======================================================================== The Secunia Weekly Advisory Summary 2008-07-10 - 2008-07-17 This week: 189 advisories ======================================================================== Table of Contents: 1.....................................................Word From Secunia 2....................................................This Week In Brief 3...............................This Weeks Top Ten Most Read Advisories 4.......................................Vulnerabilities Summary Listing 5.......................................Vulnerabilities Content Listing ======================================================================== 1) Word From Secunia: Try the Secunia Network Software Inspector (NSI) 2.0 for free! The Secunia NSI 2.0 is available as a 7-day trial download and can be used to scan up to 3 hosts within your network. Download the Secunia NSI trial version from: https://psi.secunia.com/NSISetup.exe ======================================================================== 2) This Week in Brief: Some vulnerabilities have been reported in Firefox 3, which can be exploited by malicious people to bypass certain security restrictions, potentially conduct spoofing attacks, or compromise a user's system. For more information, refer to: http://secunia.com/advisories/31106/ -- Some vulnerabilities have been reported in Apple iPhone and iPod touch, which can be exploited by malicious people to conduct spoofing and cross-site scripting attacks, cause a DoS (Denial of Service), bypass certain security restrictions, or compromise a user's system. For more information, refer to: http://secunia.com/advisories/31074/ -- Some vulnerabilities have been reported in Apple TV, which can be exploited by malicious people to compromise a vulnerable system. For more information, refer to: http://secunia.com/advisories/31034/ -- VIRUS ALERTS: During the past week Secunia collected 190 virus descriptions from the Antivirus vendors. However, none were deemed MEDIUM risk or higher according to the Secunia assessment scale. ======================================================================== 3) This Weeks Top Ten Most Read Advisories: 1. [SA31010] Sun Java JDK / JRE Multiple Vulnerabilities 2. [SA30975] Microsoft Word Unspecified Code Execution Vulnerability 3. [SA31048] Linux Kernel Multiple Vulnerabilities 4. [SA30973] ISC BIND Query Port DNS Cache Poisoning 5. [SA31051] SUSE update for MozillaFirefox 6. [SA31044] Wireshark Packet Reassembly Denial of Service 7. [SA31043] Sun Solaris Thunderbird Multiple Vulnerabilities 8. [SA31106] Mozilla Firefox 3 URI Launching and XUL Error Page Vulnerabilities 9. [SA31074] Apple iPhone / iPod touch Multiple Vulnerabilities 10. [SA31052] SUSE update for bind ======================================================================== 4) Vulnerabilities Summary Listing Windows: [SA30975] Microsoft Word Unspecified Code Execution Vulnerability [SA31141] BlackBerry Unite! PDF Processing Vulnerability [SA31095] Black Ice Document Imaging SDK "OpenGifFile()" Buffer Overflow [SA31092] BlackBerry Enterprise Server PDF Processing Vulnerability [SA31087] Oracle Products Multiple Vulnerabilities [SA30952] PPMate PPMedia Class ActiveX Control Buffer Overflow [SA31118] F-Prot Antivirus Multiple Denial of Service Vulnerabilities [SA31114] FreeStyle Wiki CGI::Session "File" Driver "CGISESSID" Directory Traversal [SA31102] WinRemotePC Packet Handling Denial of Service [SA31001] Adobe RoboHelp Server Cross-Site Scripting and SQL Injection [SA30997] Download Accelerator Plus Import File Buffer Overflow [SA30987] Dokeos "include" Local File Inclusion Vulnerability [SA30968] Procapita SQL Injection Vulnerabilities [SA30964] Microsoft Outlook Web Access Script Insertion Vulnerabilities [SA30953] Microsoft Windows Explorer Saved Search Vulnerability [SA30940] CMailServer POP3 Class ActiveX Control Buffer Overflow [SA31148] HP Select Identity Active Directory Bidirectional LDAP Connector Unauthorized Access [SA31117] CGI::Session "File" Driver "CGISESSID" Directory Traversal [SA30978] Xerox CentreWare Web Multiple Vulnerabilities [SA30970] Microsoft SQL Server and MSDE Multiple Vulnerabilities UNIX/Linux: [SA31132] Mozilla Firefox 3 on Mac OS X GIF File Handling Code Execution [SA31122] Red Hat update for seamonkey [SA31121] Red Hat update for firefox [SA31099] php Help Agent "content" File Inclusion Vulnerability [SA31090] Red Hat update for ruby [SA31078] Fedora update for java-1.6.0-openjdk [SA31076] SUSE update for MozillaFirefox [SA31069] Debian update for iceweasel [SA31067] Red Hat update for java-1.4.2-ibm [SA31062] Red Hat update for ruby [SA31055] Red Hat update for java-1.5.0-sun [SA31051] SUSE update for MozillaFirefox [SA31043] Sun Solaris Thunderbird Multiple Vulnerabilities [SA31035] Debian update for poppler [SA31029] Gentoo update for openoffice and openoffice-bin [SA31023] Slackware update for seamonkey [SA31021] Slackware update for mozilla-firefox [SA31020] Fedora update for java-1.7.0-icedtea [SA31008] rPath update for firefox [SA31005] Fedora update for seamonkey [SA31002] Gentoo update for poppler [SA30992] Fedora update for WebKit [SA30963] Poppler "pageWidgets" Uninitialized Memory Access [SA30949] Fedora update for firefox [SA31143] HP-UX update for bind [SA31124] Red Hat update for php [SA31119] Red Hat update for php [SA31107] Ubuntu update for kernel [SA31105] Debian update for gaim [SA31104] Debian update for lighttpd [SA31094] IBM AIX DNS Cache Poisoning [SA31085] Fedora update for wireshark [SA31083] Scripteen Free Image Hosting Script Security Bypass and SQL Injection [SA31082] Fedora update for php-pecl-apc [SA31080] Fedora update for newsx [SA31079] Fedora update for drupal [SA31072] Gentoo update for bind [SA31071] Maian Recipe "recipe_cookie" Security Bypass Vulnerability [SA31060] Apple Xcode tools Vulnerability and Security Issue [SA31058] reSIProcate Long Domain Name Denial of Service [SA31052] SUSE update for bind [SA31037] Sophos Products Zero-byte MIME Attachments Denial of Service [SA31033] FreeBSD update for bind [SA31022] Slackware update for bind [SA31019] Fedora update for bind [SA31016] Red Hat update for pidgin [SA31014] Sun Solaris DNS Cache Poisoning Vulnerability [SA31011] Nominum CNS and Vantio DNS Cache Poisoning Vulnerability [SA31007] rPath update for vsftpd [SA30998] Ubuntu update for bind [SA30994] FFmpeg libavformat "str_read_packet()" Buffer Overflow [SA30993] Fedora update for sipp [SA30990] Ubuntu update for pcre3 [SA30989] Debian bind DNS Cache Poisoning Vulnerability [SA30988] Debian update for bind9 [SA30980] Sun Solaris 10 DNS Cache Poisoning Vulnerability [SA30977] Red Hat update for bind [SA30972] Gentoo update for libpcre and glib [SA30971] Pidgin MSN SLP Message Integer Overflow Vulnerabilities [SA30967] SUSE Update for Multiple Packages [SA30962] SUSE update for kernel [SA30961] Debian update for pcre3 [SA30958] Fedora update for pcre [SA30945] Fedora update for glib2 [SA30944] GNOME Glib PCRE pcre_compile.c Buffer Overflow Vulnerability [SA30942] rPath update for wireshark [SA31057] Red Hat update for bluez-libs and bluez-utils [SA30957] BlueZ SDP Processing Vulnerability [SA31142] rPath update for httpd [SA31026] Gentoo update for apache [SA31018] Fedora update for moodle [SA31006] rPath update for ruby [SA30986] Moodle KSES HTML Filter Bypass Vulnerability [SA30960] Debian update for wordpress [SA30955] Simple Machines Forum "HTML-Tag" Vulnerability [SA30941] Fedora update for jetty [SA30996] Red Hat update for openldap [SA31131] Debian update for afuse [SA31109] OpenBSD update for X.Org [SA31103] Op "XAUTHORITY" Buffer Overflow Vulnerability [SA31086] Afuse Shell Command Injection Vulnerability [SA31066] Debian update for mysql-dfsg-5.0 [SA31048] Linux Kernel Multiple Vulnerabilities [SA31025] Gentoo update for nx [SA31110] Gentoo update for mercurial [SA31108] Mercurial "applydiff()" Directory Traversal Security Issue Other: [SA31034] Apple TV Multiple Vulnerabilities [SA31153] Blue Coat ProxyRA DNS Cache Poisoning Vulnerability [SA31152] Blue Coat Director DNS Cache Poisoning Vulnerability [SA31151] Blue Coat ProxySG DNS Cache Poisoning Vulnerability [SA31137] Blue Coat PacketShaper and iShaper DNS Cache Poisoning [SA31093] F5 Products DNS Cache Poisoning Vulnerability [SA31065] Novell Netware DNS Cache Poisoning Vulnerability [SA31031] Nixu Secure Name Server BIND Query Port DNS Cache Poisoning [SA31030] Infoblox NIOS BIND Query Port DNS Cache Poisoning [SA31012] Juniper Networks Products DNS Cache Poisoning Vulnerability [SA30965] F5 FirePass 1200 SSL VPN SNMP Denial of Service Cross Platform: [SA31127] PHPizabi "writeLogEntry()" Arbitrary PHP Code Execution [SA31113] HP Oracle for OpenView Multiple Vulnerabilities [SA31106] Mozilla Firefox 3 URI Launching and XUL Error Page Vulnerabilities [SA31101] Pragyan CMS File Inclusion Vulnerabilities [SA31074] Apple iPhone / iPod touch Multiple Vulnerabilities [SA31010] Sun Java JDK / JRE Multiple Vulnerabilities [SA30999] Ray "sIncPath" File Inclusion Vulnerability [SA30995] SafeHTML "dir[plugins]" File Inclusion Vulnerabilities [SA30991] vBulletin Two Script Insertion Vulnerabilities [SA30981] Dolphin File Inclusion Vulnerabilities [SA30956] Yourplace Authentication Bypass Vulnerability [SA30951] 1024 CMS Multiple File Inclusion Vulnerabilities [SA30950] Neutrino Atomic Edition Security Bypass Vulnerability [SA30948] webXell Editor File Upload Vulnerability [SA30947] Thelia auth.php Security Bypass Vulnerability [SA30939] ImperialBB Avatar File Upload Vulnerability [SA31126] Joomla DT Register Component "eventId" SQL Injection [SA31116] Claroline Unspecified Vulnerabilities [SA31112] AlstraSoft Affiliate Network Pro "pgm" SQL Injection Vulnerability [SA31100] Comdev Web Blogger "arcmonth" SQL Injection Vulnerability [SA31098] Galatolo WebManager SQL Injection and Cross-Site Scripting [SA31088] Pluck predefined_variables.php Local File inclusion