======================================================================== The Secunia Weekly Advisory Summary 2008-08-21 - 2008-08-28 This week: 77 advisories ======================================================================== Table of Contents: 1.....................................................Word From Secunia 2....................................................This Week In Brief 3...............................This Weeks Top Ten Most Read Advisories 4.......................................Vulnerabilities Summary Listing 5.......................................Vulnerabilities Content Listing ======================================================================== 1) Word From Secunia: Try the Secunia Network Software Inspector (NSI) 2.0 for free! The Secunia NSI 2.0 is available as a 7-day trial download and can be used to scan up to 3 hosts within your network. Download the Secunia NSI trial version from: https://psi.secunia.com/NSISetup.exe ======================================================================== 2) This Week in Brief: Secunia Research has discovered multiple vulnerabilities in Novell iPrint Client, which can be exploited by malicious people to gain knowledge of potentially sensitive information or compromise a user's system. For more information, refer to: http://secunia.com/advisories/30667/ -- Secunia Research has discovered a vulnerability in Trend Micro OfficeScan, which can be exploited by malicious people to bypass authentication. For more information, refer to: http://secunia.com/advisories/31373/ -- VIRUS ALERTS: During the past week Secunia collected 215 virus descriptions from the Antivirus vendors. However, none were deemed MEDIUM risk or higher according to the Secunia assessment scale. ======================================================================== 3) This Weeks Top Ten Most Read Advisories: 1. [SA31549] Opera Multiple Vulnerabilities 2. [SA31373] Trend Micro Products Web Management Authentication Bypass 3. [SA31575] Red Hat Update for Tampered OpenSSH Packages 4. [SA31579] Linux Kernel "rt6_fill_node()" Denial of Service Vulnerability 5. [SA14652] Subdreamer Light Global Variables SQL Injection Vulnerability 6. [SA31561] Xen "flask_op" Buffer Overflow Vulnerability 7. [SA31552] vBulletin Private Message Subject Script Insertion 8. [SA31559] Folder Lock Weak Password Encryption Security Issue 9. [SA30667] Novell iPrint Client ActiveX Control Multiple Vulnerabilities 10. [SA31557] TimeTrex "interface/Login.php" Cross-Site Scripting ======================================================================== 4) Vulnerabilities Summary Listing Windows: [SA31615] SoftArtisans XFile FileManager ActiveX Control Multiple Buffer Overflows [SA31616] HP Enterprise Discovery Unspecified Privilege Escalation [SA31607] Pluck blog_include_react.php Local File Inclusion [SA31631] KM Scanner File Utility Multiple Vulnerabilities [SA31618] TIBCO Hawk Multiple Buffer Overflow Vulnerabilities [SA31637] Smart Survey "sid" Cross-Site Scripting Vulnerability UNIX/Linux: [SA31620] Ubuntu update for yelp [SA31600] SUSE update for Sun Java [SA31586] SUSE update for IBM Java [SA31580] SUSE update for IBMJava2-JRE and IBMJava2-SDK [SA31576] Astaro update for ClamAV [SA31567] xine-lib Multiple Vulnerabilities [SA31646] Red Hat update for openoffice.org [SA31639] Red Hat update for tomcat [SA31638] Sharity Unspecified Vulnerability [SA31628] Red Hat update for kernel [SA31624] Red Hat update for ipsec-tools [SA31623] Debian update for tiff [SA31604] Avaya Products Perl Regular Expressions Unicode Data Buffer Overflow [SA31590] Debian update for libxml2 [SA31577] Avaya Communication Manager FreeType Multiple Vulnerabilities [SA31575] Red Hat Update for Tampered OpenSSH Packages [SA31566] Red Hat update for libxml2 [SA31565] Red Hat Directory Server Multiple Vulnerabilities [SA31651] HP-UX update for Apache [SA31633] BitlBee Account Recreation Security Issue [SA31625] Xoops PopnupBlog Module "index.php" Cross-Site Scripting [SA31612] Red Hat update for adminutil [SA31589] Photo Cart "qtitle" Cross-Site Scripting Vulnerability [SA31627] Red Hat Directory Server Denial of Service Vulnerabilities [SA31597] NetBSD PPPoE Packet Processing Tag Length Vulnerability [SA31568] Avaya Products Net-snmp Multiple Vulnerabilities [SA31658] Honeyd "test.sh" Insecure Temporary Files [SA31648] Citadel "migrate_aliases.sh" Insecure Temporary Files [SA31647] R "javareconf" Insecure Temporary Files [SA31614] Ubuntu update for kernel [SA31605] DriveCrypt Plus Pack Password Disclosure Security Issue [SA31581] OpenVMS SMGSHR.EXE Buffer Overflow Vulnerability [SA31561] Xen "flask_op" Buffer Overflow Vulnerability [SA31592] Vim Shell Command Injection Weaknesses [SA31659] Tiger "genmsgidx" Insecure Temporary Files [SA31657] Ampache "gather-messages.sh" Insecure Temporary Files [SA31622] Sun Solaris NFS RPC Zones Denial of Service [SA31601] Samba "group_mapping.tdb" Insecure Permissions Security Issue [SA31598] Sun Solaris NFS Kernel Module Denial of Service [SA31579] Linux Kernel "rt6_fill_node()" Denial of Service Vulnerability Other: [SA31572] Accellion File Transfer Appliance "forgot_password.html" Cross-Site Scripting Cross Platform: [SA31603] JustSystems Ichitaro Products Unspecified Code Execution Vulnerability [SA31630] AWStats Totals Cross-site Scripting and PHP Code Execution [SA31641] Quick Poll "id" SQL Injection Vulnerability [SA31640] OpenOffice "rtl_allocateMemory()" Truncation Vulnerability [SA31635] IBM DB2 CLR Stored Procedures Unspecified Vulnerability [SA31626] Million Pixel Ad Script "id_cat" SQL Injection [SA31621] Kolifa.net Download Script "id" SQL Injection Vulnerability [SA31610] LibTIFF LZW Decoder Buffer Underflow Vulnerability [SA31602] Ruby REXML Denial of Service Vulnerability [SA31599] CMME Multiple Vulnerabilities [SA31585] Five Star Review Script SQL Injection and Cross-Site Scripting [SA31584] MiaCMS "id" SQL Injection Vulnerabilities [SA31582] LacoodaST Multiple Vulnerabilities [SA31574] La!cooda WIZ Multiple Vulnerabilities [SA31573] Crafty Syntax Live Help "department" SQL Injection Vulnerabilities [SA31571] Pars4u Videosharing V1 "cat_id" SQL Injection [SA31570] Easy Site Local File Inclusion and Directory Listing Vulnerabilities [SA31569] TinyCMS "config[template]" Local File Inclusion Vulnerability [SA31564] Matterdaddy Market "index.php" SQL Injection [SA31563] FAR-PHP "c" Local File Inclusion Vulnerability [SA31562] CCMS Gaming "id" SQL Injection Vulnerability [SA31560] webEdition CMS "we_objectID" SQL Injection Vulnerability [SA31643] Mono Sys.Web HTTP Header Injection Vulnerability [SA31634] IBM Lotus Quickr Multiple Cross-Site Scripting Vulnerabilities [SA31611] mysql-lists Unspecified Cross-Site Scripting Vulnerability [SA31609] Civic Website Manager Calendar Control Cross-Site Scripting [SA31608] AN Guestbook Cross-Site Scripting Vulnerabilities [SA31606] ezContents Multiple Local File Inclusion Vulnerabilities [SA31596] GBrowse Cross-Site Scripting Vulnerability [SA31591] ACG-PTP Multiple Script Insertion Vulnerabilities ======================================================================== 5) Vulnerabilities Content Listing Windows:-- [SA31615] SoftArtisans XFile FileManager ActiveX Control Multiple Buffer Overflows Critical: Highly critical Where: From remote Impact: System access Released: 2008-08-26 Will Dormann has reported some vulnerabilities in SoftArtisans XFile, which can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/31615/ -- [SA31616] HP Enterprise Discovery Unspecified Privilege Escalation Critical: Moderately critical Where: From remote Impact: Privilege escalation Released: 2008-08-27 A vulnerability has been reported in HP Enterprise Discovery, which can be exploited by malicious users to gain escalated privileges. Full Advisory: http://secunia.com/advisories/31616/ -- [SA31607] Pluck blog_include_react.php Local File Inclusion Critical: Moderately critical Where: From remote Impact: Exposure of system information, Exposure of sensitive information Released: 2008-08-26 Digital Security Research Group have reported two vulnerabilities in Pluck, which can be exploited by malicious people to disclose sensitive information. Full Advisory: http://secunia.com/advisories/31607/ -- [SA31631] KM Scanner File Utility Multiple Vulnerabilities Critical: Moderately critical Where: From local network Impact: DoS, System access, Security Bypass Released: 2008-08-27 Seth Fogie has reported some vulnerabilities in KM Scanner File Utility, which can be exploited by malicious people to cause a DoS (Denial of Service), bypass certain security restrictions, and compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/31631/ -- [SA31618] TIBCO Hawk Multiple Buffer Overflow Vulnerabilities Critical: Moderately critical Where: From local network Impact: Exposure of sensitive information, DoS, System access Released: 2008-08-26 Some vulnerabilities have been reported in multiple TIBCO products, which can be exploited by malicious people to disclose sensitive information, cause a DoS (Denial of Service), or to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/31618/ -- [SA31637] Smart Survey "sid" Cross-Site Scripting Vulnerability Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2008-08-27 Bug Researchers Group has reported a vulnerability in Smart Survey, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/31637/ UNIX/Linux:-- [SA31620] Ubuntu update for yelp Critical: Highly critical Where: From remote Impact: DoS, System access Released: 2008-08-28 Ubuntu has issued an update for yelp. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/31620/ -- [SA31600] SUSE update for Sun Java Critical: Highly critical Where: From remote Impact: Security Bypass, Exposure of system information, Exposure of sensitive information, DoS, System access Released: 2008-08-25 SUSE has issued an update for Sun Java. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions, disclose system information or potentially sensitive information, cause a DoS (Denial of Service), or compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/31600/ -- [SA31586] SUSE update for IBM Java Critical: Highly critical Where: From remote Impact: Security Bypass, DoS, System access Released: 2008-08-25 SUSE has issued an update for IBM Java. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions, cause a DoS (Denial of Service), and compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/31586/ -- [SA31580] SUSE update for IBMJava2-JRE and IBMJava2-SDK Critical: Highly critical Where: From remote Impact: Security Bypass, DoS, System access Released: 2008-08-25 SUSE has issued an update for IBMJava2-JRE and IBMJava2-SDK. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions, cause a DoS (Denial of Service), and compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/31580/ -- [SA31576] Astaro update for ClamAV Critical: Highly critical Where: From remote Impact: Security Bypass, DoS, System access Released: 2008-08-22 Astaro has issued an update for ClamAV. This fixes some vulnerabilities, which potentially can be exploited by malicious people to bypass certain security restrictions, cause a DoS (Denial of Service), or compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/31576/ -- [SA31567] xine-lib Multiple Vulnerabilities Critical: Highly critical Where: From remote Impact: DoS, System access Released: 2008-08-25 Some vulnerabilities have been reported in xine-lib, which potentially can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/31567/ -- [SA31646] Red Hat update for openoffice.org Critical: Moderately critical Where: From remote Impact: System access Released: 2008-08-28 Red Hat has issued an update for openoffice.org. This fixes a vulnerability, which potentially can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/31646/ -- [SA31639] Red Hat update for tomcat Critical: Moderately critical Where: From remote Impact: Security Bypass, Cross Site Scripting, Exposure of system information, Exposure of sensitive information Released: 2008-08-28 Red Hat has issued an update for tomcat. This fixes some vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting attacks, bypass certain security restrictions, or disclose sensitive information. Full Advisory: http://secunia.com/advisories/31639/ -- [SA31638] Sharity Unspecified Vulnerability Critical: Moderately critical Where: From remote Impact: Unknown Released: 2008-08-27 A vulnerability with an unknown impact has been reported in Sharity. Full Advisory: http://secunia.com/advisories/31638/ -- [SA31628] Red Hat update for kernel Critical: Moderately critical Where: From remote Impact: Security Bypass, Exposure of sensitive information, Privilege escalation, DoS Released: 2008-08-27 Red Hat has issued an update for the kernel. This fixes some vulnerabilities, which can be exploited by malicious, local users to bypass certain security restrictions, disclose potentially sensitive information, cause a DoS (Denial of Service), and potentially gain escalated privileges, and by malicious people to cause a DoS. Full Advisory: http://secunia.com/advisories/31628/ -- [SA31624] Red Hat update for ipsec-tools Critical: Moderately critical Where: From remote Impact: DoS Released: 2008-08-27 Red Hat has issued an update for ipsec-tools. This fixes two vulnerabilities, which can be exploited by malicious users and malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/31624/ -- [SA31623] Debian update for tiff Critical: Moderately critical Where: From remote Impact: DoS, System access Released: 2008-08-27 Debian has issued an update for tiff. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) or to potentially compromise a user's system. Full Advisory: http://secunia.com/advisories/31623/ -- [SA31604] Avaya Products Perl Regular Expressions Unicode Data Buffer Overflow Critical: Moderately critical Where: From remote Impact: DoS, System access Released: 2008-08-25 Avaya has acknowledged a vulnerability in various Avaya products, which can potentially be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/31604/ -- [SA31590] Debian update for libxml2 Critical: Moderately critical Where: From remote Impact: DoS Released: 2008-08-25 Debian has issued an update for libxml2. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/31590/ -- [SA31577] Avaya Communication Manager FreeType Multiple Vulnerabilities Critical: Moderately critical Where: From remote Impact: DoS, System access Released: 2008-08-22 Avaya has acknowledged some vulnerabilities in Avaya Communication Manager, which potentially can be exploited by malicious people to compromise an application using the FreeType library. Full Advisory: http://secunia.com/advisories/31577/ -- [SA31575] Red Hat Update for Tampered OpenSSH Packages Critical: Moderately critical Where: From remote Impact: Unknown Released: 2008-08-22 Red Hat has issued an update for openssh, which corrects a small number of OpenSSH packages that have been tampered with. Full Advisory: http://secunia.com/advisories/31575/ -- [SA31566] Red Hat update for libxml2 Critical: Moderately critical Where: From remote Impact: DoS Released: 2008-08-22 Red Hat has issued an update for libxml2. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/31566/ -- [SA31565] Red Hat Directory Server Multiple Vulnerabilities Critical: Moderately critical Where: From remote Impact: Cross Site Scripting, DoS, System access Released: 2008-08-28 Some vulnerabilities have been reported in Red Hat Directory Server, which can be exploited by malicious people to conduct cross-site scripting attacks, cause a DoS (Denial of Service), and potentially compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/31565/ -- [SA31651] HP-UX update for Apache Critical: Less critical Where: From remote Impact: DoS Released: 2008-08-28 HP has issued an update for Apache. This fixes a vulnerability, which potentially can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/31651/ -- [SA31633] BitlBee Account Recreation Security Issue Critical: Less critical Where: From remote Impact: Hijacking, Security Bypass Released: 2008-08-27 A security issue has been reported in BitlBee, which can be exploited by malicious people to bypass certain security restrictions and hijack accounts. Full Advisory: http://secunia.com/advisories/31633/ -- [SA31625] Xoops PopnupBlog Module "index.php" Cross-Site Scripting Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2008-08-27 Lostmon has discovered two vulnerabilities in the PopnupBlog module for Xoops, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/31625/ -- [SA31612] Red Hat update for adminutil Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2008-08-28 Red Hat has issued an update for adminutil. This fixes some vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/31612/ -- [SA31589] Photo Cart "qtitle" Cross-Site Scripting Vulnerability Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2008-08-25 Tyler Trioxide has reported a vulnerability in Photo Cart, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/31589/ -- [SA31627] Red Hat Directory Server Denial of Service Vulnerabilities Critical: Less critical Where: From local network Impact: DoS Released: 2008-08-28 Some vulnerabilities have been reported in Red Hat Directory Server, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/31627/ -- [SA31597] NetBSD PPPoE Packet Processing Tag Length Vulnerability Critical: Less critical Where: From local network Impact: DoS, System access Released: 2008-08-26 A vulnerability has been reported in NetBSD, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/31597/ -- [SA31568] Avaya Products Net-snmp Multiple Vulnerabilities Critical: Less critical Where: From local network Impact: Spoofing, DoS, System access Released: 2008-08-22 Avaya has acknowledged some vulnerabilities in various Avaya products, which can be exploited by malicious people to spoof authenticated SNMPv3 packets or to potentially compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/31568/ -- [SA31658] Honeyd "test.sh" Insecure Temporary Files Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2008-08-28 A security issue has been reported in Honeyd, which can be exploited by malicious, local users to perform certain actions with escalated privileges. Full Advisory: http://secunia.com/advisories/31658/ -- [SA31648] Citadel "migrate_aliases.sh" Insecure Temporary Files Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2008-08-28 A security issue has been discovered in Citadel, which can be exploited by malicious, local users to perform certain actions with escalated privileges. Full Advisory: http://secunia.com/advisories/31648/ -- [SA31647] R "javareconf" Insecure Temporary Files Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2008-08-28 A security issue has been reported in R, which can be exploited by malicious, local users to perform certain actions with escalated privileges. Full Advisory: http://secunia.com/advisories/31647/ -- [SA31614] Ubuntu update for kernel Critical: Less critical Where: Local system Impact: Security Bypass, Privilege escalation, DoS Released: 2008-08-26 Ubuntu has issued an update for the kernel. This fixes some vulnerabilities, which can be exploited by malicious, local users to bypass certain security restrictions, cause a DoS (Denial of Service), and potentially gain escalated privileges. Full Advisory: http://secunia.com/advisories/31614/ -- [SA31605] DriveCrypt Plus Pack Password Disclosure Security Issue Critical: Less critical Where: Local system Impact: Exposure of sensitive information Released: 2008-08-27 A security issue has been discovered in DriveCrypt Plus Pack, which can be exploited by malicious, local users to disclose sensitive information. Full Advisory: http://secunia.com/advisories/31605/ -- [SA31581] OpenVMS SMGSHR.EXE Buffer Overflow Vulnerability Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2008-08-26 A vulnerability has been reported in OpenVMS, which can be exploited by malicious, local users to gain escalated privileges. Full Advisory: http://secunia.com/advisories/31581/ -- [SA31561] Xen "flask_op" Buffer Overflow Vulnerability Critical: Less critical Where: Local system Impact: Security Bypass, DoS Released: 2008-08-22 A vulnerability has been reported in Xen, which can be exploited by malicious, local users to cause a DoS (Denial of Service) or potentially bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/31561/ -- [SA31592] Vim Shell Command Injection Weaknesses Critical: Not critical Where: From remote Impact: System access Released: 2008-08-25 Some weaknesses have been reported in Vim, which can be exploited by malicious people to potentially compromise a user's system. Full Advisory: http://secunia.com/advisories/31592/ -- [SA31659] Tiger "genmsgidx" Insecure Temporary Files Critical: Not critical Where: Local system Impact: Privilege escalation Released: 2008-08-28 A security issue has been reported in Tiger, which can be exploited by malicious, local users to perform certain actions with escalated privileges. Full Advisory: http://secunia.com/advisories/31659/ -- [SA31657] Ampache "gather-messages.sh" Insecure Temporary Files Critical: Not critical Where: Local system Impact: Privilege escalation Released: 2008-08-28 A security issue has been reported in Ampache, which can be exploited by malicious, local users to perform certain actions with escalated privileges. Full Advisory: http://secunia.com/advisories/31657/ -- [SA31622] Sun Solaris NFS RPC Zones Denial of Service Critical: Not critical Where: Local system Impact: DoS Released: 2008-08-27 A vulnerability has been reported in Sun Solaris, which can be exploited by malicious, local users to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/31622/ -- [SA31601] Samba "group_mapping.tdb" Insecure Permissions Security Issue Critical: Not critical Where: Local system Impact: Security Bypass Released: 2008-08-26 A security issue has been reported in Samba, which can be exploited by malicious, local users to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/31601/ -- [SA31598] Sun Solaris NFS Kernel Module Denial of Service Critical: Not critical Where: Local system Impact: DoS Released: 2008-08-25 A vulnerability has been reported in Sun Solaris, which can be exploited by malicious, local users to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/31598/ -- [SA31579] Linux Kernel "rt6_fill_node()" Denial of Service Vulnerability Critical: Not critical Where: Local system Impact: DoS Released: 2008-08-22 A vulnerability has been reported in the Linux kernel, which can be exploited by malicious, local users to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/31579/ Other:-- [SA31572] Accellion File Transfer Appliance "forgot_password.html" Cross-Site Scripting Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2008-08-26 Eric BEAULIEU has reported a vulnerability in Accellion File Transfer Appliance, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/31572/ Cross Platform:-- [SA31603] JustSystems Ichitaro Products Unspecified Code Execution Vulnerability Critical: Extremely critical Where: From remote Impact: System access Released: 2008-08-28 A vulnerability has been reported in JustSystems Ichitaro products, which can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/31603/ -- [SA31630] AWStats Totals Cross-site Scripting and PHP Code Execution Critical: Highly critical Where: From remote Impact: Cross Site Scripting, System access Released: 2008-08-27 Emory University has reported some vulnerabilities in AWStats Totals, which can be exploited by malicious people to conduct cross-site scripting attacks or to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/31630/ -- [SA31641] Quick Poll "id" SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2008-08-28 Hussin X has reported a vulnerability in Quick Poll, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/31641/ -- [SA31640] OpenOffice "rtl_allocateMemory()" Truncation Vulnerability Critical: Moderately critical Where: From remote Impact: DoS, System access Released: 2008-08-28 A vulnerability has been reported in OpenOffice, which potentially can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/31640/ -- [SA31635] IBM DB2 CLR Stored Procedures Unspecified Vulnerability Critical: Moderately critical Where: From remote Impact: Unknown Released: 2008-08-27 A vulnerability with an unknown impact has been reported in IBM DB2. Full Advisory: http://secunia.com/advisories/31635/ -- [SA31626] Million Pixel Ad Script "id_cat" SQL Injection Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2008-08-27 Hussin X has reported a vulnerability in Million Pixel Ad Script (Million Pixel Script), which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/31626/ -- [SA31621] Kolifa.net Download Script "id" SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2008-08-27 Kacak has reported a vulnerability in Kolifa.net Download Script, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/31621/ -- [SA31610] LibTIFF LZW Decoder Buffer Underflow Vulnerability Critical: Moderately critical Where: From remote Impact: DoS, System access Released: 2008-08-26 A vulnerability has been reported in LibTIFF, which can be exploited by malicious people to cause a DoS (Denial of Service) or to potentially compromise a user's system. Full Advisory: http://secunia.com/advisories/31610/ -- [SA31602] Ruby REXML Denial of Service Vulnerability Critical: Moderately critical Where: From remote Impact: DoS Released: 2008-08-25 A vulnerability has been reported in Ruby, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/31602/ -- [SA31599] CMME Multiple Vulnerabilities Critical: Moderately critical Where: From remote Impact: Cross Site Scripting, Exposure of system information, Exposure of sensitive information Released: 2008-08-28 SirGod has discovered some vulnerabilities and a security issue in CMME (Content Management Made Easy), which can be exploited by malicious people to conduct cross-site scripting attacks and disclose sensitive information. Full Advisory: http://secunia.com/advisories/31599/ -- [SA31585] Five Star Review Script SQL Injection and Cross-Site Scripting Critical: Moderately critical Where: From remote Impact: Cross Site Scripting, Manipulation of data, Exposure of sensitive information Released: 2008-08-25 Mr.SQL has reported two vulnerabilities in Five Star Review Script, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks. Full Advisory: http://secunia.com/advisories/31585/ -- [SA31584] MiaCMS "id" SQL Injection Vulnerabilities Critical: Moderately critical Where: From remote Impact: Manipulation of data, Exposure of sensitive information Released: 2008-08-26 ~!Dok_tOR!~ has discovered some vulnerabilities in MiaCMS, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/31584/ -- [SA31582] LacoodaST Multiple Vulnerabilities Critical: Moderately critical Where: From remote Impact: Hijacking, Cross Site Scripting, System access Released: 2008-08-22 Some vulnerabilities have been reported in LacoodaST, which can be exploited by malicious people to conduct cross-site scripting and, cross-site request forgery, or session fixation attacks, and malicious users to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/31582/ -- [SA31574] La!cooda WIZ Multiple Vulnerabilities Critical: Moderately critical Where: From remote Impact: Cross Site Scripting, System access Released: 2008-08-22 Some vulnerabilities have been reported in La!cooda WIZ, which can be exploited by malicious people to conduct cross-site scripting and cross-site request forgery attacks, and malicious users to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/31574/ -- [SA31573] Crafty Syntax Live Help "department" SQL Injection Vulnerabilities Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2008-08-26 James Bercegay has discovered two vulnerabilities in Crafty Syntax Live Help, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/31573/ -- [SA31571] Pars4u Videosharing V1 "cat_id" SQL Injection Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2008-08-22 Mr.SQL has reported a vulnerability in Pars4u Videosharing V1, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/31571/ -- [SA31570] Easy Site Local File Inclusion and Directory Listing Vulnerabilities Critical: Moderately critical Where: From remote Impact: Exposure of system information, Exposure of sensitive information Released: 2008-08-22 SirGod has discovered two vulnerabilities in Easy Site, which can be exploited by malicious people to disclose sensitive information. Full Advisory: http://secunia.com/advisories/31570/ -- [SA31569] TinyCMS "config[template]" Local File Inclusion Vulnerability Critical: Moderately critical Where: From remote Impact: Exposure of system information, Exposure of sensitive information Released: 2008-08-22 cOndemned has discovered a vulnerability in TinyCMS, which can be exploited by malicious people to disclose sensitive information. Full Advisory: http://secunia.com/advisories/31569/ -- [SA31564] Matterdaddy Market "index.php" SQL Injection Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2008-08-25 ~!Dok_tOR!