[ISN] Secunia Weekly Summary - Issue: 2009-5

From: InfoSec News <alerts_at_private>
Date: Fri, 30 Jan 2009 04:04:20 -0600 (CST)
========================================================================

                  The Secunia Weekly Advisory Summary                  
                        2009-01-22 - 2009-01-29                        

                       This week: 152 advisories                       

========================================================================
Table of Contents:

1.....................................................Word From Secunia
2....................................................This Week In Brief
3...............................This Weeks Top Ten Most Read Advisories
4.......................................Vulnerabilities Summary Listing
5.......................................Vulnerabilities Content Listing

========================================================================
1) Word From Secunia:

Monthly Binary Analysis Update (December)

A new month and year has begun and it is therefore time for me to wrap
up the old year with a December update on our binary analysis
shenanigans.

Read more:
http://secunia.com/blog/40/

 --

The best new Windows program of 2008

Secunia Personal Software Inspector has been chosen as one of the best
new Windows programs in 2008.

Download.com, the world's largest download site, has chosen Secunia
Personal Software Inspector as one of "The best new Windows programs of
2008". A total of six programs received this fine predicate which also
included Google Chrome.

Download.com also awarded Secunia PSI an editorial rating of five
stars, which is their highest honors and a remarkable recognition.

Read more:
http://secunia.com/blog/41/

========================================================================
2) This Week in Brief:

Some vulnerabilities have been reported in Apple QuickTime, which can
be exploited by malicious people to compromise a user's system.

For more information, refer to:
http://secunia.com/advisories/33632/

========================================================================
3) This Weeks Top Ten Most Read Advisories:

1.  [SA33632] Apple QuickTime Multiple Vulnerabilities
2.  [SA31883] Microsoft Windows SMB Packet Handling Vulnerabilities
3.  [SA32270] Adobe Flash Player Multiple Security Issues and
              Vulnerabilities
4.  [SA32991] Sun Java JDK / JRE Multiple Vulnerabilities
5.  [SA33534] BlackBerry Products PDF Distiller Multiple
              Vulnerabilities
6.  [SA33478] Winamp AIFF Processing Buffer Overflow Vulnerability
7.  [SA29773] Adobe Acrobat/Reader Multiple Vulnerabilities
8.  [SA31821] Apple QuickTime Multiple Vulnerabilities
9.  [SA33616] Sony Ericsson Phones WAP Push Denial of Service
              Vulnerability
10. [SA33310] PGP Desktop PGPwded.sys Driver Denial of Service

========================================================================
4) Vulnerabilities Summary Listing

Windows:
[SA33663] MW6 Technologies Barcode ActiveX "Supplement" Buffer
Overflow
[SA33645] Merak Media Player ToolTip Buffer Overflow Vulnerability
[SA33642] Apple QuickTime MPEG-2 Playback Component Input Validation
Vulnerability
[SA33582] Symantec AppStream Client LaunchObj ActiveX Control Insecure
Methods
[SA33574] MetaProducts MetaTreeX ActiveX Control Insecure Methods
[SA33673] VooDoo cIRCle OpenSSL DSA / ECDSA "EVP_VerifyFinal()"
Vulnerability
[SA33647] ClickAuction "txtEmail" and "txtPassword" SQL Injection
Vulnerabilities
[SA33629] Web-Calendar Lite Multiple SQL Injection Vulnerabilities
[SA33604] cwRsync OpenSSL DSA / ECDSA "EVP_VerifyFinal()" Spoofing
Vulnerability
[SA33602] Digital Sales IPN Database Disclosure Vulnerability
[SA33601] Blog Manager SQL Injection and Cross Site Scripting
[SA33596] ActionCalendar "pass" SQL Injection Vulnerability
[SA33594] Fujitsu SystemcastWizard Lite Multiple Vulnerabilities
[SA33579] eFAQ "str_Login" and "str_Password" SQL Injection
[SA33578] eReservations "Login" and "Password" SQL Injection
[SA33575] Ping IP "txtUserName" and "txtPassword" SQL Injection
[SA33572] BlogIt! Multiple Vulnerabilities
[SA33633] Cisco Security Manager Security Bypass Vulnerability
[SA33664] FlexCell Grid ActiveX Control "SaveFile()" and
"ExportToXML()" Insecure Methods
[SA33598] Microsoft Windows Mobile Bluetooth Stack OBEX Directory
Traversal
[SA33597] FTPShell Server License Key Buffer Overflow Vulnerability
[SA33591] SmartVMD ActiveX Control Multiple Insecure Methods
[SA33588] Cisco Unified Communications Manager CAPF Denial of Service
[SA33566] Syslserve UDP Request Denial of Service Vulnerability
[SA33609] Trend Micro OfficeScan Client Firewall Multiple
Vulnerabilities

UNIX/Linux:
[SA33710] SUSE update for IBMJava5-JRE and java-1_5_0-ibm
[SA33709] Ubuntu update for openjdk-6
[SA33696] Sun Solaris Samba "receive_smb_raw()" Buffer Overflow
Vulnerability
[SA33679] Debian update for typo3-src
[SA33676] Ubuntu update for xine-lib
[SA33640] Fedora update for amarok
[SA33613] Debian update for git
[SA33607] GIT "gitweb" Command Injection Vulnerabilities
[SA33568] SUSE Update for Multiple Packages
[SA33722] Sun Solaris "libxml2" XML Processing Vulnerability
[SA33715] Avaya CMS Solaris "libxml2" XML Processing Vulnerability
[SA33714] HP MPE/iX DNS Cache Poisoning Vulnerability
[SA33702] Avaya CMS Solaris "libike" Library Denial of Service
[SA33699] Debian update for rt2400, rt2500, and rt2570
[SA33689] Fedora update for vnc
[SA33677] Fedora update for tor
[SA33675] Ubuntu update for ktorrent
[SA33659] SUSE update for openssl
[SA33653] Debian update for ganglia-monitor-core
[SA33644] Sun Solaris "libike" Library Denial of Service
[SA33637] Fedora update for DevIL
[SA33636] Ubuntu update for vim
[SA33627] mod-auth-mysql SQL Injection Vulnerability
[SA33621] rPath update for perl
[SA33618] rPath update for openssl
[SA33614] Gentoo update for pidgin
[SA33608] SCMS Simple Content Management System "p" Local File
Inclusion
[SA33605] Sun Solaris IPv6 Denial of Service Vulnerability
[SA33581] DKIM-MILTER "p" Revoked Keys Denial of Service
[SA33723] Sun Solaris mod_perl Denial of Service Vulnerability
[SA33720] Sun Solaris mod_perl Denial of Service Vulnerability
[SA33716] Debian update for moin
[SA33687] No-IP Dynamic Update Client Information Disclosure
[SA33685] SAP NetWeaver Cross-Site Scripting Vulnerability
[SA33683] Sun Solaris BIND "EVP_VerifyFinal()" and "DSA_do_verify()"
Spoofing Vulnerability
[SA33678] Fedora update for ntp
[SA33674] Fedora update for kernel
[SA33651] Web Help Desk Cross-Site Scripting Vulnerability
[SA33648] Red Hat update for ntp
[SA33641] SUSE update for kernel
[SA33638] Fedora update for uw-imap
[SA33624] Red Hat update for dovecot
[SA33620] rPath update for bind
[SA33619] rPath update for ntp
[SA33615] SUSE update for kernel
[SA33611] Red Hat update for squirrelmail
[SA33610] Gentoo update for noip-updater
[SA33600] SUSE update for bind
[SA33631] Gentoo update for net-snmp
[SA33706] Ubuntu update for kernel
[SA33703] Fedora update for dia
[SA33693] Red Hat Certificate Server Information Disclosure and
Security Bypass
[SA33672] Dia Insecure Python Module Search Path Vulnerability
[SA33665] Sun Solaris "autofs" Kernel Module Denial of Service and
Privilege Escalation
[SA33630] Gentoo update for scilab
[SA33586] Red Hat update for kernel
[SA33567] Ubuntu update for tar
[SA33628] Avaya CMS Solaris "rpc.metad" Denial of Service
Vulnerability
[SA33727] Sun Solaris IP-in-IP Processing Denial of Service
Vulnerability
[SA33708] Avaya CMS Solaris Pseudo-Terminal Driver Denial of Service
[SA33705] Avaya CMS Solaris "lpadmin" and "ppdmgr" Denial of Service
Vulnerabilities
[SA33662] Sun Solaris Pseudo-Terminal Driver Denial of Service
[SA33656] Linux Kernel dell_rbu Denial of Service Security Issues
[SA33639] Fedora update for moodle
[SA33623] Red Hat update for kernel
[SA33569] Linux Kernel "keyctl_join_session_keyring()" Denial of
Service

