========================================================================
The Secunia Weekly Advisory Summary
2008-06-12 - 2008-06-19
This week: 93 advisories
========================================================================
Table of Contents:
1.....................................................Word From Secunia
2....................................................This Week In Brief
3...............................This Weeks Top Ten Most Read Advisories
4.......................................Vulnerabilities Summary Listing
5.......................................Vulnerabilities Content Listing
========================================================================
1) Word From Secunia:
Try the Secunia Network Software Inspector (NSI) 2.0 for free! The
Secunia NSI 2.0 is available as a 7-day trial download and can be used
to scan up to 3 hosts within your network.
Download the Secunia NSI trial version from:
https://psi.secunia.com/NSISetup.exe
========================================================================
2) This Week in Brief:
A vulnerability has been reported in Mozilla Firefox, which can be
exploited by malicious people to compromise a vulnerable system.
The vulnerability is caused due to an unspecified error and can be
exploited to execute arbitrary code e.g. when a user visits a specially
crafted web page.
The vulnerability is reported in versions 3.0 and 2.0.x. Other versions
may also be affected.
For more information, refer to:
http://secunia.com/advisories/30761/
--
Some vulnerabilities have been discovered in Novell iPrint Client,
which can be exploited by malicious people to compromise a user's
system.
The vulnerabilities are caused due to boundary errors in the included
Novell iPrint ActiveX control (ienipp.ocx) when processing certain
parameter values ("operation", "printer-url", and "target-frame").
These can be exploited to cause stack-based buffer overflows via overly
long string values.
For more information, refer to:
http://secunia.com/advisories/30709/
--
VIRUS ALERTS:
During the past week Secunia collected 217 virus descriptions from the
Antivirus vendors. However, none were deemed MEDIUM risk or higher
according to the Secunia assessment scale.
========================================================================
3) This Weeks Top Ten Most Read Advisories:
1. [SA30636] Opera Multiple Vulnerabilities
2. [SA30627] X.org X11 Multiple Vulnerabilities
3. [SA30575] Internet Explorer "substringData()" Memory Corruption
Vulnerability
4. [SA29293] Apple QuickTime Multiple Vulnerabilities
5. [SA30599] OpenOffice "rtl_allocateMemory()" Integer Overflow
Vulnerability
6. [SA30761] Mozilla Firefox Unspecified Code Execution Vulnerability
7. [SA30654] Sun Solaris UltraSPARC Kernel Module Local Denial of
Service
8. [SA30652] Sun Java Access Manager Unspecified Security Bypass
9. [SA30653] Sun Solaris Event Port Local Denial of Service
10. [SA30637] Debian update for xorg-server
========================================================================
4) Vulnerabilities Summary Listing
Windows:
[SA30709] Novell iPrint Client ActiveX Control Parameter Handling
Vulnerabilities
[SA30696] muvee autoProducer DXTTextOutEffect "FontSetting" Property
Buffer Overflow
[SA30695] XChat "ircs" URI Handling Vulnerability
[SA30707] S.T.A.L.K.E.R.: Shadow of Chernobyl Long Nickname Denial of
Service
[SA30705] doITLive CMS Cross-Site Scripting and SQL Injection
Vulnerabilities
[SA30687] E-SMART CART "category_id" SQL Injection Vulnerability
[SA30681] Dana IRC Client Buffer Overflow Vulnerability
[SA30675] Crysis HTTP/XML-RPC Server Denial of Service
[SA30749] UltraEdit FTP/SFTP Browser Directory Download Directory
Traversal Vulnerability
[SA30745] ManageEngine OpUtils "hostName" Script Insertion
Vulnerability
[SA30739] SurgeMail IMAP Processing Denial of Service Vulnerability
[SA30725] Glub Tech Secure FTP Directory Download Directory Traversal
Vulnerability
[SA30706] Crysis Disconnect Packet Information Disclosure
[SA30753] BlueCoat WinProxy Deterministic Network Enhancer Privilege
Escalation
[SA30747] Cisco VPN Client Deterministic Network Enhancer Privilege
Escalation
[SA30744] SafeNet Products Deterministic Network Enhancer Privilege
Escalation
[SA30741] Symantec Altiris Notification Server Agent GUI Privilege
Escalation
[SA30728] Deterministic Network Enhancer Privilege Escalation
Vulnerability
[SA30714] No-IP Windows Dynamic Update Client Information Disclosure
UNIX/Linux:
[SA30736] Ubuntu update for samba
[SA30727] Debian update for imlib2
[SA30720] Red Hat update for openoffice.org