Vulnerabilities [SA31084] ITechBids Cross-Site Scripting and SQL Injection [SA31077] Yuhhu Pubs Black Cat "category" SQL Injection Vulnerability [SA31075] Maian Search "search_cookie" Security Bypass Vulnerability [SA31070] Maian Guestbook "gbook_cookie" Security Bypass Vulnerability [SA31068] Maian Links "links_cookie" Security Bypass Vulnerability [SA31063] @1 File Store PRO "id" SQL Injection Vulnerabilities [SA31061] Wysi Wiki Wyg "c" Directory Traversal Vulnerability [SA31059] Million Pixels "id_cat" SQL Injection Vulnerability [SA31056] Maian Events "mevents_admin_cookie" Security Bypass Vulnerability [SA31054] BilboBlog Multiple Vulnerabilities [SA31053] CodeDB "lang" Local File Inclusion Vulnerability [SA31049] jSite Multiple Vulnerabilities [SA31047] webcms.es webCMS Portal Edition "id" SQL Injection Vulnerability [SA31045] Maian Uploader "uploader_cookie" Security Bypass Vulnerability [SA31044] Wireshark Packet Reassembly Denial of Service [SA31040] phpDatingClub "page" Local File Inclusion [SA31039] Zen Cart Two Local File Inclusion Vulnerabilities [SA31038] Maian Music "mmusic_cookie" Security Bypass Vulnerability [SA31032] DreamNews Manager "id" SQL Injection Vulnerability [SA31028] Drupal Multiple Vulnerabilities [SA31024] vbDrupal Multiple Vulnerabilities [SA31013] MyBB Multiple Vulnerabilities [SA31009] DreamPics Builder "page" SQL Injection Vulnerability [SA31004] Lastminute Script "cid" SQL Injection Vulnerability [SA31000] AuraCMS "pages_data.php" Manipulation of Data [SA30985] Hotel Script "file" SQL Injection Vulnerability [SA30984] Real Estate Script "listing_id" SQL Injection Vulnerability [SA30983] BrewBlogger "authenticateUser()" SQL Injection Vulnerability [SA30979] Cisco Products DNS Cache Poisoning Vulnerability [SA30976] PHP-Nuke 4ndvddb Module "id" SQL Injection Vulnerability [SA30974] Joomla Unauthorized Access Vulnerabilities [SA30973] ISC BIND Query Port DNS Cache Poisoning [SA30969] Triton CMS Pro "X-Forwarded-For" SQL Injection Vulnerability [SA30959] BlognPlus SQL Injection Vulnerabilities [SA30954] Empire Server Multiple Vulnerabilities [SA30943] Maian Weblog "weblog_cookie" Security Bypass Vulnerability [SA31036] Novell eDirectory LDAP Search Request Buffer Overflow [SA30938] Novell eDirectory ds.dlm Module Buffer Overflow [SA31133] Citrix XenServer XenAPI HTTP Interface Cross-Site Scripting [SA31120] Mozilla Firefox 2 URI Launching Vulnerability [SA31115] phpMyAdmin Cross-Site Request Forgery Vulnerabilities [SA31050] Pagefusion Multiple Cross-Site Scripting Vulnerabilities [SA31041] eSyndiCat Directory Software Pro "register.php" Cross-Site Scripting [SA31027] Drupal OpenID Module Vulnerabilities [SA31017] Moodle KSES HTML Filter Bypass Vulnerability [SA31015] Xomol CMS "current_url" Cross-Site Scripting Vulnerability [SA30946] Kasseler CMS Cross-Site Scripting Vulnerability [SA31064] Firebird 2 Multiple Vulnerabilities and Weakness [SA31003] Firebird 1 Unspecified Path Disclosure Weakness [SA30966] WeFi Diagnostic Mode Information Disclosure Weakness ======================================================================== 5) Vulnerabilities Content Listing Windows:-- [SA30975] Microsoft Word Unspecified Code Execution Vulnerability Critical: Extremely critical Where: From remote Impact: System access Released: 2008-07-09 A vulnerability has been reported in Microsoft Word, which can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/30975/ -- [SA31141] BlackBerry Unite! PDF Processing Vulnerability Critical: Highly critical Where: From remote Impact: DoS, System access Released: 2008-07-17 A vulnerability has been reported in BlackBerry Unite!, which potentially can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/31141/ -- [SA31095] Black Ice Document Imaging SDK "OpenGifFile()" Buffer Overflow Critical: Highly critical Where: From remote Impact: System access Released: 2008-07-16 r0ut3r has discovered a vulnerability in Black Ice Document Imaging SDK, which can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/31095/ -- [SA31092] BlackBerry Enterprise Server PDF Processing Vulnerability Critical: Highly critical Where: From remote Impact: DoS, System access Released: 2008-07-17 A vulnerability has been reported in BlackBerry Enterprise Server, which potentially can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/31092/ -- [SA31087] Oracle Products Multiple Vulnerabilities Critical: Highly critical Where: From remote Impact: Security Bypass, Exposure of sensitive information, Privilege escalation, DoS, System access, Unknown Released: 2008-07-16 Multiple vulnerabilities have been reported for various Oracle products. Some vulnerabilities have unknown impacts while others can be exploited by malicious, local users to gain escalated privileges, by malicious users to cause a DoS (Denial of Service), disclose sensitive information, gain escalated privileges, or compromise a vulnerable system, and by malicious people to bypass certain security restrictions or to cause a DoS. Full Advisory: http://secunia.com/advisories/31087/ -- [SA30952] PPMate PPMedia Class ActiveX Control Buffer Overflow Critical: Highly critical Where: From remote Impact: System access Released: 2008-07-16 Parvez Anwar has discovered a vulnerability in PPMate, which can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/30952/ -- [SA31118] F-Prot Antivirus Multiple Denial of Service Vulnerabilities Critical: Moderately critical Where: From remote Impact: DoS Released: 2008-07-17 Some vulnerabilities have been reported in F-Prot Antivirus, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/31118/ -- [SA31114] FreeStyle Wiki CGI::Session "File" Driver "CGISESSID" Directory Traversal Critical: Moderately critical Where: From remote Impact: Security Bypass Released: 2008-07-17 Tan Chew Keong has reported a vulnerability in FreeStyle Wiki, which can be exploited by malicious people to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/31114/ -- [SA31102] WinRemotePC Packet Handling Denial of Service Critical: Moderately critical Where: From remote Impact: DoS Released: 2008-07-16 Shinnok has discovered a vulnerability in WinRemotePC, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/31102/ -- [SA31001] Adobe RoboHelp Server Cross-Site Scripting and SQL Injection Critical: Moderately critical Where: From remote Impact: Manipulation of data, Cross Site Scripting Released: 2008-07-09 Some vulnerabilities have been reported in Adobe RoboHelp Server, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks. Full Advisory: http://secunia.com/advisories/31001/ -- [SA30997] Download Accelerator Plus Import File Buffer Overflow Critical: Moderately critical Where: From remote Impact: System access Released: 2008-07-09 Krystian Kloskowski has discovered a vulnerability in Download Accelerator Plus, which can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/30997/ -- [SA30987] Dokeos "include" Local File Inclusion Vulnerability Critical: Moderately critical Where: From remote Impact: Exposure of sensitive information, Exposure of system information Released: 2008-07-09 A vulnerability has been reported in Dokeos, which can be exploited by malicious people to disclose sensitive information. Full Advisory: http://secunia.com/advisories/30987/ -- [SA30968] Procapita SQL Injection Vulnerabilities Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2008-07-14 pelzi has reported some vulnerabilities in Procapita, which can be exploited by malicious people or users to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/30968/ -- [SA30964] Microsoft Outlook Web Access Script Insertion Vulnerabilities Critical: Moderately critical Where: From remote Impact: Cross Site Scripting Released: 2008-07-08 Two vulnerabilities have been reported in Microsoft Outlook Web Access for Exchange Server, which can be exploited by malicious people to conduct script insertion attacks. Full Advisory: http://secunia.com/advisories/30964/ -- [SA30953] Microsoft Windows Explorer Saved Search Vulnerability Critical: Moderately critical Where: From remote Impact: System access Released: 2008-07-08 A vulnerability has been reported in Microsoft Windows, which can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/30953/ -- [SA30940] CMailServer POP3 Class ActiveX Control Buffer Overflow Critical: Moderately critical Where: From remote Impact: System access Released: 2008-07-07 Nine:Situations:Group::bruiser has discovered a vulnerability in CMailServer, which can be exploited by malicious users to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/30940/ -- [SA31148] HP Select Identity Active Directory Bidirectional LDAP Connector Unauthorized Access Critical: Moderately critical Where: From local network Impact: Security Bypass Released: 2008-07-17 Some vulnerabilities have been reported in HP Select Identity Active Directory Bidirectional LDAP Connector, which can be exploited by malicious people to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/31148/ -- [SA31117] CGI::Session "File" Driver "CGISESSID" Directory Traversal Critical: Less critical Where: From remote Impact: Security Bypass Released: 2008-07-17 Tan Chew Keong has reported a vulnerability in CGI::Session, which can be exploited by malicious people to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/31117/ -- [SA30978] Xerox CentreWare Web Multiple Vulnerabilities Critical: Less critical Where: From remote Impact: Cross Site Scripting, Manipulation of data Released: 2008-07-09 Some vulnerabilities have been reported in Xerox CentreWare Web, which can be exploited by malicious users to conduct SQL injection attacks, and by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/30978/ -- [SA30970] Microsoft SQL Server and MSDE Multiple Vulnerabilities Critical: Less critical Where: From local network Impact: Exposure of sensitive information, Privilege escalation Released: 2008-07-08 Four vulnerabilities have been reported in Microsoft SQL Server, which can be exploited by malicious users to gain escalated privileges. Full Advisory: http://secunia.com/advisories/30970/ UNIX/Linux:-- [SA31132] Mozilla Firefox 3 on Mac OS X GIF File Handling Code Execution Critical: Highly critical Where: From remote Impact: System access Released: 2008-07-17 A vulnerability has been reported in Firefox 3 on Mac OS X, which potentially can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/31132/ -- [SA31122] Red Hat update for seamonkey Critical: Highly critical Where: From remote Impact: System access Released: 2008-07-16 Red Hat has issued an update for seamonkey. This fixes a vulnerability, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/31122/ -- [SA31121] Red Hat update for firefox Critical: Highly critical Where: From remote Impact: Security Bypass, Exposure of sensitive information, System access Released: 2008-07-16 Red Hat has issued an update for firefox. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions and disclose sensitive information. Full Advisory: http://secunia.com/advisories/31121/ -- [SA31099] php Help Agent "content" File Inclusion Vulnerability Critical: Highly critical Where: From remote Impact: Exposure of system information, Exposure of sensitive information, System access Released: 2008-07-16 BeyazKurt has discovered a vulnerability in php Help Agent, which can be exploited by malicious people to disclose sensitive information and compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/31099/ -- [SA31090] Red Hat update for ruby Critical: Highly critical Where: From remote Impact: DoS, System access Released: 2008-07-15 Red Hat has issued an update for ruby. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/31090/ -- [SA31078] Fedora update for java-1.6.0-openjdk Critical: Highly critical Where: From remote Impact: Security Bypass, Exposure of system information, Exposure of sensitive information, DoS, System access Released: 2008-07-15 Fedora has issued an update for java-1.6.0-openjdk. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions, disclose system information or potentially sensitive information, cause a DoS (Denial of Service), or compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/31078/ -- [SA31076] SUSE update for MozillaFirefox Critical: Highly critical Where: From remote Impact: Security Bypass, Cross Site Scripting, Spoofing, Exposure of system information, Exposure of sensitive information, DoS, System access Released: 2008-07-14 SUSE has issued an update for MozillaFirefox. This fixes some vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting and spoofing attacks, bypass certain security restrictions, disclose sensitive information, or potentially compromise a user's system. Full Advisory: http://secunia.com/advisories/31076/ -- [SA31069] Debian update for iceweasel Critical: Highly critical Where: From remote Impact: Security Bypass, Cross Site Scripting, Spoofing, Exposure of system information, Exposure of sensitive information, DoS, System access Released: 2008-07-14 Debian has issued an update for iceweasel. This fixes some vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting and spoofing attacks, bypass certain security restrictions, disclose sensitive information, or potentially compromise a user's system. Full Advisory: http://secunia.com/advisories/31069/ -- [SA31067] Red Hat update for java-1.4.2-ibm Critical: Highly critical Where: From remote Impact: Security Bypass, DoS, System access Released: 2008-07-15 Red Hat has issued an update for java-1.4.2-ibm. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service), bypass certain security restrictions, or compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/31067/ -- [SA31062] Red Hat update for ruby Critical: Highly critical Where: From remote Impact: DoS, System access Released: 2008-07-15 Red Hat has issued an update for ruby. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/31062/ -- [SA31055] Red Hat update for java-1.5.0-sun Critical: Highly critical Where: From remote Impact: Security Bypass, Exposure of system information, Exposure of sensitive information, DoS, System access Released: 2008-07-15 Red Hat has issued an update for java-1.5.0-sun. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions, disclose system information or potentially sensitive information, cause a DoS (Denial of Service), or compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/31055/ -- [SA31051] SUSE update for MozillaFirefox Critical: Highly critical Where: From remote Impact: Security Bypass, Cross Site Scripting, Spoofing, Exposure of system information, Exposure of sensitive information, DoS, System access Released: 2008-07-11 SUSE has issued an update for MozillaFirefox. This fixes some vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting and spoofing attacks, bypass certain security restrictions, disclose sensitive information, or potentially compromise a user's system. Full Advisory: http://secunia.com/advisories/31051/ -- [SA31043] Sun Solaris Thunderbird Multiple Vulnerabilities Critical: Highly critical Where: From remote Impact: Security Bypass, Cross Site Scripting, Exposure of sensitive information, System access Released: 2008-07-11 Sun has acknowledged some vulnerabilities in Thunderbird included in Sun Solaris, which can be exploited by malicious people to bypass certain security restrictions, disclose sensitive information, conduct cross-site scripting attacks, or compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/31043/ -- [SA31035] Debian update for poppler Critical: Highly critical Where: From remote Impact: DoS, System access Released: 2008-07-10 Debian has issued an update for poppler. This fixes a vulnerability, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/31035/ -- [SA31029] Gentoo update for openoffice and openoffice-bin Critical: Highly critical Where: From remote Impact: System access Released: 2008-07-10 Gentoo has issued an update for openoffice and openoffice-bin. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/31029/ -- [SA31023] Slackware update for seamonkey Critical: Highly critical Where: From remote Impact: System access, DoS, Exposure of sensitive information, Exposure of system information, Spoofing, Cross Site Scripting, Security Bypass Released: 2008-07-10 Slackware has issued an update for seamonkey. This fixes some vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting and spoofing attacks, bypass certain security restrictions, disclose sensitive information, or potentially compromise a user's system. Full Advisory: http://secunia.com/advisories/31023/ -- [SA31021] Slackware update for mozilla-firefox Critical: Highly critical Where: From remote Impact: Security Bypass, Cross Site Scripting, Spoofing, Exposure of system information, Exposure of sensitive information, DoS, System access Released: 2008-07-10 Slackware has issued an update for mozilla-firefox. This fixes some vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting and spoofing attacks, bypass certain security restrictions, disclose sensitive information, or potentially compromise a user's system. Full Advisory: http://secunia.com/advisories/31021/ -- [SA31020] Fedora update for java-1.7.0-icedtea Critical: Highly critical Where: From remote Impact: Security Bypass, Exposure of system information, Exposure of sensitive information, DoS, System access Released: 2008-07-10 Fedora has issued an update for java-1.7.0-icedtea. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions, disclose system information or potentially sensitive information, cause a DoS (Denial of Service), or compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/31020/ -- [SA31008] rPath update for firefox Critical: Highly critical Where: From remote Impact: Security Bypass, Cross Site Scripting, Spoofing, Exposure of system information, Exposure of sensitive information, DoS, System access Released: 2008-07-09 rPath has issued an update for firefox. This fixes some vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting and spoofing attacks, bypass certain security restrictions, disclose sensitive information, or potentially compromise a user's system. Full Advisory: http://secunia.com/advisories/31008/ -- [SA31005] Fedora update for seamonkey Critical: Highly critical Where: From remote Impact: Security Bypass, Cross Site Scripting, Spoofing, Exposure of system information, Exposure of sensitive information, DoS, System access Released: 2008-07-09 Fedora has issued an update for seamonkey. This fixes some vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting and spoofing attacks, bypass certain security restrictions, disclose sensitive information, or potentially compromise a user's system. Full Advisory: http://secunia.com/advisories/31005/ -- [SA31002] Gentoo update for poppler Critical: Highly critical Where: From remote Impact: DoS, System access Released: 2008-07-09 Gentoo has issued an update for poppler. This fixes a vulnerability, which potentially can be exploited by malicious people to compromise an application using the library. Full Advisory: http://secunia.com/advisories/31002/ -- [SA30992] Fedora update for WebKit Critical: Highly critical Where: From remote Impact: System access Released: 2008-07-09 Fedora has issued an update for WebKit. This fixes a vulnerability, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/30992/ -- [SA30963] Poppler "pageWidgets" Uninitialized Memory Access Critical: Highly critical Where: From remote Impact: DoS, System access Released: 2008-07-08 A vulnerability has been reported in Poppler, which potentially can be exploited by malicious people to compromise an application using the library. Full Advisory: http://secunia.com/advisories/30963/ -- [SA30949] Fedora update for firefox Critical: Highly critical Where: From remote Impact: Security Bypass, Cross Site Scripting, Spoofing, Exposure of system information, Exposure of sensitive information, DoS, System access Released: 