[ISN] Secunia Weekly Summary - Issue: 2008-35

From: InfoSec News <alerts_at_private>
Date: Fri, 29 Aug 2008 05:07:57 -0500 (CDT)
========================================================================

                  The Secunia Weekly Advisory Summary                  
                        2008-08-21 - 2008-08-28                        

                       This week: 77 advisories                        

========================================================================
Table of Contents:

1.....................................................Word From Secunia
2....................................................This Week In Brief
3...............................This Weeks Top Ten Most Read Advisories
4.......................................Vulnerabilities Summary Listing
5.......................................Vulnerabilities Content Listing

========================================================================
1) Word From Secunia:

Try the Secunia Network Software Inspector (NSI) 2.0 for free! The
Secunia NSI 2.0 is available as a 7-day trial download and can be used
to scan up to 3 hosts within your network.

Download the Secunia NSI trial version from:
https://psi.secunia.com/NSISetup.exe

========================================================================
2) This Week in Brief:

Secunia Research has discovered multiple vulnerabilities in Novell
iPrint Client, which can be exploited by malicious people to gain
knowledge of potentially sensitive information or compromise a user's
system.

For more information, refer to:
http://secunia.com/advisories/30667/

 --

Secunia Research has discovered a vulnerability in Trend Micro
OfficeScan, which can be exploited by malicious people to bypass
authentication.

For more information, refer to:
http://secunia.com/advisories/31373/

 --

VIRUS ALERTS:

During the past week Secunia collected 215 virus descriptions from the
Antivirus vendors. However, none were deemed MEDIUM risk or higher
according to the Secunia assessment scale.

========================================================================
3) This Weeks Top Ten Most Read Advisories:

1.  [SA31549] Opera Multiple Vulnerabilities
2.  [SA31373] Trend Micro Products Web Management Authentication Bypass
3.  [SA31575] Red Hat Update for Tampered OpenSSH Packages
4.  [SA31579] Linux Kernel "rt6_fill_node()" Denial of Service
              Vulnerability
5.  [SA14652] Subdreamer Light Global Variables SQL Injection
              Vulnerability
6.  [SA31561] Xen "flask_op" Buffer Overflow Vulnerability
7.  [SA31552] vBulletin Private Message Subject Script Insertion
8.  [SA31559] Folder Lock Weak Password Encryption Security Issue
9.  [SA30667] Novell iPrint Client ActiveX Control Multiple
              Vulnerabilities
10. [SA31557] TimeTrex "interface/Login.php" Cross-Site Scripting

========================================================================
4) Vulnerabilities Summary Listing

Windows:
[SA31615] SoftArtisans XFile FileManager ActiveX Control Multiple
Buffer Overflows
[SA31616] HP Enterprise Discovery Unspecified Privilege Escalation
[SA31607] Pluck blog_include_react.php Local File Inclusion
[SA31631] KM Scanner File Utility Multiple Vulnerabilities
[SA31618] TIBCO Hawk Multiple Buffer Overflow Vulnerabilities
[SA31637] Smart Survey "sid" Cross-Site Scripting Vulnerability

