[ISN] Secunia Weekly Summary - Issue: 2008-29

From: InfoSec News <alerts_at_private>
Date: Fri, 18 Jul 2008 02:46:53 -0500 (CDT)
========================================================================

                  The Secunia Weekly Advisory Summary                  
                        2008-07-10 - 2008-07-17                        

                       This week: 189 advisories                       

========================================================================
Table of Contents:

1.....................................................Word From Secunia
2....................................................This Week In Brief
3...............................This Weeks Top Ten Most Read Advisories
4.......................................Vulnerabilities Summary Listing
5.......................................Vulnerabilities Content Listing

========================================================================
1) Word From Secunia:

Try the Secunia Network Software Inspector (NSI) 2.0 for free! The
Secunia NSI 2.0 is available as a 7-day trial download and can be used
to scan up to 3 hosts within your network.

Download the Secunia NSI trial version from:
https://psi.secunia.com/NSISetup.exe

========================================================================
2) This Week in Brief:

Some vulnerabilities have been reported in Firefox 3, which can be
exploited by malicious people to bypass certain security restrictions,
potentially conduct spoofing attacks, or compromise a user's system.

For more information, refer to:
http://secunia.com/advisories/31106/

 --

Some vulnerabilities have been reported in Apple iPhone and iPod touch,
which can be exploited by malicious people to conduct spoofing and
cross-site scripting attacks, cause a DoS (Denial of Service), bypass
certain security restrictions, or compromise a user's system.

For more information, refer to:
http://secunia.com/advisories/31074/

 --

Some vulnerabilities have been reported in Apple TV, which can be
exploited by malicious people to compromise a vulnerable system.

For more information, refer to:
http://secunia.com/advisories/31034/

 --

VIRUS ALERTS:

During the past week Secunia collected 190 virus descriptions from the
Antivirus vendors. However, none were deemed MEDIUM risk or higher
according to the Secunia assessment scale.

========================================================================
3) This Weeks Top Ten Most Read Advisories:

1.  [SA31010] Sun Java JDK / JRE Multiple Vulnerabilities
2.  [SA30975] Microsoft Word Unspecified Code Execution Vulnerability
3.  [SA31048] Linux Kernel Multiple Vulnerabilities
4.  [SA30973] ISC BIND Query Port DNS Cache Poisoning
5.  [SA31051] SUSE update for MozillaFirefox
6.  [SA31044] Wireshark Packet Reassembly Denial of Service
7.  [SA31043] Sun Solaris Thunderbird Multiple Vulnerabilities
8.  [SA31106] Mozilla Firefox 3 URI Launching and XUL Error Page
              Vulnerabilities
9.  [SA31074] Apple iPhone / iPod touch Multiple Vulnerabilities
10. [SA31052] SUSE update for bind

========================================================================
4) Vulnerabilities Summary Listing

Windows:
[SA30975] Microsoft Word Unspecified Code Execution Vulnerability
[SA31141] BlackBerry Unite! PDF Processing Vulnerability
[SA31095] Black Ice Document Imaging SDK "OpenGifFile()" Buffer
Overflow
[SA31092] BlackBerry Enterprise Server PDF Processing Vulnerability
[SA31087] Oracle Products Multiple Vulnerabilities
[SA30952] PPMate PPMedia Class ActiveX Control Buffer Overflow
[SA31118] F-Prot Antivirus Multiple Denial of Service Vulnerabilities
[SA31114] FreeStyle Wiki CGI::Session "File" Driver "CGISESSID"
Directory Traversal
[SA31102] WinRemotePC Packet Handling Denial of Service
[SA31001] Adobe RoboHelp Server Cross-Site Scripting and SQL Injection
[SA30997] Download Accelerator Plus Import File Buffer Overflow
[SA30987] Dokeos "include" Local File Inclusion Vulnerability
[SA30968] Procapita SQL Injection Vulnerabilities
[SA30964] Microsoft Outlook Web Access Script Insertion
Vulnerabilities
[SA30953] Microsoft Windows Explorer Saved Search Vulnerability
[SA30940] CMailServer POP3 Class ActiveX Control Buffer Overflow
[SA31148] HP Select Identity Active Directory Bidirectional LDAP
Connector Unauthorized Access
[SA31117] CGI::Session "File" Driver "CGISESSID" Directory Traversal
[SA30978] Xerox CentreWare Web Multiple Vulnerabilities
[SA30970] Microsoft SQL Server and MSDE Multiple Vulnerabilities

UNIX/Linux:
[SA31132] Mozilla Firefox 3 on Mac OS X GIF File Handling Code
Execution
[SA31122] Red Hat update for seamonkey
[SA31121] Red Hat update for firefox
[SA31099] php Help Agent "content" File Inclusion Vulnerability
[SA31090] Red Hat update for ruby
[SA31078] Fedora update for java-1.6.0-openjdk 
[SA31076] SUSE update for MozillaFirefox
[SA31069] Debian update for iceweasel
[SA31067] Red Hat update for java-1.4.2-ibm
[SA31062] Red Hat update for ruby
[SA31055] Red Hat update for java-1.5.0-sun
[SA31051] SUSE update for MozillaFirefox
[SA31043] Sun Solaris Thunderbird Multiple Vulnerabilities
[SA31035] Debian update for poppler
[SA31029] Gentoo update for openoffice and openoffice-bin
[SA31023] Slackware update for seamonkey
[SA31021] Slackware update for mozilla-firefox
[SA31020] Fedora update for java-1.7.0-icedtea
[SA31008] rPath update for firefox
[SA31005] Fedora update for seamonkey
[SA31002] Gentoo update for poppler
[SA30992] Fedora update for WebKit
[SA30963] Poppler "pageWidgets" Uninitialized Memory Access
[SA30949] Fedora update for firefox
[SA31143] HP-UX update for bind
[SA31124] Red Hat update for php
[SA31119] Red Hat update for php
[SA31107] Ubuntu update for kernel
[SA31105] Debian update for gaim
[SA31104] Debian update for lighttpd
[SA31094] IBM AIX DNS Cache Poisoning
[SA31085] Fedora update for wireshark
[SA31083] Scripteen Free Image Hosting Script Security Bypass and SQL
Injection
[SA31082] Fedora update for php-pecl-apc
[SA31080] Fedora update for newsx
[SA31079] Fedora update for drupal
[SA31072] Gentoo update for bind
[SA31071] Maian Recipe "recipe_cookie" Security Bypass Vulnerability
[SA31060] Apple Xcode tools Vulnerability and Security Issue
[SA31058] reSIProcate Long Domain Name Denial of Service
[SA31052] SUSE update for bind
[SA31037] Sophos Products Zero-byte MIME Attachments Denial of Service
[SA31033] FreeBSD update for bind
[SA31022] Slackware update for bind
[SA31019] Fedora update for bind
[SA31016] Red Hat update for pidgin
[SA31014] Sun Solaris DNS Cache Poisoning Vulnerability
[SA31011] Nominum CNS and Vantio DNS Cache Poisoning Vulnerability
[SA31007] rPath update for vsftpd
[SA30998] Ubuntu update for bind
[SA30994] FFmpeg libavformat "str_read_packet()" Buffer Overflow
[SA30993] Fedora update for sipp
[SA30990] Ubuntu update for pcre3
[SA30989] Debian bind DNS Cache Poisoning Vulnerability
[SA30988] Debian update for bind9
[SA30980] Sun Solaris 10 DNS Cache Poisoning Vulnerability
[SA30977] Red Hat update for bind
[SA30972] Gentoo update for libpcre and glib
[SA30971] Pidgin MSN SLP Message Integer Overflow Vulnerabilities
[SA30967] SUSE Update for Multiple Packages
[SA30962] SUSE update for kernel
[SA30961] Debian update for pcre3
[SA30958] Fedora update for pcre
[SA30945] Fedora update for glib2
[SA30944] GNOME Glib PCRE pcre_compile.c Buffer Overflow Vulnerability
[SA30942] rPath update for wireshark
[SA31057] Red Hat update for bluez-libs and bluez-utils
[SA30957] BlueZ SDP Processing Vulnerability
[SA31142] rPath update for httpd
[SA31026] Gentoo update for apache
[SA31018] Fedora update for moodle
[SA31006] rPath update for ruby
[SA30986] Moodle KSES HTML Filter Bypass Vulnerability
[SA30960] Debian update for wordpress
[SA30955] Simple Machines Forum "HTML-Tag" Vulnerability
[SA30941] Fedora update for jetty
[SA30996] Red Hat update for openldap
[SA31131] Debian update for afuse
[SA31109] OpenBSD update for X.Org
[SA31103] Op "XAUTHORITY" Buffer Overflow Vulnerability
[SA31086] Afuse Shell Command Injection Vulnerability
[SA31066] Debian update for mysql-dfsg-5.0 
[SA31048] Linux Kernel Multiple Vulnerabilities
[SA31025] Gentoo update for nx
[SA31110] Gentoo update for mercurial
[SA31108] Mercurial "applydiff()" Directory Traversal Security Issue

