======================================================================== The Secunia Weekly Advisory Summary 2008-09-18 - 2008-09-25 This week: 65 advisories ======================================================================== Table of Contents: 1.....................................................Word From Secunia 2....................................................This Week In Brief 3...............................This Weeks Top Ten Most Read Advisories 4.......................................Vulnerabilities Summary Listing 5.......................................Vulnerabilities Content Listing ======================================================================== 1) Word From Secunia: BLOG: A new face - The same reliable intelligence 6 years ago the first user visited Secunia... Now we have more than 5 million annual visitors and 70,000 daily users of the Software Inspector solutions. Read more: http://secunia.com/blog/26/ Visit our new website: http://secunia.com/ ======================================================================== 2) This Week in Brief: Some vulnerabilities have been reported in Mozilla Firefox, which can be exploited by malicious people to bypass certain security restrictions, to disclose sensitive information, or to potentially compromise a user's system. For more information, refer to: http://secunia.com/advisories/32011/ -- Some vulnerabilities have been reported in Cisco IOS, which can be exploited by malicious people to disclose sensitive information, cause a DoS (Denial of Service), or to compromise a vulnerable system. For more information, refer to: http://secunia.com/advisories/31990/ -- Some vulnerabilities have been reported in Symantec Veritas NetBackup, which can be exploited by malicious users to bypass certain security restrictions and by malicious people to overwrite arbitrary files or compromise a vulnerable system. For more information, refer to: http://secunia.com/advisories/32026/ ======================================================================== 3) This Weeks Top Ten Most Read Advisories: 1. [SA32011] Mozilla Firefox 3 Multiple Vulnerabilities 2. [SA31010] Sun Java JDK / JRE Multiple Vulnerabilities 3. [SA31924] ISC BIND for Windows UDP Client Handler Denial of Service 4. [SA31919] Sun Solaris ACL for UFS File Systems Local Denial of Service 5. [SA20153] Microsoft Word Malformed Object Pointer Vulnerability 6. [SA31911] Xerox ESS/Network Controller Samba Vulnerability 7. [SA31941] G DATA Products GDTdiIcpt.sys Privilege Escalation Vulnerability 8. [SA31794] Attachmax Multiple Vulnerabilities 9. [SA31929] Astaro update for ClamAV 10. [SA31830] H-Sphere webshell4 "login.php" Cross-Site Scripting ======================================================================== 4) Vulnerabilities Summary Listing Windows: [SA31950] BurnAware NMSDVDX ActiveX Control Insecure Methods [SA31949] CDBurnerXP Pro NMSDVDX ActiveX Control Insecure Methods [SA32026] Symantec Veritas NetBackup Multiple Vulnerabilities [SA31999] Dataspade Multiple Cross-Site Scripting Vulnerabilities [SA31983] Vignette VCM Unspecified Security Bypass Vulnerability [SA31941] G DATA Products GDTdiIcpt.sys Privilege Escalation Vulnerability UNIX/Linux: [SA32018] Mac OS X Java Multiple Vulnerabilities [SA32012] Ubuntu update for firefox and xulrunner [SA31987] Red Hat update for firefox [SA31985] Red Hat update for seamonkey [SA31982] SUSE Update for Multiple Packages [SA32034] Fedora update for phpMyAdmin [SA32006] Faad2 "decodeMP4file()" Buffer Overflow Vulnerability [SA31995] Gentoo update for newsbeuter [SA31994] MailWatch for MailScanner "doc" File Inclusion Vulnerability [SA31972] Gentoo update for mantisbt [SA31971] Gentoo update for havp [SA31963] strongSwan IKEv2 Daemon Denial of Service Vulnerability [SA31960] Debian update for phpmyadmin [SA31959] Debian update for horde3 [SA31942] VMware ESX / ESXi openwsman HTTP Basic Authentication Buffer Overflow [SA31991] Gentoo update for bitlbee [SA31964] Debian update for twiki [SA31961] Debian update for python-django [SA32002] HP-UX rpcbind Denial of Service Vulnerability [SA31996] Gentoo update for R [SA31970] Aegis "aegis.cgi" Insecure Temporary Files [SA32037] Fedora update for initscripts [SA32023] Red Hat update for kernel [SA31986] Gentoo update for postfix Other: [SA32013] Cisco Unified Communications Manager