======================================================================== The Secunia Weekly Advisory Summary 2008-08-28 - 2008-09-04 This week: 61 advisories ======================================================================== Table of Contents: 1.....................................................Word From Secunia 2....................................................This Week In Brief 3...............................This Weeks Top Ten Most Read Advisories 4.......................................Vulnerabilities Summary Listing 5.......................................Vulnerabilities Content Listing ======================================================================== 1) Word From Secunia: Try the Secunia Network Software Inspector (NSI) 2.0 for free! The Secunia NSI 2.0 is available as a 7-day trial download and can be used to scan up to 3 hosts within your network. Download the Secunia NSI trial version from: https://psi.secunia.com/NSISetup.exe ======================================================================== 2) This Week in Brief: VMware has acknowledged some vulnerabilities in VMware Workstation, which can be exploited by malicious, local users to gain escalated privileges and by malicious people to cause a DoS (Denial of Service) and potentially compromise a user's system. For more information, refer to: http://secunia.com/advisories/31707/ -- Secunia Research has discovered a vulnerability in Novell iPrint Client, which can be exploited by malicious people to compromise a user's system. For more information, refer to: http://secunia.com/advisories/31370/ -- VIRUS ALERTS: During the past week Secunia collected 232 virus descriptions from the Antivirus vendors. However, none were deemed MEDIUM risk or higher according to the Secunia assessment scale. ======================================================================== 3) This Weeks Top Ten Most Read Advisories: 1. [SA31549] Opera Multiple Vulnerabilities 2. [SA31684] Novell eDirectory Multiple Vulnerabilities 3. [SA31708] VMware Server Multiple Vulnerabilities 4. [SA31707] VMware Workstation Multiple Vulnerabilities 5. [SA31667] Sun Solaris Kernel Covert Channel Security Bypass 6. [SA31587] HP TCP/IP Services for OpenVMS Finger Format String Vulnerability 7. [SA31640] OpenOffice "rtl_allocateMemory()" Truncation Vulnerability 8. [SA31681] dotProject SQL Injection and Cross-Site Scripting 9. [SA14652] Subdreamer Light Global Variables SQL Injection Vulnerability 10. [SA31651] HP-UX update for Apache ======================================================================== 4) Vulnerabilities Summary Listing Windows: [SA31710] VMware ACE Multiple Vulnerabilities [SA31666] Acoustica MP3 CD Burner ASX Playlist Buffer Overflow [SA31660] Acoustica Beatcraft Project File Buffer Overflow Vulnerability [SA31727] @Mail WebMail Multiple Cross-Site Scripting Vulnerabilities [SA31715] Softalk Mail Server IMAP Denial of Service Vulnerability [SA31693] PageR Enterprise Directory Traversal Vulnerability UNIX/Linux: [SA31736] SUSE update for IBMJava5-JRE and java-1_5_0-ibm [SA31711] VMware Fusion Multiple Vulnerabilities [SA31687] SUSE Update for Multiple Packages [SA31671] Najdi.si Toolbar Buffer Overflow Vulnerability [SA31745] FreeBSD ICMPv6 "Packet Too Big" MTU Denial of Service Vulnerability [SA31742] Astaro Security Gateway DNS Cache Poisoning [SA31738] Slackware update for php [SA31728] Ubuntu update for libxml2 [SA31725] ClamAV CHM Processing Denial of Service [SA31722] eliteCMS "page" SQL Injection Vulnerability [SA31712] VMware ESX Server Multiple Vulnerabilities [SA31702] HP-UX update for Netscape / Red Hat Directory Server [SA31699] PHP Coupon Script "id" SQL Injection Vulnerability [SA31698] Ubuntu update for tiff [SA31697] rPath update for ruby [SA31676] Newsbeuter URL Processing Shell Command Execution [SA31670] Red Hat update for libtiff [SA31668] Red Hat update for libtiff [SA31720] @Mail Multiple Cross-Site Scripting Vulnerabilities [SA31713] VMware ESX / ESXi Server Multiple Vulnerabilities [SA31691] Debian update for slash [SA31743] FreeBSD AMD64 General Protection Fault Privilege Escalation [SA31685] Avaya Products Linux Kernel Multiple Vulnerabilities [SA31663] Slackware update for amarok [SA31739] IBM AIX "swcons" Command Privilege Escalation Vulnerability [SA31716] Postfix epoll File Descriptor Leak Security Issue [SA31694] GpsDrive "geo-code" Insecure Temporary Files [SA31689] Avaya Products Linux Kernel Local Denial of Service [SA31667] Sun Solaris Kernel Covert Channel Security Bypass Other: [SA31730] Cisco ASA and PIX Security Appliances Multiple Vulnerabilities [SA31673] IBM WebSphere Application Server