UNIX/Linux:
[SA31620] Ubuntu update for yelp
[SA31600] SUSE update for Sun Java
[SA31586] SUSE update for IBM Java
[SA31580] SUSE update for IBMJava2-JRE and IBMJava2-SDK
[SA31576] Astaro update for ClamAV
[SA31567] xine-lib Multiple Vulnerabilities
[SA31646] Red Hat update for openoffice.org
[SA31639] Red Hat update for tomcat
[SA31638] Sharity Unspecified Vulnerability
[SA31628] Red Hat update for kernel
[SA31624] Red Hat update for ipsec-tools
[SA31623] Debian update for tiff
[SA31604] Avaya Products Perl Regular Expressions Unicode Data Buffer
Overflow
[SA31590] Debian update for libxml2
[SA31577] Avaya Communication Manager FreeType Multiple
Vulnerabilities
[SA31575] Red Hat Update for Tampered OpenSSH Packages
[SA31566] Red Hat update for libxml2
[SA31565] Red Hat Directory Server Multiple Vulnerabilities
[SA31651] HP-UX update for Apache
[SA31633] BitlBee Account Recreation Security Issue
[SA31625] Xoops PopnupBlog Module "index.php" Cross-Site Scripting
[SA31612] Red Hat update for adminutil
[SA31589] Photo Cart "qtitle" Cross-Site Scripting Vulnerability
[SA31627] Red Hat Directory Server Denial of Service Vulnerabilities
[SA31597] NetBSD PPPoE Packet Processing Tag Length Vulnerability
[SA31568] Avaya Products Net-snmp Multiple Vulnerabilities
[SA31658] Honeyd "test.sh" Insecure Temporary Files
[SA31648] Citadel "migrate_aliases.sh" Insecure Temporary Files
[SA31647] R "javareconf" Insecure Temporary Files
[SA31614] Ubuntu update for kernel
[SA31605] DriveCrypt Plus Pack Password Disclosure Security Issue
[SA31581] OpenVMS SMGSHR.EXE Buffer Overflow Vulnerability
[SA31561] Xen "flask_op" Buffer Overflow Vulnerability
[SA31592] Vim Shell Command Injection Weaknesses
[SA31659] Tiger "genmsgidx" Insecure Temporary Files
[SA31657] Ampache "gather-messages.sh" Insecure Temporary Files
[SA31622] Sun Solaris NFS RPC Zones Denial of Service
[SA31601] Samba "group_mapping.tdb" Insecure Permissions Security
Issue
[SA31598] Sun Solaris NFS Kernel Module Denial of Service
[SA31579] Linux Kernel "rt6_fill_node()" Denial of Service
Vulnerability

Other:
[SA31572] Accellion File Transfer Appliance "forgot_password.html"
Cross-Site Scripting

Cross Platform:
[SA31603] JustSystems Ichitaro Products Unspecified Code Execution
Vulnerability
[SA31630] AWStats Totals Cross-site Scripting and PHP Code Execution
[SA31641] Quick Poll "id" SQL Injection Vulnerability
[SA31640] OpenOffice "rtl_allocateMemory()" Truncation Vulnerability
[SA31635] IBM DB2 CLR Stored Procedures Unspecified Vulnerability
[SA31626] Million Pixel Ad Script "id_cat" SQL Injection
[SA31621] Kolifa.net Download Script "id" SQL Injection Vulnerability
[SA31610] LibTIFF LZW Decoder Buffer Underflow Vulnerability
[SA31602] Ruby REXML Denial of Service Vulnerability
[SA31599] CMME Multiple Vulnerabilities
[SA31585] Five Star Review Script SQL Injection and Cross-Site
Scripting
[SA31584] MiaCMS "id" SQL Injection Vulnerabilities
[SA31582] LacoodaST Multiple Vulnerabilities
[SA31574] La!cooda WIZ Multiple Vulnerabilities
[SA31573] Crafty Syntax Live Help "department" SQL Injection
Vulnerabilities
[SA31571] Pars4u Videosharing V1 "cat_id" SQL Injection
[SA31570] Easy Site Local File Inclusion and Directory Listing
Vulnerabilities
[SA31569] TinyCMS "config[template]" Local File Inclusion
Vulnerability
[SA31564] Matterdaddy Market "index.php" SQL Injection
[SA31563] FAR-PHP "c" Local File Inclusion Vulnerability
[SA31562] CCMS Gaming "id" SQL Injection Vulnerability
[SA31560] webEdition CMS "we_objectID" SQL Injection Vulnerability
[SA31643] Mono Sys.Web HTTP Header Injection Vulnerability
[SA31634] IBM Lotus Quickr Multiple Cross-Site Scripting
Vulnerabilities
[SA31611] mysql-lists Unspecified Cross-Site Scripting Vulnerability
[SA31609] Civic Website Manager Calendar Control Cross-Site Scripting
[SA31608] AN Guestbook Cross-Site Scripting Vulnerabilities
[SA31606] ezContents Multiple Local File Inclusion Vulnerabilities
[SA31596] GBrowse Cross-Site Scripting Vulnerability
[SA31591] ACG-PTP Multiple Script Insertion Vulnerabilities

========================================================================
5) Vulnerabilities Content Listing

Windows:--

[SA31615] SoftArtisans XFile FileManager ActiveX Control Multiple
Buffer Overflows

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2008-08-26

Will Dormann has reported some vulnerabilities in SoftArtisans XFile,
which can be exploited by malicious people to compromise a user's
system.

