[ISN] Secunia Weekly Summary - Issue: 2009-6

From: InfoSec News <alerts_at_private>
Date: Fri, 6 Feb 2009 03:29:42 -0600 (CST)
========================================================================

                  The Secunia Weekly Advisory Summary                  
                        2009-01-29 - 2009-02-05                        

                       This week: 94 advisories                        

========================================================================
Table of Contents:

1.....................................................Word From Secunia
2....................................................This Week In Brief
3...............................This Weeks Top Ten Most Read Advisories
4.......................................Vulnerabilities Summary Listing
5.......................................Vulnerabilities Content Listing

========================================================================
1) Word From Secunia:

The best new Windows program of 2008

Secunia Personal Software Inspector has been chosen as one of the best
new Windows programs in 2008.

Download.com, the world's largest download site, has chosen Secunia
Personal Software Inspector as one of "The best new Windows programs of
2008". A total of six programs received this fine predicate which also
included Google Chrome.

Download.com also awarded Secunia PSI an editorial rating of five
stars, which is their highest honors and a remarkable recognition.

Read more:
http://secunia.com/blog/41/

========================================================================
2) This Week in Brief:

Some vulnerabilities have been reported in Mozilla Firefox, which
potentially can be exploited to compromise a user's system.

For more information, refer to:
http://secunia.com/advisories/33799/

========================================================================
3) This Weeks Top Ten Most Read Advisories:

1.  [SA33799] Mozilla Firefox Multiple Vulnerabilities
2.  [SA33632] Apple QuickTime Multiple Vulnerabilities
3.  [SA32991] Sun Java JDK / JRE Multiple Vulnerabilities
4.  [SA32270] Adobe Flash Player Multiple Security Issues and
Vulnerabilities
5.  [SA33089] Internet Explorer Data Binding Memory Corruption
Vulnerability
6.  [SA33729] WebSphere Application Server Unspecified Information
Disclosure
7.  [SA33773] IBM AIX "rmsock" and "rmsock64" Log File Privilege
Escalation
8.  [SA20153] Microsoft Word Malformed Object Pointer Vulnerability
9.  [SA33754] Google Chrome Cross-Site Scripting and Information
Disclosure
10. [SA33765] Sun Solaris OpenSSL "EVP_VerifyFinal()" Spoofing
Vulnerability

========================================================================
4) Vulnerabilities Summary Listing

Windows:
[SA33817] Euphonics Audio Player PLS Parsing Buffer Overflow
Vulnerability
[SA33796] Nokia PC Suite Multimedia Player Playlist Processing Buffer
Overflow
[SA33791] MultiMedia Soft Various Components AdjMmsEng.dll PLS Parsing
Vulnerability
[SA33766] NaviCOPA Script Source Disclosure and Buffer Overflow
Vulnerabilities
[SA33742] Elecard AVC HD Player Playlist Processing Buffer Overflow
[SA33728] Synactis ALL In-The-Box ActiveX Control "SaveDoc()" Arbitrary
File Overwrite
[SA33851] QIP Message Processing Denial of Service Vulnerability
[SA33839] Team Board "team.mdb" Database Disclosure
[SA33794] UltraVNC "ClientConnection" Signedness Vulnerabilities
[SA33774] ClickCart "txtEmail" and "txtPassword" SQL Injection
[SA33771] MyDesign Sayac "user" and "pass" SQL Injection
Vulnerabilities
[SA33754] Google Chrome Cross-Site Scripting and Information
Disclosure
[SA33743] SalesCart "name" and "code" SQL Injection Vulnerabilities
[SA33788] Kaspersky Products klim5.sys Privilege Escalation
Vulnerability

UNIX/Linux:
[SA33819] SUSE update for amarok
[SA33816] Red Hat update for seamonkey
[SA33809] Red Hat update for firefox
[SA33755] Ubuntu update for moinmoin
[SA33827] Fedora update for roundcubemail
[SA33822] SUSE update for moodle and phpMyAdmin
[SA33820] SUSE update for xterm
[SA33801] Debian update for devil
[SA33797] HP-UX update for Apache
[SA33792] Sun Solaris libxml2 Two Integer Overflow Vulnerabilities
[SA33786] HP NonStop Server DNS Cache Poisoning Vulnerability
[SA33784] SUSE update for audiofile
[SA33765] Sun Solaris OpenSSL "EVP_VerifyFinal()" Spoofing
Vulnerability
[SA33752] OpenBSD BGP UPDATE Message Denial of Service Vulnerability
[SA33746] VMware ESX Server update for net-snmp and libxml2
[SA33745] Debian update for vnc4
[SA33733] 4Site CMS Multiple SQL Injection Vulnerabilities
[SA33854] Red Hat update for kernel
[SA33828] Fedora update for boinc-client
[SA33826] Fedora update for nss
[SA33824] Fedora update for libcdaudio
[SA33821] SUSE update for net-snmp
[SA33818] SUSE update for sudo and avahi
[SA33787] HP-UX IPv6 Neighbor Discovery Protocol Neighbor Solicitation
Vulnerability
[SA33823] Fedora update for gnumeric
[SA33773] IBM AIX "rmsock" and "rmsock64" Log File Privilege
Escalation
[SA33769] Fedora update for gedit
[SA33759] GNOME gedit Insecure Python Module Search Path Vulnerability
[SA33776] VMware ESX / ESXi VMDK Delta Disk Denial of Service Weakness
[SA33825] Fedora update for gpsdrive
[SA33795] sblim-sfcb "genSslCert.sh" Insecure Temporary Files
[SA33785] Linux Kernel Denial of Service Vulnerabilities
[SA33756] Ubuntu update for linux
[SA33753] Sudo Privilege Escalation Security Issue
[SA33751] Sun Solaris IP Minor Numbers Denial of Service Vulnerability

