 3 hosts within your network.
Download the Secunia NSI trial version from:
https://psi.secunia.com/NSISetup.exe
========================================================================
2) This Week in Brief:
A highly critical vulnerability has been reported in Akamai Download
Manager, which can be exploited by malicious people to compromise a
user's system.
The vulnerability is caused due to an unspecified error and can be
exploited to e.g. download and execute malicious programs when a user
is tricked into visiting a malicious site.
The vulnerability is reported in versions prior to 2.2.3.5, which fixes
the issue.
--
A highly critical vulnerability has been reported in IBM Lotus
Expeditor, which can be exploited by malicious people to compromise a
user's system.
The problem is that the application registers the "cai" URI handler,
which allows launching rcplauncher.exe with arbitrary command line
arguments. This can be exploited to execute arbitrary programs via the
"-launcher" argument.
The vulnerability affects Lotus Expeditor Client for Desktop versions
6.1.0, 6.1.1, and 6.1.2 on Windows systems using Internet Explorer.
A patch has been released by the vendor; please contact IBM support for
access.
--
Some vulnerabilities have been reported in HP Software Update, which
can be exploited by malicious people to disclose certain information or
compromise a vulnerable system.
A highly critical boundary error in the HPeSupportDiags.HPIniFileUtil.1
ActiveX control (HPeDiag.dll) when handling the "GetXmlFromIni()" method
can be exploited to cause a stack-based buffer overflow. Successful
exploitation allows execution of arbitrary code.
Insecure methods in certain ActiveX controls (e.g.
HPeSupportDiags.HPRegUtil.1, HPeSupportDiags.HPFileUtil.1,
HPeSupportDiags.HPSystemBoardInfo.1,
HPeSupportDiags.HPOperatingSystem.1) can be exploited to, for example,
read registry entries, read text files, or retrieve system and OS
information.
The vulnerabilities are reported in versions 4.000.009.002 and prior.
The vendor has released version 4.000.010.008 to fix the
vulnerabilities.
--
VIRUS ALERTS:
During the past week Secunia collected 204 virus descriptions from the
Antivirus vendors. However, none were deemed MEDIUM risk or higher
according to the Secunia assessment scale.
========================================================================
3) This Weeks Top Ten Most Read Advisories:
1. [SA29900] Safari Address Bar URL Spoofing Security Issue
2. [SA29966] HP Software Update HPeDiag ActiveX Control Insecure
Methods and Buffer Overflow
3. [SA29952] Trillian Display Name Processing Memory Corruption
4. [SA29948] Debian update for perl
5. [SA29949] WordPress "cat" Directory Traversal Vulnerability
6. [SA29833] LightNEasy Multiple Vulnerabilities
7. [SA29938] WordPress Spreadsheet Plugin "ss_id" SQL Injection
Vulnerability
8. [SA29843] RedDot CMS "LngId" SQL Injection Vulnerability
9. [SA29891] SUSE update for clamav
10. [SA29964] Debian update for phpmyadmin
========================================================================
4) Vulnerabilities Summary Listing
Windows:
[SA30037] Akamai Download Manager Code Execution Vulnerability
[SA29990] E-Post Mail Server POP3 Password Disclosure Vulnerability
[SA29979] MegaBBS SQL Injection and Cross-Site Scripting
Vulnerabilities
[SA30036] SNMPc "SNMP TRAP" Packet Buffer Overflow Vulnerability
[SA30007] Rising Antivirus "NtOpenProcess()" Hooked Function Denial of
Service
[SA30006] Comodo Firewall Pro Hooked Functions Denial of Service
[SA30005] BitDefender Antivirus 2008 "NtOpenProcess()" Hooked Function
Denial of Service
[SA29996] Sophos Anti-Virus "NtCreateKey()" Hooked Function Denial of
Service
UNIX/Linux:
