======================================================================== The Secunia Weekly Advisory Summary 2008-11-06 - 2008-11-13 This week: 113 advisories ======================================================================== Table of Contents: 1.....................................................Word From Secunia 2....................................................This Week In Brief 3...............................This Weeks Top Ten Most Read Advisories 4.......................................Vulnerabilities Summary Listing 5.......................................Vulnerabilities Content Listing ======================================================================== 1) Word From Secunia: Would you like to be notified when the vendor patch gets issued? The Secunia Vulnerability Intelligence solutions allow you to be notified via email & SMS as soon as any major update to the vulnerability occurs. That could be a change in criticality rating, exploit-code appeared in the wild, patch is issued by the vendor etc. With the professional solutions you also get access to more detailed information for work arounds, deep links and support from Secunia Research. This intelligence is not part of the mailing list or weekly summary. http://secunia.com/advisories/business_solutions/ ======================================================================== 2) This Week in Brief: Various Mozilla products have been updated. For more details view the Secunia Advisories below. For more information, refer to: http://secunia.com/advisories/32715/ http://secunia.com/advisories/32714/ http://secunia.com/advisories/32713/ http://secunia.com/advisories/32693/ -- Microsoft has released their monthly security bulletins for November. For more information, refer to: http://secunia.com/advisories/32633/ http://secunia.com/advisories/23655/ ======================================================================== 3) This Weeks Top Ten Most Read Advisories: 1. [SA29773] Adobe Acrobat/Reader Multiple Vulnerabilities 2. [SA31010] Sun Java JDK / JRE Multiple Vulnerabilities 3. [SA32270] Adobe Flash Player Multiple Security Issues and Vulnerabilities 4. [SA32597] hMAilServer PHPWebAdmin File Inclusion Vulnerabilities 5. [SA32633] Microsoft Windows SMB Authentication Credential Replay Vulnerability 6. [SA32569] VLC Media Player CUE and RealText Processing Buffer Overflows 7. [SA28713] Facebook Photo Uploader ActiveX Control Property Handling Buffer Overflow 8. [SA32361] Snoopy "_httpsrequest()" Shell Command Execution Vulnerability 9. [SA20153] Microsoft Word Malformed Object Pointer Vulnerability 10. [SA32682] SAP GUI MDrmSap ActiveX Control Code Execution Vulnerability ======================================================================== 4) Vulnerabilities Summary Listing Windows: [SA32698] ooVoo URI Handler Buffer Overflow Vulnerability [SA32682] SAP GUI MDrmSap ActiveX Control Code Execution Vulnerability [SA32597] hMAilServer PHPWebAdmin File Inclusion Vulnerabilities [SA32675] Dizi Film Portal "film" SQL Injection Vulnerability [SA32590] Arab Portal "file" File Disclosure Vulnerability [SA32633] Microsoft Windows SMB Authentication Credential Replay Vulnerability [SA32618] Trend Micro ServerProtect Multiple Vulnerabilities [SA32683] IBM Metrica Products Cross-Site Scripting and Script Insertion [SA32592] Orb Networks Orb Directory Traversal Vulnerability [SA32669] Anti-Trojan Elite Atepmon.sys IOCTL Handling Vulnerability [SA32634] Anti-Keylogger Elite "AKEProtect.sys" IOCTL Handling Vulnerabilities UNIX/Linux: [SA32714] Mozilla SeaMonkey Multiple Vulnerabilities [SA32713] Mozilla Firefox 3 Multiple Vulnerabilities [SA32708] Fedora update for optipng [SA32700] Red Hat update for acroread [SA32695] Red Hat update for firefox [SA32694] Red Hat update for seamonkey [SA32688] Apple iLife / Aperture Image Processing Vulnerabilities [SA32629] SUSE update for yelp [SA32702] Red Hat update for flash-plugin [SA32687] Red Hat update for gnutls [SA32681] Fedora update for gnutls [SA32678] Debian update for libcdaudio [SA32677] Ubuntu update for dovecot [SA32661] Gentoo update for faad2 [SA32656] Gentoo update for graphviz [SA32625] Sun Solaris IP Filter DNS Cache Poisoning [SA32619] GnuTLS X.509 Certificate Chain Validation Vulnerability [SA32614] Fedora update for ipsec-tools [SA32608] Ubuntu update for tk [SA32607] Ubuntu update for netpbm [SA32606] Sun Java System Identity Manager Multiple Vulnerabilities [SA32668] Sun Solaris DHCP Request Handling Vulnerabilities [SA32685] Red Hat update for httpd [SA32662] Gentoo update for gallery [SA32630] op5 Monitor Cross-Site Request Forgery [SA32620] Fedora update for php-Smarty [SA32615] Fedora update for drupal-cck [SA32610] Nagios "cmd.cgi" Cross-Site Request Forgery [SA32599] TestLink Multiple Script Insertion Vulnerabilities [SA32711] rPath update for net-snmp [SA32664] Debian update for net-snmp [SA32709] rPath update for kernel [SA32701] Fedora update for blender [SA32679] smcFanControl "main()" Privilege Escalation Vulnerability [SA32674] Sun Logical Domains Authentication Bypass Vulnerability [SA32627] CDRW-Taper "amlabel-cdrw" Insecure Temporary Files [SA32621] HP Tru64 UNIX AdvFS "showfile" Privilege Escalation Vulnerability [SA32616] Fedora update for cman, gfs2-utils, and rgmanager [SA32605] Apertium Insecure Temporary Files [SA32602] Cluster Project Unspecified Insecure Temporary Files [SA32598] Scilab Insecure Temporary Files [SA32589] DigitalDJ fest.pl Insecure Temporary Files [SA32588] Rancid "getipacctg" Insecure Temporary Files [SA32587] lmbench Insecure Temporary Files [SA32707] Fedora update for libpng10 [SA32710] rPath update for initscripts [SA32691] Ubuntu update for gnome-screensaver [SA32671] WIMS "account.sh" Insecure Temporary Files [SA32667] Sun Solstice X.25 Local Denial of Service [SA32655] Linux Kernel Denial of Service Vulnerabilities Other: [SA32631] 2Wire Routers Denial of Service Vulnerability [SA32635] Siemens SpeedStream 