Other:
[SA33729] WebSphere Application Server Unspecified Information
Disclosure
[SA33770] Xerox WorkCentre Web Server Unspecified Command Injection
[SA33739] Profense Web Application Firewall Cross-Site Scripting and
Cross-Site Request Forgery
[SA33738] D-Link DVG-2001S Cross-Site Scripting and Cross-Site Request
Forgery
[SA33779] HP LaserJet / Digital Sender Directory Traversal
Vulnerability
[SA33749] Cisco Products Denial of Service and Security Bypass
Vulnerabilities

Cross Platform:
[SA33812] GRBoard Multiple File Inclusion Vulnerabilities
[SA33808] Mozilla SeaMonkey Multiple Vulnerabilities
[SA33802] Mozilla Thunderbird Memory Corruption Vulnerabilities
[SA33799] Mozilla Firefox Multiple Vulnerabilities
[SA33768] GBook "abspath" File Inclusion Vulnerability
[SA33748] Coppermine Photo Gallery Variable Overwrite Vulnerability
[SA33744] Novell GroupWise Multiple Vulnerabilities
[SA33732] TECHNOTE "shop_this_skin_path" File Inclusion Vulnerability
[SA33836] Drupal Views Bulk Operations Module Script Insertion
[SA33813] Mahara Unspecified Script Insertion Vulnerability
[SA33811] PHPbbBook "l" File Inclusion Vulnerability
[SA33807] TightVNC "ClientConnection" Signedness Vulnerabilities
[SA33804] ScriptsEz Ez PHP Comment "name" Script Insertion
Vulnerability
[SA33781] Bugzilla Multiple Vulnerabilities
[SA33780] GR Blog Security Bypass Security Issue
[SA33778] CMS from Scratch File Upload Vulnerability
[SA33777] Whole Hog Software Multiple Products SQL Injection and
Security Bypass
[SA33775] Moodle Multiple Vulnerabilities
[SA33772] PerlSoft Gstebuch "loginname1" Code Execution Vulnerability
[SA33767] Online Grades SQL Injection and Information Disclosure
[SA33757] Drupal ImageField Module File Upload and Script Insertion
[SA33741] ReVou Twitter Clone Script Insertion and SQL Injection
[SA33735] AJA "currentlang" and "module_name" Local File Inclusion
Vulnerabilities
[SA33734] BPAutoSales SQL Injection and Cross-Site Scripting
[SA33731] Squid HTTP Version Number Parsing Denial of Service
Vulnerability
[SA33730] DreamPics Builder "exhibition_id" SQL Injection
Vulnerability
[SA33834] htmLawed Unspecified Cross-Site Scripting Vulnerability
[SA33806] BOINC "RSA_public_decrypt()" Spoofing Vulnerability
[SA33790] Simple Machines Forum "[url]" Script Insertion Vulnerability
[SA33789] Bugzilla Script Insertion and Cross-Site Request Forgery
[SA33782] Bugzilla Cross-Site Request Forgery Vulnerability
[SA33764] E-Php B2B Trading Marketplace Script "errmsg" Cross-Site
Scripting
[SA33763] SMA-DB "startpage.php" Cross-Site Scripting Vulnerability
[SA33762] Oracle Forms Cross-Site Scripting Vulnerabilities
[SA33761] Oracle Application Server Cross-Site Scripting
Vulnerabilities
[SA33760] Fedora update for glpi
[SA33747] FlatnuX CMS "Job" Script Insertion Vulnerability
[SA33740] ManageEngine Firewall Analyzer Cross-Site Request Forgery
Vulnerability
[SA33805] ESET Remote Administrator Script Insertion Vulnerability

========================================================================
5) Vulnerabilities Content Listing

Windows:--

[SA33817] Euphonics Audio Player PLS Parsing Buffer Overflow
Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2009-02-04

A vulnerability has been discovered in Euphonics Audio Player, which
can be exploited by malicious people to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/33817/

 --

[SA33796] Nokia PC Suite Multimedia Player Playlist Processing Buffer
Overflow

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2009-02-04

0in has discovered a vulnerability in Nokia PC Suite, which potentially
can be exploited by malicious people to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/33796/

 --

[SA33791] MultiMedia Soft Various Components AdjMmsEng.dll PLS Parsing
Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2009-02-04

A vulnerability has been discovered in various MultiMedia Soft
components for .NET, which potentially can be exploited by malicious
people to compromise an application using these components.