Other:
[SA33616] Sony Ericsson Phones WAP Push Denial of Service
Vulnerability
[SA33726] Sun Fire X2100 / X2200 Embedded Lights Out Manager Security
Bypass
[SA33585] Sun SPARC Enterprise M4000 / M5000 Server XSCFU Security
Bypass
[SA33603] AXIS 70U Network Document Server File Inclusion and
Cross-Site Scripting

Cross Platform:
[SA33711] FFmpeg 4xm Processing Memory Corruption Vulnerability
[SA33691] WB News "config[installdir]" Multiple File Inclusion
Vulnerabilities
[SA33650] GStreamer Good Plug-ins QuickTime Processing Vulnerabilities
[SA33632] Apple QuickTime Multiple Vulnerabilities
[SA33617] Typo3 Multiple Vulnerabilities
[SA33564] GNUBoard "g4_path" File Inclusion Vulnerability
[SA33719] IMP Cross-Site Scripting and Script Insertion
Vulnerabilities
[SA33701] SocialEngine "category_id" SQL Injection Vulnerability
[SA33695] Horde / Horde Groupware Cross-Site Scripting and File
Inclusion Vulnerability
[SA33690] Pixie CMS Multiple Local File Inclusion Vulnerabilities
[SA33686] Gazelle CMS "template" Local File Inclusion Vulnerability
[SA33671] VirtueMart Multiple SQL Injection Vulnerabilities
[SA33669] GameScript Cross-Site Scripting and SQL Injection
[SA33666] ITLPoll "id" SQL Injection Vulnerability
[SA33661] Script Toko Online "cat_id" SQL Injection Vulnerability
[SA33660] SHOP-INET "grid" SQL Injection Vulnerability
[SA33658] Max.Blog "username" SQL Injection Vulnerability
[SA33654] Wazzum Dating Software "userid" SQL Injection Vulnerability
[SA33652] KEEP Toolkit "patUser.php" SQL Injection Vulnerability
[SA33649] GLinks "cat" SQL Injection Vulnerability
[SA33646] Joomla Flash Magazine Deluxe Component "mag_id" SQL
Injection
[SA33643] Futomi's CGI Cafe Search CGI Password Reset Vulnerability
[SA33635] Tor Unspecified Memory Corruption Vulnerability
[SA33626] MemHT Portal Avatar File Upload Vulnerability
[SA33625] Flax Article Manager "cat_id" SQL Injection Vulnerability
[SA33622] RoundCube Webmail Script Insertion Vulnerability
[SA33612] Joomla BazaarBuilder Shopping Cart Component "cid" SQL
Injection
[SA33606] FhImage PHP Code Execution Vulnerability
[SA33595] Free Bible Search PHP Script SQL Injection Vulnerability
[SA33592] Ralink Wireless Drivers Probe Request Processing
Vulnerability
[SA33590] Max.Blog Security Bypass and SQL Injection
[SA33589] AJ Auction Pro "id" SQL Injection Vulnerability
[SA33587] Dodo's Quiz Script "n" Local File Inclusion Vulnerability
[SA33584] RCBlog "password.txt" Information Disclosure Security Issue
[SA33583] AV Book Library Multiple SQL Injection Vulnerabilities
[SA33580] PHPads Multiple Vulnerabilities
[SA33573] Ninja Blog "cat" File Inclusion Vulnerability
[SA33570] AJ Classifieds Multiple Products File Upload Vulnerability
[SA33563] Joomla Eventing  Component "catid" SQL Injection
Vulnerability
[SA33562] Joomla RD-Autos Component "id" SQL Injection Vulnerability
[SA33667] EMC AutoStart Backbone Engine Code Execution Vulnerability
[SA33713] HP Select Access Cross-Site Scripting Vulnerability
[SA33698] Domain Technologie Control Multiple SQL Injection
Vulnerabilities
[SA33697] GraphicsMagick DIB and BMP Denial of Service Vulnerabilities
[SA33684] ConPresso CMS Session Fixation and Cross-Site Scripting
[SA33680] GLPI SQL Injection Vulnerabilities
[SA33670] Simple Machines Forum "packages.xml" Cross-Site Scripting
[SA33668] CA Cohesion Application Configuration Manager Apache Tomcat
Multiple Vulnerabilities
[SA33657] Piggydb Cross-Site Scripting Vulnerability
[SA33655] htmLawed Unspecified Cross-Site Scripting Vulnerabilities
[SA33599] Fedora update for drupal
[SA33593] MoinMoin Multiple Cross Site Scripting Vulnerabilities
[SA33577] Joomla! WebAmoeba Ticket System Component "catid" SQL
Injection
[SA33576] Apache Jackrabbit webapp Cross-Site Scripting
Vulnerabilities
[SA33565] LemonLDAP::NG User Enumeration and Cross-Site Scripting
[SA33712] CA Anti-Virus Engine Archive Files Detection Bypass
[SA33688] Sun Java System Access Manager User Enumeration Weakness

========================================================================
5) Vulnerabilities Content Listing

Windows:--

[SA33663] MW6 Technologies Barcode ActiveX "Supplement" Buffer
Overflow

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2009-01-27

Houssamix has discovered a vulnerability in the MW6 Technologies
Barcode ActiveX control, which can be exploited by malicious people to
compromise a user's system.

Full Advisory:
http://secunia.com/advisories/33663/

 --

[SA33645] Merak Media Player ToolTip Buffer Overflow Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2009-01-26

Houssamix has discovered a vulnerability in Merak Media Player, which
can be exploited by malicious people to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/33645/

 --

[SA33642] Apple QuickTime MPEG-2 Playback Component Input Validation
Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2009-01-22

A vulnerability has been reported in the Apple QuickTime MPEG-2
Playback component, which can potentially be exploited by malicious
people to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/33642/

 --

[SA33582] Symantec AppStream Client LaunchObj ActiveX Control Insecure
Methods

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2009-01-16

A vulnerability has been reported in Symantec AppStream Client, which
can be exploited by malicious people to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/33582/

 --

[SA33574] MetaProducts MetaTreeX ActiveX Control Insecure Methods

Critical:    Highly critical
Where:       From remote
Impact:      Manipulation of data, System access
Released:    2009-01-19

Houssamix has discovered two vulnerabilities in MetaProducts MetaTreeX
Control, which can be exploited by malicious people to overwrite
arbitrary files and compromise a user's system.