[SA30033] Fedora update for poppler
[SA30029] Red Hat update for thunderbird
[SA30021] Fedora update for xine-lib
[SA30020] GNOME PeerCast "HTTP::getAuthUserPass()" Buffer Overflow
Vulnerability
[SA30012] Debian update for iceape
[SA30003] Red Hat update for java-1.5.0-bea
[SA30001] Fedora update for KDE4
[SA29999] Red Hat update for java-1.4.2-bea
[SA29994] Fedora update for wordpress
[SA29980] KDE KHTML PNG Processing Buffer Overflow Vulnerability
[SA30032] Fedora update for squid
[SA30031] Fedora update for moin
[SA30030] Fedora update for perl-Imager
[SA30025] Fedora update for perl
[SA30023] Fedora update for lighttpd
[SA30011] Imager Image-Based Fill Buffer Overflow Vulnerability
[SA30009] Slackware update for libpng
[SA29995] ZoneMinder Unspecified Code Execution Vulnerabilities
[SA29992] rPath update for libpng
[SA29984] Fedora update for dbmail
[SA29976] IBM WebSphere Application Server Java Plugin Security Bypass
[SA29986] HP-UX WBEM Services OpenPegasus PAM Module Buffer Overflows
[SA30027] cPanel Cross-Site Request Forgery Vulnerabilities
[SA30013] Debian update for wordpress
[SA30004] miniBB "whatus" Cross-Site Scripting Vulnerability
[SA29988] Sun Solaris Apache Modules Cross-Site Scripting
Vulnerabilities
[SA30042] Debian update for asterisk
[SA30010] Fedora update for asterisk
[SA30044] Linux Kernel Multiple Vulnerabilities
[SA30018] Debian update for kernel
[SA29977] Gentoo update for kde
[SA30014] util-linux-ng "login" Audit Log Injection Weakness
[SA30008] GraphicsMagick Insecure File Extension Processing
[SA29982] Fedora update for util-linux-ng
Other:
[SA30054] ALAXALA Networks AX Series BGP UPDATE Message Processing
Denial of Service
[SA30038] Nortel Multimedia Communication Server PC Client Buffer
Overflow
[SA30028] Hitachi GR Series BGP UPDATE Message Processing Denial of
Service
[SA30026] Motorola Surfboard Cable Modem Web Interface Cross-Site
Request Forgery
Cross Platform:
[SA30022] Harris WapChat Multiple File Inclusion Vulnerabilities
[SA29989] PhpGedView Unspecified Vulnerability
[SA29987] Sun StarOffice/StarSuite Multiple Vulnerabilities
[SA29978] Sun Java System Directory Server "bind-dn" Security Bypass
[SA30052] ActualAnalyzer Lite "style" Local File Inclusion
[SA30048] PHP Multiple Vulnerabilities
[SA30046] vlbook Cross-Site Scripting and Local File Inclusion
[SA30043] Robocode AWT Event Queue Security Bypass
[SA30015] Project-Based Calendaring System File Disclosure
Vulnerabilities
[SA29997] miniBB Cross-Site Scripting and SQL Injection
Vulnerabilities
[SA29991] Joovili "category" SQL Injection Vulnerability
[SA29985] WebGUI Data Form List View Unspecified Vulnerability
[SA29983] Softbiz Web Host Directory Script "host_id" SQL Injection
[SA29981] Jokes Site Script "catagorie" SQL Injection Vulnerability
[SA30049] Mjguest "level" Cross-Site Scripting Vulnerability
[SA30002] Sugar Community Edition RSS Module Information Disclosure
Vulnerability
[SA29993] XOOPS Various Bluemoon inc. Modules Cross-Site Scripting
========================================================================
5) Vulnerabilities Content Listing
Windows:--
[SA30037] Akamai Download Manager Code Execution Vulnerability
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2008-05-01
A vulnerability has been reported in Akamai Download Manager, which can
be exploited by malicious people to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/30037/
--
[SA29990] E-Post Mail Server POP3 Password Disclosure Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Exposure of sensitive information
Released: 2008-04-28
Tan Chew Keong has reported a vulnerability in E-Post Mail Server,
which can be exploited by malicious people to disclose sensitive
information.
