[ISN] Secunia Weekly Summary - Issue: 2008-31

From: InfoSec News <alerts_at_private>
Date: Fri, 1 Aug 2008 04:05:44 -0500 (CDT)
========================================================================

                  The Secunia Weekly Advisory Summary                  
                        2008-07-24 - 2008-07-31                        

                       This week: 85 advisories                        

========================================================================
Table of Contents:

1.....................................................Word From Secunia
2....................................................This Week In Brief
3...............................This Weeks Top Ten Most Read Advisories
4.......................................Vulnerabilities Summary Listing
5.......................................Vulnerabilities Content Listing

========================================================================
1) Word From Secunia:

Try the Secunia Network Software Inspector (NSI) 2.0 for free! The
Secunia NSI 2.0 is available as a 7-day trial download and can be used
to scan up to 3 hosts within your network.

Download the Secunia NSI trial version from:
https://psi.secunia.com/NSISetup.exe

========================================================================
2) This Week in Brief:

Secunia Research has discovered some vulnerabilities in K9 Web
Protection, which can be exploited by malicious people to compromise a
user's system.

1) A boundary error in the filter service (k9filter.exe) when handling
"Referer:" headers during access to the web-based K9 Web Protection
Administration interface can be exploited to cause a stack-based buffer
overflow via an overly long "Referer:" header.

Successful exploitation allows execution of arbitrary code when a user
e.g. visits a malicious web site.

2) Two boundary errors in the filter service (k9filter.exe) when
handling HTTP version information in responses from a centralised
server (sp.cwfservice.net) can be exploited to cause stack-based buffer
overflows via a specially crafted response containing overly long HTTP
version information.

Successful exploitation allows execution of arbitrary code, but
requires that the request is intercepted via e.g. DNS poisoning or
Man-in-the-Middle attacks.

For more information, refer to:
http://secunia.com/advisories/25813

 --

VIRUS ALERTS:

During the past week Secunia collected 184 virus descriptions from the
Antivirus vendors. However, none were deemed MEDIUM risk or higher
according to the Secunia assessment scale.

========================================================================
3) This Weeks Top Ten Most Read Advisories:

1.  [SA27620] RealNetworks RealPlayer Multiple Vulnerabilities
2.  [SA31212] OpenBSD BIND Query Port DNS Cache Poisoning
3.  [SA31277] Trend Micro OfficeScan Web-Deployment ObjRemoveCtrl Class
              Buffer Overflows
4.  [SA31172] Linux Kernel LDT Buffer Size Handling Vulnerability
5.  [SA31207] Sidewinder and CyberGuard DNS Cache Poisoning
6.  [SA31213] BlueCat Networks Adonis DNS Cache Poisoning
7.  [SA31177] Blackboard Academic Suite Cross-Site Request Forgery
              Vulnerabilities
8.  [SA31221] Citrix NetScaler DNS Cache Poisoning
9.  [SA31198] Red Hat update for kernel
10. [SA31229] Red Hat update for kernel

========================================================================
4) Vulnerabilities Summary Listing

Windows:
[SA31294] CoolPlayer M3U File Processing Buffer Overflow
[SA31277] Trend Micro OfficeScan Web-Deployment ObjRemoveCtrl Class
Buffer Overflows
[SA31258] BookMine Cross-Site Scripting and SQL Injection
[SA31242] ScrewTurn Wiki System Log Script Insertion
[SA31239] Pixelpost "language_full" Local File Inclusion
[SA31228] cwRsync OpenSSL Denial of Service Vulnerabilities
[SA31281] Web Wiz Forum Multiple Vulnerabilities
[SA31272] Web Wiz Rich Text Editor "email" Cross-Site Scripting
[SA31282] European Performance Systems Probe Builder Arbitrary Process
Termination
[SA31278] HP OpenView Internet Service Probe Builder Arbitrary Process
Termination