Full Advisory:
http://secunia.com/advisories/33574/

 --

[SA33673] VooDoo cIRCle OpenSSL DSA / ECDSA "EVP_VerifyFinal()"
Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Spoofing
Released:    2009-01-26

A vulnerability has been reported in VooDoo cIRCle, which can be
exploited by malicious people to conduct spoofing attacks.

Full Advisory:
http://secunia.com/advisories/33673/

 --

[SA33647] ClickAuction "txtEmail" and "txtPassword" SQL Injection
Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass, Manipulation of data
Released:    2009-01-27

R3d D3v!L has reported some vulnerabilities in ClickAuction, which can
be exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/33647/

 --

[SA33629] Web-Calendar Lite Multiple SQL Injection Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass, Manipulation of data
Released:    2009-01-26

ByALBAYX has reported some vulnerabilities in Web-Calendar Lite, which
can be exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/33629/

 --

[SA33604] cwRsync OpenSSL DSA / ECDSA "EVP_VerifyFinal()" Spoofing
Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Spoofing
Released:    2009-01-19

A vulnerability has been reported in cwRsync, which can be exploited by
malicious people to conduct spoofing attacks.

Full Advisory:
http://secunia.com/advisories/33604/

 --

[SA33602] Digital Sales IPN Database Disclosure Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Exposure of sensitive information
Released:    2009-01-19

Moudi has discovered a vulnerability in Digital Sales IPN, which can be
exploited by malicious people to disclose sensitive information.

Full Advisory:
http://secunia.com/advisories/33602/

 --

[SA33601] Blog Manager SQL Injection and Cross Site Scripting

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting, Manipulation of data
Released:    2009-01-19

Pouya_Server has reported some vulnerabilities in Blog Manager, which
can be exploited by malicious people to conduct SQL injection and
cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/33601/

 --

[SA33596] ActionCalendar "pass" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass, Manipulation of data
Released:    2009-01-19

A vulnerability has been reported in ActionCalendar, which can be
exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/33596/

 --

[SA33594] Fujitsu SystemcastWizard Lite Multiple Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Exposure of system information, Exposure of sensitive
information, DoS, System access
Released:    2009-01-20

Some vulnerabilities have been reported in Fujitsu SystemcastWizard
Lite, which can be exploited by malicious people to disclose sensitive
information or to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/33594/

 --

[SA33579] eFAQ "str_Login" and "str_Password" SQL Injection

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass, Manipulation of data
Released:    2009-01-19

ByALBAYX has reported some vulnerabilities in eFAQ, which can be
exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/33579/

 --

[SA33578] eReservations "Login" and "Password" SQL Injection

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass, Manipulation of data
Released:    2009-01-19

ByALBAYX has reported some vulnerabilities in eReservations, which can
be exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/33578/

 --

[SA33575] Ping IP "txtUserName" and "txtPassword" SQL Injection

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass, Manipulation of data
Released:    2009-01-19

ByALBAYX has reported two vulnerabilities in Ping IP, which can be
exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/33575/

 --

[SA33572] BlogIt! Multiple Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting, Manipulation of data
Released:    2009-01-19

Some vulnerabilities have been discovered in BlogIt!, which can be
exploited by malicious people to conduct SQL injection and cross-site
scripting attacks.

Full Advisory:
http://secunia.com/advisories/33572/

 --

[SA33633] Cisco Security Manager Security Bypass Vulnerability

Critical:    Moderately critical
Where:       From local network
Impact:      Security Bypass, Manipulation of data
Released:    2009-01-22

A vulnerability has been reported in Cisco Security Manager, which can
be exploited by malicious people to bypass certain security
restrictions.

Full Advisory:
http://secunia.com/advisories/33633/

 --

[SA33664] FlexCell Grid ActiveX Control "SaveFile()" and
"ExportToXML()" Insecure Methods

Critical:    Less critical
Where:       From remote
Impact:      Manipulation of data
Released:    2009-01-27

Houssamix has discovered two vulnerabilities in the FlexCell Grid
ActiveX control, which can be exploited by malicious people to
overwrite arbitrary files.

Full Advisory:
http://secunia.com/advisories/33664/

 --

[SA33598] Microsoft Windows Mobile Bluetooth Stack OBEX Directory
Traversal

Critical:    Less critical
Where:       From remote
Impact:      Security Bypass, Exposure of system information, Exposure
of sensitive information
Released:    2009-01-27

Alberto Moreno Tablado has reported a vulnerability in Microsoft
Windows Mobile, which can be exploited by malicious users to disclose
sensitive information and bypass certain security restrictions.

Full Advisory:
http://secunia.com/advisories/33598/

 --

[SA33597] FTPShell Server License Key Buffer Overflow Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      System access
Released:    2009-01-23

Gjoko 'LiquidWorm' Krstic has discovered a vulnerability in FTPShell
Server, which can be exploited by malicious people to compromise a
user's system.

Full Advisory:
http://secunia.com/advisories/33597/

 --

[SA33591] SmartVMD ActiveX Control Multiple Insecure Methods

Critical:    Less critical
Where:       From remote
Impact:      Manipulation of data
Released:    2009-01-21

Houssamix has discovered two vulnerabilities in SmartVMD ActiveX
Control, which can be exploited by malicious people to overwrite and
delete arbitrary files.

Full Advisory:
http://secunia.com/advisories/33591/

 --

[SA33588] Cisco Unified Communications Manager CAPF Denial of Service

Critical:    Less critical
Where:       From local network
Impact:      DoS
Released:    2009-01-22

A vulnerability has been reported in Cisco Unified Communications
Manager, which can be exploited by malicious people to cause a DoS
(Denial of Service).

Full Advisory:
http://secunia.com/advisories/33588/

 --

[SA33566] Syslserve UDP Request Denial of Service Vulnerability

Critical:    Less critical
Where:       From local network
Impact:      DoS
Released:    2009-01-16

Rob Kraus has reported a vulnerability in Syslserve, which can be
exploited by malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/33566/

 --

[SA33609] Trend Micro OfficeScan Client Firewall Multiple
Vulnerabilities

Critical:    Less critical
Where:       Local system
Impact:      Security Bypass, Privilege escalation, DoS
Released:    2009-01-20

Secunia Research has discovered some vulnerabilities in Trend Micro
OfficeScan Client, which can be exploited by malicious, local users to
cause a DoS (Denial of Service), bypass certain security features, and
potentially gain escalated privileges.

Full Advisory:
http://secunia.com/advisories/33609/


UNIX/Linux:--

[SA33710] SUSE update for IBMJava5-JRE and java-1_5_0-ibm

Critical:    Highly critical
Where:       From remote
Impact:      Security Bypass, Exposure of system information, Exposure
of sensitive information, DoS, System access
Released:    2009-01-29

SUSE has issued an update for IBMJava5-JRE and java-1_5_0-ibm. This
fixes some vulnerabilities, which can be exploited by malicious people
to bypass certain security restrictions, disclose sensitive
information, cause a DoS (Denial of service), or compromise a
vulnerable system.