[SA30717] SUSE Update for Multiple Packages
[SA30716] SUSE update for evolution
[SA30702] Gentoo update for evolution
[SA30676] VMware ESX Server update for Tomcat and Java JRE
[SA30766] Sun Solaris FreeType Multiple Vulnerabilities
[SA30740] Fedora update for freetype
[SA30735] Fedora update for roundcubemail
[SA30718] Avaya CMS Solaris "inet_network()" Off-By-One Vulnerability
[SA30713] Gentoo update for rdesktop
[SA30701] Gentoo update for cbrpager
[SA30694] Sun Java System Calendar Server Denial of Service
[SA30660] Debian update for typo3
[SA30661] Debian update for mt-daapd
[SA30658] Fedora update for kernel
[SA30765] CGIWrap Error Message Charset Cross-Site Scripting
Vulnerability
[SA30742] Fetchmail Large Header Processing Denial of Service
[SA30682] SUSE update for opera
[SA30719] Linux Kernel "pppol2tp_recvmsg()" Memory Corruption
Vulnerability
[SA30700] Sun Solaris e1000g Gigabit Ethernet Driver Denial of Service
[SA30665] Sun Solaris SNMPv3 Authentication Bypass
[SA30715] SUSE update for xorg-x11 and XFree86
[SA30693] Sun Solaris IP Multicast Filter Privilege Escalation
[SA30671] Sun Solaris X Server Extensions Multiple Vulnerabilities
[SA30666] Debian update for xorg-server
[SA30664] Ubuntu update for xorg-server
[SA30659] Fedora update for xorg-x11-server
Other:
[SA30767] Cisco Intrusion Prevention System Jumbo Frames Denial of
Service
[SA30732] IBM HMC Apache Multiple Vulnerabilities
[SA30670] Xerox WorkCenter Web Services Unspecified Unauthorized
Access
[SA30669] Xerox WorkCentre Web Server Unspecified Script Insertion
Cross Platform:
[SA30761] Mozilla Firefox Unspecified Code Execution Vulnerability
[SA30683] Contenido Cross-Site Scripting and File Inclusion
Vulnerabilities
[SA30674] EZCMS "page" SQL Injection and Security Bypass
Vulnerabilities
[SA30764] Drupal TrailScout Module Cross-Site Scripting and SQL
Injection Vulnerabilities
[SA30759] OFFSystem HTTP Headers Processing Buffer Overflows
[SA30743] BoatScripts Classifieds "type" SQL Injection Vulnerability
[SA30738] Carscripts Classifieds "cat" SQL Injection Vulnerability
[SA30734] RoundCube Webmail Script Insertion Vulnerability
[SA30733] vBulletin Cross-Site Scripting Vulnerability
[SA30731] Vim Shell Command Injection Vulnerabilities
[SA30729] Comparison Engine Power "id" SQL Injection
[SA30726] Easy Webstore "cat_path" SQL Injection Vulnerability
[SA30724] MyBizz-Classifieds "cat" SQL Injection Vulnerability
[SA30723] eroCMS "site" SQL Injection Vulnerability
[SA30722] Maxtrade AIO "categori" SQL Injection Vulnerability
[SA30711] Exero CMS "theme" Local File Inclusion Vulnerabilities
[SA30699] Clever Copy "searchtype" SQL Injection Vulnerability
[SA30692] MyMarket "id" SQL Injection Vulnerability
[SA30691] Open Azimyt CMS "lang" Local File Inclusion
[SA30690] WebChamado SQL Injection Vulnerabilities
[SA30689] Pre ADS Portal SQL Injection Vulnerabilities
[SA30688] gllcTS2 SQL Injection Vulnerabilities
[SA30686] PHP JOBWEBSITE PRO "JobSearch3.php" SQL Injection
[SA30685] Mambo "includes/Cache/Lite/Output.php" File Inclusion
[SA30684] Pre Job Board "JobSearch3.php" SQL Injection Vulnerabilities
[SA30679] PHPMyCart "cat" SQL Injection Vulnerability
[SA30678] WallCity-Server Shoutcast Admin Panel Multiple
Vulnerabilities
[SA30677] Cartweaver "prodId" SQL Injection Vulnerability
[SA30673] easyTrade "id" SQL Injection Vulnerability
[SA30672] AlstraSoft AskMe Pro SQL Injection Vulnerabilities
[SA30668] Skulltag Packet Parsing Denial of Service
[SA30657] ClamAV Petite Processing Denial of Service Vulnerability
[SA30758] DekiWiki Search Cross-Site Scripting Vulnerability
[SA30750] OpenDocMan Cross-Site Scripting Vulnerabilities
[SA30748] Novell eDirectory iMonitor Error Message Cross-Site
Scripting
[SA30746] Adobe Flex 3 History Management Cross-Site Scripting
Vulnerability
[SA30704] Turba Contact View Script Insertion Vulnerability
[SA30698] MediaWiki WikiHiero Extension Cross-Site Scripting
Vulnerabilities
[SA30697] Horde Products Cross-Site Scripting and Script Insertion
[SA30680] Family Connections Multiple SQL Injection Vulnerabilities
[SA30662] Lyris ListManager "words" Cross-Site Scripting Vulnerability
========================================================================
5) Vulnerabilities Content Listing
Windows:--
[SA30709] Novell iPrint Client ActiveX Control Parameter Handling
Vulnerabilities
Critical: Highly critical
Where: From remote
Impact: Unknown, System access
Released: 2008-06-16
Some vulnerabilities have been discovered in Novell iPrint Client,
which can be exploited by malicious people to compromise a user's
system.
