[ISN] Secunia Weekly Summary - Issue: 2005-31
InfoSec News
isn at c4i.org
Thu Aug 4 06:00:47 EDT 2005
========================================================================
The Secunia Weekly Advisory Summary
2005-07-28 - 2005-08-04
This week : 55 advisories
========================================================================
Table of Contents:
1.....................................................Word From Secunia
2....................................................This Week In Brief
3...............................This Weeks Top Ten Most Read Advisories
4.......................................Vulnerabilities Summary Listing
5.......................................Vulnerabilities Content Listing
========================================================================
1) Word From Secunia:
The Secunia staff is spending hours every day to assure you the best
and most reliable source for vulnerability information. Every single
vulnerability report is being validated and verified before a Secunia
advisory is written.
Secunia validates and verifies vulnerability reports in many different
ways e.g. by downloading the software and performing comprehensive
tests, by reviewing source code, or by validating the credibility of
the source from which the vulnerability report was issued.
As a result, Secunia's database is the most correct and complete source
for recent vulnerability information available on the Internet.
Secunia Online Vulnerability Database:
http://secunia.com/
========================================================================
2) This Week in Brief:
Opera Software has released a new version of their popular browser,
which corrects several vulnerabilities.
Additional details can be found in the referenced Secunia advisories
below.
Reference:
http://secunia.com/SA15756
http://secunia.com/SA15870
VIRUS ALERTS:
Secunia has not issued any virus alerts during the week.
========================================================================
3) This Weeks Top Ten Most Read Advisories:
1. [SA15870] Opera Download Dialog Spoofing Vulnerability
2. [SA15756] Opera Image Dragging Vulnerability
3. [SA16272] Cisco IOS IPv6 Packet Handling Vulnerability
4. [SA16256] Microsoft Office Insecure Shared Section Permissions
5. [SA16245] Sophos Anti-Virus Unspecified Buffer Overflow
Vulnerability
6. [SA15601] Mozilla / Mozilla Firefox Frame Injection Vulnerability
7. [SA16271] Linksys WRT54G Router Common SSL Private Key Disclosure
8. [SA12758] Microsoft Word Document Parsing Buffer Overflow
Vulnerabilities
9. [SA16267] Novell eDirectory NMAS Password Challenge Bypass
10. [SA16255] MySQL Eventum PEAR XML_RPC PHP Code Execution
Vulnerability
========================================================================
4) Vulnerabilities Summary Listing
Windows:
[SA16314] Naxtor e-directory Cross-Site Scripting and SQL Injection
[SA16308] Sacrifice Format String and Buffer Overflow Vulnerabilities
[SA16306] BusinessMail SMTP Denial of Service Vulnerability
[SA16282] Business Objects Enterprise / Crystal Reports Denial of
Service
[SA16268] Thomson Web Skill Vantage Manager SQL Injection
[SA16258] nProtect Personal OnlineScan Arbitrary File Download
[SA16264] Easy PX 41 CMS Cross-Site Scripting and Information
Disclosure
[SA16283] Microsoft ActiveSync Denial of Service and Equipment ID
Enumeration
[SA16289] Trillian Exposure of User Credentials
UNIX/Linux:
[SA16327] Debian apt-cacher Unspecified Arbitrary Command Execution
[SA16326] Mandriva update for mozilla
[SA16307] Gentoo update for Compress-Zlib
[SA16302] Ubuntu update for
mozilla-thunderbird/mozilla-thunderbird-enigmail
[SA16296] Conectiva update for clamav
[SA16290] Trustix update for multiple packages
[SA16284] Gentoo update for emul-linux-x86-baselibs
[SA16276] Fedora update for ethereal
[SA16257] SUSE Updates for Multiple Packages
[SA16324] Gentoo update for nbsmtp
[SA16305] Gentoo update for pstotext
[SA16304] MySQL Eventum Cross-Site Scripting and SQL Injection
[SA16303] Debian update for pdns
[SA16293] Slackware update for telnet
[SA16291] jabberd "jid.c" Buffer Overflow Vulnerabilities
[SA16288] Gentoo update for ProFTPD
[SA16279] no-brainer SMTP Client "log_msg" Format String Vulnerability
[SA16261] Mandriva update for fetchmail
[SA16299] Fedora update for httpd
