======================================================================== The Secunia Weekly Advisory Summary 2008-09-25 - 2008-10-02 This week: 58 advisories ======================================================================== Table of Contents: 1.....................................................Word From Secunia 2....................................................This Week In Brief 3...............................This Weeks Top Ten Most Read Advisories 4.......................................Vulnerabilities Summary Listing 5.......................................Vulnerabilities Content Listing ======================================================================== 1) Word From Secunia: BLOG: A new face - The same reliable intelligence 6 years ago the first user visited Secunia... Now we have more than 5 million annual visitors and 70,000 daily users of the Software Inspector solutions. Read more: http://secunia.com/blog/26/ Visit our new website: http://secunia.com/ ======================================================================== 2) This Week in Brief: Some vulnerabilities have been reported in MPlayer, which potentially can be exploited by malicious people to compromise a user's system. For more information, refer to: http://secunia.com/advisories/32045/ -- A vulnerability has been reported in Citrix Presentation Server, which can be exploited by malicious, local users to gain escalated privileges. For more information, refer to: http://secunia.com/advisories/32017/ ======================================================================== 3) This Weeks Top Ten Most Read Advisories: 1. [SA32011] Mozilla Firefox 3 Multiple Vulnerabilities 2. [SA31990] Cisco IOS Multiple Vulnerabilities 3. [SA13769] Zeroboard Multiple Vulnerabilities 4. [SA31997] CCProxy HTTP Proxy "CONNECT" Buffer Overflow Vulnerability 5. [SA20153] Microsoft Word Malformed Object Pointer Vulnerability 6. [SA31976] Vikingboard Local File Inclusion and Username Spoofing 7. [SA32047] ABB PCU400 X87 Buffer Overflow Vulnerability 8. [SA32036] Tivoli Netcool/Webtop Security Issue and Information Disclosure Vulnerability 9. [SA31010] Sun Java JDK / JRE Multiple Vulnerabilities 10. [SA32001] Libra File Manager "isadmin" Security Bypass ======================================================================== 4) Vulnerabilities Summary Listing Windows: [SA32097] Trend Micro OfficeScan Multiple Vulnerabilities [SA32079] hyBook Guestbook Script "hyBook.mdb" Database Disclosure Security Issue [SA32056] ASPapp Knowledge Base "catid" SQL Injection Vulnerability [SA32055] RealWin INFOTAG/SET_CONTROL Packet Processing Buffer Overflow [SA32047] ABB PCU400 X87 Buffer Overflow Vulnerability [SA32062] MailMarshal SQM Component Script Insertion Vulnerability [SA32061] HP Insight Diagnostics Unspecified File Disclosure Vulnerability [SA32040] Mozilla Firefox "keypress" User Interface Event Dispatching Weakness UNIX/Linux: [SA32099] SUSE Update for Multiple Packages [SA32096] Fedora update for firefox [SA32095] Fedora update for firefox and xulrunner [SA32092] Red Hat update for thunderbird [SA32089] Fedora update for seamonkey [SA32082] Slackware update for mozilla-thunderbird [SA32044] Slackware update for seamonkey [SA32042] Slackware update for mozilla-firefox [SA32091] Red Hat update for wireshark [SA32090] Fedora update for rubygems / rubygem packages [SA32080] Ubuntu update for openssh-server [SA32107] SUSE update for kernel [SA32104] SUSE update for kernel [SA32103] SUSE update for kernel [SA32070] OpenBSD ftpd Long Command Processing Vulnerability [SA32068] NetBSD ftpd Long Command Processing Vulnerability [SA32059] Ubuntu update for nasm [SA32112] FreeBSD IPv6 Neighbor Discovery Protocol Neighbor Solicitation Vulnerability [SA32088] Red Hat update for xen [SA32063] Xen DomU HVM Disk Format Security Bypass [SA32110] Ubuntu update for openssh-server [SA32071] Fedora update for emacspeak [SA32064] Xen XenStore Domain Backend Configuration Weakness Other: [SA32078] Juniper NetScreen ScreenOS Script Insertion Vulnerability [SA32117] Force10 FTOS Routers IPv6 Neighbor Discovery Protocol Vulnerability Cross Platform: [SA32083] A4Desk PHP Event Calendar Multiple Vulnerabilities [SA32057] The Gemini Portal File Inclusion and Security Bypass [SA32045] MPlayer "demux_real_fill_buffer()" Buffer Overflow Vulnerabilities [SA32077] Link Trader Script "linkid" SQL Injection Vulnerability [SA32076] phpscripts Ranking Script "admin" Cookie Security Bypass [SA32069] lighttpd