Full Advisory:
http://secunia.com/advisories/29990/
--
[SA29979] MegaBBS SQL Injection and Cross-Site Scripting
Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting, Manipulation of data
Released: 2008-04-28
AmnPardaz Security Research Team have reported some vulnerabilities in
MegaBBS, which can be exploited by malicious users to conduct SQL
injection attacks and by malicious people to conduct cross-site
scripting attacks.
Full Advisory:
http://secunia.com/advisories/29979/
--
[SA30036] SNMPc "SNMP TRAP" Packet Buffer Overflow Vulnerability
Critical: Moderately critical
Where: From local network
Impact: DoS, System access
Released: 2008-05-01
Wade Alcorn and John Heasman have reported a vulnerability in SNMPc,
which can be exploited by malicious people to cause a DoS (Denial of
Service) or compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/30036/
--
[SA30007] Rising Antivirus "NtOpenProcess()" Hooked Function Denial of
Service
Critical: Not critical
Where: Local system
Impact: DoS
Released: 2008-04-29
Core Security Technologies has reported a vulnerability in Rising
Antivirus, which can be exploited by malicious, local users to cause a
DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/30007/
--
[SA30006] Comodo Firewall Pro Hooked Functions Denial of Service
Critical: Not critical
Where: Local system
Impact: DoS
Released: 2008-04-29
Core Security Technologies has reported some vulnerabilities in Comodo
Firewall Pro, which can be exploited by malicious, local users to cause
a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/30006/
--
[SA30005] BitDefender Antivirus 2008 "NtOpenProcess()" Hooked Function
Denial of Service
Critical: Not critical
Where: Local system
Impact: DoS
Released: 2008-04-29
Core Security Technologies has reported a vulnerability in BitDefender
Antivirus 2008, which can be exploited by malicious, local users to
cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/30005/
--
[SA29996] Sophos Anti-Virus "NtCreateKey()" Hooked Function Denial of
Service
Critical: Not critical
Where: Local system
Impact: DoS
Released: 2008-04-29
Core Security Technologies has reported a vulnerability in Sophos
Anti-Virus, which can be exploited by malicious, local users to cause a
DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/29996/
UNIX/Linux:--
[SA30033] Fedora update for poppler
Critical: Highly critical
Where: From remote
Impact: DoS, System access
Released: 2008-04-30
Fedora has issued an update for poppler. This fixes a vulnerability,
which can potentially be exploited by malicious people to compromise a
vulnerable system.
Full Advisory:
http://secunia.com/advisories/30033/
--
[SA30029] Red Hat update for thunderbird
Critical: Highly critical
Where: From remote
Impact: DoS, System access
Released: 2008-05-01
Red Hat has issued an update for thunderbird. This fixes a
vulnerability, which can potentially be exploited by malicious people
to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/30029/
--
[SA30021] Fedora update for xine-lib
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2008-04-30
Fedora has issued an update for xine-lib. This fixes a vulnerability,
which can be exploited by malicious people to compromise a user's
system.
Full Advisory:
http://secunia.com/advisories/30021/
--
[SA30020] GNOME PeerCast "HTTP::getAuthUserPass()" Buffer Overflow
Vulnerability
Critical: Highly critical
Where: From remote
Impact: DoS, System access
Released: 2008-04-30
Nico Golde has reported a vulnerability in GNOME PeerCast, which can be
exploited by malicious people to cause a DoS (Denial of Service) or to
potentially compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/30020/
--
[SA30012] Debian update for iceape
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2008-04-29
Debian has issued an update for iceape. This fixes a vulnerability,
which can potentially be exploited by malicious people to compromise a
vulnerable system.
Full Advisory:
http://secunia.com/advisories/30012/
--
[SA30003] Red Hat update for java-1.5.0-bea
Critical: Highly critical
Where: From remote
Impact: Security Bypass, DoS, System access
Released: 2008-04-28
Red Hat has issued an update for java-1.5.0-bea. This fixes some
vulnerabilities, which can be exploited by malicious people to bypass
certain security restrictions, cause a DoS (Denial of Service), or
compromise a user's system.