Full Advisory:
http://secunia.com/advisories/33791/

 --

[SA33766] NaviCOPA Script Source Disclosure and Buffer Overflow
Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      Exposure of sensitive information, DoS, System access
Released:    2009-02-04

e.wiZz! has discovered two vulnerabilities in NaviCOPA, which can be
exploited by malicious people to disclose potentially sensitive
information, cause a DoS (Denial of Service), or potentially compromise
a vulnerable system.

Full Advisory:
http://secunia.com/advisories/33766/

 --

[SA33742] Elecard AVC HD Player Playlist Processing Buffer Overflow

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2009-02-03

AlpHaNiX has discovered a vulnerability in Elecard AVC HD Player, which
can be exploited by malicious people to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/33742/

 --

[SA33728] Synactis ALL In-The-Box ActiveX Control "SaveDoc()" Arbitrary
File Overwrite

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2009-02-02

A vulnerability has been discovered in the Synactis ALL In-The-Box
ActiveX control, which can be exploited by malicious people to
compromise a user's system.

Full Advisory:
http://secunia.com/advisories/33728/

 --

[SA33851] QIP Message Processing Denial of Service Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2009-02-05

Maxim Kulakov has discovered a vulnerability in QIP, which can be
exploited by malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/33851/

 --

[SA33839] Team Board "team.mdb" Database Disclosure

Critical:    Moderately critical
Where:       From remote
Impact:      Exposure of sensitive information
Released:    2009-02-05

Pouya_Server has reported a security issue in Team Board, which can be
exploited by malicious people to disclose sensitive information.

Full Advisory:
http://secunia.com/advisories/33839/

 --

[SA33794] UltraVNC "ClientConnection" Signedness Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2009-02-04

Some vulnerabilities have been reported in UltraVNC, which potentially
can be exploited by malicious people to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/33794/

 --

[SA33774] ClickCart "txtEmail" and "txtPassword" SQL Injection

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass, Manipulation of data
Released:    2009-02-03

R3d D3v!L has reported some vulnerabilities in ClickCart, which can be
exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/33774/

 --

[SA33771] MyDesign Sayac "user" and "pass" SQL Injection
Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass, Manipulation of data
Released:    2009-02-04

Kacak has discovered two vulnerabilities in MyDesign Sayac, which can
be exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/33771/

 --

[SA33754] Google Chrome Cross-Site Scripting and Information
Disclosure

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting, Exposure of sensitive information
Released:    2009-02-02

Two vulnerabilities have been reported in Google Chrome, which can be
exploited by malicious people to conduct cross-site scripting attacks
or to disclose sensitive information.

Full Advisory:
http://secunia.com/advisories/33754/

 --

[SA33743] SalesCart "name" and "code" SQL Injection Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass, Manipulation of data
Released:    2009-02-02

ByALBAYX has reported some vulnerabilities in SalesCart, which can be
exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/33743/

 --

[SA33788] Kaspersky Products klim5.sys Privilege Escalation
Vulnerability

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation, DoS
Released:    2009-02-03

Ruben Santamarta has reported a vulnerability in multiple Kaspersky
products, which can be exploited by malicious, local users to cause a
DoS (Denial of Service) or potentially gain escalated privileges.

Full Advisory:
http://secunia.com/advisories/33788/


UNIX/Linux:--

[SA33819] SUSE update for amarok

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2009-02-04

SUSE has issued an update for amarok. This fixes some vulnerabilities,
which potentially can be exploited by malicious people to compromise a
user's system.

Full Advisory:
http://secunia.com/advisories/33819/

 --

[SA33816] Red Hat update for seamonkey

Critical:    Highly critical
Where:       From remote
Impact:      Security Bypass, Exposure of system information, Exposure
of sensitive information, System access
Released:    2009-02-04

Red Hat has issued an update for seamonkey. This fixes some
vulnerabilities, which can be exploited by malicious people to disclose
sensitive information, bypass certain security restrictions, or
potentially to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/33816/

 --

[SA33809] Red Hat update for firefox

Critical:    Highly critical
Where:       From remote
Impact:      Security Bypass, Cross Site Scripting, Exposure of system
information, Exposure of sensitive information, System access
Released:    2009-02-04

Red Hat has issued an update for firefox. This fixes some
vulnerabilities, which can be exploited by malicious, local users to
potentially disclose sensitive information, and by malicious people to
conduct cross-site scripting attacks, bypass certain security
restrictions, disclose sensitive information, or potentially to
compromise a user's system.