Duplicate Request Headers Memory Leak Vulnerability [SA32067] Adult Banner Exchange Website "targetid" SQL Injection Vulnerability [SA32065] EC-CUBE Multiple Vulnerabilities [SA32058] Crux Gallery Security Bypass and File Inclusion Vulnerabilities [SA32054] vBulletin VBGooglemap Module "mapid" SQL Injection Vulnerability [SA32052] FAQ Management Script "catid" SQL Injection Vulnerability [SA32050] CoAST "sections_file" File Inclusion Vulnerability [SA32049] Real Estate Manager "cat_id" SQL Injection [SA32041] EasyRealtorPRO Multiple SQL Injection Vulnerabilities [SA32108] Xerces-C++ "maxOccurs" Denial of Service Vulnerability [SA32106] Drupal Brilliant Gallery Module SQL Injection and Script Insertion [SA32101] OpenNMS "viewName" Cross-Site Scripting Vulnerability [SA32087] WikyBlog Multiple Cross-Site Scripting Vulnerabilities [SA32085] WhoDomLite "dom" Cross-Site Scripting Vulnerability [SA32081] Celoxis "ni.smessage" Cross-Site Scripting Vulnerability [SA32074] Blosxom "flav" Cross-Site Scripting Vulnerability [SA32060] WordPress MU "s" and "ip_address" Cross-Site Scripting Vulnerabilities [SA32043] FlatPress Multiple Cross-Site Scripting Vulnerabilities [SA32039] MyCard "id" SQL Injection Vulnerability [SA32072] MySQL HTML Output Script Insertion Security Issue ======================================================================== 5) Vulnerabilities Content Listing Windows:-- [SA32097] Trend Micro OfficeScan Multiple Vulnerabilities Critical: Moderately critical Where: From remote Impact: Exposure of sensitive information, DoS, System access Released: 2008-10-02 Some vulnerabilities have been reported in Trend Micro OfficeScan, which can be exploited by malicious people to disclose sensitive information, cause a DoS (Denial of Service), or compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/32097/ -- [SA32079] hyBook Guestbook Script "hyBook.mdb" Database Disclosure Security Issue Critical: Moderately critical Where: From remote Impact: Exposure of sensitive information Released: 2008-09-30 Ghost Hacker has discovered a security issue in hyBook Guestbook Script, which can be exploited by malicious people to disclose potentially sensitive information. Full Advisory: http://secunia.com/advisories/32079/ -- [SA32056] ASPapp Knowledge Base "catid" SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2008-10-01 Crackers_Child has reported a vulnerability in ASPapp Knowledge Base, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/32056/ -- [SA32055] RealWin INFOTAG/SET_CONTROL Packet Processing Buffer Overflow Critical: Moderately critical Where: From remote Impact: DoS, System access Released: 2008-09-29 Ruben Santamarta has discovered a vulnerability in RealWin, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/32055/ -- [SA32047] ABB PCU400 X87 Buffer Overflow Vulnerability Critical: Moderately critical Where: From local network Impact: DoS, System access Released: 2008-09-26 A vulnerability has been reported in ABB PCU400, which can potentially be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/32047/ -- [SA32062] MailMarshal SQM Component Script Insertion Vulnerability Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2008-09-30 A vulnerability has been reported in MailMarshal SMTP, which can be exploited by malicious users to conduct script insertion attacks. Full Advisory: http://secunia.com/advisories/32062/ -- [SA32061] HP Insight Diagnostics Unspecified File Disclosure Vulnerability Critical: Less critical Where: From local network Impact: Exposure of system information, Exposure of sensitive information Released: 2008-09-30 A vulnerability has been reported in HP Insight Diagnostics, which can be exploited by malicious people to disclose sensitive information. Full Advisory: http://secunia.com/advisories/32061/ -- [SA32040] Mozilla Firefox "keypress" User Interface Event Dispatching Weakness Critical: Not critical Where: From remote Impact: DoS Released: 2008-10-01 Aditya K Sood has discovered a weakness in Mozilla Firefox, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/32040/ UNIX/Linux:-- [SA32099] SUSE Update for Multiple Packages Critical: Highly critical Where: From remote Impact: Security Bypass, Exposure of sensitive information, Privilege escalation, DoS, System access Released: 2008-09-29 SUSE has issued an update for multiple packages. This fixes some vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service), disclose potentially sensitive information, or to gain escalated privileges, and by malicious people to bypass certain security restrictions, cause a DoS, or to compromise a user's system. Full Advisory: http://secunia.com/advisories/32099/ -- [SA32096] Fedora update for firefox Critical: Highly critical Where: From remote Impact: Security Bypass, Exposure of system information, Exposure of sensitive information, DoS, System access Released: 2008-09-29 Fedora has issued an update for firefox. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions, to disclose sensitive information, or to potentially compromise a user's system. Full Advisory: http://secunia.com/advisories/32096/ -- [SA32095] Fedora update for firefox and xulrunner Critical: Highly critical Where: From remote Impact: Security Bypass, Exposure of system information, Exposure of sensitive information, DoS, System access Released: 2008-09-29 Fedora has issued an update for firefox and xulrunner. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions, to disclose sensitive information, or to potentially compromise a user's system. Full Advisory: http://secunia.com/advisories/32095/ -- [SA32092] Red Hat update for thunderbird Critical: Highly critical Where: From remote Impact: Security Bypass, Exposure of system information, Exposure of sensitive information, DoS, System access Released: 2008-10-02 Red Hat has issued an update for thunderbird. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions, to disclose sensitive information, or to potentially compromise a user's system. Full Advisory: http://secunia.com/advisories/32092/ -- [SA32089] Fedora update for seamonkey Critical: Highly critical Where: From remote Impact: Security Bypass, Exposure of system information, Exposure of sensitive information, DoS, System access Released: 2008-09-29 Fedora has issued an update for seamonkey. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions, to disclose sensitive information, or to potentially compromise a user's system. Full Advisory: http://secunia.com/advisories/32089/ -- [SA32082] Slackware update for mozilla-thunderbird Critical: Highly critical Where: From remote Impact: Security Bypass, Exposure of system information, Exposure of sensitive information, DoS, System access Released: 2008-09-29 Slackware has issued an update for mozilla-thunderbird. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions, to disclose sensitive information, or to potentially compromise a user's system. Full Advisory: http://secunia.com/advisories/32082/ -- [SA32044] Slackware update for seamonkey Critical: Highly critical Where: From remote Impact: Security Bypass, Exposure of system information, Exposure of sensitive information, DoS, System access Released: 2008-09-26 Slackware has issued an update for seamonkey. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions, to disclose sensitive information, or to potentially compromise a user's system. Full Advisory: http://secunia.com/advisories/32044/ -- [SA32042] Slackware update for mozilla-firefox Critical: Highly critical Where: From remote Impact: Security Bypass, Exposure of system information, Exposure of sensitive information, DoS, System access Released: 2008-09-26 Slackware has issued an update for mozilla-firefox. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions, to disclose sensitive information, or to potentially compromise a user's system. Full Advisory: http://secunia.com/advisories/32042/ -- [SA32091] Red Hat update for wireshark Critical: Moderately critical Where: From remote Impact: DoS Released: 2008-10-02 Red Hat has issued an update for wireshark. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/32091/ -- [SA32090] Fedora update for rubygems / rubygem packages Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2008-09-29 Fedora has issued an update for rubygems, rubygem-activerecord, rubygem-activesupport, rubygem-activeresource, rubygem-rails, rubygem-actionpack, and rubygem-actionmailer. This fixes some vulnerabilities, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/32090/ -- [SA32080] Ubuntu update for openssh-server Critical: Moderately critical Where: From remote Impact: Security Bypass, DoS Released: 2008-10-02 Ubuntu has issued an update for openssh-server. This fixes a weakness and a vulnerability, which can be exploited by malicious local users to bypass certain security restrictions and by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/32080/ -- [SA32107] SUSE update for kernel Critical: Moderately critical Where: From local network