SIP Denial of Service Vulnerabilities [SA31990] Cisco IOS Multiple Vulnerabilities Cross Platform: [SA32011] Mozilla Firefox 3 Multiple Vulnerabilities [SA32010] Mozilla SeaMonkey Multiple Vulnerabilities [SA32007] Mozilla Thunderbird Multiple Vulnerabilities [SA31984] Mozilla Firefox 2 Multiple Vulnerabilities [SA31978] Advanced Electron Forum PHP Code Execution Vulnerabilities [SA31951] Chilkat XML ActiveX Component Insecure Methods [SA31947] Basebuilder "mj_config[src_path]" File Inclusion Vulnerability [SA32000] InterTech WCMS "id" SQL Injection Vulnerability [SA31993] PHPcounter "l" Local File Inclusion Vulnerability [SA31981] PHP Pro Bid Multiple SQL Injection Vulnerabilities [SA31979] web-cp "filelocation" File Disclosure Vulnerability [SA31975] Arcadem "articlecat" SQL Injection Vulnerability [SA31967] BlueCUBE "id" SQL Injection Vulnerability [SA31965] ClanSphere Unspecified Information Disclosure Vulnerabilities [SA31957] easyLink "cat" SQL Injection Vulnerability [SA31956] Barcode Generator "code" File Inclusion Vulnerability [SA31954] MyFWB "page" SQL Injection Vulnerability [SA31953] OpenElec "obj" File Inclusion Vulnerability [SA31952] Plaincart "p" SQL Injection Vulnerability [SA31945] 6rbScript SQL Injection and Local File Disclosure [SA31940] NetArt Media Real Estate Portal "ad" SQL Injection Vulnerability [SA32022] Drupal Simplenews Module Newsletter Categories Script Insertion [SA32015] Drupal Brilliant Gallery Module "bgchecklist/save" SQL Injection [SA32014] bitweaver Multiple Cross-Site Scripting Vulnerabilities [SA32009] Drupal Ajax Checklist Module SQL Injection and Script Insertion [SA31998] DataLife Engine "admin.php" Cross-Site Scripting Vulnerability [SA31992] TYPO3 phpMyAdmin Extension Cross-Site Scripting Vulnerability [SA31980] fuzzylime (cms) "user" Cross-Site Scripting Vulnerability [SA31974] phpMyAdmin Cross-Site Scripting Vulnerability [SA31973] Achievo "atkaction" Cross-Site Scripting Vulnerability [SA31968] BluePage CMS Multiple Cross-Site Scripting Vulnerabilities [SA31948] phpShop Session Fixation Vulnerability [SA31946] TYPO3 sr_freecap Extension Unspecified Cross-Site Scripting Vulnerability ======================================================================== 5) Vulnerabilities Content Listing Windows:-- [SA31950] BurnAware NMSDVDX ActiveX Control Insecure Methods Critical: Highly critical Where: From remote Impact: DoS, System access Released: 2008-09-24 A vulnerability has been reported in BurnAware, which can be exploited by malicious people to potentially compromise a user's system. Full Advisory: http://secunia.com/advisories/31950/ -- [SA31949] CDBurnerXP Pro NMSDVDX ActiveX Control Insecure Methods Critical: Highly critical Where: From remote Impact: DoS, System access Released: 2008-09-23 bruiser has reported a vulnerability in CDBurnerXP, which can be exploited by malicious people to potentially compromise a user's system. Full Advisory: http://secunia.com/advisories/31949/ -- [SA32026] Symantec Veritas NetBackup Multiple Vulnerabilities Critical: Moderately critical Where: From remote Impact: Security Bypass, Manipulation of data, System access Released: 2008-09-25 Some vulnerabilities have been reported in Symantec Veritas NetBackup, which can be exploited by malicious users to bypass certain security restrictions and by malicious people to overwrite arbitrary files or compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/32026/ -- [SA31999] Dataspade Multiple Cross-Site Scripting Vulnerabilities Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2008-09-23 r0t has reported some vulnerabilities in Dataspade, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/31999/ -- [SA31983] Vignette VCM Unspecified Security Bypass Vulnerability Critical: Less critical Where: From remote Impact: Security Bypass Released: 2008-09-23 A vulnerability has been reported in Vignette, which can be exploited by malicious users to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/31983/ -- [SA31941] G DATA Products GDTdiIcpt.sys Privilege Escalation Vulnerability Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2008-09-19 Tobias Klein has reported a vulnerability in various G DATA products, which can be exploited by malicious, local users to gain escalated privileges. Full Advisory: http://secunia.com/advisories/31941/ UNIX/Linux:-- [SA32018] Mac