======================================================================== The Secunia Weekly Advisory Summary 2008-09-04 - 2008-09-11 This week: 73 advisories ======================================================================== Table of Contents: 1.....................................................Word From Secunia 2....................................................This Week In Brief 3...............................This Weeks Top Ten Most Read Advisories 4.......................................Vulnerabilities Summary Listing 5.......................................Vulnerabilities Content Listing ======================================================================== 1) Word From Secunia: BLOG: A new face - The same reliable intelligence 6 years ago the first user visited Secunia... Now we have more than 5 million annual visitors and 70,000 daily users of the Software Inspector solutions. Read more: http://secunia.com/blog/26/ Visit our new website: http://secunia.com/ ======================================================================== 2) This Week in Brief: Multiple vulnerabilities have been reported in QuickTime, which can be exploited by malicious people to compromise a user's system. For more information, refer to: http://secunia.com/advisories/31821/ -- The monthly security bulletins from Microsoft have been released. For more information, refer to: http://secunia.com/advisories/31744/ http://secunia.com/advisories/31726/ http://secunia.com/advisories/31724/ http://secunia.com/advisories/31675/ ======================================================================== 3) This Weeks Top Ten Most Read Advisories: 1. [SA14652] Subdreamer Light Global Variables SQL Injection Vulnerability 2. [SA31010] Sun Java JDK / JRE Multiple Vulnerabilities 3. [SA31549] Opera Multiple Vulnerabilities 4. [SA29321] Microsoft Office Two Code Execution Vulnerabilities 5. [SA20153] Microsoft Word Malformed Object Pointer Vulnerability 6. [SA31730] Cisco ASA and PIX Security Appliances Multiple Vulnerabilities 7. [SA31675] Microsoft Products GDI+ Multiple Vulnerabilities 8. [SA28083] Adobe Flash Player Multiple Vulnerabilities 9. [SA29293] Apple QuickTime Multiple Vulnerabilities 10. [SA31745] FreeBSD ICMPv6 "Packet Too Big" MTU Denial of Service Vulnerability ======================================================================== 4) Vulnerabilities Summary Listing Windows: [SA31821] Apple QuickTime Multiple Vulnerabilities [SA31819] Creator CMS "sideid" SQL Injection Vulnerability [SA31750] Simple Machines Forum Password Reset Vulnerability [SA31822] Apple Bonjour for Windows mDNSResponder Vulnerabilities [SA31765] X-Spam for SMTP Servers Insecure File Permissions [SA31764] HP OpenView Select Identity Connectors Information Disclosure UNIX/Linux: [SA31834] Fedora update for yelp [SA31827] Fedora update for xine-lib [SA31756] Gentoo update for realplayer [SA31753] Gentoo update for yelp [SA31838] Fedora update for libtiff [SA31825] Fedora update for drupal [SA31799] Debian update for freetype [SA31797] Gentoo update for tiff [SA31793] phpAdultSite CMS SQL Injection And Cross-Site Scripting [SA31792] NetBSD Malformed ICMPv6 "MLD-QUERY" Denial of Service [SA31790] Gentoo update for courier-authlib [SA31785] Gentoo update for VLC [SA31778] Fedora update for openoffice.org [SA31766] Sun Solaris 10 GNU Tar PAX Extended Headers Handling Buffer Overflow [SA31763] rPath update for libtiff [SA31754] Gentoo update for dnsmasq [SA31836] SUSE update for kernel [SA31833] Fedora update for bluez-utils and bluez-libs [SA31777] Fedora update for adminutil [SA31837] Fedora update for Django [SA31806] Movable Type Multiple Vulnerabilities [SA31759] Fedora update for awstats [SA31791] Red Hat Enterprise IPA Information Disclosure and Denial of Service [SA31839] Fedora update for amarok [SA31831] Fedora update for R and rpy [SA31798] Gentoo update for Amarok [SA31783] Linux Kernel "listxattr" Memory Corruption and CHRP Denial of Service [SA31771] Fedora update for xastir [SA31755] Gentoo update for mysql [SA31800] Ubuntu update for postfix Other: [SA31823] Apple iPod Touch Multiple Vulnerabilities [SA31840] Ingate Firewall and SIParator DNS Cache Poisoning [SA31802] Linksys WRT350N Denial of Service Vulnerability [SA31770] Netgear WN802T Wireless Access Point Two Vulnerabilities [SA31767] D-Link DIR-100 Ethernet Broadband Router URL Filtering Bypass [SA31752] Samsung DVR SHR2040 