======================================================================== The Secunia Weekly Advisory Summary 2008-09-11 - 2008-09-18 This week: 63 advisories ======================================================================== Table of Contents: 1.....................................................Word From Secunia 2....................................................This Week In Brief 3...............................This Weeks Top Ten Most Read Advisories 4.......................................Vulnerabilities Summary Listing 5.......................................Vulnerabilities Content Listing ======================================================================== 1) Word From Secunia: BLOG: A new face - The same reliable intelligence 6 years ago the first user visited Secunia... Now we have more than 5 million annual visitors and 70,000 daily users of the Software Inspector solutions. Read more: http://secunia.com/blog/26/ Visit our new website: http://secunia.com/ ======================================================================== 2) This Week in Brief: Some vulnerabilities have been reported in Adobe Illustrator, which can potentially be exploited by malicious people to compromise a vulnerable system. For more information, refer to: http://secunia.com/advisories/31902/ -- Apple has issued a security update for Mac OS X, which fixes multiple vulnerabilities. For more information, refer to: http://secunia.com/advisories/31882/ ======================================================================== 3) This Weeks Top Ten Most Read Advisories: 1. [SA31832] ZoneAlarm Internet Security Suite "multiscan.exe" Buffer Overflow 2. [SA31342] Trend Micro OfficeScan Server "cgiRecvFile.exe" Buffer Overflow 3. [SA14652] Subdreamer Light Global Variables SQL Injection Vulnerability 4. [SA31737] WordPress Insecure Password Generation Vulnerability 5. [SA31808] D-iscussion Board "topic" Local File Inclusion Vulnerability 6. [SA31821] Apple QuickTime Multiple Vulnerabilities 7. [SA31854] Unreal Engine Format String Vulnerabilities and Denial of Service 8. [SA31675] Microsoft Products GDI+ Multiple Vulnerabilities 9. [SA31893] DotNetNuke Multiple Vulnerabilities 10. [SA31865] Fedora update for tomcat6 ======================================================================== 4) Vulnerabilities Summary Listing Windows: [SA31888] LANDesk Multiple Products Buffer Overflow Vulnerability [SA31852] Personal FTP Server "RETR" Denial of Service Vulnerability [SA31883] Microsoft Windows "WRITE_ANDX" SMB Packet Handling Denial of Service UNIX/Linux: [SA31939] SUSE update for gnutls [SA31902] Adobe Illustrator Unspecified Code Execution Vulnerabilities [SA31894] Data Dynamics ActiveReports ARViewer2 ActiveX Control Insecure Methods [SA31882] Apple Mac OS X Security Update Fixes Multiple Vulnerabilities [SA31906] Kolab Server ClamAV Denial of Service [SA31891] Fedora update for tomcat5 [SA31890] NetBSD IPsec-Tools racoon Phase 1 Handler Denial of Service [SA31886] rPath update for wireshark [SA31885] Debian update for openssh [SA31870] Fedora update for wordpress [SA31868] Red Hat update for libxml2 [SA31865] Fedora update for tomcat6 [SA31864] Fedora update for wireshark [SA31860] Red Hat update for libxml2 [SA31856] Ubuntu update for freetype [SA31855] Ubuntu update for libxml2 [SA31847] pdnsd DNS Cache Poisoning and Denial of Service [SA31878] Sun Solaris update for bzip2 [SA31869] Red Hat update for bzip2 [SA31866] Fedora update for httrack [SA31863] cPanel Fantastico De Luxe "fantasticopath" Local File Inclusion [SA31913] Fedora Directory Server Denial of Service Vulnerabilities [SA31867] Fedora update for fedora-ds-base [SA31861] Fedora update for ipa [SA31895] Sun Solaris Editors Tag File Handling Privilege Escalation Vulnerability [SA31881] Debian update for linux-2.6.24 Other: [SA31900] Apple iPhone Multiple Vulnerabilities [SA31848] Accellion File Transfer Appliance "api_error_email.html" Security Bypass [SA31905] Nortel Switched Firewall Products SNMPv3 HMAC Authentication Bypass [SA31857] Nokia E90 Communicator Denial of Service Vulnerability Cross Platform: [SA31916] TECHNOTE "shop_this_skin_path" File Inclusion Vulnerability [SA31874] phpRealty "INC" File Inclusion Vulnerability [SA31923] E-Php Content Management System "es_id" SQL Injection [SA31918] TYPO3 phpMyAdmin Extension PHP Code Execution Vulnerability [SA31910] Ruby on Rails ":offset" and ":limit" SQL Injection Vulnerabilities [SA31909] Ruby on Rails ":offset" and ":limit" SQL