UNIX/Linux:
[SA31308] rPath update for openssl
[SA31286] Slackware update for mozillla-thunderbird
[SA31270] Ubuntu update for firefox and xulrunner
[SA31267] Ubuntu update for poppler
[SA31261] rPath update for firefox
[SA31256] Debian update for ruby1.9
[SA31253] Debian update for icedove
[SA31246] VMware ESX Server update for Samba and vmnix
[SA31220] Ubuntu update for thunderbird
[SA31311] Fedora update for pdns-recursor 
[SA31307] Debian update for newsx
[SA31289] Slackware update for vim
[SA31288] Slackware update for openssl
[SA31280] Affinium Campaign Multiple Vulnerabilities
[SA31269] Avaya CMS Sun Java JDK / JRE Same Origin Policy Bypass
[SA31268] Ubuntu update for ffmpeg
[SA31257] rPath update for tshark and wireshark
[SA31251] reSIProcate Unspecified Memory Consumption Vulnerabilities
[SA31236] NetBSD update for bind
[SA31235] PHP Hosting Directory "adm" Security Bypass
[SA31224] Red Hat update for rdesktop
[SA31223] Red Hat update for vsftpd
[SA31222] Red Hat update for rdesktop
[SA31314] Fedora update for trac
[SA31301] Sun N1 Service Provisioning System Web Server Plugin
Vulnerability
[SA31287] Slackware update for fetchmail
[SA31284] Condor Authorization Policy Wildcard Security Bypass
[SA31262] rPath update for fetchmail
[SA31255] Debian update for python2.5
[SA31254] Debian update for python-dns
[SA31227] Red Hat update for nss_ldap
[SA31309] HP-UX System Administration Manager Security Issue
[SA31226] Red Hat update for mysql
[SA31229] Red Hat update for kernel
[SA31312] Fedora update for phpMyAdmin
[SA31303] Sun Solaris "picld" Denial of Service
[SA31225] Red Hat update for coreutils

Other:
[SA31221] Citrix NetScaler DNS Cache Poisoning
[SA31304] Panasonic Network Cameras Error Page Cross-Site Scripting
Vulnerability
[SA31285] Axesstel AXW-D800 Authentication Bypass Vulnerabilities

Cross Platform:
[SA31300] HIOX Random Ad "hm" File Inclusion Vulnerability
[SA31299] HIOX Browser Statistics "hm" File Inclusion Vulnerabilities
[SA31265] Unreal Tournament 3 Denial of Service and Memory Corruption
[SA31297] nzFotolog "action_file" Local File Inclusion
[SA31296] ZeeScripts Reviews "ItemID" SQL Injection Vulnerability
[SA31292] Article Friendly Two SQL Injection Vulnerabilities
[SA31291] PozScripts Classified Ads "cid" SQL Injection Vulnerability
[SA31290] AVG Anti-Virus UPX Processing Denial of Service
[SA31279] @Mail Multiple Information Disclosure Security Issues
[SA31276] TubeGuru Video Sharing Script "UID" SQL Injection
Vulnerability
[SA31275] ViArt Shop "category_id" SQL Injection Vulnerability
[SA31266] Unreal Tournament 2004 Denial of Service
[SA31260] Gregarius "rsargs[]" SQL Injection Vulnerability
[SA31259] ImpressCMS "modules/admin.php" Unspecified Vulnerability
[SA31252] fizzMedia "mid" SQL Injection Vulnerability
[SA31250] fipsCMS light "r" SQL Injection Vulnerability
[SA31249] Jamroom Authentication Bypass and Multiple Unspecified
Vulnerabilities
[SA31248] IceBB "username" SQL Injection Vulnerability
[SA31247] Mbius for Mimsy XG SQL Injection Vulnerabilities
[SA31244] TriO "id" SQL Injection Vulnerability
[SA31243] CMScout "bit" Local File Inclusion Vulnerability
[SA31241] GC Auction Platinum "cate_id" SQL Injection
[SA31240] SiteAdmin "art" SQL Injection Vulnerability
[SA31238] Youtuber Clone "UID" SQL Injection Vulnerability
[SA31234] Camera Life "id" SQL Injection Vulnerability
[SA31218] Cerberus CMS "cerberus_user" Cookie Script Insertion
Vulnerability
[SA31283] phpFreeChat nickid Hijacking Vulnerability
[SA31274] ATutor "type" File Inclusion Vulnerability
[SA31264] Owl Intranet Engine "username" Cross-Site Scripting
[SA31233] XRMS CRM Information Disclosure and Cross-Site Scripting
[SA31231] Trac Wiki Engine Cross-Site Scripting Vulnerability
[SA31219] PunBB SMTP Command Injection and Cross-Site Scripting
[SA31217] Lore Cross-Site Scripting Vulnerabilities
[SA31263] phpMyAdmin Cross-Site Scripting and Spoofing
[SA31232] PhpWebGallery E-Mail Address Information Disclosure