Full Advisory:
http://secunia.com/advisories/30003/
--
[SA30001] Fedora update for KDE4
Critical: Highly critical
Where: From remote
Impact: DoS, System access
Released: 2008-04-30
Fedora has issued an update for KDE4. This fixes a vulnerability, which
potentially can be exploited by malicious people to compromise a user's
system.
Full Advisory:
http://secunia.com/advisories/30001/
--
[SA29999] Red Hat update for java-1.4.2-bea
Critical: Highly critical
Where: From remote
Impact: Security Bypass, DoS, System access
Released: 2008-04-28
Red Hat has issued an update for java-1.4.2-bea. This fixes a
vulnerability, which can be exploited by malicious people to bypass
certain security restrictions and potentially compromise a vulnerable
system.
Full Advisory:
http://secunia.com/advisories/29999/
--
[SA29994] Fedora update for wordpress
Critical: Highly critical
Where: From remote
Impact: Security Bypass, Cross Site Scripting, System access
Released: 2008-04-30
Fedora has issued an update for wordpress. This fixes some
vulnerabilities, which can be exploited by malicious people to conduct
cross-site scripting attacks, bypass certain security restrictions, and
to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/29994/
--
[SA29980] KDE KHTML PNG Processing Buffer Overflow Vulnerability
Critical: Highly critical
Where: From remote
Impact: DoS, System access
Released: 2008-04-28
A vulnerability has been reported in KDE, which potentially can be
exploited by malicious people to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/29980/
--
[SA30032] Fedora update for squid
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2008-04-30
Fedora has issued an update for squid. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service).
Full Advisory:
http://secunia.com/advisories/30032/
--
[SA30031] Fedora update for moin
Critical: Moderately critical
Where: From remote
Impact: Security Bypass, Cross Site Scripting
Released: 2008-04-30
Fedora has issued an update for moin. This fixes some vulnerabilities,
which can be exploited by malicious people to conduct cross-site
scripting attacks and bypass certain security restrictions.
Full Advisory:
http://secunia.com/advisories/30031/
--
[SA30030] Fedora update for perl-Imager
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2008-04-30
Fedora has issued an update for perl-Imager. This fixes a
vulnerability, which potentially can be exploited by malicious people
to compromise an application using the library.
Full Advisory:
http://secunia.com/advisories/30030/
--
[SA30025] Fedora update for perl
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2008-04-30
Fedora has issued an update for perl. This fixes a vulnerability, which
potentially can be exploited by malicious people to compromise a
vulnerable system.
Full Advisory:
http://secunia.com/advisories/30025/
--
[SA30023] Fedora update for lighttpd
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2008-04-30
Fedora has issued an update for lighttpd. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service).
Full Advisory:
http://secunia.com/advisories/30023/
--
[SA30011] Imager Image-Based Fill Buffer Overflow Vulnerability
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2008-04-29
A vulnerability has been reported in Imager, which potentially can be
exploited by malicious people to compromise an application using the
library.
Full Advisory:
http://secunia.com/advisories/30011/
--
[SA30009] Slackware update for libpng
Critical: Moderately critical
Where: From remote
Impact: Exposure of sensitive information, DoS, System access
Released: 2008-04-29
Slackware has issued an update for libpng. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service), disclose potentially sensitive information, or potentially
compromise an application using the library.
Full Advisory:
http://secunia.com/advisories/30009/
--
[SA29995] ZoneMinder Unspecified Code Execution Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2008-04-28
Some vulnerabilities have been reported in ZoneMinder, which
potentially can be exploited by malicious users to compromise a
vulnerable system.
Full Advisory:
http://secunia.com/advisories/29995/
--
[SA29992] rPath update for libpng
Critical: Moderately critical
Where: From remote
Impact: Exposure of sensitive information, DoS, System access
Released: 2008-04-30
rPath has issued an update for libpng. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service), disclose potentially sensitive information, or potentially
compromise an application using the library.
