======================================================================== The Secunia Weekly Advisory Summary 2008-10-09 - 2008-10-16 This week: 77 advisories ======================================================================== Table of Contents: 1.....................................................Word From Secunia 2....................................................This Week In Brief 3...............................This Weeks Top Ten Most Read Advisories 4.......................................Vulnerabilities Summary Listing 5.......................................Vulnerabilities Content Listing ======================================================================== 1) Word From Secunia: Do you need accurate and reliable IDS / IPS / AV detection rules? Get in-depth vulnerability details: http://secunia.com/binary_analysis/sample_analysis/ ======================================================================== 2) This Week in Brief: Microsoft has released various security bulletins for October. For more information, refer to: http://secunia.com/advisories/32242/ http://secunia.com/advisories/32249/ http://secunia.com/advisories/32211/ http://secunia.com/advisories/32138/ http://secunia.com/advisories/32260/ http://secunia.com/advisories/32261/ http://secunia.com/advisories/32248/ http://secunia.com/advisories/32247/ http://secunia.com/advisories/32233/ http://secunia.com/advisories/32251/ -- Some security issues have been reported in Adobe Flash Player, which can be exploited by malicious people to bypass certain security restrictions or manipulate certain data. For more information, refer to: http://secunia.com/advisories/32270/ -- A vulnerability has been reported by VLC Media Player, which potentially can be exploited by malicious people to compromise a user's system. For more information, refer to: http://secunia.com/advisories/32267/ ======================================================================== 3) This Weeks Top Ten Most Read Advisories: 1. [SA32227] Sun Java System Web Proxy Server Two Vulnerabilities 2. [SA32226] CUPS Multiple Vulnerabilities 3. [SA32220] CA ARCserve Backup Multiple Vulnerabilities 4. [SA32222] Apple Mac OS X Security Update Fixes Multiple Vulnerabilities 5. [SA32248] Microsoft Windows IIS IPP Service Integer Overflow Vulnerability 6. [SA20153] Microsoft Word Malformed Object Pointer Vulnerability 7. [SA32163] Adobe Flash Player "Clickjacking" Security Bypass Vulnerability 8. [SA32177] Opera Multiple Vulnerabilities 9. [SA32234] FUJITSU Interstage Products Apache Tomcat Security Bypass 10. [SA32180] VMware ESX Server Sun Java JDK / JRE Multiple Vulnerabilities ======================================================================== 4) Vulnerabilities Summary Listing Windows: [SA32248] Microsoft Windows IIS IPP Service Integer Overflow Vulnerability [SA32246] Adobe Flash CS3 SWF Processing Buffer Overflow Vulnerabilities [SA32236] System Requirements Lab ActiveX Control Code Execution Vulnerability [SA32211] Microsoft Excel Multiple Vulnerabilities [SA32244] Ayco Okul "linkid" SQL Injection Vulnerability [SA32238] MunzurSoft Wep Portal W3 "kat" SQL Injection Vulnerability [SA32218] GuildFTPd "LIST" Processing Buffer Overflow Vulnerability [SA32216] RaidenFTPD Directory Name Buffer Overflow Vulnerability [SA32260] Microsoft Windows 2000 Message Queuing Service Vulnerability [SA32249] Microsoft Windows SMB Buffer Underflow Vulnerability [SA32242] Microsoft Windows Active Directory Buffer Overflow Vulnerability [SA32233] Microsoft Host Integration Server SNA RPC Vulnerability [SA32220] CA ARCserve Backup Multiple Vulnerabilities [SA32264] Websense SQL Password Disclosure Security Issue [SA32261] Microsoft Windows Ancillary Function Driver Privilege Escalation [SA32252] Lenovo Rescue and Recovery "tvtumon.sys" Privilege Escalation [SA32251] Microsoft Windows Virtual Address Descriptor Privilege Escalation [SA32247] Microsoft Windows Privilege Escalation Vulnerabilities UNIX/Linux: [SA32282] Ubuntu update for lcms [SA32280] Debian update for libxml2 [SA32275] Fedora update for drupal [SA32274] Ubuntu update for libexif [SA32273] Ubuntu update for exiv2 [SA32266] Avaya AES / MX Apache Tomcat Multiple Vulnerabilities [SA32265] Avaya Products libxml2 XML Entity Name Buffer Overflow Vulnerability [SA32263] Avaya Products vsftpd PAM Memory Leak Vulnerability [SA32256] Debian update for ruby1.8 [SA32255] Debian update for ruby1.9 [SA32241] Avaya Products Red Hat Tampered OpenSSH Packages [SA32232] Fedora update for condor [SA32222] Apple Mac OS X Security Update Fixes Multiple Vulnerabilities [SA32219] Ubuntu update for ruby1.8 [SA32217] GForge Multiple SQL Injection Vulnerabilities [SA32292] Ubuntu update for cups [SA32284] Fedora update for cups [SA32283] Sun Solaris "sadmind" Buffer Overflow Vulnerability [SA32279] Fedora update for bluez-utils and bluez-libs [SA32226] CUPS Multiple Vulnerabilities [SA32286] Fedora update for neon [SA32254] Debian update for openldap [SA32281] Ubuntu update for dbus [SA32237] Debian update for linux-2.6 [SA32231] Fedora update for postfix [SA32257] chm2pdf Insecure Temporary Directories [SA32230] Fedora update for dbus [SA32228] Gentoo Portage Insecure Python Module Search Path Security Issue Other: [SA32259] Linksys WAP4400N Denial of Service and SNMPv3 Vulnerability [SA32258] Telecom Italia Alice Routers Magic Packet Security Bypass Cross Platform: [SA32301] BEA WebLogic Server Multiple Vulnerabilities [SA32267] VLC Media Player XSPF Processing Memory Corruption Vulnerability [SA32227] Sun Java System Web Proxy Server Two Vulnerabilities [SA32304] BEA WebLogic Server Multiple Authorizers Security Bypass [SA32303] BEA WebLogic Workshop NetUI Pageflow Information Disclosure Vulnerability [SA32302] BEA WebLogic Workshop NetUI Tags Information Disclosure Vulnerability [SA32291] Oracle Products Multiple Vulnerabilities [SA32290] AstroSPACES "id" SQL Injection Vulnerability [SA32289] myWebland myStats SQL Injection and Security Bypass [SA32288] Webscene eCommerce "level" SQL Injection Vulnerability [SA32287] HP Systems Insight Manager Unspecified Unauthorised Access [SA32285] Drupal Shindig-Integrator Module Multiple Vulnerabilities [SA32277] SweetCMS "page" SQL Injection Vulnerability [SA32268] MyPHPDating "id" SQL Injection Vulnerability [SA32253] WordPress WP Comment Remix Plugin Multiple Vulnerabilities [SA32240] Joomla Ignite Gallery Component "gallery" SQL Injection [SA32239] Joomla Mad4Joomla Mailforms Component "jid" SQL Injection [SA32235] Joomla OwnBiblio Component "catid" SQL Injection [SA32225] Phorum BBcode Nested "img" Tags Script Insertion [SA32223] Real Estates Classifieds "cat" SQL Injection Vulnerability [SA32215] My PHP Indexer "d" File Disclosure Vulnerability [SA32214] NewLife Blogger "nlb3" SQL Injection Vulnerability [SA32278] Elxis mod_language.php Cross-Site Scripting Vulnerability [SA32276] Drupal Node Vote Module Vote Again SQL Injection [SA32270] Adobe Flash Player Multiple Security Issues [SA32243] Mantis Referenced Reports Information Disclosure Security Issue [SA32212] ScriptsEz Mini Hosting Panel "dir" File Disclosure [SA32234] FUJITSU Interstage Products Apache Tomcat Security Bypass [SA32213] Apache Tomcat "RemoteFilterValve" Security Bypass Security Issue ======================================================================== 5) Vulnerabilities Content Listing Windows:-- [SA32248] Microsoft Windows IIS IPP Service Integer Overflow Vulnerability Critical: Highly critical Where: From remote Impact: System access Released: 2008-10-14 A vulnerability has been reported in Microsoft Windows, which can be exploited by malicious users to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/32248/ -- [SA32246] Adobe Flash CS3 SWF Processing Buffer Overflow Vulnerabilities Critical: Highly critical Where: From remote Impact: DoS, System access Released: 2008-10-16 Some vulnerabilities have been reported in Adobe Flash CS3, which potentially can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/32246/ -- [SA32236] System Requirements Lab ActiveX Control Code Execution Vulnerability Critical: Highly critical Where: From remote Impact: System access Released: 2008-10-16 A vulnerability has been reported in the System Requirements Lab ActiveX control, which can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/32236/ -- [SA32211] Microsoft Excel Multiple Vulnerabilities Critical: Highly critical Where: From remote Impact: System access Released: 2008-10-14 Some vulnerabilities have been reported in Microsoft Excel, which can be exploited by malicious people to