Denial of Service Vulnerability Cross Platform: [SA31776] DevalCMS Cross-Site Scripting and Code Execution Vulnerabilities [SA31842] Horde Products MIME Library and HTML Message Script Insertion Vulnerabilities [SA31818] Stash Multiple SQL Injection Vulnerabilities [SA31817] CMS Buzz "id" SQL Injection Vulnerability [SA31816] AvailScript Article Script "aIDS" Cross-Site Scripting and SQL Injection [SA31814] AvailScript Photo Album "sid" and "a" SQL Injection Vulnerabilities [SA31813] AvailScript Classmate Script "p" SQL Injection [SA31811] Libera CMS Multiple SQL Injection Vulnerabilities [SA31810] AvailScript Jobs Portal Script "jid" SQL Injection Vulnerability [SA31795] E-Php B2B Trading Marketplace Script "cid" SQL Injection [SA31789] Joomla! Multiple Vulnerabilities [SA31787] IBM DB2 Multiple Vulnerabilities [SA31782] Thyme "uname_search" SQL Injection Vulnerability [SA31772] Live TV Script "mid" SQL Injection Vulnerability [SA31760] MyBB Multiple Vulnerabilities [SA31758] Zen Cart Two SQL Injection Vulnerabilities [SA31751] MemHT Portal "stats_res" SQL Injection Vulnerability [SA31846] DeluxeBB Cross-Site Scripting Vulnerability [SA31845] phpMyFAQ Cross-Site Scripting Vulnerability [SA31843] LedgerSMB Denial of Service and SQL Injection Vulnerabilities [SA31835] Tor World CGI Scripts Cross-Site Scripting Vulnerabilities [SA31807] Movable Type Multiple Vulnerabilities [SA31805] High Norm Sound Master 2nd Cross-Site Scripting Vulnerability [SA31804] UBB.threads "Forum[]" SQL Injection Vulnerability [SA31803] phpAuction "phpinfo.php" Information Disclosure [SA31801] Silentum LoginSys Multiple Cross-site Scripting Vulnerabilities [SA31781] libpng "png_push_read_zTXt()" Off-By-One Vulnerability [SA31768] Avactis Shopping Cart "checkout.php" Cross-Site Scripting [SA31757] Drupal Content Construction Kit Script Insertion Vulnerabilities [SA31769] MySQL Empty Bit-String Literal Denial of Service [SA31824] Apple iTunes Privilege Escalation Vulnerability ======================================================================== 5) Vulnerabilities Content Listing Windows:-- [SA31821] Apple QuickTime Multiple Vulnerabilities Critical: Highly critical Where: From remote Impact: System access Released: 2008-09-10 Multiple vulnerabilities have been reported in QuickTime, which can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/31821/ -- [SA31819] Creator CMS "sideid" SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Manipulation of data, Exposure of sensitive information Released: 2008-09-11 ThE X-HaCkEr has reported a vulnerability in Creator CMS, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/31819/ -- [SA31750] Simple Machines Forum Password Reset Vulnerability Critical: Moderately critical Where: From remote Impact: Security Bypass Released: 2008-09-08 A vulnerability has been reported in Simple Machines Forum, which can be exploited by malicious people to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/31750/ -- [SA31822] Apple Bonjour for Windows mDNSResponder Vulnerabilities Critical: Less critical Where: From remote Impact: Spoofing, DoS Released: 2008-09-10 Two vulnerabilities have been reported in Apple Bonjour for Windows, which can be exploited by malicious people to cause a DoS (Denial of Service) or spoof DNS responses. Full Advisory: http://secunia.com/advisories/31822/ -- [SA31765] X-Spam for SMTP Servers Insecure File Permissions Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2008-09-08 Edi Strosar has reported a security issue in X-Spam for SMTP Servers, which can be exploited by malicious, local users to gain escalated privileges. Full Advisory: http://secunia.com/advisories/31765/ -- [SA31764] HP OpenView Select Identity Connectors Information Disclosure Critical: Less critical Where: Local system Impact: Exposure of system information, Exposure of sensitive information Released: 2008-09-05 A vulnerability has been reported in various HP OpenView Select Identity Connectors, which can be exploited by malicious, local users to disclose potentially sensitive information. Full Advisory: http://secunia.com/advisories/31764/ UNIX/Linux:-- [SA31834] Fedora update for yelp Critical: Highly critical Where: From remote Impact: DoS, System access Released: 2008-09-10 Fedora has issued an update for yelp. This fixes a vulnerability, which potentially can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/31834/ -- [SA31827] Fedora update for xine-lib Critical: Highly critical Where: From remote Impact: DoS, System access Released: 2008-09-10 Fedora has issued an update for xine-lib. This fixes some vulnerabilities, which potentially can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/31827/ -- [SA31756] Gentoo update for realplayer Critical: Highly critical Where: From remote Impact: System access Released: 2008-09-05 Gentoo has issued an update for realplayer. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/31756/ -- [SA31753] Gentoo update for yelp Critical: Highly critical Where: From remote Impact: DoS, System access Released: 2008-09-05 Gentoo has issued an update for yelp. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/31753/ -- [SA31838] Fedora update for libtiff Critical: Moderately critical Where: From remote Impact: DoS, System access Released: 2008-09-10 Fedora has issued an update for libtiff. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) or to potentially compromise a user's system. Full Advisory: http://secunia.com/advisories/31838/ -- [SA31825] Fedora update for drupal Critical: Moderately critical Where: From remote Impact: Cross Site Scripting, Manipulation of data, System access Released: 2008-09-10 Fedora has issued an update for drupal. This fixes some vulnerabilities, which can be exploited by malicious users to conduct script insertion attacks and compromise a vulnerable system, and by malicious people to conduct cross-site scripting and cross-site request forgery attacks. Full Advisory: http://secunia.com/advisories/31825/ -- [SA31799] Debian update for freetype Critical: Moderately critical Where: From remote Impact: DoS, System access Released: 2008-09-11 Debian has issued an update for freetype. This fixes some vulnerabilities, which potentially can be exploited by malicious people to compromise an application using the library. Full Advisory: http://secunia.com/advisories/31799/ -- [SA31797] Gentoo update for tiff Critical: Moderately critical Where: From remote Impact: System access, DoS Released: 2008-09-09 Gentoo has issued an update for tiff. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) or to potentially compromise a user's system. Full Advisory: http://secunia.com/advisories/31797/ -- [SA31793] phpAdultSite CMS SQL Injection And Cross-Site Scripting Critical: Moderately critical Where: From remote Impact: Cross Site Scripting, Manipulation of data Released: 2008-09-08 David Sopas has reported a vulnerability in phpAdultSite CMS, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks. Full Advisory: http://secunia.com/advisories/31793/ -- [SA31792] NetBSD Malformed ICMPv6 "MLD-QUERY" Denial of Service Critical: Moderately critical Where: From remote Impact: DoS Released: 2008-09-08 A vulnerability has been reported in NetBSD, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/31792/ -- [SA31790] Gentoo update for courier-authlib Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2008-09-08 Gentoo has issued an update for courier-authlib. This fixes a vulnerability, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/31790/ -- [SA31785] Gentoo update for VLC Critical: Moderately critical Where: From remote Impact: System access Released: 2008-09-08 Gentoo has issued an update for VLC. This fixes some vulnerabilities, which potentially can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/31785/ -- [SA31778] Fedora update for openoffice.org Critical: Moderately critical Where: From remote Impact: DoS, System access Released: 2008-09-10 Fedora has issued an update for openoffice.org. This fixes a vulnerability, which potentially can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/31778/ -- [SA31766] Sun Solaris 10 GNU Tar PAX Extended Headers Handling Buffer Overflow Critical: Moderately critical Where: From remote Impact: DoS, System access Released: 2008-09-09 Sun has acknowledged a vulnerability in GNU Tar in Solaris, which potentially can be exploited by malicious people to cause a DoS (Denial of Service) and to compromise a user's system. Full Advisory: http://secunia.com/advisories/31766/ -- [SA31763] rPath update for libtiff Critical: Moderately critical Where: From remote Impact: DoS, System access Released: 2008-09-05 rPath has issued an update for libtiff. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) or compromise a user's system. Full Advisory: http://secunia.com/advisories/31763/ -- [SA31754] Gentoo update for dnsmasq Critical: Moderately critical Where: From remote Impact: Spoofing, DoS Released: 2008-09-05 Gentoo has issued an update for dnsmasq. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and poison the DNS cache. Full Advisory: http://secunia.com/advisories/31754/ -- [SA31836] SUSE update for kernel Critical: Moderately critical Where: From local network Impact: Exposure of sensitive information, DoS, System access Released: 2008-09-11 SUSE has issued an update for the kernel. This fixes some vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service) and disclose potentially sensitive information, and by malicious people to cause a DoS and potentially compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/31836/ -- [SA31833] Fedora update for bluez-utils and bluez-libs Critical: Moderately critical Where: From local network Impact: DoS, System access Released: 2008-09-10 Fedora has issued an update for bluez-utils and bluez-libs. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) or to potentially compromise a user's system. Full Advisory: http://secunia.com/advisories/31833/ -- [SA31777] Fedora update for adminutil Critical: Moderately critical Where: From local network Impact: Cross Site Scripting, DoS, System access Released: 2008-09-10 Fedora has issued an update for adminutil. This fixes some vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting attacks, cause a DoS (Denial of Service), and potentially compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/31777/ -- [SA31837] Fedora update for Django Critical: Less critical Where: From remote Impact: Cross Site Scripting, Manipulation of data Released: 2008-09-10 Fedora has issued an update for Django. This fixes a vulnerability, which can be exploited by malicious people to conduct cross-site request forgery attacks. Full Advisory: http://secunia.com/advisories/31837/ -- [SA31806] Movable Type Multiple Vulnerabilities Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2008-09-09 Some vulnerabilities have been reported in Movable Type, which can be exploited by malicious people to conduct cross-site scripting and cross-site request forgery attacks. Full Advisory: http://secunia.com/advisories/31806/ -- [SA31759] Fedora update for awstats Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2008-09-10 Fedora has issued an update for awstats. This fixes a vulnerability, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/31759/ -- [SA31791] Red Hat Enterprise IPA Information Disclosure and Denial of Service Critical: Less critical Where: From local network Impact: Exposure of sensitive information, DoS Released: 2008-09-11 Some vulnerabilities have been reported in Red Hat Enterprise IPA, which can be exploited by malicious people to disclose potentially sensitive information and cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/31791/ -- [SA31839] Fedora update for amarok Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2008-09-10 Fedora has released an update for amarok.This fixes a security issue, which can be exploited by malicious, local users to perform certain actions with escalated privileges. Full Advisory: http://secunia.com/advisories/31839/ -- [SA31831] Fedora update for R and rpy Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2008-09-10 Fedora has issued an update for R and rpy. This fixes a security issue, which can be exploited by malicious, local users to perform certain actions with escalated privileges. Full Advisory: http://secunia.com/advisories/31831/ -- [SA31798] Gentoo update for Amarok Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2008-09-09 Gentoo has issued an update for Amarok. This fixes a vulnerability, which can be exploited by malicious, local users to perform certain actions with escalated privileges. Full Advisory: http://secunia.com/advisories/31798/ -- [SA31783] Linux Kernel "listxattr" Memory Corruption and CHRP Denial of Service Critical: Less critical Where: Local system Impact: Privilege escalation, DoS Released: 2008-09-08 A security issue and a vulnerability have been reported in the Linux Kernel, which potentially can be exploited by malicious, local users to cause a DoS (Denial of Service) or potentially gain escalated privileges. Full Advisory: http://secunia.com/advisories/31783/ -- [SA31771] Fedora update for xastir Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2008-09-05 