========================================================================
The Secunia Weekly Advisory Summary
2008-06-05 - 2008-06-12
This week: 85 advisories
========================================================================
Table of Contents:
1.....................................................Word From Secunia
2....................................................This Week In Brief
3...............................This Weeks Top Ten Most Read Advisories
4.......................................Vulnerabilities Summary Listing
5.......................................Vulnerabilities Content Listing
========================================================================
1) Word From Secunia:
Try the Secunia Network Software Inspector (NSI) 2.0 for free! The
Secunia NSI 2.0 is available as a 7-day trial download and can be used
to scan up to 3 hosts within your network.
Download the Secunia NSI trial version from:
https://psi.secunia.com/NSISetup.exe
========================================================================
2) This Week in Brief:
Some vulnerabilities have been reported in Apple QuickTime, which can
be exploited by malicious people to compromise a user's system.
1) A boundary error when parsing packed scanlines from a PixData
structure in a PICT file can be exploited to cause a heap-based buffer
overflow via a specially crafted PICT file.
2) An error in the processing of AAC-encoded media content can be
exploited to cause a memory corruption via a specially crafted media
file.
3) A boundary error in the processing of PICT files can be exploited to
cause a heap-based buffer overflow via a specially crafted PICT file.
4) A boundary error in the processing of Indeo video codec content can
be exploited to cause a stack-based buffer overflow via a specially
crafted movie file with Indeo video codec content.
5) An error in the handling of "file:" URLs can be exploited to e.g.
execute arbitrary programs when playing specially crafted QuickTIme
content in QuickTime Player.
Successful exploitation of these vulnerabilities may allow execution of
arbitrary code.
For more information, refer to:
http://secunia.com/advisories/29293/
--
A vulnerability has been reported in OpenOffice, which can be exploited
by malicious people to compromise a user's system.
The vulnerability is caused due to an integer overflow error in
"rtl_allocateMemory()" and can be exploited to cause heap-based buffer
overflows via a specially crafted document.
Successful exploitation may allow execution of arbitrary code.
For more information, refer to:
http://secunia.com/advisories/30599/
--
Microsoft has released their monthly security bulletins for June,
fixing vulnerabilities in various Microsoft products.
For more information, refer to:
http://secunia.com/advisories/30587/
http://secunia.com/advisories/30586/
http://secunia.com/advisories/30584/
http://secunia.com/advisories/30579/
http://secunia.com/advisories/30578/
http://secunia.com/advisories/30575/
http://secunia.com/advisories/30051/
--
VIRUS ALERTS:
During the past week Secunia collected 209 virus descriptions from the
Antivirus vendors. However, none were deemed MEDIUM risk or higher
according to the Secunia assessment scale.
========================================================================
3) This Weeks Top Ten Most Read Advisories:
1. [SA29293] Apple QuickTime Multiple Vulnerabilities
2. [SA30575] Internet Explorer "substringData()" Memory Corruption
Vulnerability
3. [SA30599] OpenOffice "rtl_allocateMemory()" Integer Overflow
Vulnerability
4. [SA30556] VMware Products Multiple Vulnerabilities
5. [SA30620] Sun Solaris Firefox Multiple Vulnerabilities
6. [SA30135] Akamai Red Swoosh Client Cross-Site Request Forgery
7. [SA30621] Apache mod_proxy Interim Responses Denial of Service
8. [SA30612] Cisco Products SNMPv3 Two Vulnerabilities
9. [SA30539] Joomla EasyBook Component "gbid" SQL Injection
10. [SA30625] Logitech Desktop Messenger BackWeb ActiveX Control
Unspecified Buffer Overflows
========================================================================
4) Vulnerabilities Summary Listing
Windows:
[SA30625] Logitech Desktop Messenger BackWeb ActiveX Control
Unspecified Buffer Overflows
[SA30603] Black Ice Annotation SDK BiAnno Control "AnnoSaveToTiff()"
Buffer Overflow
[SA30598] BackWeb Lite Install Runner ActiveX Control Unspecified
Buffer Overflows
[SA30579] Microsoft DirectX MJPEG/SAMI File Processing Vulnerabilities
[SA30575] Internet Explorer "substringData()" Memory Corruption
Vulnerability
[SA30610] Pooya Site Builder SQL Injection Vulnerabilities
[SA30593] Todd Woolums ASP News Management Information Disclosure and
SQL Injection
[SA30583] Realm CMS Multiple Vulnerabilities
[SA30582] Real-Estate-Website Cross-Site Scripting and SQL Injection