Full Advisory:
http://secunia.com/advisories/29992/
--
[SA29984] Fedora update for dbmail
Critical: Moderately critical
Where: From remote
Impact: Security Bypass
Released: 2008-04-30
Fedora has issued an update for dbmail. This fixes a vulnerability,
which can be exploited by malicious people to bypass certain security
restrictions.
Full Advisory:
http://secunia.com/advisories/29984/
--
[SA29976] IBM WebSphere Application Server Java Plugin Security Bypass
Critical: Moderately critical
Where: From remote
Impact: Security Bypass
Released: 2008-05-01
A vulnerability has been reported in IBM WebSphere Application Server,
which can be exploited by malicious people to bypass certain security
restrictions.
Full Advisory:
http://secunia.com/advisories/29976/
--
[SA29986] HP-UX WBEM Services OpenPegasus PAM Module Buffer Overflows
Critical: Moderately critical
Where: From local network
Impact: DoS, System access
Released: 2008-04-30
HP has acknowledged some vulnerabilities in HP-UX, which can
potentially be exploited by malicious people to compromise a vulnerable
system.
Full Advisory:
http://secunia.com/advisories/29986/
--
[SA30027] cPanel Cross-Site Request Forgery Vulnerabilities
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2008-05-01
Some vulnerabilities have been reported in cPanel, which can be
exploited by malicious people to conduct cross-site request forgery
attacks.
Full Advisory:
http://secunia.com/advisories/30027/
--
[SA30013] Debian update for wordpress
Critical: Less critical
Where: From remote
Impact: Exposure of system information, Exposure of sensitive
information
Released: 2008-05-02
Debian has issued an update for wordpress. This fixes a vulnerability,
which can potentially be exploited by malicious people to disclose
sensitive information.
Full Advisory:
http://secunia.com/advisories/30013/
--
[SA30004] miniBB "whatus" Cross-Site Scripting Vulnerability
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2008-04-29
IRCRASH has discovered a vulnerability in miniBB, which can be
exploited by malicious people to conduct cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/30004/
--
[SA29988] Sun Solaris Apache Modules Cross-Site Scripting
Vulnerabilities
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2008-04-28
Sun has acknowledged some vulnerabilities in Solaris, which can be
exploited by malicious people to conduct cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/29988/
--
[SA30042] Debian update for asterisk
Critical: Less critical
Where: From local network
Impact: DoS
Released: 2008-05-01
Debian has issued an update for asterisk. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service).
Full Advisory:
http://secunia.com/advisories/30042/
--
[SA30010] Fedora update for asterisk
Critical: Less critical
Where: From local network
Impact: DoS
Released: 2008-04-30
Fedora has issued an update for asterisk. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service).
Full Advisory:
http://secunia.com/advisories/30010/
--
[SA30044] Linux Kernel Multiple Vulnerabilities
Critical: Less critical
Where: Local system
Impact: Privilege escalation, DoS
Released: 2008-05-02
Some vulnerabilities have been reported in the Linux kernel, which can
be exploited by malicious, local users to cause a DoS (Denial of
Service) or to potentially gain escalated privileges.
Full Advisory:
http://secunia.com/advisories/30044/
--
[SA30018] Debian update for kernel
Critical: Less critical
Where: Local system
Impact: Security Bypass, Privilege escalation, DoS
Released: 2008-05-02
Debian has issued an update for the kernel. This fixes some
vulnerabilities and security issues, which can be exploited by
malicious, local users to bypass certain security restrictions, cause a
DoS (Denial of Service), or to potentially gain escalated privileges.
Full Advisory:
http://secunia.com/advisories/30018/
--
[SA29977] Gentoo update for kde
Critical: Less critical
Where: Local system
Impact: Privilege escalation, DoS
Released: 2008-04-29
Gentoo has issued an update for kdelibs. This fixes a vulnerability,
which can be exploited by malicious, local users to cause a DoS (Denial
of Service) or to potentially gain escalated privileges.
Full Advisory:
http://secunia.com/advisories/29977/
--
[SA30014] util-linux-ng "login" Audit Log Injection Weakness
Critical: Not critical
Where: From remote
Impact: Manipulation of data
Released: 2008-04-29
A weakness has been reported in util-linux-ng, which can be exploited
by malicious people to manipulate certain data.