Full Advisory:
http://secunia.com/advisories/33809/

 --

[SA33755] Ubuntu update for moinmoin

Critical:    Highly critical
Where:       From remote
Impact:      Security Bypass, Cross Site Scripting, DoS, System access
Released:    2009-01-30

Ubuntu has issued an update for moinmoin. This fixes some
vulnerabilities, which can be exploited by malicious people to conduct
cross-site scripting attacks, bypass security restrictions, manipulate
certain data, or potentially compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/33755/

 --

[SA33827] Fedora update for roundcubemail

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2009-02-05

Fedora has issued an update for roundcubemail. This fixes a
vulnerability, which can be exploited by malicious people to conduct
script insertion attacks.

Full Advisory:
http://secunia.com/advisories/33827/

 --

[SA33822] SUSE update for moodle and phpMyAdmin

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting, Manipulation of data, Exposure of
sensitive information, System access
Released:    2009-02-04

SUSE has issued an update for moodle and phpMyAdmin. This fixes some
vulnerabilities, which can be exploited by malicious users to disclose
potentially sensitive information, conduct cross-site scripting
attacks, and compromise a vulnerable system, and malicious people to
conduct SQL injection, cross-site scripting, and cross-site request
forgery attacks.

Full Advisory:
http://secunia.com/advisories/33822/

 --

[SA33820] SUSE update for xterm

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2009-02-04

SUSE has issued an update for xterm. This fixes a vulnerability, which
can be exploited by malicious people to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/33820/

 --

[SA33801] Debian update for devil

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2009-02-05

Debian has issued an update devil. This fixes some vulnerabilities,
which can be exploited by malicious people to compromise an application
using the library.

Full Advisory:
http://secunia.com/advisories/33801/

 --

[SA33797] HP-UX update for Apache

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass, Cross Site Scripting, Exposure of system
information, Exposure of sensitive information, DoS, System access
Released:    2009-02-04

HP has issued an update for Apache. This fixes some vulnerabilities,
which can be exploited by malicious people to conduct cross-site
scripting attacks, bypass certain security restrictions, disclose
sensitive information, cause a DoS (Denial of Service), or potentially
compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/33797/

 --

[SA33792] Sun Solaris libxml2 Two Integer Overflow Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2009-02-04

Sun has acknowledged two vulnerabilities in libxml2 in Solaris, which
can be exploited by malicious people to cause a DoS (Denial of Service)
or potentially to compromise an application using the library.

Full Advisory:
http://secunia.com/advisories/33792/

 --

[SA33786] HP NonStop Server DNS Cache Poisoning Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Spoofing
Released:    2009-02-03

HP has acknowledged a vulnerability in HP NonStop Server, which can be
exploited by malicious people to poison the DNS cache.

Full Advisory:
http://secunia.com/advisories/33786/

 --

[SA33784] SUSE update for audiofile

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2009-02-04

SUSE has issued an update for audiofile. This fixes a vulnerability,
which potentially can be exploited by malicious people to compromise an
application using the library.

Full Advisory:
http://secunia.com/advisories/33784/

 --

[SA33765] Sun Solaris OpenSSL "EVP_VerifyFinal()" Spoofing
Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Spoofing
Released:    2009-01-30

Sun has acknowledged a vulnerability in Sun Solaris, which can be
exploited by malicious people to conduct spoofing attacks.

Full Advisory:
http://secunia.com/advisories/33765/

 --

[SA33752] OpenBSD BGP UPDATE Message Denial of Service Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2009-02-02

A vulnerability has been reported in OpenBSD, which can be exploited by
malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/33752/

 --

[SA33746] VMware ESX Server update for net-snmp and libxml2

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2009-02-02

VMware has issued an update for VMware ESX Server. This fixes some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service) or to potentially compromise a vulnerable
system.

Full Advisory:
http://secunia.com/advisories/33746/

 --

[SA33745] Debian update for vnc4

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2009-02-02

Debian has issued an update for vnc4. This fixes a vulnerability, which
can be exploited by malicious people to potentially compromise a user's
system.

Full Advisory:
http://secunia.com/advisories/33745/

 --

[SA33733] 4Site CMS Multiple SQL Injection Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2009-02-05

D.Mortalov has reported some vulnerabilities in 4Site CMS, which can be
exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/33733/

 --

[SA33854] Red Hat update for kernel

Critical:    Less critical
Where:       From remote
Impact:      DoS
Released:    2009-02-05

Red Hat has issued an update for the kernel. This fixes some
vulnerabilities, which can be exploited by malicious, local users to
cause a DoS (Denial of Service), and by malicious people to potentially
cause a DoS.