Full Advisory:
http://secunia.com/advisories/30709/
--
[SA30696] muvee autoProducer DXTTextOutEffect "FontSetting" Property
Buffer Overflow
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2008-06-16
Nine:Situations:Group::Trotzkista has discovered a vulnerability in
muvee autoProducer, which can be exploited by malicious people to
compromise a user's system.
Full Advisory:
http://secunia.com/advisories/30696/
--
[SA30695] XChat "ircs" URI Handling Vulnerability
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2008-06-16
securfrog has discovered a vulnerability in XChat, which can be
exploited by malicious people to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/30695/
--
[SA30707] S.T.A.L.K.E.R.: Shadow of Chernobyl Long Nickname Denial of
Service
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2008-06-19
Luigi Auriemma has reported a vulnerability in S.T.A.L.K.E.R.: Shadow
of Chernobyl, which can be exploited by malicious people to cause a DoS
(Denial of Service).
Full Advisory:
http://secunia.com/advisories/30707/
--
[SA30705] doITLive CMS Cross-Site Scripting and SQL Injection
Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting, Manipulation of data
Released: 2008-06-19
AmnPardaz Security Research Team has reported a vulnerability in
doITLive CMS, which can be exploited by malicious people to conduct
cross-site scripting and SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/30705/
--
[SA30687] E-SMART CART "category_id" SQL Injection Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2008-06-16
JosS has reported a vulnerability in E-SMART CART, which can be
exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/30687/
--
[SA30681] Dana IRC Client Buffer Overflow Vulnerability
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2008-06-16
t0pP8uZz has discovered a vulnerability in the Dana IRC client, which
potentially can be exploited by malicious people to compromise a user's
system.
Full Advisory:
http://secunia.com/advisories/30681/
--
[SA30675] Crysis HTTP/XML-RPC Server Denial of Service
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2008-06-17
Luigi Auriemma has reported a vulnerability in Crysis, which can be
exploited by malicious people to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/30675/
--
[SA30749] UltraEdit FTP/SFTP Browser Directory Download Directory
Traversal Vulnerability
Critical: Less critical
Where: From remote
Impact: System access
Released: 2008-06-18
Tan Chew Keong has reported a vulnerability in UltraEdit, which can be
exploited by malicious people to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/30749/
--
[SA30745] ManageEngine OpUtils "hostName" Script Insertion
Vulnerability
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2008-06-18
Jason Rhodes has discovered a vulnerability in ManageEngine OpUtils,
which can be exploited by malicious users to conduct script insertion
attacks.
Full Advisory:
http://secunia.com/advisories/30745/
--
[SA30739] SurgeMail IMAP Processing Denial of Service Vulnerability
Critical: Less critical
Where: From remote
Impact: DoS
Released: 2008-06-19
A vulnerability has been reported in SurgeMail, which can be exploited
by malicious users to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/30739/
--
[SA30725] Glub Tech Secure FTP Directory Download Directory Traversal
Vulnerability
Critical: Less critical
Where: From remote
Impact: System access
Released: 2008-06-16
Tan Chew Keong has reported a vulnerability in Glub Tech Secure FTP,
which can be exploited by malicious people to compromise a user's
system.
Full Advisory:
http://secunia.com/advisories/30725/
--
[SA30706] Crysis Disconnect Packet Information Disclosure
Critical: Less critical
Where: From remote
Impact: Exposure of system information, Exposure of sensitive
information
Released: 2008-06-16
Luigi Auriemma has reported a security issue in Crysis, which can be
exploited by malicious people to disclose potentially sensitive
information.
Full Advisory:
http://secunia.com/advisories/30706/
--
[SA30753] BlueCoat WinProxy Deterministic Network Enhancer Privilege
Escalation
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2008-06-18
mu-b has reported a vulnerability in BlueCoat WinProxy, which can be
exploited by malicious, local users to gain escalated privileges.
Full Advisory:
http://secunia.com/advisories/30753/
--
[SA30747] Cisco VPN Client Deterministic Network Enhancer Privilege
Escalation
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2008-06-18
mu-b has reported a vulnerability in Cisco VPN Client, which can be
exploited by malicious, local users to gain escalated privileges.