Full Advisory:
http://secunia.com/advisories/31615/

 --

[SA31616] HP Enterprise Discovery Unspecified Privilege Escalation

Critical:    Moderately critical
Where:       From remote
Impact:      Privilege escalation
Released:    2008-08-27

A vulnerability has been reported in HP Enterprise Discovery, which can
be exploited by malicious users to gain escalated privileges.

Full Advisory:
http://secunia.com/advisories/31616/

 --

[SA31607] Pluck blog_include_react.php Local File Inclusion

Critical:    Moderately critical
Where:       From remote
Impact:      Exposure of system information, Exposure of sensitive
information
Released:    2008-08-26

Digital Security Research Group have reported two vulnerabilities in
Pluck, which can be exploited by malicious people to disclose sensitive
information.

Full Advisory:
http://secunia.com/advisories/31607/

 --

[SA31631] KM Scanner File Utility Multiple Vulnerabilities

Critical:    Moderately critical
Where:       From local network
Impact:      DoS, System access, Security Bypass
Released:    2008-08-27

Seth Fogie has reported some vulnerabilities in KM Scanner File
Utility, which can be exploited by malicious people to cause a DoS
(Denial of Service), bypass certain security restrictions, and
compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/31631/

 --

[SA31618] TIBCO Hawk Multiple Buffer Overflow Vulnerabilities

Critical:    Moderately critical
Where:       From local network
Impact:      Exposure of sensitive information, DoS, System access
Released:    2008-08-26

Some vulnerabilities have been reported in multiple TIBCO products,
which can be exploited by malicious people to disclose sensitive
information, cause a DoS (Denial of Service), or to compromise a
vulnerable system.

Full Advisory:
http://secunia.com/advisories/31618/

 --

[SA31637] Smart Survey "sid" Cross-Site Scripting Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2008-08-27

Bug Researchers Group has reported a vulnerability in Smart Survey,
which can be exploited by malicious people to conduct cross-site
scripting attacks.

Full Advisory:
http://secunia.com/advisories/31637/


UNIX/Linux:--

[SA31620] Ubuntu update for yelp

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2008-08-28

Ubuntu has issued an update for yelp. This fixes a vulnerability, which
can be exploited by malicious people to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/31620/

 --

[SA31600] SUSE update for Sun Java

Critical:    Highly critical
Where:       From remote
Impact:      Security Bypass, Exposure of system information, Exposure
of sensitive information, DoS, System access
Released:    2008-08-25

SUSE has issued an update for Sun Java. This fixes some
vulnerabilities, which can be exploited by malicious people to bypass
certain security restrictions, disclose system information or
potentially sensitive information, cause a DoS (Denial of Service), or
compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/31600/

 --

[SA31586] SUSE update for IBM Java

Critical:    Highly critical
Where:       From remote
Impact:      Security Bypass, DoS, System access
Released:    2008-08-25

SUSE has issued an update for IBM Java. This fixes some
vulnerabilities, which can be exploited by malicious people to bypass
certain security restrictions, cause a DoS (Denial of Service), and
compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/31586/

 --

[SA31580] SUSE update for IBMJava2-JRE and IBMJava2-SDK

Critical:    Highly critical
Where:       From remote
Impact:      Security Bypass, DoS, System access
Released:    2008-08-25

SUSE has issued an update for IBMJava2-JRE and IBMJava2-SDK. This fixes
some vulnerabilities, which can be exploited by malicious people to
bypass certain security restrictions, cause a DoS (Denial of Service),
and compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/31580/