for z/OS HTTP Server mod_proxy_ftp Vulnerability [SA31680] Kyocera FS-118MFP Command Center Directory Traversal Vulnerability [SA31665] Belkin Wireless G Router Web Interface Authentication Bypass Cross Platform: [SA31709] VMware Player Multiple Vulnerabilities [SA31708] VMware Server Multiple Vulnerabilities [SA31707] VMware Workstation Multiple Vulnerabilities [SA31723] Ruby on Rails REXML Denial of Service Vulnerability [SA31703] Reciprocal Links Manager "site" SQL Injection Vulnerability [SA31696] Living Local Website "r" SQL Injection Vulnerability [SA31683] Invision Power Board Multiple Vulnerabilities [SA31682] EasyClassifields "go" SQL Injection Vulnerability [SA31678] Novell IDM Cross-Site Scripting and Script Insertion [SA31674] Wireshark Denial of Service Vulnerabilities [SA31669] CMSbright "id_rub_page" SQL Injection Vulnerability [SA31664] Spice Classifieds "cat_path" SQL Injection Vulnerability [SA31684] Novell eDirectory Multiple Vulnerabilities [SA31735] Celerondude Uploader "username" Cross-Site Scripting Vulnerability [SA31729] Django Authentication Cross-Site Request Forgery [SA31719] Open Media Collectors Database Cross-Site Scripting and Request Forgery [SA31681] dotProject SQL Injection and Cross-Site Scripting [SA31679] vtiger CRM Multiple Cross-Site Scripting Vulnerabilities [SA31662] Blogn Cross-Site Scripting and Cross-Site Request Forgery [SA31661] Brim SQL Injection and Script Insertion Vulnerabilities [SA31731] Cisco Secure ACS EAP Packet Denial of Service [SA31688] HP OpenView Network Node Manager Denial of Service ======================================================================== 5) Vulnerabilities Content Listing Windows:-- [SA31710] VMware ACE Multiple Vulnerabilities Critical: Highly critical Where: From remote Impact: Privilege escalation, System access Released: 2008-09-01 VMware has acknowledged some vulnerabilities in VMware ACE, which can be exploited by malicious, local users to gain escalated privileges and by malicious people to potentially compromise a user's system. Full Advisory: http://secunia.com/advisories/31710/ -- [SA31666] Acoustica MP3 CD Burner ASX Playlist Buffer Overflow Critical: Moderately critical Where: From remote Impact: System access Released: 2008-09-01 n00b has discovered a vulnerability in Acoustica MP3 CD Burner, which can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/31666/ -- [SA31660] Acoustica Beatcraft Project File Buffer Overflow Vulnerability Critical: Moderately critical Where: From remote Impact: System access Released: 2008-09-01 Koshi has discovered a vulnerability in Acoustica Beatcraft, which can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/31660/ -- [SA31727] @Mail WebMail Multiple Cross-Site Scripting Vulnerabilities Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2008-09-03 C1c4Tr1Z has discovered some vulnerabilities in @Mail WebMail, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/31727/ -- [SA31715] Softalk Mail Server IMAP Denial of Service Vulnerability Critical: Less critical Where: From remote Impact: DoS Released: 2008-09-03 Joo Antunes has discovered a vulnerability in Softalk Mail Server, which can be exploited by malicious users to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/31715/ -- [SA31693] PageR Enterprise Directory Traversal Vulnerability Critical: Less critical Where: From remote Impact: Exposure of system information, Exposure of sensitive information Released: 2008-09-04 A vulnerability has been reported in PageR Enterprise, which can be exploited by malicious users to disclose potentially sensitive information. Full Advisory: http://secunia.com/advisories/31693/ UNIX/Linux:-- [SA31736] SUSE update for IBMJava5-JRE and java-1_5_0-ibm Critical: Highly critical Where: From remote Impact: Security Bypass, Exposure of system information, Exposure of sensitive information, DoS, System access Released: 2008-09-04 SUSE has issued an update for IBMJava5-JRE and java-1_5_0-ibm. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions, disclose system information or potentially sensitive information, cause a DoS (Denial of Service), or compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/31736/ -- [SA31711] VMware Fusion Multiple Vulnerabilities Critical: Highly critical Where: From remote Impact: DoS, System access Released: 2008-09-01 VMware has acknowledged some vulnerabilities in VMware Fusion, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a user's system. Full Advisory: http://secunia.com/advisories/31711/ -- [SA31687] SUSE Update for Multiple Packages Critical: Highly critical Where: From remote Impact: Security Bypass, Cross Site Scripting, Spoofing, Exposure of system information, Exposure of sensitive information, Privilege escalation, DoS, System access Released: 2008-09-01 SUSE has issued an update for multiple packages. This fixes some vulnerabilities, which can be exploited by malicious, local users to disclose potentially sensitive information, gain escalated privileges, and bypass certain security restrictions, by malicious users to conduct script insertion attacks and cause a DoS (Denial of Service), and by malicious people to disclose potentially sensitive information, conduct cross-site scripting attacks, cause a DoS, poison the DNS cache, and potentially compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/31687/ -- [SA31671] Najdi.si Toolbar Buffer Overflow Vulnerability Critical: Highly critical Where: From remote Impact: System access Released: 2008-09-04 shinnai has discovered a vulnerability in Najdi.si Toolbar, which can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/31671/ -- [SA31745] FreeBSD ICMPv6 "Packet Too Big" MTU Denial of Service Vulnerability Critical: Moderately critical Where: From remote Impact: DoS Released: 2008-09-04 FreeBSD has acknowledged a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/31745/ -- [SA31742] Astaro Security Gateway DNS Cache Poisoning Critical: Moderately critical Where: From remote Impact: Spoofing Released: 2008-09-04 Astaro has acknowledged a vulnerability in Astaro Security Gateway, which can be exploited by malicious people to poison the DNS cache. Full Advisory: http://secunia.com/advisories/31742/ -- [SA31738] Slackware update for php Critical: Moderately critical Where: From remote Impact: Unknown, Exposure of sensitive information, DoS, System access Released: 2008-09-04 Slackware has issued an update for php. This fixes some vulnerabilities, where some have an unknown impact and others can potentially be exploited by malicious people to disclose sensitive information, cause a DoS (Denial of Service), or compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/31738/ -- [SA31728] Ubuntu update for libxml2 Critical: Moderately critical Where: From remote Impact: DoS Released: 2008-09-04 Ubuntu has issued an update for libxml2. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/31728/ -- [SA31725] ClamAV CHM Processing Denial of Service Critical: Moderately critical Where: From remote Impact: DoS Released: 2008-09-03 A vulnerability has been reported in ClamAV, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/31725/ -- [SA31722] eliteCMS "page" SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Manipulation of data, Exposure of sensitive information Released: 2008-09-03 e.wiZz! has discovered a vulnerability in eliteCMS, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/31722/ -- [SA31712] VMware ESX Server Multiple Vulnerabilities Critical: Moderately critical Where: From remote Impact: DoS, System access Released: 2008-09-01 VMware has acknowledged some vulnerabilities in VMware ESX Server, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/31712/ -- [SA31702] HP-UX update for Netscape / Red Hat Directory Server Critical: Moderately critical Where: From remote Impact: Cross Site Scripting, DoS, System access Released: 2008-09-02 HP has issued an update for Netscape / Red Hat Directory Server. This fixes some vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting attacks, cause a DoS (Denial of Service), and potentially compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/31702/ -- [SA31699] PHP Coupon Script "id" SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2008-09-03 Hussin X has reported a vulnerability in PHP Coupon Script, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/31699/ -- [SA31698] Ubuntu update for tiff Critical: Moderately critical Where: From remote Impact: DoS, System access Released: 2008-09-03 Ubuntu has issued an update for tiff. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) or to potentially compromise a user's system. Full Advisory: http://secunia.com/advisories/31698/ -- [SA31697] rPath update for ruby Critical: Moderately critical Where: From remote Impact: Security Bypass, Spoofing, DoS Released: 2008-09-01 rPath has issued an update for ruby. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions, cause a DoS (Denial of Service), and conduct spoofing attacks. Full Advisory: http://secunia.com/advisories/31697/ -- [SA31676] Newsbeuter URL Processing Shell Command Execution Critical: Moderately critical Where: From remote Impact: System access Released: 2008-09-02 A vulnerability has been reported in Newsbeuter, which can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/31676/ -- [SA31670] Red Hat update for libtiff Critical: Moderately critical Where: From remote Impact: DoS, System access Released: 2008-08-29 Red Hat has issued an update for libtiff. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a user's system. Full Advisory: http://secunia.com/advisories/31670/ -- [SA31668] Red Hat update for libtiff Critical: Moderately critical Where: From remote Impact: DoS, System access Released: 2008-08-29 Red Hat has issued an update for libtiff. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a user's system. Full Advisory: http://secunia.com/advisories/31668/ -- [SA31720] @Mail Multiple Cross-Site Scripting Vulnerabilities Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2008-09-03 C1c4Tr1Z has discovered some vulnerabilities in @Mail, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/31720/ -- [SA31713] VMware ESX / ESXi Server Multiple Vulnerabilities Critical: Less critical Where: From remote Impact: DoS Released: 2008-09-01 VMware has acknowledged a weakness and a vulnerability in VMware ESX Server, which can be exploited by malicious users to disclose potentially sensitive information and by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/31713/ -- [SA31691] Debian update for slash Critical: Less critical Where: From remote Impact: Cross Site Scripting, Manipulation of data Released: 2008-09-02 Debian has issued an update for slash. This fixes some vulnerabilities, which can be exploited by malicious users to conduct SQL injection attacks and by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/31691/ -- [SA31743] FreeBSD AMD64 General Protection Fault Privilege Escalation Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2008-09-04 FreeBSD has acknowledged a vulnerability, which can be exploited by malicious, local users to gain escalated privileges. Full Advisory: http://secunia.com/advisories/31743/ -- [SA31685] Avaya Products Linux Kernel Multiple Vulnerabilities Critical: Less critical Where: Local system Impact: Privilege escalation, DoS Released: 2008-09-01 Avaya has acknowledged some vulnerabilities in various Avaya products, which can be exploited by malicious, local users to cause a DoS (Denial of Service) and potentially gain escalated privileges. Full Advisory: http://secunia.com/advisories/31685/ -- [SA31663] Slackware update for amarok Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2008-08-29 Slackware has issued an update for amarok. This fixes a security issue, which can be exploited by malicious, local users to perform certain actions with escalated privileges. Full Advisory: http://secunia.com/advisories/31663/ -- [SA31739] IBM AIX "swcons" Command Privilege Escalation Vulnerability Critical: Not critical Where: Local system Impact: Privilege escalation Released: 2008-09-04 A vulnerability has been reported in IBM AIX, which can be exploited by malicious, local users to gain escalated privileges. Full Advisory: http://secunia.com/advisories/31739/ -- [SA31716] Postfix epoll File Descriptor Leak Security Issue Critical: Not critical Where: Local system Impact: DoS Released: 2008-09-03 A security issue has been reported in Postfix, which can be exploited by malicious, local users to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/31716/ -- [SA31694] GpsDrive "geo-code" Insecure Temporary Files Critical: Not critical Where: Local system Impact: Privilege escalation Released: 2008-08-29 A security issue has been reported in GpsDrive, which can be exploited by malicious, local users to perform certain actions with escalated privileges. Full Advisory: http://secunia.com/advisories/31694/ -- [SA31689] Avaya Products Linux Kernel Local Denial of Service Critical: Not critical Where: Local system Impact: DoS Released: 2008-09-01 Avaya has acknowledged a vulnerability in various Avaya products, which can be exploited by malicious, local users to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/31689/ -- [SA31667] Sun Solaris Kernel Covert Channel Security Bypass Critical: Not critical Where: Local system Impact: Security Bypass Released: 2008-08-29 A vulnerability has been reported in Sun Solaris, which can be exploited by malicious, local users to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/31667/ Other:-- [SA31730] Cisco ASA and PIX Security Appliances Multiple Vulnerabilities Critical: Moderately critical Where: From remote Impact: Exposure of sensitive information, DoS Released: 2008-09-04 Some vulnerabilities have been reported in Cisco ASA and PIX appliances, which can be exploited by malicious people to disclose sensitive information, and by malicious users and malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/31730/ -- [SA31673] IBM WebSphere Application Server for z/OS HTTP Server mod_proxy_ftp Vulnerability Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2008-08-29 IBM has acknowledged a vulnerability in IBM WebSphere Application Server for z/OS, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/31673/ -- [SA31680] Kyocera FS-118MFP Command Center Directory Traversal Vulnerability Critical: Less critical Where: From local network Impact: Exposure of sensitive information Released: 2008-09-02 Francesco Tornieri has reported a vulnerability in Kyocera FS-118MFP, which can be exploited by malicious people to disclose potentially sensitive information. Full Advisory: http://secunia.com/advisories/31680/ -- [SA31665] Belkin Wireless G Router Web Interface Authentication Bypass Critical: Less critical Where: From local network Impact: Security Bypass Released: 2008-09-03 noensr has reported a vulnerability in Belkin Wireless G F5D7632-4V6, which can be exploited by malicious people to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/31665/ Cross Platform:-- [SA31709] VMware Player Multiple Vulnerabilities Critical: Highly critical Where: From remote Impact: DoS, System access Released: 2008-09-01 VMware has acknowledged some vulnerabilities in VMware Player, which can be exploited by malicious, local users to gain escalated privileges and by malicious people to cause a DoS (Denial of Service) and potentially compromise a user's system. Full Advisory: http://secunia.com/advisories/31709/ -- [SA31708] VMware Server Multiple Vulnerabilities Critical: Highly critical Where: From remote Impact: Privilege escalation, DoS, System access Released: 2008-09-01 VMware has acknowledged some vulnerabilities in VMware Server, which can be exploited by malicious, local users to gain escalated privileges and by malicious people to cause a DoS (Denial of Service) and potentially compromise a user's system. Full Advisory: http://secunia.com/advisories/31708/ -- [SA31707] VMware Workstation Multiple Vulnerabilities Critical: Highly critical Where: From remote Impact: Privilege escalation, DoS, System access Released: 2008-09-01 VMware has acknowledged some vulnerabilities in VMware Workstation, which can be exploited by malicious, local users to gain escalated privileges and by malicious people to cause a DoS (Denial of Service) and potentially compromise a user's system. Full Advisory: http://secunia.com/advisories/31707/ -- [SA31723] Ruby on Rails REXML Denial of Service Vulnerability Critical: Moderately critical Where: From remote Impact: DoS Released: 2008-09-03 A vulnerability has been reported in Ruby on Rails, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/31723/ -- [SA31703] Reciprocal Links Manager "site" SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2008-09-02 Hussin X has discovered a vulnerability in Reciprocal Links Manager, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/31703/ -- [SA31696] Living Local Website "r" SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2008-09-04 Hussin X has reported a vulnerability in Living Local Website, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/31696/ -- [SA31683] Invision Power Board Multiple Vulnerabilities Critical: Moderately critical Where: From remote Impact: Hijacking, Manipulation of data, Exposure of sensitive information, System access Released: 2008-09-03 DarkFig has reported some vulnerabilities in Invision Power Board (IP.Board), which can be exploited by malicious users to disclose sensitive information and compromise a vulnerable system, and by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/31683/ -- [SA31682] EasyClassifields "go" SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2008-09-01 e.wiZz! has discovered a vulnerability in EasyClassifields, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/31682/ -- [SA31678] Novell IDM Cross-Site Scripting and Script Insertion Critical: Moderately critical Where: From remote Impact: Cross Site Scripting Released: 2008-09-01 Some vulnerabilities have been reported in Novell User Application and Novell Identity Manager Roles Based Provisioning Module, which can be exploited by malicious people to conduct script insertion and cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/31678/ -- [SA31674] Wireshark Denial of Service Vulnerabilities Critical: Moderately critical Where: From remote Impact: DoS Released: 2008-09-04 Some vulnerabilities have been reported in Wireshark, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/31674/ -- [SA31669] CMSbright "id_rub_page" SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2008-09-04 