[SA30576] Novell GroupWise Messenger Client Buffer Overflow
Vulnerabilities
[SA30569] JiRo's FAQ Manager eXperience "fID" SQL Injection
[SA30638] Citect Products ODBC Server Component Buffer Overflow
[SA30643] Absolute News Manager XE Multiple Vulnerabilities
[SA30641] Absolute Banner Manager XE Multiple Vulnerabilities
[SA30640] Absolute Form Processor XE Cross-Site Scripting
Vulnerabilities
[SA30623] Tornado Knowledge Retrieval System "p" Cross-Site Scripting
Vulnerability
[SA30617] DotNetNuke Cross-Site Scripting Vulnerabilities
[SA30609] Absolute Control Panel XE "name" Cross-Site Scripting
[SA30605] BitTorrent Web UI Malformed HTTP "Range" Header Denial of
Service
[SA30578] Microsoft Windows Speech Recognition Security Issue
[SA30559] ALFTP FTP Client Directory Download Directory Traversal
Vulnerability
[SA30587] Microsoft Windows Pragmatic General Multicast Denial of
Service
[SA30586] Microsoft Windows Active Directory LDAP Request Processing
Denial of Service
[SA30584] Microsoft Windows WINS Privilege Escalation Vulnerability
UNIX/Linux:
[SA30634] Fedora update for openoffice.org
[SA30620] Sun Solaris Firefox Multiple Vulnerabilities
[SA30581] SUSE Update for Multiple Packages
[SA30572] Gentoo update for imlib2
[SA30571] Ubuntu update for evolution
[SA30564] Fedora update for evolution
[SA30652] Sun Java Access Manager Unspecified Security Bypass
[SA30624] Red Hat update for perl
[SA30616] HP-UX update for Apache and Tomcat with PHP
[SA30591] Courier Authentication Library SQL Injection Vulnerability
[SA30590] Iconfidant SSH Denial of Service Vulnerabilities
[SA30644] rPath update for kernel
[SA30580] Linux Kernel ASN.1 BER Decoding Vulnerability
[SA30649] Fedora update for kronolith
[SA30592] Debian update for tomcat5.5
[SA30568] openwsman "Content-Length" Processing Vulnerability
[SA30563] Fedora update for snort
[SA30647] Fedora update for net-snmp
[SA30615] Red Hat update for net-snmp
[SA30596] Red Hat update for ucd-snmp
[SA30574] Net-SNMP HMAC Authentication Spoofing Vulnerability
[SA30637] Debian update for xorg-server
[SA30630] Red Hat update for xorg-x11-server
[SA30629] Red Hat update for XFree86
[SA30628] Red Hat update for XFree86
[SA30654] Sun Solaris UltraSPARC Kernel Module Local Denial of Service
[SA30653] Sun Solaris Event Port Local Denial of Service
Other:
[SA30612] Cisco Products SNMPv3 Two Vulnerabilities
[SA30648] Ingate Firewall and SIParator SNMP HMAC Spoofing
[SA30626] Juniper Networks Session and Resource Control Appliances SNMP
HMAC Spoofing
[SA30562] Linksys WRH54G Denial of Service Vulnerability
Cross Platform:
[SA30635] Sun StarOffice/StarSuite "rtl_allocateMemory()" Integer
Overflow
[SA30599] OpenOffice "rtl_allocateMemory()" Integer Overflow
Vulnerability
[SA30632] Drupal Magic Tabs Module Arbitrary PHP Code Execution
[SA30619] TYPO3 File Upload and Cross-Site Scripting Vulnerabilities
[SA30618] Drupal Aggregation Module Multiple Vulnerabilities
[SA30614] JAMM CMS "id" SQL Injection Vulnerability
[SA30611] net2ftp Unspecified Request Handling Vulnerability
[SA30607] yblog SQL Injection and Cross-Site Scripting
[SA30606] eFiction "list" SQL Injection Vulnerability
[SA30600] FreeType Multiple Vulnerabilities
[SA30597] Achievo Multiple File Extensions Vulnerability
[SA30595] TNTforum "modulo" Directory Traversal Vulnerability
[SA30589] Fujitsu Interstage Management Console Arbitrary File Access
[SA30577] Powie pNews "shownews" SQL Injection Vulnerability
[SA30570] Joomla GameQ Component "category_id" SQL Injection
[SA30567] Joomla yvComment Component "ArticleID" SQL Injection
[SA30566] Joomla Rapid Recipe Component "recipe_id" SQL Injection
[SA30561] e107 eChat Plugin "nick" SQL Injection
[SA30560] VLC Media Player GnuTLS and Libxml2 Vulnerabilities
[SA30650] Gallery Multiple Vulnerabilities
[SA30636] Opera Multiple Vulnerabilities
[SA30631] Drupal Taxonomy Image Module Cross-Site Scripting
Vulnerabilities
[SA30621] Apache mod_proxy Interim Responses Denial of Service
[SA30608] IPTBB "email" SQL Injection Vulnerability
[SA30604] GlassFish Administration Console Cross-Site Scripting
Vulnerability
[SA30602] SyndeoCMS File Disclosure and Cross-Site Scripting
[SA30594] NASM "ppscan()" Off-By-One Vulnerability
[SA30573] PHP Image Gallery "action" Cross-Site Scripting
Vulnerability
[SA30627] X.org X11 Multiple Vulnerabilities
[SA30622] Drupal Node Hierarchy Module Improper Access Check
========================================================================
5) Vulnerabilities Content Listing
Windows:--
[SA30625] Logitech Desktop Messenger BackWeb ActiveX Control
Unspecified Buffer Overflows
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2008-06-11
Will Dormann has reported some vulnerabilities in Logitech Desktop
Messenger, which can be exploited by malicious people to compromise a
user's system.