Full Advisory:
http://secunia.com/advisories/33854/

 --

[SA33828] Fedora update for boinc-client

Critical:    Less critical
Where:       From remote
Impact:      Spoofing
Released:    2009-02-05

Fedora has issued an update for boinc-client. This fixes a
vulnerability, which can potentially be exploited by malicious people
to conduct spoofing attacks.

Full Advisory:
http://secunia.com/advisories/33828/

 --

[SA33826] Fedora update for nss

Critical:    Less critical
Where:       From remote
Impact:      Spoofing
Released:    2009-02-05

Fedora has issued an update for nss. This fixes a security issue, which
potentially can be exploited by malicious people to conduct spoofing
attacks.

Full Advisory:
http://secunia.com/advisories/33826/

 --

[SA33824] Fedora update for libcdaudio

Critical:    Less critical
Where:       From remote
Impact:      System access
Released:    2009-02-05

Fedora has issued an update for libcdaudio. This fixes a vulnerability,
which potentially can be exploited by malicious people to compromise a
vulnerable system.

Full Advisory:
http://secunia.com/advisories/33824/

 --

[SA33821] SUSE update for net-snmp

Critical:    Less critical
Where:       From local network
Impact:      DoS
Released:    2009-02-04

SUSE has issued an update for net-snmp. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/33821/

 --

[SA33818] SUSE update for sudo and avahi

Critical:    Less critical
Where:       From local network
Impact:      Privilege escalation, DoS
Released:    2009-02-04

SUSE has issued an update for sudo and avahi. This fixes a security
issue and a vulnerability, which can be exploited by malicious, local
users to gain escalated privileges and by malicious people to cause a
DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/33818/

 --

[SA33787] HP-UX IPv6 Neighbor Discovery Protocol Neighbor Solicitation
Vulnerability

Critical:    Less critical
Where:       From local network
Impact:      Spoofing, Exposure of sensitive information, DoS
Released:    2009-02-03

A vulnerability has been reported in HP-UX, which can be exploited by
malicious people to conduct spoofing attacks, disclose potentially
sensitive information, or to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/33787/

 --

[SA33823] Fedora update for gnumeric

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2009-02-05

Fedora has issued an update for gnumeric. This fixes a vulnerability,
which can be exploited by malicious, local users to gain escalated
privileges.

Full Advisory:
http://secunia.com/advisories/33823/

 --

[SA33773] IBM AIX "rmsock" and "rmsock64" Log File Privilege
Escalation

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2009-01-30

IBM has acknowledged a security issue in IBM AIX, which can be
exploited by malicious, local users to perform certain actions with
escalated privileges.

Full Advisory:
http://secunia.com/advisories/33773/

 --

[SA33769] Fedora update for gedit

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2009-01-30

Fedora has issued an update for gedit. This fixes a vulnerability,
which can be exploited by malicious, local users to gain escalated
privileges.

Full Advisory:
http://secunia.com/advisories/33769/

 --

[SA33759] GNOME gedit Insecure Python Module Search Path Vulnerability

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2009-01-30

A vulnerability has been reported in gedit, which can be exploited by
malicious, local users to gain escalated privileges.

Full Advisory:
http://secunia.com/advisories/33759/

 --

[SA33776] VMware ESX / ESXi VMDK Delta Disk Denial of Service Weakness

Critical:    Not critical
Where:       From remote
Impact:      DoS
Released:    2009-02-02

A weakness has been reported in VMware ESX / ESXi, which can be
exploited by malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/33776/

 --

[SA33825] Fedora update for gpsdrive

Critical:    Not critical
Where:       Local system
Impact:      Privilege escalation
Released:    2009-02-05

Fedora has issued an update for gpsdrive. This fixes some security
issues, which can be exploited by malicious, local users to perform
certain actions with escalated privileges.

Full Advisory:
http://secunia.com/advisories/33825/

 --

[SA33795] sblim-sfcb "genSslCert.sh" Insecure Temporary Files

Critical:    Not critical
Where:       Local system
Impact:      Privilege escalation
Released:    2009-02-05

A security issue has been reported in sblim-sfcb, which can be
exploited by malicious, local users to perform certain actions with
escalated privileges.

Full Advisory:
http://secunia.com/advisories/33795/

 --

[SA33785] Linux Kernel Denial of Service Vulnerabilities

Critical:    Not critical
Where:       Local system
Impact:      DoS
Released:    2009-02-04

Some vulnerabilities have been reported in the Linux Kernel, which
potentially can be exploited by malicious, local users to cause a DoS
(Denial of Service).

Full Advisory:
http://secunia.com/advisories/33785/

 --

[SA33756] Ubuntu update for linux

Critical:    Not critical
Where:       Local system
Impact:      DoS
Released:    2009-01-30

Ubuntu has issued an update for linux. This fixes some vulnerabilities,
which can be exploited by malicious, local users to cause a DoS (Denial
of Service).