========================================================================
5) Vulnerabilities Content Listing

Windows:--

[SA31294] CoolPlayer M3U File Processing Buffer Overflow

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2008-07-30

Guido Landi has discovered a vulnerability in CoolPlayer, which can be
exploited by malicious people to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/31294/

 --

[SA31277] Trend Micro OfficeScan Web-Deployment ObjRemoveCtrl Class
Buffer Overflows

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2008-07-29

Elazar Broad has discovered some vulnerabilities in Trend Micro
OfficeScan, which can be exploited by malicious people to compromise a
user's system.

Full Advisory:
http://secunia.com/advisories/31277/

 --

[SA31258] BookMine Cross-Site Scripting and SQL Injection

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting, Manipulation of data
Released:    2008-07-30

Russ McRee has reported some vulnerabilities in BookMine, which can be
exploited by malicious people to conduct cross-site scripting and SQL
injection attacks.

Full Advisory:
http://secunia.com/advisories/31258/

 --

[SA31242] ScrewTurn Wiki System Log Script Insertion

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2008-07-30

Ferruh Mavituna has reported a vulnerability in ScrewTurn Wiki, which
can be exploited by malicious people to conduct script insertion
attacks.

Full Advisory:
http://secunia.com/advisories/31242/

 --

[SA31239] Pixelpost "language_full" Local File Inclusion

Critical:    Moderately critical
Where:       From remote
Impact:      Exposure of system information, Exposure of sensitive
information
Released:    2008-07-29

Digital Security Research Group has reported a vulnerability in
Pixelpost, which can be exploited by malicious people to disclose
sensitive information.

Full Advisory:
http://secunia.com/advisories/31239/

 --

[SA31228] cwRsync OpenSSL Denial of Service Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2008-07-28

Two vulnerabilities have been reported in cwRsync, which can be
exploited by malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/31228/

 --

[SA31281] Web Wiz Forum Multiple Vulnerabilities

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2008-07-28

CSDT has reported some vulnerabilities in Web Wiz Forum, which can be
exploited by malicious people to conduct cross-site request forgery and
cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/31281/

 --

[SA31272] Web Wiz Rich Text Editor "email" Cross-Site Scripting

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2008-07-29

CSDT has discovered a vulnerability in Web Wiz Rich Text Editor, which
can be exploited by malicious people to conduct cross-site scripting
attacks.

Full Advisory:
http://secunia.com/advisories/31272/

 --

[SA31282] European Performance Systems Probe Builder Arbitrary Process
Termination

Critical:    Less critical
Where:       From local network
Impact:      DoS
Released:    2008-07-29

A vulnerability has been reported in European Performance Systems Probe
Builder, which can be exploited by malicious people to cause a DoS
(Denial of Service).

Full Advisory:
http://secunia.com/advisories/31282/

 --

[SA31278] HP OpenView Internet Service Probe Builder Arbitrary Process
Termination

Critical:    Less critical
Where:       From local network
Impact:      DoS
Released:    2008-07-29

A vulnerability has been reported in HP OpenView Internet Service,
which can be exploited by malicious people to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/31278/


UNIX/Linux:--

[SA31308] rPath update for openssl

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2008-07-31

rPath has issued an update for openssl. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service) and compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/31308/

 --

[SA31286] Slackware update for mozillla-thunderbird

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2008-07-29

Slackware has issued an update for mozilla-thunderbird. This fixes some
vulnerabilities, which potentially can be exploited by malicious people
to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/31286/

 --

[SA31270] Ubuntu update for firefox and xulrunner

Critical:    Highly critical
Where:       From remote
Impact:      Security Bypass, Spoofing, DoS, System access
Released:    2008-07-29

Ubuntu has issued an update for firefox and xulrunner. This fixes some
vulnerabilities, which can be exploited by malicious people to bypass
certain security restrictions, potentially conduct spoofing attacks, or
compromise a user's system.

Full Advisory:
http://secunia.com/advisories/31270/

 --

[SA31267] Ubuntu update for poppler

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2008-07-29

Ubuntu has issued an update for poppler. This fixes a vulnerability,
which potentially can be exploited by malicious people to compromise an
application using the library.