Full Advisory:
http://secunia.com/advisories/30625/
--
[SA30603] Black Ice Annotation SDK BiAnno Control "AnnoSaveToTiff()"
Buffer Overflow
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2008-06-11
shinnai has discovered a vulnerability in Black Ice Annotation SDK,
which can be exploited by malicious people to compromise a user's
system.
Full Advisory:
http://secunia.com/advisories/30603/
--
[SA30598] BackWeb Lite Install Runner ActiveX Control Unspecified
Buffer Overflows
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2008-06-11
Will Dormann has reported some vulnerabilities in BackWeb Lite Install
Runner ActiveX Control, which can be exploited by malicious people to
compromise a user's system.
Full Advisory:
http://secunia.com/advisories/30598/
--
[SA30579] Microsoft DirectX MJPEG/SAMI File Processing Vulnerabilities
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2008-06-10
Two vulnerabilities have been reported in Microsoft DirectX, which can
be exploited by malicious people to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/30579/
--
[SA30575] Internet Explorer "substringData()" Memory Corruption
Vulnerability
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2008-06-10
A vulnerability has been reported in Internet Explorer, which can be
exploited by malicious people to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/30575/
--
[SA30610] Pooya Site Builder SQL Injection Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2008-06-12
AmnPardaz Security Research Team has reported some vulnerabilities in
Pooya Site Builder, which can be exploited by malicious people to
conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/30610/
--
[SA30593] Todd Woolums ASP News Management Information Disclosure and
SQL Injection
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data, Exposure of sensitive information
Released: 2008-06-11
Some vulnerabilities have been discovered in Todd Woolums ASP News
Management, which can be exploited by malicious people to disclose
potentially sensitive information and conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/30593/
--
[SA30583] Realm CMS Multiple Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Security Bypass, Cross Site Scripting, Manipulation of
data, Exposure of system information
Released: 2008-06-10
AmnPardaz Security Research Team has reported some vulnerabilities in
Realm CMS, which can be exploited by malicious people to bypass certain
security restrictions, to disclose system information, or to conduct
cross-site scripting and SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/30583/
--
[SA30582] Real-Estate-Website Cross-Site Scripting and SQL Injection
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting, Manipulation of data
Released: 2008-06-10
JosS has reported some vulnerabilities in Real-Estate-Website, which
can be exploited by malicious people to conduct cross-site scripting
and SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/30582/
--
[SA30576] Novell GroupWise Messenger Client Buffer Overflow
Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2008-06-09
Some vulnerabilities have been reported in Novell GroupWise Messenger,
which can be exploited by malicious people to compromise a vulnerable
system.
Full Advisory:
http://secunia.com/advisories/30576/
--
[SA30569] JiRo's FAQ Manager eXperience "fID" SQL Injection
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2008-06-09
Underz0ne Crew have reported a vulnerability in JiRo's FAQ Manager
eXperience, which can be exploited by malicious people to conduct SQL
injection attacks.