BorN To K!LL has reported a vulnerability in CMSbright, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/31669/ -- [SA31664] Spice Classifieds "cat_path" SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2008-09-03 Cyb3r-1sT has reported a vulnerability in Spice Classifieds, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/31664/ -- [SA31684] Novell eDirectory Multiple Vulnerabilities Critical: Moderately critical Where: From local network Impact: Unknown, Cross Site Scripting, DoS, System access Released: 2008-08-29 Multiple vulnerabilities have been reported in Novell eDirectory, where some have an unknown impact and others can be exploited by malicious people to conduct cross-site scripting attacks or to potentially compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/31684/ -- [SA31735] Celerondude Uploader "username" Cross-Site Scripting Vulnerability Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2008-09-04 A vulnerability has been discovered in Celerondude Uploader, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/31735/ -- [SA31729] Django Authentication Cross-Site Request Forgery Critical: Less critical Where: From remote Impact: Cross Site Scripting, Manipulation of data Released: 2008-09-04 A vulnerability has been reported in Django, which can be exploited by malicious people to conduct cross-site request forgery attacks. Full Advisory: http://secunia.com/advisories/31729/ -- [SA31719] Open Media Collectors Database Cross-Site Scripting and Request Forgery Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2008-09-03 Some vulnerabilities have been discovered in Open Media Collectors Database (OpenDb), which can be exploited by malicious people to conduct cross-site scripting and cross-site request forgery attacks. Full Advisory: http://secunia.com/advisories/31719/ -- [SA31681] dotProject SQL Injection and Cross-Site Scripting Critical: Less critical Where: From remote Impact: Cross Site Scripting, Manipulation of data, Exposure of sensitive information Released: 2008-08-29 C1c4Tr1Z has discovered some vulnerabilities in dotProject, which can be exploited by malicious users to conduct SQL injection attacks, and by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/31681/ -- [SA31679] vtiger CRM Multiple Cross-Site Scripting Vulnerabilities Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2008-09-02 Fabian Fingerle has discovered some vulnerabilities in vtiger CRM, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/31679/ -- [SA31662] Blogn Cross-Site Scripting and Cross-Site Request Forgery Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2008-08-29 Two vulnerabilities have been reported in Blogn, which can be exploited by malicious people to conduct cross-site scripting and cross-site request forgery attacks. Full Advisory: http://secunia.com/advisories/31662/ -- [SA31661] Brim SQL Injection and Script Insertion Vulnerabilities Critical: Less critical Where: From remote Impact: Cross Site Scripting, Manipulation of data, Exposure of sensitive information Released: 2008-09-01 Fisher762 has discovered two vulnerabilities in Brim, which can be exploited by malicious users to conduct script insertion and SQL injection attacks. Full Advisory: http://secunia.com/advisories/31661/ -- [SA31731] Cisco Secure ACS EAP Packet Denial of Service Critical: Less critical Where: From local network Impact: DoS Released: 2008-09-04 A vulnerability has been reported in Cisco Secure Access Control Server (ACS), which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/31731/ -- [SA31688] HP OpenView Network Node Manager Denial of Service Critical: Less critical Where: From local network Impact: DoS Released: 2008-09-03 Some vulnerabilities have been reported in HP OpenView Network Node Manager, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/31688/ ======================================================================== Secunia recommends that you verify all advisories you receive, by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Subscribe: http://secunia.com/secunia_weekly_summary/ Contact details: Web : http://secunia.com/ E-mail : support_at_private Tel : +45 70 20 51 44 Fax : +45 70 20 51 45 __________________________________________________ Register now for HITBSecConf2008 - Malaysia! With a new triple-track conference featuring 4 keynote speakers and over 35 international experts, this is the largest network security event in Asia and the Middle East! http://conference.hackinthebox.org/hitbsecconf2008kl/Received on Fri Sep 05 2008 - 02:41:28 PDT
This archive was generated by hypermail 2.2.0 : Fri Sep 05 2008 - 02:47:12 PDT