Other:
[SA31034] Apple TV Multiple Vulnerabilities
[SA31153] Blue Coat ProxyRA DNS Cache Poisoning Vulnerability
[SA31152] Blue Coat Director DNS Cache Poisoning Vulnerability
[SA31151] Blue Coat ProxySG DNS Cache Poisoning Vulnerability
[SA31137] Blue Coat PacketShaper and iShaper DNS Cache Poisoning
[SA31093] F5 Products DNS Cache Poisoning Vulnerability
[SA31065] Novell Netware DNS Cache Poisoning Vulnerability
[SA31031] Nixu Secure Name Server BIND Query Port DNS Cache Poisoning
[SA31030] Infoblox NIOS BIND Query Port DNS Cache Poisoning
[SA31012] Juniper Networks Products DNS Cache Poisoning Vulnerability
[SA30965] F5 FirePass 1200 SSL VPN SNMP Denial of Service

Cross Platform:
[SA31127] PHPizabi "writeLogEntry()" Arbitrary PHP Code Execution
[SA31113] HP Oracle for OpenView Multiple Vulnerabilities
[SA31106] Mozilla Firefox 3 URI Launching and XUL Error Page
Vulnerabilities
[SA31101] Pragyan CMS File Inclusion Vulnerabilities
[SA31074] Apple iPhone / iPod touch Multiple Vulnerabilities
[SA31010] Sun Java JDK / JRE Multiple Vulnerabilities
[SA30999] Ray "sIncPath" File Inclusion Vulnerability
[SA30995] SafeHTML "dir[plugins]" File Inclusion Vulnerabilities
[SA30991] vBulletin Two Script Insertion Vulnerabilities
[SA30981] Dolphin File Inclusion Vulnerabilities
[SA30956] Yourplace Authentication Bypass Vulnerability
[SA30951] 1024 CMS Multiple File Inclusion Vulnerabilities
[SA30950] Neutrino Atomic Edition Security Bypass Vulnerability
[SA30948] webXell Editor File Upload Vulnerability
[SA30947] Thelia auth.php Security Bypass Vulnerability
[SA30939] ImperialBB Avatar File Upload Vulnerability
[SA31126] Joomla DT Register Component "eventId" SQL Injection
[SA31116] Claroline Unspecified Vulnerabilities
[SA31112] AlstraSoft Affiliate Network Pro "pgm" SQL Injection
Vulnerability
[SA31100] Comdev Web Blogger "arcmonth" SQL Injection Vulnerability
[SA31098] Galatolo WebManager SQL Injection and Cross-Site Scripting
[SA31088] Pluck predefined_variables.php Local File inclusion
Vulnerabilities
[SA31084] ITechBids Cross-Site Scripting and SQL Injection
[SA31077] Yuhhu Pubs Black Cat "category" SQL Injection Vulnerability
[SA31075] Maian Search "search_cookie" Security Bypass Vulnerability
[SA31070] Maian Guestbook "gbook_cookie" Security Bypass Vulnerability
[SA31068] Maian Links "links_cookie" Security Bypass Vulnerability
[SA31063] @1 File Store PRO "id" SQL Injection Vulnerabilities
[SA31061] Wysi Wiki Wyg "c" Directory Traversal Vulnerability
[SA31059] Million Pixels "id_cat" SQL Injection Vulnerability
[SA31056] Maian Events "mevents_admin_cookie" Security Bypass
Vulnerability
[SA31054] BilboBlog Multiple Vulnerabilities
[SA31053] CodeDB "lang" Local File Inclusion Vulnerability
[SA31049] jSite Multiple Vulnerabilities
[SA31047] webcms.es webCMS Portal Edition "id" SQL Injection
Vulnerability
[SA31045] Maian Uploader "uploader_cookie" Security Bypass
Vulnerability
[SA31044] Wireshark Packet Reassembly Denial of Service
[SA31040] phpDatingClub "page" Local File Inclusion
[SA31039] Zen Cart Two Local File Inclusion Vulnerabilities
[SA31038] Maian Music "mmusic_cookie" Security Bypass Vulnerability
[SA31032] DreamNews Manager "id" SQL Injection Vulnerability
[SA31028] Drupal Multiple Vulnerabilities
[SA31024] vbDrupal Multiple Vulnerabilities
[SA31013] MyBB Multiple Vulnerabilities
[SA31009] DreamPics Builder "page" SQL Injection Vulnerability
[SA31004] Lastminute Script "cid" SQL Injection Vulnerability
[SA31000] AuraCMS "pages_data.php" Manipulation of Data
[SA30985] Hotel Script "file" SQL Injection Vulnerability
[SA30984] Real Estate Script "listing_id" SQL Injection Vulnerability
[SA30983] BrewBlogger "authenticateUser()" SQL Injection Vulnerability
[SA30979] Cisco Products DNS Cache Poisoning Vulnerability
[SA30976] PHP-Nuke 4ndvddb Module "id" SQL Injection Vulnerability
[SA30974] Joomla Unauthorized Access Vulnerabilities
[SA30973] ISC BIND Query Port DNS Cache Poisoning
[SA30969] Triton CMS Pro "X-Forwarded-For" SQL Injection Vulnerability
[SA30959] BlognPlus SQL Injection Vulnerabilities
[SA30954] Empire Server Multiple Vulnerabilities
[SA30943] Maian Weblog "weblog_cookie" Security Bypass Vulnerability
[SA31036] Novell eDirectory LDAP Search Request Buffer Overflow
[SA30938] Novell eDirectory ds.dlm Module Buffer Overflow
[SA31133] Citrix XenServer XenAPI HTTP Interface Cross-Site Scripting
[SA31120] Mozilla Firefox 2 URI Launching Vulnerability
[SA31115] phpMyAdmin Cross-Site Request Forgery Vulnerabilities
[SA31050] Pagefusion Multiple Cross-Site Scripting Vulnerabilities
[SA31041] eSyndiCat Directory Software Pro "register.php" Cross-Site
Scripting
[SA31027] Drupal OpenID Module Vulnerabilities
[SA31017] Moodle KSES HTML Filter Bypass Vulnerability
[SA31015] Xomol CMS "current_url" Cross-Site Scripting Vulnerability
[SA30946] Kasseler CMS Cross-Site Scripting Vulnerability
[SA31064] Firebird 2 Multiple Vulnerabilities and Weakness
[SA31003] Firebird 1 Unspecified Path Disclosure Weakness
[SA30966] WeFi Diagnostic Mode Information Disclosure Weakness

========================================================================
5) Vulnerabilities Content Listing

Windows:--

[SA30975] Microsoft Word Unspecified Code Execution Vulnerability

Critical:    Extremely critical
Where:       From remote
Impact:      System access
Released:    2008-07-09

A vulnerability has been reported in Microsoft Word, which can be
exploited by malicious people to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/30975/

 --

[SA31141] BlackBerry Unite! PDF Processing Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2008-07-17

A vulnerability has been reported in BlackBerry Unite!, which
potentially can be exploited by malicious people to compromise a
vulnerable system.

Full Advisory:
http://secunia.com/advisories/31141/

 --

[SA31095] Black Ice Document Imaging SDK "OpenGifFile()" Buffer
Overflow

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2008-07-16

r0ut3r has discovered a vulnerability in Black Ice Document Imaging
SDK, which can be exploited by malicious people to compromise a user's
system.

Full Advisory:
http://secunia.com/advisories/31095/

 --

[SA31092] BlackBerry Enterprise Server PDF Processing Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2008-07-17

A vulnerability has been reported in BlackBerry Enterprise Server,
which potentially can be exploited by malicious people to compromise a
vulnerable system.

Full Advisory:
http://secunia.com/advisories/31092/

 --

[SA31087] Oracle Products Multiple Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      Security Bypass, Exposure of sensitive information,
Privilege escalation, DoS, System access, Unknown
Released:    2008-07-16

Multiple vulnerabilities have been reported for various Oracle
products. Some vulnerabilities have unknown impacts while others can be
exploited by malicious, local users to gain escalated privileges, by
malicious users to cause a DoS (Denial of Service), disclose sensitive
information, gain escalated privileges, or compromise a vulnerable
system, and by malicious people to bypass certain security restrictions
or to cause a DoS.

Full Advisory:
http://secunia.com/advisories/31087/

 --

[SA30952] PPMate PPMedia Class ActiveX Control Buffer Overflow

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2008-07-16

Parvez Anwar has discovered a vulnerability in PPMate, which can be
exploited by malicious people to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/30952/

 --

[SA31118] F-Prot Antivirus Multiple Denial of Service Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2008-07-17

Some vulnerabilities have been reported in F-Prot Antivirus, which can
be exploited by malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/31118/

 --

[SA31114] FreeStyle Wiki CGI::Session "File" Driver "CGISESSID"
Directory Traversal

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass
Released:    2008-07-17

Tan Chew Keong has reported a vulnerability in FreeStyle Wiki, which
can be exploited by malicious people to bypass certain security
restrictions.

Full Advisory:
http://secunia.com/advisories/31114/

 --

[SA31102] WinRemotePC Packet Handling Denial of Service

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2008-07-16

Shinnok has discovered a vulnerability in WinRemotePC, which can be
exploited by malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/31102/

 --

[SA31001] Adobe RoboHelp Server Cross-Site Scripting and SQL Injection

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data, Cross Site Scripting
Released:    2008-07-09

Some vulnerabilities have been reported in Adobe RoboHelp Server, which
can be exploited by malicious people to conduct cross-site scripting and
SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/31001/

 --

[SA30997] Download Accelerator Plus Import File Buffer Overflow

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2008-07-09

Krystian Kloskowski has discovered a vulnerability in Download
Accelerator Plus, which can be exploited by malicious people to
compromise a user's system.