5200 "Host" Header Authentication Bypass [SA32623] Sweex RO002 Router Undocumented Account Security Issue Cross Platform: [SA32715] Mozilla Thunderbird Multiple Vulnerabilities [SA32693] Mozilla Firefox 2 Multiple Vulnerabilities [SA32666] AlstraSoft SendIt Pro File Upload Vulnerability [SA32651] OptiPNG BMP Reader Buffer Overflow Vulnerability [SA32643] Sanusart Simple PHP Guestbook Script PHP Code Execution [SA32628] Enthusiast "path" File Inclusion Vulnerability [SA32626] PHPStore Multiple Products File Upload Vulnerability [SA32712] HP Service Manager Unspecified Security Bypass Vulnerability [SA32703] ActiveCampaign TrioLive "department_id" SQL Injection [SA32673] MyioSoft Products "rsargs" SQL Injection Vulnerability [SA32665] AlstraSoft Article Manager Pro "username" SQL Injection Vulnerability [SA32663] ClamAV "get_unicode_name()" Off-By-One Vulnerability [SA32660] AlstraSoft Web Host Directory "pwd" SQL Injection Vulnerability [SA32653] WOW Raid Manager "auth_phpbb3.php" Authentication Bypass [SA32652] Trac Multiple Vulnerabilities [SA32647] PozScripts Business Directory Script "cid" SQL Injection Vulnerability [SA32646] Mole Group Rental Script "username" SQL Injection Vulnerability [SA32645] OTManager CMS "Tipo" File Inclusion Vulnerability [SA32644] TurnkeyForms Web Hosting Directory Multiple Vulnerabilities [SA32641] E-topbiz Online Store 1 "user" and "cat_id" SQL Injection Vulnerabilities [SA32640] Mini Web Calendar Cross-Site Scripting and Local File Disclosure [SA32639] E-topbiz Number Links 1 "id" SQL Injection Vulnerability [SA32638] TYPO3 eluna_pagecomments Extension Cross-Site Scripting and SQL Injection [SA32637] Domain Seller Pro "id" SQL Injection Vulnerability [SA32636] MyioSoft EasyBookMarker "Parent" SQL Injection Vulnerability [SA32632] MemHT Portal "title" SQL Injection Vulnerability [SA32622] Joomla! Script Insertion Vulnerabilities [SA32617] Zeeways Shaadi Clone Authentication Bypass Vulnerability [SA32613] Mole Group Pizza Online Ordering Script "manufacturers_id" SQL Injection [SA32603] V3 Chat Products "admin" Cookie Security Bypass Vulnerability [SA32601] Zeeways PhotoVideoTube Authentication Bypass Vulnerability [SA32600] AJSquare Free Polling Script Authentication Bypass Vulnerability [SA32596] DevelopItEasy Events Calendar Multiple SQL Injection Vulnerabilities [SA32595] DevelopItEasy News And Article System Multiple SQL Injection Vulnerabilities [SA32594] DevelopItEasy Membership System Multiple SQL Injection Vulnerabilities [SA32593] DevelopItEasy Photo Gallery Multiple SQL Injection Vulnerabilities [SA32591] TurnkeyForms Local Classifieds SQL Injection and Security Bypass [SA32586] PHP Classifieds "admin_username" SQL Injection Vulnerability [SA32689] TYPO3 "file" Backend Module Cross-Site Scripting Vulnerability [SA32670] Sun Java System Messaging Server Cross-Site Scripting Vulnerability [SA32657] buymyscripts.net Lyrics Script "k" Cross-Site Scripting Vulnerability [SA32654] TYPO3 phpMyAdmin Extension "db" Cross-Site Scripting Vulnerability [SA32650] buymyscripts.net Clickbank Portal "keyword" Cross-Site Scripting Vulnerability [SA32649] buymyscripts.net Recipe Website Script "keyword" Cross-Site Scripting [SA32642] Fresh Email Script "Email" Cross-Site Scripting Vulnerability [SA32680] Blender Insecure Python Module Search Path Vulnerability [SA32624] VMware ESX / ESXi Privilege Escalation and Directory Traversal Vulnerability [SA32612] VMware Products Privilege Escalation Vulnerability [SA32686] MoinMoin Full Path Disclosure Weakness ======================================================================== 5) Vulnerabilities Content Listing Windows:-- [SA32698] ooVoo URI Handler Buffer Overflow Vulnerability Critical: Highly critical Where: From remote Impact: System access Released: 2008-11-12 bruiser has discovered a vulnerability in ooVoo, which potentially can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/32698/ -- [SA32682] SAP GUI MDrmSap ActiveX Control Code Execution Vulnerability Critical: Highly critical Where: From remote Impact: System access Released: 2008-11-11 A vulnerability has been reported in SAPgui, which can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/32682/ -- [SA32597] hMAilServer PHPWebAdmin File Inclusion Vulnerabilities Critical: Highly critical Where: From remote Impact: Exposure of sensitive information, System access Released: 2008-11-07 Nine:Situations:Group::strawdog has discovered some vulnerabilities in hMailServer PHPWebAdmin, which can be exploited by malicious people to disclose potentially sensitive information and compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/32597/ -- [SA32675] Dizi Film Portal "film" SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Manipulation of data, Exposure of sensitive information Released: 2008-11-11 Kaan KAMIS has discovered a vulnerability in Dizi Film Portal, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/32675/ -- [SA32590] Arab Portal "file" File Disclosure Vulnerability Critical: Moderately critical Where: From remote Impact: Exposure of sensitive information Released: 2008-11-10 IRCRASH has reported a vulnerability in Arab Portal, which can be exploited by malicious people to disclose sensitive information. Full Advisory: http://secunia.com/advisories/32590/ -- [SA32633] Microsoft Windows SMB Authentication Credential Replay Vulnerability Critical: Moderately critical Where: From local network Impact: Security Bypass, Spoofing Released: 2008-11-11 A vulnerability has been reported in Microsoft Windows, which can be exploited by malicious people to bypass certain security features. Full Advisory: http://secunia.com/advisories/32633/ -- [SA32618] Trend Micro ServerProtect Multiple Vulnerabilities Critical: Moderately critical Where: From local network Impact: DoS, System access Released: 2008-11-12 Some vulnerabilities have been reported in Trend Micro ServerProtect, which potentially can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/32618/ -- [SA32683] IBM Metrica Products Cross-Site Scripting and Script Insertion Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2008-11-13 Francesco Bianchino has reported a vulnerability in Metrica products, which can be exploited by malicious users to conduct script insertion attacks and by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/32683/ -- [SA32592] Orb Networks Orb Directory Traversal Vulnerability Critical: Less critical Where: From local network Impact: Exposure of system information, Exposure of sensitive information Released: 2008-11-10 A vulnerability has been reported in Orb, which can be exploited by malicious people to disclose sensitive information. Full Advisory: http://secunia.com/advisories/32592/ -- [SA32669] Anti-Trojan Elite Atepmon.sys IOCTL Handling Vulnerability Critical: Less critical Where: Local system Impact: Privilege escalation, DoS Released: 2008-11-10 alex has discovered a vulnerability in Anti-Trojan Elite, which can be exploited by malicious, local users to cause a DoS (Denial of Service) or potentially gain escalated privileges. Full Advisory: http://secunia.com/advisories/32669/ -- [SA32634] Anti-Keylogger Elite "AKEProtect.sys" IOCTL Handling Vulnerabilities Critical: Less critical Where: Local system Impact: Privilege escalation, DoS Released: 2008-11-10 alex has discovered some vulnerabilities in Anti-Keylogger Elite, which can be exploited by malicious, local users to cause a DoS (Denial of Service) or to potentially gain escalated privileges. Full Advisory: http://secunia.com/advisories/32634/ UNIX/Linux:-- [SA32714] Mozilla SeaMonkey Multiple Vulnerabilities Critical: Highly critical Where: From remote Impact: Security Bypass, Exposure of system information, Exposure of sensitive information, System access Released: 2008-11-13 Some vulnerabilities have been reported in Mozilla SeaMonkey, which can be exploited by malicious people to disclose sensitive information, bypass certain security restrictions, or compromise a user's system. Full Advisory: http://secunia.com/advisories/32714/ -- [SA32713] Mozilla Firefox 3 Multiple Vulnerabilities Critical: Highly critical Where: From remote Impact: Security Bypass, Exposure of system information, Exposure of sensitive information, System access Released: 2008-11-13 Some vulnerabilities have been reported in Mozilla Firefox, which can be exploited by malicious people to disclose sensitive information, bypass certain security restrictions, or compromise a user's system. Full Advisory: http://secunia.com/advisories/32713/ -- [SA32708] Fedora update for optipng Critical: Highly critical Where: From remote Impact: DoS, System access Released: 2008-11-13 Fedora has issued an update for optipng. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/32708/ -- [SA32700] Red Hat update for acroread Critical: Highly critical Where: From remote Impact: Privilege escalation, System access Released: 2008-11-13 Red Hat has issued an update for acroread. This fixes some vulnerabilities, which can be exploited by malicious, local users to gain escalated privileges or by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/32700/ -- [SA32695] Red Hat update for firefox Critical: Highly critical Where: From remote Impact: Security Bypass, Exposure of system information, Exposure of sensitive information, System access Released: 2008-11-13 Red Hat has issued an update for firefox. This fixes some vulnerabilities, which can be exploited by malicious people to disclose sensitive information, bypass certain security restrictions, or compromise a user's system. Full Advisory: http://secunia.com/advisories/32695/ -- [SA32694] Red Hat update for seamonkey Critical: Highly critical Where: From remote Impact: Security Bypass, Exposure of system information, Exposure of sensitive information, System access Released: 2008-11-13 Red Hat has issued an update for seamonkey. This fixes some vulnerabilities, which can be exploited by malicious people to disclose sensitive information, bypass certain security restrictions, or compromise a user's system. Full Advisory: http://secunia.com/advisories/32694/ -- [SA32688] Apple iLife / Aperture Image Processing Vulnerabilities Critical: Highly critical Where: From remote Impact: DoS, System access Released: 2008-11-12 Apple has acknowledged some vulnerabilities in Apple iLife and Aperture, which can potentially be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/32688/ -- [SA32629] SUSE update for yelp Critical: Highly critical Where: From remote Impact: DoS, System access Released: 2008-11-07 SUSE has issued an update for yelp. This fixes a vulnerability, which potentially can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/32629/ -- [SA32702] Red Hat update for flash-plugin Critical: Moderately critical Where: From remote Impact: Security Bypass, Cross Site Scripting, Manipulation of data, Exposure of sensitive information Released: 2008-11-13 Red Hat has issued an update for flash-plugin. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions, manipulate certain data, conduct cross-site scripting attacks, or disclose sensitive information. Full Advisory: http://secunia.com/advisories/32702/ -- [SA32687] Red Hat update for gnutls Critical: Moderately critical Where: From remote Impact: Security Bypass, Spoofing Released: 2008-11-12 Red Hat has issued an update for gnutls. This fixes a vulnerability, which can be exploited by malicious people to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/32687/ -- [SA32681] Fedora update for gnutls Critical: Moderately critical Where: From remote Impact: Security Bypass, Spoofing Released: 2008-11-12 Fedora has issued an update for gnutls. This fixes a vulnerability, which can be exploited by malicious people to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/32681/ -- [SA32678] Debian update for libcdaudio Critical: Moderately critical Where: From remote Impact: DoS, System access Released: 2008-11-13 Debian has issued an update for libcdaudio. This fixes a vulnerability, which can be exploited by malicious people to compromise an application using the library. Full Advisory: http://secunia.com/advisories/32678/ -- [SA32677] Ubuntu update for dovecot Critical: Moderately critical Where: From remote Impact: DoS Released: 2008-11-10 Ubuntu has issued an update for dovecot. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/32677/ -- [SA32661] Gentoo update for faad2 Critical: Moderately critical Where: From remote Impact: DoS, System access Released: 2008-11-10 Gentoo has issued an update for faad2. This fixes a vulnerability, which potentially can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/32661/ -- [SA32656] Gentoo update for graphviz Critical: Moderately critical Where: From remote Impact: System access Released: 2008-11-10 Gentoo has issued an update for graphviz. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/32656/ -- [SA32625] Sun Solaris IP Filter DNS Cache Poisoning Critical: Moderately critical Where: From remote Impact: Spoofing Released: 2008-11-12 A vulnerability has been reported in Sun Solaris, which can be exploited by malicious people to poison the DNS cache. Full Advisory: http://secunia.com/advisories/32625/ -- [SA32619] GnuTLS X.509 Certificate Chain Validation Vulnerability Critical: Moderately critical Where: From remote Impact: Security Bypass, Spoofing Released: 2008-11-10 A vulnerability has been reported in GnuTLS, which can be exploited by malicious people to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/32619/ -- [SA32614] Fedora update for ipsec-tools Critical: Moderately critical Where: From remote Impact: DoS Released: 2008-11-07 Fedora has issued an update for ipsec-tools. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/32614/ -- [SA32608] Ubuntu update for tk Critical: Moderately critical Where: From remote Impact: DoS, System access Released: 2008-11-07 Ubuntu has issued an update for tk. This fixes a vulnerability, which can be exploited by malicious people to compromise an application using the library. Full Advisory: http://secunia.com/advisories/32608/ -- [SA32607] Ubuntu update for netpbm Critical: Moderately critical Where: From remote Impact: DoS, System access Released: 2008-11-07 Ubuntu has issued an update for netpbm. This fixes a vulnerability, which can be exploited by malicious people to potentially compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/32607/ -- [SA32606] Sun Java System Identity Manager Multiple Vulnerabilities Critical: Moderately critical Where: From remote Impact: Security Bypass, Cross Site Scripting Released: 2008-11-12 Some vulnerabilities have been reported in Sun Java System Identity Manager, which can be exploited by malicious people to conduct cross-site scripting attacks and to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/32606/ -- [SA32668] Sun Solaris DHCP Request Handling Vulnerabilities Critical: Moderately critical Where: From local network Impact: DoS, System access Released: 2008-11-10 Some vulnerabilities have been reported in Sun Solaris, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/32668/ -- [SA32685] Red Hat update for httpd Critical: Less critical Where: From remote Impact: Cross Site Scripting, DoS Released: 2008-11-12 Red Hat has issued an update for httpd. This fixes some vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting attacks or potentially cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/32685/ -- [SA32662] Gentoo update for gallery Critical: Less critical Where: From remote Impact: Exposure of system information, Exposure of sensitive information, Cross Site Scripting Released: 2008-11-10 Gentoo has issued an update for gallery. This fixes some vulnerabilities, which can be exploited by malicious users to conduct script insertion attacks and disclose potentially sensitive information. Full Advisory: http://secunia.com/advisories/32662/ -- [SA32630] op5 Monitor Cross-Site Request Forgery Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2008-11-11 A vulnerability has been reported in op5 Monitor, which can be exploited by malicious people to conduct cross-site request forgery attacks. Full Advisory: http://secunia.com/advisories/32630/ -- [SA32620] Fedora update for php-Smarty Critical: Less critical Where: From remote Impact: Security Bypass Released: 2008-11-07 Fedora has issued an update for php-Smarty. This fixes a vulnerability, which can be exploited by malicious people to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/32620/ -- [SA32615] Fedora update for drupal-cck Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2008-11-07 Fedora has issued an update for drupal-cck. This fixes some vulnerabilities, which can be exploited by malicious users to conduct script insertion attacks. Full Advisory: http://secunia.com/advisories/32615/ -- [SA32610] Nagios "cmd.cgi" Cross-Site Request Forgery Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2008-11-07 Andreas Ericsson has discovered a vulnerability in Nagios, which can be exploited by malicious people to conduct cross-site request forgery attacks. Full Advisory: http://secunia.com/advisories/32610/ -- [SA32599] TestLink Multiple Script Insertion Vulnerabilities Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2008-11-07 Some vulnerabilities have been reported in TestLink, which can be exploited by malicious users to conduct script insertion attacks. Full Advisory: http://secunia.com/advisories/32599/ -- [SA32711] rPath update for net-snmp Critical: Less critical Where: From local network Impact: DoS Released: 2008-11-13 rPath has issued an update for net-snmp. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/32711/ -- [SA32664] Debian update for net-snmp Critical: Less critical Where: From local network Impact: Spoofing, DoS, System access Released: 2008-11-10 Debian has issued an update for net-snmp. This fixes some vulnerabilities, which can be exploited by malicious people to spoof authenticated SNMPv3 packets, cause a DoS (Denial of Service), and compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/32664/ -- [SA32709] rPath update for kernel Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2008-11-13 rPath has issued an update for the kernel. This fixes a vulnerability, which can be exploited by malicious, local users to gain escalated privileges. Full Advisory: http://secunia.com/advisories/32709/ -- [SA32701] Fedora update for blender Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2008-11-12 Fedora has issued an update for blender. This fixes a vulnerability, which can be exploited by malicious, local users to gain escalated privileges. Full Advisory: http://secunia.com/advisories/32701/ -- [SA32679] smcFanControl "main()" Privilege Escalation Vulnerability Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2008-11-12 KaiJern Lau has reported a vulnerability in smcFanControl, which can be exploited by malicious, local users to gain escalated privileges. Full Advisory: http://secunia.com/advisories/32679/ -- [SA32674] Sun Logical Domains Authentication Bypass Vulnerability Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2008-11-13 A vulnerability has been reported in Sun Logical Domains (LDoms), which can be exploited by malicious, local users to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/32674/ -- [SA32627] CDRW-Taper "amlabel-cdrw" Insecure Temporary Files Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2008-11-07 A security issue has been reported in CDRW-Taper, which can be exploited by malicious, local users to perform certain actions with escalated privileges. Full Advisory: http://secunia.com/advisories/32627/ -- [SA32621] HP Tru64 UNIX AdvFS "showfile" Privilege Escalation Vulnerability Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2008-11-07 A vulnerability has been reported in HP Tru64 UNIX, which can be exploited by malicious, local users to gain escalated privileges. Full Advisory: http://secunia.com/advisories/32621/ -- [SA32616] Fedora update for cman, gfs2-utils, and rgmanager Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2008-11-07 Fedora has issued an update for cman, gfs2-utils, and rgmanager. This fixes some security issues, which can be exploited by malicious, local users to perform certain actions with escalated privileges. Full Advisory: http://secunia.com/advisories/32616/ -- [SA32605] Apertium Insecure Temporary Files Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2008-11-11 Some security issues have been reported in Apertium, which can be exploited by malicious, local users to perform certain actions with escalated privileges. Full Advisory: http://secunia.com/advisories/32605/ -- [SA32602] Cluster Project Unspecified Insecure Temporary Files Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2008-11-07 Some security issues have been reported in Cluster Project, which can be exploited by malicious, local users to perform certain actions with escalated privileges. Full Advisory: http://secunia.com/advisories/32602/ -- [SA32598] Scilab Insecure Temporary Files Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2008-11-10 Some security issues have been reported in Scilab, which can be exploited by malicious, local users to perform certain actions with escalated privileges. Full Advisory: http://secunia.com/advisories/32598/ -- [SA32589] DigitalDJ fest.pl Insecure Temporary Files Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2008-11-07 A security issue has been reported in DigitalDJ, which can be exploited by malicious, local users to perform certain actions with escalated privileges. Full Advisory: http://secunia.com/advisories/32589/ -- [SA32588] Rancid "getipacctg" Insecure Temporary Files Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2008-11-07 A security issue has been reported in Rancid, which can be exploited by malicious, local users to perform certain actions with escalated privileges. Full Advisory: http://secunia.com/advisories/32588/ -- [SA32587] lmbench Insecure Temporary Files Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2008-11-07 Some security issue have been reported in lmbench, which can be exploited by malicious, local users to perform certain actions with escalated privileges. Full Advisory: http://secunia.com/advisories/32587/ -- [SA32707] Fedora update for libpng10 Critical: Not critical Where: From remote Impact: DoS Released: 2008-11-13 Fedora has issued an update for libpng10. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/32707/ -- [SA32710] rPath update for initscripts Critical: Not critical Where: Local system Impact: Privilege escalation Released: 2008-11-13 rPath has issued an update for initscripts. This fixes a security issue, which can be exploited by malicious, local users to perform certain actions with escalated privileges. Full Advisory: http://secunia.com/advisories/32710/ -- [SA32691] Ubuntu update for gnome-screensaver Critical: Not critical Where: Local system Impact: Security Bypass, Exposure of sensitive information Released: 2008-11-12 Ubuntu has issued an update for gnome-screensaver. This fixes a weakness and a security issue, which can be exploited by malicious people with physical access to disclose potentially sensitive information or bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/32691/ -- [SA32671] WIMS "account.sh" Insecure Temporary Files Critical: Not critical Where: Local system Impact: Privilege escalation Released: 2008-11-11 A security issue has been reported in WIMS, which can be exploited by malicious, local users to perform certain actions with escalated privileges. Full Advisory: http://secunia.com/advisories/32671/ -- [SA32667] Sun Solstice X.25 Local Denial of Service Critical: Not critical Where: Local system Impact: DoS Released: 2008-11-10 A vulnerability has been reported in Solstice X.25, which can be exploited