Full Advisory:
http://secunia.com/advisories/33710/

 --

[SA33709] Ubuntu update for openjdk-6

Critical:    Highly critical
Where:       From remote
Impact:      Security Bypass, Exposure of system information, Exposure
of sensitive information, DoS, System access
Released:    2009-01-29

Ubuntu has issued an update for openjdk-6. This fixes some
vulnerabilities, which can be exploited by malicious people to bypass
certain security restrictions, disclose sensitive information, cause a
DoS (Denial of service), or compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/33709/

 --

[SA33696] Sun Solaris Samba "receive_smb_raw()" Buffer Overflow
Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2009-01-29

Sun has acknowledged a vulnerability in Samba in Solaris, which can be
exploited by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/33696/

 --

[SA33679] Debian update for typo3-src

Critical:    Highly critical
Where:       From remote
Impact:      Hijacking, Security Bypass, Cross Site Scripting, System
access
Released:    2009-01-27

Debian has issued an update for typo3-src. This fixes some
vulnerabilities, which can be exploited by malicious people to bypass
certain security restrictions, conduct cross-site scripting and session
fixation attacks, and compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/33679/

 --

[SA33676] Ubuntu update for xine-lib

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2009-01-27

Ubuntu has issued an update for xine-lib. This fixes some
vulnerabilities, which potentially can be exploited by malicious people
to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/33676/

 --

[SA33640] Fedora update for amarok

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2009-01-22

Fedora has issued an update for amarok. This fixes some
vulnerabilities, which potentially can be exploited by malicious people
to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/33640/

 --

[SA33613] Debian update for git

Critical:    Highly critical
Where:       From remote
Impact:      Privilege escalation
Released:    2009-01-20

Debian has issued an update for git. This fixes a security issue and
some vulnerabilities, which can be exploited by malicious, local users
to gain escalated privileges, and by malicious people to compromise a
vulnerable system.

Full Advisory:
http://secunia.com/advisories/33613/

 --

[SA33607] GIT "gitweb" Command Injection Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2009-01-20

Some vulnerabilities have been reported in GIT, which can be exploited
by malicious people to potentially compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/33607/

 --

[SA33568] SUSE Update for Multiple Packages

Critical:    Highly critical
Where:       From remote
Impact:      Security Bypass, Privilege escalation, DoS, System access
Released:    2009-01-19

SUSE has issued an update for multiple packages. This fixes some
vulnerabilities, which can be exploited by malicious, local users to
potentially gain escalated privileges, bypass certain security
restrictions, or cause a DoS (Denial of Service), and by malicious
people to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/33568/

 --

[SA33722] Sun Solaris "libxml2" XML Processing Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2009-01-29

Sun has acknowledged a vulnerability in libxml2 in Solaris, which can
be exploited by malicious people to cause a DoS (Denial of Service) or
potentially compromise an application using the library.

Full Advisory:
http://secunia.com/advisories/33722/

 --

[SA33715] Avaya CMS Solaris "libxml2" XML Processing Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2009-01-29

Avaya has acknowledged a vulnerability in Avaya CMS, which can be
exploited by malicious people to cause a DoS (Denial of Service) or
potentially compromise an application using the library.

Full Advisory:
http://secunia.com/advisories/33715/

 --

[SA33714] HP MPE/iX DNS Cache Poisoning Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Spoofing
Released:    2009-01-29

HP has acknowledged a vulnerability in MPE/iX, which can be exploited
by malicious people to poison the DNS cache.

Full Advisory:
http://secunia.com/advisories/33714/

 --

[SA33702] Avaya CMS Solaris "libike" Library Denial of Service

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2009-01-29

Avaya has acknowledged a vulnerability in Avaya CMS, which can be
exploited by malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/33702/

 --

[SA33699] Debian update for rt2400, rt2500, and rt2570

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2009-01-29

Debian has issued an update for rt2400, rt2500, and rt2570. This fixes
a vulnerability, which can be exploited to cause a DoS (Denial of
Service) or compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/33699/

 --

[SA33689] Fedora update for vnc

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2009-01-27

Fedora has issued an update for vnc. This fixes a vulnerability, which
can potentially be exploited by malicious people to compromise a user's
system.

Full Advisory:
http://secunia.com/advisories/33689/

 --

[SA33677] Fedora update for tor

Critical:    Moderately critical
Where:       From remote
Impact:      Unknown
Released:    2009-01-26

Fedora has issued an update for tor. This fixes a vulnerability with an
unknown impact.

Full Advisory:
http://secunia.com/advisories/33677/

 --

[SA33675] Ubuntu update for ktorrent

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass, System access
Released:    2009-01-27

Ubuntu has issued an update for ktorrent. This fixes some
vulnerabilities, which can be exploited by malicious users to
compromise a vulnerable system and malicious people to bypass certain
security restrictions.

Full Advisory:
http://secunia.com/advisories/33675/

 --

[SA33659] SUSE update for openssl

Critical:    Moderately critical
Where:       From remote
Impact:      Spoofing
Released:    2009-01-26

SUSE has issued an update for openssl. This fixes a vulnerability,
which can be exploited by malicious people to conduct spoofing
attacks.

Full Advisory:
http://secunia.com/advisories/33659/

 --

[SA33653] Debian update for ganglia-monitor-core

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2009-01-26

Debian has issued an update for ganglia-monitor-core. This fixes a
vulnerability, which can be exploited by malicious people to compromise
a vulnerable system.

Full Advisory:
http://secunia.com/advisories/33653/

 --

[SA33644] Sun Solaris "libike" Library Denial of Service

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2009-01-28

A vulnerability has been reported in Sun Solaris, which can be
exploited by malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/33644/

 --

[SA33637] Fedora update for DevIL

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2009-01-22

Fedora has issued an update for DevIL. This fixes some vulnerabilities,
which can be exploited by malicious people to compromise an application
using the library.

Full Advisory:
http://secunia.com/advisories/33637/

 --

[SA33636] Ubuntu update for vim

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2009-01-27

Ubuntu has issued an update for vim. This fixes a weakness and a
vulnerability, which can be exploited by malicious people to compromise
a user's system.

Full Advisory:
http://secunia.com/advisories/33636/

 --

[SA33627] mod-auth-mysql SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2009-01-23

A vulnerability has been reported in mod-auth-mysql, which can be
exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/33627/

 --

[SA33621] rPath update for perl

Critical:    Moderately critical
Where:       From remote
Impact:      Privilege escalation, DoS, System access
Released:    2009-01-21

rPath has issued an update for perl. This fixes some vulnerabilities,
which can be exploited by malicious, local users to gain escalated
privileges and by malicious people to cause a DoS (Denial of Service)
and compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/33621/

 --

[SA33618] rPath update for openssl

Critical:    Moderately critical
Where:       From remote
Impact:      Spoofing
Released:    2009-01-21

rPath has issued an update for openssl. This fixes a vulnerability,
which can be exploited by malicious people to conduct spoofing
attacks.

Full Advisory:
http://secunia.com/advisories/33618/

 --

[SA33614] Gentoo update for pidgin

Critical:    Moderately critical
Where:       From remote
Impact:      Spoofing, DoS, System access
Released:    2009-01-21

Gentoo has issued an update for pidgin. This fixes some
vulnerabilities, which potentially can be exploited by malicious people
to conduct spoofing attacks and compromise a user's system.