OS X Java Multiple Vulnerabilities Critical: Highly critical Where: From remote Impact: Security Bypass, Exposure of system information, Exposure of sensitive information, DoS, System access Released: 2008-09-25 Some vulnerabilities have been reported and acknowledged in Java for Mac OS X, which can be exploited by malicious people to cause a DoS (Denial of Service), to bypass certain security restrictions, disclose system information or potentially sensitive information, or to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/32018/ -- [SA32012] Ubuntu update for firefox and xulrunner Critical: Highly critical Where: From remote Impact: Security Bypass, Exposure of system information, Exposure of sensitive information, DoS, System access Released: 2008-09-24 Ubuntu has issued an update for firefox, firefox-3.0, and xulrunner-1.9. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions, to disclose sensitive information, or to potentially compromise a user's system. Full Advisory: http://secunia.com/advisories/32012/ -- [SA31987] Red Hat update for firefox Critical: Highly critical Where: From remote Impact: Security Bypass, Exposure of system information, Exposure of sensitive information, DoS, System access Released: 2008-09-24 Red Hat has issued an update for firefox. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions, to disclose sensitive information, or to potentially compromise a user's system. Full Advisory: http://secunia.com/advisories/31987/ -- [SA31985] Red Hat update for seamonkey Critical: Highly critical Where: From remote Impact: Security Bypass, Exposure of system information, Exposure of sensitive information, DoS, System access Released: 2008-09-24 Red Hat has issued an update for seamonkey. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions, to disclose sensitive information, or to potentially compromise a user's system. Full Advisory: http://secunia.com/advisories/31985/ -- [SA31982] SUSE Update for Multiple Packages Critical: Highly critical Where: From remote Impact: Security Bypass, Cross Site Scripting, Exposure of system information, Exposure of sensitive information, DoS, System access Released: 2008-09-22 SUSE has issued an update for multiple packages. This fixes some vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service), and by malicious people to cause a DoS (Denial of Service), conduct cross-site scripting attacks, bypass certain security restrictions, disclose sensitive information, or to potentially compromise a user's system. Full Advisory: http://secunia.com/advisories/31982/ -- [SA32034] Fedora update for phpMyAdmin Critical: Moderately critical Where: From remote Impact: Cross Site Scripting, System access Released: 2008-09-25 Fedora has issued an update for phpMyAdmin. This fixes some vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting attacks and by malicious users to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/32034/ -- [SA32006] Faad2 "decodeMP4file()" Buffer Overflow Vulnerability Critical: Moderately critical Where: From remote Impact: DoS, System access Released: 2008-09-24 A vulnerability has been reported in Faad2, which potentially can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/32006/ -- [SA31995] Gentoo update for newsbeuter Critical: Moderately critical Where: From remote Impact: System access Released: 2008-09-23 Gentoo has issued an update for newsbeuter. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/31995/ -- [SA31994] MailWatch for MailScanner "doc" File Inclusion Vulnerability Critical: Moderately critical Where: From remote Impact: Exposure of system information, Exposure of sensitive information Released: 2008-09-25 dun has discovered a vulnerability in MailWatch for MailScanner, which can be exploited by malicious people to disclose sensitive information. Full Advisory: http://secunia.com/advisories/31994/ -- [SA31972] Gentoo update for mantisbt Critical: Moderately critical Where: From remote Impact: Cross Site Scripting, System access Released: 2008-09-22 Gentoo has issued an update for mantisbt. This fixes some vulnerabilities, which can be exploited by malicious users to compromise a vulnerable system and malicious people to conduct cross-site scripting and cross-site request forgery attacks. Full Advisory: http://secunia.com/advisories/31972/ -- [SA31971] Gentoo update for havp Critical: Moderately critical Where: From remote Impact: DoS Released: 2008-09-22 Gentoo has issued an update for havp. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/31971/ -- [SA31963] strongSwan IKEv2 Daemon Denial of Service Vulnerability Critical: Moderately critical Where: From remote Impact: DoS Released: 2008-09-22 A vulnerability has been reported in strongSwan, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/31963/ -- [SA31960] Debian update for phpmyadmin Critical: Moderately critical Where: From remote Impact: Cross Site Scripting, Spoofing, System access Released: 2008-09-22 Debian has issued an update for phpmyadmin. This fixes some vulnerabilities, which can be exploited by malicious, local users to conduct cross-site scripting attacks, by malicious users to compromise a vulnerable system, and by malicious people to conduct spoofing and cross-site request forgery attacks. Full Advisory: http://secunia.com/advisories/31960/ -- [SA31959] Debian update for horde3 Critical: Moderately critical Where: From remote Impact: Cross Site Scripting Released: 2008-09-22 Debian has issued an update for horde3. This fixes a vulnerability, which can be exploited by malicious people to conduct script insertion attacks. Full Advisory: http://secunia.com/advisories/31959/ -- [SA31942] VMware ESX / ESXi openwsman HTTP Basic Authentication Buffer Overflow Critical: Moderately critical Where: From local network Impact: DoS, System access Released: 2008-09-19 VMware has issued an update for openwsman. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/31942/ -- [SA31991] Gentoo update for bitlbee Critical: Less critical Where: From remote Impact: Hijacking, Security Bypass Released: 2008-09-24 Gentoo has issued an update for bitlbee. This fixes some security issues, which can be exploited by malicious people to bypass certain security restrictions and hijack accounts. Full Advisory: http://secunia.com/advisories/31991/ -- [SA31964] Debian update for twiki Critical: Less critical Where: From remote Impact: Exposure of system information, Exposure of sensitive information, System access Released: 2008-09-22 Debian has issued an update for twiki. This fixes a security issue, which can be exploited by malicious people to disclose sensitive information or to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/31964/ -- [SA31961] Debian update for python-django Critical: Less critical Where: From remote Impact: Cross Site Scripting, Manipulation of data, DoS Released: 2008-09-22 Debian has issued an update for python-django. This fixes some vulnerabilities, which can be exploited by malicious people to conduct cross-site request forgery attacks or to potentially cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/31961/ -- [SA32002] HP-UX rpcbind Denial of Service Vulnerability Critical: Less critical Where: From local network Impact: DoS Released: 2008-09-23 A vulnerability has been reported in HP-UX, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/32002/ -- [SA31996] Gentoo update for R Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2008-09-23 Gentoo has issued an update for R. This fixes a vulnerability, which can be exploited by malicious, local users to perform certain actions with escalated privileges. Full Advisory: http://secunia.com/advisories/31996/ -- [SA31970] Aegis "aegis.cgi" Insecure Temporary Files Critical: Not critical Where: From remote Impact: Privilege escalation Released: 2008-09-25 A security issue has been reported in Aegis, which can be exploited by malicious, local users to perform certain actions with escalated privileges. Full Advisory: http://secunia.com/advisories/31970/ -- [SA32037] Fedora update for initscripts Critical: Not critical Where: Local system Impact: Privilege escalation Released: 2008-09-25 Fedora has issued an update for initscripts. This fixes a security issue, which can be exploited by malicious, local users to perform certain actions with escalated privileges. Full Advisory: http://secunia.com/advisories/32037/ -- [SA32023] Red Hat update for kernel Critical: Not critical Where: Local system Impact: Security Bypass, Exposure of sensitive information, DoS Released: 2008-09-25 Red Hat has issued an update for the kernel. This fixes some vulnerabilities, which can be exploited by malicious, local users to bypass