======================================================================== The Secunia Weekly Advisory Summary 2008-08-07 - 2008-08-14 This week: 165 advisories ======================================================================== Table of Contents: 1.....................................................Word From Secunia 2....................................................This Week In Brief 3...............................This Weeks Top Ten Most Read Advisories 4.......................................Vulnerabilities Summary Listing 5.......................................Vulnerabilities Content Listing ======================================================================== 1) Word From Secunia: Try the Secunia Network Software Inspector (NSI) 2.0 for free! The Secunia NSI 2.0 is available as a 7-day trial download and can be used to scan up to 3 hosts within your network. Download the Secunia NSI trial version from: https://psi.secunia.com/NSISetup.exe ======================================================================== 2) This Week in Brief: Microsoft has released their monthly security bulletins for August. Please view the referenced Secunia Advisories for further details. For more information, refer to: http://secunia.com/advisories/31455/ http://secunia.com/advisories/31454/ http://secunia.com/advisories/31453/ http://secunia.com/advisories/31446/ http://secunia.com/advisories/31336/ http://secunia.com/advisories/31375/ http://secunia.com/advisories/31385/ http://secunia.com/advisories/31411/ http://secunia.com/advisories/31415/ http://secunia.com/advisories/31417/ -- Some vulnerabilities have been reported in PHP, where some have an unknown impact and others can potentially be exploited by malicious people to disclose sensitive information, cause a DoS (Denial of Service), or compromise a vulnerable system. For more information, refer to: http://secunia.com/advisories/31409/ -- VIRUS ALERTS: During the past week Secunia collected 212 virus descriptions from the Antivirus vendors. However, none were deemed MEDIUM risk or higher according to the Secunia assessment scale. ======================================================================== 3) This Weeks Top Ten Most Read Advisories: 1. [SA31441] uTorrent "created by" Buffer Overflow Vulnerability 2. [SA31397] Webex Meeting Manager WebexUCFObject ActiveX Control Buffer Overflow 3. [SA31412] Sun Solaris Trusted Extensions Labeled Networking Unauthorised Access 4. [SA31445] BitTorrent "created by" Buffer Overflow Vulnerability 5. [SA31394] e107 download.php "extract()" Vulnerability 6. [SA31407] PowerDNS Malformed Queries Handling Weakness 7. [SA31339] SUSE Update for Multiple Packages 8. [SA31414] RTH File Disclosure and SQL Injection Vulnerabilities 9. [SA31271] Cygwin Package Handling Security Issue 10. [SA30883] Microsoft Access Snapshot Viewer ActiveX Control Vulnerability ======================================================================== 4) Vulnerabilities Summary Listing Windows: [SA31498] Microsoft Visual Studio Masked Edit Control "Mask" Buffer Overflow [SA31481] FlashGet FTP PWD Buffer Overflow Vulnerability [SA31454] Microsoft Office Excel Multiple Vulnerabilities [SA31453] Microsoft Office PowerPoint Multiple Vulnerabilities [SA31445] BitTorrent "created by" Buffer Overflow Vulnerability [SA31441] uTorrent "created by" Buffer Overflow Vulnerability [SA31440] Trend Micro Products ObjRemoveCtrl Class Buffer Overflows [SA31397] Webex Meeting Manager WebexUCFObject ActiveX Control Buffer Overflow [SA31385] Microsoft Windows Color Management System Buffer Overflow [SA31375] Internet Explorer Multiple Vulnerabilities [SA31336] Microsoft Office Filters Multiple Vulnerabilities [SA31452] SOURCENEXT Virus Security / Virus Security ZERO Denial of Service [SA31446] Microsoft Windows Messenger ActiveX Control Vulnerability [SA31442] WinGate IMAP Server Buffer Overflow Vulnerability [SA31434] CA Products kmxfw.sys Privilege Escalation and Denial of Service [SA31415] Internet Explorer MHTML Protocol Handler Cross-Domain Information Disclosure [SA31376] HydraIRC "irc://" URI Handling Buffer Overflow Vulnerability [SA31371] Winamp "NowPlaying" Unspecified Vulnerability [SA31368] E.Z. Poll "Username" and "Password" SQL Injection Vulnerabilities [SA31319] CA ARCserve Backup for Laptops and Desktops LGServer Service Integer Underflow [SA31480] hMailServer IMAP Denial of Service Vulnerability [SA31455] Microsoft Office SharePoint Server Privilege Escalation Vulnerability [SA31432] Adobe Presenter "viewer.swf" and "loadflash.js" Cross-Site Scripting [SA31411] Microsoft Windows IPsec Policy Processing Information Disclosure [SA31369] KAPhotoservice "page" Cross-Site Scripting Vulnerability [SA31325] MailEnable IMAP Denial of Service Vulnerability [SA31417] Microsoft Windows Event System Privilege Escalation Vulnerabilities [SA31361] Sun xVM VirtualBox "VBoxDrv.sys" IOCTL Privilege Escalation Vulnerability [SA31433] McAfee Encrypted USB Manager "Re-use Threshold" Security Bypass UNIX/Linux: [SA31497] Red Hat Network Satellite Server Update for Sun Java / IBM Java Runtime [SA31492] Red Hat Network Satellite Server Update for Solaris Client [SA31489] VMware ESXi OpenSSL Vulnerabilities [SA31467] VMware updates for OpenSSL, net-snmp, and perl [SA31465] Yelp Invalid URI Format String Vulnerability [SA31428] Gentoo update for acroread [SA31405] Fedora update for poppler [SA31403] Fedora update for thunderbird [SA31393] Ubuntu update for xine-lib [SA31377] Gentoo update for Mozilla products [SA31372] Gentoo update for xine-lib [SA31352] Sun Solaris Adobe Reader Multiple Vulnerabilities [SA31339] SUSE Update for Multiple Packages [SA31326] Apple Mac OS X Security Update Fixes Multiple Vulnerabilities [SA31321] Red Hat Extras and Supplementary RealPlayer Vulnerability [SA31320] Red Hat update for java-1.5.0-ibm [SA31495] HP Tru64 UNIX BIND Query Port DNS Cache Poisoning [SA31493] Red Hat update for Red Hat Network Satellite Server [SA31478] IPsec-Tools racoon Phase 1 Handler Denial of Service [SA31473] rPath update for idle and python [SA31471] HP-UX ftpd Unspecified Privileged Access Vulnerability [SA31457] Joomla "token" Password Change Vulnerability [SA31437] Gentoo update for clamav [SA31422] Red Hat update for dnsmasq [SA31413] ZeeBuddy "adid" SQL Injection Vulnerability [SA31409] PHP Multiple Vulnerabilities [SA31399] Fedora update for libxslt [SA31395] Gentoo update for libxslt [SA31388] rPath update for cups [SA31387] rPath update for gaim [SA31386] Sun Solaris "snoop" Multiple Vulnerabilities [SA31378] Gentoo update for wireshark [SA31365] Ubuntu update for python [SA31363] Ubuntu update for libxslt [SA31358] Slackware update for python [SA31347] GIT Pathname Processing Multiple Buffer Overflows [SA31332] Gentoo update for python [SA31331] Red Hat update for libxslt [SA31328] Avaya Communication Manager Perl Regular Expressions Vulnerability [SA31324] Debian update for cupsys [SA31459] Fedora update for condor [SA31450] IPsec-Tools racoon Denial of Service [SA31449] GooCMS "s" Cross-Site Scripting Vulnerability [SA31444] Bugzilla importxml.pl Directory Traversal Vulnerability [SA31438] Gentoo update for stunnel [SA31426] Sun Solaris "sendfilev()" Denial of Service [SA31425] Ovidentia "item" SQL Injection Vulnerability [SA31423] Red Hat update for condor [SA31416] Fedora update for httpd [SA31412] Sun Solaris Trusted Extensions Labeled Networking Unauthorised Access [SA31404] Fedora update for httpd [SA31402] Xoops Kshop Module "search" Cross-Site Scripting [SA31400] HP-UX libc Denial of Service Vulnerability [SA31390] Pidgin SSL Verification Security Issue [SA31384] Apache mod_proxy_ftp Wildcard Characters Cross-Site Scripting [SA31380] Debian update for httracker [SA31360] Debian update for opensc [SA31359] csphonebook "letter" Cross-Site Scripting [SA31346] Online Dating "mail_id" SQL Injection Vulnerability [SA31490] Red Hat Network Proxy Server update for mod_perl [SA31436] Gentoo update for openldap [SA31364] Ubuntu update for OpenLDAP [SA31351] Gentoo update for net-snmp [SA31334] SUSE update for net-snmp [SA31322] Red Hat update for nfs-utils [SA31500] SUSE update for postfix [SA31485] Postfix Symlink Handling and Destination Ownership Security Issues [SA31420] Gentoo update for uudeview and nzbget [SA31418] Amarok "MagnatuneBrowser::listDownloadComplete()" Insecure Temporary Files [SA31398] CA Products Ingres Multiple Vulnerabilities [SA31356] Sun Solaris namefs Kernel Module Privilege Escalation [SA31341] Red Hat update for kernel [SA31318] MaxDB "dbmsrv" Privilege Escalation Vulnerability [SA31317] Gentoo update for vlc [SA31448] Debian update for pdns [SA31401] Fedora update for pdns [SA31468] VMware VirtualCenter User Account Disclosure [SA31396] Gentoo update for dhcp [SA31499] Red Hat update for hplip [SA31470] HPLIP hpssd Denial of Service [SA31366] Linux Kernel Information Disclosure and Denial of Service [SA31348] Sun Solaris "pthread_mutex_reltimedlock_np" Local Denial of Service Other: [SA31482] HP TCP/IP Services for OpenVMS BIND DNS Cache Poisoning [SA31451] Yamaha RT Series Routers DNS Cache Poisoning [SA31354] Astaro Security Gateway DNS Cache Poisoning [SA31435] Alcatel-Lucent OmniSwitch Series Buffer Overflow Vulnerability [SA31391] 8e6 R3000 "Host" URL Filter Bypass Vulnerability [SA31329] Xerox Phaser 8400 Denial of Service Vulnerability Cross Platform: [SA31475] Freeway File Inclusion and Cross-Site Scripting Vulnerabilities [SA31424] pPIM Multiple Vulnerabilities [SA31394] e107 download.php "extract()" Vulnerability [SA31389] LoveCMS Multiple Vulnerabilities [SA31374] Contenido Unspecified File Inclusion Vulnerabilities [SA31484] PHP Realty "docID" SQL Injection Vulnerability [SA31476] Sun Java System Web Proxy Server FTP Subsystem Denial of Service [SA31466] Ventrilo Server Denial of Service Vulnerability [SA31463] NavBoard Local File Inclusion and Cross-Site Scripting [SA31462] Drupal Multiple Vulnerabilities [SA31456] Gelato "img" File Disclosure Vulnerability [SA31447] VitalQIP DNS Cache Poisoning Vulnerability [SA31431] Kayako SupportSuite Multiple Vulnerabilities [SA31430] Ruby Multiple Vulnerabilities [SA31427] Skulltag NULL Pointer Dereference Denial of Service [SA31421] Vacation Rental Script "id" SQL Injection Vulnerability [SA31419] Quicksilver Forums "forums[]" SQL Injection Vulnerability [SA31414] RTH File Disclosure and SQL Injection Vulnerabilities [SA31408] OpenImpro "id" SQL Injection Vulnerability [SA31406] Harmoni "Username" Script Insertion Vulnerability [SA31392] WSN Products "TID" Local File Inclusion [SA31383] Free Hosting Manager Insecure Cookie Handling Vulnerability [SA31382] PowerGap Shopsystem "ag" SQL Injection Vulnerability [SA31381] Apache Tomcat 6 Multiple Vulnerabilities [SA31379] Apache Tomcat Multiple Vulnerabilities [SA31367] Gallery Multiple Vulnerabilities [SA31362] Chupix Contact Module "mods" Local File Inclusion [SA31353] America's Army Special Forces UDP Processing Denial of Service [SA31350] OpenTTD "TruncateString()" Buffer Overflow Vulnerability [SA31345] Scripts24 iTGP "id" SQL Injection Vulnerability [SA31344] Scripts24 iPost "id" SQL Injection Vulnerability [SA31327] moziloCMS "cat" File Disclosure Vulnerability [SA31488] Datafeed Studio search.php Cross-Site Scripting Vulnerability [SA31487] PhpLinkExchange "catid" Cross-Site Scripting Vulnerability [SA31483] Openfire "url" Cross-Site Scripting Vulnerability [SA31464] Vim Netrw FTP Credentials Disclosure Security Issue [SA31460] Drupal Cross-Site Request Forgery and Security Bypass [SA31439] IceBB "skin" SQL Injection Vulnerability [SA31355] MRBS "area" Cross-Site Scripting Vulnerabilities [SA31349] freeForum Cross-Site Scripting Vulnerability [SA31340] Crafty Syntax Live Help "department" Cross-Site Scripting Vulnerability [SA31333] Novell iManager Property Book Security Bypass [SA31330] OpenSC CardOS Improper Initialization Security Issue [SA31323] HTTrack Long URLs Buffer Overflow Vulnerability [SA31357] Ingres Multiple Vulnerabilities [SA31407] PowerDNS Malformed Queries Handling Weakness [SA31338] Mono ASP.net Cross-Site Scripting [SA31335] Sun Netra T5220 Server Local Denial of Service ======================================================================== 5) Vulnerabilities Content Listing Windows:-- [SA31498] Microsoft Visual Studio Masked Edit Control "Mask" Buffer Overflow Critical: Highly critical Where: From remote Impact: DoS, System access Released: 2008-08-14 A vulnerability has been reported in Microsoft Visual Studio, which can potentially be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/31498/ -- [SA31481] FlashGet FTP PWD Buffer Overflow Vulnerability Critical: Highly critical Where: From remote Impact: System access Released: 2008-08-14 Krystian Kloskowski has discovered a vulnerability in FlashGet, which can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/31481/ -- [SA31454] Microsoft Office Excel Multiple Vulnerabilities Critical: Highly critical Where: From remote Impact: Exposure of sensitive information, System access Released: 2008-08-12 Multiple vulnerabilities have been reported in Microsoft Excel, which can be exploited by malicious people to gain knowledge of sensitive information or compromise a user's system. Full Advisory: http://secunia.com/advisories/31454/ -- [SA31453] Microsoft Office PowerPoint Multiple Vulnerabilities Critical: Highly critical Where: From remote Impact: System access Released: 2008-08-12 Some vulnerabilities have been reported in Microsoft PowerPoint, which can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/31453/ -- [SA31445] BitTorrent "created by" Buffer Overflow Vulnerability Critical: Highly critical Where: From remote Impact: DoS, System access Released: 2008-08-12 A vulnerability has been discovered in BitTorrent, which potentially can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/31445/ -- [SA31441] uTorrent "created by" Buffer Overflow Vulnerability Critical: Highly critical Where: From remote Impact: DoS, System access Released: 2008-08-12 A vulnerability has been discovered in uTorrent, which potentially can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/31441/ -- [SA31440] Trend Micro Products ObjRemoveCtrl Class Buffer Overflows Critical: Highly critical Where: From remote Impact: System access Released: 2008-08-11 Some vulnerabilities have been reported in multiple Trend Micro products, which can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/31440/ -- [SA31397] Webex Meeting Manager WebexUCFObject ActiveX Control Buffer Overflow Critical: Highly critical Where: From remote Impact: System access Released: 2008-08-07 Elazar Broad has discovered a vulnerability in Webex Meeting Manager, which can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/31397/ -- [SA31385] Microsoft Windows Color Management System Buffer Overflow Critical: Highly critical Where: From remote Impact: System access Released: 2008-08-12 A vulnerability has been reported in Microsoft Windows, which can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/31385/ -- [SA31375] Internet Explorer Multiple Vulnerabilities Critical: Highly critical Where: From remote Impact: System access Released: 2008-08-12 Multiple vulnerabilities have been reported in Internet Explorer, which can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/31375/ -- [SA31336] Microsoft Office Filters Multiple Vulnerabilities Critical: Highly critical Where: From remote Impact: System access Released: 2008-08-12 Multiple vulnerabilities have been reported in Microsoft Office, which can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/31336/ -- [SA31452] SOURCENEXT Virus Security / Virus Security ZERO Denial of Service Critical: Moderately critical Where: From remote Impact: DoS Released: 2008-08-12 A vulnerability has been reported in SOURCENEXT Virus Security and Virus Security ZERO, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/31452/ -- [SA31446] Microsoft Windows Messenger ActiveX Control Vulnerability Critical: Moderately critical Where: From remote Impact: Manipulation of data, Exposure of sensitive information Released: 2008-08-12 A vulnerability has been reported in Microsoft Windows Messenger, which can be exploited by malicious people to gain knowledge of sensitive information. Full Advisory: http://secunia.com/advisories/31446/ -- [SA31442] WinGate IMAP Server Buffer Overflow Vulnerability Critical: Moderately critical Where: From remote Impact: DoS, System access Released: 2008-08-11 Joo Antunes has discovered a vulnerability in WinGate, which can be exploited by malicious users to cause a DoS (Denial of Service) or to potentially compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/31442/ -- [SA31434] CA Products kmxfw.sys Privilege Escalation and Denial of Service Critical: Moderately critical Where: From remote Impact: Privilege escalation, DoS Released: 2008-08-12 Some vulnerabilities have been reported in multiple CA products, which can be exploited by malicious, local users to cause a DoS (Denial of Service) or to potentially gain escalated privileges, and by malicious people to cause a DoS. Full Advisory: http://secunia.com/advisories/31434/ -- [SA31415] Internet Explorer MHTML Protocol Handler Cross-Domain Information Disclosure Critical: Moderately critical Where: From remote Impact: Exposure of sensitive information Released: 2008-08-12 A vulnerability has been reported in Internet Explorer, which can be exploited by malicious people to gain knowledge of sensitive information. Full Advisory: http://secunia.com/advisories/31415/ -- [SA31376] HydraIRC "irc://" URI Handling Buffer Overflow Vulnerability Critical: Moderately critical Where: From remote Impact: DoS, System access Released: 2008-08-05 securfrog has discovered a vulnerability in HydraIRC, which can be exploited by malicious people to potentially compromise a user's system. Full Advisory: http://secunia.com/advisories/31376/ -- [SA31371] Winamp "NowPlaying" Unspecified Vulnerability Critical: Moderately critical Where: From remote Impact: Unknown Released: 2008-08-05 A vulnerability with an unknown impact has been reported in Winamp. Full Advisory: http://secunia.com/advisories/31371/ -- [SA31368] E.Z. Poll "Username" and "Password" SQL Injection Vulnerabilities Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2008-08-04 t0fx has discovered some vulnerabilities in E. Z. Poll, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/31368/ -- [SA31319] CA ARCserve Backup for Laptops and Desktops LGServer Service Integer Underflow Critical: Moderately critical Where: From local network Impact: DoS, System access Released: 2008-08-01 A vulnerability has been reported in CA ARCserve Backup for Laptops and Desktops, which can be exploited by malicious people to cause a DoS (Denial of Service) or compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/31319/ -- [SA31480] hMailServer IMAP Denial of Service Vulnerability Critical: Less critical Where: From remote Impact: DoS Released: 2008-08-13 Joo Antunes has reported a vulnerability in hMailServer, which can be exploited by malicious users to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/31480/ -- [SA31455] Microsoft Office SharePoint Server Privilege Escalation Vulnerability Critical: Less critical Where: From remote Impact: Privilege escalation Released: 2008-08-12 A vulnerability has been reported in Microsoft Office SharePoint Server, which can be exploited by malicious users to gain escalated privileges. Full Advisory: http://secunia.com/advisories/31455/ -- [SA31432] Adobe Presenter "viewer.swf" and "loadflash.js" Cross-Site Scripting Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2008-08-11 Some vulnerabilities have been reported in Adobe Presenter, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/31432/ -- [SA31411] Microsoft Windows IPsec Policy Processing Information Disclosure Critical: Less critical Where: From remote Impact: Exposure of sensitive information Released: 2008-08-12 A security issue has been reported in Microsoft Windows, which may expose sensitive information to malicious people Full Advisory: http://secunia.com/advisories/31411/ -- [SA31369] KAPhotoservice "page" Cross-Site Scripting Vulnerability Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2008-08-08 by_casper41 has reported a vulnerability in KAPhotoservice, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/31369/ -- [SA31325] MailEnable IMAP Denial of Service Vulnerability Critical: Less critical Where: From remote Impact: DoS Released: 2008-08-01 A vulnerability has been reported in MailEnable, which can be exploited by malicious users to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/31325/ -- [SA31417] Microsoft Windows Event System Privilege Escalation Vulnerabilities Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2008-08-12 Two vulnerabilities have been reported in Microsoft Windows, which can be exploited by malicious, local users to gain escalated privileges. Full Advisory: http://secunia.com/advisories/31417/ -- [SA31361] Sun xVM VirtualBox "VBoxDrv.sys" IOCTL Privilege Escalation Vulnerability Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2008-08-05 Core Security Technologies has reported a vulnerability in Sun xVM VirtualBox, which can be exploited by malicious, local users to gain escalated privileges. Full Advisory: http://secunia.com/advisories/31361/ -- [SA31433] McAfee Encrypted USB Manager "Re-use Threshold" Security Bypass Critical: Not critical Where: From remote Impact: Security Bypass Released: 2008-08-11 McAfee has acknowledged a security issue in McAfee Encrypted USB Manager, which can be exploited by malicious people to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/31433/ UNIX/Linux:-- [SA31497] Red Hat Network Satellite Server Update for Sun Java / IBM Java Runtime Critical: Highly critical Where: From remote Impact: Security Bypass, Manipulation of data, Exposure of system information, Exposure of sensitive information, DoS, System access Released: 2008-08-14 Red Hat has issued an update for the Red Hat Network Satellite Server Sun Java and IBM Java runtimes. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions, disclose system information or potentially sensitive information, cause a DoS (Denial of Service), or compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/31497/ -- [SA31492] Red Hat Network Satellite Server Update for Solaris Client Critical: Highly critical Where: From remote Impact: Security Bypass, Exposure of sensitive information, DoS, System access Released: 2008-08-14 Red Hat has issued an update for the Red Hat Network Satellite Server Solaris client. This fixes some vulnerabilities, which can be exploited by malicious people to expose sensitive information, bypass certain security restrictions, cause a DoS (Denial of Service), and potentially compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/31492/ -- [SA31489] VMware ESXi OpenSSL Vulnerabilities Critical: Highly critical Where: From remote Impact: DoS, System access Released: 2008-08-13 VMware has acknowledged some vulnerabilities in VMware ESXi, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/31489/ -- [SA31467] VMware updates for OpenSSL, net-snmp, and perl Critical: Highly critical Where: From remote Impact: Spoofing, DoS, System access Released: 2008-08-13 VMware has issued updated OpenSSL, net-snmp, and perl packages. This fixes some vulnerabilities, which can be exploited by malicious people to spoof authenticated SNMPv3 packets, cause a DoS (Denial of Service), and compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/31467/ -- [SA31465] Yelp Invalid URI Format String Vulnerability Critical: Highly critical Where: From remote Impact: DoS, System access Released: 2008-08-14 A vulnerability has been reported in Yelp, which potentially can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/31465/ -- [SA31428] Gentoo update for acroread Critical: Highly critical Where: From remote Impact: DoS, System access Released: 2008-08-11 Gentoo has issued an update for acroread. This fixes a vulnerability, which potentially can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/31428/ -- [SA31405] Fedora update for poppler Critical: Highly critical Where: From remote Impact: DoS, System access Released: 2008-08-08 Fedora has issued an update for poppler. This fixes a vulnerability, which can be exploited by malicious people to compromise an application using the library. Full Advisory: http://secunia.com/advisories/31405/ -- [SA31403] Fedora update for thunderbird Critical: Highly critical Where: From remote Impact: Spoofing, Exposure of sensitive information, DoS, System access Released: 2008-08-08 Fedora has issued an update for thunderbird. This fixes some vulnerabilities, which can be exploited by malicious people to conduct spoofing attacks, disclose sensitive information, and to compromise a user's system. Full Advisory: http://secunia.com/advisories/31403/ -- [SA31393] Ubuntu update for xine-lib Critical: Highly critical Where: From remote Impact: DoS, System access Released: 2008-08-11 Ubuntu has issued an update for xine-lib. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and compromise a user's system. Full Advisory: http://secunia.com/advisories/31393/ -- [SA31377] Gentoo update for Mozilla products Critical: Highly critical Where: From remote Impact: System access, DoS, Exposure of sensitive information, Exposure of system information, Spoofing, Cross Site Scripting, Security Bypass Released: 2008-08-06 Gentoo has issued an update for various Mozilla products. This fixes some vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting and spoofing attacks, bypass certain security restrictions, disclose sensitive information, or potentially compromise a user's system. Full Advisory: http://secunia.com/advisories/31377/ -- [SA31372] Gentoo update for xine-lib Critical: Highly critical Where: From remote Impact: DoS, System access Released: 2008-08-06 Gentoo has issued an update for xine-lib. This fixes some vulnerabilities, which can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/31372/ -- [SA31352] Sun Solaris Adobe Reader Multiple Vulnerabilities Critical: Highly critical Where: From remote Impact: Privilege escalation, DoS, System access Released: 2008-08-04 Sun has acknowledged a vulnerability and a security issue in Adobe Reader in Sun Solaris, which can be exploited by malicious, local users to perform certain actions with escalated privileges and potentially by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/31352/ -- [SA31339] SUSE Update for Multiple Packages Critical: Highly critical Where: From remote Impact: System access, DoS, Exposure of sensitive information, Cross Site Scripting Released: 2008-08-08 SUSE has issued an update for multiple packages. This fixes some vulnerabilities, which can be exploited by malicious users to conduct script insertion attacks, and by malicious people to disclose potentially sensitive information, conduct cross-site request forgery attacks, and compromise a user's system. Full Advisory: http://secunia.com/advisories/31339/ -- [SA31326] Apple Mac OS X Security Update Fixes Multiple Vulnerabilities Critical: Highly critical Where: From remote Impact: Security Bypass, Spoofing, Privilege escalation, DoS, System access Released: 2008-08-01 Apple has issued a security update for Mac OS X, which fixes multiple vulnerabilities. Full Advisory: http://secunia.com/advisories/31326/ -- [SA31321] Red Hat Extras and Supplementary RealPlayer Vulnerability Critical: Highly critical Where: From remote Impact: System access Released: 2008-08-01 Red Hat has acknowledged a vulnerability in RealPlayer, which can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/31321/ -- [SA31320] Red Hat update for java-1.5.0-ibm Critical: Highly critical Where: From remote Impact: Exposure of sensitive information, DoS, System access, Security Bypass Released: 2008-08-01 Red Hat has issued an update for java-1.5.0-ibm. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions, disclose sensitive information, or compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/31320/ -- [SA31495] HP Tru64 UNIX BIND Query Port DNS Cache Poisoning Critical: Moderately critical Where: From remote Impact: Spoofing Released: 2008-08-14 HP has acknowledged a vulnerability in HP Tru64 UNIX, which can be exploited by malicious people to poison the DNS cache. Full Advisory: http://secunia.com/advisories/31495/ -- [SA31493] Red Hat update for Red Hat Network Satellite Server Critical: Moderately critical Where: From remote Impact: Security Bypass, Cross Site Scripting, Exposure of sensitive information, DoS Released: 2008-08-14 Red Hat has issued an update for Red Hat Network Satellite Server. This fixes some vulnerabilities, which can be exploited by malicious users to disclose potentially sensitive information, and malicious people to bypass certain security restrictions, disclose sensitive information, conduct cross-site scripting attacks, and cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/31493/ -- [SA31478] IPsec-Tools racoon Phase 1 Handler Denial of Service Critical: Moderately critical Where: From remote Impact: DoS Released: 2008-08-13 A vulnerability has been reported in IPsec-Tools, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/31478/ -- [SA31473] rPath update for idle and python Critical: Moderately critical Where: From remote Impact: Unknown, DoS, System access Released: 2008-08-14 rPath has issued an update for idle and python. This fixes some vulnerabilities, where some have unknown impact and others can potentially be exploited by malicious people to cause a DoS (Denial of Service) or to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/31473/ -- [SA31471] HP-UX ftpd Unspecified Privileged Access Vulnerability Critical: Moderately critical Where: From remote Impact: Security Bypass, DoS Released: 2008-08-13 A vulnerability has been reported in HP-UX, which can be exploited by malicious people to bypass certain security restrictions and to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/31471/ -- [SA31457] Joomla "token" Password Change Vulnerability Critical: Moderately critical Where: From remote Impact: Security Bypass, Manipulation of data Released: 2008-08-13 d3m0n has reported a vulnerability in Joomla!, which can be exploited by malicious people to bypass certain security restrictions and manipulate data. Full Advisory: http://secunia.com/advisories/31457/ -- [SA31437] Gentoo update for clamav Critical: Moderately critical Where: From remote Impact: DoS Released: 2008-08-11 Gentoo has issued an update for clamav. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/31437/ -- [SA31422] Red Hat update for dnsmasq Critical: Moderately critical Where: From remote Impact: Spoofing Released: 2008-08-12 Red Hat has issued an update for dnsmasq. This fixes a vulnerability, which can be exploited by malicious people to poison the DNS cache. Full Advisory: http://secunia.com/advisories/31422/ -- [SA31413] ZeeBuddy "adid" SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Manipulation of data, Exposure of sensitive information Released: 2008-08-11 Hussin X has reported a vulnerability in ZeeBuddy, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/31413/ -- [SA31409] PHP Multiple Vulnerabilities Critical: Moderately critical Where: From remote Impact: Unknown, Exposure of sensitive information, DoS, System access Released: 2008-08-12 Some vulnerabilities have been reported in PHP, where some have an unknown impact and others can potentially be exploited by malicious people to disclose sensitive information, cause a DoS (Denial of Service), or compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/31409/ -- [SA31399] Fedora update for libxslt Critical: Moderately critical Where: From remote Impact: DoS, System access Released: 2008-08-08 Fedora has issued an update for libxslt. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise an application using the library. Full Advisory: http://secunia.com/advisories/31399/ -- [SA31395] Gentoo update for libxslt Critical: Moderately critical Where: From remote Impact: DoS, System access Released: 2008-08-07 Gentoo has issued an update for libxslt. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise an application using the library. Full Advisory: http://secunia.com/advisories/31395/ -- [SA31388] rPath update for cups Critical: Moderately critical Where: From remote Impact: System access, DoS Released: 2008-08-06 rPath has issued an update for cups. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/31388/ -- [SA31387] rPath update for gaim Critical: Moderately critical Where: From remote Impact: DoS, System access Released: 2008-08-06 rPath has issued an update for gaim. This fixes some vulnerabilities, which potentially can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/31387/ -- [SA31386] Sun Solaris "snoop" Multiple Vulnerabilities Critical: Moderately critical Where: From remote Impact: System access Released: 2008-08-06 Some vulnerabilities have been reported in Sun Solaris, which can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/31386/ -- [SA31378] Gentoo update for wireshark Critical: Moderately critical Where: From remote Impact: Exposure of sensitive information, DoS Released: 2008-08-06 Gentoo has issued an update for wireshark. This fixes some vulnerabilities, which can be exploited by malicious people to disclose potentially sensitive information or cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/31378/ -- [SA31365] Ubuntu update for python Critical: Moderately critical Where: From remote Impact: Unknown, DoS, System access Released: 2008-08-04 Ubuntu has issued an update for python. This fixes some vulnerabilities, where some have unknown impact and others can potentially be exploited by malicious people to cause a DoS (Denial of Service) or to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/31365/ -- [SA31363] Ubuntu update for libxslt Critical: Moderately critical Where: From remote Impact: DoS, System access Released: 2008-08-04 Ubuntu has issued an update for libxslt. This fixes a some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise an application using the library. Full Advisory: http://secunia.com/advisories/31363/ -- [SA31358] Slackware update for python Critical: Moderately critical Where: From remote Impact: Unknown, DoS, System access Released: 2008-08-05 Slackware has issued an update for python. This fixes some vulnerabilities, where some have unknown impact and others can potentially be exploited by malicious people to cause a DoS (Denial of Service) or to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/31358/ -- [SA31347] GIT Pathname Processing Multiple Buffer Overflows Critical: Moderately critical Where: From remote Impact: DoS, System access Released: 2008-08-05 Some vulnerabilities have been reported in GIT, which can potentially be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/31347/ -- [SA31332] Gentoo update for python Critical: Moderately critical Where: From remote Impact: Unknown, DoS, System access Released: 2008-08-04 Gentoo has issued an update for python. This fixes some vulnerabilities, where some have unknown impact and others can potentially be exploited by malicious people to cause a DoS (Denial of Service) or to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/31332/ -- [SA31331] Red Hat update for libxslt Critical: Moderately critical Where: From remote Impact: DoS, System access Released: 2008-08-01 Red Hat has issued an update for libxslt. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise an application using the library. Full Advisory: http://secunia.com/advisories/31331/ -- [SA31328] Avaya Communication Manager Perl Regular Expressions Vulnerability Critical: Moderately critical Where: From remote Impact: DoS, System access Released: 2008-08-01 Avaya has acknowledged a vulnerability in Perl in Avaya Communication Manager, which can potentially be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/31328/ -- [SA31324] Debian update for cupsys Critical: Moderately critical Where: From local network Impact: DoS, System access Released: 2008-08-01 Debian has issued an update for cupsys. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/31324/ -- [SA31459] Fedora update for condor Critical: Less critical Where: From remote Impact: Security Bypass Released: 2008-08-13 Fedora has issued an update for condor. This fixes a security issue, which can be exploited by malicious users to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/31459/ -- [SA31450] IPsec-Tools racoon Denial of Service Critical: Less critical Where: From remote Impact: DoS Released: 2008-08-12 A vulnerability has been reported in IPsec-Tools, which can be exploited by malicious users to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/31450/ -- [SA31449] GooCMS "s" Cross-Site Scripting Vulnerability Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2008-08-12 ahmadbaby has discovered a vulnerability in GooCMS, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/31449/ -- [SA31444] Bugzilla importxml.pl Directory Traversal Vulnerability Critical: Less critical Where: From remote Impact: Exposure of system information, Exposure of sensitive information Released: 2008-08-12 A vulnerability has been reported in Bugzilla, which can be exploited by malicious users to disclose sensitive information. Full Advisory: http://secunia.com/advisories/31444/ -- [SA31438] Gentoo update for stunnel Critical: Less critical Where: From remote Impact: Security Bypass Released: 2008-08-11 Gentoo has issued an update for stunnel. This fixes a vulnerability, which can be exploited by malicious people to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/31438/ -- [SA31426] Sun Solaris "sendfilev()" Denial of Service Critical: Less critical Where: From remote Impact: DoS Released: 2008-08-12 A vulnerability has been reported in Sun Solaris, which can be exploited by malicious users to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/31426/ -- [SA31425] Ovidentia "item" SQL Injection Vulnerability Critical: Less critical Where: From remote Impact: Manipulation of data Released: 2008-08-12 IRCRASH has discovered a vulnerability in Ovidentia, which can be exploited by malicious users to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/31425/ -- [SA31423] Red Hat update for condor Critical: Less critical Where: From remote Impact: Security Bypass Released: 2008-08-12 Red Hat has issued an update for condor. This fixes a security issue, which can be exploited by malicious users to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/31423/ -- [SA31416] Fedora update for httpd Critical: Less critical Where: From remote Impact: DoS Released: 2008-08-08 Fedora has issued an update for httpd. This fixes two vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/31416/ -- [SA31412] Sun Solaris Trusted Extensions Labeled Networking Unauthorised Access Critical: Less critical Where: From remote Impact: Security Bypass Released: 2008-08-08 A vulnerability has been reported in Sun Solaris, which can be exploited by malicious people to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/31412/ -- [SA31404] Fedora update for httpd Critical: Less critical Where: From remote Impact: DoS Released: 2008-08-08 Fedora has issued an update for httpd. This fixes a vulnerability, which potentially can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/31404/ -- [SA31402] Xoops Kshop Module "search" Cross-Site Scripting Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2008-08-07 Lostmon has discovered a vulnerability in the Kshop module for Xoops, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/31402/ -- [SA31400] HP-UX libc Denial of Service Vulnerability Critical: Less critical Where: From remote Impact: DoS Released: 2008-08-07 HP has acknowledged a vulnerability in libc, which can be exploited by malicious users to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/31400/ -- [SA31390] Pidgin SSL Verification Security Issue Critical: Less critical Where: From remote Impact: Spoofing Released: 2008-08-06 A security issue has been reported in Pidgin, which can be exploited by malicious people to conduct spoofing attacks. Full Advisory: http://secunia.com/advisories/31390/ -- [SA31384] Apache mod_proxy_ftp Wildcard Characters Cross-Site Scripting Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2008-08-06 A vulnerability has been reported in Apache, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/31384/ -- [SA31380] Debian update for httracker Critical: Less critical Where: From remote Impact: System access Released: 2008-08-04 Debian has issued an update for httracker. This fixes a security issue, which can be exploited by malicious people to potentially compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/31380/ -- [SA31360] Debian update for opensc Critical: Less critical Where: From remote Impact: Security Bypass Released: 2008-08-04 Debian has issued an update for opensc. This fixes a security issue, which can be exploited by malicious people to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/31360/ -- [SA31359] csphonebook "letter" Cross-Site Scripting Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2008-08-07 Ghost Hacker has discovered a vulnerability in csphonebook, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/31359/ -- [SA31346] Online Dating "mail_id" SQL Injection Vulnerability Critical: Less critical Where: From remote Impact: Manipulation of data, Exposure of sensitive information Released: 2008-08-04 Corwin has reported a vulnerability in Online Dating, which can be exploited by malicious users to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/31346/ -- [SA31490] Red Hat Network Proxy Server update for mod_perl Critical: Less critical Where: From local network Impact: DoS Released: 2008-08-14 Red Hat has issued an update for the Red Hat Network Proxy Server mod_perl package. This fixes a vulnerability, which potentially can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/31490/ -- [SA31436] Gentoo update for openldap Critical: Less critical Where: From local network Impact: DoS Released: 2008-08-11 Gentoo has issued an update for openldap. This fixes a vulnerability, which potentially can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/31436/ -- [SA31364] Ubuntu update for OpenLDAP Critical: Less critical Where: From local network Impact: DoS Released: 2008-08-04 Ubuntu has issued an update for OpenLDAP. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/31364/ -- [SA31351] Gentoo update for net-snmp Critical: Less critical Where: From local network Impact: Spoofing, DoS, System access Released: 2008-08-06 Gentoo has issued an update for net-snmp. This fixes some vulnerabilities, which can be exploited by malicious people to spoof authenticated SNMPv3 packets or potentially to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/31351/ -- [SA31334] SUSE update for net-snmp Critical: Less critical Where: From local network Impact: Spoofing, DoS, System access Released: 2008-08-01 SUSE has issued an update for net-snmp. This fixes some vulnerabilities, which can be exploited by malicious people to spoof authenticated SNMPv3 packets and potentially compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/31334/ -- [SA31322] Red Hat update for nfs-utils Critical: Less critical Where: From local network Impact: Security Bypass Released: 2008-08-01 Red Hat has issued an update for nfs-utils. This fixes a security issue, which can be exploited by malicious people to potentially bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/31322/ -- [SA31500] SUSE update for postfix Critical: Less critical Where: Local system Impact: Exposure of sensitive information, Privilege escalation Released: 2008-08-14 SUSE has issued an update for postfix. This fixes some security issues, which can be exploited by malicious, local users to disclose potentially sensitive information and perform certain actions with escalated privileges. Full Advisory: http://secunia.com/advisories/31500/ -- [SA31485] Postfix Symlink Handling and Destination Ownership Security Issues Critical: Less critical Where: Local system Impact: Exposure of sensitive information, Privilege escalation Released: 2008-08-14 Sebastian Krahmer has reported some security issues in Postfix, which can be exploited by malicious, local users to disclose potentially sensitive information and perform certain actions with escalated privileges. Full Advisory: http://secunia.com/advisories/31485/ -- [SA31420] Gentoo update for uudeview and nzbget Critical: Less critical Where: Local system Impact: Manipulation of data Released: 2008-08-12 Gentoo has issued an update for uudeview and nzbget. This fixes a vulnerability, which can be exploited by malicious, local users to perform certain actions with escalated privileges. Full Advisory: http://secunia.com/advisories/31420/ -- [SA31418] Amarok "MagnatuneBrowser::listDownloadComplete()" Insecure Temporary Files Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2008-08-12 A security issue has been reported in Amarok, which can be exploited by malicious, local users to perform certain actions with escalated privileges. Full Advisory: http://secunia.com/advisories/31418/ -- [SA31398] CA Products Ingres Multiple Vulnerabilities Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2008-08-07 Some vulnerabilities have been reported in CA products, which can be exploited by malicious, local users to gain escalated privileges. Full Advisory: http://secunia.com/advisories/31398/ -- [SA31356] Sun Solaris namefs Kernel Module Privilege Escalation Critical: Less critical Where: Local system Impact: DoS, System access Released: 2008-08-04 A vulnerability has been reported in Sun Solaris, which can be exploited by malicious, local users to cause a DoS (Denial of Service) or to gain escalated privileges. Full Advisory: http://secunia.com/advisories/31356/ -- [SA31341] Red Hat update for kernel Critical: Less critical Where: Local system Impact: Security Bypass, Privilege escalation, DoS Released: 2008-08-05 Red Hat has issued an update for the kernel. This fixes two vulnerabilities and a security issue, which can be exploited by malicious, local users to cause a DoS (Denial of Service), bypass certain security restrictions, or to potentially gain escalated privileges. Full Advisory: http://secunia.com/advisories/31341/ -- [SA31318] MaxDB "dbmsrv" Privilege Escalation Vulnerability Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2008-08-01 A vulnerability has been reported in MaxDB, which can be exploited by malicious, local users to gain escalated privileges. Full Advisory: http://secunia.com/advisories/31318/ -- [SA31317] Gentoo update for vlc Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2008-08-01 Gentoo has issued an update for vlc. This fixes a vulnerability, which can be exploited by malicious, local users to gain escalated privileges. Full Advisory: http://secunia.com/advisories/31317/ -- [SA31448] Debian update for pdns Critical: Not critical Where: From remote Impact: Spoofing Released: 2008-08-12 Debian has issued an update for pdns. This fixes a weakness, which can be exploited by malicious people to conduct spoofing attacks. Full Advisory: http://secunia.com/advisories/31448/ -- [SA31401] Fedora update for pdns Critical: Not critical Where: From remote Impact: Spoofing Released: 2008-08-08 Fedora has issued an update for pdns. This fixes a weakness, which can be exploited by malicious people to conduct spoofing attacks. Full Advisory: http://secunia.com/advisories/31401/ -- [SA31468] VMware VirtualCenter User Account Disclosure Critical: Not critical Where: From local network Impact: Exposure of system information Released: 2008-08-13 A security issue has been reported in VMware VirtualCenter, which can be exploited by malicious users to disclose certain system information. Full Advisory: http://secunia.com/advisories/31468/ -- [SA31396] Gentoo update for dhcp Critical: Not critical Where: From local network Impact: DoS Released: 2008-08-07 Gentoo has issued an update for dhcp. This fixes a weakness, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/31396/ -- [SA31499] Red Hat update for hplip Critical: Not critical Where: Local system Impact: DoS Released: 2008-08-14 Red Hat has issued an update for hplip. This fixes a security issue, which can be exploited by malicious, local users to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/31499/ -- [SA31470] HPLIP hpssd Denial of Service Critical: Not critical Where: Local system Impact: DoS Released: 2008-08-14 A security issue has been reported in hplip, which can be exploited by malicious, local users to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/31470/ -- [SA31366] Linux Kernel Information Disclosure and Denial of Service Critical: Not critical Where: Local system Impact: Exposure of sensitive information, DoS Released: 2008-08-06 Some vulnerabilities have been reported in the Linux Kernel, which can be exploited by malicious, local users to disclose potentially sensitive information or to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/31366/ -- [SA31348] Sun Solaris "pthread_mutex_reltimedlock_np" Local Denial of Service Critical: Not critical Where: Local system Impact: DoS Released: 2008-08-06 A vulnerability has been reported in Sun Solaris, which can be exploited by malicious, local users to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/31348/ Other:-- [SA31482] HP TCP/IP Services for OpenVMS BIND DNS Cache Poisoning Critical: Moderately critical Where: From remote Impact: Spoofing Released: 2008-08-14 HP has acknowledged a vulnerability in HP OpenVMS TCP/IP Services, which can be exploited by malicious people to poison the DNS cache. Full Advisory: http://secunia.com/advisories/31482/ -- [SA31451] Yamaha RT Series Routers DNS Cache Poisoning Critical: Moderately critical Where: From remote Impact: Spoofing Released: 2008-08-12 A vulnerability has been reported in Yamaha RT Series Routers, which can be exploited by malicious people to poison the DNS cache. Full Advisory: http://secunia.com/advisories/31451/ -- [SA31354] Astaro Security Gateway DNS Cache Poisoning Critical: Moderately critical Where: From remote Impact: Spoofing Released: 2008-08-05 Astaro has acknowledged a vulnerability in Astaro Security Gateway, which can be exploited by malicious people to poison the DNS cache. Full Advisory: http://secunia.com/advisories/31354/ -- [SA31435] Alcatel-Lucent OmniSwitch Series Buffer Overflow Vulnerability Critical: Moderately critical Where: From local network Impact: DoS, System access Released: 2008-08-12 Deral Heiland has reported a vulnerability in various OmniSwitch products, which can be exploited by malicious people to cause a DoS (Denial of Service) or to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/31435/ -- [SA31391] 8e6 R3000 "Host" URL Filter Bypass Vulnerability Critical: Less critical Where: From local network Impact: Security Bypass Released: 2008-08-07 nnposter has reported a vulnerability in 8e6 R3000 Internet Filter, which can be exploited by malicious people to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/31391/ -- [SA31329] Xerox Phaser 8400 Denial of Service Vulnerability Critical: Less critical Where: From local