Full Advisory:
http://secunia.com/advisories/33614/

 --

[SA33608] SCMS Simple Content Management System "p" Local File
Inclusion

Critical:    Moderately critical
Where:       From remote
Impact:      Exposure of sensitive information
Released:    2009-01-19

A vulnerability has been discovered in SCMS Simple Content Management
System, which can be exploited by malicious people to disclose
potentially sensitive information.

Full Advisory:
http://secunia.com/advisories/33608/

 --

[SA33605] Sun Solaris IPv6 Denial of Service Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2009-01-26

Kingcope has discovered a vulnerability in Sun Solaris, which can be
exploited by malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/33605/

 --

[SA33581] DKIM-MILTER "p" Revoked Keys Denial of Service

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2009-01-19

A vulnerability has been reported in DKIM-MILTER, which can be
exploited by malicious people to conduct DoS (Denial of Service)
attacks.

Full Advisory:
http://secunia.com/advisories/33581/

 --

[SA33723] Sun Solaris mod_perl Denial of Service Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      DoS
Released:    2009-01-29

Sun has acknowledged a vulnerability in Sun Solaris, which can
potentially be exploited by malicious people to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/33723/

 --

[SA33720] Sun Solaris mod_perl Denial of Service Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      DoS
Released:    2009-01-29

Sun has acknowledged a vulnerability in Sun Solaris, which can
potentially be exploited by malicious people to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/33720/

 --

[SA33716] Debian update for moin

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2009-01-29

Debian has issued an update for moin. This fixes some vulnerabilities,
which can be exploited by malicious people to conduct cross-site
scripting attacks.

Full Advisory:
http://secunia.com/advisories/33716/

 --

[SA33687] No-IP Dynamic Update Client Information Disclosure

Critical:    Less critical
Where:       From remote
Impact:      Exposure of sensitive information
Released:    2009-01-29

A security issue has been reported in No-IP Dynamic Update Client,
which can be exploited by malicious people to disclose sensitive
information.

Full Advisory:
http://secunia.com/advisories/33687/

 --

[SA33685] SAP NetWeaver Cross-Site Scripting Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2009-01-27

A vulnerability has been reported in SAP NetWeaver, which can be
exploited by malicious people to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/33685/

 --

[SA33683] Sun Solaris BIND "EVP_VerifyFinal()" and "DSA_do_verify()"
Spoofing Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Spoofing
Released:    2009-01-28

Sun has acknowledged a vulnerability in Sun Solaris, which can be
exploited by malicious people to conduct spoofing attacks.

Full Advisory:
http://secunia.com/advisories/33683/

 --

[SA33678] Fedora update for ntp

Critical:    Less critical
Where:       From remote
Impact:      Spoofing
Released:    2009-01-26

Fedora has issued an update for ntp. This fixes a vulnerability, which
can be exploited by malicious people to conduct spoofing attacks.

Full Advisory:
http://secunia.com/advisories/33678/

 --

[SA33674] Fedora update for kernel

Critical:    Less critical
Where:       From remote
Impact:      Privilege escalation, DoS
Released:    2009-01-27

Fedora has issued an update for the kernel. This fixes a security
issue, which can be exploited by malicious, local users to potentially
cause a DoS (Denial of Service) or gain escalated privileges.

Full Advisory:
http://secunia.com/advisories/33674/

 --

[SA33651] Web Help Desk Cross-Site Scripting Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2009-01-26

A vulnerability has been reported in Web Help Desk, which can be
exploited by malicious people to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/33651/

 --

[SA33648] Red Hat update for ntp

Critical:    Less critical
Where:       From remote
Impact:      Spoofing
Released:    2009-01-29

Red Hat has issued an update for ntp. This fixes a vulnerability, which
can be exploited by malicious people to conduct spoofing attacks.

Full Advisory:
http://secunia.com/advisories/33648/

 --

[SA33641] SUSE update for kernel

Critical:    Less critical
Where:       From remote
Impact:      DoS
Released:    2009-01-22

SUSE has issued an update for the kernel. This fixes some
vulnerabilities, which can be exploited by malicious, local users to
cause a DoS (Denial of Service), and by malicious people to cause a DoS
and potentially compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/33641/

 --

[SA33638] Fedora update for uw-imap

Critical:    Less critical
Where:       From remote
Impact:      DoS
Released:    2009-01-22

Fedora has issued an update for uw-imap. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/33638/

 --

[SA33624] Red Hat update for dovecot

Critical:    Less critical
Where:       From remote
Impact:      Security Bypass
Released:    2009-01-21

Red Hat has issued an update for dovecot. This fixes a security issue,
which can be exploited by malicious users to bypass certain security
restrictions.

Full Advisory:
http://secunia.com/advisories/33624/

 --

[SA33620] rPath update for bind

Critical:    Less critical
Where:       From remote
Impact:      Spoofing
Released:    2009-01-21

rPath has issued an update for bind. This fixes a vulnerability, which
can potentially be exploited by malicious people to conduct spoofing
attacks.

Full Advisory:
http://secunia.com/advisories/33620/

 --

[SA33619] rPath update for ntp

Critical:    Less critical
Where:       From remote
Impact:      Spoofing
Released:    2009-01-21

rPath has issued an update for ntp. This fixes a vulnerability, which
can be exploited by malicious people to conduct spoofing attacks.

Full Advisory:
http://secunia.com/advisories/33619/

 --

[SA33615] SUSE update for kernel

Critical:    Less critical
Where:       From remote
Impact:      Security Bypass, Privilege escalation, DoS, System access
Released:    2009-01-21

SUSE has issued an update for the kernel. This fixes some
vulnerabilities, which can be exploited by malicious, local users to
cause a DoS (Denial of Service), bypass certain security restrictions,
and potentially gain escalated privileges, and by malicious people to
cause a DoS and potentially compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/33615/

 --

[SA33611] Red Hat update for squirrelmail

Critical:    Less critical
Where:       From remote
Impact:      Hijacking
Released:    2009-01-20

Red Hat has issued an update for squirrelmail. This fixes a
vulnerability, which can be exploited by malicious people to conduct
session fixation attacks.

Full Advisory:
http://secunia.com/advisories/33611/

 --

[SA33610] Gentoo update for noip-updater

Critical:    Less critical
Where:       From remote
Impact:      System access
Released:    2009-01-19

Gentoo has issued an update for noip-updater. This fixes a
vulnerability, which potentially can be exploited by malicious people
to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/33610/

 --

[SA33600] SUSE update for bind

Critical:    Less critical
Where:       From remote
Impact:      Spoofing
Released:    2009-01-22

SUSE has issued an update for bind. This fixes a vulnerability, which
potentially can be exploited by malicious people to conduct spoofing
attacks.

Full Advisory:
http://secunia.com/advisories/33600/

 --

[SA33631] Gentoo update for net-snmp

Critical:    Less critical
Where:       From local network
Impact:      DoS
Released:    2009-01-22

Gentoo has issued an update for net-snmp. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/33631/

 --

[SA33706] Ubuntu update for kernel

Critical:    Less critical
Where:       Local system
Impact:      DoS
Released:    2009-01-29

Ubuntu has issued an update for the kernel. This fixes some
vulnerabilities, which can be exploited by malicious, local users and
malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/33706/

 --

[SA33703] Fedora update for dia

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2009-01-27

Fedora has issued an update for dia. This fixes a vulnerability, which
can be exploited by malicious, local users to gain escalated
privileges.