by malicious, local users to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/32667/ -- [SA32655] Linux Kernel Denial of Service Vulnerabilities Critical: Not critical Where: Local system Impact: DoS Released: 2008-11-11 Some vulnerabilities have been reported in the Linux Kernel, which can be exploited by malicious, local users to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/32655/ Other:-- [SA32631] 2Wire Routers Denial of Service Vulnerability Critical: Less critical Where: From remote Impact: DoS Released: 2008-11-12 hkm has reported a vulnerability in various 2Wire Routers, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/32631/ -- [SA32635] Siemens SpeedStream 5200 "Host" Header Authentication Bypass Critical: Less critical Where: From local network Impact: Security Bypass Released: 2008-11-12 hkm has reported a vulnerability in Siemens SpeedStream 5200, which can be exploited by malicious people to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/32635/ -- [SA32623] Sweex RO002 Router Undocumented Account Security Issue Critical: Less critical Where: From local network Impact: Security Bypass Released: 2008-11-11 Rob Stout has reported a security issue in the Sweex RO002 Router, which can be exploited by malicious people to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/32623/ Cross Platform:-- [SA32715] Mozilla Thunderbird Multiple Vulnerabilities Critical: Highly critical Where: From remote Impact: System access, Exposure of sensitive information, Exposure of system information, Security Bypass Released: 2008-11-13 Some vulnerabilities have been reported in Mozilla Thunderbird, which can be exploited by malicious people to disclose sensitive information, bypass certain security restrictions, or compromise a user's system. Full Advisory: http://secunia.com/advisories/32715/ -- [SA32693] Mozilla Firefox 2 Multiple Vulnerabilities Critical: Highly critical Where: From remote Impact: Security Bypass, Exposure of system information, Exposure of sensitive information, System access Released: 2008-11-13 Some vulnerabilities have been reported in Mozilla Firefox, which can be exploited by malicious people to disclose sensitive information, bypass certain security restrictions, or compromise a user's system. Full Advisory: http://secunia.com/advisories/32693/ -- [SA32666] AlstraSoft SendIt Pro File Upload Vulnerability Critical: Highly critical Where: From remote Impact: System access Released: 2008-11-13 ZoRLu has reported a vulnerability in AlstraSoft SendIt Pro, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/32666/ -- [SA32651] OptiPNG BMP Reader Buffer Overflow Vulnerability Critical: Highly critical Where: From remote Impact: DoS, System access Released: 2008-11-11 A vulnerability has been reported in OptiPNG, which potentially can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/32651/ -- [SA32643] Sanusart Simple PHP Guestbook Script PHP Code Execution Critical: Highly critical Where: From remote Impact: System access Released: 2008-11-11 GoLd_M has reported a vulnerability in Sanusart Simple PHP Guestbook Script, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/32643/ -- [SA32628] Enthusiast "path" File Inclusion Vulnerability Critical: Highly critical Where: From remote Impact: System access Released: 2008-11-10 AmnPardaz Security Research Team has discovered a vulnerability in Enthusiast, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/32628/ -- [SA32626] PHPStore Multiple Products File Upload Vulnerability Critical: Highly critical Where: From remote Impact: System access Released: 2008-11-12 ZoRLu has reported a vulnerability in multiple PHPStore products, which can be exploited by malicious users to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/32626/ -- [SA32712] HP Service Manager Unspecified Security Bypass Vulnerability Critical: Moderately critical Where: From remote Impact: Security Bypass Released: 2008-11-13 A vulnerability has been reported in HP Service Manager, which can be exploited by malicious users to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/32712/ -- [SA32703] ActiveCampaign TrioLive "department_id" SQL Injection Critical: Moderately critical Where: From remote Impact: Cross Site Scripting, Manipulation of data Released: 2008-11-12 Russ McRee has reported a vulnerability in ActiveCampaign TrioLive, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/32703/ -- [SA32673] MyioSoft Products "rsargs" SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Manipulation of data, Exposure of sensitive information Released: 2008-11-10 ZoRLu has discovered a vulnerability in multiple MyioSoft products, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/32673/ -- [SA32665] AlstraSoft Article Manager Pro "username" SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Security Bypass, Manipulation of data Released: 2008-11-13 ZoRLu has reported a vulnerability in AlstraSoft Article Manager Pro, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/32665/ -- [SA32663] ClamAV "get_unicode_name()" Off-By-One Vulnerability Critical: Moderately critical Where: From remote Impact: DoS, System access Released: 2008-11-10 Moritz Jodeit has reported a vulnerability in ClamAV, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/32663/ -- [SA32660] AlstraSoft Web Host Directory "pwd" SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Manipulation of data, Exposure of sensitive information Released: 2008-11-13 ZoRLu has reported a vulnerability in AlstraSoft Web Host Directory, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/32660/ -- [SA32653] WOW Raid Manager "auth_phpbb3.php" Authentication Bypass Critical: Moderately critical Where: From remote Impact: Security Bypass Released: 2008-11-11 A vulnerability has been reported in WOW Raid Manager, which can be exploited by malicious people to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/32653/ -- [SA32652] Trac Multiple Vulnerabilities