Full Advisory:
http://secunia.com/advisories/31267/

 --

[SA31261] rPath update for firefox

Critical:    Highly critical
Where:       From remote
Impact:      Security Bypass, Exposure of sensitive information, System
access
Released:    2008-07-29

rPath has issued an update for firefox. This fixes some
vulnerabilities, which can be exploited by malicious people to disclose
potentially sensitive information, bypass certain security restrictions,
and compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/31261/

 --

[SA31256] Debian update for ruby1.9

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2008-07-28

Debian has issued an update for ruby1.9. This fixes some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service) or potentially compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/31256/

 --

[SA31253] Debian update for icedove

Critical:    Highly critical
Where:       From remote
Impact:      Security Bypass, Spoofing, Exposure of sensitive
information, DoS, System access
Released:    2008-07-28

Debian has issued an update for icedove. This fixes some
vulnerabilities, which can be exploited by malicious people to conduct
spoofing attacks, bypass certain security restrictions, disclose
sensitive information, or potentially compromise a user's system.

Full Advisory:
http://secunia.com/advisories/31253/

 --

[SA31246] VMware ESX Server update for Samba and vmnix

Critical:    Highly critical
Where:       From remote
Impact:      Exposure of sensitive information, Privilege escalation,
DoS, System access
Released:    2008-07-29

VMware has issued an update for VMware ESX Server. This fixes some
vulnerabilities, which can be exploited by malicious, local users to
disclose potentially sensitive information, to cause a DoS (Denial of
Service), or to gain escalated privileges, and malicious people to
compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/31246/

 --

[SA31220] Ubuntu update for thunderbird

Critical:    Highly critical
Where:       From remote
Impact:      Security Bypass, Cross Site Scripting, Spoofing, Exposure
of system information, Exposure of sensitive information, DoS, System
access
Released:    2008-07-25

Ubuntu has issued an update for thunderbird. This fixes some
vulnerabilities, which can be exploited by malicious people to conduct
cross-site scripting and spoofing attacks, bypass certain security
restrictions, disclose sensitive information, or potentially compromise
a user's system.

Full Advisory:
http://secunia.com/advisories/31220/

 --

[SA31311] Fedora update for pdns-recursor 

Critical:    Moderately critical
Where:       From remote
Impact:      Spoofing
Released:    2008-07-31

Fedora has issued an update for pdns-recursor. This fixes a
vulnerability, which can be exploited by malicious people to poison the
DNS cache.

Full Advisory:
http://secunia.com/advisories/31311/

 --

[SA31307] Debian update for newsx

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2008-07-31

Debian has issued an update for newsx. This fixes a vulnerability,
which potentially can be exploited by malicious people to compromise a
user's system.

Full Advisory:
http://secunia.com/advisories/31307/

 --

[SA31289] Slackware update for vim

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2008-07-29

Slackware has issued an update for vim. This fixes some
vulnerabilities, which can be exploited by malicious people to
compromise a user's system.

Full Advisory:
http://secunia.com/advisories/31289/

 --

[SA31288] Slackware update for openssl

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2008-07-29

Slackware has issued an update for openssl. This fixes two
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/31288/

 --

[SA31280] Affinium Campaign Multiple Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting, Manipulation of data, Exposure of
system information, Exposure of sensitive information, DoS
Released:    2008-07-30

Some vulnerabilities have been reported in Affinium Campaign, which can
be exploited by malicious people to disclose potentially sensitive
information, manipulate certain data, conduct cross-site scripting and
script insertion attacks, or cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/31280/

 --

[SA31269] Avaya CMS Sun Java JDK / JRE Same Origin Policy Bypass

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass
Released:    2008-07-28

Avaya has acknowledged a vulnerability in Avaya CMS, which can be
exploited by malicious people to bypass certain security restrictions.

Full Advisory:
http://secunia.com/advisories/31269/

 --

[SA31268] Ubuntu update for ffmpeg

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2008-07-29

Ubuntu has issued an update for ffmpeg. This fixes a vulnerability,
which potentially can be exploited by malicious people to compromise a
user's system.

Full Advisory:
http://secunia.com/advisories/31268/

 --

[SA31257] rPath update for tshark and wireshark

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2008-07-29

rPath has issued an update for tshark and wireshark. This fixes a
vulnerability, which can be exploited by malicious people to cause a
DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/31257/

 --

[SA31251] reSIProcate Unspecified Memory Consumption Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2008-07-28

Some vulnerabilities have been reported in reSIProcate, which
potentially can be exploited by malicious people to cause a DoS (Denial
of Service).