Full Advisory:
http://secunia.com/advisories/33703/

 --

[SA33693] Red Hat Certificate Server Information Disclosure and
Security Bypass

Critical:    Less critical
Where:       Local system
Impact:      Security Bypass, Exposure of sensitive information
Released:    2009-01-29

Red Hat has acknowledged some security issues in Red Hat Certificate
Server, which can be exploited by malicious, local users to bypass
certain security restrictions and to disclose potentially sensitive
information.

Full Advisory:
http://secunia.com/advisories/33693/

 --

[SA33672] Dia Insecure Python Module Search Path Vulnerability

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2009-01-27

A vulnerability has been reported in Dia, which can be exploited by
malicious, local users to gain escalated privileges.

Full Advisory:
http://secunia.com/advisories/33672/

 --

[SA33665] Sun Solaris "autofs" Kernel Module Denial of Service and
Privilege Escalation

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation, DoS
Released:    2009-01-28

A vulnerability has been reported in Sun Solaris, which can be
exploited by malicious, local users to cause a DoS (Denial of Service)
and potentially to gain escalated privileges.

Full Advisory:
http://secunia.com/advisories/33665/

 --

[SA33630] Gentoo update for scilab

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2009-01-22

Gentoo has issued an update for scilab. This fixes some security
issues, which can be exploited by malicious, local users to perform
certain actions with escalated privileges.

Full Advisory:
http://secunia.com/advisories/33630/

 --

[SA33586] Red Hat update for kernel

Critical:    Less critical
Where:       Local system
Impact:      Security Bypass, Exposure of sensitive information,
Privilege escalation, DoS
Released:    2009-01-22

Red Hat has issued an update for the kernel. This fixes some
vulnerabilities, which can be exploited by malicious, local users to
disclose potentially sensitive information, bypass certain security
restrictions, potentially gain escalated privileges, and cause a DoS
(Denial of Service).

Full Advisory:
http://secunia.com/advisories/33586/

 --

[SA33567] Ubuntu update for tar

Critical:    Not critical
Where:       From remote
Impact:      DoS
Released:    2009-01-16

Ubuntu has issued an update for tar. This fixes a vulnerability, which
can be exploited by malicious people to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/33567/

 --

[SA33628] Avaya CMS Solaris "rpc.metad" Denial of Service
Vulnerability

Critical:    Not critical
Where:       From local network
Impact:      DoS
Released:    2009-01-22

Avaya has acknowledged a vulnerability in Avaya CMS, which can be
exploited by malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/33628/

 --

[SA33727] Sun Solaris IP-in-IP Processing Denial of Service
Vulnerability

Critical:    Not critical
Where:       Local system
Impact:      DoS
Released:    2009-01-29

Sun has acknowledged a vulnerability in Sun Solaris, which can be
exploited by malicious, local users to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/33727/

 --

[SA33708] Avaya CMS Solaris Pseudo-Terminal Driver Denial of Service

Critical:    Not critical
Where:       Local system
Impact:      DoS
Released:    2009-01-29

Avaya has acknowledged a vulnerability in Avaya CMS, which can be
exploited by malicious, local users to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/33708/

 --

[SA33705] Avaya CMS Solaris "lpadmin" and "ppdmgr" Denial of Service
Vulnerabilities

Critical:    Not critical
Where:       Local system
Impact:      DoS
Released:    2009-01-29

Avaya has acknowledged some vulnerabilities in Amaya CMS, which can be
exploited by malicious, local users to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/33705/

 --

[SA33662] Sun Solaris Pseudo-Terminal Driver Denial of Service

Critical:    Not critical
Where:       Local system
Impact:      DoS
Released:    2009-01-28

A vulnerability has been reported in Sun Solaris, which can be
exploited by malicious, local users to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/33662/

 --

[SA33656] Linux Kernel dell_rbu Denial of Service Security Issues

Critical:    Not critical
Where:       Local system
Impact:      DoS
Released:    2009-01-26

Two security issues have been reported in the Linux Kernel, which can
be exploited by malicious, local users to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/33656/

 --

[SA33639] Fedora update for moodle

Critical:    Not critical
Where:       Local system
Impact:      Privilege escalation
Released:    2009-01-22

Fedora has issued an update for moodle. This fixes some security
issues, which can be exploited by malicious, local users to perform
certain actions with escalated privileges.

Full Advisory:
http://secunia.com/advisories/33639/

 --

[SA33623] Red Hat update for kernel

Critical:    Not critical
Where:       Local system
Impact:      DoS
Released:    2009-01-21

Red Hat has issued an update for the kernel. This fixes some
vulnerabilities, which can be exploited by malicious, local users to
cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/33623/

 --

[SA33569] Linux Kernel "keyctl_join_session_keyring()" Denial of
Service

Critical:    Not critical
Where:       Local system
Impact:      DoS
Released:    2009-01-19

A vulnerability has been reported in the Linux Kernel, which
potentially can be exploited by malicious, local users to cause a DoS
(Denial of Service).

Full Advisory:
http://secunia.com/advisories/33569/


Other:--

[SA33616] Sony Ericsson Phones WAP Push Denial of Service
Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2009-01-29

A vulnerability has been reported in various Sony Ericsson phones,
which can be exploited by malicious people to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/33616/

 --

[SA33726] Sun Fire X2100 / X2200 Embedded Lights Out Manager Security
Bypass

Critical:    Moderately critical
Where:       From local network
Impact:      Security Bypass
Released:    2009-01-29

A vulnerability has been reported in Sun Fire X2100 and X2200 M2
Server, which can be exploited by malicious people to bypass certain
security restrictions.

Full Advisory:
http://secunia.com/advisories/33726/

 --

[SA33585] Sun SPARC Enterprise M4000 / M5000 Server XSCFU Security
Bypass

Critical:    Moderately critical
Where:       From local network
Impact:      Security Bypass, System access
Released:    2009-01-22

A vulnerability has been reported in Sun SPARC M4000 / M5000 Server,
which can be exploited by malicious people to bypass certain security
restrictions and potentially compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/33585/

 --

[SA33603] AXIS 70U Network Document Server File Inclusion and
Cross-Site Scripting

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting, Privilege escalation
Released:    2009-01-22

Some vulnerabilities have been reported in AXIS 70U Network Document
Server, which can be exploited by malicious users to gain escalated
privileges and by malicious people to conduct cross-site scripting
attacks.

Full Advisory:
http://secunia.com/advisories/33603/


Cross Platform:--

[SA33711] FFmpeg 4xm Processing Memory Corruption Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2009-01-29

Tobias Klein has reported a vulnerability in FFmpeg, which potentially
can be exploited by malicious people to compromise an application using
the library.

Full Advisory:
http://secunia.com/advisories/33711/

 --

[SA33691] WB News "config[installdir]" Multiple File Inclusion
Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2009-01-27

HACKERS PAL has discovered some vulnerabilities in WB News, which can
be exploited by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/33691/

 --

[SA33650] GStreamer Good Plug-ins QuickTime Processing Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2009-01-23

Tobias Klein has reported some vulnerabilities in GStreamer Good
Plug-ins, which can potentially be exploited by malicious people to
compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/33650/

 --

[SA33632] Apple QuickTime Multiple Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2009-01-22

Some vulnerabilities have been reported in Apple QuickTime, which can
be exploited by malicious people to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/33632/

 --

[SA33617] Typo3 Multiple Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      Hijacking, Security Bypass, Cross Site Scripting, System
access
Released:    2009-01-21

Some vulnerabilities have been reported in Typo3, which can be
exploited by malicious people to bypass certain security restrictions,
conduct cross-site scripting and session fixation attacks, and
compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/33617/

 --

[SA33564] GNUBoard "g4_path" File Inclusion Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      Exposure of system information, Exposure of sensitive
information, System access
Released:    2009-01-16

flyh4t has discovered a vulnerability in GNUBoard, which can be
exploited by malicious people to disclose sensitive information or
compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/33564/

 --

[SA33719] IMP Cross-Site Scripting and Script Insertion
Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2009-01-28

Some vulnerabilities have been reported in IMP, which can be exploited
by malicious people to conduct cross-site scripting or script insertion
attacks.