[SA16266] Ubuntu update for libtiff4
[SA16259] HP NonStop Server DCE Core Services Denial of Service
[SA16278] Avaya CMS / IR Solaris Runtime Linker Vulnerability
[SA16277] Debian update for gopher
[SA16275] UMN Gopher Insecure Temporary File Creation
[SA16269] Debian update for gaim
[SA16265] Gaim libgadu Memory Alignment Weakness
[SA16309] UnZip File Permissions Change Vulnerability
Other:
[SA16272] Cisco IOS IPv6 Packet Handling Vulnerability
[SA16271] Linksys WRT54G Router Common SSL Private Key Disclosure
Cross Platform:
[SA16319] Karrigell Python Namespace Exposure Vulnerability
[SA16273] Simplicity oF Upload "language" File Inclusion Vulnerability
[SA16260] PHPmyGallery "confdir" File Inclusion Vulnerability
[SA16323] nCipher CHIL Random Cache Inheritance Security Issue
[SA16318] Metasploit Framework "defanged" Mode Bypass Vulnerability
[SA16312] PHPFreeNews Unspecified Vulnerabilities
[SA16300] FlexPHPNews Multiple Vulnerabilities
[SA16287] Ragnarok Online Control Panel Authentication Bypass
Vulnerability
[SA16286] Kayako LiveResponse Multiple Vulnerabilities
[SA16262] Naxtor Shopping Cart Cross-Site Scripting and SQL Injection
[SA16316] BrightStor ARCserve Backup Agents Buffer Overflow
Vulnerability
[SA16267] Novell eDirectory NMAS Password Challenge Bypass
[SA16311] AderSoftware CFBB "page" Cross-Site Scripting
[SA16292] ChurchInfo SQL Injection Vulnerabilities
[SA16270] UNG "name" and "email" Mail Header Injection
[SA16263] Website Baker Cross-Site Scripting and File Upload
Vulnerabilities
[SA16274] phplist "id" SQL Injection Vulnerability
========================================================================
5) Vulnerabilities Content Listing
Windows:--
[SA16314] Naxtor e-directory Cross-Site Scripting and SQL Injection
Critical: Highly critical
Where: From remote
Impact: Security Bypass, Cross Site Scripting, Manipulation of
data, System access
Released: 2005-08-03
basher13 has reported some vulnerabilities in Naxtor e-directory, which
can be exploited by malicious people to conduct cross-site scripting and
SQL injection attacks and potentially compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/16314/
--
[SA16308] Sacrifice Format String and Buffer Overflow Vulnerabilities
Critical: Highly critical
Where: From remote
Impact: DoS, System access
Released: 2005-08-02
Luigi Auriemma has reported two vulnerabilities in Sacrifice, which
potentially can be exploited by malicious people to compromise a
vulnerable system.
Full Advisory:
http://secunia.com/advisories/16308/
--
[SA16306] BusinessMail SMTP Denial of Service Vulnerability
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2005-08-01
Reed Arvin has discovered a vulnerability in BusinessMail, which can be
exploited by malicious people to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/16306/
--
[SA16282] Business Objects Enterprise / Crystal Reports Denial of
Service
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2005-08-01
A vulnerability has been reported in Business Objects Enterprise and
Crystal Reports Server, which can be exploited by malicious people to
cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/16282/
--
[SA16268] Thomson Web Skill Vantage Manager SQL Injection
Critical: Moderately critical
Where: From remote
Impact: Security Bypass, Manipulation of data
Released: 2005-07-29
Walter Sobchak has reported a vulnerability in Thomson Web Skill
Vantage Manager, which can be exploited by malicious people to conduct
SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/16268/
--
[SA16258] nProtect Personal OnlineScan Arbitrary File Download
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data, System access
Released: 2005-08-01
Park Gyu Tae and Neo have reported in a vulnerability in nProtect
Personal OnlineScan, which potentially can be exploited by malicious
people to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/16258/
--
[SA16264] Easy PX 41 CMS Cross-Site Scripting and Information
Disclosure
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting, Exposure of system information,
Exposure of sensitive information
Released: 2005-07-29
FalconDeOro has reported some vulnerabilities in Easy PX 41 CMS, which
can be exploited by malicious people to conduct cross-site scripting
attacks and disclose various information.