Full Advisory:
http://secunia.com/advisories/31251/

 --

[SA31236] NetBSD update for bind

Critical:    Moderately critical
Where:       From remote
Impact:      Spoofing
Released:    2008-07-28

NetBSD has issued an update for bind. This fixes a vulnerability, which
can be exploited by malicious people to poison the DNS cache.

Full Advisory:
http://secunia.com/advisories/31236/

 --

[SA31235] PHP Hosting Directory "adm" Security Bypass

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass
Released:    2008-07-31

Stack has discovered a vulnerability in PHP Hosting Directory, which
can be exploited by malicious people to bypass certain security
restrictions.

Full Advisory:
http://secunia.com/advisories/31235/

 --

[SA31224] Red Hat update for rdesktop

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2008-07-25

Red Hat has issued an update for rdesktop. This fixes some
vulnerabilities, which can be exploited by malicious people to
compromise a user's system.

Full Advisory:
http://secunia.com/advisories/31224/

 --

[SA31223] Red Hat update for vsftpd

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2008-07-25

Red Hat has issued an update for vsftpd. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/31223/

 --

[SA31222] Red Hat update for rdesktop

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2008-07-25

Red Hat has issued an update for rdesktop. This fixes a vulnerability,
which can be exploited by malicious people to compromise a user's
system.

Full Advisory:
http://secunia.com/advisories/31222/

 --

[SA31314] Fedora update for trac

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2008-07-31

Fedora has issued an update for trac. This fixes a vulnerability, which
can be exploited by malicious people to conduct cross-site scripting
attacks.

Full Advisory:
http://secunia.com/advisories/31314/

 --

[SA31301] Sun N1 Service Provisioning System Web Server Plugin
Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Security Bypass
Released:    2008-07-31

A vulnerability has been reported in Sun N1 Service Provisioning
System, which can be exploited by malicious users to bypass certain
security restrictions.

Full Advisory:
http://secunia.com/advisories/31301/

 --

[SA31287] Slackware update for fetchmail

Critical:    Less critical
Where:       From remote
Impact:      DoS
Released:    2008-07-29

Slackware has issued an update for fetchmail. This fixes some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/31287/

 --

[SA31284] Condor Authorization Policy Wildcard Security Bypass

Critical:    Less critical
Where:       From remote
Impact:      Security Bypass
Released:    2008-07-30

A security issue has been reported in Condor, which can be exploited by
malicious users to bypass certain security restrictions.

Full Advisory:
http://secunia.com/advisories/31284/

 --

[SA31262] rPath update for fetchmail

Critical:    Less critical
Where:       From remote
Impact:      DoS
Released:    2008-07-29

rPath has issued an update for fetchmail. This fixes some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/31262/

 --

[SA31255] Debian update for python2.5

Critical:    Less critical
Where:       From remote
Impact:      Exposure of sensitive information, DoS, System access
Released:    2008-07-28

Debian has issued an update for python2.5. This fixes some security
issues, which can potentially be exploited by malicious people to
disclose sensitive information, cause a DoS (Denial of Service), or to
compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/31255/

 --

[SA31254] Debian update for python-dns

Critical:    Less critical
Where:       From remote
Impact:      Spoofing
Released:    2008-07-28

Debian has issued an update for python-dns. This fixes a vulnerability,
which can be exploited by malicious people to poison the DNS cache.

Full Advisory:
http://secunia.com/advisories/31254/

 --

[SA31227] Red Hat update for nss_ldap

Critical:    Less critical
Where:       From remote
Impact:      Manipulation of data
Released:    2008-07-25

Red Hat has issued an update for nss_ldap. This fixes a security issue,
which can be exploited by malicious people to manipulate certain data.

Full Advisory:
http://secunia.com/advisories/31227/

 --

[SA31309] HP-UX System Administration Manager Security Issue

Critical:    Less critical
Where:       From local network
Impact:      Security Bypass
Released:    2008-07-31

A security issue has been reported in HP-UX, which can lead to an
insecure configuration.