Fedora has issued an update for xastir. This fixes some security issues, which can be exploited by malicious, local users to perform certain actions with escalated privileges. Full Advisory: http://secunia.com/advisories/31771/ -- [SA31755] Gentoo update for mysql Critical: Less critical Where: Local system Impact: Security Bypass Released: 2008-09-05 Gentoo has issued an update for mysql. This fixes a security issue, which can be exploited by malicious, local users to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/31755/ -- [SA31800] Ubuntu update for postfix Critical: Not critical Where: Local system Impact: DoS Released: 2008-09-11 Ubuntu has issued an update for postfix. This fixes a security issue, which can be exploited by malicious, local users to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/31800/ Other:-- [SA31823] Apple iPod Touch Multiple Vulnerabilities Critical: Highly critical Where: From remote Impact: Hijacking, Security Bypass, Spoofing, Exposure of sensitive information, System access Released: 2008-09-10 Multiple vulnerabilities have been reported in Apple iPod touch, which can be exploited by malicious applications to bypass certain security features and by malicious people to poison the DNS cache, spoof TCP connections, or potentially compromise a user's device. Full Advisory: http://secunia.com/advisories/31823/ -- [SA31840] Ingate Firewall and SIParator DNS Cache Poisoning Critical: Moderately critical Where: From remote Impact: Spoofing Released: 2008-09-10 Ingate has acknowledged a security issue in Ingate Firewall and SIParator, which can potentially be exploited by malicious people to poison the DNS cache. Full Advisory: http://secunia.com/advisories/31840/ -- [SA31802] Linksys WRT350N Denial of Service Vulnerability Critical: Less critical Where: From local network Impact: DoS Released: 2008-09-09 A vulnerability has been reported in Linksys WRT350N, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/31802/ -- [SA31770] Netgear WN802T Wireless Access Point Two Vulnerabilities Critical: Less critical Where: From local network Impact: DoS Released: 2008-09-05 Laurent Butti and Julien Tinnes have reported some vulnerabilities in Netgear WN802T Wireless Access Point, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/31770/ -- [SA31767] D-Link DIR-100 Ethernet Broadband Router URL Filtering Bypass Critical: Less critical Where: From local network Impact: Security Bypass Released: 2008-09-09 Marc Ruef has reported a vulnerability in D-Link DIR-100 Ethernet Broadband Router, which can be exploited by malicious people to bypass the URL filtering functionality. Full Advisory: http://secunia.com/advisories/31767/ -- [SA31752] Samsung DVR SHR2040 Denial of Service Vulnerability Critical: Not critical Where: From local network Impact: DoS Released: 2008-09-10 Alex Hernandez has reported a vulnerability in Samsung DVR SHR2040, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/31752/ Cross Platform:-- [SA31776] DevalCMS Cross-Site Scripting and Code Execution Vulnerabilities Critical: Highly critical Where: From remote Impact: Cross Site Scripting, System access Released: 2008-09-10 IRCRASH has discovered some vulnerabilities in DevalCMS, which can be exploited to conduct cross-site scripting attacks and compromise a vulnerable user's system. Full Advisory: http://secunia.com/advisories/31776/ -- [SA31842] Horde Products MIME Library and HTML Message Script Insertion Vulnerabilities Critical: Moderately critical Where: From remote Impact: Cross Site Scripting Released: 2008-09-10 Some vulnerabilities have been reported in various Horde products, which can be exploited by malicious people to conduct script insertion attacks. Full Advisory: http://secunia.com/advisories/31842/ -- [SA31818] Stash Multiple SQL Injection Vulnerabilities Critical: Moderately critical Where: From remote Impact: Security Bypass, Manipulation of data, Exposure of sensitive information Released: 2008-09-11 IRCRASH has discovered multiple vulnerabilities in Stash, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/31818/ -- [SA31817] CMS Buzz "id" SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2008-09-10 security fears team has reported a vulnerability in CMS Buzz, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/31817/ -- [SA31816] AvailScript Article Script "aIDS" Cross-Site Scripting and SQL Injection Critical: Moderately