2008-07-07 Fedora has issued an update for firefox. This fixes some vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting and spoofing attacks, bypass certain security restrictions, disclose sensitive information, or potentially compromise a user's system. Full Advisory: http://secunia.com/advisories/30949/ -- [SA31143] HP-UX update for bind Critical: Moderately critical Where: From remote Impact: Spoofing Released: 2008-07-17 HP has issued an update for bind. This fixes a vulnerability, which can be exploited by malicious people to poison the DNS cache. Full Advisory: http://secunia.com/advisories/31143/ -- [SA31124] Red Hat update for php Critical: Moderately critical Where: From remote Impact: Security Bypass, DoS, System access Released: 2008-07-17 Red Hat has issued an update for php. This fixes some vulnerabilities, which can be exploited by malicious users to bypass certain security restrictions, and by malicious people to bypass certain security restrictions, cause a DoS (Denial of Service) and potentially compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/31124/ -- [SA31119] Red Hat update for php Critical: Moderately critical Where: From remote Impact: Security Bypass Released: 2008-07-16 Red Hat has issued an update for php. This fixes some vulnerabilities, which can be exploited by malicious users and malicious people to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/31119/ -- [SA31107] Ubuntu update for kernel Critical: Moderately critical Where: From remote Impact: Security Bypass, Exposure of sensitive information, Privilege escalation, DoS, System access Released: 2008-07-16 Ubuntu has issued an update for the kernel. This fixes some vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service), bypass certain security restrictions, disclose potentially sensitive information, and gain escalated privileges, and malicious people to cause a DoS and potentially compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/31107/ -- [SA31105] Debian update for gaim Critical: Moderately critical Where: From remote Impact: DoS, System access Released: 2008-07-16 Debian has issued an update for gaim. This fixes some vulnerabilities, which potentially can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/31105/ -- [SA31104] Debian update for lighttpd Critical: Moderately critical Where: From remote Impact: DoS Released: 2008-07-16 Debian has issued an update for lighttpd. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/31104/ -- [SA31094] IBM AIX DNS Cache Poisoning Critical: Moderately critical Where: From remote Impact: Spoofing Released: 2008-07-16 A vulnerability has been reported in IBM AIX, which can be exploited by malicious people to poison the DNS cache. Full Advisory: http://secunia.com/advisories/31094/ -- [SA31085] Fedora update for wireshark Critical: Moderately critical Where: From remote Impact: Exposure of sensitive information, DoS Released: 2008-07-15 Fedora has issued an update for wireshark. This fixes some vulnerabilities, which can be exploited by malicious people to disclose potentially sensitive information or cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/31085/ -- [SA31083] Scripteen Free Image Hosting Script Security Bypass and SQL Injection Critical: Moderately critical Where: From remote Impact: Security Bypass, Manipulation of data Released: 2008-07-14 Some vulnerabilities have been discovered in Scripteen Free Image Hosting Script, which can be exploited by malicious people to bypass certain security restrictions and conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/31083/ -- [SA31082] Fedora update for php-pecl-apc Critical: Moderately critical Where: From remote Impact: Security Bypass, DoS, System access Released: 2008-07-15 Fedora has issued an update for php-pecl-apc. This fixes a vulnerability, which can be exploited by malicious users to bypass certain security restrictions and potentially by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/31082/ -- [SA31080] Fedora update for newsx Critical: Moderately critical Where: From remote Impact: DoS, System access Released: 2008-07-15 Fedora has issued an update for newsx. This fixes a vulnerability, which potentially can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/31080/ -- [SA31079] Fedora update for drupal Critical: Moderately critical Where: From remote Impact: Hijacking, Cross Site Scripting, Manipulation of data Released: 2008-07-15 Fedora has issued an update for drupal. This fixes some vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting, cross-site request forgery, session fixation, SQL injection, and script insertion attacks. Full Advisory: http://secunia.com/advisories/31079/ -- [SA31072] Gentoo update for bind Critical: Moderately critical Where: From remote Impact: Spoofing Released: 2008-07-14 Gentoo has issued an update for bind. This fixes a vulnerability, which can be exploited by malicious people to poison the DNS cache. Full Advisory: http://secunia.com/advisories/31072/ -- [SA31071] Maian Recipe "recipe_cookie" Security Bypass Vulnerability Critical: Moderately critical Where: From remote Impact: Security Bypass Released: 2008-07-15 S.W.A.T. has reported a vulnerability in Maian Recipe, which can be exploited by malicious people to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/31071/ -- [SA31060] Apple Xcode tools Vulnerability and Security Issue Critical: Moderately critical Where: From remote Impact: Exposure of sensitive information, System access Released: 2008-07-14 A vulnerability and a security issue have been reported in Xcode tools, which can be exploited by malicious people to disclose sensitive information or to compromise a user's system. Full Advisory: http://secunia.com/advisories/31060/ -- [SA31058] reSIProcate Long Domain Name Denial of Service Critical: Moderately critical Where: From remote Impact: DoS Released: 2008-07-14 A vulnerability has been reported in reSIProcate, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/31058/ -- [SA31052] SUSE update for bind Critical: Moderately critical Where: From remote Impact: Spoofing Released: 2008-07-11 SUSE has issued an update for bind. This fixes a vulnerability, which can be exploited by malicious people to poison the DNS cache. Full Advisory: http://secunia.com/advisories/31052/ -- [SA31037] Sophos Products Zero-byte MIME Attachments Denial of Service Critical: Moderately critical Where: From remote Impact: DoS Released: 2008-07-10 A vulnerability has been reported in some Sophos products, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/31037/ -- [SA31033] FreeBSD update for bind Critical: Moderately critical Where: From remote Impact: Spoofing Released: 2008-07-15 FreeBSD has issued an update for bind. This fixes a vulnerability, which can be exploited by malicious people to poison the DNS cache. Full Advisory: http://secunia.com/advisories/31033/ -- [SA31022] Slackware update for bind Critical: Moderately critical Where: From remote Impact: Spoofing Released: 2008-07-10 Slackware has issued an update for bind. This fixes a vulnerability, which can be exploited by malicious people to poison the DNS cache. Full Advisory: http://secunia.com/advisories/31022/ -- [SA31019] Fedora update for bind Critical: Moderately critical Where: From remote Impact: Spoofing Released: 2008-07-10 Fedora has issued an update for bind. This fixes a vulnerability, which can be exploited by malicious people to poison the DNS cache. Full Advisory: http://secunia.com/advisories/31019/ -- [SA31016] Red Hat update for pidgin Critical: Moderately critical Where: From remote Impact: DoS, System access Released: 2008-07-09 Red Hat has issued an update for pidgin. This fixes some vulnerabilities, which can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/31016/ -- [SA31014] Sun Solaris DNS Cache Poisoning Vulnerability Critical: Moderately critical Where: From remote Impact: Spoofing Released: 2008-07-09 A vulnerability has been reported in Sun Solaris, which can be exploited by malicious people to poison the DNS cache. Full Advisory: http://secunia.com/advisories/31014/ -- [SA31011] Nominum CNS and Vantio DNS Cache Poisoning Vulnerability Critical: Moderately critical Where: From remote Impact: Spoofing Released: 2008-07-09 Nominum has acknowledged a vulnerability in Nominum CNS and Vantio, which can be exploited by malicious people to poison the DNS cache. Full Advisory: http://secunia.com/advisories/31011/ -- [SA31007] rPath update for vsftpd Critical: Moderately critical Where: From remote Impact: DoS Released: 2008-07-09 rPath has issued an update for vsftpd. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/31007/ -- [SA30998] Ubuntu update for bind Critical: Moderately critical Where: From remote Impact: Spoofing Released: 2008-07-09 Ubuntu has issued an update for bind. This fixes a vulnerability, which can be exploited by malicious people to poison the DNS cache. Full Advisory: http://secunia.com/advisories/30998/ -- [SA30994] FFmpeg libavformat "str_read_packet()" Buffer Overflow Critical: Moderately critical Where: From remote Impact: DoS, System access Released: 2008-07-09 A vulnerability has been reported in FFmpeg, which potentially can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/30994/ -- [SA30993] Fedora update for sipp Critical: Moderately critical Where: From remote Impact: DoS, System access Released: 2008-07-09 Fedora has issued an update for sipp. This fixes two vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) or to potentially compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/30993/ -- [SA30990] Ubuntu update for pcre3 Critical: Moderately critical Where: From remote Impact: DoS, System access Released: 2008-07-15 Ubuntu has issued an update for pcre3. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise an application using the library. Full Advisory: http://secunia.com/advisories/30990/ -- [SA30989] Debian bind DNS Cache Poisoning Vulnerability Critical: Moderately critical Where: From remote Impact: Spoofing Released: 2008-07-09 Debian has acknowledged a vulnerability in bind, which can be exploited by malicious people to poison the DNS cache. Full Advisory: http://secunia.com/advisories/30989/ -- [SA30988] Debian update for bind9 Critical: Moderately critical Where: From remote Impact: Spoofing Released: 2008-07-09 Debian has issued an update for bind9. This fixes a vulnerability, which can be exploited by malicious people to poison the DNS cache. Full Advisory: http://secunia.com/advisories/30988/ -- [SA30980] Sun Solaris 10 DNS Cache Poisoning Vulnerability Critical: Moderately critical Where: From remote Impact: Spoofing Released: 2008-07-09 A vulnerability has been reported in Sun Solaris, which can be exploited by malicious people to poison the DNS cache. Full Advisory: http://secunia.com/advisories/30980/ -- [SA30977] Red Hat update for bind Critical: Moderately critical Where: From remote Impact: Spoofing Released: 2008-07-09 Red Hat has issued an update for bind. This fixes a vulnerability, which can be exploited by malicious people to poison the DNS cache. Full Advisory: http://secunia.com/advisories/30977/ -- [SA30972] Gentoo update for libpcre and glib Critical: Moderately critical Where: From remote Impact: DoS, System access Released: 2008-07-08 Gentoo has issued an update for libpcre and glib. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise an application using the library. Full Advisory: http://secunia.com/advisories/30972/ -- [SA30971] Pidgin MSN SLP Message Integer Overflow Vulnerabilities Critical: Moderately critical Where: From remote Impact: DoS, System access Released: 2008-07-09 Some vulnerabilities have been reported in Pidgin, which potentially can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/30971/ -- [SA30967] SUSE Update for Multiple Packages Critical: Moderately critical Where: From remote Impact: Security Bypass, Cross Site Scripting, Manipulation of data, DoS, System access Released: 2008-07-07 SUSE has issued an update for multiple packages. This fixes some vulnerabilities, which can be exploited by malicious people with physical access to bypass certain security restrictions, and malicious people to conduct cross-site scripting and SQL injection attacks, cause a DoS (Denial of Service), and potentially compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/30967/ -- [SA30962] SUSE update for kernel Critical: Moderately critical Where: From remote Impact: Exposure of sensitive information, Privilege escalation, DoS Released: 2008-07-07 SUSE has issued an update for the kernel. This fixes some vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service), disclose potentially sensitive information, and gain escalated privileges, and by malicious people to cause a DoS. Full Advisory: http://secunia.com/advisories/30962/ -- [SA30961] Debian update for pcre3 Critical: Moderately critical Where: From remote Impact: DoS, System access Released: 2008-07-07 Debian has issued an update for pcre3. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise an application using the library. Full Advisory: http://secunia.com/advisories/30961/ -- [SA30958] Fedora update for pcre Critical: Moderately critical Where: From remote Impact: DoS, System access Released: 2008-07-07 Fedora has issued an update for pcre. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise an application using the library. Full Advisory: http://secunia.com/advisories/30958/ -- [SA30945] Fedora update for glib2 Critical: Moderately critical Where: From remote Impact: DoS, System access Released: 2008-07-04 Fedora has issued an update for glib2. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/30945/ -- [SA30944] GNOME Glib PCRE pcre_compile.c Buffer Overflow Vulnerability Critical: Moderately critical Where: From remote Impact: DoS, System access Released: 2008-07-04 A vulnerability has been reported in GNOME Glib, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise an application using the library. Full Advisory: http://secunia.com/advisories/30944/ -- [SA30942] rPath update for wireshark Critical: Moderately critical Where: From remote Impact: Exposure of sensitive information, DoS Released: 2008-07-04 rPath has issued an update for wireshark. This fixes some vulnerabilities, which can be exploited by malicious people to disclose potentially sensitive information or cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/30942/ -- [SA31057] Red Hat update for bluez-libs and bluez-utils Critical: Moderately critical Where: From local network Impact: DoS, System access Released: 2008-07-15 Red Hat has issued an update for bluez-libs and bluez-utils. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) or to potentially compromise a user's system. Full Advisory: http://secunia.com/advisories/31057/ -- [SA30957] BlueZ SDP Processing Vulnerability Critical: Moderately critical Where: From local network Impact: DoS, System access Released: 2008-07-07 A vulnerability has been reported in BlueZ, which can be exploited by malicious people to cause a DoS (Denial of Service) or to potentially compromise a user's system. Full Advisory: http://secunia.com/advisories/30957/ -- [SA31142] rPath update for httpd Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2008-07-17 rPath has issued an update for httpd. This fixes some vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/31142/ -- [SA31026] Gentoo update for apache Critical: Less critical Where: From remote Impact: Cross Site Scripting, DoS Released: 2008-07-10 Gentoo has issued an update for apache. This fixes a some vulnerabilities, which can be exploited by malicious people to conduct cross-site request forgery attacks and cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/31026/ -- [SA31018] Fedora update for moodle Critical: Less critical Where: From remote Impact: Security Bypass Released: 2008-07-09 Fedora has issued an update for moodle. This fixes a vulnerability, which can be exploited by malicious people to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/31018/ -- [SA31006] rPath update for ruby Critical: Less critical Where: From remote Impact: DoS Released: 2008-07-09 rPath has issued an update for ruby. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/31006/ -- [SA30986] Moodle KSES HTML Filter Bypass Vulnerability Critical: Less critical Where: From remote Impact: Security Bypass Released: 2008-07-09 Some vulnerabilities have been reported in Moodle, which can be exploited by malicious people to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/30986/ -- [SA30960] Debian update for wordpress Critical: Less critical Where: From remote Impact: Security Bypass, Manipulation of data Released: 2008-07-07 Debian has issued an update for wordpress. This fixes a vulnerability, which can be exploited by malicious users to bypass certain security restrictions and to manipulate data. Full Advisory: http://secunia.com/advisories/30960/ -- [SA30955] Simple Machines Forum "HTML-Tag" Vulnerability Critical: Less critical Where: From remote Impact: Unknown Released: 2008-07-17 A vulnerability with an unknown impact has been reported in Simple Machines Forum. Full Advisory: http://secunia.com/advisories/30955/ -- [SA30941] Fedora update for jetty Critical: Less critical Where: From remote Impact: Hijacking, Cross Site Scripting Released: 2008-07-07 Fedora has issued an update for jetty. This fixes some vulnerabilities, which can be exploited by malicious people to conduct HTTP response splitting and cross-site scripting attacks and potentially hijack a user session. Full Advisory: http://secunia.com/advisories/30941/ -- [SA30996] Red Hat update for openldap Critical: Less critical Where: From local network Impact: DoS Released: 2008-07-10 Red Hat has issued an update for openldap. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/30996/ -- [SA31131] Debian update for afuse Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2008-07-17 Debian has issued an update for afuse. This fixes a vulnerability, which can be exploited by malicious, local users to gain escalated privileges. Full Advisory: http://secunia.com/advisories/31131/ -- [SA31109] OpenBSD update for X.Org Critical: Less critical Where: Local system Impact: Exposure of sensitive information, Privilege escalation, DoS Released: 2008-07-16 OpenBSD has issued an update for X.Org. This fixes some vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service), disclose potentially sensitive information, or to gain escalated privileges. Full Advisory: http://secunia.com/advisories/31109/ -- [SA31103] Op "XAUTHORITY" Buffer Overflow Vulnerability Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2008-07-16 Nico Golde has reported a vulnerability in Op, which can be exploited by malicious, local users to gain escalated privileges. Full Advisory: http://secunia.com/advisories/31103/ -- [SA31086] Afuse Shell Command Injection Vulnerability Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2008-07-16 A vulnerability has been reported in Afuse, which can be exploited by malicious, local users to gain escalated privileges. Full Advisory: http://secunia.com/advisories/31086/ -- [SA31066] Debian update for mysql-dfsg-5.0 Critical: Less critical Where: Local system Impact: Security Bypass Released: 2008-07-14 Debian has issued an update for mysql-dfsg-5.0. This fixes a security issue, which can be exploited by malicious, local users to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/31066/ -- [SA31048] Linux Kernel Multiple Vulnerabilities Critical: Less critical Where: Local system Impact: Privilege escalation, DoS Released: 2008-07-11 Some vulnerabilities have been reported in the Linux Kernel, which can be exploited by malicious, local users to cause a DoS (Denial of Service) or to potentially gain escalated privileges. Full Advisory: http://secunia.com/advisories/31048/ -- [SA31025] Gentoo update for nx Critical: Less critical Where: Local system Impact: Exposure of sensitive information, Privilege escalation, DoS Released: 2008-07-10 Gentoo has issued an update for nx. This fixes some vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service), disclose potentially sensitive information, or to gain escalated privileges. Full Advisory: http://secunia.com/advisories/31025/ -- [SA31110] Gentoo update for mercurial Critical: Not critical Where: From remote Impact: Manipulation of data Released: 2008-07-16 Gentoo has issued an update for mercurial. This fixes a security issue, which can be exploited by malicious people to manipulate certain data. Full Advisory: http://secunia.com/advisories/31110/ -- [SA31108] Mercurial "applydiff()" Directory Traversal Security Issue Critical: Not critical Where: From remote Impact: Manipulation of data Released: 2008-07-16 A security issue has been reported in Mercurial, which can be exploited by malicious people to manipulate certain data. Full Advisory: http://secunia.com/advisories/31108/ Other:-- [SA31034] Apple TV Multiple Vulnerabilities Critical: Highly critical Where: From remote Impact: System access Released: 2008-07-11 Some vulnerabilities have been reported in Apple TV, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/31034/ -- [SA31153] Blue Coat ProxyRA DNS Cache Poisoning Vulnerability Critical: Moderately critical Where: From remote Impact: Spoofing Released: 2008-07-17 Blue Coat has acknowledged a vulnerability in Blue Coat ProxyRA, which can be exploited by malicious people to poison the DNS cache. Full Advisory: http://secunia.com/advisories/31153/ -- [SA31152] Blue Coat Director DNS Cache Poisoning Vulnerability Critical: Moderately critical Where: From remote Impact: Spoofing Released: 2008-07-17 Blue Coat has acknowledged a vulnerability in Blue Coat Director, which can be exploited by malicious people to poison the DNS cache. Full Advisory: http://secunia.com/advisories/31152/ -- [SA31151] Blue Coat ProxySG DNS Cache Poisoning Vulnerability Critical: Moderately critical Where: From remote Impact: Spoofing Released: 2008-07-17 Blue Coat has acknowledged a vulnerability in Blue Coat ProxySG, which can be exploited by malicious people to poison the DNS cache. Full Advisory: http://secunia.com/advisories/31151/ -- [SA31137] Blue Coat PacketShaper and iShaper DNS Cache Poisoning Critical: Moderately critical Where: From remote Impact: Spoofing Released: 2008-07-17 Blue Coat has acknowledged a vulnerability in Blue Coat PacketShaper and iShaper, which can be exploited by malicious people to poison the DNS cache. Full Advisory: http://secunia.com/advisories/31137/ -- [SA31093] F5 Products DNS Cache Poisoning Vulnerability Critical: Moderately critical Where: From remote Impact: Spoofing Released: 2008-07-16 A vulnerability has been reported in various F5 products, which can be exploited by malicious people to poison the DNS cache. Full Advisory: http://secunia.com/advisories/31093/ -- [SA31065] Novell Netware DNS Cache Poisoning Vulnerability Critical: Moderately critical Where: From remote Impact: Spoofing Released: 2008-07-14 A vulnerability has been reported in Novell Netware, which can be exploited by malicious people to poison the DNS cache. Full Advisory: http://secunia.com/advisories/31065/ -- [SA31031] Nixu Secure Name Server BIND Query Port DNS Cache Poisoning Critical: Moderately critical Where: From remote Impact: Spoofing Released: 2008-07-10 A vulnerability has been reported in Nixu Secure Name Server, which can be exploited by malicious people to poison the DNS cache. Full Advisory: http://secunia.com/advisories/31031/ -- [SA31030] Infoblox NIOS BIND Query Port DNS Cache Poisoning Critical: Moderately critical Where: From remote Impact: Spoofing Released: 2008-07-10 A vulnerability has been reported in Infoblox NIOS, which can be exploited by malicious people to poison the DNS cache. Full Advisory: http://secunia.com/advisories/31030/ -- [SA31012] Juniper Networks Products DNS Cache Poisoning Vulnerability Critical: Moderately critical Where: From remote Impact: Spoofing Released: 2008-07-09 A vulnerability has been reported in various Juniper Network products, which can be exploited by malicious people to poison the DNS cache. Full Advisory: http://secunia.com/advisories/31012/ -- [SA30965] F5 FirePass 1200 SSL VPN SNMP Denial of Service Critical: Less critical Where: From local network Impact: DoS Released: 2008-07-09 nnposter has reported a vulnerability in F5 FirePass 1200 SSL VPN, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/30965/ Cross Platform:-- [SA31127] PHPizabi "writeLogEntry()" Arbitrary PHP Code Execution Critical: Highly critical Where: From remote Impact: System access Released: 2008-07-17 inphex has discovered a vulnerability in PHPizabi, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/31127/ -- [SA31113] HP Oracle for OpenView Multiple Vulnerabilities Critical: Highly critical Where: From remote Impact: Unknown, Security Bypass, Exposure of sensitive information, Privilege escalation, DoS, System access Released: 2008-07-16 HP has acknowledged some vulnerabilities in HP Oracle for Openview (OfO). Some vulnerabilities have unknown impacts while others can be exploited by malicious, local users to gain escalated privileges, by malicious users to cause a DoS (Denial of Service), disclose sensitive information, gain escalated privileges, or compromise a vulnerable system, and by malicious people to bypass certain security restrictions or to cause a DoS. Full Advisory: http://secunia.com/advisories/31113/ -- [SA31106] Mozilla Firefox 3 URI Launching and XUL Error Page Vulnerabilities Critical: Highly critical Where: From remote Impact: Security Bypass, Spoofing, System access Released: 2008-07-16 Some vulnerabilities have been reported in Firefox 3, which can be exploited by malicious people to bypass certain security restrictions, potentially conduct spoofing attacks, or compromise a user's system. Full Advisory: http://secunia.com/advisories/31106/ -- [SA31101] Pragyan CMS File Inclusion Vulnerabilities Critical: Highly critical Where: From remote Impact: Exposure of system information, Exposure of sensitive information, System access Released: 2008-07-16 N3TR00T3R has reported some vulnerabilities in Pragyan CMS, which can be exploited by malicious people to disclose sensitive information or to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/31101/ -- [SA31074] Apple iPhone / iPod touch Multiple Vulnerabilities Critical: Highly critical Where: From remote Impact: Security Bypass, Cross Site Scripting, Spoofing, DoS, System access Released: 2008-07-14 Some vulnerabilities have been reported in Apple iPhone and iPod touch, which can be exploited by malicious people to conduct spoofing and cross-site scripting attacks, cause a DoS (Denial of Service), bypass certain security restrictions, or compromise a user's system. Full Advisory: http://secunia.com/advisories/31074/ -- [SA31010] Sun Java JDK / JRE Multiple Vulnerabilities Critical: Highly critical Where: From remote Impact: Security Bypass, Exposure of system information, Exposure of sensitive information, DoS, System access Released: 2008-07-09 Some vulnerabilities have been reported in Sun Java, which can be exploited by malicious people to bypass certain security restrictions, disclose system information or potentially sensitive information, cause a DoS (Denial of Service), or compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/31010/ -- [SA30999] Ray "sIncPath" File Inclusion Vulnerability Critical: Highly critical Where: From remote Impact: Exposure of system information, Exposure of sensitive information, System access Released: 2008-07-09 RoMaNcYxHaCkEr has reported a vulnerability in Ray, which can be exploited by malicious people to disclose sensitive information or to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/30999/ -- [SA30995] SafeHTML "dir[plugins]" File Inclusion Vulnerabilities Critical: Highly critical Where: From remote Impact: Exposure of system information, Exposure of sensitive information, System access Released: 2008-07-09 RoMaNcYxHaCkEr has reported some vulnerabilities in SafeHTML, which can be exploited by malicious people to disclose sensitive information or to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/30995/ -- [SA30991] vBulletin Two Script Insertion Vulnerabilities Critical: Highly critical Where: From remote Impact: Cross Site Scripting Released: 2008-07-09 Some vulnerabilities have been reported in vBulletin, which can be exploited by malicious people to conduct script insertion attacks. Full Advisory: http://secunia.com/advisories/30991/ -- [SA30981] Dolphin File Inclusion Vulnerabilities Critical: Highly critical Where: From remote Impact: Exposure of system information, Exposure of sensitive information, System access Released: 2008-07-09 RoMaNcYxHaCkEr has reported some vulnerabilities in Dolphin, which can be exploited by malicious people to disclose sensitive information or to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/30981/ -- [SA30956] Yourplace Authentication Bypass Vulnerability Critical: Highly critical Where: From remote Impact: Security Bypass, System access Released: 2008-07-07 A vulnerability has been discovered in Yourplace, which can be exploited by malicious people to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/30956/ -- [SA30951] 1024 CMS Multiple File Inclusion Vulnerabilities Critical: Highly critical Where: From remote Impact: Exposure of system information, Exposure of sensitive information, System access Released: 2008-07-07 Some vulnerabilities have been reported in 1024 CMS, which can be exploited by malicious people to disclose sensitive information or compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/30951/ -- [SA30950] Neutrino Atomic Edition Security Bypass Vulnerability Critical: Highly critical Where: From remote Impact: Security Bypass, System access