Full Advisory:
http://secunia.com/advisories/30997/

 --

[SA30987] Dokeos "include" Local File Inclusion Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Exposure of sensitive information, Exposure of system
information
Released:    2008-07-09

A vulnerability has been reported in Dokeos, which can be exploited by
malicious people to disclose sensitive information.

Full Advisory:
http://secunia.com/advisories/30987/

 --

[SA30968] Procapita SQL Injection Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2008-07-14

pelzi has reported some vulnerabilities in Procapita, which can be
exploited by malicious people or users to conduct SQL injection
attacks.

Full Advisory:
http://secunia.com/advisories/30968/

 --

[SA30964] Microsoft Outlook Web Access Script Insertion
Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2008-07-08

Two vulnerabilities have been reported in Microsoft Outlook Web Access
for Exchange Server, which can be exploited by malicious people to
conduct script insertion attacks.

Full Advisory:
http://secunia.com/advisories/30964/

 --

[SA30953] Microsoft Windows Explorer Saved Search Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2008-07-08

A vulnerability has been reported in Microsoft Windows, which can be
exploited by malicious people to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/30953/

 --

[SA30940] CMailServer POP3 Class ActiveX Control Buffer Overflow

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2008-07-07

Nine:Situations:Group::bruiser has discovered a vulnerability in
CMailServer, which can be exploited by malicious users to compromise a
vulnerable system.

Full Advisory:
http://secunia.com/advisories/30940/

 --

[SA31148] HP Select Identity Active Directory Bidirectional LDAP
Connector Unauthorized Access

Critical:    Moderately critical
Where:       From local network
Impact:      Security Bypass
Released:    2008-07-17

Some vulnerabilities have been reported in HP Select Identity Active
Directory Bidirectional LDAP Connector, which can be exploited by
malicious people to bypass certain security restrictions.

Full Advisory:
http://secunia.com/advisories/31148/

 --

[SA31117] CGI::Session "File" Driver "CGISESSID" Directory Traversal

Critical:    Less critical
Where:       From remote
Impact:      Security Bypass
Released:    2008-07-17

Tan Chew Keong has reported a vulnerability in CGI::Session, which can
be exploited by malicious people to bypass certain security
restrictions.

Full Advisory:
http://secunia.com/advisories/31117/

 --

[SA30978] Xerox CentreWare Web Multiple Vulnerabilities

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting, Manipulation of data
Released:    2008-07-09

Some vulnerabilities have been reported in Xerox CentreWare Web, which
can be exploited by malicious users to conduct SQL injection attacks,
and by malicious people to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/30978/

 --

[SA30970] Microsoft SQL Server and MSDE Multiple Vulnerabilities

Critical:    Less critical
Where:       From local network
Impact:      Exposure of sensitive information, Privilege escalation
Released:    2008-07-08

Four vulnerabilities have been reported in Microsoft SQL Server, which
can be exploited by malicious users to gain escalated privileges.

Full Advisory:
http://secunia.com/advisories/30970/


UNIX/Linux:--

[SA31132] Mozilla Firefox 3 on Mac OS X GIF File Handling Code
Execution

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2008-07-17

A vulnerability has been reported in Firefox 3 on Mac OS X, which
potentially can be exploited by malicious people to compromise a user's
system.

Full Advisory:
http://secunia.com/advisories/31132/

 --

[SA31122] Red Hat update for seamonkey

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2008-07-16

Red Hat has issued an update for seamonkey. This fixes a vulnerability,
which can be exploited by malicious people to compromise a vulnerable
system.

Full Advisory:
http://secunia.com/advisories/31122/

 --

[SA31121] Red Hat update for firefox

Critical:    Highly critical
Where:       From remote
Impact:      Security Bypass, Exposure of sensitive information, System
access
Released:    2008-07-16

Red Hat has issued an update for firefox. This fixes some
vulnerabilities, which can be exploited by malicious people to bypass
certain security restrictions and disclose sensitive information.

Full Advisory:
http://secunia.com/advisories/31121/

 --

[SA31099] php Help Agent "content" File Inclusion Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      Exposure of system information, Exposure of sensitive
information, System access
Released:    2008-07-16

BeyazKurt has discovered a vulnerability in php Help Agent, which can
be exploited by malicious people to disclose sensitive information and
compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/31099/

 --

[SA31090] Red Hat update for ruby

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2008-07-15

Red Hat has issued an update for ruby. This fixes some vulnerabilities,
which can be exploited by malicious people to cause a DoS (Denial of
Service) and potentially compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/31090/

 --

[SA31078] Fedora update for java-1.6.0-openjdk 

Critical:    Highly critical
Where:       From remote
Impact:      Security Bypass, Exposure of system information, Exposure
of sensitive information, DoS, System access
Released:    2008-07-15

Fedora has issued an update for java-1.6.0-openjdk. This fixes some
vulnerabilities, which can be exploited by malicious people to bypass
certain security restrictions, disclose system information or
potentially sensitive information, cause a DoS (Denial of Service), or
compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/31078/

 --

[SA31076] SUSE update for MozillaFirefox

Critical:    Highly critical
Where:       From remote
Impact:      Security Bypass, Cross Site Scripting, Spoofing, Exposure
of system information, Exposure of sensitive information, DoS, System
access
Released:    2008-07-14

SUSE has issued an update for MozillaFirefox. This fixes some
vulnerabilities, which can be exploited by malicious people to conduct
cross-site scripting and spoofing attacks, bypass certain security
restrictions, disclose sensitive information, or potentially compromise
a user's system.

Full Advisory:
http://secunia.com/advisories/31076/

 --

[SA31069] Debian update for iceweasel

Critical:    Highly critical
Where:       From remote
Impact:      Security Bypass, Cross Site Scripting, Spoofing, Exposure
of system information, Exposure of sensitive information, DoS, System
access
Released:    2008-07-14

Debian has issued an update for iceweasel. This fixes some
vulnerabilities, which can be exploited by malicious people to conduct
cross-site scripting and spoofing attacks, bypass certain security
restrictions, disclose sensitive information, or potentially compromise
a user's system.

Full Advisory:
http://secunia.com/advisories/31069/

 --

[SA31067] Red Hat update for java-1.4.2-ibm

Critical:    Highly critical
Where:       From remote
Impact:      Security Bypass, DoS, System access
Released:    2008-07-15

Red Hat has issued an update for java-1.4.2-ibm. This fixes some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service), bypass certain security restrictions, or
compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/31067/

 --

[SA31062] Red Hat update for ruby

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2008-07-15

Red Hat has issued an update for ruby. This fixes some vulnerabilities,
which can be exploited by malicious people to cause a DoS (Denial of
Service) and potentially compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/31062/

 --

[SA31055] Red Hat update for java-1.5.0-sun

Critical:    Highly critical
Where:       From remote
Impact:      Security Bypass, Exposure of system information, Exposure
of sensitive information, DoS, System access
Released:    2008-07-15

Red Hat has issued an update for java-1.5.0-sun. This fixes some
vulnerabilities, which can be exploited by malicious people to bypass
certain security restrictions, disclose system information or
potentially sensitive information, cause a DoS (Denial of Service), or
compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/31055/

 --

[SA31051] SUSE update for MozillaFirefox

Critical:    Highly critical
Where:       From remote
Impact:      Security Bypass, Cross Site Scripting, Spoofing, Exposure
of system information, Exposure of sensitive information, DoS, System
access
Released:    2008-07-11

SUSE has issued an update for MozillaFirefox. This fixes some
vulnerabilities, which can be exploited by malicious people to conduct
cross-site scripting and spoofing attacks, bypass certain security
restrictions, disclose sensitive information, or potentially compromise
a user's system.

Full Advisory:
http://secunia.com/advisories/31051/

 --

[SA31043] Sun Solaris Thunderbird Multiple Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      Security Bypass, Cross Site Scripting, Exposure of
sensitive information, System access
Released:    2008-07-11

Sun has acknowledged some vulnerabilities in Thunderbird included in
Sun Solaris, which can be exploited by malicious people to bypass
certain security restrictions, disclose sensitive information, conduct
cross-site scripting attacks, or compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/31043/

 --

[SA31035] Debian update for poppler

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2008-07-10

Debian has issued an update for poppler. This fixes a vulnerability,
which can be exploited by malicious people to compromise a vulnerable
system.

Full Advisory:
http://secunia.com/advisories/31035/

 --

[SA31029] Gentoo update for openoffice and openoffice-bin

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2008-07-10

Gentoo has issued an update for openoffice and openoffice-bin. This
fixes a vulnerability, which can be exploited by malicious people to
compromise a user's system.

Full Advisory:
http://secunia.com/advisories/31029/

 --

[SA31023] Slackware update for seamonkey

Critical:    Highly critical
Where:       From remote
Impact:      System access, DoS, Exposure of sensitive information,
Exposure of system information, Spoofing, Cross Site Scripting,
Security Bypass
Released:    2008-07-10

Slackware has issued an update for seamonkey. This fixes some
vulnerabilities, which can be exploited by malicious people to conduct
cross-site scripting and spoofing attacks, bypass certain security
restrictions, disclose sensitive information, or potentially compromise
a user's system.

Full Advisory:
http://secunia.com/advisories/31023/

 --

[SA31021] Slackware update for mozilla-firefox

Critical:    Highly critical
Where:       From remote
Impact:      Security Bypass, Cross Site Scripting, Spoofing, Exposure
of system information, Exposure of sensitive information, DoS, System
access
Released:    2008-07-10

Slackware has issued an update for mozilla-firefox. This fixes some
vulnerabilities, which can be exploited by malicious people to conduct
cross-site scripting and spoofing attacks, bypass certain security
restrictions, disclose sensitive information, or potentially compromise
a user's system.