Full Advisory:
http://secunia.com/advisories/30747/
--
[SA30744] SafeNet Products Deterministic Network Enhancer Privilege
Escalation
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2008-06-18
mu-b has reported a vulnerability in SafeNet products, which can be
exploited by malicious, local users to gain escalated privileges.
Full Advisory:
http://secunia.com/advisories/30744/
--
[SA30741] Symantec Altiris Notification Server Agent GUI Privilege
Escalation
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2008-06-18
A vulnerability has been reported in Symantec Altiris Notification
Server, which can be exploited by malicious, local users to gain
escalated privileges.
Full Advisory:
http://secunia.com/advisories/30741/
--
[SA30728] Deterministic Network Enhancer Privilege Escalation
Vulnerability
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2008-06-18
mu-b has reported a vulnerability in Deterministic Network Enhancer,
which can be exploited by malicious, local users to gain escalated
privileges.
Full Advisory:
http://secunia.com/advisories/30728/
--
[SA30714] No-IP Windows Dynamic Update Client Information Disclosure
Critical: Less critical
Where: Local system
Impact: Exposure of sensitive information
Released: 2008-06-17
Charalambous Glafkos and George Nicolaou have discovered a security
issue in No-IP Windows Dynamic Update Client (DUC), which can be
exploited by malicious, local users to disclose sensitive information.
Full Advisory:
http://secunia.com/advisories/30714/
UNIX/Linux:--
[SA30736] Ubuntu update for samba
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2008-06-18
Ubuntu has issued an update for samba. This fixes some vulnerabilities,
which can be exploited by malicious people to compromise a vulnerable
system.
Full Advisory:
http://secunia.com/advisories/30736/
--
[SA30727] Debian update for imlib2
Critical: Highly critical
Where: From remote
Impact: DoS, System access
Released: 2008-06-16
Debian has issued an update for imlib2. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service) and compromise an application using the library.
Full Advisory:
http://secunia.com/advisories/30727/
--
[SA30720] Red Hat update for openoffice.org
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2008-06-16
Red Hat has issued an update for openoffice.org. This fixes a
vulnerability, which can be exploited by malicious people to compromise
a user's system.
Full Advisory:
http://secunia.com/advisories/30720/
--
[SA30717] SUSE Update for Multiple Packages
Critical: Highly critical
Where: From remote
Impact: Security Bypass, DoS, System access
Released: 2008-06-16
SUSE has issued an update for multiple packages. This fixes some
vulnerabilities, which can be exploited by malicious, local users to
bypass certain security restrictions and malicious people to cause a
DoS (Denial of Service) or compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/30717/
--
[SA30716] SUSE update for evolution
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2008-06-16
SUSE has issued an update for evolution. This fixes a two
vulnerabilities, which can be exploited by malicious people to
compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/30716/
--
[SA30702] Gentoo update for evolution
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2008-06-17
Gentoo has issued an update for evolution. This fixes some
vulnerabilities, which can be exploited by malicious people to
compromise a user's system.
Full Advisory:
http://secunia.com/advisories/30702/
--
[SA30676] VMware ESX Server update for Tomcat and Java JRE
Critical: Highly critical
Where: From remote
Impact: Security Bypass, Manipulation of data, Exposure of system
information, Exposure of sensitive information, DoS, System access
Released: 2008-06-17
VMware has issued an update for VMware ESX Server. This fixes some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service), bypass certain security restrictions,
manipulate data, disclose sensitive/system information, or potentially
compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/30676/
--
[SA30766] Sun Solaris FreeType Multiple Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2008-06-19
Sun has acknowledged some vulnerabilities in Solaris, which can
potentially can be exploited by malicious people to compromise an
application using the libfreetype library.
Full Advisory:
http://secunia.com/advisories/30766/
--
[SA30740] Fedora update for freetype
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2008-06-18
Fedora has issued an update for freetype. This fixes some
vulnerabilities, which potentially can be exploited by malicious people
to compromise an application using the library.
Full Advisory:
http://secunia.com/advisories/30740/
--
[SA30735] Fedora update for roundcubemail
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting
Released: 2008-06-16
Fedora has issued an update for roundcubemail. This fixes a
vulnerability, which can be exploited by malicious people to conduct
script insertion attacks.
Full Advisory:
http://secunia.com/advisories/30735/
--
[SA30718] Avaya CMS Solaris "inet_network()" Off-By-One Vulnerability
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2008-06-16
Avaya has acknowledged a vulnerability in Avaya CMS, which can be
exploited by malicious people to cause a DoS (Denial of Service) or to
potentially compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/30718/
--
[SA30713] Gentoo update for rdesktop
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2008-06-16
Gentoo has issued an update for rdesktop. This fixes some
vulnerabilities, which can be exploited by malicious people to
compromise a user's system.