critical Where: From remote Impact: Cross Site Scripting, Manipulation of data Released: 2008-09-11 sl4x.xuz has reported some vulnerabilities in AvailScript Article Script, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks. Full Advisory: http://secunia.com/advisories/31816/ -- [SA31814] AvailScript Photo Album "sid" and "a" SQL Injection Vulnerabilities Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2008-09-11 sl4x.xuz has reported some vulnerabilities in AvailScript Photo Album, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/31814/ -- [SA31813] AvailScript Classmate Script "p" SQL Injection Critical: Moderately critical Where: From remote Impact: Manipulation of data, Exposure of sensitive information Released: 2008-09-11 Stack has reported a vulnerability in AvailScript Classmate Script, which can be exploited by malicious users to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/31813/ -- [SA31811] Libera CMS Multiple SQL Injection Vulnerabilities Critical: Moderately critical Where: From remote Impact: Security Bypass, Manipulation of data Released: 2008-09-10 Some vulnerabilities have been discovered in Libera CMS, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/31811/ -- [SA31810] AvailScript Jobs Portal Script "jid" SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Manipulation of data, Exposure of sensitive information Released: 2008-09-11 Cyb3r-1sT has reported a vulnerability in AvailScript Jobs Portal Script, which can be exploited by malicious users to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/31810/ -- [SA31795] E-Php B2B Trading Marketplace Script "cid" SQL Injection Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2008-09-09 r45c4l has reported a vulnerability in E-Php B2B Trading Marketplace Script, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/31795/ -- [SA31789] Joomla! Multiple Vulnerabilities Critical: Moderately critical Where: From remote Impact: Unknown, Brute force Released: 2008-09-10 Some vulnerabilities and a security issue have been reported in Joomla!, where some have an unknown impact and others can potentially be exploited by malicious people to conduct brute force attacks. Full Advisory: http://secunia.com/advisories/31789/ -- [SA31787] IBM DB2 Multiple Vulnerabilities Critical: Moderately critical Where: From remote Impact: Unknown, Privilege escalation, DoS, System access Released: 2008-09-08 Some vulnerabilities have been reported in DB2, where some have an unknown impact and others can be exploited by malicious users to perform certain actions with escalated privileges, and by malicious people to cause a DoS or potentially compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/31787/ -- [SA31782] Thyme "uname_search" SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2008-09-09 Omer Singer has reported a vulnerability in Thyme, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/31782/ -- [SA31772] Live TV Script "mid" SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Manipulation of data, Exposure of sensitive information Released: 2008-09-11 Cyb3r-1sT has reported a vulnerability in Live TV Script, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/31772/ -- [SA31760] MyBB Multiple Vulnerabilities Critical: Moderately critical Where: From remote Impact: Unknown Released: 2008-09-10 Some vulnerabilities with unknown impacts have been reported in MyBB. Full Advisory: http://secunia.com/advisories/31760/ -- [SA31758] Zen Cart Two SQL Injection Vulnerabilities Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2008-09-08 James Bercegay has reported two vulnerabilities in Zen Cart, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/31758/ -- [SA31751] MemHT Portal "stats_res" SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2008-09-08 Ams has reported a vulnerability in MemHT Portal, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/31751/ -- [SA31846] DeluxeBB Cross-Site Scripting Vulnerability Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2008-09-11 A vulnerability has been reported in DeluxeBB, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/31846/ -- [SA31845] phpMyFAQ Cross-Site Scripting Vulnerability Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2008-09-11 A vulnerability has been reported in phpMyFAQ, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/31845/ -- [SA31843] LedgerSMB Denial of Service and SQL Injection