Full Advisory:
http://secunia.com/advisories/30569/
--
[SA30638] Citect Products ODBC Server Component Buffer Overflow
Critical: Moderately critical
Where: From local network
Impact: DoS, System access
Released: 2008-06-12
Core Security Technologies has reported a vulnerability in CitectSCADA
and CitectFacilities, which can be exploited by malicious people to
cause a DoS (Denial of Service) or compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/30638/
--
[SA30643] Absolute News Manager XE Multiple Vulnerabilities
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting, Manipulation of data
Released: 2008-06-12
AmnPardaz Security Research Team has reported some vulnerabilities in
Absolute News Manager XE, which can be exploited by malicious people to
conduct cross-site scripting attacks and by malicious users to conduct
SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/30643/
--
[SA30641] Absolute Banner Manager XE Multiple Vulnerabilities
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting, Manipulation of data
Released: 2008-06-12
AmnPardaz Security Research Team has reported some vulnerabilities in
Absolute Banner Manager XE, which can be exploited by malicious people
to conduct cross-site scripting attacks and by malicious users to
conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/30641/
--
[SA30640] Absolute Form Processor XE Cross-Site Scripting
Vulnerabilities
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2008-06-12
AmnPardaz Security Research Team has reported some vulnerabilities in
Absolute Form Processor XE, which can be exploited by malicious people
to conduct cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/30640/
--
[SA30623] Tornado Knowledge Retrieval System "p" Cross-Site Scripting
Vulnerability
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2008-06-11
unohope has reported a vulnerability in Tornado Knowledge Retrieval
System, which can be exploited by malicious people to conduct
cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/30623/
--
[SA30617] DotNetNuke Cross-Site Scripting Vulnerabilities
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2008-06-12
Some vulnerabilities have been reported in DotNetNuke, which can be
exploited by malicious people to conduct cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/30617/
--
[SA30609] Absolute Control Panel XE "name" Cross-Site Scripting
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2008-06-12
AmnPardaz Security Research Team has reported a vulnerability in
Absolute Control Panel XE, which can be exploited by malicious people
to conduct cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/30609/
--
[SA30605] BitTorrent Web UI Malformed HTTP "Range" Header Denial of
Service
Critical: Less critical
Where: From remote
Impact: DoS
Released: 2008-06-11
Secunia Research has discovered a vulnerability in BitTorrent, which
can be exploited by malicious people to cause a DoS (Denial of
Service).
Full Advisory:
http://secunia.com/advisories/30605/
--
[SA30578] Microsoft Windows Speech Recognition Security Issue
Critical: Less critical
Where: From remote
Impact: System access
Released: 2008-06-10
A security issue has been reported in Microsoft Windows, which
potentially can be exploited by malicious people to compromise a user's
system.
Full Advisory:
http://secunia.com/advisories/30578/
--
[SA30559] ALFTP FTP Client Directory Download Directory Traversal
Vulnerability
Critical: Less critical
Where: From remote
Impact: System access
Released: 2008-06-06
Tan Chew Keong has reported a vulnerability in ALFTP FTP Client, which
can be exploited by malicious people to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/30559/
--
[SA30587] Microsoft Windows Pragmatic General Multicast Denial of
Service
Critical: Less critical
Where: From local network
Impact: DoS
Released: 2008-06-10
Two vulnerabilities have been reported in Microsoft Windows, which can
be exploited by malicious people to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/30587/
--
[SA30586] Microsoft Windows Active Directory LDAP Request Processing
Denial of Service
Critical: Less critical
Where: From local network
Impact: DoS
Released: 2008-06-10
A vulnerability has been reported in Microsoft Windows, which can be
exploited by malicious people or malicious users to cause a DoS (Denial
of Service).
Full Advisory:
http://secunia.com/advisories/30586/
--
[SA30584] Microsoft Windows WINS Privilege Escalation Vulnerability
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2008-06-10
A vulnerability has been reported in Microsoft Windows, which can be
exploited by malicious, local users to gain escalated privileges.
Full Advisory:
http://secunia.com/advisories/30584/
UNIX/Linux:--
[SA30634] Fedora update for openoffice.org
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2008-06-12
Fedora has issued an update for openoffice.org. This fixes a
vulnerability, which can be exploited by malicious people to compromise
a user's system.
Full Advisory:
http://secunia.com/advisories/30634/
--
[SA30620] Sun Solaris Firefox Multiple Vulnerabilities
Critical: Highly critical
Where: From remote
Impact: Security Bypass, Cross Site Scripting, Spoofing, Exposure
of sensitive information, DoS, System access
Released: 2008-06-11
Sun has acknowledged some vulnerabilities in Firefox included in Sun
Solaris, which can be exploited by malicious people to disclose
sensitive information, bypass certain security restrictions, conduct
spoofing, cross-site scripting, and phishing attacks, or to compromise
a user's system.
Full Advisory:
http://secunia.com/advisories/30620/
--
[SA30581] SUSE Update for Multiple Packages
Critical: Highly critical
Where: From remote
Impact: Spoofing, Exposure of sensitive information, Privilege
escalation, DoS, System access
Released: 2008-06-09
SUSE has issued an update for multiple packages. This fixes some
vulnerabilities, which can be exploited by malicious, local users to
disclose potentially sensitive information, malicious users to gain
escalated privileges, and malicious people to cause a DoS (Denial of
Service) or potentially compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/30581/
--
[SA30572] Gentoo update for imlib2
Critical: Highly critical
Where: From remote
Impact: DoS, System access
Released: 2008-06-09
Gentoo has issued an update for imlib2. This fixes some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service) or compromise an application using the
library.
