======================================================================== The Secunia Weekly Advisory Summary 2008-06-26 - 2008-07-03 This week: 69 advisories ======================================================================== Table of Contents: 1.....................................................Word From Secunia 2....................................................This Week In Brief 3...............................This Weeks Top Ten Most Read Advisories 4.......................................Vulnerabilities Summary Listing 5.......................................Vulnerabilities Content Listing ======================================================================== 1) Word From Secunia: Try the Secunia Network Software Inspector (NSI) 2.0 for free! The Secunia NSI 2.0 is available as a 7-day trial download and can be used to scan up to 3 hosts within your network. Download the Secunia NSI trial version from: https://psi.secunia.com/NSISetup.exe ======================================================================== 2) This Week in Brief: sirdarckcat has discovered a vulnerability in Internet Explorer, which can be exploited by malicious people to conduct spoofing attacks. The problem is that it is possible for a website to modify the location of another frame in another window by setting the location to an object instead of a string. This can be exploited to load malicious content into a frame of a trusted website. For more information, refer to: http://secunia.com/advisories/30851/ -- Ph4nt0m Security Team has discovered a vulnerability in Internet Explorer 6, which can be exploited by malicious people to conduct cross-domain scripting attacks. The vulnerability is caused due to an input validation error when handling the "location" or "location.href" property of a window object. This can be exploited by a malicious website to e.g. open a trusted site and execute arbitrary script code in a user's browser session in context of the trusted site. For more information, refer to: http://secunia.com/advisories/30857/ -- VIRUS ALERTS: During the past week Secunia collected 180 virus descriptions from the Antivirus vendors. However, none were deemed MEDIUM risk or higher according to the Secunia assessment scale. ======================================================================== 3) This Weeks Top Ten Most Read Advisories: 1. [SA30851] Internet Explorer 7 Frame Location Handling Vulnerability 2. [SA30911] Mozilla Firefox Multiple Vulnerabilities 3. [SA30857] Internet Explorer 6 Window "location" Handling Vulnerability 4. [SA30832] Adobe Reader/Acrobat JavaScript Method Handling Vulnerability 5. [SA30891] S.T.A.L.K.E.R.: Shadow of Chernobyl Multiple Vulnerabilities 6. [SA29953] Realtek HD Audio Codec Driver Vulnerabilities 7. [SA30881] Pidgin MSN File Transfer Filename Processing Vulnerability 8. [SA30761] Mozilla Firefox Unspecified Code Execution Vulnerability 9. [SA30863] Sun Solaris snmpXdmid Denial of Service 10. [SA30802] Apple Mac OS X Security Update Fixes Multiple Vulnerabilities ======================================================================== 4) Vulnerabilities Summary Listing Windows: [SA30937] Opera for Windows Unspecified Code Execution [SA30891] S.T.A.L.K.E.R.: Shadow of Chernobyl Multiple Vulnerabilities [SA30896] EfesTECH Shop "cat_id" SQL Injection Vulnerability [SA30880] Soldner Secret Wars Denial of Service [SA30874] Philboard Cross-Site Scripting and SQL Injection Vulnerabilities [SA30882] Cybozu Products Cross-Site Request Forgery Vulnerability [SA30876] Commtouch Enterprise Anti-Spam Gateway "PARAMS" Cross-Site Scripting [SA30871] Cybozu Garoon Session Fixation and Script Insertion [SA30904] Novell Client NWFS.SYS Unspecified Vulnerability UNIX/Linux: [SA30903] Red Hat update for firefox [SA30898] Ubuntu update for firefox [SA30894] Slackware update for ruby [SA30878] Red Hat update for seamonkey [SA30875] rPath update for ruby [SA30867] Ubuntu update for ruby1.8 [SA30932] rPath update for tshark and wireshark [SA30929] Red Hat update for rhpki-common [SA30910] Debian update for sympa [SA30887] BareNuked CMS "password" SQL Injection Vulnerability [SA30868] Ubuntu update for openssl [SA30864] Gentoo update for motion [SA30927] Fedora update for ruby [SA30908] Sun Solaris 10 Tomcat Multiple Vulnerabilities [SA30899] Sun Solaris 9 Tomcat Multiple Vulnerabilities [SA30895] Fedora update for