Full Advisory:
http://secunia.com/advisories/31309/

 --

[SA31226] Red Hat update for mysql

Critical:    Less critical
Where:       From local network
Impact:      Security Bypass, DoS
Released:    2008-07-25

Red Hat has issued an update for mysql. This fixes some vulnerabilities
and security issues, which can be exploited by malicious, local users to
bypass certain security restrictions and by malicious users to cause a
DoS (Denial of Service) or to bypass certain security restrictions.

Full Advisory:
http://secunia.com/advisories/31226/

 --

[SA31229] Red Hat update for kernel

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation, DoS
Released:    2008-07-25

Red Hat has issued an update for kernel. This fixes some
vulnerabilities, which can be exploited by malicious, local users to
cause a DoS (Denial of Service) and potentially gain escalated
privileges.

Full Advisory:
http://secunia.com/advisories/31229/

 --

[SA31312] Fedora update for phpMyAdmin

Critical:    Not critical
Where:       From remote
Impact:      Cross Site Scripting, Spoofing
Released:    2008-07-31

Fedora has issued an update for phpMyAdmin. This fixes two
vulnerabilities, which can be exploited by malicious local users to
conduct cross-site scripting attacks, and by malicious people to
conduct spoofing attacks.

Full Advisory:
http://secunia.com/advisories/31312/

 --

[SA31303] Sun Solaris "picld" Denial of Service

Critical:    Not critical
Where:       Local system
Impact:      DoS
Released:    2008-07-31

A vulnerability has been reported in Sun Solaris, which can be
exploited by malicious, local users to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/31303/

 --

[SA31225] Red Hat update for coreutils

Critical:    Not critical
Where:       Local system
Impact:      Security Bypass
Released:    2008-07-25

Red Hat has issued an update for coreutils. This fixes a security
issue, which can be exploited by malicious, local users to bypass
certain security restrictions.

Full Advisory:
http://secunia.com/advisories/31225/


Other:--

[SA31221] Citrix NetScaler DNS Cache Poisoning

Critical:    Moderately critical
Where:       From remote
Impact:      Spoofing
Released:    2008-07-25

Citrix has acknowledged a vulnerability in NetScaler, which can be
exploited by malicious people to poison the DNS cache.

Full Advisory:
http://secunia.com/advisories/31221/

 --

[SA31304] Panasonic Network Cameras Error Page Cross-Site Scripting
Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2008-07-31

A vulnerability has been reported in various Panasonic network cameras,
which can be exploited by malicious people to conduct cross-site
scripting attacks.

Full Advisory:
http://secunia.com/advisories/31304/

 --

[SA31285] Axesstel AXW-D800 Authentication Bypass Vulnerabilities

Critical:    Less critical
Where:       From local network
Impact:      Security Bypass
Released:    2008-07-31

Bboyhacks has reported some vulnerabilities in Axesstel AXW-D800, which
can be exploited by malicious people to bypass certain security
restrictions.

Full Advisory:
http://secunia.com/advisories/31285/


Cross Platform:--

[SA31300] HIOX Random Ad "hm" File Inclusion Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      Exposure of system information, Exposure of sensitive
information, System access
Released:    2008-07-31

Ghost Hacker has discovered a vulnerability in HIOX Random Ad, which
can be exploited by malicious people to disclose sensitive information
and compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/31300/

 --

[SA31299] HIOX Browser Statistics "hm" File Inclusion Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      Exposure of system information, Exposure of sensitive
information, System access
Released:    2008-07-31

Ghost Hacker has discovered two vulnerabilities in HIOX Browser
Statistics, which can be exploited by malicious people to disclose
sensitive information and compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/31299/

 --

[SA31265] Unreal Tournament 3 Denial of Service and Memory Corruption

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2008-07-30

Luigi Auriemma has reported some vulnerabilities in Unreal Tournament,
which can be exploited by malicious people to cause a DoS (Denial of
Service) or potentially compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/31265/

 --

[SA31297] nzFotolog "action_file" Local File Inclusion

Critical:    Moderately critical
Where:       From remote
Impact:      Exposure of system information, Exposure of sensitive
information
Released:    2008-07-31

R3d.W0rm has discovered a vulnerability in nzFotolog, which can be
exploited by malicious people to disclose sensitive information.