Full Advisory:
http://secunia.com/advisories/30572/
--
[SA30571] Ubuntu update for evolution
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2008-06-09
Ubuntu has issued an update for evolution. This fixes some
vulnerabilities, which can be exploited by malicious people to
compromise a user's system.
Full Advisory:
http://secunia.com/advisories/30571/
--
[SA30564] Fedora update for evolution
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2008-06-06
Fedora has issued an update for evolution. This fixes some
vulnerabilities, which can be exploited by malicious people to
compromise a user's system.
Full Advisory:
http://secunia.com/advisories/30564/
--
[SA30652] Sun Java Access Manager Unspecified Security Bypass
Critical: Moderately critical
Where: From remote
Impact: Security Bypass
Released: 2008-06-12
A vulnerability has been reported in Sun Java Access Manager, which can
be exploited by malicious people to bypass certain security
restrictions.
Full Advisory:
http://secunia.com/advisories/30652/
--
[SA30624] Red Hat update for perl
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2008-06-12
Red Hat has issued an update for perl. This fixes a vulnerability,
which potentially can be exploited by malicious people to compromise a
vulnerable system.
Full Advisory:
http://secunia.com/advisories/30624/
--
[SA30616] HP-UX update for Apache and Tomcat with PHP
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2008-06-11
HP has issued an update for Apache and Tomcat with PHP. This fixes a
vulnerability, which can potentially be exploited by malicious people
to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/30616/
--
[SA30591] Courier Authentication Library SQL Injection Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2008-06-10
A vulnerability has been reported in the Courier Authentication
Library, which can be exploited by malicious people to conduct SQL
injection attacks.
Full Advisory:
http://secunia.com/advisories/30591/
--
[SA30590] Iconfidant SSH Denial of Service Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2008-06-10
Some vulnerabilities have been reported in Iconfidant SSH, which can be
exploited by malicious people to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/30590/
--
[SA30644] rPath update for kernel
Critical: Moderately critical
Where: From local network
Impact: DoS, System access
Released: 2008-06-12
rPath has issued an update for the kernel. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service) and potentially compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/30644/
--
[SA30580] Linux Kernel ASN.1 BER Decoding Vulnerability
Critical: Moderately critical
Where: From local network
Impact: DoS, System access
Released: 2008-06-09
A vulnerability has been reported in the Linux Kernel, which can be
exploited by malicious people to cause a DoS (Denial of Service) and
potentially compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/30580/
--
[SA30649] Fedora update for kronolith
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2008-06-12
Fedora has issued an update for kronolith. This fixes a vulnerability,
which can be exploited by malicious people to conduct cross-site
scripting attacks.
Full Advisory:
http://secunia.com/advisories/30649/
--
[SA30592] Debian update for tomcat5.5
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2008-06-10
Debian has issued an update for tomcat5.5. This fixes a vulnerability,
which can be exploited by malicious people to conduct cross-site
scripting attacks.
Full Advisory:
http://secunia.com/advisories/30592/
--
[SA30568] openwsman "Content-Length" Processing Vulnerability
Critical: Less critical
Where: From remote
Impact: Privilege escalation
Released: 2008-06-09
A vulnerability has been reported in openwsman, which can be exploited
by malicious users to gain escalated privileges.
Full Advisory:
http://secunia.com/advisories/30568/
--
[SA30563] Fedora update for snort
Critical: Less critical
Where: From remote
Impact: Security Bypass
Released: 2008-06-06
Fedora has issued an update for snort. This fixes a vulnerability,
which can be exploited by malicious people to bypass certain security
restrictions.
Full Advisory:
http://secunia.com/advisories/30563/
--
[SA30647] Fedora update for net-snmp
Critical: Less critical
Where: From local network
Impact: Spoofing, DoS, System access
Released: 2008-06-12
Fedora has issued an update for net-snmp. This fixes some
vulnerabilities, which can be exploited by malicious people to spoof
authenticated SNMPv3 packets and potentially compromise a vulnerable
system.
Full Advisory:
http://secunia.com/advisories/30647/
--
[SA30615] Red Hat update for net-snmp
Critical: Less critical
Where: From local network
Impact: Spoofing, DoS, System access
Released: 2008-06-11
Red Hat has issued an update for net-snmp. This fixes some
vulnerabilities, which can be exploited by malicious people to spoof
authenticated SNMPv3 packets and compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/30615/
--
[SA30596] Red Hat update for ucd-snmp
Critical: Less critical
Where: From local network
Impact: Spoofing
Released: 2008-06-10
Red Hat has issued an update for ucd-snmp. This fixes a vulnerability,
which can be exploited by malicious people to spoof authenticated
SNMPv3 packets.