Impact: Security Bypass, Exposure of sensitive information, DoS Released: 2008-10-02 SUSE has issued an update for the kernel. This fixes some vulnerabilities, which can be exploited by malicious, local users to disclose potentially sensitive information and cause a DoS (Denial of Service), and by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/32107/ -- [SA32104] SUSE update for kernel Critical: Moderately critical Where: From local network Impact: Exposure of sensitive information, DoS, System access Released: 2008-10-02 SUSE has issued an update for the kernel. This fixes some vulnerabilities, which can be exploited by malicious, local users to disclose potentially sensitive information and cause a DoS (Denial of Service), and by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/32104/ -- [SA32103] SUSE update for kernel Critical: Moderately critical Where: From local network Impact: DoS Released: 2008-10-02 SUSE has issued an update for the kernel. This fixes some vulnerabilities, which can be exploited by malicious, local users to disclose potentially sensitive information and cause a DoS (Denial of Service), and malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/32103/ -- [SA32070] OpenBSD ftpd Long Command Processing Vulnerability Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2008-09-29 Maksymilian Arciemowicz has reported a vulnerability in OpenBSD ftpd, which can be exploited by malicious people to conduct cross-site request forgery attacks. Full Advisory: http://secunia.com/advisories/32070/ -- [SA32068] NetBSD ftpd Long Command Processing Vulnerability Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2008-09-29 Maksymilian Arciemowicz has reported a vulnerability in NetBSD ftpd, which can be exploited by malicious people to conduct cross-site request forgery attacks. Full Advisory: http://secunia.com/advisories/32068/ -- [SA32059] Ubuntu update for nasm Critical: Less critical Where: From remote Impact: System access Released: 2008-10-01 Ubuntu has issued an update for nasm. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/32059/ -- [SA32112] FreeBSD IPv6 Neighbor Discovery Protocol Neighbor Solicitation Vulnerability Critical: Less critical Where: From local network Impact: Spoofing, Exposure of sensitive information, DoS Released: 2008-10-02 A vulnerability has been reported in FreeBSD, which can be exploited by malicious people to conduct spoofing attacks, disclose potentially sensitive information, or to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/32112/ -- [SA32088] Red Hat update for xen Critical: Less critical Where: Local system Impact: Security Bypass, DoS Released: 2008-10-02 Red Hat has issued an update for xen. This fixes some vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service) or bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/32088/ -- [SA32063] Xen DomU HVM Disk Format Security Bypass Critical: Less critical Where: Local system Impact: Security Bypass Released: 2008-10-02 A vulnerability has been reported in Xen, which can be exploited by malicious, local users in a DomU domain to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/32063/ -- [SA32110] Ubuntu update for openssh-server Critical: Not critical Where: Local system Impact: Security Bypass Released: 2008-10-02 Ubuntu has issued an update for openssh-server. This fixes a weakness, which can be exploited by malicious, local users to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/32110/ -- [SA32071] Fedora update for emacspeak Critical: Not critical Where: Local system Impact: Privilege escalation Released: 2008-10-01 Fedora has issued an update for emacspeak. This fixes some security issues, which can be exploited by malicious, local users to perform certain actions with escalated privileges. Full Advisory: http://secunia.com/advisories/32071/ -- [SA32064] Xen XenStore Domain Backend Configuration Weakness Critical: Not critical Where: Local system Impact: Security Bypass Released: 2008-10-01 A weakness has been reported in Xen, which can be exploited by malicious, local users in a Xen DomU to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/32064/ Other:-- [SA32078] Juniper NetScreen ScreenOS Script Insertion Vulnerability Critical: Moderately critical Where: From remote Impact: Cross Site Scripting Released: 2008-10-02 A vulnerability has been reported in Juniper NetScreen ScreenOS, which can be exploited by malicious people to conduct script insertion attacks. Full Advisory: http://secunia.com/advisories/32078/ -- [SA32117] Force10 FTOS Routers IPv6 Neighbor Discovery Protocol Vulnerability Critical: Less critical Where: From local network Impact: Spoofing, Exposure of sensitive information, DoS Released: 2008-10-02 A vulnerability has been reported in Force10 FTOS Routers, which can be exploited by malicious people to conduct spoofing attacks, disclose potentially sensitive information, or to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/32117/ Cross Platform:-- [SA32083] A4Desk PHP Event Calendar Multiple Vulnerabilities Critical: Highly critical Where: From remote Impact: System access Released: 2008-10-01 Some vulnerabilities have been reported in A4Desk PHP Event Calendar, which can be exploited by malicious people to conduct SQL injection attacks or compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/32083/ -- [SA32057] The Gemini Portal File Inclusion and Security Bypass Critical: Highly critical Where: From remote Impact: Security Bypass, Exposure of system information, Exposure of sensitive information, System access Released: 2008-09-30 Two vulnerabilities have been discovered in The Gemini Portal, which can be exploited by malicious people to disclose sensitive information, bypass certain security restrictions, and compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/32057/ -- [SA32045] MPlayer "demux_real_fill_buffer()" Buffer Overflow Vulnerabilities Critical: Highly critical Where: From remote Impact: DoS, System access Released: 2008-09-30 Some vulnerabilities have been reported in MPlayer, which potentially can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/32045/ -- [SA32077] Link Trader Script "linkid" SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Manipulation of data, Exposure of sensitive information Released: 2008-10-02 Hussin X has reported a vulnerability in Link Trader Script, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/32077/ -- [SA32076] phpscripts Ranking Script "admin" Cookie Security Bypass Critical: Moderately critical Where: From remote Impact: Security Bypass Released: 2008-10-02 Crackers_Child has reported a vulnerability in phpscripts Ranking Script, which can be exploited by malicious people to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/32076/ -- [SA32069] lighttpd Duplicate Request Headers Memory Leak Vulnerability Critical: Moderately critical Where: From remote Impact: DoS Released: 2008-09-29 A vulnerability has been reported in lighttpd, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/32069/ -- [SA32067] Adult Banner Exchange Website "targetid" SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2008-10-01 Hussin X has reported a vulnerability in Adult Banner Exchange Website, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/32067/ -- [SA32065] EC-CUBE Multiple Vulnerabilities Critical: Moderately critical Where: From remote Impact: Cross Site Scripting, Manipulation of data, Exposure of sensitive information Released: 2008-10-01 Multiple vulnerabilities have been reported in EC-CUBE, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks. Full Advisory: http://secunia.com/advisories/32065/ -- [SA32058] Crux Gallery Security Bypass and File Inclusion Vulnerabilities Critical: Moderately critical Where: From remote Impact: Security Bypass, Exposure of sensitive information Released: 2008-09-30 Pepelux has discovered some vulnerabilities in Crux Gallery, which can be exploited by malicious people to bypass certain security restrictions and disclose sensitive information. Full Advisory: http://secunia.com/advisories/32058/ -- [SA32054] vBulletin VBGooglemap Module "mapid" SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2008-09-29 elusiven has reported a vulnerability in the VBGooglemap module for vBulletin, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/32054/ -- [SA32052] FAQ Management Script "catid" SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Manipulation of data, Exposure of sensitive information Released: 2008-10-01 Hussin X has reported a vulnerability in FAQ Management Script, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/32052/ -- [SA32050] CoAST "sections_file" File Inclusion Vulnerability Critical: Moderately critical Where: From remote Impact: System access Released: 2008-09-29 DaRkLiFe has reported a vulnerability in CoAST, which can be exploited by malicious users to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/32050/ -- [SA32049] Real Estate Manager "cat_id" SQL