Full Advisory:
http://secunia.com/advisories/33719/

 --

[SA33701] SocialEngine "category_id" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2009-01-29

Snakespc has discovered a vulnerability in SocialEngine, which can be
exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/33701/

 --

[SA33695] Horde / Horde Groupware Cross-Site Scripting and File
Inclusion Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting, Exposure of sensitive information
Released:    2009-01-28

Some vulnerabilities have been reported in Horde and Horde Groupware,
which can be exploited by malicious people to conduct cross-site
scripting attacks and disclose potentially sensitive information.

Full Advisory:
http://secunia.com/advisories/33695/

 --

[SA33690] Pixie CMS Multiple Local File Inclusion Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Exposure of system information, Exposure of sensitive
information
Released:    2009-01-28

DSecRG has discovered some vulnerabilities in Pixie CMS, which can be
exploited by malicious people to disclose sensitive information.

Full Advisory:
http://secunia.com/advisories/33690/

 --

[SA33686] Gazelle CMS "template" Local File Inclusion Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Exposure of system information, Exposure of sensitive
information
Released:    2009-01-28

fuzion has discovered a vulnerability in Gazelle CMS, which can be
exploited by malicious people to disclose sensitive information.

Full Advisory:
http://secunia.com/advisories/33686/

 --

[SA33671] VirtueMart Multiple SQL Injection Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2009-01-27

Some vulnerabilities have been discovered in VirtueMart, which can be
exploited by malicious people and users to conduct SQL injection
attacks.

Full Advisory:
http://secunia.com/advisories/33671/

 --

[SA33669] GameScript Cross-Site Scripting and SQL Injection

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting, Manipulation of data
Released:    2009-01-28

Encrypt3d.M!nd has reported some vulnerabilities in GameScript, which
can be exploited by malicious people to conduct cross-site scripting
and SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/33669/

 --

[SA33666] ITLPoll "id" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2009-01-27

fuzion has discovered a vulnerability in ITLPoll, which can be
exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/33666/

 --

[SA33661] Script Toko Online "cat_id" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2009-01-27

k1n9k0ng has reported a vulnerability in Script Toko Online, which can
be exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/33661/

 --

[SA33660] SHOP-INET "grid" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2009-01-27

A vulnerability has been reported in SHOP-INET, which can be exploited
by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/33660/

 --

[SA33658] Max.Blog "username" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2009-01-29

A vulnerability has been discovered in Max.Blog, which can be exploited
by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/33658/

 --

[SA33654] Wazzum Dating Software "userid" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2009-01-27

nuclear has reported a vulnerability in Wazzum Dating Software, which
can be exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/33654/

 --

[SA33652] KEEP Toolkit "patUser.php" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2009-01-26

A vulnerability has been reported in KEEP Toolkit, which can be
exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/33652/

 --

[SA33649] GLinks "cat" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2009-01-27

nuclear has discovered a vulnerability in GLinks, which can be
exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/33649/

 --

[SA33646] Joomla Flash Magazine Deluxe Component "mag_id" SQL
Injection

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2009-01-27

TurkGuvenligi has reported a vulnerability in the Flash Magazine Deluxe
component for Joomla!, which can be exploited by malicious people to
conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/33646/

 --

[SA33643] Futomi's CGI Cafe Search CGI Password Reset Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass
Released:    2009-01-23

A vulnerability has been reported in Futomi's CGI Cafe Search CGI,
which can be exploited by malicious people to bypass certain security
restrictions.

Full Advisory:
http://secunia.com/advisories/33643/

 --

[SA33635] Tor Unspecified Memory Corruption Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Unknown
Released:    2009-01-22

A vulnerability with an unknown impact has been reported in Tor.

Full Advisory:
http://secunia.com/advisories/33635/

 --

[SA33626] MemHT Portal Avatar File Upload Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2009-01-26

A vulnerability has been discovered in MemHT Portal, which can be
exploited by malicious users to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/33626/

 --

[SA33625] Flax Article Manager "cat_id" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2009-01-26

jiko has reported a vulnerability in Flax Article Manager, which can be
exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/33625/

 --

[SA33622] RoundCube Webmail Script Insertion Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2009-01-21

Julien Cayssol has reported a vulnerability in RoundCube Webmail, which
can be exploited by malicious people to conduct script insertion
attacks.

Full Advisory:
http://secunia.com/advisories/33622/

 --

[SA33612] Joomla BazaarBuilder Shopping Cart Component "cid" SQL
Injection

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2009-01-22

XaDoS has reported a vulnerability in the BazaarBuilder Shopping Cart
component for Joomla!, which can be exploited by malicious people to
conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/33612/

 --

[SA33606] FhImage PHP Code Execution Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2009-01-21

Osirys has discovered a vulnerability in FhImage, which can be
exploited by malicious users to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/33606/

 --

[SA33595] Free Bible Search PHP Script SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2009-01-20

A vulnerability has been reported in Free Bible Search PHP Script,
which can be exploited by malicious people to conduct SQL injection
attacks.

Full Advisory:
http://secunia.com/advisories/33595/

 --

[SA33592] Ralink Wireless Drivers Probe Request Processing
Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2009-01-23

A vulnerability has been reported in Ralink Technology Wireless
Drivers, which can be exploited to cause a DoS (Denial of Service) or
compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/33592/

 --

[SA33590] Max.Blog Security Bypass and SQL Injection

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass, Manipulation of data
Released:    2009-01-21

Some vulnerabilities have been discovered in Max.Blog, which can be
exploited by malicious people to bypass certain security restrictions
and conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/33590/

 --

[SA33589] AJ Auction Pro "id" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2009-01-21

Snakespc has reported a vulnerability in AJ Auction Pro, which can be
exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/33589/

 --

[SA33587] Dodo's Quiz Script "n" Local File Inclusion Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Exposure of system information, Exposure of sensitive
information
Released:    2009-01-21

cOndemned has discovered a vulnerability in Dodo's Quiz Script, which
can be exploited by malicious people to disclose sensitive
information.

Full Advisory:
http://secunia.com/advisories/33587/

 --

[SA33584] RCBlog "password.txt" Information Disclosure Security Issue

Critical:    Moderately critical
Where:       From remote
Impact:      Privilege escalation
Released:    2009-01-20

Danny Moules has discovered a security issue in RCBlog, which can be
exploited by malicious people to disclose sensitive information.

Full Advisory:
http://secunia.com/advisories/33584/

 --

[SA33583] AV Book Library Multiple SQL Injection Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2009-01-19

Some vulnerabilities have been reported in AV Book Library, which can
be exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/33583/

 --

[SA33580] PHPads Multiple Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass, Cross Site Scripting, Exposure of
sensitive information
Released:    2009-01-20

Danny Moules has discovered a security issue and a vulnerability in
PHPads, which can be exploited by malicious people to disclose
sensitive information and by malicious users to conduct script
insertion attacks.