Full Advisory:
http://secunia.com/advisories/31021/

 --

[SA31020] Fedora update for java-1.7.0-icedtea

Critical:    Highly critical
Where:       From remote
Impact:      Security Bypass, Exposure of system information, Exposure
of sensitive information, DoS, System access
Released:    2008-07-10

Fedora has issued an update for java-1.7.0-icedtea. This fixes some
vulnerabilities, which can be exploited by malicious people to bypass
certain security restrictions, disclose system information or
potentially sensitive information, cause a DoS (Denial of Service), or
compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/31020/

 --

[SA31008] rPath update for firefox

Critical:    Highly critical
Where:       From remote
Impact:      Security Bypass, Cross Site Scripting, Spoofing, Exposure
of system information, Exposure of sensitive information, DoS, System
access
Released:    2008-07-09

rPath has issued an update for firefox. This fixes some
vulnerabilities, which can be exploited by malicious people to conduct
cross-site scripting and spoofing attacks, bypass certain security
restrictions, disclose sensitive information, or potentially compromise
a user's system.

Full Advisory:
http://secunia.com/advisories/31008/

 --

[SA31005] Fedora update for seamonkey

Critical:    Highly critical
Where:       From remote
Impact:      Security Bypass, Cross Site Scripting, Spoofing, Exposure
of system information, Exposure of sensitive information, DoS, System
access
Released:    2008-07-09

Fedora has issued an update for seamonkey. This fixes some
vulnerabilities, which can be exploited by malicious people to conduct
cross-site scripting and spoofing attacks, bypass certain security
restrictions, disclose sensitive information, or potentially compromise
a user's system.

Full Advisory:
http://secunia.com/advisories/31005/

 --

[SA31002] Gentoo update for poppler

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2008-07-09

Gentoo has issued an update for poppler. This fixes a vulnerability,
which potentially can be exploited by malicious people to compromise an
application using the library.

Full Advisory:
http://secunia.com/advisories/31002/

 --

[SA30992] Fedora update for WebKit

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2008-07-09

Fedora has issued an update for WebKit. This fixes a vulnerability,
which can be exploited by malicious people to compromise a vulnerable
system.

Full Advisory:
http://secunia.com/advisories/30992/

 --

[SA30963] Poppler "pageWidgets" Uninitialized Memory Access

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2008-07-08

A vulnerability has been reported in Poppler, which potentially can be
exploited by malicious people to compromise an application using the
library.

Full Advisory:
http://secunia.com/advisories/30963/

 --

[SA30949] Fedora update for firefox

Critical:    Highly critical
Where:       From remote
Impact:      Security Bypass, Cross Site Scripting, Spoofing, Exposure
of system information, Exposure of sensitive information, DoS, System
access
Released:    2008-07-07

Fedora has issued an update for firefox. This fixes some
vulnerabilities, which can be exploited by malicious people to conduct
cross-site scripting and spoofing attacks, bypass certain security
restrictions, disclose sensitive information, or potentially compromise
a user's system.

Full Advisory:
http://secunia.com/advisories/30949/

 --

[SA31143] HP-UX update for bind

Critical:    Moderately critical
Where:       From remote
Impact:      Spoofing
Released:    2008-07-17

HP has issued an update for bind. This fixes a vulnerability, which can
be exploited by malicious people to poison the DNS cache.

Full Advisory:
http://secunia.com/advisories/31143/

 --

[SA31124] Red Hat update for php

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass, DoS, System access
Released:    2008-07-17

Red Hat has issued an update for php. This fixes some vulnerabilities,
which can be exploited by malicious users to bypass certain security
restrictions, and by malicious people to bypass certain security
restrictions, cause a DoS (Denial of Service) and potentially
compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/31124/

 --

[SA31119] Red Hat update for php

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass
Released:    2008-07-16

Red Hat has issued an update for php. This fixes some vulnerabilities,
which can be exploited by malicious users and malicious people to
bypass certain security restrictions.

Full Advisory:
http://secunia.com/advisories/31119/

 --

[SA31107] Ubuntu update for kernel

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass, Exposure of sensitive information,
Privilege escalation, DoS, System access
Released:    2008-07-16

Ubuntu has issued an update for the kernel. This fixes some
vulnerabilities, which can be exploited by malicious, local users to
cause a DoS (Denial of Service), bypass certain security restrictions,
disclose potentially sensitive information, and gain escalated
privileges, and malicious people to cause a DoS and potentially
compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/31107/

 --

[SA31105] Debian update for gaim

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2008-07-16

Debian has issued an update for gaim. This fixes some vulnerabilities,
which potentially can be exploited by malicious people to compromise a
user's system.

Full Advisory:
http://secunia.com/advisories/31105/

 --

[SA31104] Debian update for lighttpd

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2008-07-16

Debian has issued an update for lighttpd. This fixes some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/31104/

 --

[SA31094] IBM AIX DNS Cache Poisoning

Critical:    Moderately critical
Where:       From remote
Impact:      Spoofing
Released:    2008-07-16

A vulnerability has been reported in IBM AIX, which can be exploited by
malicious people to poison the DNS cache.

Full Advisory:
http://secunia.com/advisories/31094/

 --

[SA31085] Fedora update for wireshark

Critical:    Moderately critical
Where:       From remote
Impact:      Exposure of sensitive information, DoS
Released:    2008-07-15

Fedora has issued an update for wireshark. This fixes some
vulnerabilities, which can be exploited by malicious people to disclose
potentially sensitive information or cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/31085/

 --

[SA31083] Scripteen Free Image Hosting Script Security Bypass and SQL
Injection

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass, Manipulation of data
Released:    2008-07-14

Some vulnerabilities have been discovered in Scripteen Free Image
Hosting Script, which can be exploited by malicious people to bypass
certain security restrictions and conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/31083/

 --

[SA31082] Fedora update for php-pecl-apc

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass, DoS, System access
Released:    2008-07-15

Fedora has issued an update for php-pecl-apc. This fixes a
vulnerability, which can be exploited by malicious users to bypass
certain security restrictions and potentially by malicious people to
compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/31082/

 --

[SA31080] Fedora update for newsx

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2008-07-15

Fedora has issued an update for newsx. This fixes a vulnerability,
which potentially can be exploited by malicious people to compromise a
user's system.

Full Advisory:
http://secunia.com/advisories/31080/

 --

[SA31079] Fedora update for drupal

Critical:    Moderately critical
Where:       From remote
Impact:      Hijacking, Cross Site Scripting, Manipulation of data
Released:    2008-07-15

Fedora has issued an update for drupal. This fixes some
vulnerabilities, which can be exploited by malicious people to conduct
cross-site scripting, cross-site request forgery, session fixation, SQL
injection, and script insertion attacks.

Full Advisory:
http://secunia.com/advisories/31079/

 --

[SA31072] Gentoo update for bind

Critical:    Moderately critical
Where:       From remote
Impact:      Spoofing
Released:    2008-07-14

Gentoo has issued an update for bind. This fixes a vulnerability, which
can be exploited by malicious people to poison the DNS cache.

Full Advisory:
http://secunia.com/advisories/31072/

 --

[SA31071] Maian Recipe "recipe_cookie" Security Bypass Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass
Released:    2008-07-15

S.W.A.T. has reported a vulnerability in Maian Recipe, which can be
exploited by malicious people to bypass certain security restrictions.

Full Advisory:
http://secunia.com/advisories/31071/

 --

[SA31060] Apple Xcode tools Vulnerability and Security Issue

Critical:    Moderately critical
Where:       From remote
Impact:      Exposure of sensitive information, System access
Released:    2008-07-14

A vulnerability and a security issue have been reported in Xcode tools,
which can be exploited by malicious people to disclose sensitive
information or to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/31060/

 --

[SA31058] reSIProcate Long Domain Name Denial of Service

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2008-07-14

A vulnerability has been reported in reSIProcate, which can be
exploited by malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/31058/

 --

[SA31052] SUSE update for bind

Critical:    Moderately critical
Where:       From remote
Impact:      Spoofing
Released:    2008-07-11

SUSE has issued an update for bind. This fixes a vulnerability, which
can be exploited by malicious people to poison the DNS cache.

Full Advisory:
http://secunia.com/advisories/31052/

 --

[SA31037] Sophos Products Zero-byte MIME Attachments Denial of Service

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2008-07-10

A vulnerability has been reported in some Sophos products, which can be
exploited by malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/31037/

 --

[SA31033] FreeBSD update for bind

Critical:    Moderately critical
Where:       From remote
Impact:      Spoofing
Released:    2008-07-15

FreeBSD has issued an update for bind. This fixes a vulnerability,
which can be exploited by malicious people to poison the DNS cache.

Full Advisory:
http://secunia.com/advisories/31033/

 --

[SA31022] Slackware update for bind

Critical:    Moderately critical
Where:       From remote
Impact:      Spoofing
Released:    2008-07-10

Slackware has issued an update for bind. This fixes a vulnerability,
which can be exploited by malicious people to poison the DNS cache.

Full Advisory:
http://secunia.com/advisories/31022/

 --

[SA31019] Fedora update for bind

Critical:    Moderately critical
Where:       From remote
Impact:      Spoofing
Released:    2008-07-10

Fedora has issued an update for bind. This fixes a vulnerability, which
can be exploited by malicious people to poison the DNS cache.