Full Advisory:
http://secunia.com/advisories/33756/

 --

[SA33753] Sudo Privilege Escalation Security Issue

Critical:    Not critical
Where:       Local system
Impact:      Privilege escalation
Released:    2009-02-04

A security issue has been reported in sudo, which can be exploited by
malicious, local users to gain escalated privileges.

Full Advisory:
http://secunia.com/advisories/33753/

 --

[SA33751] Sun Solaris IP Minor Numbers Denial of Service Vulnerability

Critical:    Not critical
Where:       Local system
Impact:      DoS
Released:    2009-02-02

Sun has acknowledged a vulnerability in Sun Solaris, which can be
exploited by malicious, local users to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/33751/


Other:--

[SA33729] WebSphere Application Server Unspecified Information
Disclosure

Critical:    Moderately critical
Where:       From remote
Impact:      Exposure of system information, Exposure of sensitive
information
Released:    2009-01-30

A vulnerability has been reported in WebSphere Application Server,
which can potentially be exploited by malicious people to disclose
sensitive information.

Full Advisory:
http://secunia.com/advisories/33729/

 --

[SA33770] Xerox WorkCentre Web Server Unspecified Command Injection

Critical:    Moderately critical
Where:       From local network
Impact:      System access
Released:    2009-02-02

A vulnerability has been reported in Xerox WorkCentre, which can be
exploited by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/33770/

 --

[SA33739] Profense Web Application Firewall Cross-Site Scripting and
Cross-Site Request Forgery

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2009-01-30

Michael Brooks has discovered some vulnerabilities in Profense Web
Application Firewall, which can be exploited by malicious people to
conduct cross-site scripting and cross-site request forgery attacks.

Full Advisory:
http://secunia.com/advisories/33739/

 --

[SA33738] D-Link DVG-2001S Cross-Site Scripting and Cross-Site Request
Forgery

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2009-02-03

Some vulnerabilities have been reported in D-Link DVG-2001S, which can
be exploited by malicious people to conduct cross-site scripting and
cross-site request forgery attacks.

Full Advisory:
http://secunia.com/advisories/33738/

 --

[SA33779] HP LaserJet / Digital Sender Directory Traversal
Vulnerability

Critical:    Less critical
Where:       From local network
Impact:      Exposure of system information, Exposure of sensitive
information
Released:    2009-02-05

A vulnerability has been reported in HP LaserJet and Digital Sender
products, which can be exploited by malicious people to disclose
sensitive information.

Full Advisory:
http://secunia.com/advisories/33779/

 --

[SA33749] Cisco Products Denial of Service and Security Bypass
Vulnerabilities

Critical:    Less critical
Where:       From local network
Impact:      Security Bypass, DoS
Released:    2009-02-05

Some vulnerabilities have been reported in multiple Cisco Products,
which can be exploited by malicious people to cause a DoS (Denial of
Service) and by malicious users to bypass certain security
restrictions.

Full Advisory:
http://secunia.com/advisories/33749/


Cross Platform:--

[SA33812] GRBoard Multiple File Inclusion Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2009-02-04

make0day has discovered some vulnerabilities in GRBoard, which can be
exploited by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/33812/

 --

[SA33808] Mozilla SeaMonkey Multiple Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access, Security Bypass
Released:    2009-02-04

Some vulnerabilities have been reported in Mozilla SeaMonkey, which can
be exploited by malicious people to bypass certain security restrictions
or potentially to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/33808/

 --

[SA33802] Mozilla Thunderbird Memory Corruption Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2009-02-04

Some vulnerabilities have been reported in Mozilla Thunderbird, which
can potentially be exploited by malicious people to compromise a user's
system.

Full Advisory:
http://secunia.com/advisories/33802/

 --

[SA33799] Mozilla Firefox Multiple Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      Security Bypass, Cross Site Scripting, Exposure of system
information, Exposure of sensitive information, System access
Released:    2009-02-04

Some vulnerabilities have been reported in Mozilla Firefox, which can
be exploited by malicious, local users to potentially disclose
sensitive information, and by malicious people to conduct cross-site
scripting attacks, bypass certain security restrictions, disclose
sensitive information, or potentially to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/33799/

 --

[SA33768] GBook "abspath" File Inclusion Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2009-02-03

A vulnerability has been discovered in GBook, which can be exploited by
malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/33768/

 --

[SA33748] Coppermine Photo Gallery Variable Overwrite Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      Security Bypass, System access
Released:    2009-01-30

Michael Brooks has discovered a vulnerability in Coppermine Photo
Gallery, which can be exploited by malicious people to bypass certain
security restrictions and compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/33748/

 --

[SA33744] Novell GroupWise Multiple Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      Security Bypass, Cross Site Scripting, DoS, System access
Released:    2009-02-02

Some vulnerabilities have been reported in Novell GroupWise, which can
be exploited by malicious people to conduct cross-site scripting,
cross-site request forgery, and script insertion attacks, bypass
certain security restrictions, or compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/33744/

 --

[SA33732] TECHNOTE "shop_this_skin_path" File Inclusion Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2009-02-04

make0day has reported a vulnerability in TECHNOTE, which can be
exploited by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/33732/

 --

[SA33836] Drupal Views Bulk Operations Module Script Insertion

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2009-02-05

A vulnerability has been reported in the Views Bulk Operations module
for Drupal, which can be exploited by malicious users to conduct script
insertion attacks.