Released: 2008-07-08 Ams has reported a vulnerability in Neutrino Atomic Edition, which can be exploited by malicious people to bypass certain security restrictions and compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/30950/ -- [SA30948] webXell Editor File Upload Vulnerability Critical: Highly critical Where: From remote Impact: System access Released: 2008-07-08 CWH Underground has discovered a vulnerability in webXell, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/30948/ -- [SA30947] Thelia auth.php Security Bypass Vulnerability Critical: Highly critical Where: From remote Impact: Security Bypass, System access Released: 2008-07-07 Black_H has discovered a vulnerability in Thelia, which can be exploited by malicious people to bypass certain security restrictions and compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/30947/ -- [SA30939] ImperialBB Avatar File Upload Vulnerability Critical: Highly critical Where: From remote Impact: System access Released: 2008-07-07 PHPLizardo has discovered a vulnerability in ImperialBB, which can be exploited by malicious users to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/30939/ -- [SA31126] Joomla DT Register Component "eventId" SQL Injection Critical: Moderately critical Where: From remote Impact: Manipulation of data, Exposure of sensitive information Released: 2008-07-17 His0k4 has reported a vulnerability in the DT Register component for Joomla!, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/31126/ -- [SA31116] Claroline Unspecified Vulnerabilities Critical: Moderately critical Where: From remote Impact: Unknown Released: 2008-07-17 Some vulnerabilities with an unknown impact have been reported in Claroline. Full Advisory: http://secunia.com/advisories/31116/ -- [SA31112] AlstraSoft Affiliate Network Pro "pgm" SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2008-07-17 Hussin X has reported a vulnerability in AlstraSoft Affiliate Network Pro, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/31112/ -- [SA31100] Comdev Web Blogger "arcmonth" SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2008-07-16 M. Hasran Addahroni has discovered a vulnerability in Comdev Web Blogger, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/31100/ -- [SA31098] Galatolo WebManager SQL Injection and Cross-Site Scripting Critical: Moderately critical Where: From remote Impact: Cross Site Scripting, Manipulation of data, Exposure of sensitive information Released: 2008-07-16 StAkeR has discovered two vulnerabilities in Galatolo WebManager (GWM), which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks. Full Advisory: http://secunia.com/advisories/31098/ -- [SA31088] Pluck predefined_variables.php Local File inclusion Vulnerabilities Critical: Moderately critical Where: From remote Impact: Exposure of system information, Exposure of sensitive information Released: 2008-07-14 AmnPardaz Security Research Team has discovered some vulnerabilities in Pluck, which can be exploited by malicious people to disclose sensitive information. Full Advisory: http://secunia.com/advisories/31088/ -- [SA31084] ITechBids Cross-Site Scripting and SQL Injection Critical: Moderately critical Where: From remote Impact: Cross Site Scripting, Manipulation of data Released: 2008-07-14 Encrypt3d.M!nd has discovered some vulnerabilities in ITechBids, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks. Full Advisory: http://secunia.com/advisories/31084/ -- [SA31077] Yuhhu Pubs Black Cat "category" SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Manipulation of data, Exposure of sensitive information Released: 2008-07-15 RMx has reported a vulnerability in Yuhhu Pubs Black Cat, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/31077/ -- [SA31075] Maian Search "search_cookie" Security Bypass Vulnerability Critical: Moderately critical Where: From remote Impact: Security Bypass Released: 2008-07-15 S.W.A.T. has reported a vulnerability in Maian Search, which can be exploited by malicious people to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/31075/ -- [SA31070] Maian Guestbook "gbook_cookie" Security Bypass Vulnerability Critical: Moderately critical Where: From remote Impact: Security Bypass Released: 2008-07-15 S.W.A.T. has reported a vulnerability in Maian Guestbook, which can be exploited by malicious people to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/31070/ -- [SA31068] Maian Links "links_cookie" Security Bypass Vulnerability Critical: Moderately critical Where: From remote Impact: Security Bypass Released: 2008-07-15 S.W.A.T. has reported a vulnerability in Maian Links, which can be exploited by malicious people to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/31068/ -- [SA31063] @1 File Store PRO "id" SQL Injection Vulnerabilities Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2008-07-14 Nu Am Bani has reported some vulnerabilities in @1 File Store PRO, which can be exploited by malicious users or people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/31063/ -- [SA31061] Wysi Wiki Wyg "c" Directory Traversal Vulnerability Critical: Moderately critical Where: From remote Impact: Exposure of system information, Exposure of sensitive information Released: 2008-07-14 StAkeR has discovered a vulnerability in Wysi Wiki Wyg, which can be exploited by malicious people to disclose sensitive information. Full Advisory: http://secunia.com/advisories/31061/ -- [SA31059] Million Pixels "id_cat" SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2008-07-14 Hussin X has reported a vulnerability in Million Pixels, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/31059/ -- [SA31056] Maian Events "mevents_admin_cookie" Security Bypass Vulnerability Critical: Moderately critical Where: From remote Impact: Security Bypass Released: 2008-07-14 Saime has discovered a vulnerability in Maian Events, which can be exploited by malicious people to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/31056/ -- [SA31054] BilboBlog Multiple Vulnerabilities Critical: Moderately critical Where: From remote Impact: Security Bypass, Cross Site Scripting, Manipulation of data Released: 2008-07-17 Black_H has discovered some vulnerabilities in BilboBlog, which can be exploited by malicious users to conduct script insertion and SQL injection attacks, and by malicious people to conduct cross-site scripting attacks and bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/31054/ -- [SA31053] CodeDB "lang" Local File Inclusion Vulnerability Critical: Moderately critical Where: From remote Impact: Exposure of system information, Exposure of sensitive information Released: 2008-07-15 cOndemned has discovered a vulnerability in CodeDB, which can be exploited by malicious people to disclose sensitive information. Full Advisory: http://secunia.com/advisories/31053/ -- [SA31049] jSite Multiple Vulnerabilities Critical: Moderately critical Where: From remote Impact: Security Bypass, Manipulation of data, Exposure of sensitive information Released: 2008-07-14 Some vulnerabilities have been discovered in jSite, which can be exploited by malicious people to disclose sensitive information and conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/31049/ -- [SA31047] webcms.es webCMS Portal Edition "id" SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2008-07-14 Mr.SQL has reported a vulnerability in webcms.es webCMS Portal Edition, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/31047/ -- [SA31045] Maian Uploader "uploader_cookie" Security Bypass Vulnerability Critical: Moderately critical Where: From remote Impact: Security Bypass Released: 2008-07-15 S.W.A.T. has reported a vulnerability in Maian Uploader, which can be exploited by malicious people to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/31045/ -- [SA31044] Wireshark Packet Reassembly Denial of Service Critical: Moderately critical Where: From remote Impact: DoS Released: 2008-07-11 A vulnerability has been reported in Wireshark, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/31044/ -- [SA31040] phpDatingClub "page" Local File Inclusion Critical: Moderately critical Where: From remote Impact: Exposure of system information, Exposure of sensitive information Released: 2008-07-11 Big Ben has discovered a vulnerability in phpDatingClub, which can be exploited by malicious people to disclose sensitive information. Full Advisory: http://secunia.com/advisories/31040/ -- [SA31039] Zen Cart Two Local File Inclusion Vulnerabilities Critical: Moderately critical Where: From remote Impact: Exposure of system information, Exposure of sensitive information Released: 2008-07-11 CraCkEr has discovered two vulnerabilities in Zen Cart, which can be exploited by malicious people to disclose sensitive information. Full Advisory: http://secunia.com/advisories/31039/ -- [SA31038] Maian Music "mmusic_cookie" Security Bypass Vulnerability Critical: Moderately critical Where: From remote Impact: Security Bypass Released: 2008-07-14 Saime has discovered a vulnerability in Maian Music, which can be exploited by malicious people to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/31038/ -- [SA31032] DreamNews Manager "id" SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2008-07-11 Hussin X has reported a vulnerability in DreamNews Manager, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/31032/ -- [SA31028] Drupal Multiple Vulnerabilities Critical: Moderately critical Where: From remote Impact: Hijacking, Cross Site Scripting, Manipulation of data Released: 2008-07-10 Some vulnerabilities have been reported in Drupal, which can be exploited by malicious people to conduct cross-site scripting, cross-site request forgery, session fixation, SQL injection, and script insertion attacks. Full Advisory: http://secunia.com/advisories/31028/ -- [SA31024] vbDrupal Multiple Vulnerabilities Critical: Moderately critical Where: From remote Impact: Hijacking, Cross Site Scripting, Manipulation of