Injection Vulnerabilities [SA31893] DotNetNuke Multiple Vulnerabilities [SA31892] WebSphere Application Server Unspecified Vulnerability [SA31884] phpMyAdmin "sort_by" PHP Code Execution [SA31879] TalkBack "language" Local File Inclusion [SA31876] OSADS Unspecified Security Issue [SA31875] Ruby on Rails ":offset" and ":limit" SQL Injection Vulnerabilities [SA31873] Pre Real Estate Listings "c" SQL Injection Vulnerability [SA31872] PSCRIPT Forum "showprofil.php" SQL Injection [SA31871] iBoutique "cat" SQL Injection Vulnerability [SA31854] Unreal Engine Format String Vulnerabilities and Denial of Service [SA31853] Link Bid Two SQL Injection Vulnerabilities [SA31851] YourOwnBux Security Bypass Vulnerability [SA31850] Free PHP VX Guestbook Security Bypass Vulnerabilities [SA31938] Quick.Cart "admin.php" Cross-Site Scripting [SA31914] Drupal Link To Us Module "Link page header" Script Insertion [SA31912] Gallery Symlink ZIP Archive Information Disclosure [SA31908] Drupal Talk Module Script Insertion and Security Bypass [SA31904] IBM HTTP Server mod_proxy Interim Responses Denial of Service [SA31896] FlexNET Connect Insecure Script Execution Vulnerability [SA31889] Drupal Mailsave Module MIME Type Script Insertion [SA31877] Drupal Mailhandler Module Unspecified SQL Injection [SA31859] NooMS Two Cross-Site Scripting Vulnerabilities [SA31858] Gallery Flash Animation Script Insertion Vulnerability [SA31899] FFmpeg libavformat gifdec.c GIF Processing Denial of Service ======================================================================== 5) Vulnerabilities Content Listing Windows:-- [SA31888] LANDesk Multiple Products Buffer Overflow Vulnerability Critical: Moderately critical Where: From local network Impact: System access Released: 2008-09-16 A vulnerability has been reported in multiple LANDesk products, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/31888/ -- [SA31852] Personal FTP Server "RETR" Denial of Service Vulnerability Critical: Less critical Where: From remote Impact: DoS Released: 2008-09-17 Shinnok raydenxy has discovered a vulnerability in Personal FTP Server, which can be exploited by malicious users to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/31852/ -- [SA31883] Microsoft Windows "WRITE_ANDX" SMB Packet Handling Denial of Service Critical: Less critical Where: From local network Impact: DoS Released: 2008-09-16 A vulnerability has been reported in Microsoft Windows Vista, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/31883/ UNIX/Linux:-- [SA31939] SUSE update for gnutls Critical: Highly critical Where: From remote Impact: DoS, System access Released: 2008-09-18 SuSE has issued an update for gnutls. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) or to potentially compromise an application using the library. Full Advisory: http://secunia.com/advisories/31939/ -- [SA31902] Adobe Illustrator Unspecified Code Execution Vulnerabilities Critical: Highly critical Where: From remote Impact: System access Released: 2008-09-17 Some vulnerabilities have been reported in Adobe Illustrator, which can potentially be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/31902/ -- [SA31894] Data Dynamics ActiveReports ARViewer2 ActiveX Control Insecure Methods Critical: Highly critical Where: From remote Impact: Manipulation of data, System access Released: 2008-09-18 Tan Chew Keong has reported some vulnerabilities in Data Dynamics ActiveReports, which can be exploited by malicious people to overwrite arbitrary files and compromise a user's system. Full Advisory: http://secunia.com/advisories/31894/ -- [SA31882] Apple Mac OS X Security Update Fixes Multiple Vulnerabilities Critical: Highly critical Where: From remote Impact: Security Bypass, Cross Site Scripting, Spoofing, Manipulation of data, Exposure of system information, Exposure of sensitive information, DoS, System access Released: 2008-09-16 Apple has issued a security update for Mac OS X, which fixes multiple vulnerabilities. Full Advisory: http://secunia.com/advisories/31882/ -- [SA31906] Kolab Server ClamAV Denial of Service Critical: Moderately critical Where: From remote Impact: DoS Released: 2008-09-15 A vulnerability has been reported in Kolab Server, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/31906/ -- [SA31891] Fedora update for tomcat5 Critical: Moderately critical Where: From remote Impact: Security Bypass, Cross Site Scripting, Exposure of system information, Exposure of sensitive information Released: 2008-09-17 Fedora has issued an update for tomcat5. This fixes some vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting attacks, bypass certain security restrictions, or disclose sensitive information. Full Advisory: http://secunia.com/advisories/31891/ -- [SA31890] NetBSD IPsec-Tools racoon Phase 1 Handler Denial of Service Critical: Moderately critical Where: From remote Impact: DoS Released: 2008-09-16 A vulnerability has been reported in NetBSD, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/31890/ -- [SA31886] rPath update for wireshark Critical: Moderately critical Where: From remote Impact: DoS, System access Released: 2008-09-18 rPath has issued an update for wireshark. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/31886/ -- [SA31885] Debian update for openssh Critical: Moderately critical Where: From remote Impact: DoS Released: 2008-09-17 Debian has issued an update for openssh. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/31885/ -- [SA31870] Fedora update for wordpress Critical: Moderately critical Where: From remote Impact: Brute force Released: 2008-09-12 Fedora has issued an update for wordpress. This fixes a vulnerability, which can be exploited by malicious people to guess automatically generated passwords. Full Advisory: http://secunia.com/advisories/31870/ -- [SA31868] Red Hat update for libxml2 Critical: Moderately critical Where: From remote Impact: DoS, System access Released: 2008-09-12 Red Hat has issued an update for libxml2. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially to compromise an application using the library. Full Advisory: http://secunia.com/advisories/31868/ -- [SA31865] Fedora update for tomcat6 Critical: Moderately critical Where: From remote Impact: Security Bypass, Cross Site Scripting, Exposure of system information, Exposure of sensitive information Released: 2008-09-12 Fedora has issued an update for tomcat6. This fixes some vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting attacks, bypass certain security restrictions, or disclose sensitive information. Full Advisory: http://secunia.com/advisories/31865/ -- [SA31864] Fedora update for wireshark Critical: Moderately critical Where: From remote Impact: DoS Released: 2008-09-12 Fedora has issued an update for wireshark. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/31864/ -- [SA31860] Red Hat update for libxml2 Critical: Moderately critical Where: From remote Impact: DoS, System access Released: 2008-09-12 Red Hat has issued an update for libxml2. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise an application using the library. Full Advisory: http://secunia.com/advisories/31860/ -- [SA31856] Ubuntu update for freetype Critical: Moderately critical Where: From remote Impact: DoS, System access Released: 2008-09-12 Ubuntu has issued an update for freetype. This fixes some vulnerabilities, which potentially can be exploited by malicious people to compromise an application using the library. Full Advisory: http://secunia.com/advisories/31856/ -- [SA31855] Ubuntu update for libxml2 Critical: Moderately critical Where: From remote Impact: DoS, System access Released: 2008-09-12 Ubuntu has issued an update for libxml2. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise an application using the library. Full Advisory: http://secunia.com/advisories/31855/ -- [SA31847] pdnsd DNS Cache Poisoning and Denial of Service Critical: Moderately critical Where: From remote Impact: DoS Released: 2008-09-16 Some vulnerabilities have been reported in pdnsd, which can be exploited by malicious people to poison the DNS cache and cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/31847/ -- [SA31878] Sun Solaris update for bzip2 Critical: Less critical Where: From remote Impact: DoS Released: 2008-09-15 Sun has issued an update for bzip2. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/31878/ -- [SA31869] Red Hat update for bzip2 Critical: Less critical Where: From remote Impact: DoS Released: 2008-09-16 Red Hat has issued an update for bzip2. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/31869/ -- [SA31866] Fedora update for httrack Critical: Less critical Where: From remote Impact: System access Released: 2008-09-12 Fedora has issued an update for httrack. This fixes a vulnerability, which potentially can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/31866/ -- [SA31863] cPanel Fantastico De Luxe "fantasticopath" Local File Inclusion Critical: Less critical Where: From remote Impact: Exposure of system information, Exposure of sensitive information Released: 2008-09-16 joker_1 has reported a vulnerability in the Fantastico De Luxe module for cPanel, which can be exploited by malicious users to disclose sensitive information. Full Advisory: http://secunia.com/advisories/31863/ -- [SA31913] Fedora Directory Server Denial of Service Vulnerabilities Critical: Less critical Where: From local network Impact: DoS Released: 2008-09-18 Some vulnerabilities have been reported in Fedora Directory Server, which potentially can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/31913/ -- [SA31867] Fedora update for fedora-ds-base Critical: Less critical Where: From local network Impact: DoS Released: 2008-09-12 Fedora has issued an update for fedora-ds-base. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/31867/ -- [SA31861] Fedora update for ipa Critical: Less critical Where: From local network Impact: Exposure of sensitive information Released: 2008-09-12 Fedora has issued an update for ipa. This fixes a vulnerability, which can be exploited by malicious people to disclose sensitive information. Full Advisory: http://secunia.com/advisories/31861/ -- [SA31895] Sun Solaris Editors Tag File Handling Privilege Escalation Vulnerability Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2008-09-18 A vulnerability has been reported in Sun Solaris, which can be exploited by malicious, local users to gain escalated privileges. Full Advisory: http://secunia.com/advisories/31895/ -- [SA31881] Debian update for linux-2.6.24 Critical: Not critical Where: Local system Impact: DoS Released: 2008-09-12 Debian has issued an update for linux-2.6.24. This fixes some vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service) and disclose potentially sensitive information. Full Advisory: http://secunia.com/advisories/31881/ Other:-- [SA31900] Apple iPhone Multiple Vulnerabilities Critical: Highly critical Where: From remote Impact: Hijacking, Security Bypass, Spoofing, Exposure of sensitive information, System access Released: 2008-09-15 Multiple vulnerabilities have been reported in Apple iPhone, which can be exploited by malicious applications to bypass certain security features, and by malicious people to poison the DNS cache, spoof TCP connections, or potentially compromise a user's device. Full Advisory: http://secunia.com/advisories/31900/ -- [SA31848] Accellion File Transfer Appliance "api_error_email.html" Security Bypass Critical: Moderately critical Where: From remote Impact: Security Bypass Released: 2008-09-18 Eric BEAULIEU has reported a vulnerability in Accellion File Transfer Appliance, which can be exploited by malicious people to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/31848/ -- [SA31905] Nortel Switched Firewall Products SNMPv3 HMAC Authentication Bypass Critical: Less critical Where: From local network Impact: Spoofing Released: 2008-09-15 Nortel has acknowledged a vulnerability in Nortel Switched Firewall products, which can be exploited by malicious people to spoof authenticated SNMPv3 packets. Full Advisory: http://secunia.com/advisories/31905/ -- [SA31857] Nokia E90 Communicator Denial of Service Vulnerability Critical: Less critical Where: From local network Impact: DoS Released: 2008-09-16 wins.mallow has reported a vulnerability in Nokia E90 Communicator, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/31857/ Cross Platform:-- [SA31916] TECHNOTE "shop_this_skin_path" File Inclusion Vulnerability Critical: Highly critical Where: From remote Impact: System access Released: 2008-09-18 webDEViL has reported a vulnerability in TECHNOTE, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/31916/ -- [SA31874] phpRealty "INC" File Inclusion Vulnerability Critical: Highly critical Where: From remote Impact: System access Released: 2008-09-17 ka0x has discovered a vulnerability in phpRealty, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/31874/ -- [SA31923] E-Php Content Management System "es_id" SQL Injection Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2008-09-18 HaCker_Egy has reported a vulnerability in E-Php Content Management System, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/31923/ -- [SA31918] TYPO3 phpMyAdmin Extension PHP Code Execution Vulnerability Critical: Moderately critical Where: From remote Impact: System access Released: 2008-09-18 A vulnerability has been reported in the phpMyAdmin extension for TYPO3, which can be exploited by malicious users to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/31918/ -- [SA31910] Ruby on Rails ":offset" and ":limit" SQL Injection Vulnerabilities Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2008-09-15 Some vulnerabilities have been reported in Ruby on Rails, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/31910/ -- [SA31909] Ruby on Rails ":offset" and ":limit" SQL Injection Vulnerabilities Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2008-09-15 Some vulnerabilities have been reported in Ruby on Rails, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/31909/ -- [SA31893] DotNetNuke Multiple Vulnerabilities Critical: Moderately critical Where: From remote Impact: Security Bypass, Privilege escalation, System access Released: 2008-09-12 Some vulnerabilities have been reported in DotNetNuke, which can be exploited by malicious users to gain escalated privileges and by malicious people to bypass certain security restrictions and potentially compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/31893/ -- [SA31892] WebSphere Application Server Unspecified Vulnerability Critical: Moderately critical Where: From remote Impact: Unknown Released: 2008-09-15 A vulnerability with an unknown impact has been reported in WebSphere Application Server. Full Advisory: http://secunia.com/advisories/31892/ -- [SA31884] phpMyAdmin "sort_by" PHP Code Execution Critical: Moderately critical Where: From remote Impact: System access Released: 2008-09-16 Norman Hippert has reported a vulnerability in phpMyAdmin, which can be exploited by malicious users to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/31884/ -- [SA31879] TalkBack "language" Local File Inclusion Critical: Moderately critical Where: From remote Impact: Exposure of sensitive information Released: 2008-09-15 SirGod has discovered a vulnerability in TalkBack, which can be exploited by malicious people to disclose sensitive information. Full Advisory: http://secunia.com/advisories/31879/ -- [SA31876] OSADS Unspecified Security Issue Critical: Moderately critical Where: From remote Impact: Unknown Released: 2008-09-16 A security issue with an unknown impact has been reported in OSADS. Full Advisory: http://secunia.com/advisories/31876/ -- [SA31875] Ruby on Rails ":offset" and ":limit" SQL Injection Vulnerabilities Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2008-09-15 Some vulnerabilities have been reported in Ruby on Rails, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/31875/ -- [SA31873] Pre Real Estate Listings "c" SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Manipulation of data, Exposure of sensitive information Released: 2008-09-16 JosS has reported a vulnerability in Pre Real Estate Listings, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/31873/ -- [SA31872] PSCRIPT Forum "showprofil.php" SQL Injection Critical: Moderately critical Where: From remote Impact: Manipulation of data, Exposure of sensitive information Released: 2008-09-15 -tmh- has reported a vulnerability in Powies PSCRIPT Forum (pForum), which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/31872/ -- [SA31871] iBoutique "cat" SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Manipulation of data, Exposure of sensitive information Released: 2008-09-16 r45c4l and h4x0r have reported a vulnerability in iBoutique, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/31871/ -- [SA31854] Unreal Engine Format String Vulnerabilities and Denial of Service Critical: Moderately critical Where: From remote Impact: DoS, System access Released: 2008-09-12 Luigi Auriemma has reported some vulnerabilities in the Unreal Engine, which can potentially be exploited by malicious people to cause a DoS (Denial of Service) or compromise a user's system. Full Advisory: http://secunia.com/advisories/31854/ -- [SA31853] Link Bid Two SQL Injection Vulnerabilities Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2008-09-16 SirGod has discovered two vulnerabilities in Link Bid, which can be exploited by malicious people or users to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/31853/ -- [SA31851] YourOwnBux Security Bypass Vulnerability Critical: Moderately critical Where: From remote Impact: Security Bypass Released: 2008-09-15 Tec-n0x has reported a vulnerability in YourOwnBux, which can be exploited by malicious people to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/31851/ -- [SA31850] Free PHP VX Guestbook Security Bypass Vulnerabilities Critical: Moderately critical Where: From remote Impact: Security Bypass, Exposure of