Critical: Moderately critical Where: From remote Impact: Spoofing, DoS Released: 2008-11-10 Some vulnerabilities have been reported in Trac, which can be exploited by malicious people to cause a DoS (Denial of Service) or to conduct phishing attacks. Full Advisory: http://secunia.com/advisories/32652/ -- [SA32647] PozScripts Business Directory Script "cid" SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2008-11-12 Hussin X has reported a vulnerability in PozScripts Business Directory Script, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/32647/ -- [SA32646] Mole Group Rental Script "username" SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2008-11-10 Cyber-Zone has reported a vulnerability in Mole Group Rental Script, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/32646/ -- [SA32645] OTManager CMS "Tipo" File Inclusion Vulnerability Critical: Moderately critical Where: From remote Impact: System access Released: 2008-11-13 colt7r has discovered a vulnerability in OTManager CMS, which can be exploited by malicious users to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/32645/ -- [SA32644] TurnkeyForms Web Hosting Directory Multiple Vulnerabilities Critical: Moderately critical Where: From remote Impact: Security Bypass, Exposure of sensitive information Released: 2008-11-13 G4N0K has reported some vulnerabilities in TurnkeyForms Web Hosting Directory, which can be exploited by malicious people to bypass certain security restrictions and disclose sensitive information. Full Advisory: http://secunia.com/advisories/32644/ -- [SA32641] E-topbiz Online Store 1 "user" and "cat_id" SQL Injection Vulnerabilities Critical: Moderately critical Where: From remote Impact: Manipulation of data, Exposure of sensitive information Released: 2008-11-10 Some vulnerabilities have been reported in E-topbiz Online Store 1, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/32641/ -- [SA32640] Mini Web Calendar Cross-Site Scripting and Local File Disclosure Critical: Moderately critical Where: From remote Impact: Cross Site Scripting, Exposure of system information, Exposure of sensitive information Released: 2008-11-10 ahmadbady has discovered two vulnerabilities in Mini Web Calendar, which can be exploited by malicious people to conduct cross-site scripting attacks or to disclose sensitive information. Full Advisory: http://secunia.com/advisories/32640/ -- [SA32639] E-topbiz Number Links 1 "id" SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Manipulation of data, Exposure of sensitive information Released: 2008-11-10 Hussin X has reported a vulnerability in E-topbiz Number Links 1, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/32639/ -- [SA32638] TYPO3 eluna_pagecomments Extension Cross-Site Scripting and SQL Injection Critical: Moderately critical Where: From remote Impact: Cross Site Scripting, Manipulation of data Released: 2008-11-10 Some vulnerabilities have been reported in the eluna_pagecomments extension for TYPO3, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks. Full Advisory: http://secunia.com/advisories/32638/ -- [SA32637] Domain Seller Pro "id" SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2008-11-10 TR-ShaRk has reported a vulnerability in Domain Seller Pro, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/32637/ -- [SA32636] MyioSoft EasyBookMarker "Parent" SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Manipulation of data, Exposure of sensitive information Released: 2008-11-10 G4N0K has discovered a vulnerability in MyioSoft EasyBookMarker, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/32636/ -- [SA32632] MemHT Portal "title" SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Manipulation of data, Exposure of sensitive information Released: 2008-11-12 Ams has discovered a vulnerability in MemHT Portal, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/32632/ -- [SA32622] Joomla! Script Insertion Vulnerabilities Critical: Moderately critical Where: From remote Impact: Cross Site Scripting Released: 2008-11-11 Some vulnerabilities have been reported in Joomla!, which can be exploited by malicious users and potentially malicious people to conduct script insertion attacks. Full Advisory: http://secunia.com/advisories/32622/ -- [SA32617] Zeeways Shaadi Clone Authentication Bypass Vulnerability Critical: Moderately critical Where: From remote Impact: Security Bypass Released: 2008-11-11 G4N0K has reported a vulnerability in Zeeways Shaadi Clone, which can be exploited by malicious people to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/32617/ -- [SA32613] Mole Group Pizza Online Ordering Script "manufacturers_id" SQL Injection Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2008-11-07 Cyb3r-1sT has reported a vulnerability in Mole Group Pizza Online Ordering Script, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/32613/ -- [SA32603] V3 Chat Products "admin" Cookie Security Bypass Vulnerability Critical: Moderately critical Where: From remote Impact: Security Bypass Released: 2008-11-10 Cyber-Zone has reported a vulnerability in multiple V3 Chat products, which can be exploited by malicious people to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/32603/ -- [SA32601] Zeeways PhotoVideoTube Authentication Bypass Vulnerability Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2008-11-11 Mountassif Moad has reported a vulnerability in Zeeways PhotoVideoTube, which can be exploited by malicious people to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/32601/ -- [SA32600] AJSquare Free Polling Script Authentication Bypass Vulnerability Critical: Moderately critical Where: From remote Impact: Security Bypass Released: 2008-11-12 G4N0K has discovered a vulnerability in AJ Square Free Polling Script, which can be exploited by malicious people to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/32600/ -- [SA32596] DevelopItEasy Events Calendar Multiple SQL Injection Vulnerabilities