Vulnerabilities Critical: Less critical Where: From remote Impact: Manipulation of data, DoS Released: 2008-09-11 Some vulnerabilities have been reported in LedgerSMB, which can be exploited by malicious users to conduct SQL injection attacks and malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/31843/ -- [SA31835] Tor World CGI Scripts Cross-Site Scripting Vulnerabilities Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2008-09-11 Some vulnerabilities have been reported in various Tor World CGI Scripts, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/31835/ -- [SA31807] Movable Type Multiple Vulnerabilities Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2008-09-09 Some vulnerabilities have been reported in Movable Type, which can be exploited by malicious people to conduct cross-site scripting and cross-site request forgery attacks. Full Advisory: http://secunia.com/advisories/31807/ -- [SA31805] High Norm Sound Master 2nd Cross-Site Scripting Vulnerability Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2008-09-09 A vulnerability has been reported in High Norm Sound Master 2nd, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/31805/ -- [SA31804] UBB.threads "Forum[]" SQL Injection Vulnerability Critical: Less critical Where: From remote Impact: Exposure of sensitive information, Manipulation of data Released: 2008-09-09 James Bercegay has reported a vulnerability in UBB.threads, which can be exploited by malicious users to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/31804/ -- [SA31803] phpAuction "phpinfo.php" Information Disclosure Critical: Less critical Where: From remote Impact: Exposure of system information Released: 2008-09-08 Beenu Arora has discovered a vulnerability in phpAuction, which can be exploited by malicious people to disclose sensitive information. Full Advisory: http://secunia.com/advisories/31803/ -- [SA31801] Silentum LoginSys Multiple Cross-site Scripting Vulnerabilities Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2008-09-08 Multiple vulnerabilities have been discovered in Silentum LoginSys, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/31801/ -- [SA31781] libpng "png_push_read_zTXt()" Off-By-One Vulnerability Critical: Less critical Where: From remote Impact: DoS Released: 2008-09-08 A vulnerability has been reported in libpng, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/31781/ -- [SA31768] Avactis Shopping Cart "checkout.php" Cross-Site Scripting Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2008-09-08 Russ McRee has discovered two vulnerabilities in Avactis Shopping Cart, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/31768/ -- [SA31757] Drupal Content Construction Kit Script Insertion Vulnerabilities Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2008-09-05 Some vulnerabilities have been reported in the Drupal Content Construction Kit (CCK), which can be exploited by malicious users to conduct script insertion attacks. Full Advisory: http://secunia.com/advisories/31757/ -- [SA31769] MySQL Empty Bit-String Literal Denial of Service Critical: Less critical Where: From local network Impact: DoS Released: 2008-09-11 A vulnerability has been reported in MySQL, which can be exploited by malicious users to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/31769/ -- [SA31824] Apple iTunes Privilege Escalation Vulnerability Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2008-09-10 A vulnerability has been reported in Apple iTunes, which can be exploited by malicious, local users to gain escalated privileges. Full Advisory: http://secunia.com/advisories/31824/ ======================================================================== Secunia recommends that you verify all advisories you receive, by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Subscribe: http://secunia.com/advisories/weekly_summary/ Contact details: Web : http://secunia.com/ E-mail : support_at_private Tel : +45 70 20 51 44 Fax : +45 70 20 51 45 __________________________________________________ Register now for HITBSecConf2008 - Malaysia! With a new triple-track conference featuring 4 keynote speakers and over 35 international experts, this is the largest network security event in Asia and the Middle East! http://conference.hackinthebox.org/hitbsecconf2008kl/Received on Fri Sep 12 2008 - 00:03:15 PDT
This archive was generated by hypermail 2.2.0 : Fri Sep 12 2008 - 00:13:32 PDT