fetchmail [SA30872] Gentoo update for python [SA30920] Fedora update for kernel [SA30917] Fedora update for openldap [SA30914] Fedora update for squid [SA30901] rPath update for kernel [SA30890] SUSE update for kernel [SA30863] Sun Solaris snmpXdmid Denial of Service [SA30873] CheckInstall Insecure Temporary Files [SA30869] Debian update for dbus [SA30918] Linux DC++ NULL Pointer Dereference and Incomplete Message Denial of Service [SA30907] Fedora update for linuxdcpp Other: Cross Platform: [SA30915] Mozilla Thunderbird Multiple Vulnerabilities [SA30911] Mozilla Firefox Multiple Vulnerabilities [SA30905] TYPO3 WEC Discussion Forum Multiple Vulnerabilities [SA30900] HIOX Banner Rotator "hm" File Inclusion Vulnerability [SA30902] AShop Deluxe "cat" SQL Injection Vulnerability [SA30897] plx Ad Trader "adid" SQL Injection Vulnerability [SA30893] Sun Java System Access Manager XSLT Stylesheet Processing Vulnerability [SA30892] myBloggie SQL Injection Vulnerabilities [SA30889] Pivot "t" Directory Traversal Vulnerability [SA30886] Wireshark Multiple Vulnerabilities [SA30885] Various TYPO3 Extensions Multiple Vulnerabilities [SA30881] Pidgin MSN File Transfer Filename Processing Vulnerability [SA30877] eTicket "pri" SQL Injection Vulnerability [SA30870] testMaker PHP Code Execution Vulnerability [SA30866] CAT2 "spaw_root" Local File Inclusion [SA30865] SePortal SQL Injection Vulnerabilities [SA30862] Riddles Website "riddleid" SQL Injection Vulnerability [SA30861] Tips Website "tipid" SQL Injection Vulnerability [SA30860] Jokes Website "jokeid" SQL Injection Vulnerability [SA30859] Drinks Website "drinkid" SQL Injection Vulnerability [SA30936] Drupal Outline Designer Security Bypass [SA30935] Opera Canvas Functions Information Disclosure [SA30934] Drupal Tinytax taxonomy block Script Insertion Vulnerabilities [SA30933] Drupal Taxonomy Autotagger SQL Injection and Script Insertion [SA30928] Drupal Organic groups Information Disclosure and Script Insertion [SA30924] Ruby "rb_ary_fill()" Denial of Service Vulnerability [SA30923] FreeStyle Wiki Cross-Site Scripting Vulnerability [SA30919] XchangeBoard "boardID" SQL Injection Vulnerability [SA30912] HP System Management Homepage Unspecified Cross-Site Scripting Vulnerability [SA30909] PHP Agenda "page" Local File Inclusion [SA30906] TYPO3 Send-A-Card Extension Cross-Site Scripting Vulnerabilities [SA30884] TYPO3 phpMyAdmin Extension Unspecified Cross-Site Scripting [SA30879] GraphicsMagick Multiple Denial of Service Vulnerabilities ======================================================================== 5) Vulnerabilities Content Listing Windows:-- [SA30937] Opera for Windows Unspecified Code Execution Critical: Highly critical Where: From remote Impact: System access Released: 2008-07-03 A vulnerability has been reported in Opera, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/30937/ -- [SA30891] S.T.A.L.K.E.R.: Shadow of Chernobyl Multiple Vulnerabilities Critical: Highly critical Where: From remote Impact: DoS, System access Released: 2008-06-30 Luigi Auriemma has reported some vulnerabilities in S.T.A.L.K.E.R.: Shadow of Chernobyl, which can be exploited by malicious people to cause a DoS (Denial of Service) or compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/30891/ -- [SA30896] EfesTECH Shop "cat_id" SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2008-07-02 Dr.Kacak has reported a vulnerability in EfesTECH Shop, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/30896/ -- [SA30880] Soldner Secret Wars Denial of Service Critical: Moderately critical Where: From remote Impact: DoS Released: 2008-07-01 Luigi Auriemma has reported a vulnerability in Soldner Secret Wars, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/30880/ -- [SA30874] Philboard Cross-Site Scripting and SQL Injection Vulnerabilities Critical: Moderately critical Where: From remote Impact: Cross Site Scripting, Manipulation of data Released: 2008-06-30 Bl_at_ckbe@rD has reported some vulnerabilities in Philboard, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks. Full Advisory: http://secunia.com/advisories/30874/ -- [SA30882] Cybozu Products Cross-Site Request Forgery Vulnerability Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2008-06-27 A vulnerability has been reported in Cybozu products, which can be exploited by malicious people to conduct cross-site request forgery attacks. Full