Full Advisory:
http://secunia.com/advisories/30596/
--
[SA30574] Net-SNMP HMAC Authentication Spoofing Vulnerability
Critical: Less critical
Where: From local network
Impact: Spoofing
Released: 2008-06-10
A vulnerability has been reported in Net-SNMP, which can be exploited
by malicious people to spoof authenticated SNMPv3 packets.
Full Advisory:
http://secunia.com/advisories/30574/
--
[SA30637] Debian update for xorg-server
Critical: Less critical
Where: Local system
Impact: Exposure of sensitive information, Privilege escalation,
DoS
Released: 2008-06-12
Debian has issued an update for xorg-server. This fixes some
vulnerabilities, which can be exploited by malicious, local users to
cause a DoS (Denial of Service), disclose potentially sensitive
information, or to gain escalated privileges.
Full Advisory:
http://secunia.com/advisories/30637/
--
[SA30630] Red Hat update for xorg-x11-server
Critical: Less critical
Where: Local system
Impact: Exposure of sensitive information, Privilege escalation,
DoS
Released: 2008-06-12
Red Hat has issued an update for xorg-x11-server. This fixes some
vulnerabilities, which can be exploited by malicious, local users to
cause a DoS (Denial of Service), disclose potentially sensitive
information, or to gain escalated privileges.
Full Advisory:
http://secunia.com/advisories/30630/
--
[SA30629] Red Hat update for XFree86
Critical: Less critical
Where: Local system
Impact: Exposure of sensitive information, Privilege escalation,
DoS
Released: 2008-06-12
Red Hat has issued an update for XFree86. This fixes some
vulnerabilities, which can be exploited by malicious, local users to
cause a DoS (Denial of Service), disclose potentially sensitive
information, or to gain escalated privileges.
Full Advisory:
http://secunia.com/advisories/30629/
--
[SA30628] Red Hat update for XFree86
Critical: Less critical
Where: Local system
Impact: DoS, Privilege escalation, Exposure of sensitive
information
Released: 2008-06-12
Red Hat has issued an update for XFree86. This fixes some
vulnerabilities, which can be exploited by malicious, local users to
cause a DoS (Denial of Service), disclose potentially sensitive
information, or to gain escalated privileges.
Full Advisory:
http://secunia.com/advisories/30628/
--
[SA30654] Sun Solaris UltraSPARC Kernel Module Local Denial of Service
Critical: Not critical
Where: Local system
Impact: DoS
Released: 2008-06-12
A vulnerability has been reported in Solaris, which can be exploited by
malicious, local users to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/30654/
--
[SA30653] Sun Solaris Event Port Local Denial of Service
Critical: Not critical
Where: Local system
Impact: DoS
Released: 2008-06-12
A vulnerability has been reported in Sun Solaris, which can be
exploited by malicious, local users to cause a DoS (Denial of
Service).
Full Advisory:
http://secunia.com/advisories/30653/
Other:--
[SA30612] Cisco Products SNMPv3 Two Vulnerabilities
Critical: Moderately critical
Where: From local network
Impact: Spoofing
Released: 2008-06-11
Two vulnerabilities have been reported in various Cisco products, which
can be exploited by malicious people to spoof authenticated SNMPv3
packets.
Full Advisory:
http://secunia.com/advisories/30612/
--
[SA30648] Ingate Firewall and SIParator SNMP HMAC Spoofing
Critical: Less critical
Where: From local network
Impact: Exposure of system information, Exposure of sensitive
information
Released: 2008-06-12
Ingate has acknowledged a vulnerability in Ingate Firewall and
SIParator, which can be exploited by malicious people to spoof
authenticated SNMPv3 packets.
Full Advisory:
http://secunia.com/advisories/30648/
--
[SA30626] Juniper Networks Session and Resource Control Appliances SNMP
HMAC Spoofing
Critical: Less critical
Where: From local network
Impact: Spoofing
Released: 2008-06-11
A vulnerability has been reported in Juniper Networks Session and
Resource Control (SRC) appliances, which can be exploited by malicious
people to spoof authenticated SNMPv3 packets.
Full Advisory:
http://secunia.com/advisories/30626/
--
[SA30562] Linksys WRH54G Denial of Service Vulnerability
Critical: Less critical
Where: From local network
Impact: DoS
Released: 2008-06-10
A vulnerability has been reported in Linksys WRH54G, which can be
exploited by malicious people to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/30562/
Cross Platform:--
[SA30635] Sun StarOffice/StarSuite "rtl_allocateMemory()" Integer
Overflow
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2008-06-12
Sun has acknowledged a vulnerability in StarOffice/StarSuite, which can
be exploited by malicious people to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/30635/
--
[SA30599] OpenOffice "rtl_allocateMemory()" Integer Overflow
Vulnerability
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2008-06-10
A vulnerability has been reported in OpenOffice, which can be exploited
by malicious people to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/30599/
--
[SA30632] Drupal Magic Tabs Module Arbitrary PHP Code Execution
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2008-06-12
A vulnerability has been reported in the Magic Tabs module for Drupal,
which can be exploited by malicious users to compromise a vulnerable
system.