Full Advisory:
http://secunia.com/advisories/31297/

 --

[SA31296] ZeeScripts Reviews "ItemID" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2008-07-31

Mr.SQL has reported a vulnerability in ZeeScripts Reviews, which can be
exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/31296/

 --

[SA31292] Article Friendly Two SQL Injection Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2008-07-31

Mr.SQL has reported two vulnerabilities in Article Friendly, which can
be exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/31292/

 --

[SA31291] PozScripts Classified Ads "cid" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2008-07-31

Hussin X has reported a vulnerability in PozScripts Classified Ads,
which can be exploited by malicious people to conduct SQL injection
attacks.

Full Advisory:
http://secunia.com/advisories/31291/

 --

[SA31290] AVG Anti-Virus UPX Processing Denial of Service

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2008-07-29

Sergio shadown Alvarez has reported a vulnerability in AVG
Anti-Virus, which can be exploited by malicious people to cause a DoS
(Denial of Service).

Full Advisory:
http://secunia.com/advisories/31290/

 --

[SA31279] @Mail Multiple Information Disclosure Security Issues

Critical:    Moderately critical
Where:       From remote
Impact:      Exposure of system information, Exposure of sensitive
information
Released:    2008-07-30

Some security issues have been discovered in @Mail, which can be
exploited by malicious, local users and malicious people to disclose
sensitive information.

Full Advisory:
http://secunia.com/advisories/31279/

 --

[SA31276] TubeGuru Video Sharing Script "UID" SQL Injection
Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2008-07-31

Hussin X has reported a vulnerability in TubeGuru Video Sharing Script,
which can be exploited by malicious people to conduct SQL injection
attacks.

Full Advisory:
http://secunia.com/advisories/31276/

 --

[SA31275] ViArt Shop "category_id" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data, Exposure of sensitive information
Released:    2008-07-29

James Bercegay has reported a vulnerability in ViArt Shop, which can be
exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/31275/

 --

[SA31266] Unreal Tournament 2004 Denial of Service

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2008-07-30

Luigi Auriemma has reported a vulnerability in Unreal Tournament 2004,
which can be exploited by malicious people to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/31266/

 --

[SA31260] Gregarius "rsargs[]" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2008-07-29

James Bercegay has discovered a vulnerability in Gregarius, which can
be exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/31260/

 --

[SA31259] ImpressCMS "modules/admin.php" Unspecified Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Unknown
Released:    2008-07-31

A vulnerability with an unknown impact has been reported in
ImpressCMS.

Full Advisory:
http://secunia.com/advisories/31259/

 --

[SA31252] fizzMedia "mid" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2008-07-31

Mr.SQL has reported a vulnerability in fizzMedia, which can be
exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/31252/

 --

[SA31250] fipsCMS light "r" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2008-07-28

U238 has reported a vulnerability in fipsCMS light, which can be
exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/31250/

 --

[SA31249] Jamroom Authentication Bypass and Multiple Unspecified
Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Unknown, Security Bypass
Released:    2008-07-29

Some vulnerabilities have been reported in Jamroom, one of which can be
exploited by malicious people to bypass certain security restrictions,
while others have unknown impacts.

Full Advisory:
http://secunia.com/advisories/31249/

 --

[SA31248] IceBB "username" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2008-07-28

girex has reported a vulnerability in IceBB, which can be exploited by
malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/31248/

 --

[SA31247] Mbius for Mimsy XG SQL Injection Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2008-07-31

dun has reported two vulnerabilities in Mbius for Mimsy XG, which can
be exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/31247/

 --

[SA31244] TriO "id" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2008-07-28

dun has reported a vulnerability in TriO, which can be exploited by
malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/31244/

 --

[SA31243] CMScout "bit" Local File Inclusion Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Exposure of system information, Exposure of sensitive
information
Released:    2008-07-28

R3d.W0rm has discovered a vulnerability in CMScout, which can be
exploited by malicious people to disclose sensitive information.

Full Advisory:
http://secunia.com/advisories/31243/

 --

[SA31241] GC Auction Platinum "cate_id" SQL Injection

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data, Exposure of sensitive information
Released:    2008-07-28

Hussin X has reported a vulnerability in GC Auction Platinum, which can
be exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/31241/

 --

[SA31240] SiteAdmin "art" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data, Exposure of sensitive information
Released:    2008-07-28

Cr_at_zy_King has reported a vulnerability in SiteAdmin, which can be
exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/31240/

 --

[SA31238] Youtuber Clone "UID" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2008-07-28

Hussin X has reported a vulnerability in Youtuber Clone, which can be
exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/31238/

 --

[SA31234] Camera Life "id" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2008-07-28

nuclear has discovered a vulnerability in Camera Life, which can be
exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/31234/

 --

[SA31218] Cerberus CMS "cerberus_user" Cookie Script Insertion
Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2008-07-29

A vulnerability has been reported in Cerberus CMS, which can be
exploited by malicious people to conduct script insertion attacks.