 --

[SA31576] Astaro update for ClamAV

Critical:    Highly critical
Where:       From remote
Impact:      Security Bypass, DoS, System access
Released:    2008-08-22

Astaro has issued an update for ClamAV. This fixes some
vulnerabilities, which potentially can be exploited by malicious people
to bypass certain security restrictions, cause a DoS (Denial of
Service), or compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/31576/

 --

[SA31567] xine-lib Multiple Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2008-08-25

Some vulnerabilities have been reported in xine-lib, which potentially
can be exploited by malicious people to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/31567/

 --

[SA31646] Red Hat update for openoffice.org

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2008-08-28

Red Hat has issued an update for openoffice.org. This fixes a
vulnerability, which potentially can be exploited by malicious people
to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/31646/

 --

[SA31639] Red Hat update for tomcat

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass, Cross Site Scripting, Exposure of system
information, Exposure of sensitive information
Released:    2008-08-28

Red Hat has issued an update for tomcat. This fixes some
vulnerabilities, which can be exploited by malicious people to conduct
cross-site scripting attacks, bypass certain security restrictions, or
disclose sensitive information.

Full Advisory:
http://secunia.com/advisories/31639/

 --

[SA31638] Sharity Unspecified Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Unknown
Released:    2008-08-27

A vulnerability with an unknown impact has been reported in Sharity.

Full Advisory:
http://secunia.com/advisories/31638/

 --

[SA31628] Red Hat update for kernel

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass, Exposure of sensitive information,
Privilege escalation, DoS
Released:    2008-08-27

Red Hat has issued an update for the kernel. This fixes some
vulnerabilities, which can be exploited by malicious, local users to
bypass certain security restrictions, disclose potentially sensitive
information, cause a DoS (Denial of Service), and potentially gain
escalated privileges, and by malicious people to cause a DoS.

Full Advisory:
http://secunia.com/advisories/31628/

 --

[SA31624] Red Hat update for ipsec-tools

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2008-08-27

Red Hat has issued an update for ipsec-tools. This fixes two
vulnerabilities, which can be exploited by malicious users and
malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/31624/

 --

[SA31623] Debian update for tiff

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2008-08-27

Debian has issued an update for tiff. This fixes a vulnerability, which
can be exploited by malicious people to cause a DoS (Denial of Service)
or to potentially compromise a user's system.

Full Advisory:
http://secunia.com/advisories/31623/

 --

[SA31604] Avaya Products Perl Regular Expressions Unicode Data Buffer
Overflow

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2008-08-25

Avaya has acknowledged a vulnerability in various Avaya products, which
can potentially be exploited by malicious people to compromise a
vulnerable system.

Full Advisory:
http://secunia.com/advisories/31604/

 --

[SA31590] Debian update for libxml2

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2008-08-25

Debian has issued an update for libxml2. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/31590/

 --

[SA31577] Avaya Communication Manager FreeType Multiple
Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2008-08-22

Avaya has acknowledged some vulnerabilities in Avaya Communication
Manager, which potentially can be exploited by malicious people to
compromise an application using the FreeType library.

Full Advisory:
http://secunia.com/advisories/31577/

 --

[SA31575] Red Hat Update for Tampered OpenSSH Packages

Critical:    Moderately critical
Where:       From remote
Impact:      Unknown
Released:    2008-08-22

Red Hat has issued an update for openssh, which corrects  a small
number of OpenSSH packages that have been tampered with.

Full Advisory:
http://secunia.com/advisories/31575/

 --

[SA31566] Red Hat update for libxml2

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2008-08-22

Red Hat has issued an update for libxml2. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/31566/

 --

[SA31565] Red Hat Directory Server Multiple Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting, DoS, System access
Released:    2008-08-28

Some vulnerabilities have been reported in Red Hat Directory Server,
which can be exploited by malicious people to conduct cross-site
scripting attacks, cause a DoS (Denial of Service), and potentially
compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/31565/

 --

[SA31651] HP-UX update for Apache

Critical:    Less critical
Where:       From remote
Impact:      DoS
Released:    2008-08-28

HP has issued an update for Apache. This fixes a vulnerability, which
potentially can be exploited by malicious people to cause a DoS (Denial
of Service).