Injection Critical: Moderately critical Where: From remote Impact: Manipulation of data, Exposure of sensitive information Released: 2008-09-30 CraCkEr has reported a vulnerability in Real Estate Manager, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/32049/ -- [SA32041] EasyRealtorPRO Multiple SQL Injection Vulnerabilities Critical: Moderately critical Where: From remote Impact: Manipulation of data, Exposure of sensitive information Released: 2008-09-26 David Sopas has reported some vulnerabilities in EasyRealtorPRO, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/32041/ -- [SA32108] Xerces-C++ "maxOccurs" Denial of Service Vulnerability Critical: Less critical Where: From remote Impact: DoS Released: 2008-10-02 A vulnerability has been reported in Xerces-C++, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/32108/ -- [SA32106] Drupal Brilliant Gallery Module SQL Injection and Script Insertion Critical: Less critical Where: From remote Impact: Cross Site Scripting, Manipulation of data, Privilege escalation Released: 2008-10-02 Two vulnerabilities have been reported in the Brilliant Gallery module for Drupal, which can be exploited by malicious users to conduct script insertion and SQL injection attacks. Full Advisory: http://secunia.com/advisories/32106/ -- [SA32101] OpenNMS "viewName" Cross-Site Scripting Vulnerability Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2008-10-02 A vulnerability has been reported in OpenNMS, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/32101/ -- [SA32087] WikyBlog Multiple Cross-Site Scripting Vulnerabilities Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2008-10-02 Omer Singer has discovered multiple vulnerabilities in WikyBlog, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/32087/ -- [SA32085] WhoDomLite "dom" Cross-Site Scripting Vulnerability Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2008-09-29 Ghost Hacker has discovered a vulnerability in WhoDomLite, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/32085/ -- [SA32081] Celoxis "ni.smessage" Cross-Site Scripting Vulnerability Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2008-10-02 teuquooch1seero at hushmail dot com has reported a vulnerability in Celoxis, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/32081/ -- [SA32074] Blosxom "flav" Cross-Site Scripting Vulnerability Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2008-10-02 A vulnerability has been reported in Blosxom, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/32074/ -- [SA32060] WordPress MU "s" and "ip_address" Cross-Site Scripting Vulnerabilities Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2008-09-30 Juan Galiana Lara has reported a vulnerability in Wordpress MU, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/32060/ -- [SA32043] FlatPress Multiple Cross-Site Scripting Vulnerabilities Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2008-09-26 Fabian Fingerle has discovered some vulnerabilities in FlatPress, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/32043/ -- [SA32039] MyCard "id" SQL Injection Vulnerability Critical: Less critical Where: From remote Impact: Manipulation of data Released: 2008-09-29 r45c4l has reported a vulnerability in MyCard, which can be exploited by malicious users to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/32039/ -- [SA32072] MySQL HTML Output Script Insertion Security Issue Critical: Not critical Where: From remote Impact: Cross Site Scripting Released: 2008-10-02 Thomas Henlich has reported a security issue in MySQL, which can be exploited by malicious people to conduct script insertion attacks. Full Advisory: http://secunia.com/advisories/32072/ ======================================================================== Secunia recommends that you verify all advisories you receive, by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Subscribe: http://secunia.com/advisories/weekly_summary/ Contact details: Web : http://secunia.com/ E-mail : support_at_private Tel : +45 70 20 51 44 Fax : +45 70 20 51 45 __________________________________________________ Register now for HITBSecConf2008 - Malaysia! With a new triple-track conference featuring 4 keynote speakers and over 35 international experts, this is the largest network security event in Asia and the Middle East! http://conference.hackinthebox.org/hitbsecconf2008kl/Received on Thu Oct 02 2008 - 23:30:09 PDT
This archive was generated by hypermail 2.2.0 : Thu Oct 02 2008 - 23:37:59 PDT