Advisory: http://secunia.com/advisories/30882/ -- [SA30876] Commtouch Enterprise Anti-Spam Gateway "PARAMS" Cross-Site Scripting Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2008-06-27 Erez Metula has reported a vulnerability in Commtouch Enterprise Anti-Spam Gateway, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/30876/ -- [SA30871] Cybozu Garoon Session Fixation and Script Insertion Critical: Less critical Where: From remote Impact: Hijacking, Cross Site Scripting Released: 2008-06-27 Some vulnerabilities have been reported in Cybozu Garoon, which can be exploited by malicious people to conduct session fixation and script insertion attacks. Full Advisory: http://secunia.com/advisories/30871/ -- [SA30904] Novell Client NWFS.SYS Unspecified Vulnerability Critical: Less critical Where: Local system Impact: Unknown Released: 2008-06-30 A vulnerability with an unknown impact has been reported in Novell Client. Full Advisory: http://secunia.com/advisories/30904/ UNIX/Linux:-- [SA30903] Red Hat update for firefox Critical: Highly critical Where: From remote Impact: Security Bypass, Cross Site Scripting, Spoofing, DoS, System access Released: 2008-07-02 Red Hat has issued an update for firefox. This fixes some vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting and spoofing attacks, to bypass certain security restrictions, or to potentially compromise a user's system. Full Advisory: http://secunia.com/advisories/30903/ -- [SA30898] Ubuntu update for firefox Critical: Highly critical Where: From remote Impact: Security Bypass, Cross Site Scripting, Spoofing, DoS, System access Released: 2008-07-02 Ubuntu has issued an update for firefox. This fixes some vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting and spoofing attacks, to bypass certain security restrictions, or to potentially compromise a user's system. Full Advisory: http://secunia.com/advisories/30898/ -- [SA30894] Slackware update for ruby Critical: Highly critical Where: From remote Impact: Exposure of system information, Exposure of sensitive information, DoS, System access Released: 2008-06-30 Slackware has issued an update for ruby. This fixes some vulnerabilities, which can be exploited by malicious people to disclose sensitive information, cause a DoS (Denial of Service), or potentially compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/30894/ -- [SA30878] Red Hat update for seamonkey Critical: Highly critical Where: From remote Impact: System access, DoS, Exposure of sensitive information, Spoofing, Cross Site Scripting, Security Bypass Released: 2008-07-03 Red Hat has issued an update for seamonkey. This fixes some vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting and spoofing attacks, bypass certain security restrictions, disclose sensitive information, or potentially compromise a user's system. Full Advisory: http://secunia.com/advisories/30878/ -- [SA30875] rPath update for ruby Critical: Highly critical Where: From remote Impact: Exposure of system information, Exposure of sensitive information, DoS, System access Released: 2008-06-27 rPath has issued an update for ruby. This fixes some vulnerabilities, which can be exploited by malicious people to disclose sensitive information, cause a DoS (Denial of Service), or potentially compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/30875/ -- [SA30867] Ubuntu update for ruby1.8 Critical: Highly critical Where: From remote Impact: Exposure of system information, Exposure of sensitive information, DoS, System access Released: 2008-06-27 Ubuntu has issued an update for ruby1.8. This fixes some vulnerabilities, which can be exploited by malicious people to disclose sensitive information, cause a DoS (Denial of Service), or potentially compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/30867/ -- [SA30932] rPath update for tshark and wireshark Critical: Moderately critical Where: From remote Impact: Exposure of sensitive information, DoS Released: 2008-07-03 rPath has issued an update for tshark and wireshark. This fixes some vulnerabilities, which can be exploited by malicious people to disclose potentially sensitive information or cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/30932/ -- [SA30929] Red Hat update for rhpki-common Critical: Moderately critical Where: From remote Impact: Security Bypass Released: 2008-07-03 Red Hat has issued an update for rhpki-common. This fixes a security issue, which can be exploited by malicious people to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/30929/ -- [SA30910] Debian update for sympa Critical: Moderately critical Where: From remote Impact: DoS Released: 2008-07-02 Debian has issued an update for sympa. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/30910/ -- [SA30887] BareNuked CMS "password" SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Security Bypass, Manipulation of data Released: 2008-07-01 CWH Underground has discovered a vulnerability in BareNuked CMS, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/30887/ -- [SA30868] Ubuntu update for openssl Critical: Moderately critical Where: From remote Impact: DoS Released: 2008-06-27 Ubuntu has issued an update for openssl. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/30868/ -- [SA30864] Gentoo update for motion Critical: Moderately critical Where: From remote Impact: System access Released: 2008-07-01 Gentoo has issued an update for motion. This fixes some vulnerabilities, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/30864/ -- [SA30927] Fedora update for ruby Critical: Less critical Where: From remote Impact: DoS Released: 2008-07-03 Fedora has issued an update for ruby. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/30927/ -- [SA30908] Sun Solaris 10 Tomcat Multiple Vulnerabilities Critical: Less critical Where: From remote Impact: Security Bypass, Cross Site Scripting, Exposure of sensitive information, DoS Released: 2008-07-01 Sun has acknowledged some vulnerabilities in Tomcat included in Sun Solaris 10, which can be exploited by malicious people to bypass certain security restrictions, disclose potentially sensitive information, conduct cross-site scripting attacks, or to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/30908/ -- [SA30899] Sun Solaris 9 Tomcat Multiple Vulnerabilities Critical: Less critical Where: From remote Impact: Security Bypass, Cross Site Scripting, Exposure of sensitive information, DoS Released: 2008-07-01 Sun has acknowledged some vulnerabilities in Tomcat included in Sun Solaris 9, which can be exploited by malicious people to bypass certain security restrictions, disclose potentially sensitive information, conduct cross-site scripting attacks, or to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/30899/ -- [SA30895] Fedora update for fetchmail Critical: Less critical Where: From remote Impact: DoS Released: 2008-06-30 Fedora has issued an update for fetchmail. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/30895/ -- [SA30872] Gentoo update for python Critical: Less critical Where: From remote Impact: Exposure of sensitive information, DoS, System access Released: 2008-07-01 Gentoo has issued an update for python. This fixes some security issues, which can potentially be exploited by malicious people to disclose sensitive information, cause a DoS (Denial of Service), or to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/30872/ -- [SA30920] Fedora update for kernel Critical: Less critical Where: From local network Impact: Privilege escalation, DoS Released: 2008-07-02 Fedora has issued an update for the kernel. This fixes some vulnerabilities, which can be exploited by malicious, local users to gain escalated privileges and by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/30920/ -- [SA30917] Fedora update for openldap Critical: Less critical Where: From local network Impact: DoS Released: 2008-07-03 Fedora has issued an update for openldap. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/30917/ -- [SA30914] Fedora update for squid Critical: Less critical Where: From local network Impact: DoS Released: 2008-07-03 Fedora has issued an update for squid. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/30914/ -- [SA30901] rPath update for kernel Critical: Less critical Where: From local network Impact: DoS Released: 2008-07-01 rPath has issued an update for the kernel. This fixes some vulnerabilities, which potentially can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/30901/ -- [SA30890] SUSE update for kernel Critical: Less critical Where: From local network Impact: Privilege escalation, DoS Released: 2008-07-02 SUSE has issued an update for the kernel. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service), and by malicious, local users to cause a DoS or to potentially gain escalated privileges. Full Advisory: http://secunia.com/advisories/30890/ -- [SA30863] Sun Solaris snmpXdmid Denial of Service Critical: Less critical Where: From local network Impact: DoS Released: 2008-06-27 A vulnerability has been reported in Sun Solaris, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/30863/ -- [SA30873] CheckInstall Insecure Temporary Files Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2008-06-27 Two security issues have been reported in CheckInstall, which can be exploited by malicious, local users to perform certain actions with escalated privileges. Full Advisory: http://secunia.com/advisories/30873/ -- [SA30869] Debian update for dbus Critical: Less critical Where: Local system Impact: Security Bypass Released: 2008-06-27 Debian has issued an update for dbus. This fixes a security issue, which can be exploited by malicious, local users to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/30869/ -- [SA30918] Linux DC++ NULL Pointer Dereference and Incomplete Message Denial of Service Critical: Not critical Where: From remote Impact: DoS Released: 2008-07-02 Two weaknesses have been reported in Linux DC++, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/30918/ -- [SA30907] Fedora update for linuxdcpp Critical: Not critical Where: From remote Impact: DoS Released: 2008-07-03 Fedora has issued an update for linuxdccp. This fixes two weaknesses, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/30907/ Other: Cross Platform:-- [SA30915] Mozilla Thunderbird Multiple Vulnerabilities Critical: Highly critical Where: From remote Impact: DoS, System access Released: 2008-07-02 Some vulnerabilities have been reported in Mozilla Thunderbird, which potentially can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/30915/ -- [SA30911] Mozilla Firefox Multiple Vulnerabilities Critical: Highly critical Where: From remote Impact: Security Bypass, Cross Site Scripting, Spoofing, Exposure of system information, Exposure of sensitive information, DoS, System access Released: 2008-07-02 Some vulnerabilities have been reported in Mozilla Firefox, which can be exploited by malicious people to conduct cross-site scripting and spoofing attacks, bypass certain security restrictions, disclose sensitive information, or potentially compromise a user's system. Full Advisory: http://secunia.com/advisories/30911/ -- [SA30905] TYPO3 WEC Discussion Forum Multiple Vulnerabilities Critical: Highly critical Where: From remote Impact: Cross Site Scripting, System access Released: 2008-07-01 Some vulnerabilities have been reported in the WEC Discussion Forum (wec_discussion) extension for TYPO3, which can be exploited by malicious people to conduct cross-site scripting attacks or compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/30905/ -- [SA30900] HIOX Banner Rotator "hm" File Inclusion Vulnerability Critical: Highly critical Where: From remote Impact: System access Released: 2008-07-01 Ghost Hacker has discovered a vulnerability in HIOX Banner Rotator (HBR), which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/30900/ -- [SA30902] AShop Deluxe "cat" SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Manipulation of data, Exposure of sensitive information Released: 2008-07-02 n0c0py has reported a vulnerability in AShop Deluxe, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/30902/ -- [SA30897] plx Ad Trader "adid" SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Manipulation of data, Exposure of sensitive information Released: 2008-07-02 Hussin X has reported a vulnerability in plx Ad Trader, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/30897/ -- [SA30893] Sun Java System Access Manager XSLT Stylesheet Processing Vulnerability Critical: Moderately critical Where: From remote Impact: System access Released: 2008-06-30 A vulnerability has been reported in Sun Java Access Manager, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/30893/ -- [SA30892] myBloggie SQL Injection Vulnerabilities Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2008-07-01 Jesper Jurcenoks has reported some vulnerabilities in myBloggie, which can be exploited by malicious users or people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/30892/ -- [SA30889] Pivot "t" Directory Traversal Vulnerability Critical: Moderately critical Where: From remote Impact: Exposure of system information, Exposure