certain security restrictions, to disclose potentially sensitive information, or to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/32023/ -- [SA31986] Gentoo update for postfix Critical: Not critical Where: Local system Impact: DoS Released: 2008-09-22 Gentoo has issued an update for postfix. This fixes a vulnerability, which can be exploited by malicious, local users to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/31986/ Other:-- [SA32013] Cisco Unified Communications Manager SIP Denial of Service Vulnerabilities Critical: Moderately critical Where: From remote Impact: DoS Released: 2008-09-25 Some vulnerabilities have been reported in Cisco Unified Communications Manager, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/32013/ -- [SA31990] Cisco IOS Multiple Vulnerabilities Critical: Moderately critical Where: From remote Impact: Exposure of sensitive information, DoS, System access Released: 2008-09-25 Some vulnerabilities have been reported in Cisco IOS, which can be exploited by malicious people to disclose sensitive information, cause a DoS (Denial of Service), or to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/31990/ Cross Platform:-- [SA32011] Mozilla Firefox 3 Multiple Vulnerabilities Critical: Highly critical Where: From remote Impact: Security Bypass, Exposure of system information, Exposure of sensitive information, DoS, System access Released: 2008-09-24 Some vulnerabilities have been reported in Mozilla Firefox, which can be exploited by malicious people to bypass certain security restrictions, to disclose sensitive information, or to potentially compromise a user's system. Full Advisory: http://secunia.com/advisories/32011/ -- [SA32010] Mozilla SeaMonkey Multiple Vulnerabilities Critical: Highly critical Where: From remote Impact: Security Bypass, Exposure of system information, Exposure of sensitive information, DoS, System access Released: 2008-09-24 Some vulnerabilities have been reported in Mozilla SeaMonkey, which can be exploited by malicious people to bypass certain security restrictions, to disclose sensitive information, or to potentially compromise a user's system. Full Advisory: http://secunia.com/advisories/32010/ -- [SA32007] Mozilla Thunderbird Multiple Vulnerabilities Critical: Highly critical Where: From remote Impact: Security Bypass, Exposure of system information, Exposure of sensitive information, DoS, System access Released: 2008-09-24 Some vulnerabilities have been reported in Mozilla Thunderbird, which can be exploited by malicious people to bypass certain security restrictions, to disclose sensitive information, or to potentially compromise a user's system. Full Advisory: http://secunia.com/advisories/32007/ -- [SA31984] Mozilla Firefox 2 Multiple Vulnerabilities Critical: Highly critical Where: From remote Impact: Security Bypass, Exposure of system information, Exposure of sensitive information, DoS, System access Released: 2008-09-24 Some vulnerabilities have been reported in Mozilla Firefox, which can be exploited by malicious people to bypass certain security restrictions, to disclose sensitive information, or to potentially compromise a user's system. Full Advisory: http://secunia.com/advisories/31984/ -- [SA31978] Advanced Electron Forum PHP Code Execution Vulnerabilities Critical: Highly critical Where: From remote Impact: System access Released: 2008-09-22 James Bercegay has discovered some vulnerabilities in Advanced Electron Forum (AEF), which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/31978/ -- [SA31951] Chilkat XML ActiveX Component Insecure Methods Critical: Highly critical Where: From remote Impact: System access Released: 2008-09-23 shinnai has discovered some vulnerabilities in Chilkat XML ActiveX Component, which can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/31951/ -- [SA31947] Basebuilder "mj_config[src_path]" File Inclusion Vulnerability Critical: Highly critical Where: From remote Impact: Exposure of system information, Exposure of sensitive information, System access Released: 2008-09-24 dun has discovered a vulnerability in Basebuilder, which can be exploited by malicious people to disclose sensitive information or to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/31947/ -- [SA32000] InterTech WCMS "id" SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2008-09-24 