potentially compromise a user's system. Full Advisory: http://secunia.com/advisories/32211/ -- [SA32244] Ayco Okul "linkid" SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Manipulation of data, Exposure of sensitive information Released: 2008-10-13 Crackers_Child has reported a vulnerability in Ayco Okul, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/32244/ -- [SA32238] MunzurSoft Wep Portal W3 "kat" SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Manipulation of data, Exposure of sensitive information Released: 2008-10-13 LUPUS has reported a vulnerability in MunzurSoft Wep Portal W3, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/32238/ -- [SA32218] GuildFTPd "LIST" Processing Buffer Overflow Vulnerability Critical: Moderately critical Where: From remote Impact: DoS, System access Released: 2008-10-13 dmnt has discovered a vulnerability in GuildFTPd, which can be exploited by malicious users to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/32218/ -- [SA32216] RaidenFTPD Directory Name Buffer Overflow Vulnerability Critical: Moderately critical Where: From remote Impact: DoS, System access Released: 2008-10-14 dmnt has discovered a vulnerability in RaidenFTPD, which can be exploited by malicious users to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/32216/ -- [SA32260] Microsoft Windows 2000 Message Queuing Service Vulnerability Critical: Moderately critical Where: From local network Impact: System access Released: 2008-10-14 A vulnerability has been reported in Microsoft Windows 2000, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/32260/ -- [SA32249] Microsoft Windows SMB Buffer Underflow Vulnerability Critical: Moderately critical Where: From local network Impact: System access Released: 2008-10-14 A vulnerability has been reported in Microsoft Windows, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/32249/ -- [SA32242] Microsoft Windows Active Directory Buffer Overflow Vulnerability Critical: Moderately critical Where: From local network Impact: System access Released: 2008-10-14 A vulnerability has been reported in Microsoft Windows, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/32242/ -- [SA32233] Microsoft Host Integration Server SNA RPC Vulnerability Critical: Moderately critical Where: From local network Impact: Security Bypass, System access Released: 2008-10-14 A vulnerability has been reported in Microsoft Host Integration Server, which can be exploited by malicious people to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/32233/ -- [SA32220] CA ARCserve Backup Multiple Vulnerabilities Critical: Moderately critical Where: From local network Impact: DoS, System access Released: 2008-10-10 Some vulnerabilities have been reported in CA ARCserve Backup, which can be exploited by malicious people to cause a DoS (Denial of Service) or to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/32220/ -- [SA32264] Websense SQL Password Disclosure Security Issue Critical: Less critical Where: Local system Impact: Exposure of sensitive information Released: 2008-10-14 Eric Beaulieu has reported a security issue in Websense, which can be exploited by malicious, local users to disclose sensitive information. Full Advisory: http://secunia.com/advisories/32264/ -- [SA32261] Microsoft Windows Ancillary Function Driver Privilege Escalation Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2008-10-14 A vulnerability has been reported in Microsoft Windows, which can be exploited by malicious, local users to gain escalated privileges. Full Advisory: http://secunia.com/advisories/32261/ -- [SA32252] Lenovo Rescue and Recovery "tvtumon.sys" Privilege Escalation Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2008-10-14 A vulnerability has been reported in Lenovo Rescue and Recovery, which potentially can be exploited by malicious, local users to gain escalated privileges. Full Advisory: http://secunia.com/advisories/32252/ -- [SA32251] Microsoft Windows Virtual Address Descriptor Privilege Escalation Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2008-10-14 A vulnerability has been reported in Microsoft Windows, which can be exploited by malicious, local users to gain escalated privileges. Full Advisory: http://secunia.com/advisories/32251/ -- [SA32247] Microsoft Windows