Full Advisory:
http://secunia.com/advisories/30014/
--
[SA30008] GraphicsMagick Insecure File Extension Processing
Critical: Not critical
Where: From remote
Impact: Security Bypass
Released: 2008-05-02
A security issue has been reported in GraphicsMagick, which can be
exploited by malicious people to bypass certain security restrictions.
Full Advisory:
http://secunia.com/advisories/30008/
--
[SA29982] Fedora update for util-linux-ng
Critical: Not critical
Where: From remote
Impact: Manipulation of data
Released: 2008-04-30
Fedora has issued an update for util-linux-ng. This fixes a weakness,
which can be exploited by malicious people to manipulate certain data.
Full Advisory:
http://secunia.com/advisories/29982/
Other:--
[SA30054] ALAXALA Networks AX Series BGP UPDATE Message Processing
Denial of Service
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2008-05-02
A vulnerability has been reported in ALAXALA Networks AX series, which
can be exploited by malicious people to cause a DoS (Denial of
Service).
Full Advisory:
http://secunia.com/advisories/30054/
--
[SA30038] Nortel Multimedia Communication Server PC Client Buffer
Overflow
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2008-05-01
A vulnerability has been reported in Nortel Multimedia Communication
Server (MCS), which can be exploited by malicious people to cause a DoS
(Denial of Service).
Full Advisory:
http://secunia.com/advisories/30038/
--
[SA30028] Hitachi GR Series BGP UPDATE Message Processing Denial of
Service
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2008-05-02
A vulnerability has been reported in Hitachi GR series routers, which
can be exploited by malicious people to cause a DoS (Denial of
Service).
Full Advisory:
http://secunia.com/advisories/30028/
--
[SA30026] Motorola Surfboard Cable Modem Web Interface Cross-Site
Request Forgery
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2008-04-30
Rook Security has reported a vulnerability in Motorola Surfboard Cable
Modem, which can be exploited by malicious people to conduct cross-site
request forgery attacks.
Full Advisory:
http://secunia.com/advisories/30026/
Cross Platform:--
[SA30022] Harris WapChat Multiple File Inclusion Vulnerabilities
Critical: Highly critical
Where: From remote
Impact: Exposure of system information, Exposure of sensitive
information, System access
Released: 2008-05-02
k1n9k0ng has discovered some vulnerabilities in Harris WapChat, which
can be exploited by malicious people to compromise a vulnerable
system.
Full Advisory:
http://secunia.com/advisories/30022/
--
[SA29989] PhpGedView Unspecified Vulnerability
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2008-04-29
A vulnerability has been reported in PhpGedView, which can be exploited
by malicious people to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/29989/
--
[SA29987] Sun StarOffice/StarSuite Multiple Vulnerabilities
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2008-04-28
Sun has acknowledged some vulnerabilities in Sun StarOffice and
StarSuite, which can be exploited by malicious people to compromise a
user's system.
Full Advisory:
http://secunia.com/advisories/29987/
--
[SA29978] Sun Java System Directory Server "bind-dn" Security Bypass
Critical: Highly critical
Where: From remote
Impact: Security Bypass
Released: 2008-04-28
Sun has acknowledged a vulnerability in Sun Java System Directory
Server, which can be exploited by malicious people to bypass certain
security restrictions.
Full Advisory:
http://secunia.com/advisories/29978/
--
[SA30052] ActualAnalyzer Lite "style" Local File Inclusion
Critical: Moderately critical
Where: From remote
Impact: Exposure of system information, Exposure of sensitive
information
Released: 2008-05-02
IRCRASH has discovered a vulnerability in ActualAnalyzer, which can be
exploited by malicious people to disclose sensitive information.