Full Advisory:
http://secunia.com/advisories/33836/

 --

[SA33813] Mahara Unspecified Script Insertion Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2009-02-05

A vulnerability has been reported in Mahara, which can be exploited by
malicious users to conduct script insertion attacks.

Full Advisory:
http://secunia.com/advisories/33813/

 --

[SA33811] PHPbbBook "l" File Inclusion Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Exposure of system information, Exposure of sensitive
information
Released:    2009-02-04

Osirys has discovered a vulnerability in PHPbbBook, which can be
exploited by malicious people to disclose sensitive information.

Full Advisory:
http://secunia.com/advisories/33811/

 --

[SA33807] TightVNC "ClientConnection" Signedness Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2009-02-04

Some vulnerabilities have been reported in TightVNC, which potentially
can be exploited by malicious people to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/33807/

 --

[SA33804] ScriptsEz Ez PHP Comment "name" Script Insertion
Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2009-02-04

Cru3l.b0y has reported a vulnerability in ScriptsEz Ez PHP Comment,
which can be exploited by malicious people to conduct script insertion
attacks.

Full Advisory:
http://secunia.com/advisories/33804/

 --

[SA33781] Bugzilla Multiple Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting, Exposure of sensitive information
Released:    2009-02-03

Some vulnerabilities and a security issue have been reported in
Bugzilla, which can be exploited by malicious users to conduct script
insertion attacks and by malicious people to potentially disclose
sensitive information or to conduct cross-site request forgery
attacks.

Full Advisory:
http://secunia.com/advisories/33781/

 --

[SA33780] GR Blog Security Bypass Security Issue

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass
Released:    2009-02-05

JosS has discovered a security issue in GR Blog, which can be exploited
by malicious people to bypass certain security restrictions.

Full Advisory:
http://secunia.com/advisories/33780/

 --

[SA33778] CMS from Scratch File Upload Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass
Released:    2009-02-03

StAkeR has discovered a vulnerability in CMS from Scratch, which can be
exploited by malicious people to bypass certain security restrictions.

Full Advisory:
http://secunia.com/advisories/33778/

 --

[SA33777] Whole Hog Software Multiple Products SQL Injection and
Security Bypass

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass, Manipulation of data
Released:    2009-02-03

Some vulnerabilities have been reported in multiple Whole Hog Software
products, which can be exploited by malicious people to bypass certain
security restrictions and conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/33777/

 --

[SA33775] Moodle Multiple Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting, Exposure of sensitive information,
Privilege escalation, System access
Released:    2009-02-04

Some vulnerabilities have been reported in Moodle, which can
potentially be exploited by malicious, local users to perform certain
actions with escalated privileges, by malicious users to conduct script
insertion attacks or to compromise a vulnerable system, and by malicious
people to conduct cross-site scripting attacks or to disclose sensitive
information.

Full Advisory:
http://secunia.com/advisories/33775/

 --

[SA33772] PerlSoft Gstebuch "loginname1" Code Execution Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2009-02-02

Perforin has reported a vulnerability in PerlSoft Gstebuch, which can
be exploited by malicious users to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/33772/

 --

[SA33767] Online Grades SQL Injection and Information Disclosure

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass, Manipulation of data, Exposure of system
information
Released:    2009-02-03

Some vulnerabilities and a security issue have been discovered in
Online Grades, which can be exploited by malicious people to conduct
SQL injection attacks and disclose sensitive information.

Full Advisory:
http://secunia.com/advisories/33767/

 --

[SA33757] Drupal ImageField Module File Upload and Script Insertion

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2009-02-02

Some vulnerabilities have been discovered in the ImageField module for
Drupal, which can be exploited by malicious users to conduct script
insertion attacks and compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/33757/

 --

[SA33741] ReVou Twitter Clone Script Insertion and SQL Injection

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting, Manipulation of data
Released:    2009-02-02

nuclear has reported some vulnerabilities in ReVou Twitter Clone, which
can be exploited by malicious people to conduct SQL injection attacks
and malicious users to conduct script insertion attacks.

Full Advisory:
http://secunia.com/advisories/33741/

 --

[SA33735] AJA "currentlang" and "module_name" Local File Inclusion
Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Exposure of sensitive information
Released:    2009-02-03

Some vulnerabilities have been discovered in AJA, which can be
exploited by malicious people to disclose potentially sensitive
information.