data Released: 2008-07-10 Some vulnerabilities have been reported in vbDrupal, which can be exploited by malicious people to conduct cross-site scripting, cross-site request forgery, session fixation, SQL injection, and script insertion attacks. Full Advisory: http://secunia.com/advisories/31024/ -- [SA31013] MyBB Multiple Vulnerabilities Critical: Moderately critical Where: From remote Impact: Unknown Released: 2008-07-17 Some vulnerabilities with unknown impacts have been reported in MyBB. Full Advisory: http://secunia.com/advisories/31013/ -- [SA31009] DreamPics Builder "page" SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2008-07-10 Hussin X has reported a vulnerability in DreamPics Builder, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/31009/ -- [SA31004] Lastminute Script "cid" SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2008-07-09 t0pP8uZz has reported a vulnerability in Lastminute Script, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/31004/ -- [SA31000] AuraCMS "pages_data.php" Manipulation of Data Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2008-07-10 k1tk4t has reported a vulnerability in AuraCMS, which can be exploited by malicious people to manipulate certain data. Full Advisory: http://secunia.com/advisories/31000/ -- [SA30985] Hotel Script "file" SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2008-07-09 t0pP8uZz has reported a vulnerability in Hotel Script, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/30985/ -- [SA30984] Real Estate Script "listing_id" SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2008-07-09 t0pP8uZz has reported a vulnerability in Real Estate Script, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/30984/ -- [SA30983] BrewBlogger "authenticateUser()" SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2008-07-09 CWH Underground has discovered a vulnerability in BrewBlogger, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/30983/ -- [SA30979] Cisco Products DNS Cache Poisoning Vulnerability Critical: Moderately critical Where: From remote Impact: Spoofing Released: 2008-07-09 A vulnerability has been reported in various Cisco products, which can be exploited by malicious people to poison the DNS cache. Full Advisory: http://secunia.com/advisories/30979/ -- [SA30976] PHP-Nuke 4ndvddb Module "id" SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2008-07-08 lovebug has reported a vulnerability in the 4ndvddb module for PHP-Nuke, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/30976/ -- [SA30974] Joomla Unauthorized Access Vulnerabilities Critical: Moderately critical Where: From remote Impact: Security Bypass, Exposure of sensitive information Released: 2008-07-08 Some vulnerabilities have been reported in Joomla!, which can be exploited by malicious people to bypass certain security restrictions and disclose potentially sensitive information. Full Advisory: http://secunia.com/advisories/30974/ -- [SA30973] ISC BIND Query Port DNS Cache Poisoning Critical: Moderately critical Where: From remote Impact: Spoofing Released: 2008-07-09 A vulnerability has been reported in ISC BIND, which can be exploited by malicious people to poison the DNS cache. Full Advisory: http://secunia.com/advisories/30973/ -- [SA30969] Triton CMS Pro "X-Forwarded-For" SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2008-07-08 __GiReX__ has reported a vulnerability in Triton CMS Pro, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/30969/ -- [SA30959] BlognPlus SQL Injection Vulnerabilities Critical: Moderately critical Where: From remote Impact: Manipulation of data, Exposure of sensitive information Released: 2008-07-07 Tan Chew Keong has reported some vulnerabilities in BlognPlus, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/30959/ -- [SA30954] Empire Server Multiple Vulnerabilities Critical: Moderately critical Where: From remote Impact: DoS, System access Released: 2008-07-09 Some vulnerabilities have been reported in Empire Server, which can potentially be exploited by malicious people to cause a DoS (Denial of Service) or compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/30954/ -- [SA30943] Maian Weblog "weblog_cookie" Security Bypass Vulnerability Critical: Moderately critical Where: From remote Impact: Security Bypass Released: 2008-07-15 S.W.A.T. has reported a vulnerability in Maian Weblog, which can be exploited by malicious people to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/30943/ -- [SA31036] Novell eDirectory LDAP Search Request Buffer Overflow Critical: Moderately critical Where: From local network Impact: DoS, System access Released: 2008-07-11 A vulnerability has been reported in Novell eDirectory, which can be exploited by malicious people to cause a DoS (Denial of Service) or compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/31036/ -- [SA30938] Novell eDirectory ds.dlm Module Buffer Overflow Critical: Moderately critical Where: From local network Impact: DoS, System access Released: 2008-07-04 A vulnerability has been reported in Novell eDirectory, which can be exploited by malicious people to cause a DoS (Denial of Service) or compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/30938/ -- [SA31133] Citrix XenServer XenAPI HTTP Interface Cross-Site Scripting Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2008-07-17 A vulnerability has been reported in Citrix XenServer, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/31133/ -- [SA31120] Mozilla Firefox 2 URI Launching Vulnerability Critical: Less critical Where: From remote Impact: Security Bypass, Exposure of sensitive information Released: 2008-07-16 A vulnerability has been reported in Firefox 2, which can be exploited by malicious people to bypass certain security restrictions and disclose sensitive information. Full Advisory: http://secunia.com/advisories/31120/ -- [SA31115] phpMyAdmin Cross-Site Request Forgery Vulnerabilities Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2008-07-16 Aung Khant has discovered some vulnerabilities in phpMyAdmin, which can be exploited by malicious people to conduct cross-site request forgery attacks. Full Advisory: http://secunia.com/advisories/31115/ -- [SA31050] Pagefusion Multiple Cross-Site Scripting Vulnerabilities Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2008-07-11 Julian Rodriguez has discovered some vulnerabilities in Pagefusion, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/31050/ -- [SA31041] eSyndiCat Directory Software Pro "register.php" Cross-Site Scripting Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2008-07-11 Fugitif has reported some vulnerabilities in eSyndiCat Directory Software, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/31041/ -- [SA31027] Drupal OpenID Module Vulnerabilities Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2008-07-10 Some vulnerabilities have been reported in the OpenID module for Drupal, which can be exploited by malicious people to conduct cross-site scripting or cross-site request forgery attacks. Full Advisory: http://secunia.com/advisories/31027/ -- [SA31017] Moodle KSES HTML Filter Bypass Vulnerability Critical: Less critical Where: From remote Impact: Security Bypass Released: 2008-07-09 Some vulnerabilities have been reported in Moodle, which can be exploited by malicious people to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/31017/ -- [SA31015] Xomol CMS "current_url" Cross-Site Scripting Vulnerability Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2008-07-11 Julian Rodriguez has reported a vulnerability in Xomol CMS, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/31015/ -- [SA30946] Kasseler CMS Cross-Site Scripting Vulnerability Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2008-07-07 Cr_at_zy_King has discovered a vulnerability in Kasseler CMS, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/30946/ -- [SA31064] Firebird 2 Multiple Vulnerabilities and Weakness Critical: Less critical Where: From local network Impact: Exposure of system information, Exposure of sensitive information, DoS Released: 2008-07-15 Some vulnerabilities and a weakness have been reported in Firebird, which can be exploited by malicious users to cause a DoS (Denial of Service) and disclose system information, and by malicious, local users to disclose sensitive information. Full Advisory: http://secunia.com/advisories/31064/ -- [SA31003] Firebird 1 Unspecified Path Disclosure Weakness Critical: Not critical Where: From local network Impact: Exposure of system information Released: 2008-07-15 A weakness has been reported in Firebird, which can be exploited by malicious users to disclose system information. Full Advisory: http://secunia.com/advisories/31003/ -- [SA30966] WeFi Diagnostic Mode Information Disclosure Weakness Critical: Not critical Where: Local system Impact: Exposure of sensitive information Released: 2008-07-09 Xia Shing Zee has reported a weakness in WeFi, which can be exploited by malicious, local users to gain knowledge of sensitive information. Full Advisory: http://secunia.com/advisories/30966/ ======================================================================== Secunia recommends that you verify all advisories you receive, by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Subscribe: http://secunia.com/secunia_weekly_summary/ Contact details: Web : http://secunia.com/ E-mail : support_at_private Tel : +45 70 20 51 44 Fax : +45 70 20 51 45 _______________________________________________ Attend Black Hat USA, August 2-7 in Las Vegas, the world's premier technical event for ICT security experts. Featuring 40 hands-on training courses and 80 Briefings presentations with lots of new content and new tools. Network with 4,000 delegates from 50 nations. Visit product displays by 30 top sponsors in a relaxed setting. http://www.blackhat.comReceived on Fri Jul 18 2008 - 00:46:53 PDT
This archive was generated by hypermail 2.2.0 : Fri Jul 18 2008 - 00:55:09 PDT