Full Advisory:
http://secunia.com/advisories/30713/
--
[SA30701] Gentoo update for cbrpager
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2008-06-17
Gentoo has issued an update for cbrpager. This fixes a vulnerability,
which can be exploited by malicious people to compromise a user's
system.
Full Advisory:
http://secunia.com/advisories/30701/
--
[SA30694] Sun Java System Calendar Server Denial of Service
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2008-06-17
A vulnerability has been reported in Sun Java System Calendar Server,
which can be exploited by malicious people to cause a DoS (Denial of
Service).
Full Advisory:
http://secunia.com/advisories/30694/
--
[SA30660] Debian update for typo3
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting, System access
Released: 2008-06-13
Debian has issued an update for typo3. This fixes some vulnerabilities,
which can be exploited by malicious people to conduct cross-site
scripting attacks, and by malicious users to compromise a vulnerable
system.
Full Advisory:
http://secunia.com/advisories/30660/
--
[SA30661] Debian update for mt-daapd
Critical: Moderately critical
Where: From local network
Impact: DoS, System access
Released: 2008-06-13
Debian has issued an update for mt-daapd. This fixes some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service) or to potentially compromise a vulnerable
system.
Full Advisory:
http://secunia.com/advisories/30661/
--
[SA30658] Fedora update for kernel
Critical: Moderately critical
Where: From local network
Impact: DoS, System access
Released: 2008-06-13
Fedora has issued an update for the kernel. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service) and potentially compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/30658/
--
[SA30765] CGIWrap Error Message Charset Cross-Site Scripting
Vulnerability
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2008-06-19
A vulnerability has been reported in CGIWrap, which can be exploited by
malicious people to conduct cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/30765/
--
[SA30742] Fetchmail Large Header Processing Denial of Service
Critical: Less critical
Where: From remote
Impact: DoS
Released: 2008-06-18
A vulnerability has been reported in Fetchmail, which can be exploited
by malicious people to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/30742/
--
[SA30682] SUSE update for opera
Critical: Less critical
Where: From remote
Impact: Spoofing, Exposure of sensitive information
Released: 2008-06-19
SUSE has issued an update for opera. This fixes some vulnerabilities,
which can be exploited by malicious people to disclose potentially
sensitive information or to conduct spoofing attacks.
Full Advisory:
http://secunia.com/advisories/30682/
--
[SA30719] Linux Kernel "pppol2tp_recvmsg()" Memory Corruption
Vulnerability
Critical: Less critical
Where: From local network
Impact: DoS
Released: 2008-06-16
A vulnerability has been reported in the Linux Kernel, which
potentially can be exploited by malicious people to cause a DoS (Denial
of Service).
Full Advisory:
http://secunia.com/advisories/30719/
--
[SA30700] Sun Solaris e1000g Gigabit Ethernet Driver Denial of Service
Critical: Less critical
Where: From local network
Impact: DoS
Released: 2008-06-16
A vulnerability has been reported in Sun Solaris, which can be
exploited by malicious people to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/30700/
--
[SA30665] Sun Solaris SNMPv3 Authentication Bypass
Critical: Less critical
Where: From local network
Impact: Security Bypass
Released: 2008-06-16
Sun has acknowledged a vulnerability in Solaris, which can be exploited
by malicious people to spoof authenticated SNMPv3 packets.
Full Advisory:
http://secunia.com/advisories/30665/
--
[SA30715] SUSE update for xorg-x11 and XFree86
Critical: Less critical
Where: Local system
Impact: Security Bypass, Exposure of sensitive information,
Privilege escalation, DoS
Released: 2008-06-16
SUSE has issued an update for xorg-x11 and XFree86. This fixes a
security issue and some vulnerabilities, which can be exploited by
malicious people with physical access to a system to bypass certain
security restrictions and by malicious local users to cause a DoS
(Denial of Service), disclose potentially sensitive information, or to
gain escalated privileges.
Full Advisory:
http://secunia.com/advisories/30715/
--
[SA30693] Sun Solaris IP Multicast Filter Privilege Escalation
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2008-06-16
Tobias Klein has reported a vulnerability in Sun Solaris, which
potentially can be exploited by malicious, local users to gain
escalated privileges.
Full Advisory:
http://secunia.com/advisories/30693/
--
[SA30671] Sun Solaris X Server Extensions Multiple Vulnerabilities
Critical: Less critical
Where: Local system
Impact: Exposure of sensitive information, Privilege escalation,
DoS
Released: 2008-06-16
Sun has acknowledged multiple vulnerabilities in Solaris, which can be
exploited by malicious, local users to cause a DoS (Denial of Service),
disclose potentially sensitive information, or to gain escalated
privileges.