network Impact: DoS Released: 2008-08-06 crit3rion has reported a vulnerability in Xerox Phaser 8400, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/31329/ Cross Platform:-- [SA31475] Freeway File Inclusion and Cross-Site Scripting Vulnerabilities Critical: Highly critical Where: From remote Impact: Cross Site Scripting, System access Released: 2008-08-13 Some vulnerabilities have been reported in Freeway, which can be exploited by malicious people to conduct cross-site scripting attacks and compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/31475/ -- [SA31424] pPIM Multiple Vulnerabilities Critical: Highly critical Where: From remote Impact: Security Bypass, Cross Site Scripting, Manipulation of data, System access Released: 2008-08-12 Some vulnerabilities have been discovered in pPIM (Phlatline's Personal Information Manager), which can be exploited by malicious people or users to manipulate data and compromise a vulnerable system, and by malicious people to conduct cross-site scripting attacks and bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/31424/ -- [SA31394] e107 download.php "extract()" Vulnerability Critical: Highly critical Where: From remote Impact: Manipulation of data, System access Released: 2008-08-08 James Bercegay has discovered a vulnerability in e107, which can be exploited by malicious people to conduct SQL injection attacks and compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/31394/ -- [SA31389] LoveCMS Multiple Vulnerabilities Critical: Highly critical Where: From remote Impact: Security Bypass, System access Released: 2008-08-06 PoMdaPiMp has reported some vulnerabilities in LoveCMS, which can be exploited by malicious people to bypass certain security restrictions and compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/31389/ -- [SA31374] Contenido Unspecified File Inclusion Vulnerabilities Critical: Highly critical Where: From remote Impact: System access Released: 2008-08-07 Some vulnerabilities have been reported in Contenido, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/31374/ -- [SA31484] PHP Realty "docID" SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Manipulation of data, Exposure of sensitive information Released: 2008-08-13 CraCkEr has reported a vulnerability in PHP Realty, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/31484/ -- [SA31476] Sun Java System Web Proxy Server FTP Subsystem Denial of Service Critical: Moderately critical Where: From remote Impact: DoS Released: 2008-08-13 A vulnerability has been reported in Sun Java System Web Proxy Server, which can be exploited by malicious, local users and malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/31476/ -- [SA31466] Ventrilo Server Denial of Service Vulnerability Critical: Moderately critical Where: From remote Impact: DoS Released: 2008-08-13 Luigi Auriemma and Andre Malm have reported a vulnerability in Ventrilo Server, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/31466/ -- [SA31463] NavBoard Local File Inclusion and Cross-Site Scripting Critical: Moderately critical Where: From remote Impact: Cross Site Scripting, Exposure of system information, Exposure of sensitive information Released: 2008-08-14 CraCkEr has discovered some vulnerabilities in NavBoard, which can be exploited by malicious people to conduct cross-site scripting attacks and disclose sensitive information. Full Advisory: http://secunia.com/advisories/31463/ -- [SA31462] Drupal Multiple Vulnerabilities Critical: Moderately critical Where: From remote Impact: Cross Site Scripting, Manipulation of data, System access Released: 2008-08-14 Some vulnerabilities have been reported in Drupal, which can be exploited by malicious users to conduct script insertion attacks and compromise a vulnerable system, and by malicious people to conduct cross-site scripting and cross-site request forgery attacks. Full Advisory: http://secunia.com/advisories/31462/ -- [SA31456] Gelato "img" File Disclosure Vulnerability Critical: Moderately critical Where: From remote Impact: Exposure of system information, Exposure of sensitive information Released: 2008-08-13 jiko has discovered a vulnerability in Gelato, which can be exploited by malicious people to disclose sensitive information. Full Advisory: http://secunia.com/advisories/31456/ -- [SA31447] VitalQIP DNS Cache Poisoning Vulnerability Critical: Moderately critical Where: From remote Impact: Spoofing Released: 2008-08-14 Alcatel-Lucent has acknowledged a vulnerability in VitalQIP, which can be exploited by malicious people to poison the DNS cache. Full Advisory: http://secunia.com/advisories/31447/ -- [SA31431] Kayako SupportSuite Multiple Vulnerabilities Critical: Moderately critical Where: From remote Impact: Cross Site Scripting, Manipulation of data Released: 2008-08-12 James Bercegay has reported some vulnerabilities in Kayako SupportSuite, which can be exploited by malicious users to conduct SQL injection attacks, and by malicious people to conduct cross-site scripting and script insertion attacks. Full Advisory: http://secunia.com/advisories/31431/ -- [SA31430] Ruby Multiple Vulnerabilities Critical: Moderately critical Where: From remote Impact: Security Bypass, Spoofing, DoS Released: 2008-08-11 Some vulnerabilities have been reported in Ruby, which can be exploited by malicious people to bypass certain security restrictions, cause a DoS (Denial of Service), and conduct spoofing attacks. Full Advisory: http://secunia.com/advisories/31430/ -- [SA31427] Skulltag NULL Pointer Dereference Denial of Service Critical: Moderately critical Where: From remote Impact: DoS Released: 2008-08-11 Luigi Auriemma has reported a vulnerability in Skulltag, which can be exploited by malicious people to a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/31427/ -- [SA31421] Vacation Rental Script "id" SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2008-08-12 CraCkEr has discovered a vulnerability in Vacation Rental Script, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/31421/ -- [SA31419] Quicksilver Forums "forums[]" SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2008-08-11 irk4z has discovered a vulnerability in Quicksilver Forums, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/31419/ -- [SA31414] RTH File Disclosure and SQL Injection Vulnerabilities Critical: Moderately critical Where: From remote Impact: Manipulation of data, Exposure of system information, Exposure of sensitive information Released: 2008-08-08 Some vulnerabilities have been reported in RTH, which can be exploited by malicious people to conduct SQL injection attacks or to disclose sensitive information. Full Advisory: http://secunia.com/advisories/31414/ -- [SA31408] OpenImpro "id" SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Manipulation of data, Exposure of sensitive information Released: 2008-08-11 nuclear has discovered a vulnerability in OpenImpro, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/31408/ -- [SA31406] Harmoni "Username" Script Insertion Vulnerability Critical: Moderately critical Where: From remote Impact: Cross Site Scripting Released: 2008-08-11 A vulnerability has been reported in Harmoni, which can be exploited by malicious people to conduct script insertion attacks. Full Advisory: http://secunia.com/advisories/31406/ -- [SA31392] WSN Products "TID" Local File Inclusion Critical: Moderately critical Where: From remote Impact: Exposure of system information, Exposure of sensitive information, System access Released: 2008-08-08 otmorozok428 has reported a vulnerability in various WSN products, which can be exploited by malicious users to disclose sensitive information and compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/31392/ -- [SA31383] Free Hosting Manager Insecure Cookie Handling Vulnerability Critical: Moderately critical Where: From remote Impact: Security Bypass Released: 2008-08-07 lvlr-Erfan has discovered a vulnerability in Free Hosting Manager, which can be exploited by malicious people to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/31383/ -- [SA31382] PowerGap Shopsystem "ag" SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2008-08-08 Rohit Bansal has reported a vulnerability in PowerGap Shopsystem, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/31382/ -- [SA31381] Apache Tomcat 6 Multiple Vulnerabilities Critical: Moderately critical Where: From remote Impact: Security Bypass, Cross Site Scripting, Exposure of system information, Exposure of sensitive information Released: 2008-08-04 Some vulnerabilities have been reported