Privilege Escalation Vulnerabilities Critical: Less critical Where: Local system Impact: Privilege escalation, DoS Released: 2008-10-14 Some vulnerabilities have been reported in Microsoft Windows, which can be exploited by malicious, local users to cause a DoS (Denial of Service) or gain escalated privileges. Full Advisory: http://secunia.com/advisories/32247/ UNIX/Linux:-- [SA32282] Ubuntu update for lcms Critical: Moderately critical Where: From remote Impact: System access Released: 2008-10-15 Ubuntu has issued an update for lcms. This fixes a vulnerability, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/32282/ -- [SA32280] Debian update for libxml2 Critical: Moderately critical Where: From remote Impact: DoS, System access Released: 2008-10-15 Debian has issued an update for libxml2. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise an application using the library. Full Advisory: http://secunia.com/advisories/32280/ -- [SA32275] Fedora update for drupal Critical: Moderately critical Where: From remote Impact: Security Bypass, Manipulation of data, Exposure of sensitive information Released: 2008-10-16 Fedora has issued an update for drupal. This fixes some vulnerabilities, which can be exploited by malicious users and malicious people to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/32275/ -- [SA32274] Ubuntu update for libexif Critical: Moderately critical Where: From remote Impact: DoS, System access Released: 2008-10-15 Ubuntu has issued an update for libexif. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) or compromise an application using the library. Full Advisory: http://secunia.com/advisories/32274/ -- [SA32273] Ubuntu update for exiv2 Critical: Moderately critical Where: From remote Impact: DoS, System access Released: 2008-10-15 Ubuntu has issued an update for exiv2. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise an application using the library. Full Advisory: http://secunia.com/advisories/32273/ -- [SA32266] Avaya AES / MX Apache Tomcat Multiple Vulnerabilities Critical: Moderately critical Where: From remote Impact: Security Bypass, Cross Site Scripting, Exposure of system information, Exposure of sensitive information Released: 2008-10-14 Avaya has acknowledged some vulnerabilities in Avaya AES / MX, which can be exploited by malicious, local users to bypass certain security restrictions, by malicious users to disclose potentially sensitive information, and by malicious people to conduct cross-site scripting attacks, bypass certain security restrictions, or disclose sensitive information. Full Advisory: http://secunia.com/advisories/32266/ -- [SA32265] Avaya Products libxml2 XML Entity Name Buffer Overflow Vulnerability Critical: Moderately critical Where: From remote Impact: DoS, System access Released: 2008-10-14 Avaya has acknowledged a vulnerability in various Avaya products, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise an application using the library. Full Advisory: http://secunia.com/advisories/32265/ -- [SA32263] Avaya Products vsftpd PAM Memory Leak Vulnerability Critical: Moderately critical Where: From remote Impact: DoS Released: 2008-10-14 Avaya has acknowledged a vulnerability in various Avaya products, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/32263/ -- [SA32256] Debian update for ruby1.8 Critical: Moderately critical Where: From remote Impact: Security Bypass, DoS Released: 2008-10-13 Debian has issued an update for ruby1.8. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions or cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/32256/ -- [SA32255] Debian update for ruby1.9 Critical: Moderately critical Where: From remote Impact: Security Bypass, DoS Released: 2008-10-13 Debian has issued an update for ruby1.9. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions or cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/32255/ -- [SA32241] Avaya Products Red Hat Tampered OpenSSH Packages Critical: Moderately critical Where: From remote Impact: Unknown Released: 2008-10-14 Avaya has acknowledged that a small number of OpenSSH packages have been tampered with. Full Advisory: http://secunia.com/advisories/32241/ -- [SA32232] Fedora update for condor Critical: Moderately critical Where: From remote Impact: Security Bypass, DoS, System access Released: 2008-10-10 Fedora has issued an update for condor. This fixes some vulnerabilities, which can be exploited by malicious users to bypass certain security restrictions, cause a DoS (Denial of Service), and potentially compromise a vulnerable system, and by malicious people to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/32232/ -- [SA32222] Apple Mac OS X Security Update Fixes Multiple Vulnerabilities Critical: Moderately critical Where: From remote Impact: Security Bypass, Cross Site Scripting, Manipulation of data, Exposure of system information, Exposure of sensitive information, Privilege escalation, DoS, System access Released: 2008-10-10 Apple has issued a security update for Mac OS X, which fixes multiple vulnerabilities. Full Advisory: http://secunia.com/advisories/32222/ -- [SA32219] Ubuntu update for ruby1.8 Critical: Moderately critical Where: From remote Impact: Security Bypass, Spoofing, DoS Released: 2008-10-10 Ubuntu has issued an update for ruby1.8. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions, cause a DoS (Denial of Service), and conduct spoofing attacks. Full Advisory: http://secunia.com/advisories/32219/ -- [SA32217] GForge Multiple SQL Injection Vulnerabilities Critical: Moderately critical Where: From remote Impact: Manipulation of data, Exposure of sensitive information Released: 2008-10-13 Some vulnerabilities have been reported in Gforge, which can be exploited by malicious people and users to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/32217/ -- [SA32292] Ubuntu update for cups Critical: Moderately critical Where: From local network Impact: DoS, System access Released: 2008-10-16 Ubuntu has issued an update for cups. This fixes some vulnerabilities, which potentially can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/32292/ -- [SA32284] Fedora update for cups Critical: Moderately critical Where: From local network Impact: DoS, System access Released: 2008-10-16 Fedora has issued an update for cups. This fixes some vulnerabilities, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/32284/ -- [SA32283] Sun Solaris "sadmind" Buffer Overflow Vulnerability Critical: Moderately critical Where: From local network Impact: System access Released: 2008-10-15 Adriano Lima has reported a vulnerability in Sun Solaris, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/32283/ -- [SA32279] Fedora update for bluez-utils and bluez-libs Critical: Moderately critical Where: From local network Impact: DoS, System access Released: 2008-10-16 Fedora has issued an update for bluez-utils and bluez-libs. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) or to potentially compromise a user's system. Full Advisory: http://secunia.com/advisories/32279/ -- [SA32226] CUPS Multiple Vulnerabilities Critical: Moderately critical Where: From local network Impact: DoS, System access Released: 2008-10-10 Some vulnerabilities have been reported in CUPS, which potentially can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/32226/ -- [SA32286] Fedora update for neon Critical: Less critical Where: From remote Impact: DoS Released: 2008-10-16 Fedora has issued an update for neon. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/32286/ -- [SA32254] Debian update for openldap Critical: Less critical Where: From local network Impact: DoS Released: 2008-10-13 Debian has issued an update for openldap. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/32254/ -- [SA32281] Ubuntu update for dbus Critical: Less critical Where: Local system Impact: Security Bypass, DoS Released: 2008-10-15 Ubuntu has issued an update for dbus. This fixes a weakness and a security issue, which can be exploited by malicious, local users to cause a DoS (Denial of Service) and bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/32281/ -- [SA32237] Debian update for linux-2.6 Critical: Less critical Where: Local system Impact: Privilege escalation, DoS Released: 2008-10-14 Debian has issued an update for linux-2.6. This fixes some vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service) and gain escalated privileges. Full Advisory: http://secunia.com/advisories/32237/ -- [SA32231] Fedora update for postfix Critical: Less critical Where: Local system Impact: Exposure of sensitive information, Privilege