Full Advisory:
http://secunia.com/advisories/31651/

 --

[SA31633] BitlBee Account Recreation Security Issue

Critical:    Less critical
Where:       From remote
Impact:      Hijacking, Security Bypass
Released:    2008-08-27

A security issue has been reported in BitlBee, which can be exploited
by malicious people to bypass certain security restrictions and hijack
accounts.

Full Advisory:
http://secunia.com/advisories/31633/

 --

[SA31625] Xoops PopnupBlog Module "index.php" Cross-Site Scripting

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2008-08-27

Lostmon has discovered two vulnerabilities in the PopnupBlog module for
Xoops, which can be exploited by malicious people to conduct cross-site
scripting attacks.

Full Advisory:
http://secunia.com/advisories/31625/

 --

[SA31612] Red Hat update for adminutil

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2008-08-28

Red Hat has issued an update for adminutil. This fixes some
vulnerabilities, which can be exploited by malicious people to conduct
cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/31612/

 --

[SA31589] Photo Cart "qtitle" Cross-Site Scripting Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2008-08-25

Tyler Trioxide has reported a vulnerability in Photo Cart, which can be
exploited by malicious people to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/31589/

 --

[SA31627] Red Hat Directory Server Denial of Service Vulnerabilities

Critical:    Less critical
Where:       From local network
Impact:      DoS
Released:    2008-08-28

Some vulnerabilities have been reported in Red Hat Directory Server,
which can be exploited by malicious people to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/31627/

 --

[SA31597] NetBSD PPPoE Packet Processing Tag Length Vulnerability

Critical:    Less critical
Where:       From local network
Impact:      DoS, System access
Released:    2008-08-26

A vulnerability has been reported in NetBSD, which can be exploited by
malicious people to cause a DoS (Denial of Service) and potentially
compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/31597/

 --

[SA31568] Avaya Products Net-snmp Multiple Vulnerabilities

Critical:    Less critical
Where:       From local network
Impact:      Spoofing, DoS, System access
Released:    2008-08-22

Avaya has acknowledged some vulnerabilities in various Avaya products,
which can be exploited by malicious people to spoof authenticated
SNMPv3 packets or to potentially compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/31568/

 --

[SA31658] Honeyd "test.sh" Insecure Temporary Files

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2008-08-28

A security issue has been reported in Honeyd, which can be exploited by
malicious, local users to perform certain actions with escalated
privileges.

Full Advisory:
http://secunia.com/advisories/31658/

 --

[SA31648] Citadel "migrate_aliases.sh" Insecure Temporary Files

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2008-08-28

A security issue has been discovered in Citadel, which can be exploited
by malicious, local users to perform certain actions with escalated
privileges.

Full Advisory:
http://secunia.com/advisories/31648/

 --

[SA31647] R "javareconf" Insecure Temporary Files

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2008-08-28

A security issue has been reported in R, which can be exploited by
malicious, local users to perform certain actions with escalated
privileges.

Full Advisory:
http://secunia.com/advisories/31647/

 --

[SA31614] Ubuntu update for kernel

Critical:    Less critical
Where:       Local system
Impact:      Security Bypass, Privilege escalation, DoS
Released:    2008-08-26

Ubuntu has issued an update for the kernel. This fixes some
vulnerabilities, which can be exploited by malicious, local users to
bypass certain security restrictions, cause a DoS (Denial of Service),
and potentially gain escalated privileges.

Full Advisory:
http://secunia.com/advisories/31614/

 --

[SA31605] DriveCrypt Plus Pack Password Disclosure Security Issue

Critical:    Less critical
Where:       Local system
Impact:      Exposure of sensitive information
Released:    2008-08-27

A security issue has been discovered in DriveCrypt Plus Pack, which can
be exploited by malicious, local users to disclose sensitive
information.

Full Advisory:
http://secunia.com/advisories/31605/

 --

[SA31581] OpenVMS SMGSHR.EXE Buffer Overflow Vulnerability

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2008-08-26

A vulnerability has been reported in OpenVMS, which can be exploited by
malicious, local users to gain escalated privileges.