Full Advisory:
http://secunia.com/advisories/30671/
--
[SA30666] Debian update for xorg-server
Critical: Less critical
Where: Local system
Impact: Exposure of sensitive information, Privilege escalation,
DoS
Released: 2008-06-13
Debian has issued an update for xorg-server. This fixes some
vulnerabilities, which can be exploited by malicious, local users to
cause a DoS (Denial of Service), disclose potentially sensitive
information, or to gain escalated privileges.
Full Advisory:
http://secunia.com/advisories/30666/
--
[SA30664] Ubuntu update for xorg-server
Critical: Less critical
Where: Local system
Impact: Exposure of sensitive information, Privilege escalation,
DoS
Released: 2008-06-13
Ubuntu has issued an update for xorg-server. This fixes some
vulnerabilities, which can be exploited by malicious, local users to
cause a DoS (Denial of Service), disclose potentially sensitive
information, or to gain escalated privileges.
Full Advisory:
http://secunia.com/advisories/30664/
--
[SA30659] Fedora update for xorg-x11-server
Critical: Less critical
Where: Local system
Impact: Exposure of sensitive information, Privilege escalation,
DoS
Released: 2008-06-13
Fedora has issued an update for xorg-x11-server. This fixes some
vulnerabilities, which can be exploited by malicious, local users to
cause a DoS (Denial of Service), disclose potentially sensitive
information, or to gain escalated privileges.
Full Advisory:
http://secunia.com/advisories/30659/
Other:--
[SA30767] Cisco Intrusion Prevention System Jumbo Frames Denial of
Service
Critical: Moderately critical
Where: From remote
Impact: Security Bypass, DoS
Released: 2008-06-19
A vulnerability has been reported in Cisco Intrusion Prevention System,
which can be exploited by malicious people to cause a DoS (Denial of
Service) or bypass certain security restrictions.
Full Advisory:
http://secunia.com/advisories/30767/
--
[SA30732] IBM HMC Apache Multiple Vulnerabilities
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2008-06-18
IBM has acknowledged some vulnerabilities in IBM HMC, which can be
exploited by malicious people to conduct cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/30732/
--
[SA30670] Xerox WorkCenter Web Services Unspecified Unauthorized
Access
Critical: Less critical
Where: From local network
Impact: Security Bypass, Manipulation of data
Released: 2008-06-13
A vulnerability has been reported in Xerox WorkCentre, which can be
exploited by malicious people to bypass certain security restrictions.
Full Advisory:
http://secunia.com/advisories/30670/
--
[SA30669] Xerox WorkCentre Web Server Unspecified Script Insertion
Critical: Less critical
Where: From local network
Impact: Cross Site Scripting
Released: 2008-06-13
A vulnerability has been reported in Xerox WorkCentre, which can be
exploited by malicious people to conduct script insertion attacks.
Full Advisory:
http://secunia.com/advisories/30669/
Cross Platform:--
[SA30761] Mozilla Firefox Unspecified Code Execution Vulnerability
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2008-06-19
A vulnerability has been reported in Mozilla Firefox, which can be
exploited by malicious people to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/30761/
--
[SA30683] Contenido Cross-Site Scripting and File Inclusion
Vulnerabilities
Critical: Highly critical
Where: From remote
Impact: Cross Site Scripting, Exposure of system information,
Exposure of sensitive information, System access
Released: 2008-06-16
RoMaNcYxHaCkEr has discovered some vulnerabilities in Contenido, which
can be exploited by malicious people to conduct cross-site scripting
attacks, disclose sensitive information, or compromise a vulnerable
system.
Full Advisory:
http://secunia.com/advisories/30683/
--
[SA30674] EZCMS "page" SQL Injection and Security Bypass
Vulnerabilities
Critical: Highly critical
Where: From remote
Impact: Security Bypass, Manipulation of data
Released: 2008-06-16
Some vulnerabilities have been reported in EZCMS, which can be
exploited by malicious people to conduct SQL injection attacks and
bypass certain security restrictions.
Full Advisory:
http://secunia.com/advisories/30674/
--
[SA30764] Drupal TrailScout Module Cross-Site Scripting and SQL
Injection Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting, Manipulation of data
Released: 2008-06-19
Some vulnerabilities have been reported in the TrailScout Module for
Drupal, which can be exploited by malicious users to conduct script
insertion attacks and malicious people to conduct SQL injection
attacks.