escalation, DoS Released: 2008-10-10 Fedora has issued an update for postfix. This fixes some security issues, which can be exploited by malicious, local users to disclose potentially sensitive information, cause a DoS (Denial of Service), and perform certain actions with escalated privileges. Full Advisory: http://secunia.com/advisories/32231/ -- [SA32257] chm2pdf Insecure Temporary Directories Critical: Not critical Where: Local system Impact: Privilege escalation, DoS Released: 2008-10-13 A security issue has been reported in chm2pdf, which can be exploited by malicious, local users to perform certain actions with escalated privileges or to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/32257/ -- [SA32230] Fedora update for dbus Critical: Not critical Where: Local system Impact: DoS Released: 2008-10-10 Fedora has issued an update for dbus. This fixes a weakness, which can be exploited by malicious, local users to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/32230/ -- [SA32228] Gentoo Portage Insecure Python Module Search Path Security Issue Critical: Not critical Where: Local system Impact: Privilege escalation Released: 2008-10-10 Gentoo has acknowledged a security issue in portage, which can be exploited by malicious, local users to gain escalated privileges. Full Advisory: http://secunia.com/advisories/32228/ Other:-- [SA32259] Linksys WAP4400N Denial of Service and SNMPv3 Vulnerability Critical: Moderately critical Where: From remote Impact: Unknown, DoS Released: 2008-10-14 Some vulnerabilities have been reported in Linksys WAP4400N, where one has unknown impacts and the other can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/32259/ -- [SA32258] Telecom Italia Alice Routers Magic Packet Security Bypass Critical: Less critical Where: From local network Impact: Security Bypass Released: 2008-10-16 saxdax and drpepperONE have reported a vulnerability in various Telecom Italia Alice routers, which can be exploited by malicious people to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/32258/ Cross Platform:-- [SA32301] BEA WebLogic Server Multiple Vulnerabilities Critical: Highly critical Where: From remote Impact: Security Bypass, DoS, System access Released: 2008-10-15 Some vulnerabilities have been reported in BEA WebLogic Server, which can be exploited by malicious users to bypass certain security restrictions, and by malicious people to bypass certain security restrictions and compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/32301/ -- [SA32267] VLC Media Player XSPF Processing Memory Corruption Vulnerability Critical: Highly critical Where: From remote Impact: DoS, System access Released: 2008-10-15 A vulnerability has been reported by VLC Media Player, which potentially can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/32267/ -- [SA32227] Sun Java System Web Proxy Server Two Vulnerabilities Critical: Highly critical Where: From remote Impact: System access Released: 2008-10-10 Two vulnerabilities have been reported in Sun Java System Web Proxy Server, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/32227/ -- [SA32304] BEA WebLogic Server Multiple Authorizers Security Bypass Critical: Moderately critical Where: From remote Impact: Security Bypass Released: 2008-10-15 A vulnerability has been reported in BEA WebLogic Server, which can be exploited by malicious people to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/32304/ -- [SA32303] BEA WebLogic Workshop NetUI Pageflow Information Disclosure Vulnerability Critical: Moderately critical Where: From remote Impact: Exposure of sensitive information Released: 2008-10-15 A vulnerability has been reported in BEA WebLogic Workshop, which can be exploited by malicious people to disclose potentially sensitive information. Full Advisory: http://secunia.com/advisories/32303/ -- [SA32302] BEA WebLogic Workshop NetUI Tags Information Disclosure Vulnerability Critical: Moderately critical Where: From remote Impact: Exposure of sensitive information Released: 2008-10-15 A vulnerability has been reported in BEA WebLogic Workshop, which can be exploited by malicious people to disclose potentially sensitive information. Full Advisory: http://secunia.com/advisories/32302/ -- [SA32291] Oracle Products Multiple Vulnerabilities Critical: Moderately critical Where: From remote Impact: Unknown Released: 2008-10-15 Some vulnerabilities with unknown impacts have been reported in various Oracle products. Full Advisory: http://secunia.com/advisories/32291/ -- [SA32290] AstroSPACES "id" SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Manipulation of data, Exposure of sensitive information Released: 2008-10-16 TurkishWarriorr has discovered a vulnerability in AstroSPACES, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/32290/ -- [SA32289] myWebland myStats SQL Injection and Security Bypass Critical: Moderately critical Where: From remote Impact: Security Bypass, Manipulation of data Released: 2008-10-16 JosS has discovered two vulnerabilities in myWebland myStats, which can be exploited by malicious people to bypass certain security restrictions and conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/32289/ -- [SA32288] Webscene eCommerce "level" SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Manipulation of data, Exposure of sensitive information Released: 2008-10-15 Angela Chang has reported a vulnerability in Webscene eCommerce, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/32288/ -- [SA32287] HP Systems Insight Manager Unspecified Unauthorised Access Critical: Moderately critical Where: From remote Impact: Security Bypass, Exposure of system information, Exposure of sensitive information Released: 2008-10-16 A vulnerability has been reported in HP Systems Insight Manager (SIM), which can be exploited by malicious people to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/32287/ -- [SA32285] Drupal Shindig-Integrator Module Multiple Vulnerabilities Critical: Moderately critical Where: From remote Impact: Unknown, Security Bypass, Cross Site Scripting Released: 2008-10-16 Some vulnerabilities have been reported in the Shindig-Integrator module for Drupal, where some have an unknown impact, and others can be exploited by malicious users to conduct script insertion attacks, and by malicious people to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/32285/ -- [SA32277] SweetCMS "page" SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2008-10-16 Dapirates & underc have reported a vulnerability in SweetCMS, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/32277/ -- [SA32268] MyPHPDating "id" SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Manipulation of data, Exposure of sensitive information Released: 2008-10-15 Hakxer has reported a vulnerability in MyPHPDating (My PHP Dating), which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/32268/ -- [SA32253] WordPress WP Comment Remix Plugin Multiple Vulnerabilities Critical: Moderately critical Where: From remote Impact: Cross Site Scripting, Manipulation of data Released: 2008-10-15 g30rg3_x has reported some vulnerabilities in the WP Comment Remix plugin for WordPress, which can be exploited by malicious people to conduct cross-site request forgery, script insertion, and SQL injection attacks. Full Advisory: http://secunia.com/advisories/32253/ -- [SA32240] Joomla Ignite Gallery Component "gallery" SQL Injection Critical: Moderately critical Where: From remote Impact: Manipulation of data, Exposure of sensitive information Released: 2008-10-13 H!tm_at_N has reported a vulnerability in the Ignite Gallery component for Joomla!, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/32240/ -- [SA32239] Joomla Mad4Joomla Mailforms Component "jid" SQL Injection Critical: Moderately critical Where: From remote Impact: Manipulation of data, Exposure of sensitive information Released: 2008-10-13 H!tm_at_N has reported a vulnerability in the Mad4Joomla Mailforms component for Joomla!, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/32239/ -- [SA32235] Joomla OwnBiblio Component "catid" SQL Injection Critical: Moderately critical Where: From remote Impact: Manipulation of data, Exposure of sensitive information Released: 2008-10-13 H!tm_at_N has discovered a vulnerability in the OwnBiblio component for Joomla!, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/32235/ -- [SA32225] Phorum BBcode Nested "img" Tags Script Insertion Critical: Moderately critical Where: From remote Impact: Cross Site Scripting Released: 2008-10-14 Julian A. Rodriguez has reported a vulnerability in