of sensitive information Released: 2008-07-01 Nine:Situations:Group::bookoo has reported a vulnerability in Pivot, which can be exploited by malicious people to disclose sensitive information. Full Advisory: http://secunia.com/advisories/30889/ -- [SA30886] Wireshark Multiple Vulnerabilities Critical: Moderately critical Where: From remote Impact: Exposure of sensitive information, DoS Released: 2008-07-01 Some vulnerabilities have been reported in Wireshark, which can be exploited by malicious people to disclose potentially sensitive information or cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/30886/ -- [SA30885] Various TYPO3 Extensions Multiple Vulnerabilities Critical: Moderately critical Where: From remote Impact: Security Bypass, Manipulation of data, DoS Released: 2008-07-01 Multiple vulnerabilities have been reported in various TYPO3 extensions, which can be exploited by malicious users or people to bypass certain security restrictions, conduct SQL injection attacks or cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/30885/ -- [SA30881] Pidgin MSN File Transfer Filename Processing Vulnerability Critical: Moderately critical Where: From remote Impact: DoS, System access Released: 2008-06-27 Juan Pablo Lopez Yacubian has discovered a vulnerability in Pidgin, which potentially can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/30881/ -- [SA30877] eTicket "pri" SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2008-06-27 Omer Singer has reported a vulnerability in eTicket, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/30877/ -- [SA30870] testMaker PHP Code Execution Vulnerability Critical: Moderately critical Where: From remote Impact: System access Released: 2008-06-27 A vulnerability has been reported in testMaker, which can be exploited by malicious users to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/30870/ -- [SA30866] CAT2 "spaw_root" Local File Inclusion Critical: Moderately critical Where: From remote Impact: Exposure of system information, Exposure of sensitive information Released: 2008-07-02 StAkeR has discovered a vulnerability in CAT2, which can be exploited by malicious people to disclose sensitive information. Full Advisory: http://secunia.com/advisories/30866/ -- [SA30865] SePortal SQL Injection Vulnerabilities Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2008-06-30 Mr.SQL has reported some vulnerabilities in SePortal, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/30865/ -- [SA30862] Riddles Website "riddleid" SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Manipulation of data, Exposure of sensitive information Released: 2008-06-27 Cyb3r-1sT has discovered a vulnerability in Riddles Website, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/30862/ -- [SA30861] Tips Website "tipid" SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Manipulation of data, Exposure of sensitive information Released: 2008-06-27 Cyb3r-1sT has discovered a vulnerability in Tips Website, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/30861/ -- [SA30860] Jokes Website "jokeid" SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Manipulation of data, Exposure of sensitive information Released: 2008-06-27 Cyb3r-1sT has discovered a vulnerability in Jokes Website, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/30860/ -- [SA30859] Drinks Website "drinkid" SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Manipulation of data, Exposure of sensitive information Released: 2008-06-27 Cyb3r-1sT has discovered a vulnerability in Drinks Website, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/30859/ -- [SA30936] Drupal Outline Designer Security Bypass Critical: Less critical Where: From remote Impact: Security Bypass Released: 2008-07-03 A vulnerability has been reported in the Outline Designer module for Drupal, which can be exploited by malicious users to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/30936/ -- [SA30935] Opera Canvas Functions Information Disclosure Critical: Less critical Where: From remote Impact: Exposure of sensitive information Released: 2008-07-03 A vulnerability has been reported in Opera, which can be exploited by malicious people to potentially disclose sensitive information. Full Advisory: http://secunia.com/advisories/30935/ -- [SA30934] Drupal Tinytax taxonomy block Script Insertion