Full Advisory:
http://secunia.com/advisories/16264/
--
[SA16283] Microsoft ActiveSync Denial of Service and Equipment ID
Enumeration
Critical: Less critical
Where: From local network
Impact: Exposure of system information, Exposure of sensitive
information, DoS
Released: 2005-08-02
Seth Fogie has reported two vulnerabilities in Microsoft ActiveSync,
which can be exploited by malicious people to cause a DoS (Denial of
Service) and enumerate valid equipment IDs.
Full Advisory:
http://secunia.com/advisories/16283/
--
[SA16289] Trillian Exposure of User Credentials
Critical: Less critical
Where: Local system
Impact: Exposure of sensitive information
Released: 2005-08-01
Suramya Tomar has discovered a security issue in Trillian, which can be
exploited by malicious, local users to gain knowledge of sensitive
information.
Full Advisory:
http://secunia.com/advisories/16289/
UNIX/Linux:--
[SA16327] Debian apt-cacher Unspecified Arbitrary Command Execution
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2005-08-03
Eduard Bloch has reported a vulnerability in apt-cacher, which
potentially can be exploited by malicious people to compromise a
vulnerable system.
Full Advisory:
http://secunia.com/advisories/16327/
--
[SA16326] Mandriva update for mozilla
Critical: Highly critical
Where: From remote
Impact: System access, Spoofing, Cross Site Scripting, Security
Bypass
Released: 2005-08-03
Mandriva has issued an update for mozilla. This fixes some
vulnerabilities, which can be exploited by malicious people to bypass
certain security restrictions, conduct cross-site scripting and
spoofing attacks, and compromise a user's system.
Full Advisory:
http://secunia.com/advisories/16326/
--
[SA16307] Gentoo update for Compress-Zlib
Critical: Highly critical
Where: From remote
Impact: System access, DoS
Released: 2005-08-01
Gentoo has issued an update for Compress-Zlib. This fixes some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service) or potentially compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/16307/
--
[SA16302] Ubuntu update for
mozilla-thunderbird/mozilla-thunderbird-enigmail
Critical: Highly critical
Where: From remote
Impact: Security Bypass, Cross Site Scripting, Exposure of system
information, Exposure of sensitive information, System access
Released: 2005-08-01
Ubuntu has issued updates for mozilla-thunderbird and
mozilla-thunderbird-enigmail. These fix some vulnerabilities, which can
be exploited by malicious people to bypass certain security
restrictions, gain knowledge of potentially sensitive information,
conduct cross-site scripting attacks and compromise a user's system.
Full Advisory:
http://secunia.com/advisories/16302/
--
[SA16296] Conectiva update for clamav
Critical: Highly critical
Where: From remote
Impact: DoS, System access
Released: 2005-08-01
Conectiva has issued an update for clamav. This fixes some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service) or compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/16296/
--
[SA16290] Trustix update for multiple packages
Critical: Highly critical
Where: From remote
Impact: Security Bypass, Cross Site Scripting, Manipulation of
data, Exposure of sensitive information, Privilege escalation, DoS,
System access
Released: 2005-08-02
Trustix has issued various updated packages. These fix some
vulnerabilities, which can be exploited by malicious, local users to
gain escalated privileges, by malicious users to cause a DoS (Denial of
Service), or by malicious people to gain knowledge of sensitive
information, conduct HTTP request smuggling attacks, or compromise a
vulnerable system,
Full Advisory:
http://secunia.com/advisories/16290/
--
[SA16284] Gentoo update for emul-linux-x86-baselibs
Critical: Highly critical
Where: From remote
Impact: DoS, System access
Released: 2005-08-01
Gentoo has issued an update for emul-linux-x86-baselibs. This fixes
some vulnerabilities, which can be exploited by malicious people to
cause a DoS (Denial of Service) or potentially compromise a vulnerable
system.