in Apache Tomcat, which can be exploited by malicious people to conduct cross-site scripting attacks, bypass certain security restrictions, or disclose sensitive information. Full Advisory: http://secunia.com/advisories/31381/ -- [SA31379] Apache Tomcat Multiple Vulnerabilities Critical: Moderately critical Where: From remote Impact: Security Bypass, Cross Site Scripting, Exposure of system information, Exposure of sensitive information Released: 2008-08-04 Some vulnerabilities have been reported in Apache Tomcat, which can be exploited by malicious people to conduct cross-site scripting attacks, bypass certain security restrictions, or disclose sensitive information. Full Advisory: http://secunia.com/advisories/31379/ -- [SA31367] Gallery Multiple Vulnerabilities Critical: Moderately critical Where: From remote Impact: Security Bypass, Cross Site Scripting, Manipulation of data, Exposure of system information, Exposure of sensitive information Released: 2008-08-06 Some vulnerabilities have been reported in Gallery, which can be exploited by malicious users to disclose sensitive information, bypass certain security restrictions, and manipulate data, and by malicious people to conduct cross-site scripting attacks and disclose sensitive information. Full Advisory: http://secunia.com/advisories/31367/ -- [SA31362] Chupix Contact Module "mods" Local File Inclusion Critical: Moderately critical Where: From remote Impact: Exposure of system information, Exposure of sensitive information Released: 2008-08-08 A vulnerability has been discovered in the Contact module for Chupix, which can be exploited by malicious people to disclose sensitive information. Full Advisory: http://secunia.com/advisories/31362/ -- [SA31353] America's Army Special Forces UDP Processing Denial of Service Critical: Moderately critical Where: From remote Impact: DoS Released: 2008-08-04 Luigi Auriemma has reported a vulnerability in America's Army Special Forces, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/31353/ -- [SA31350] OpenTTD "TruncateString()" Buffer Overflow Vulnerability Critical: Moderately critical Where: From remote Impact: DoS, System access Released: 2008-08-04 A vulnerability has been reported in OpenTTD, which potentially can be exploited by malicious people to cause a DoS (Denial of Service) or to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/31350/ -- [SA31345] Scripts24 iTGP "id" SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2008-08-05 Mr.SQL has reported a vulnerability in Scripts24 iTGP, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/31345/ -- [SA31344] Scripts24 iPost "id" SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2008-08-05 Mr.SQL has reported a vulnerability in Scripts24 iPost, which can be exploited by malicious people to conduct SQL injections attacks. Full Advisory: http://secunia.com/advisories/31344/ -- [SA31327] moziloCMS "cat" File Disclosure Vulnerability Critical: Moderately critical Where: From remote Impact: Exposure of system information, Exposure of sensitive information Released: 2008-08-04 Ams has discovered a vulnerability in moziloCMS, which can be exploited by malicious people to disclose sensitive information. Full Advisory: http://secunia.com/advisories/31327/ -- [SA31488] Datafeed Studio search.php Cross-Site Scripting Vulnerability Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2008-08-13 A vulnerability has been reported in Datafeed Studio, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/31488/ -- [SA31487] PhpLinkExchange "catid" Cross-Site Scripting Vulnerability Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2008-08-14 A vulnerability has been reported in PhpLinkExchange, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/31487/ -- [SA31483] Openfire "url" Cross-Site Scripting Vulnerability Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2008-08-14 Matt Tucker has discovered a vulnerability in Openfire, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/31483/ -- [SA31464] Vim Netrw FTP Credentials Disclosure Security Issue Critical: Less critical Where: From remote Impact: Exposure of sensitive information Released: 2008-08-13 Jan Minar has discovered a security issue in Vim, which can be exploited by malicious people to disclose sensitive information. Full Advisory: http://secunia.com/advisories/31464/ -- [SA31460] Drupal Cross-Site Request Forgery and Security Bypass Critical: Less critical Where: From remote Impact: Security Bypass, Cross Site Scripting, Manipulation of data, Exposure of sensitive information Released: 2008-08-14 Two vulnerabilities have been reported in Drupal, which can be exploited by malicious users to bypass certain security restrictions, and by malicious people to conduct cross-site request forgeries. Full Advisory: http://secunia.com/advisories/31460/ -- [SA31439] IceBB "skin" SQL Injection Vulnerability Critical: Less critical Where: From remote Impact: Manipulation of data, Privilege escalation Released: 2008-08-12 matt & zach have discovered a vulnerability in IceBB, which can be exploited by malicious users to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/31439/ -- [SA31355] MRBS "area" Cross-Site Scripting Vulnerabilities Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2008-08-05 Some vulnerabilities have been discovered in MRBS (Meeting Room Booking System), which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/31355/ -- [SA31349] freeForum Cross-Site Scripting Vulnerability Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2008-08-05 ahmadbady has discovered a vulnerability in freeForum, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/31349/ -- [SA31340] Crafty Syntax Live Help "department" Cross-Site Scripting Vulnerability Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2008-08-06 modernape has reported a vulnerability in Crafty Syntax Live Help, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/31340/ -- [SA31333] Novell iManager Property Book Security Bypass Critical: Less critical Where: From remote Impact: Security Bypass Released: 2008-08-01 A security issue has been reported in Novell iManager, which can be exploited by malicious users to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/31333/ -- [SA31330] OpenSC CardOS Improper Initialization Security Issue Critical: Less critical Where: From remote Impact: Security Bypass Released: 2008-08-01 A security issue has been reported in OpenSC, which can be exploited by malicious people to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/31330/ -- [SA31323] HTTrack Long URLs Buffer Overflow Vulnerability Critical: Less critical Where: From remote Impact: System access Released: 2008-08-04 A security issue has been reported in HTTrack, which potentially can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/31323/ -- [SA31357] Ingres Multiple Vulnerabilities Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2008-08-04 Some vulnerabilities have been reported in Ingres, which can be exploited by malicious, local users to gain escalated privileges. Full Advisory: http://secunia.com/advisories/31357/ -- [SA31407] PowerDNS Malformed Queries Handling Weakness Critical: Not critical Where: From remote Impact: Spoofing Released: 2008-08-07 A weakness has been reported in PowerDNS, which can be exploited by malicious people to conduct spoofing attacks. Full Advisory: http://secunia.com/advisories/31407/ -- [SA31338] Mono ASP.net Cross-Site Scripting Critical: Not critical Where: From remote Impact: Cross Site Scripting Released: 2008-08-06 Dean Brettle has reported some security issues in Mono, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/31338/ -- [SA31335] Sun Netra T5220 Server Local Denial of Service Critical: Not critical Where: Local system Impact: DoS Released: 2008-08-06 A vulnerability has been reported in Sun Netra T5220 Server, which can be exploited by malicious, local users to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/31335/ ======================================================================== Secunia recommends that you verify all advisories you receive, by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Subscribe: http://secunia.com/secunia_weekly_summary/ Contact details: Web : http://secunia.com/ E-mail : support_at_private Tel : +45 70 20 51 44 Fax : +45 70 20 51 45 __________________________________________________ Visit Defcon Pics - Defcon Memory Repository http://www.defconpics.orgReceived on Fri Aug 15 2008 - 00:05:09 PDT
This archive was generated by hypermail 2.2.0 : Fri Aug 15 2008 - 00:13:17 PDT