Full Advisory:
http://secunia.com/advisories/30632/
--
[SA30619] TYPO3 File Upload and Cross-Site Scripting Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting, System access
Released: 2008-06-11
Two vulnerabilities have been reported in TYPO3, which can be exploited
by malicious people to conduct cross-site scripting attacks, and by
malicious users to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/30619/
--
[SA30618] Drupal Aggregation Module Multiple Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Security Bypass, Cross Site Scripting, Manipulation of
data, System access
Released: 2008-06-12
Some vulnerabilities have been reported in the Aggregation module for
Drupal, which can be exploited by malicious people to bypass certain
security restrictions, conduct cross-site scripting attacks, SQL
injection attacks, and potentially compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/30618/
--
[SA30614] JAMM CMS "id" SQL Injection Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2008-06-12
h0yt3r has reported a vulnerability in JAMM CMS, which can be exploited
by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/30614/
--
[SA30611] net2ftp Unspecified Request Handling Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data, Exposure of sensitive information,
System access
Released: 2008-06-11
Tan Chew Keong has reported a vulnerability in net2ftp, which
potentially can be exploited by malicious people to disclose sensitive
information, delete certain files, and compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/30611/
--
[SA30607] yblog SQL Injection and Cross-Site Scripting
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting, Manipulation of data, Exposure of
sensitive information
Released: 2008-06-12
unohope has discovered some vulnerabilities in yblog, which can be
exploited by malicious people to conduct cross-site scripting and SQL
injection attacks.
Full Advisory:
http://secunia.com/advisories/30607/
--
[SA30606] eFiction "list" SQL Injection Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2008-06-12
Mr.SQL has discovered a vulnerability in eFiction, which can be
exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/30606/
--
[SA30600] FreeType Multiple Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2008-06-11
Some vulnerabilities have been reported in FreeType, which potentially
can be exploited by malicious people to compromise an application using
the library.
Full Advisory:
http://secunia.com/advisories/30600/
--
[SA30597] Achievo Multiple File Extensions Vulnerability
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2008-06-12
EgiX has discovered a vulnerability in Achievo, which can be exploited
by malicious people to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/30597/
--
[SA30595] TNTforum "modulo" Directory Traversal Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Exposure of system information, Exposure of sensitive
information
Released: 2008-06-11
A vulnerability has been discovered in TNTforum, which can be exploited
by malicious people to disclose sensitive information.
Full Advisory:
http://secunia.com/advisories/30595/
--
[SA30589] Fujitsu Interstage Management Console Arbitrary File Access
Critical: Moderately critical
Where: From remote
Impact: Security Bypass, Exposure of system information, Exposure
of sensitive information
Released: 2008-06-10
A vulnerability has been reported in various Fujitsu products, which
can be exploited by malicious people to bypass certain security
restrictions.
Full Advisory:
http://secunia.com/advisories/30589/
--
[SA30577] Powie pNews "shownews" SQL Injection Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data, Exposure of sensitive information
Released: 2008-06-10
Cr@zy_King has discovered a vulnerability in Powie pNews, which can be
exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/30577/
--
[SA30570] Joomla GameQ Component "category_id" SQL Injection
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data, Exposure of sensitive information
Released: 2008-06-09
His0k4 has discovered a vulnerability in the GameQ component for
Joomla!, which can be exploited by malicious people to conduct SQL
injection attacks.
Full Advisory:
http://secunia.com/advisories/30570/
--
[SA30567] Joomla yvComment Component "ArticleID" SQL Injection
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2008-06-09
His0k4 has discovered a vulnerability in the yvComment component for
Joomla!, which can be exploited by malicious people to conduct SQL
injection attacks.
Full Advisory:
http://secunia.com/advisories/30567/
--
[SA30566] Joomla Rapid Recipe Component "recipe_id" SQL Injection
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data, Exposure of sensitive information
Released: 2008-06-09
His0k4 has discovered a vulnerability in the Rapid Recipe component for
Joomla!, which can be exploited by malicious people to conduct SQL
injection attacks.
Full Advisory:
http://secunia.com/advisories/30566/
--
[SA30561] e107 eChat Plugin "nick" SQL Injection
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2008-06-06
hadihadi has discovered a vulnerability in the eChat plugin for e107,
which can be exploited by malicious people to conduct SQL injection
attacks.
Full Advisory:
http://secunia.com/advisories/30561/
--
[SA30560] VLC Media Player GnuTLS and Libxml2 Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2008-06-09
Some vulnerabilities have been reported in VLC Media Player, which
potentially can be exploited by malicious people to cause a DoS (Denial
of Service) or compromise a user's system.