GeNiUs IrAQI has reported a vulnerability in InterTech WCMS, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/32000/ -- [SA31993] PHPcounter "l" Local File Inclusion Vulnerability Critical: Moderately critical Where: From remote Impact: Exposure of system information, Exposure of sensitive information Released: 2008-09-25 dun has discovered a vulnerability in PHPcounter, which can be exploited by malicious people to disclose sensitive information. Full Advisory: http://secunia.com/advisories/31993/ -- [SA31981] PHP Pro Bid Multiple SQL Injection Vulnerabilities Critical: Moderately critical Where: From remote Impact: Manipulation of data, Exposure of sensitive information Released: 2008-09-23 Jan van Niekerk has reported some vulnerabilities in PHP Pro Bid, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/31981/ -- [SA31979] web-cp "filelocation" File Disclosure Vulnerability Critical: Moderately critical Where: From remote Impact: Exposure of system information, Exposure of sensitive information Released: 2008-09-25 GoLd_M has discovered a vulnerability in web-cp, which can be exploited by malicious people to disclose sensitive information. Full Advisory: http://secunia.com/advisories/31979/ -- [SA31975] Arcadem "articlecat" SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2008-09-23 A vulnerability has been reported in Arcadem, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/31975/ -- [SA31967] BlueCUBE "id" SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Manipulation of data, Exposure of sensitive information Released: 2008-09-23 r45c4l has reported a vulnerability is BlueCUBE CMS, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/31967/ -- [SA31965] ClanSphere Unspecified Information Disclosure Vulnerabilities Critical: Moderately critical Where: From remote Impact: Exposure of sensitive information Released: 2008-09-22 Some vulnerabilities have been reported in ClanSphere, which can be exploited by malicious people to disclose sensitive information. Full Advisory: http://secunia.com/advisories/31965/ -- [SA31957] easyLink "cat" SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2008-09-22 Egypt Coder has reported a vulnerability in easyLink, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/31957/ -- [SA31956] Barcode Generator "code" File Inclusion Vulnerability Critical: Moderately critical Where: From remote Impact: Exposure of system information, Exposure of sensitive information Released: 2008-09-25 dun has discovered a vulnerability in Barcode Generator, which can be exploited by malicious people to disclose sensitive information. Full Advisory: http://secunia.com/advisories/31956/ -- [SA31954] MyFWB "page" SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Manipulation of data, Exposure of sensitive information Released: 2008-09-22 0x90 has reported a vulnerability in MyFWB, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/31954/ -- [SA31953] OpenElec "obj" File Inclusion Vulnerability Critical: Moderately critical Where: From remote Impact: Exposure of system information, Exposure of sensitive information Released: 2008-09-25 dun has reported a vulnerability in OpenElec, which can be exploited by malicious people to disclose sensitive information. Full Advisory: http://secunia.com/advisories/31953/ -- [SA31952] Plaincart "p" SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Manipulation of data, Exposure of sensitive information Released: 2008-09-23 r45c4l has discovered a vulnerability in Plaincart, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/31952/ -- [SA31945] 6rbScript SQL Injection and Local File Disclosure Critical: Moderately critical Where: From remote Impact: Manipulation of data, Exposure of system information, Exposure of sensitive information Released: 2008-09-24 Two vulnerabilities have been reported in 6rbScript, which can be exploited by malicious people to disclose sensitive information or to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/31945/ -- [SA31940] NetArt Media Real Estate Portal "ad" SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Manipulation of data, Exposure of sensitive information Released: 2008-09-22 !R4Q!4N H4CK3R has reported a vulnerability in NetArt Media Real Estate Portal, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/31940/ -- [SA32022] Drupal Simplenews Module