sensitive information Released: 2008-09-16 Two vulnerabilities have been reported in Free PHP VX Guestbook, which can be exploited by malicious people to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/31850/ -- [SA31938] Quick.Cart "admin.php" Cross-Site Scripting Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2008-09-18 John Cobb has discovered a vulnerability in Quick.Cart, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/31938/ -- [SA31914] Drupal Link To Us Module "Link page header" Script Insertion Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2008-09-18 Justin C. Klein Keane has reported a vulnerability in the Link To Us module for Drupal, which can be exploited by malicious users to conduct script insertion attacks. Full Advisory: http://secunia.com/advisories/31914/ -- [SA31912] Gallery Symlink ZIP Archive Information Disclosure Critical: Less critical Where: From remote Impact: Exposure of system information, Exposure of sensitive information Released: 2008-09-18 A vulnerability has been reported in Gallery, which can be exploited by malicious users to disclose sensitive information. Full Advisory: http://secunia.com/advisories/31912/ -- [SA31908] Drupal Talk Module Script Insertion and Security Bypass Critical: Less critical Where: From remote Impact: Security Bypass, Cross Site Scripting, Exposure of sensitive information Released: 2008-09-18 Two vulnerabilities have been reported in the Talk module for Drupal, which can be exploited by malicious users to conduct script insertion attacks, and by malicious people to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/31908/ -- [SA31904] IBM HTTP Server mod_proxy Interim Responses Denial of Service Critical: Less critical Where: From remote Impact: DoS Released: 2008-09-17 IBM has acknowledged a vulnerability in IBM HTTP Server, which can potentially be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/31904/ -- [SA31896] FlexNET Connect Insecure Script Execution Vulnerability Critical: Less critical Where: From remote Impact: System access Released: 2008-09-18 Brian Dowling has reported a vulnerability in FlexNET Connect, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/31896/ -- [SA31889] Drupal Mailsave Module MIME Type Script Insertion Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2008-09-18 A vulnerability has been reported in the Mailsave module for Drupal, which can be exploited by malicious users to conduct script insertion attacks. Full Advisory: http://secunia.com/advisories/31889/ -- [SA31877] Drupal Mailhandler Module Unspecified SQL Injection Critical: Less critical Where: From remote Impact: Manipulation of data, Privilege escalation Released: 2008-09-18 A vulnerability has been reported in the Mailhandler module for Drupal, which can be exploited by malicious users to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/31877/ -- [SA31859] NooMS Two Cross-Site Scripting Vulnerabilities Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2008-09-16 Khashayar Fereidani has discovered two vulnerabilities in NooMS, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/31859/ -- [SA31858] Gallery Flash Animation Script Insertion Vulnerability Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2008-09-18 A vulnerability has been reported in Gallery, which can be exploited by malicious users to conduct script insertion attacks. Full Advisory: http://secunia.com/advisories/31858/ -- [SA31899] FFmpeg libavformat gifdec.c GIF Processing Denial of Service Critical: Not critical Where: From remote Impact: DoS Released: 2008-09-18 A vulnerability has been reported in FFmpeg, which potentially can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/31899/ ======================================================================== Secunia recommends that you verify all advisories you receive, by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Subscribe: http://secunia.com/advisories/weekly_summary/ Contact details: Web : http://secunia.com/ E-mail : support_at_private Tel : +45 70 20 51 44 Fax : +45 70 20 51 45 __________________________________________________ Register now for HITBSecConf2008 - Malaysia! With a new triple-track conference featuring 4 keynote speakers and over 35 international experts, this is the largest network security event in Asia and the Middle East! http://conference.hackinthebox.org/hitbsecconf2008kl/Received on Sun Sep 21 2008 - 23:03:42 PDT
This archive was generated by hypermail 2.2.0 : Sun Sep 21 2008 - 23:07:57 PDT