Full Advisory:
http://secunia.com/advisories/31581/

 --

[SA31561] Xen "flask_op" Buffer Overflow Vulnerability

Critical:    Less critical
Where:       Local system
Impact:      Security Bypass, DoS
Released:    2008-08-22

A vulnerability has been reported in Xen, which can be exploited by
malicious, local users to cause a DoS (Denial of Service) or
potentially bypass certain security restrictions.

Full Advisory:
http://secunia.com/advisories/31561/

 --

[SA31592] Vim Shell Command Injection Weaknesses

Critical:    Not critical
Where:       From remote
Impact:      System access
Released:    2008-08-25

Some weaknesses have been reported in Vim, which can be exploited by
malicious people to potentially compromise a user's system.

Full Advisory:
http://secunia.com/advisories/31592/

 --

[SA31659] Tiger "genmsgidx" Insecure Temporary Files

Critical:    Not critical
Where:       Local system
Impact:      Privilege escalation
Released:    2008-08-28

A security issue has been reported in Tiger, which can be exploited by
malicious, local users to perform certain actions with escalated
privileges.

Full Advisory:
http://secunia.com/advisories/31659/

 --

[SA31657] Ampache "gather-messages.sh" Insecure Temporary Files

Critical:    Not critical
Where:       Local system
Impact:      Privilege escalation
Released:    2008-08-28

A security issue has been reported in Ampache, which can be exploited
by malicious, local users to perform certain actions with escalated
privileges.

Full Advisory:
http://secunia.com/advisories/31657/

 --

[SA31622] Sun Solaris NFS RPC Zones Denial of Service

Critical:    Not critical
Where:       Local system
Impact:      DoS
Released:    2008-08-27

A vulnerability has been reported in Sun Solaris, which can be
exploited by malicious, local users to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/31622/

 --

[SA31601] Samba "group_mapping.tdb" Insecure Permissions Security
Issue

Critical:    Not critical
Where:       Local system
Impact:      Security Bypass
Released:    2008-08-26

A security issue has been reported in Samba, which can be exploited by
malicious, local users to bypass certain security restrictions.

Full Advisory:
http://secunia.com/advisories/31601/

 --

[SA31598] Sun Solaris NFS Kernel Module Denial of Service

Critical:    Not critical
Where:       Local system
Impact:      DoS
Released:    2008-08-25

A vulnerability has been reported in Sun Solaris, which can be
exploited by malicious, local users to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/31598/

 --

[SA31579] Linux Kernel "rt6_fill_node()" Denial of Service
Vulnerability

Critical:    Not critical
Where:       Local system
Impact:      DoS
Released:    2008-08-22

A vulnerability has been reported in the Linux kernel, which can be
exploited by malicious, local users to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/31579/


Other:--

[SA31572] Accellion File Transfer Appliance "forgot_password.html"
Cross-Site Scripting

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2008-08-26

Eric BEAULIEU has reported a vulnerability in Accellion File Transfer
Appliance, which can be exploited by malicious people to conduct
cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/31572/


Cross Platform:--

[SA31603] JustSystems Ichitaro Products Unspecified Code Execution
Vulnerability

Critical:    Extremely critical
Where:       From remote
Impact:      System access
Released:    2008-08-28

A vulnerability has been reported in JustSystems Ichitaro products,
which can be exploited by malicious people to compromise a user's
system.

Full Advisory:
http://secunia.com/advisories/31603/

 --

[SA31630] AWStats Totals Cross-site Scripting and PHP Code Execution

Critical:    Highly critical
Where:       From remote
Impact:      Cross Site Scripting, System access
Released:    2008-08-27

Emory University has reported some vulnerabilities in AWStats Totals,
which can be exploited by malicious people to conduct cross-site
scripting attacks or to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/31630/

 --

[SA31641] Quick Poll "id" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2008-08-28

Hussin X has reported a vulnerability in Quick Poll, which can be
exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/31641/

 --

[SA31640] OpenOffice "rtl_allocateMemory()" Truncation Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2008-08-28

A vulnerability has been reported in OpenOffice, which potentially can
be exploited by malicious people to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/31640/

 --

[SA31635] IBM DB2 CLR Stored Procedures Unspecified Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Unknown
Released:    2008-08-27

A vulnerability with an unknown impact has been reported in IBM DB2.