Critical: Moderately critical Where: From remote Impact: Manipulation of data, Exposure of sensitive information Released: 2008-11-07 Cyb3r-1sT has reported some vulnerabilities in DevelopItEasy Events Calendar, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/32596/ -- [SA32595] DevelopItEasy News And Article System Multiple SQL Injection Vulnerabilities Critical: Moderately critical Where: From remote Impact: Manipulation of data, Exposure of sensitive information Released: 2008-11-07 Cyb3r-1sT has reported some vulnerabilities in DevelopItEasy News And Article System, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/32595/ -- [SA32594] DevelopItEasy Membership System Multiple SQL Injection Vulnerabilities Critical: Moderately critical Where: From remote Impact: Manipulation of data, Exposure of sensitive information Released: 2008-11-07 Cyb3r-1sT has reported some vulnerabilities in DevelopItEasy Membership System, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/32594/ -- [SA32593] DevelopItEasy Photo Gallery Multiple SQL Injection Vulnerabilities Critical: Moderately critical Where: From remote Impact: Manipulation of data, Exposure of sensitive information Released: 2008-11-07 Cyb3r-1sT has reported some vulnerabilities in DevelopItEasy Photo Gallery, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/32593/ -- [SA32591] TurnkeyForms Local Classifieds SQL Injection and Security Bypass Critical: Moderately critical Where: From remote Impact: Security Bypass, Manipulation of data, Exposure of sensitive information Released: 2008-11-07 A vulnerability and a security issue have been reported in TurnkeyForms Local Classifieds, which can be exploited by malicious people to conduct SQL injection attacks and bypass certain security restrictions Full Advisory: http://secunia.com/advisories/32591/ -- [SA32586] PHP Classifieds "admin_username" SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Manipulation of data, Exposure of sensitive information Released: 2008-11-07 ZoRLu has reported a vulnerability in PHP Classifieds, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/32586/ -- [SA32689] TYPO3 "file" Backend Module Cross-Site Scripting Vulnerability Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2008-11-13 A vulnerability has been reported in TYPO3, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/32689/ -- [SA32670] Sun Java System Messaging Server Cross-Site Scripting Vulnerability Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2008-11-13 A vulnerability has been reported in Sun Java System Messaging Server, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/32670/ -- [SA32657] buymyscripts.net Lyrics Script "k" Cross-Site Scripting Vulnerability Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2008-11-12 A vulnerability has been reported in buymyscripts.net Lyrics Script, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/32657/ -- [SA32654] TYPO3 phpMyAdmin Extension "db" Cross-Site Scripting Vulnerability Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2008-11-10 A vulnerability has been reported in the phpMyAdmin extension for TYPO3, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/32654/ -- [SA32650] buymyscripts.net Clickbank Portal "keyword" Cross-Site Scripting Vulnerability Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2008-11-12 A vulnerability has been reported in buymyscripts.net Clickbank Portal, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/32650/ -- [SA32649] buymyscripts.net Recipe Website Script "keyword" Cross-Site Scripting Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2008-11-12 A vulnerability has been reported in buymyscripts.net Recipe Website Script, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/32649/ -- [SA32642] Fresh Email Script "Email" Cross-Site Scripting Vulnerability Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2008-11-13 Don has reported a vulnerability in Fresh Email Script, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/32642/ -- [SA32680] Blender Insecure Python Module Search Path Vulnerability Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2008-11-12 A vulnerability has been reported in Blender, which can be exploited by malicious, local users to gain escalated privileges. Full Advisory: http://secunia.com/advisories/32680/ -- [SA32624] VMware ESX / ESXi Privilege Escalation and Directory Traversal Vulnerability Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2008-11-07 Some vulnerabilities have been reported in VMware ESX and ESXi, which can be exploited by malicious, local users to gain escalated privileges. Full Advisory: http://secunia.com/advisories/32624/ -- [SA32612] VMware Products Privilege Escalation Vulnerability Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2008-11-07 A vulnerability has been reported in various VMware products, which can be exploited by malicious, local users to gain escalated privileges. Full Advisory: http://secunia.com/advisories/32612/ -- [SA32686] MoinMoin Full Path Disclosure Weakness Critical: Not critical Where: From remote Impact: Exposure of system information Released: 2008-11-10 Xia Shing Zee has discovered a weakness in MoinMoin, which can be exploited by malicious people to disclose system information. Full Advisory: http://secunia.com/advisories/32686/ ======================================================================== Secunia recommends that you verify all advisories you receive, by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Subscribe: http://secunia.com/advisories/weekly_summary/ Contact details: Web : http://secunia.com/ E-mail : support_at_private Tel : +45 70 20 51 44 Fax : +45 70 20 51 45 ______________________________________________ Visit the InfoSec News Security Bookstore Best Selling Security Books and More! http://www.shopinfosecnews.orgReceived on Fri Nov 14 2008 - 03:50:09 PST
This archive was generated by hypermail 2.2.0 : Fri Nov 14 2008 - 03:59:11 PST