Full Advisory:
http://secunia.com/advisories/30764/
--
[SA30759] OFFSystem HTTP Headers Processing Buffer Overflows
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2008-06-19
Some vulnerabilities have been reported in OFFSystem, which potentially
can be exploited by malicious people to cause a DoS (Denial of Service)
or compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/30759/
--
[SA30743] BoatScripts Classifieds "type" SQL Injection Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2008-06-19
Stack has reported a vulnerability in BoatScripts Classifieds, which
can be exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/30743/
--
[SA30738] Carscripts Classifieds "cat" SQL Injection Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2008-06-19
Stack has reported a vulnerability in Carscripts Classifieds, which can
be exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/30738/
--
[SA30734] RoundCube Webmail Script Insertion Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting
Released: 2008-06-16
A vulnerability has been reported in RoundCube Webmail, which can be
exploited by malicious people to conduct script insertion attacks.
Full Advisory:
http://secunia.com/advisories/30734/
--
[SA30733] vBulletin Cross-Site Scripting Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting
Released: 2008-06-16
A vulnerability has been reported in vBulletin, which can be exploited
by malicious people to conduct cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/30733/
--
[SA30731] Vim Shell Command Injection Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2008-06-16
Jan Minar has reported some vulnerabilities in Vim, which can be
exploited by malicious people to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/30731/
--
[SA30729] Comparison Engine Power "id" SQL Injection
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2008-06-18
Mr.SQL has reported a vulnerability in Comparison Engine Power, which
can be exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/30729/
--
[SA30726] Easy Webstore "cat_path" SQL Injection Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2008-06-19
Mr.SQL has reported a vulnerability in Easy Webstore, which can be
exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/30726/
--
[SA30724] MyBizz-Classifieds "cat" SQL Injection Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2008-06-19
HaCker_Egy has reported a vulnerability in MyBizz-Classifieds, which
can be exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/30724/
--
[SA30723] eroCMS "site" SQL Injection Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2008-06-18
Mr.SQL has reported a vulnerability in eroCMS, which can be exploited
by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/30723/
--
[SA30722] Maxtrade AIO "categori" SQL Injection Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data, Exposure of sensitive information
Released: 2008-06-19
HaCker_Egy has reported a vulnerability in Maxtrade AIO, which can be
exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/30722/
--
[SA30711] Exero CMS "theme" Local File Inclusion Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Exposure of system information, Exposure of sensitive
information
Released: 2008-06-18
Some vulnerabilities have been reported in Exero CMS, which can be
exploited by malicious people to disclose sensitive information.
Full Advisory:
http://secunia.com/advisories/30711/
--
[SA30699] Clever Copy "searchtype" SQL Injection Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data, Exposure of sensitive information
Released: 2008-06-16
h0yt3r has discovered a vulnerability in Clever Copy, which can be
exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/30699/
--
[SA30692] MyMarket "id" SQL Injection Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2008-06-17
h0yt3r has discovered a vulnerability in MyMarket, which can be
exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/30692/
--
[SA30691] Open Azimyt CMS "lang" Local File Inclusion
Critical: Moderately critical
Where: From remote
Impact: Exposure of system information, Exposure of sensitive
information
Released: 2008-06-18
Digital Security Research Group have reported a vulnerability in Open
Azimyt CMS, which can be exploited by malicious people to disclose
sensitive information.
Full Advisory:
http://secunia.com/advisories/30691/
--
[SA30690] WebChamado SQL Injection Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2008-06-16
Some vulnerabilities have been reported in WebChamado, which can be
exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/30690/
--
[SA30689] Pre ADS Portal SQL Injection Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2008-06-16
M.Hasran Addahroni has reported a vulnerability in Pre ADS Portal,
which can be exploited by malicious people to conduct SQL injection
attacks.
Full Advisory:
http://secunia.com/advisories/30689/
--
[SA30688] gllcTS2 SQL Injection Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2008-06-16
Some vulnerabilities have been reported in gllcTS2, which can be
exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/30688/
--
[SA30686] PHP JOBWEBSITE PRO "JobSearch3.php" SQL Injection
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2008-06-16
Two vulnerabilities have been reported in PHP JOBWEBSITE PRO, which can
be exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/30686/
--
[SA30685] Mambo "includes/Cache/Lite/Output.php" File Inclusion
Critical: Moderately critical
Where: From remote
Impact: Exposure of system information, Exposure of sensitive
information, System access
Released: 2008-06-16
irk4z has discovered a vulnerability in Mambo, which can be exploited
by malicious people to disclose sensitive information and compromise a
vulnerable system.
Full Advisory:
http://secunia.com/advisories/30685/
--
[SA30684] Pre Job Board "JobSearch3.php" SQL Injection Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2008-06-16
JosS has reported a vulnerability in Pre Job Board, which can be
exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/30684/
--
[SA30679] PHPMyCart "cat" SQL Injection Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2008-06-16
h0yt3r has reported a vulnerability in PHPMyCart, which can be
exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/30679/
--
[SA30678] WallCity-Server Shoutcast Admin Panel Multiple
Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting, Exposure of system information,
Exposure of sensitive information
Released: 2008-06-16
Some vulnerabilities have been discovered in Shoutcast Admin Panel,
which can be exploited by malicious people to conduct cross-site
scripting attacks or to disclose sensitive information.