Full Advisory:
http://secunia.com/advisories/31019/

 --

[SA31016] Red Hat update for pidgin

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2008-07-09

Red Hat has issued an update for pidgin. This fixes some
vulnerabilities, which can be exploited by malicious people to
compromise a user's system.

Full Advisory:
http://secunia.com/advisories/31016/

 --

[SA31014] Sun Solaris DNS Cache Poisoning Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Spoofing
Released:    2008-07-09

A vulnerability has been reported in Sun Solaris, which can be
exploited by malicious people to poison the DNS cache.

Full Advisory:
http://secunia.com/advisories/31014/

 --

[SA31011] Nominum CNS and Vantio DNS Cache Poisoning Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Spoofing
Released:    2008-07-09

Nominum has acknowledged a vulnerability in Nominum CNS and Vantio,
which can be exploited by malicious people to poison the DNS cache.

Full Advisory:
http://secunia.com/advisories/31011/

 --

[SA31007] rPath update for vsftpd

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2008-07-09

rPath has issued an update for vsftpd. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/31007/

 --

[SA30998] Ubuntu update for bind

Critical:    Moderately critical
Where:       From remote
Impact:      Spoofing
Released:    2008-07-09

Ubuntu has issued an update for bind. This fixes a vulnerability, which
can be exploited by malicious people to poison the DNS cache.

Full Advisory:
http://secunia.com/advisories/30998/

 --

[SA30994] FFmpeg libavformat "str_read_packet()" Buffer Overflow

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2008-07-09

A vulnerability has been reported in FFmpeg, which potentially can be
exploited by malicious people to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/30994/

 --

[SA30993] Fedora update for sipp

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2008-07-09

Fedora has issued an update for sipp. This fixes two vulnerabilities,
which can be exploited by malicious people to cause a DoS (Denial of
Service) or to potentially compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/30993/

 --

[SA30990] Ubuntu update for pcre3

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2008-07-15

Ubuntu has issued an update for pcre3. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service) and potentially compromise an application using the library.

Full Advisory:
http://secunia.com/advisories/30990/

 --

[SA30989] Debian bind DNS Cache Poisoning Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Spoofing
Released:    2008-07-09

Debian has acknowledged a vulnerability in bind, which can be exploited
by malicious people to poison the DNS cache.

Full Advisory:
http://secunia.com/advisories/30989/

 --

[SA30988] Debian update for bind9

Critical:    Moderately critical
Where:       From remote
Impact:      Spoofing
Released:    2008-07-09

Debian has issued an update for bind9. This fixes a vulnerability,
which can be exploited by malicious people to poison the DNS cache.

Full Advisory:
http://secunia.com/advisories/30988/

 --

[SA30980] Sun Solaris 10 DNS Cache Poisoning Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Spoofing
Released:    2008-07-09

A vulnerability has been reported in Sun Solaris, which can be
exploited by malicious people to poison the DNS cache.

Full Advisory:
http://secunia.com/advisories/30980/

 --

[SA30977] Red Hat update for bind

Critical:    Moderately critical
Where:       From remote
Impact:      Spoofing
Released:    2008-07-09

Red Hat has issued an update for bind. This fixes a vulnerability,
which can be exploited by malicious people to poison the DNS cache.

Full Advisory:
http://secunia.com/advisories/30977/

 --

[SA30972] Gentoo update for libpcre and glib

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2008-07-08

Gentoo has issued an update for libpcre and glib. This fixes a
vulnerability, which can be exploited by malicious people to cause a
DoS (Denial of Service) and potentially compromise an application using
the library.

Full Advisory:
http://secunia.com/advisories/30972/

 --

[SA30971] Pidgin MSN SLP Message Integer Overflow Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2008-07-09

Some vulnerabilities have been reported in Pidgin, which potentially
can be exploited by malicious people to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/30971/

 --

[SA30967] SUSE Update for Multiple Packages

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass, Cross Site Scripting, Manipulation of
data, DoS, System access
Released:    2008-07-07

SUSE has issued an update for multiple packages. This fixes some
vulnerabilities, which can be exploited by malicious people with
physical access to bypass certain security restrictions, and malicious
people to conduct cross-site scripting and SQL injection attacks, cause
a DoS (Denial of Service), and potentially compromise a vulnerable
system.

Full Advisory:
http://secunia.com/advisories/30967/

 --

[SA30962] SUSE update for kernel

Critical:    Moderately critical
Where:       From remote
Impact:      Exposure of sensitive information, Privilege escalation,
DoS
Released:    2008-07-07

SUSE has issued an update for the kernel. This fixes some
vulnerabilities, which can be exploited by malicious, local users to
cause a DoS (Denial of Service), disclose potentially sensitive
information, and gain escalated privileges, and by malicious people to
cause a DoS.

Full Advisory:
http://secunia.com/advisories/30962/

 --

[SA30961] Debian update for pcre3

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2008-07-07

Debian has issued an update for pcre3. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service) and potentially compromise an application using the library.

Full Advisory:
http://secunia.com/advisories/30961/

 --

[SA30958] Fedora update for pcre

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2008-07-07

Fedora has issued an update for pcre. This fixes a vulnerability, which
can be exploited by malicious people to cause a DoS (Denial of Service)
or potentially compromise an application using the library.

Full Advisory:
http://secunia.com/advisories/30958/

 --

[SA30945] Fedora update for glib2

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2008-07-04

Fedora has issued an update for glib2. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service) and potentially compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/30945/

 --

[SA30944] GNOME Glib PCRE pcre_compile.c Buffer Overflow Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2008-07-04

A vulnerability has been reported in GNOME Glib, which can be exploited
by malicious people to cause a DoS (Denial of Service) and potentially
compromise an application using the library.

Full Advisory:
http://secunia.com/advisories/30944/

 --

[SA30942] rPath update for wireshark

Critical:    Moderately critical
Where:       From remote
Impact:      Exposure of sensitive information, DoS
Released:    2008-07-04

rPath has issued an update for wireshark. This fixes some
vulnerabilities, which can be exploited by malicious people to disclose
potentially sensitive information or cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/30942/

 --

[SA31057] Red Hat update for bluez-libs and bluez-utils

Critical:    Moderately critical
Where:       From local network
Impact:      DoS, System access
Released:    2008-07-15

Red Hat has issued an update for bluez-libs and bluez-utils. This fixes
a vulnerability, which can be exploited by malicious people to cause a
DoS (Denial of Service) or to potentially compromise a user's system.

Full Advisory:
http://secunia.com/advisories/31057/

 --

[SA30957] BlueZ SDP Processing Vulnerability

Critical:    Moderately critical
Where:       From local network
Impact:      DoS, System access
Released:    2008-07-07

A vulnerability has been reported in BlueZ, which can be exploited by
malicious people to cause a DoS (Denial of Service) or to potentially
compromise a user's system.

Full Advisory:
http://secunia.com/advisories/30957/

 --

[SA31142] rPath update for httpd

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2008-07-17

rPath has issued an update for httpd. This fixes some vulnerabilities,
which can be exploited by malicious people to conduct cross-site
scripting attacks.

Full Advisory:
http://secunia.com/advisories/31142/

 --

[SA31026] Gentoo update for apache

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting, DoS
Released:    2008-07-10

Gentoo has issued an update for apache. This fixes a some
vulnerabilities, which can be exploited by malicious people to conduct
cross-site request forgery attacks and cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/31026/

 --

[SA31018] Fedora update for moodle

Critical:    Less critical
Where:       From remote
Impact:      Security Bypass
Released:    2008-07-09

Fedora has issued an update for moodle. This fixes a vulnerability,
which can be exploited by malicious people to bypass certain security
restrictions.

Full Advisory:
http://secunia.com/advisories/31018/

 --

[SA31006] rPath update for ruby

Critical:    Less critical
Where:       From remote
Impact:      DoS
Released:    2008-07-09

rPath has issued an update for ruby. This fixes a vulnerability, which
can be exploited by malicious people to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/31006/

 --

[SA30986] Moodle KSES HTML Filter Bypass Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Security Bypass
Released:    2008-07-09

Some vulnerabilities have been reported in Moodle, which can be
exploited by malicious people to bypass certain security restrictions.

Full Advisory:
http://secunia.com/advisories/30986/

 --

[SA30960] Debian update for wordpress

Critical:    Less critical
Where:       From remote
Impact:      Security Bypass, Manipulation of data
Released:    2008-07-07

Debian has issued an update for wordpress. This fixes a vulnerability,
which can be exploited by malicious users to bypass certain security
restrictions and to manipulate data.

Full Advisory:
http://secunia.com/advisories/30960/

 --

[SA30955] Simple Machines Forum "HTML-Tag" Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Unknown
Released:    2008-07-17

A vulnerability with an unknown impact has been reported in Simple
Machines Forum.

Full Advisory:
http://secunia.com/advisories/30955/

 --

[SA30941] Fedora update for jetty

Critical:    Less critical
Where:       From remote
Impact:      Hijacking, Cross Site Scripting
Released:    2008-07-07

Fedora has issued an update for jetty. This fixes some vulnerabilities,
which can be exploited by malicious people to conduct HTTP response
splitting and cross-site scripting attacks and potentially hijack a
user session.