Full Advisory:
http://secunia.com/advisories/31635/

 --

[SA31626] Million Pixel Ad Script "id_cat" SQL Injection

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2008-08-27

Hussin X has reported a vulnerability in Million Pixel Ad Script
(Million Pixel Script), which can be exploited by malicious people to
conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/31626/

 --

[SA31621] Kolifa.net Download Script "id" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2008-08-27

Kacak has reported a vulnerability in Kolifa.net Download Script, which
can be exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/31621/

 --

[SA31610] LibTIFF LZW Decoder Buffer Underflow Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2008-08-26

A vulnerability has been reported in LibTIFF, which can be exploited by
malicious people to cause a DoS (Denial of Service) or to potentially
compromise a user's system.

Full Advisory:
http://secunia.com/advisories/31610/

 --

[SA31602] Ruby REXML Denial of Service Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2008-08-25

A vulnerability has been reported in Ruby, which can be exploited by
malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/31602/

 --

[SA31599] CMME Multiple Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting, Exposure of system information,
Exposure of sensitive information
Released:    2008-08-28

SirGod has discovered some vulnerabilities and a security issue in CMME
(Content Management Made Easy), which can be exploited by malicious
people to conduct cross-site scripting attacks and disclose sensitive
information.

Full Advisory:
http://secunia.com/advisories/31599/

 --

[SA31585] Five Star Review Script SQL Injection and Cross-Site
Scripting

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting, Manipulation of data, Exposure of
sensitive information
Released:    2008-08-25

Mr.SQL has reported two vulnerabilities in Five Star Review Script,
which can be exploited by malicious people to conduct cross-site
scripting and SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/31585/

 --

[SA31584] MiaCMS "id" SQL Injection Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data, Exposure of sensitive information
Released:    2008-08-26

~!Dok_tOR!~ has discovered some vulnerabilities in MiaCMS, which can be
exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/31584/

 --

[SA31582] LacoodaST Multiple Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Hijacking, Cross Site Scripting, System access
Released:    2008-08-22

Some vulnerabilities have been reported in LacoodaST, which can be
exploited by malicious people to conduct cross-site scripting and,
cross-site request forgery, or session fixation attacks, and malicious
users to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/31582/

 --

[SA31574] La!cooda WIZ Multiple Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting, System access
Released:    2008-08-22

Some vulnerabilities have been reported in La!cooda WIZ, which can be
exploited by malicious people to conduct cross-site scripting and
cross-site request forgery attacks, and malicious users to compromise a
vulnerable system.

Full Advisory:
http://secunia.com/advisories/31574/

 --

[SA31573] Crafty Syntax Live Help "department" SQL Injection
Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2008-08-26

James Bercegay has discovered two vulnerabilities in Crafty Syntax Live
Help, which can be exploited by malicious people to conduct SQL
injection attacks.

Full Advisory:
http://secunia.com/advisories/31573/

 --

[SA31571] Pars4u Videosharing V1 "cat_id" SQL Injection

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2008-08-22

Mr.SQL has reported a vulnerability in Pars4u Videosharing V1, which
can be exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/31571/

 --

[SA31570] Easy Site Local File Inclusion and Directory Listing
Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Exposure of system information, Exposure of sensitive
information
Released:    2008-08-22

SirGod has discovered two vulnerabilities in Easy Site, which can be
exploited by malicious people to disclose sensitive information.

Full Advisory:
http://secunia.com/advisories/31570/

 --

[SA31569] TinyCMS "config[template]" Local File Inclusion
Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Exposure of system information, Exposure of sensitive
information
Released:    2008-08-22

cOndemned has discovered a vulnerability in TinyCMS, which can be
exploited by malicious people to disclose sensitive information.