Full Advisory:
http://secunia.com/advisories/30560/
--
[SA30650] Gallery Multiple Vulnerabilities
Critical: Less critical
Where: From remote
Impact: Security Bypass, Cross Site Scripting, Manipulation of
data, Exposure of system information, Exposure of sensitive
information
Released: 2008-06-12
Some vulnerabilities and a weakness have been reported in Gallery,
which can be exploited by malicious people to conduct cross-site
scripting attacks, disclose sensitive information, and manipulate
data.
Full Advisory:
http://secunia.com/advisories/30650/
--
[SA30636] Opera Multiple Vulnerabilities
Critical: Less critical
Where: From remote
Impact: Spoofing, Exposure of sensitive information
Released: 2008-06-12
Some vulnerabilities have been reported in Opera, which can be
exploited by malicious people to disclose potentially sensitive
information or to conduct spoofing attacks.
Full Advisory:
http://secunia.com/advisories/30636/
--
[SA30631] Drupal Taxonomy Image Module Cross-Site Scripting
Vulnerabilities
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2008-06-12
Some vulnerabilities have been reported in the Taxonomy Image module
for Drupal, which can be exploited by malicious people to conduct
cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/30631/
--
[SA30621] Apache mod_proxy Interim Responses Denial of Service
Critical: Less critical
Where: From remote
Impact: DoS
Released: 2008-06-11
A vulnerability has been reported in the Apache mod_proxy module, which
potentially can be exploited by malicious people to cause a DoS (Denial
of Service).
Full Advisory:
http://secunia.com/advisories/30621/
--
[SA30608] IPTBB "email" SQL Injection Vulnerability
Critical: Less critical
Where: From remote
Impact: Manipulation of data, Privilege escalation
Released: 2008-06-12
CWH Underground has discovered a vulnerability in IPTBB, which can be
exploited by malicious users to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/30608/
--
[SA30604] GlassFish Administration Console Cross-Site Scripting
Vulnerability
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2008-06-11
Eduardo Neves has discovered a vulnerability in GlassFish, which can be
exploited by malicious people to conduct cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/30604/
--
[SA30602] SyndeoCMS File Disclosure and Cross-Site Scripting
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting, Exposure of system information,
Exposure of sensitive information
Released: 2008-06-11
CWH Underground has discovered some vulnerabilities in SyndeoCMS, which
can be exploited by malicious people to conduct cross-site scripting
attacks, and by malicious users to disclose sensitive information.
Full Advisory:
http://secunia.com/advisories/30602/
--
[SA30594] NASM "ppscan()" Off-By-One Vulnerability
Critical: Less critical
Where: From remote
Impact: System access
Released: 2008-06-11
A vulnerability has been reported in NASM, which potentially can be
exploited by malicious people to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/30594/
--
[SA30573] PHP Image Gallery "action" Cross-Site Scripting
Vulnerability
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2008-06-10
Russ McRee has reported a vulnerability in PHP Image Gallery, which can
be exploited by malicious people to conduct cross-site scripting
attacks.
Full Advisory:
http://secunia.com/advisories/30573/
--
[SA30627] X.org X11 Multiple Vulnerabilities
Critical: Less critical
Where: Local system
Impact: Exposure of sensitive information, Privilege escalation,
DoS
Released: 2008-06-12
Some vulnerabilities have been reported in X.org X11, which can be
exploited by malicious, local users to cause a DoS (Denial of Service),
disclose potentially sensitive information, or to gain escalated
privileges.
Full Advisory:
http://secunia.com/advisories/30627/
--
[SA30622] Drupal Node Hierarchy Module Improper Access Check
Critical: Not critical
Where: From remote
Impact: Security Bypass
Released: 2008-06-12
A security issue has been reported in the Node Hierarchy module for
Drupal, which can be exploited by malicious users to bypass certain
security restrictions.
Full Advisory:
http://secunia.com/advisories/30622/
========================================================================
Secunia recommends that you verify all advisories you receive,
by clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only use
those supplied by the vendor.
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Subscribe:
http://secunia.com/secunia_weekly_summary/
Contact details:
Web : http://secunia.com/
E-mail : support@private
Tel : +45 70 20 51 44
Fax : +45 70 20 51 45
_______________________________________________
Attend Black Hat USA, August 2-7 in Las Vegas,
the world's premier technical event for ICT security experts.
Featuring 40 hands-on training courses and 80 Briefings
presentations with lots of new content and new tools.
Network with 4,000 delegates from 50 nations.
Visit product displays by 30 top sponsors in
a relaxed setting. http://www.blackhat.com
This archive was generated by hypermail 2.1.3 : Fri Jun 13 2008 - 00:07:41 PDT