Full Advisory:
http://secunia.com/advisories/30941/

 --

[SA30996] Red Hat update for openldap

Critical:    Less critical
Where:       From local network
Impact:      DoS
Released:    2008-07-10

Red Hat has issued an update for openldap. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/30996/

 --

[SA31131] Debian update for afuse

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2008-07-17

Debian has issued an update for afuse. This fixes a vulnerability,
which can be exploited by malicious, local users to gain escalated
privileges.

Full Advisory:
http://secunia.com/advisories/31131/

 --

[SA31109] OpenBSD update for X.Org

Critical:    Less critical
Where:       Local system
Impact:      Exposure of sensitive information, Privilege escalation,
DoS
Released:    2008-07-16

OpenBSD has issued an update for X.Org. This fixes some
vulnerabilities, which can be exploited by malicious, local users to
cause a DoS (Denial of Service), disclose potentially sensitive
information, or to gain escalated privileges.

Full Advisory:
http://secunia.com/advisories/31109/

 --

[SA31103] Op "XAUTHORITY" Buffer Overflow Vulnerability

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2008-07-16

Nico Golde has reported a vulnerability in Op, which can be exploited
by malicious, local users to gain escalated privileges.

Full Advisory:
http://secunia.com/advisories/31103/

 --

[SA31086] Afuse Shell Command Injection Vulnerability

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2008-07-16

A vulnerability has been reported in Afuse, which can be exploited by
malicious, local users to gain escalated privileges.

Full Advisory:
http://secunia.com/advisories/31086/

 --

[SA31066] Debian update for mysql-dfsg-5.0 

Critical:    Less critical
Where:       Local system
Impact:      Security Bypass
Released:    2008-07-14

Debian has issued an update for mysql-dfsg-5.0. This fixes a security
issue, which can be exploited by malicious, local users to bypass
certain security restrictions.

Full Advisory:
http://secunia.com/advisories/31066/

 --

[SA31048] Linux Kernel Multiple Vulnerabilities

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation, DoS
Released:    2008-07-11

Some vulnerabilities have been reported in the Linux Kernel, which can
be exploited by malicious, local users to cause a DoS (Denial of
Service) or to potentially gain escalated privileges.

Full Advisory:
http://secunia.com/advisories/31048/

 --

[SA31025] Gentoo update for nx

Critical:    Less critical
Where:       Local system
Impact:      Exposure of sensitive information, Privilege escalation,
DoS
Released:    2008-07-10

Gentoo has issued an update for nx. This fixes some vulnerabilities,
which can be exploited by malicious, local users to cause a DoS (Denial
of Service), disclose potentially sensitive information, or to gain
escalated privileges.

Full Advisory:
http://secunia.com/advisories/31025/

 --

[SA31110] Gentoo update for mercurial

Critical:    Not critical
Where:       From remote
Impact:      Manipulation of data
Released:    2008-07-16

Gentoo has issued an update for mercurial. This fixes a security issue,
which can be exploited by malicious people to manipulate certain data.

Full Advisory:
http://secunia.com/advisories/31110/

 --

[SA31108] Mercurial "applydiff()" Directory Traversal Security Issue

Critical:    Not critical
Where:       From remote
Impact:      Manipulation of data
Released:    2008-07-16

A security issue has been reported in Mercurial, which can be exploited
by malicious people to manipulate certain data.

Full Advisory:
http://secunia.com/advisories/31108/


Other:--

[SA31034] Apple TV Multiple Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2008-07-11

Some vulnerabilities have been reported in Apple TV, which can be
exploited by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/31034/

 --

[SA31153] Blue Coat ProxyRA DNS Cache Poisoning Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Spoofing
Released:    2008-07-17

Blue Coat has acknowledged a vulnerability in Blue Coat ProxyRA, which
can be exploited by malicious people to poison the DNS cache.

Full Advisory:
http://secunia.com/advisories/31153/

 --

[SA31152] Blue Coat Director DNS Cache Poisoning Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Spoofing
Released:    2008-07-17

Blue Coat has acknowledged a vulnerability in Blue Coat Director, which
can be exploited by malicious people to poison the DNS cache.

Full Advisory:
http://secunia.com/advisories/31152/

 --

[SA31151] Blue Coat ProxySG DNS Cache Poisoning Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Spoofing
Released:    2008-07-17

Blue Coat has acknowledged a vulnerability in Blue Coat ProxySG, which
can be exploited by malicious people to poison the DNS cache.

Full Advisory:
http://secunia.com/advisories/31151/

 --

[SA31137] Blue Coat PacketShaper and iShaper DNS Cache Poisoning

Critical:    Moderately critical
Where:       From remote
Impact:      Spoofing
Released:    2008-07-17

Blue Coat has acknowledged a vulnerability in Blue Coat PacketShaper
and iShaper, which can be exploited by malicious people to poison the
DNS cache.

Full Advisory:
http://secunia.com/advisories/31137/

 --

[SA31093] F5 Products DNS Cache Poisoning Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Spoofing
Released:    2008-07-16

A vulnerability has been reported in various F5 products, which can be
exploited by malicious people to poison the DNS cache.

Full Advisory:
http://secunia.com/advisories/31093/

 --

[SA31065] Novell Netware DNS Cache Poisoning Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Spoofing
Released:    2008-07-14

A vulnerability has been reported in Novell Netware, which can be
exploited by malicious people to poison the DNS cache.

Full Advisory:
http://secunia.com/advisories/31065/

 --

[SA31031] Nixu Secure Name Server BIND Query Port DNS Cache Poisoning

Critical:    Moderately critical
Where:       From remote
Impact:      Spoofing
Released:    2008-07-10

A vulnerability has been reported in Nixu Secure Name Server, which can
be exploited by malicious people to poison the DNS cache.

Full Advisory:
http://secunia.com/advisories/31031/

 --

[SA31030] Infoblox NIOS BIND Query Port DNS Cache Poisoning

Critical:    Moderately critical
Where:       From remote
Impact:      Spoofing
Released:    2008-07-10

A vulnerability has been reported in Infoblox NIOS, which can be
exploited by malicious people to poison the DNS cache.

Full Advisory:
http://secunia.com/advisories/31030/

 --

[SA31012] Juniper Networks Products DNS Cache Poisoning Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Spoofing
Released:    2008-07-09

A vulnerability has been reported in various Juniper Network products,
which can be exploited by malicious people to poison the DNS cache.

Full Advisory:
http://secunia.com/advisories/31012/

 --

[SA30965] F5 FirePass 1200 SSL VPN SNMP Denial of Service

Critical:    Less critical
Where:       From local network
Impact:      DoS
Released:    2008-07-09

nnposter has reported a vulnerability in F5 FirePass 1200 SSL VPN,
which can be exploited by malicious people to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/30965/


Cross Platform:--

[SA31127] PHPizabi "writeLogEntry()" Arbitrary PHP Code Execution

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2008-07-17

inphex has discovered a vulnerability in PHPizabi, which can be
exploited by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/31127/

 --

[SA31113] HP Oracle for OpenView Multiple Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      Unknown, Security Bypass, Exposure of sensitive
information, Privilege escalation, DoS, System access
Released:    2008-07-16

HP has acknowledged some vulnerabilities in HP Oracle for Openview
(OfO). Some vulnerabilities have unknown impacts while others can be
exploited by malicious, local users to gain escalated privileges, by
malicious users to cause a DoS (Denial of Service), disclose sensitive
information, gain escalated privileges, or compromise a vulnerable
system, and by malicious people to bypass certain security restrictions
or to cause a DoS.

Full Advisory:
http://secunia.com/advisories/31113/

 --

[SA31106] Mozilla Firefox 3 URI Launching and XUL Error Page
Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      Security Bypass, Spoofing, System access
Released:    2008-07-16

Some vulnerabilities have been reported in Firefox 3, which can be
exploited by malicious people to bypass certain security restrictions,
potentially conduct spoofing attacks, or compromise a user's system.

Full Advisory:
http://secunia.com/advisories/31106/

 --

[SA31101] Pragyan CMS File Inclusion Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      Exposure of system information, Exposure of sensitive
information, System access
Released:    2008-07-16

N3TR00T3R has reported some vulnerabilities in Pragyan CMS, which can
be exploited by malicious people to disclose sensitive information or
to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/31101/

 --

[SA31074] Apple iPhone / iPod touch Multiple Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      Security Bypass, Cross Site Scripting, Spoofing, DoS,
System access
Released:    2008-07-14

Some vulnerabilities have been reported in Apple iPhone and iPod touch,
which can be exploited by malicious people to conduct spoofing and
cross-site scripting attacks, cause a DoS (Denial of Service), bypass
certain security restrictions, or compromise a user's system.

Full Advisory:
http://secunia.com/advisories/31074/

 --

[SA31010] Sun Java JDK / JRE Multiple Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      Security Bypass, Exposure of system information, Exposure
of sensitive information, DoS, System access
Released:    2008-07-09

Some vulnerabilities have been reported in Sun Java, which can be
exploited by malicious people to bypass certain security restrictions,
disclose system information or potentially sensitive information, cause
a DoS (Denial of Service), or compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/31010/

 --

[SA30999] Ray "sIncPath" File Inclusion Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      Exposure of system information, Exposure of sensitive
information, System access
Released:    2008-07-09

RoMaNcYxHaCkEr has reported a vulnerability in Ray, which can be
exploited by malicious people to disclose sensitive information or to
compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/30999/

 --

[SA30995] SafeHTML "dir[plugins]" File Inclusion Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      Exposure of system information, Exposure of sensitive
information, System access
Released:    2008-07-09

RoMaNcYxHaCkEr has reported some vulnerabilities in SafeHTML, which can
be exploited by malicious people to disclose sensitive information or to
compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/30995/

 --

[SA30991] vBulletin Two Script Insertion Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2008-07-09

Some vulnerabilities have been reported in vBulletin, which can be
exploited by malicious people to conduct script insertion attacks.