~ has discovered two vulnerabilities in Matterdaddy Market, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/31564/ -- [SA31563] FAR-PHP "c" Local File Inclusion Vulnerability Critical: Moderately critical Where: From remote Impact: Exposure of system information, Exposure of sensitive information Released: 2008-08-22 Beenu Arora has discovered a vulnerability in FAR-PHP, which can be exploited by malicious people to disclose sensitive information. Full Advisory: http://secunia.com/advisories/31563/ -- [SA31562] CCMS Gaming "id" SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2008-08-26 ~!Dok_tOR!~ has reported a vulnerability in CCMS Gaming, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/31562/ -- [SA31560] webEdition CMS "we_objectID" SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2008-08-27 Lidloses_Auge has reported a vulnerability in webEdition CMS, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/31560/ -- [SA31643] Mono Sys.Web HTTP Header Injection Vulnerability Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2008-08-28 Juraj Skripsky has reported a vulnerability in Mono, which can be exploited by malicious people to conduct HTTP header injection attacks. Full Advisory: http://secunia.com/advisories/31643/ -- [SA31634] IBM Lotus Quickr Multiple Cross-Site Scripting Vulnerabilities Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2008-08-27 Some vulnerabilities have been reported in IBM Lotus Quickr, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/31634/ -- [SA31611] mysql-lists Unspecified Cross-Site Scripting Vulnerability Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2008-08-26 A vulnerability has been reported in mysql-lists, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/31611/ -- [SA31609] Civic Website Manager Calendar Control Cross-Site Scripting Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2008-08-26 Some vulnerabilities have been reported in Civic Website Manager, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/31609/ -- [SA31608] AN Guestbook Cross-Site Scripting Vulnerabilities Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2008-08-26 Some vulnerabilities have been reported in AN Guestbook, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/31608/ -- [SA31606] ezContents Multiple Local File Inclusion Vulnerabilities Critical: Less critical Where: From remote Impact: Exposure of system information, Exposure of sensitive information Released: 2008-08-26 Digital Security Research Group have discovered some vulnerabilities in ezContents, which can be exploited by malicious people to disclose sensitive information. Full Advisory: http://secunia.com/advisories/31606/ -- [SA31596] GBrowse Cross-Site Scripting Vulnerability Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2008-08-25 A vulnerability has been reported in GBrowse, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/31596/ -- [SA31591] ACG-PTP Multiple Script Insertion Vulnerabilities Critical: Not critical Where: From remote Impact: Cross Site Scripting Released: 2008-08-25 FatBack Mac has reported some vulnerabilities in ACG-PTP, which can be exploited by malicious users to conduct script insertion attacks. Full Advisory: http://secunia.com/advisories/31591/ ======================================================================== Secunia recommends that you verify all advisories you receive, by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Subscribe: http://secunia.com/secunia_weekly_summary/ Contact details: Web : http://secunia.com/ E-mail : support_at_private Tel : +45 70 20 51 44 Fax : +45 70 20 51 45 __________________________________________________ Register now for HITBSecConf2008 - Malaysia! With a new triple-track conference featuring 4 keynote speakers and over 35 international experts, this is the largest network security event in Asia and the Middle East! http://conference.hackinthebox.org/hitbsecconf2008kl/Received on Fri Aug 29 2008 - 03:07:57 PDT
This archive was generated by hypermail 2.2.0 : Fri Aug 29 2008 - 03:13:35 PDT