Newsletter Categories Script Insertion Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2008-09-25 A vulnerability has been reported in the Simplenews module for Drupal, which can be exploited by malicious users to conduct script insertion attacks. Full Advisory: http://secunia.com/advisories/32022/ -- [SA32015] Drupal Brilliant Gallery Module "bgchecklist/save" SQL Injection Critical: Less critical Where: From remote Impact: Manipulation of data, Exposure of sensitive information Released: 2008-09-25 Justin C. Klein Keane has reported a vulnerability in the Brilliant Gallery module for Drupal, which can be exploited by malicious users to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/32015/ -- [SA32014] bitweaver Multiple Cross-Site Scripting Vulnerabilities Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2008-09-25 Michael Schratt has discovered some vulnerabilities in bitweaver, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/32014/ -- [SA32009] Drupal Ajax Checklist Module SQL Injection and Script Insertion Critical: Less critical Where: From remote Impact: Cross Site Scripting, Manipulation of data, Exposure of sensitive information Released: 2008-09-25 Two vulnerabilities have been reported in the Ajax Checklist module for Drupal, which can be exploited by malicious users to conduct script insertion and SQL injection attacks. Full Advisory: http://secunia.com/advisories/32009/ -- [SA31998] DataLife Engine "admin.php" Cross-Site Scripting Vulnerability Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2008-09-24 A vulnerability has been reported in DataLife Engine, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/31998/ -- [SA31992] TYPO3 phpMyAdmin Extension Cross-Site Scripting Vulnerability Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2008-09-24 A vulnerability has been reported in the phpMyAdmin extension for TYPO3, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/31992/ -- [SA31980] fuzzylime (cms) "user" Cross-Site Scripting Vulnerability Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2008-09-23 Fabian Fingerle has reported a vulnerability in Fuzzylime CMS, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/31980/ -- [SA31974] phpMyAdmin Cross-Site Scripting Vulnerability Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2008-09-23 A vulnerability has been reported in phpMyAdmin, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/31974/ -- [SA31973] Achievo "atkaction" Cross-Site Scripting Vulnerability Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2008-09-23 A vulnerability has been discovered in Achievo, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/31973/ -- [SA31968] BluePage CMS Multiple Cross-Site Scripting Vulnerabilities Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2008-09-25 David Vieira-Kurz has reported some vulnerabilities in BluePage CMS, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/31968/ -- [SA31948] phpShop Session Fixation Vulnerability Critical: Less critical Where: From remote Impact: Hijacking Released: 2008-09-19 Michael Schratt has discovered a vulnerability in phpShop, which can be exploited by malicious people to conduct session fixation attacks. Full Advisory: http://secunia.com/advisories/31948/ -- [SA31946] TYPO3 sr_freecap Extension Unspecified Cross-Site Scripting Vulnerability Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2008-09-24 A vulnerability has been reported in the freeCap CAPTCHA (sr_freecap) extension for TYPO3, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/31946/ ======================================================================== Secunia recommends that you verify all advisories you receive, by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Subscribe: http://secunia.com/advisories/weekly_summary/ Contact details: Web : http://secunia.com/ E-mail : support_at_private Tel : +45 70 20 51 44 Fax : +45 70 20 51 45 __________________________________________________ Register now for HITBSecConf2008 - Malaysia! With a new triple-track conference featuring 4 keynote speakers and over 35 international experts, this is the largest network security event in Asia and the Middle East! http://conference.hackinthebox.org/hitbsecconf2008kl/Received on Fri Sep 26 2008 - 02:17:47 PDT
This archive was generated by hypermail 2.2.0 : Fri Sep 26 2008 - 02:26:14 PDT