Full Advisory:
http://secunia.com/advisories/30991/

 --

[SA30981] Dolphin File Inclusion Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      Exposure of system information, Exposure of sensitive
information, System access
Released:    2008-07-09

RoMaNcYxHaCkEr has reported some vulnerabilities in Dolphin, which can
be exploited by malicious people to disclose sensitive information or
to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/30981/

 --

[SA30956] Yourplace Authentication Bypass Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      Security Bypass, System access
Released:    2008-07-07

A vulnerability has been discovered in Yourplace, which can be
exploited by malicious people to bypass certain security restrictions.

Full Advisory:
http://secunia.com/advisories/30956/

 --

[SA30951] 1024 CMS Multiple File Inclusion Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      Exposure of system information, Exposure of sensitive
information, System access
Released:    2008-07-07

Some vulnerabilities have been reported in 1024 CMS, which can be
exploited by malicious people to disclose sensitive information or
compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/30951/

 --

[SA30950] Neutrino Atomic Edition Security Bypass Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      Security Bypass, System access
Released:    2008-07-08

Ams has reported a vulnerability in Neutrino Atomic Edition, which can
be exploited by malicious people to bypass certain security
restrictions and compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/30950/

 --

[SA30948] webXell Editor File Upload Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2008-07-08

CWH Underground has discovered a vulnerability in webXell, which can be
exploited by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/30948/

 --

[SA30947] Thelia auth.php Security Bypass Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      Security Bypass, System access
Released:    2008-07-07

Black_H has discovered a vulnerability in Thelia, which can be
exploited by malicious people to bypass certain security restrictions
and compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/30947/

 --

[SA30939] ImperialBB Avatar File Upload Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2008-07-07

PHPLizardo has discovered a vulnerability in ImperialBB, which can be
exploited by malicious users to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/30939/

 --

[SA31126] Joomla DT Register Component "eventId" SQL Injection

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data, Exposure of sensitive information
Released:    2008-07-17

His0k4 has reported a vulnerability in the DT Register component for
Joomla!, which can be exploited by malicious people to conduct SQL
injection attacks.

Full Advisory:
http://secunia.com/advisories/31126/

 --

[SA31116] Claroline Unspecified Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Unknown
Released:    2008-07-17

Some vulnerabilities with an unknown impact have been reported in
Claroline.

Full Advisory:
http://secunia.com/advisories/31116/

 --

[SA31112] AlstraSoft Affiliate Network Pro "pgm" SQL Injection
Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2008-07-17

Hussin X has reported a vulnerability in AlstraSoft Affiliate Network
Pro, which can be exploited by malicious people to conduct SQL
injection attacks.

Full Advisory:
http://secunia.com/advisories/31112/

 --

[SA31100] Comdev Web Blogger "arcmonth" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2008-07-16

M. Hasran Addahroni has discovered a vulnerability in Comdev Web
Blogger, which can be exploited by malicious people to conduct SQL
injection attacks.

Full Advisory:
http://secunia.com/advisories/31100/

 --

[SA31098] Galatolo WebManager SQL Injection and Cross-Site Scripting

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting, Manipulation of data, Exposure of
sensitive information
Released:    2008-07-16

StAkeR has discovered two vulnerabilities in Galatolo WebManager (GWM),
which can be exploited by malicious people to conduct cross-site
scripting and SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/31098/

 --

[SA31088] Pluck predefined_variables.php Local File inclusion
Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Exposure of system information, Exposure of sensitive
information
Released:    2008-07-14

AmnPardaz Security Research Team has discovered some vulnerabilities in
Pluck, which can be exploited by malicious people to disclose sensitive
information.

Full Advisory:
http://secunia.com/advisories/31088/

 --

[SA31084] ITechBids Cross-Site Scripting and SQL Injection

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting, Manipulation of data
Released:    2008-07-14

Encrypt3d.M!nd has discovered some vulnerabilities in ITechBids, which
can be exploited by malicious people to conduct cross-site scripting
and SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/31084/

 --

[SA31077] Yuhhu Pubs Black Cat "category" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data, Exposure of sensitive information
Released:    2008-07-15

RMx has reported a vulnerability in Yuhhu Pubs Black Cat, which can be
exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/31077/

 --

[SA31075] Maian Search "search_cookie" Security Bypass Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass
Released:    2008-07-15

S.W.A.T. has reported a vulnerability in Maian Search, which can be
exploited by malicious people to bypass certain security restrictions.

Full Advisory:
http://secunia.com/advisories/31075/

 --

[SA31070] Maian Guestbook "gbook_cookie" Security Bypass Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass
Released:    2008-07-15

S.W.A.T. has reported a vulnerability in Maian Guestbook, which can be
exploited by malicious people to bypass certain security restrictions.

Full Advisory:
http://secunia.com/advisories/31070/

 --

[SA31068] Maian Links "links_cookie" Security Bypass Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass
Released:    2008-07-15

S.W.A.T. has reported a vulnerability in Maian Links, which can be
exploited by malicious people to bypass certain security restrictions.

Full Advisory:
http://secunia.com/advisories/31068/

 --

[SA31063] @1 File Store PRO "id" SQL Injection Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2008-07-14

Nu Am Bani has reported some vulnerabilities in @1 File Store PRO,
which can be exploited by malicious users or people to conduct SQL
injection attacks.

Full Advisory:
http://secunia.com/advisories/31063/

 --

[SA31061] Wysi Wiki Wyg "c" Directory Traversal Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Exposure of system information, Exposure of sensitive
information
Released:    2008-07-14

StAkeR has discovered a vulnerability in Wysi Wiki Wyg, which can be
exploited by malicious people to disclose sensitive information.

Full Advisory:
http://secunia.com/advisories/31061/

 --

[SA31059] Million Pixels "id_cat" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2008-07-14

Hussin X has reported a vulnerability in Million Pixels, which can be
exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/31059/

 --

[SA31056] Maian Events "mevents_admin_cookie" Security Bypass
Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass
Released:    2008-07-14

Saime has discovered a vulnerability in Maian Events, which can be
exploited by malicious people to bypass certain security restrictions.

Full Advisory:
http://secunia.com/advisories/31056/

 --

[SA31054] BilboBlog Multiple Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass, Cross Site Scripting, Manipulation of
data
Released:    2008-07-17

Black_H has discovered some vulnerabilities in BilboBlog, which can be
exploited by malicious users to conduct script insertion and SQL
injection attacks, and by malicious people to conduct cross-site
scripting attacks and bypass certain security restrictions.

Full Advisory:
http://secunia.com/advisories/31054/

 --

[SA31053] CodeDB "lang" Local File Inclusion Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Exposure of system information, Exposure of sensitive
information
Released:    2008-07-15

cOndemned has discovered a vulnerability in CodeDB, which can be
exploited by malicious people to disclose sensitive information.

Full Advisory:
http://secunia.com/advisories/31053/

 --

[SA31049] jSite Multiple Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass, Manipulation of data, Exposure of
sensitive information
Released:    2008-07-14

Some vulnerabilities have been discovered in jSite, which can be
exploited by malicious people to disclose sensitive information and
conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/31049/

 --

[SA31047] webcms.es webCMS Portal Edition "id" SQL Injection
Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2008-07-14

Mr.SQL has reported a vulnerability in webcms.es webCMS Portal Edition,
which can be exploited by malicious people to conduct SQL injection
attacks.

Full Advisory:
http://secunia.com/advisories/31047/

 --

[SA31045] Maian Uploader "uploader_cookie" Security Bypass
Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass
Released:    2008-07-15

S.W.A.T. has reported a vulnerability in Maian Uploader, which can be
exploited by malicious people to bypass certain security restrictions.

Full Advisory:
http://secunia.com/advisories/31045/

 --

[SA31044] Wireshark Packet Reassembly Denial of Service

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2008-07-11

A vulnerability has been reported in Wireshark, which can be exploited
by malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/31044/

 --

[SA31040] phpDatingClub "page" Local File Inclusion

Critical:    Moderately critical
Where:       From remote
Impact:      Exposure of system information, Exposure of sensitive
information
Released:    2008-07-11

Big Ben has discovered a vulnerability in phpDatingClub, which can be
exploited by malicious people to disclose sensitive information.

Full Advisory:
http://secunia.com/advisories/31040/

 --

[SA31039] Zen Cart Two Local File Inclusion Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Exposure of system information, Exposure of sensitive
information
Released:    2008-07-11

CraCkEr has discovered two vulnerabilities in Zen Cart, which can be
exploited by malicious people to disclose sensitive information.

Full Advisory:
http://secunia.com/advisories/31039/

 --

[SA31038] Maian Music "mmusic_cookie" Security Bypass Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass
Released:    2008-07-14

Saime has discovered a vulnerability in Maian Music, which can be
exploited by malicious people to bypass certain security restrictions.