Full Advisory:
http://secunia.com/advisories/16284/
--
[SA16276] Fedora update for ethereal
Critical: Highly critical
Where: From remote
Impact: DoS, System access
Released: 2005-07-29
Fedora has issued an update for ethereal. This fixes multiple
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service) or compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/16276/
--
[SA16257] SUSE Updates for Multiple Packages
Critical: Highly critical
Where: From remote
Impact: Security Bypass, Cross Site Scripting, Spoofing,
Manipulation of data, Exposure of sensitive information, DoS, System
access
Released: 2005-07-29
SUSE has issued updates for multiple packages. These fix various
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service), conduct HTTP request smuggling, spoofing and
cross-site scripting attacks, bypass certain security restrictions,
disclose and manipulate sensitive information, and compromise a
vulnerable system.
Full Advisory:
http://secunia.com/advisories/16257/
--
[SA16324] Gentoo update for nbsmtp
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2005-08-03
Gentoo has issued an update for nbsmtp. This fixes a vulnerability,
which potentially can be exploited by malicious people to compromise a
vulnerable system.
Full Advisory:
http://secunia.com/advisories/16324/
--
[SA16305] Gentoo update for pstotext
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2005-08-01
Gentoo has issued an update for pstotext. This fixes a vulnerability,
which can be exploited by malicious people to compromise a vulnerable
system.
Full Advisory:
http://secunia.com/advisories/16305/
--
[SA16304] MySQL Eventum Cross-Site Scripting and SQL Injection
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting, Manipulation of data
Released: 2005-08-01
James Bercegay has reported some vulnerabilities in MySQL Eventum,
which can be exploited by malicious people to conduct cross-site
scripting and SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/16304/
--
[SA16303] Debian update for pdns
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2005-08-01
Debian has issued an update for pdns. This fixes two vulnerabilities,
which can be exploited by malicious people to cause a DoS (Denial of
Service).
Full Advisory:
http://secunia.com/advisories/16303/
--
[SA16293] Slackware update for telnet
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2005-08-01
Slackware has issued an update for telnet. This fixes two
vulnerabilities, which can be exploited by malicious people to
compromise a user's system.
Full Advisory:
http://secunia.com/advisories/16293/
--
[SA16291] jabberd "jid.c" Buffer Overflow Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2005-08-01
Michael has reported some vulnerabilities in jabberd, which potentially
can be exploited by malicious users to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/16291/
--
[SA16288] Gentoo update for ProFTPD
Critical: Moderately critical
Where: From remote
Impact: Exposure of sensitive information, DoS, System access
Released: 2005-08-02
Gentoo has issued an update for ProFTPD. This fixes two
vulnerabilities, which can be exploited by malicious users to disclose
certain sensitive information, cause a DoS (Denial of Service), or
potentially compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/16288/
--
[SA16279] no-brainer SMTP Client "log_msg" Format String Vulnerability
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2005-08-01
A vulnerability has been reported in no-brainer SMTP client, which
potentially can be exploited by malicious people to compromise a
vulnerable system.
Full Advisory:
http://secunia.com/advisories/16279/
--
[SA16261] Mandriva update for fetchmail
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2005-07-29
Mandriva has issued an update for fetchmail. This fixes a
vulnerability, which can be exploited by malicious people to compromise
a vulnerable system.
Full Advisory:
http://secunia.com/advisories/16261/
--
[SA16299] Fedora update for httpd
Critical: Less critical
Where: From remote
Impact: Security Bypass, Cross Site Scripting, Manipulation of
data, DoS
Released: 2005-08-03
Fedora has issued an update for httpd. This fixes two vulnerabilities,
which can be exploited by malicious people to potentially cause a DoS
(Denial of Service) and conduct HTTP request smuggling attacks.
Full Advisory:
http://secunia.com/advisories/16299/
--
[SA16266] Ubuntu update for libtiff4
Critical: Less critical
Where: From remote
Impact: DoS
Released: 2005-07-29
Ubuntu has issued an update for libtiff4. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service).
Full Advisory:
http://secunia.com/advisories/16266/
--
[SA16259] HP NonStop Server DCE Core Services Denial of Service
Critical: Less critical
Where: From local network
Impact: DoS
Released: 2005-08-01
A vulnerability has been reported in HP NonStop Server, which can be
exploited by malicious people to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/16259/
--
[SA16278] Avaya CMS / IR Solaris Runtime Linker Vulnerability
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2005-08-02
Avaya has acknowledged a vulnerability in CMS and IR, which can be
exploited by malicious, local users to gain escalated privileges.