Full Advisory:
http://secunia.com/advisories/31569/

 --

[SA31564] Matterdaddy Market "index.php" SQL Injection

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2008-08-25

~!Dok_tOR!~ has discovered two vulnerabilities in Matterdaddy Market,
which can be exploited by malicious people to conduct SQL injection
attacks.

Full Advisory:
http://secunia.com/advisories/31564/

 --

[SA31563] FAR-PHP "c" Local File Inclusion Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Exposure of system information, Exposure of sensitive
information
Released:    2008-08-22

Beenu Arora has discovered a vulnerability in FAR-PHP, which can be
exploited by malicious people to disclose sensitive information.

Full Advisory:
http://secunia.com/advisories/31563/

 --

[SA31562] CCMS Gaming "id" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2008-08-26

~!Dok_tOR!~ has reported a vulnerability in CCMS Gaming, which can be
exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/31562/

 --

[SA31560] webEdition CMS "we_objectID" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2008-08-27

Lidloses_Auge has reported a vulnerability in webEdition CMS, which can
be exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/31560/

 --

[SA31643] Mono Sys.Web HTTP Header Injection Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2008-08-28

Juraj Skripsky has reported a vulnerability in Mono, which can be
exploited by malicious people to conduct HTTP header injection
attacks.

Full Advisory:
http://secunia.com/advisories/31643/

 --

[SA31634] IBM Lotus Quickr Multiple Cross-Site Scripting
Vulnerabilities

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2008-08-27

Some vulnerabilities have been reported in IBM Lotus Quickr, which can
be exploited by malicious people to conduct cross-site scripting
attacks.

Full Advisory:
http://secunia.com/advisories/31634/

 --

[SA31611] mysql-lists Unspecified Cross-Site Scripting Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2008-08-26

A vulnerability has been reported in mysql-lists, which can be
exploited by malicious people to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/31611/

 --

[SA31609] Civic Website Manager Calendar Control Cross-Site Scripting

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2008-08-26

Some vulnerabilities have been reported in Civic Website Manager, which
can be exploited by malicious people to conduct cross-site scripting
attacks.

Full Advisory:
http://secunia.com/advisories/31609/

 --

[SA31608] AN Guestbook Cross-Site Scripting Vulnerabilities

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2008-08-26

Some vulnerabilities have been reported in AN Guestbook, which can be
exploited by malicious people to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/31608/

 --

[SA31606] ezContents Multiple Local File Inclusion Vulnerabilities

Critical:    Less critical
Where:       From remote
Impact:      Exposure of system information, Exposure of sensitive
information
Released:    2008-08-26

Digital Security Research Group have discovered some vulnerabilities in
ezContents, which can be exploited by malicious people to disclose
sensitive information.

Full Advisory:
http://secunia.com/advisories/31606/

 --

[SA31596] GBrowse Cross-Site Scripting Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2008-08-25

A vulnerability has been reported in GBrowse, which can be exploited by
malicious people to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/31596/

 --

[SA31591] ACG-PTP Multiple Script Insertion Vulnerabilities

Critical:    Not critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2008-08-25

FatBack Mac has reported some vulnerabilities in ACG-PTP, which can be
exploited by malicious users to conduct script insertion attacks.

Full Advisory:
http://secunia.com/advisories/31591/



========================================================================

Secunia recommends that you verify all advisories you receive,
by clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only use
those supplied by the vendor.

Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/

Subscribe:
http://secunia.com/secunia_weekly_summary/

Contact details:
Web	: http://secunia.com/
E-mail	: support_at_private
Tel	: +45 70 20 51 44
Fax	: +45 70 20 51 45


__________________________________________________      
Register now for HITBSecConf2008 - Malaysia! With 
a new triple-track conference featuring 4 keynote 
speakers and over 35 international experts, this 
is the largest network security event in Asia and 
the Middle East! 
http://conference.hackinthebox.org/hitbsecconf2008kl/
Received on Fri Aug 29 2008 - 03:07:57 PDT

This archive was generated by hypermail 2.2.0 : Fri Aug 29 2008 - 03:13:35 PDT