Full Advisory:
http://secunia.com/advisories/31038/

 --

[SA31032] DreamNews Manager "id" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2008-07-11

Hussin X has reported a vulnerability in DreamNews Manager, which can
be exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/31032/

 --

[SA31028] Drupal Multiple Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Hijacking, Cross Site Scripting, Manipulation of data
Released:    2008-07-10

Some vulnerabilities have been reported in Drupal, which can be
exploited by malicious people to conduct cross-site scripting,
cross-site request forgery, session fixation, SQL injection, and script
insertion attacks.

Full Advisory:
http://secunia.com/advisories/31028/

 --

[SA31024] vbDrupal Multiple Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Hijacking, Cross Site Scripting, Manipulation of data
Released:    2008-07-10

Some vulnerabilities have been reported in vbDrupal, which can be
exploited by malicious people to conduct cross-site scripting,
cross-site request forgery, session fixation, SQL injection, and script
insertion attacks.

Full Advisory:
http://secunia.com/advisories/31024/

 --

[SA31013] MyBB Multiple Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Unknown
Released:    2008-07-17

Some vulnerabilities with unknown impacts have been reported in MyBB.

Full Advisory:
http://secunia.com/advisories/31013/

 --

[SA31009] DreamPics Builder "page" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2008-07-10

Hussin X has reported a vulnerability in DreamPics Builder, which can
be exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/31009/

 --

[SA31004] Lastminute Script "cid" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2008-07-09

t0pP8uZz has reported a vulnerability in Lastminute Script, which can
be exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/31004/

 --

[SA31000] AuraCMS "pages_data.php" Manipulation of Data

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2008-07-10

k1tk4t has reported a vulnerability in AuraCMS, which can be exploited
by malicious people to manipulate certain data.

Full Advisory:
http://secunia.com/advisories/31000/

 --

[SA30985] Hotel Script "file" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2008-07-09

t0pP8uZz has reported a vulnerability in Hotel Script, which can be
exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/30985/

 --

[SA30984] Real Estate Script "listing_id" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2008-07-09

t0pP8uZz has reported a vulnerability in Real Estate Script, which can
be exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/30984/

 --

[SA30983] BrewBlogger "authenticateUser()" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2008-07-09

CWH Underground has discovered a vulnerability in BrewBlogger, which
can be exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/30983/

 --

[SA30979] Cisco Products DNS Cache Poisoning Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Spoofing
Released:    2008-07-09

A vulnerability has been reported in various Cisco products, which can
be exploited by malicious people to poison the DNS cache.

Full Advisory:
http://secunia.com/advisories/30979/

 --

[SA30976] PHP-Nuke 4ndvddb Module "id" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2008-07-08

lovebug has reported a vulnerability in the 4ndvddb module for
PHP-Nuke, which can be exploited by malicious people to conduct SQL
injection attacks.

Full Advisory:
http://secunia.com/advisories/30976/

 --

[SA30974] Joomla Unauthorized Access Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass, Exposure of sensitive information
Released:    2008-07-08

Some vulnerabilities have been reported in Joomla!, which can be
exploited by malicious people to bypass certain security restrictions
and disclose potentially sensitive information.

Full Advisory:
http://secunia.com/advisories/30974/

 --

[SA30973] ISC BIND Query Port DNS Cache Poisoning

Critical:    Moderately critical
Where:       From remote
Impact:      Spoofing
Released:    2008-07-09

A vulnerability has been reported in ISC BIND, which can be exploited
by malicious people to poison the DNS cache.

Full Advisory:
http://secunia.com/advisories/30973/

 --

[SA30969] Triton CMS Pro "X-Forwarded-For" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2008-07-08

__GiReX__ has reported a vulnerability in Triton CMS Pro, which can be
exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/30969/

 --

[SA30959] BlognPlus SQL Injection Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data, Exposure of sensitive information
Released:    2008-07-07

Tan Chew Keong has reported some vulnerabilities in BlognPlus, which
can be exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/30959/

 --

[SA30954] Empire Server Multiple Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2008-07-09

Some vulnerabilities have been reported in Empire Server, which can
potentially be exploited by malicious people to cause a DoS (Denial of
Service) or compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/30954/

 --

[SA30943] Maian Weblog "weblog_cookie" Security Bypass Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass
Released:    2008-07-15

S.W.A.T. has reported a vulnerability in Maian Weblog, which can be
exploited by malicious people to bypass certain security restrictions.

Full Advisory:
http://secunia.com/advisories/30943/

 --

[SA31036] Novell eDirectory LDAP Search Request Buffer Overflow

Critical:    Moderately critical
Where:       From local network
Impact:      DoS, System access
Released:    2008-07-11

A vulnerability has been reported in Novell eDirectory, which can be
exploited by malicious people to cause a DoS (Denial of Service) or
compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/31036/

 --

[SA30938] Novell eDirectory ds.dlm Module Buffer Overflow

Critical:    Moderately critical
Where:       From local network
Impact:      DoS, System access
Released:    2008-07-04

A vulnerability has been reported in Novell eDirectory, which can be
exploited by malicious people to cause a DoS (Denial of Service) or
compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/30938/

 --

[SA31133] Citrix XenServer XenAPI HTTP Interface Cross-Site Scripting

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2008-07-17

A vulnerability has been reported in Citrix XenServer, which can be
exploited by malicious people to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/31133/

 --

[SA31120] Mozilla Firefox 2 URI Launching Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Security Bypass, Exposure of sensitive information
Released:    2008-07-16

A vulnerability has been reported in Firefox 2, which can be exploited
by malicious people to bypass certain security restrictions and
disclose sensitive information.

Full Advisory:
http://secunia.com/advisories/31120/

 --

[SA31115] phpMyAdmin Cross-Site Request Forgery Vulnerabilities

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2008-07-16

Aung Khant has discovered some vulnerabilities in phpMyAdmin, which can
be exploited by malicious people to conduct cross-site request forgery
attacks.

Full Advisory:
http://secunia.com/advisories/31115/

 --

[SA31050] Pagefusion Multiple Cross-Site Scripting Vulnerabilities

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2008-07-11

Julian Rodriguez has discovered some vulnerabilities in Pagefusion,
which can be exploited by malicious people to conduct cross-site
scripting attacks.

Full Advisory:
http://secunia.com/advisories/31050/

 --

[SA31041] eSyndiCat Directory Software Pro "register.php" Cross-Site
Scripting

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2008-07-11

Fugitif has reported some vulnerabilities in eSyndiCat Directory
Software, which can be exploited by malicious people to conduct
cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/31041/

 --

[SA31027] Drupal OpenID Module Vulnerabilities

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2008-07-10

Some vulnerabilities have been reported in the OpenID module for
Drupal, which can be exploited by malicious people to conduct
cross-site scripting or cross-site request forgery attacks.

Full Advisory:
http://secunia.com/advisories/31027/

 --

[SA31017] Moodle KSES HTML Filter Bypass Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Security Bypass
Released:    2008-07-09

Some vulnerabilities have been reported in Moodle, which can be
exploited by malicious people to bypass certain security restrictions.

Full Advisory:
http://secunia.com/advisories/31017/

 --

[SA31015] Xomol CMS "current_url" Cross-Site Scripting Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2008-07-11

Julian Rodriguez has reported a vulnerability in Xomol CMS, which can
be exploited by malicious people to conduct cross-site scripting
attacks.

Full Advisory:
http://secunia.com/advisories/31015/

 --

[SA30946] Kasseler CMS Cross-Site Scripting Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2008-07-07

Cr_at_zy_King has discovered a vulnerability in Kasseler CMS, which can be
exploited by malicious people to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/30946/

 --

[SA31064] Firebird 2 Multiple Vulnerabilities and Weakness

Critical:    Less critical
Where:       From local network
Impact:      Exposure of system information, Exposure of sensitive
information, DoS
Released:    2008-07-15

Some vulnerabilities and a weakness have been reported in Firebird,
which can be exploited by malicious users to cause a DoS (Denial of
Service) and disclose system information, and by malicious, local users
to disclose sensitive information.

Full Advisory:
http://secunia.com/advisories/31064/

 --

[SA31003] Firebird 1 Unspecified Path Disclosure Weakness

Critical:    Not critical
Where:       From local network
Impact:      Exposure of system information
Released:    2008-07-15

A weakness has been reported in Firebird, which can be exploited by
malicious users to disclose system information.

Full Advisory:
http://secunia.com/advisories/31003/

 --

[SA30966] WeFi Diagnostic Mode Information Disclosure Weakness

Critical:    Not critical
Where:       Local system
Impact:      Exposure of sensitive information
Released:    2008-07-09

Xia Shing Zee has reported a weakness in WeFi, which can be exploited
by malicious, local users to gain knowledge of sensitive information.

Full Advisory:
http://secunia.com/advisories/30966/



========================================================================

Secunia recommends that you verify all advisories you receive,
by clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only use
those supplied by the vendor.

Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/

Subscribe:
http://secunia.com/secunia_weekly_summary/

Contact details:
Web	: http://secunia.com/
E-mail	: support_at_private
Tel	: +45 70 20 51 44
Fax	: +45 70 20 51 45


_______________________________________________      
Attend Black Hat USA, August 2-7 in Las Vegas, 
the world's premier technical event for ICT security experts.
Featuring 40 hands-on training courses and 80 Briefings 
presentations with lots of new content and new tools.
Network with 4,000 delegates from 50 nations.  
Visit product displays by 30 top sponsors in 
a relaxed setting. http://www.blackhat.com
Received on Fri Jul 18 2008 - 00:46:53 PDT

This archive was generated by hypermail 2.2.0 : Fri Jul 18 2008 - 00:55:09 PDT