Full Advisory:
http://secunia.com/advisories/30052/
--
[SA30048] PHP Multiple Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Unknown, Security Bypass, DoS, System access
Released: 2008-05-02
Some vulnerabilities have been reported in PHP, where some have unknown
impacts and others can be exploited by malicious users to bypass certain
security restrictions, and potentially by malicious people to cause a
DoS (Denial of Service) or to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/30048/
--
[SA30046] vlbook Cross-Site Scripting and Local File Inclusion
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting, Exposure of system information,
Exposure of sensitive information
Released: 2008-05-02
IRCRASH has reported two vulnerabilities in vlbook, which can be
exploited by malicious people to conduct cross-site scripting attacks
or disclose sensitive information.
Full Advisory:
http://secunia.com/advisories/30046/
--
[SA30043] Robocode AWT Event Queue Security Bypass
Critical: Moderately critical
Where: From remote
Impact: Security Bypass
Released: 2008-05-02
A security issue has been reported in Robocode, which can be exploited
by malicious people to bypass certain security restrictions.
Full Advisory:
http://secunia.com/advisories/30043/
--
[SA30015] Project-Based Calendaring System File Disclosure
Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Exposure of system information, Exposure of sensitive
information
Released: 2008-05-01
GoLd_M has discovered some vulnerabilities in Project-Based Calendaring
System, which can be exploited by malicious people to disclose sensitive
information.
Full Advisory:
http://secunia.com/advisories/30015/
--
[SA29997] miniBB Cross-Site Scripting and SQL Injection
Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting, Manipulation of data
Released: 2008-04-28
__GiReX__ has reported some vulnerabilities in miniBB, which can be
exploited by malicious people to conduct cross-site scripting and SQL
injection attacks.
Full Advisory:
http://secunia.com/advisories/29997/
--
[SA29991] Joovili "category" SQL Injection Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2008-04-29
HaCkeR-EgY has reported a vulnerability in Joovili, which can be
exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/29991/
--
[SA29985] WebGUI Data Form List View Unspecified Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Unknown
Released: 2008-05-02
A vulnerability with an unknown impact has been reported in WebGUI.
Full Advisory:
http://secunia.com/advisories/29985/
--
[SA29983] Softbiz Web Host Directory Script "host_id" SQL Injection
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2008-04-30
M.Hasran Addahroni has reported a vulnerability in Softbiz Web Host
Directory Script, which can be exploited by malicious people to conduct
SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/29983/
--
[SA29981] Jokes Site Script "catagorie" SQL Injection Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2008-04-29
ProgenTR has reported a vulnerability in Jokes Site Script, which can
be exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/29981/
--
[SA30049] Mjguest "level" Cross-Site Scripting Vulnerability
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2008-05-02
IRCRASH has discovered a vulnerability in Mjguest, which can be
exploited by malicious people to conduct cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/30049/
--
[SA30002] Sugar Community Edition RSS Module Information Disclosure
Vulnerability
Critical: Less critical
Where: From remote
Impact: Exposure of system information, Exposure of sensitive
information
Released: 2008-04-29
Roberto Suggi Liverani has reported a vulnerability in Sugar Community
Edition, which can be exploited by malicious users to disclose
sensitive information.
Full Advisory:
http://secunia.com/advisories/30002/
--
[SA29993] XOOPS Various Bluemoon inc. Modules Cross-Site Scripting
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2008-04-28
Some vulnerabilities have been reported in various Bluemoon inc.
modules for XOOPS, which can be exploited by malicious people to
conduct cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/29993/
========================================================================
Secunia recommends that you verify all advisories you receive,
by clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only use
those supplied by the vendor.
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Subscribe:
http://secunia.com/secunia_weekly_summary/
Contact details:
Web : http://secunia.com/
E-mail : support@private
Tel : +45 70 20 51 44
Fax : +45 70 20 51 45
_______________________________________________
Attend Black Hat USA, August 2-7 in Las Vegas,
the world's premier technical event for ICT security experts.
Featuring 40 hands-on training courses and 80 Briefings
presentations with lots of new content and new tools.
Network with 4,000 delegates from 50 nations.
Visit product displays by 30 top sponsors in
a relaxed setting. http://www.blackhat.com
This archive was generated by hypermail 2.1.3 : Mon May 05 2008 - 00:59:15 PDT