Full Advisory:
http://secunia.com/advisories/16278/
--
[SA16277] Debian update for gopher
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2005-08-01
Debian has issued an update for gopher. This fixes a vulnerability,
which can be exploited by malicious, local users to perform certain
actions on a vulnerable system with escalated privileges.
Full Advisory:
http://secunia.com/advisories/16277/
--
[SA16275] UMN Gopher Insecure Temporary File Creation
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2005-08-01
John Goerzen has reported a vulnerability in gopher, which can be
exploited by malicious, local users to perform certain actions on a
vulnerable system with escalated privileges.
Full Advisory:
http://secunia.com/advisories/16275/
--
[SA16269] Debian update for gaim
Critical: Not critical
Where: From remote
Impact: DoS
Released: 2005-07-29
Debian has issued an update for gaim. This fixes a weakness, which
potentially can be exploited by malicious people to cause a DoS (Denial
of Service).
Full Advisory:
http://secunia.com/advisories/16269/
--
[SA16265] Gaim libgadu Memory Alignment Weakness
Critical: Not critical
Where: From remote
Impact: DoS
Released: 2005-07-29
A weakness has been reported in Gaim, which potentially can be
exploited by malicious people to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/16265/
--
[SA16309] UnZip File Permissions Change Vulnerability
Critical: Not critical
Where: Local system
Impact: Privilege escalation
Released: 2005-08-03
Imran Ghory has reported a vulnerability in unzip, which can be
exploited by malicious, local users to perform certain actions on a
vulnerable system with escalated privileges.
Full Advisory:
http://secunia.com/advisories/16309/
Other:--
[SA16272] Cisco IOS IPv6 Packet Handling Vulnerability
Critical: Moderately critical
Where: From local network
Impact: DoS, System access
Released: 2005-07-29
A vulnerability has been reported in Ciso IOS, which can be exploited
by malicious people to cause a DoS (Denial of Service) or potentially
compromise a vulnerable network device.
Full Advisory:
http://secunia.com/advisories/16272/
--
[SA16271] Linksys WRT54G Router Common SSL Private Key Disclosure
Critical: Less critical
Where: From local network
Impact: Exposure of sensitive information
Released: 2005-07-29
Nick Simicich has reported a security issue in WRT54G, which
potentially can be exploited by malicious people to gain knowledge of
certain sensitive information.
Full Advisory:
http://secunia.com/advisories/16271/
Cross Platform:--
[SA16319] Karrigell Python Namespace Exposure Vulnerability
Critical: Highly critical
Where: From remote
Impact: DoS, System access
Released: 2005-08-03
Radovan Garabik has reported a vulnerability in Karrigell, which can be
exploited by malicious people to cause a DoS (Denial of Service) or
potentially compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/16319/
--
[SA16273] Simplicity oF Upload "language" File Inclusion Vulnerability
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2005-07-29
rgod has reported a vulnerability in Simplicity oF Upload, which can be
exploited by malicious people to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/16273/
--
[SA16260] PHPmyGallery "confdir" File Inclusion Vulnerability
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2005-07-29
Securitysos Inc. has reported a vulnerability in PHPmyGallery, which
can be exploited by malicious people to compromise a vulnerable
system.
Full Advisory:
http://secunia.com/advisories/16260/
--
[SA16323] nCipher CHIL Random Cache Inheritance Security Issue
Critical: Moderately critical
Where: From remote
Impact: Unknown
Released: 2005-08-03
A security issue has been reported in nCipher CHIL (Cryptographic
Hardware Interface Library), which may result in a program generating
the same random bytes in all child processes for a certain period of
time.
Full Advisory:
http://secunia.com/advisories/16323/
--
[SA16318] Metasploit Framework "defanged" Mode Bypass Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Security Bypass
Released: 2005-08-03
Dino Dai Zovi has reported a vulnerability in Metasploit Framework,
which can be exploited by malicious people to bypass certain security
restrictions.
Full Advisory:
http://secunia.com/advisories/16318/
--
[SA16312] PHPFreeNews Unspecified Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Unknown
Released: 2005-08-02
Some unspecified vulnerabilities with unknown impacts have been
reported in PHPFreeNews.