Full Advisory:
http://secunia.com/advisories/30678/
--
[SA30677] Cartweaver "prodId" SQL Injection Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2008-06-16
h0yt3r has reported a vulnerability in Cartweaver, which can be
exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/30677/
--
[SA30673] easyTrade "id" SQL Injection Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2008-06-18
A vulnerability has been reported in easyTrade, which can be exploited
by malicious people to conduct SQL injection attacks
Full Advisory:
http://secunia.com/advisories/30673/
--
[SA30672] AlstraSoft AskMe Pro SQL Injection Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Exposure of sensitive information, Manipulation of data
Released: 2008-06-16
t0pP8uZz has reported some vulnerabilities in AstraSoft AskMe Pro,
which can be exploited by malicious people to conduct SQL injection
attacks.
Full Advisory:
http://secunia.com/advisories/30672/
--
[SA30668] Skulltag Packet Parsing Denial of Service
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2008-06-17
Luigi Auriemma has reported a vulnerability in Skulltag, which can be
exploited by malicious people to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/30668/
--
[SA30657] ClamAV Petite Processing Denial of Service Vulnerability
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2008-06-17
A vulnerability has been reported in ClamAV, which can be exploited by
malicious people to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/30657/
--
[SA30758] DekiWiki Search Cross-Site Scripting Vulnerability
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2008-06-19
A vulnerability has been reported in DekiWiki, which can be exploited
by malicious people to conduct cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/30758/
--
[SA30750] OpenDocMan Cross-Site Scripting Vulnerabilities
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2008-06-18
Some vulnerabilities have been discovered in OpenDocMan, which can be
exploited by malicious people to conduct cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/30750/
--
[SA30748] Novell eDirectory iMonitor Error Message Cross-Site
Scripting
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2008-06-18
A vulnerability has been reported in Novell eDirectory, which can be
exploited by malicious people to conduct cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/30748/
--
[SA30746] Adobe Flex 3 History Management Cross-Site Scripting
Vulnerability
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2008-06-18
A vulnerability has been reported in Adobe Flex 3, which can be
exploited by malicious people to conduct cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/30746/
--
[SA30704] Turba Contact View Script Insertion Vulnerability
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2008-06-16
A vulnerability has been reported in Turba, which can be exploited by
malicious users to conduct script insertion attacks.
Full Advisory:
http://secunia.com/advisories/30704/
--
[SA30698] MediaWiki WikiHiero Extension Cross-Site Scripting
Vulnerabilities
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2008-06-17
Some vulnerabilities have been reported in the WikiHiero extension for
MediaWiki, which can be exploited by malicious people to conduct
cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/30698/
--
[SA30697] Horde Products Cross-Site Scripting and Script Insertion
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2008-06-16
Some vulnerabilities have been reported in various Horde products,
which can be exploited by malicious users to conduct script insertion
attacks and by malicious people to conduct cross-site scripting
attacks.
Full Advisory:
http://secunia.com/advisories/30697/
--
[SA30680] Family Connections Multiple SQL Injection Vulnerabilities
Critical: Less critical
Where: From remote
Impact: Manipulation of data, Exposure of sensitive information
Released: 2008-06-16
CWH Underground has discovered some vulnerabilities in Family
Connections, which can be exploited by malicious users to conduct SQL
injection attacks.
Full Advisory:
http://secunia.com/advisories/30680/
--
[SA30662] Lyris ListManager "words" Cross-Site Scripting Vulnerability
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2008-06-16
Russ McRee has discovered a vulnerability in Lyris ListManager, which
can be exploited by malicious people to conduct cross-site scripting
attacks.
Full Advisory:
http://secunia.com/advisories/30662/
========================================================================
Secunia recommends that you verify all advisories you receive,
by clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only use
those supplied by the vendor.
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Subscribe:
http://secunia.com/secunia_weekly_summary/
Contact details:
Web : http://secunia.com/
E-mail : support@private
Tel : +45 70 20 51 44
Fax : +45 70 20 51 45
_______________________________________________
Attend Black Hat USA, August 2-7 in Las Vegas,
the world's premier technical event for ICT security experts.
Featuring 40 hands-on training courses and 80 Briefings
presentations with lots of new content and new tools.
Network with 4,000 delegates from 50 nations.
Visit product displays by 30 top sponsors in
a relaxed setting. http://www.blackhat.com
This archive was generated by hypermail 2.1.3 : Fri Jun 20 2008 - 01:21:57 PDT