Vulnerabilities Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2008-07-03 Some vulnerabilities have been reported in the Tinytax taxonomy block module for Drupal, which can be exploited by malicious users to conduct script insertion attacks. Full Advisory: http://secunia.com/advisories/30934/ -- [SA30933] Drupal Taxonomy Autotagger SQL Injection and Script Insertion Critical: Less critical Where: From remote Impact: Cross Site Scripting, Manipulation of data Released: 2008-07-03 Some vulnerabilities have been reported in the Taxonomy Autotagger module for Drupal, which can be exploited by malicious users to conduct SQL injection and script insertion attacks. Full Advisory: http://secunia.com/advisories/30933/ -- [SA30928] Drupal Organic groups Information Disclosure and Script Insertion Critical: Less critical Where: From remote Impact: Cross Site Scripting, Exposure of sensitive information Released: 2008-07-03 Some vulnerabilities have been reported in the Organic groups module for Drupal, which can be exploited by malicious users to disclose potentially sensitive information or conduct script insertion attacks. Full Advisory: http://secunia.com/advisories/30928/ -- [SA30924] Ruby "rb_ary_fill()" Denial of Service Vulnerability Critical: Less critical Where: From remote Impact: DoS Released: 2008-07-02 Vincenzo "snagg" Iozzo has reported a vulnerability in Ruby, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/30924/ -- [SA30923] FreeStyle Wiki Cross-Site Scripting Vulnerability Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2008-07-03 A vulnerability has been reported in FreeStyle Wiki, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/30923/ -- [SA30919] XchangeBoard "boardID" SQL Injection Vulnerability Critical: Less critical Where: From remote Impact: Manipulation of data, Exposure of sensitive information Released: 2008-07-03 haZl0oh has discovered a vulnerability in XchangeBoard, which can be exploited by malicious users to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/30919/ -- [SA30912] HP System Management Homepage Unspecified Cross-Site Scripting Vulnerability Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2008-07-02 A vulnerability has been reported in HP System Management Homepage (SMH), which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/30912/ -- [SA30909] PHP Agenda "page" Local File Inclusion Critical: Less critical Where: From remote Impact: Exposure of system information, Exposure of sensitive information Released: 2008-07-02 StAkeR has discovered a vulnerability in PHP Agenda, which can be exploited by malicious users to disclose sensitive information. Full Advisory: http://secunia.com/advisories/30909/ -- [SA30906] TYPO3 Send-A-Card Extension Cross-Site Scripting Vulnerabilities Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2008-07-01 Some vulnerabilities have been reported in the Send-A-Card (sr_sendcard) extension for TYPO3, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/30906/ -- [SA30884] TYPO3 phpMyAdmin Extension Unspecified Cross-Site Scripting Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2008-07-01 A vulnerability has been reported in the phpMyAdmin (phpmyadmin) extension for TYPO3, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/30884/ -- [SA30879] GraphicsMagick Multiple Denial of Service Vulnerabilities Critical: Less critical Where: From remote Impact: DoS Released: 2008-07-01 Some vulnerabilities have been reported in GraphicsMagick, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/30879/ ======================================================================== Secunia recommends that you verify all advisories you receive, by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Subscribe: http://secunia.com/secunia_weekly_summary/ Contact details: Web : http://secunia.com/ E-mail : support_at_private Tel : +45 70 20 51 44 Fax : +45 70 20 51 45 _______________________________________________ Attend Black Hat USA, August 2-7 in Las Vegas, the world's premier technical event for ICT security experts. Featuring 40 hands-on training courses and 80 Briefings presentations with lots of new content and new tools. Network with 4,000 delegates from 50 nations. Visit product displays by 30 top sponsors in a relaxed setting. http://www.blackhat.comReceived on Fri Jul 04 2008 - 02:18:25 PDT
This archive was generated by hypermail 2.2.0 : Fri Jul 04 2008 - 02:23:16 PDT