Full Advisory:
http://secunia.com/advisories/33735/

 --

[SA33734] BPAutoSales SQL Injection and Cross-Site Scripting

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting, Manipulation of data
Released:    2009-02-02

xoron has reported some vulnerabilities in BPAutoSales, which can be
exploited by malicious people to conduct SQL injection  and cross-site
scripting attacks.

Full Advisory:
http://secunia.com/advisories/33734/

 --

[SA33731] Squid HTTP Version Number Parsing Denial of Service
Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2009-02-04

A vulnerability has been reported in Squid, which can be exploited by
malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/33731/

 --

[SA33730] DreamPics Builder "exhibition_id" SQL Injection
Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2009-02-04

xoron has reported a vulnerability DreamPics Builder, which can be
exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/33730/

 --

[SA33834] htmLawed Unspecified Cross-Site Scripting Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2009-02-05

A vulnerability has been reported in htmLawed, which can be exploited
by malicious people to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/33834/

 --

[SA33806] BOINC "RSA_public_decrypt()" Spoofing Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Spoofing
Released:    2009-02-05

A vulnerability has been reported in BOINC, which can potentially be
exploited by malicious people to conduct spoofing attacks.

Full Advisory:
http://secunia.com/advisories/33806/

 --

[SA33790] Simple Machines Forum "[url]" Script Insertion Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2009-02-04

Xianur0 has discovered a vulnerability in Simple Machines Forum, which
can be exploited by malicious users to conduct script insertion
attacks.

Full Advisory:
http://secunia.com/advisories/33790/

 --

[SA33789] Bugzilla Script Insertion and Cross-Site Request Forgery

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2009-02-03

Some vulnerabilities have been reported in Bugzilla, which can be
exploited by malicious users to conduct script insertion attacks and
malicious people to conduct cross-site request forgery attacks.

Full Advisory:
http://secunia.com/advisories/33789/

 --

[SA33782] Bugzilla Cross-Site Request Forgery Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2009-02-03

A vulnerability has been reported in Bugzilla, which can be exploited
by malicious people to conduct cross-site request forgery attacks.

Full Advisory:
http://secunia.com/advisories/33782/

 --

[SA33764] E-Php B2B Trading Marketplace Script "errmsg" Cross-Site
Scripting

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2009-02-02

SaiedHacker has reported two vulnerabilities in E-Php B2B Trading
Marketplace Script, which can be exploited by malicious people to
conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/33764/

 --

[SA33763] SMA-DB "startpage.php" Cross-Site Scripting Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2009-02-03

A vulnerability has been discovered in SMA-DB, which can be exploited
by malicious people to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/33763/

 --

[SA33762] Oracle Forms Cross-Site Scripting Vulnerabilities

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2009-02-02

Some vulnerabilities have been reported in Oracle Forms, which can be
exploited by malicious people to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/33762/

 --

[SA33761] Oracle Application Server Cross-Site Scripting
Vulnerabilities

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2009-02-02

Some vulnerabilities have been reported in Oracle Application Server,
which can be exploited by malicious people to conduct cross-site
scripting attacks.

Full Advisory:
http://secunia.com/advisories/33761/

 --

[SA33760] Fedora update for glpi

Critical:    Less critical
Where:       From remote
Impact:      Manipulation of data
Released:    2009-01-30

Fedora has issued an update for glpi. This fixes some vulnerabilities,
which can be exploited by malicious users to conduct SQL injection
attacks.

Full Advisory:
http://secunia.com/advisories/33760/

 --

[SA33747] FlatnuX CMS "Job" Script Insertion Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2009-02-03

A vulnerability has been discovered in FlatnuX CMS, which can be
exploited by malicious users to conduct script insertion attacks.

Full Advisory:
http://secunia.com/advisories/33747/

 --

[SA33740] ManageEngine Firewall Analyzer Cross-Site Request Forgery
Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2009-01-30

A vulnerability has been discovered in ManageEngine Firewall Analyzer,
which can be exploited by malicious people to conduct cross-site
request forgery attacks.

Full Advisory:
http://secunia.com/advisories/33740/

 --

[SA33805] ESET Remote Administrator Script Insertion Vulnerability

Critical:    Less critical
Where:       From local network
Impact:      Cross Site Scripting
Released:    2009-02-05

A vulnerability has been reported in ESET Remote Administrator, which
can be exploited by malicious users to conduct script insertion
attacks.

Full Advisory:
http://secunia.com/advisories/33805/



========================================================================

Secunia recommends that you verify all advisories you receive,
by clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only use
those supplied by the vendor.

Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/

Subscribe:
http://secunia.com/advisories/weekly_summary/

Contact details:
Web	: http://secunia.com/
E-mail	: support_at_private
Tel	: +45 70 20 51 44
Fax	: +45 70 20 51 45


_______________________________________________      
Best Selling Security Books &amp; More!
http://www.shopinfosecnews.org/
Received on Fri Feb 06 2009 - 01:29:42 PST

This archive was generated by hypermail 2.2.0 : Fri Feb 06 2009 - 01:44:36 PST