Phorum, which can be exploited by malicious people to conduct script insertion attacks. Full Advisory: http://secunia.com/advisories/32225/ -- [SA32223] Real Estates Classifieds "cat" SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Manipulation of data, Exposure of sensitive information Released: 2008-10-13 Hakxer has reported a vulnerability in Real Estates Classifieds, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/32223/ -- [SA32215] My PHP Indexer "d" File Disclosure Vulnerability Critical: Moderately critical Where: From remote Impact: Exposure of system information, Exposure of sensitive information Released: 2008-10-13 JosS has discovered a vulnerability in My PHP Indexer, which can be exploited by malicious people to disclose sensitive information. Full Advisory: http://secunia.com/advisories/32215/ -- [SA32214] NewLife Blogger "nlb3" SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2008-10-13 Pepelux has reported a vulnerability in NewLife Blogger, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/32214/ -- [SA32278] Elxis mod_language.php Cross-Site Scripting Vulnerability Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2008-10-15 swappie aka faithlove has discovered a vulnerability in Elxis, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/32278/ -- [SA32276] Drupal Node Vote Module Vote Again SQL Injection Critical: Less critical Where: From remote Impact: Manipulation of data, Privilege escalation Released: 2008-10-16 A vulnerability has been reported in the Node Vote module for Drupal, which can be exploited by malicious users to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/32276/ -- [SA32270] Adobe Flash Player Multiple Security Issues Critical: Less critical Where: From remote Impact: Security Bypass, Manipulation of data Released: 2008-10-16 Some security issues have been reported in Adobe Flash Player, which can be exploited by malicious people to bypass certain security restrictions or manipulate certain data. Full Advisory: http://secunia.com/advisories/32270/ -- [SA32243] Mantis Referenced Reports Information Disclosure Security Issue Critical: Less critical Where: From remote Impact: Exposure of sensitive information Released: 2008-10-14 A security issue has been reported in Mantis, which can be exploited by malicious users to disclose potentially sensitive information. Full Advisory: http://secunia.com/advisories/32243/ -- [SA32212] ScriptsEz Mini Hosting Panel "dir" File Disclosure Critical: Less critical Where: From remote Impact: Exposure of system information, Exposure of sensitive information Released: 2008-10-13 JosS has reported a vulnerability in ScriptsEz Mini Hosting Panel, which can be exploited by malicious users to disclose sensitive information. Full Advisory: http://secunia.com/advisories/32212/ -- [SA32234] FUJITSU Interstage Products Apache Tomcat Security Bypass Critical: Not critical Where: From remote Impact: Security Bypass Released: 2008-10-10 A security issue has been reported in various FUJITSU Interstage products, which potentially can be exploited by malicious people to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/32234/ -- [SA32213] Apache Tomcat "RemoteFilterValve" Security Bypass Security Issue Critical: Not critical Where: From remote Impact: Security Bypass Released: 2008-10-13 A security issue has been reported in Apache Tomcat, which potentially can be exploited by malicious people to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/32213/ ======================================================================== Secunia recommends that you verify all advisories you receive, by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Subscribe: http://secunia.com/advisories/weekly_summary/ Contact details: Web : http://secunia.com/ E-mail : support_at_private Tel : +45 70 20 51 44 Fax : +45 70 20 51 45 __________________________________________________ Register now for HITBSecConf2008 - Malaysia! With a new triple-track conference featuring 4 keynote speakers and over 35 international experts, this is the largest network security event in Asia and the Middle East! http://conference.hackinthebox.org/hitbsecconf2008kl/Received on Thu Oct 16 2008 - 23:28:57 PDT
This archive was generated by hypermail 2.2.0 : Thu Oct 16 2008 - 23:39:48 PDT