Full Advisory:
http://secunia.com/advisories/16312/
--
[SA16300] FlexPHPNews Multiple Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Security Bypass, Cross Site Scripting, Manipulation of
data, Exposure of system information, DoS
Released: 2005-08-02
rgod has reported some vulnerabilities in FlexPHPNews, which can be
exploited by malicious people to cause a DoS (Denial of Service), or
conduct cross-site scripting and SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/16300/
--
[SA16287] Ragnarok Online Control Panel Authentication Bypass
Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Security Bypass
Released: 2005-08-01
VaLiuS has reported a vulnerability in Ragnarok Online Control Panel,
which can be exploited by malicious people to bypass certain security
restrictions.
Full Advisory:
http://secunia.com/advisories/16287/
--
[SA16286] Kayako LiveResponse Multiple Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting, Manipulation of data, Exposure of
system information
Released: 2005-08-01
James Bercegay has reported some vulnerabilities in Kayako
LiveResponse, which can be exploited by malicious people to conduct
cross-site scripting, script insertion, and SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/16286/
--
[SA16262] Naxtor Shopping Cart Cross-Site Scripting and SQL Injection
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting, Manipulation of data
Released: 2005-08-03
John Cobb has reported some vulnerabilities in Naxtor Shopping Cart,
which can be exploited by malicious people to conduct cross-site
scripting and SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/16262/
--
[SA16316] BrightStor ARCserve Backup Agents Buffer Overflow
Vulnerability
Critical: Moderately critical
Where: From local network
Impact: System access
Released: 2005-08-03
A vulnerability has been reported in BrightStor ARCserve Backup, which
can be exploited by malicious people to compromise a vulnerable
system.
Full Advisory:
http://secunia.com/advisories/16316/
--
[SA16267] Novell eDirectory NMAS Password Challenge Bypass
Critical: Moderately critical
Where: From local network
Impact: Security Bypass
Released: 2005-07-29
A security issue has been reported in Novell eDirectory, which can be
exploited by malicious people to bypass certain security restrictions.
Full Advisory:
http://secunia.com/advisories/16267/
--
[SA16311] AderSoftware CFBB "page" Cross-Site Scripting
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2005-08-02
rUnViRuS has reported a vulnerability in AderSoftware CFBB, which can
be exploited by malicious people to conduct cross-site scripting
attacks.
Full Advisory:
http://secunia.com/advisories/16311/
--
[SA16292] ChurchInfo SQL Injection Vulnerabilities
Critical: Less critical
Where: From remote
Impact: Manipulation of data, Exposure of system information
Released: 2005-08-02
thegreatone2176 has discovered some vulnerabilities in ChurchInfo,
which can be exploited by malicious users to conduct SQL injection
attacks.
Full Advisory:
http://secunia.com/advisories/16292/
--
[SA16270] UNG "name" and "email" Mail Header Injection
Critical: Less critical
Where: From remote
Impact: Manipulation of data
Released: 2005-07-29
A vulnerability has been reported in UNG, which can be exploited by
malicious people to inject arbitrary mail headers.
Full Advisory:
http://secunia.com/advisories/16270/
--
[SA16263] Website Baker Cross-Site Scripting and File Upload
Vulnerabilities
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting, Exposure of system information,
System access
Released: 2005-07-29
thegreatone2176 has discovered some vulnerabilities in Website Baker,
which can be exploited by malicious people to conduct cross-site
scripting attacks and by malicious users to compromise a vulnerable
system.
Full Advisory:
http://secunia.com/advisories/16263/
--
[SA16274] phplist "id" SQL Injection Vulnerability
Critical: Not critical
Where: From remote
Impact: Manipulation of data
Released: 2005-07-29
thegreatone2176 has discovered a vulnerability in phplist, which can be
exploited by malicious users to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/16274/
========================================================================
Secunia recommends that you verify all advisories you receive,
by clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only use
those supplied by the vendor.
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Subscribe:
http://secunia.com/secunia_weekly_summary/
Contact details:
Web : http://secunia.com/
E-mail : support at secunia.com
Tel : +45 70 20 51 44
Fax : +45 70 20 51 45
More information about the ISN
mailing list