Full Advisory:
http://secunia.com/advisories/33580/

 --

[SA33573] Ninja Blog "cat" File Inclusion Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Exposure of system information, Exposure of sensitive
information
Released:    2009-01-20

Danny Moules has discovered a vulnerability in Ninja Blog, which can be
exploited by malicious people to disclose sensitive information.

Full Advisory:
http://secunia.com/advisories/33573/

 --

[SA33570] AJ Classifieds Multiple Products File Upload Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2009-01-21

A vulnerability has been reported in multiple AJ Classifieds products,
which can be exploited by malicious users to compromise a vulnerable
system.

Full Advisory:
http://secunia.com/advisories/33570/

 --

[SA33563] Joomla Eventing  Component "catid" SQL Injection
Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2009-01-16

Cyb3R-1st has reported a vulnerability in the Eventing component for
Joomla!, which can be exploited by malicious people to conduct SQL
injection attacks.

Full Advisory:
http://secunia.com/advisories/33563/

 --

[SA33562] Joomla RD-Autos Component "id" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2009-01-16

H!tm_at_N has discovered a vulnerability in the RD-Autos component for
Joomla!, which can be exploited by malicious people to conduct SQL
injection attacks.

Full Advisory:
http://secunia.com/advisories/33562/

 --

[SA33667] EMC AutoStart Backbone Engine Code Execution Vulnerability

Critical:    Moderately critical
Where:       From local network
Impact:      System access
Released:    2009-01-26

A vulnerability has been reported in EMC AutoStart, which can be
exploited by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/33667/

 --

[SA33713] HP Select Access Cross-Site Scripting Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2009-01-29

A vulnerability has been reported in HP Select Access, which can be
exploited by malicious people to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/33713/

 --

[SA33698] Domain Technologie Control Multiple SQL Injection
Vulnerabilities

Critical:    Less critical
Where:       From remote
Impact:      Manipulation of data
Released:    2009-01-28

Some vulnerabilities have been reported in Domain Technologie Control,
which can be exploited by malicious users to conduct SQL injection
attacks.

Full Advisory:
http://secunia.com/advisories/33698/

 --

[SA33697] GraphicsMagick DIB and BMP Denial of Service Vulnerabilities

Critical:    Less critical
Where:       From remote
Impact:      DoS
Released:    2009-01-28

Some vulnerabilities have been reported in GraphicsMagick, which can be
exploited by malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/33697/

 --

[SA33684] ConPresso CMS Session Fixation and Cross-Site Scripting

Critical:    Less critical
Where:       From remote
Impact:      Hijacking, Cross Site Scripting
Released:    2009-01-27

David Vieira-Kurz has discovered some vulnerabilities in ConPresso,
which can be exploited by malicious people to conduct session fixation
and script insertion attacks.

Full Advisory:
http://secunia.com/advisories/33684/

 --

[SA33680] GLPI SQL Injection Vulnerabilities

Critical:    Less critical
Where:       From remote
Impact:      Manipulation of data
Released:    2009-01-27

Some vulnerabilities have been reported in GLPI, which can be exploited
by malicious users to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/33680/

 --

[SA33670] Simple Machines Forum "packages.xml" Cross-Site Scripting

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2009-01-28

Xianur0 has discovered a vulnerability in Simple Machines Forum, which
can be exploited by malicious people to conduct cross-site scripting
attacks.

Full Advisory:
http://secunia.com/advisories/33670/

 --

[SA33668] CA Cohesion Application Configuration Manager Apache Tomcat
Multiple Vulnerabilities

Critical:    Less critical
Where:       From remote
Impact:      Security Bypass, Cross Site Scripting, Exposure of
sensitive information, DoS
Released:    2009-01-26

CA has acknowledged some vulnerabilities in various CA Cohesion
Application Configuration Manager, which can be exploited by malicious
people to bypass certain security restrictions, disclose sensitive
information, conduct cross-site scripting attacks, or cause a DoS
(Denial of Service).

Full Advisory:
http://secunia.com/advisories/33668/

 --

[SA33657] Piggydb Cross-Site Scripting Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2009-01-27

A vulnerability has been reported in Piggydb, which can be exploited by
malicious people to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/33657/

 --

[SA33655] htmLawed Unspecified Cross-Site Scripting Vulnerabilities

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2009-01-29

Some vulnerabilities have been reported in htmLawed, which can be
exploited by malicious people to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/33655/

 --

[SA33599] Fedora update for drupal

Critical:    Less critical
Where:       From remote
Impact:      Security Bypass
Released:    2009-01-19

Fedora has issued an update for drupal. This fixes a vulnerability,
which can be exploited by malicious users to bypass certain security
restrictions.

Full Advisory:
http://secunia.com/advisories/33599/

 --

[SA33593] MoinMoin Multiple Cross Site Scripting Vulnerabilities

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2009-01-21

Some vulnerabilities have been reported in MoinMoin, which can be
exploited by malicious people to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/33593/

 --

[SA33577] Joomla! WebAmoeba Ticket System Component "catid" SQL
Injection

Critical:    Less critical
Where:       From remote
Impact:      Manipulation of data
Released:    2009-01-20

Cyb3R-1st has reported a vulnerability in the WebAmoeba Ticket System
component for Joomla!, which can be exploited by malicious users to
conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/33577/

 --

[SA33576] Apache Jackrabbit webapp Cross-Site Scripting
Vulnerabilities

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2009-01-20

Some vulnerabilities have been reported in Apache Jackrabbit, which can
be exploited by malicious people to conduct cross-site scripting
attacks.

Full Advisory:
http://secunia.com/advisories/33576/

 --

[SA33565] LemonLDAP::NG User Enumeration and Cross-Site Scripting

Critical:    Less critical
Where:       From remote
Impact:      Exposure of system information, Cross Site Scripting
Released:    2009-01-16

A weakness and a vulnerability have been reported in LemonLDAP::NG,
which can be exploited by malicious people to identify valid user
accounts and conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/33565/

 --

[SA33712] CA Anti-Virus Engine Archive Files Detection Bypass

Critical:    Not critical
Where:       From remote
Impact:      Security Bypass
Released:    2009-01-28

Some weaknesses have been reported in various CA products, which can be
exploited by malware to bypass the scanning functionality.

Full Advisory:
http://secunia.com/advisories/33712/

 --

[SA33688] Sun Java System Access Manager User Enumeration Weakness

Critical:    Not critical
Where:       From remote
Impact:      Exposure of system information
Released:    2009-01-28

A weakness has been reported in Sun Java System Access Manager, which
can be exploited by malicious people to identify valid user accounts.

Full Advisory:
http://secunia.com/advisories/33688/



========================================================================

Secunia recommends that you verify all advisories you receive,
by clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only use
those supplied by the vendor.

Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/

Subscribe:
http://secunia.com/advisories/weekly_summary/

Contact details:
Web	: http://secunia.com/
E-mail	: support_at_private
Tel	: +45 70 20 51 44
Fax	: +45 70 20 51 45


_______________________________________________      
Best Selling Security Books &amp; More!
http://www.shopinfosecnews.org/
Received on Fri Jan 30 2009 - 02:04:20 PST

This archive was generated by hypermail 2.2.0 : Fri Jan 30 2009 - 02:11:17 PST