Full Advisory:
http://secunia.com/advisories/31218/

 --

[SA31283] phpFreeChat nickid Hijacking Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Hijacking
Released:    2008-07-31

A vulnerability has been reported in phpFreeChat, which can be
exploited by malicious users to conduct hijacking attacks.

Full Advisory:
http://secunia.com/advisories/31283/

 --

[SA31274] ATutor "type" File Inclusion Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Exposure of system information, Exposure of sensitive
information, System access
Released:    2008-07-29

R3d.W0rm has discovered a vulnerability in ATutor, which can be
exploited by malicious users to disclose sensitive information and
compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/31274/

 --

[SA31264] Owl Intranet Engine "username" Cross-Site Scripting

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2008-07-29

Fabian Fingerle has discovered a vulnerability in Owl Intranet Engine,
which can be exploited by malicious people to conduct cross-site
scripting attacks.

Full Advisory:
http://secunia.com/advisories/31264/

 --

[SA31233] XRMS CRM Information Disclosure and Cross-Site Scripting

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting, Exposure of system information
Released:    2008-07-28

AzzCoder has discovered two vulnerabilities in XRMS CRM, which can be
exploited by malicious people to conduct cross-site scripting attacks
and disclose sensitive information.

Full Advisory:
http://secunia.com/advisories/31233/

 --

[SA31231] Trac Wiki Engine Cross-Site Scripting Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2008-07-28

A vulnerability has been reported in Trac, which can be exploited by
malicious people to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/31231/

 --

[SA31219] PunBB SMTP Command Injection and Cross-Site Scripting

Critical:    Less critical
Where:       From remote
Impact:      Security Bypass, Cross Site Scripting
Released:    2008-07-28

Some vulnerabilities have been reported in PunBB, which can be
exploited by malicious people to bypass certain security restrictions
or conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/31219/

 --

[SA31217] Lore Cross-Site Scripting Vulnerabilities

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2008-07-25

Some vulnerabilities have been reported in Lore, which can be exploited
by malicious people to conduct cross-site scripting-attacks.

Full Advisory:
http://secunia.com/advisories/31217/

 --

[SA31263] phpMyAdmin Cross-Site Scripting and Spoofing

Critical:    Not critical
Where:       From remote
Impact:      Cross Site Scripting, Spoofing
Released:    2008-07-29

Aung Khant has reported two vulnerabilities in phpMyAdmin, which can be
exploited by malicious local users to conduct cross-site scripting
attacks, and by malicious people to conduct spoofing attacks.

Full Advisory:
http://secunia.com/advisories/31263/

 --

[SA31232] PhpWebGallery E-Mail Address Information Disclosure

Critical:    Not critical
Where:       From remote
Impact:      Exposure of sensitive information
Released:    2008-07-30

Pat has reported a vulnerability in PhpWebGallery, which can be
exploited by malicious people to disclose sensitive information.

Full Advisory:
http://secunia.com/advisories/31232/



========================================================================

Secunia recommends that you verify all advisories you receive,
by clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only use
those supplied by the vendor.

Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/

Subscribe:
http://secunia.com/secunia_weekly_summary/

Contact details:
Web	: http://secunia.com/
E-mail	: support_at_private
Tel	: +45 70 20 51 44
Fax	: +45 70 20 51 45


_______________________________________________      
Attend Black Hat USA, August 2-7 in Las Vegas, 
the world's premier technical event for ICT security experts.
Featuring 40 hands-on training courses and 80 Briefings 
presentations with lots of new content and new tools.
Network with 4,000 delegates from 50 nations.  
Visit product displays by 30 top sponsors in 
a relaxed setting. http://www.blackhat.com
Received on Fri Aug 01 2008 - 02:05:44 PDT

This archive was generated by hypermail 2.2.0 : Fri Aug 01 2008 - 02:13:24 PDT