[ISN] Secunia Weekly Summary - Issue: 2005-32
InfoSec News
isn at c4i.org
Fri Aug 12 01:08:25 EDT 2005
========================================================================
The Secunia Weekly Advisory Summary
2005-08-04 - 2005-08-11
This week : 58 advisories
========================================================================
Table of Contents:
1.....................................................Word From Secunia
2....................................................This Week In Brief
3...............................This Weeks Top Ten Most Read Advisories
4.......................................Vulnerabilities Summary Listing
5.......................................Vulnerabilities Content Listing
========================================================================
1) Word From Secunia:
The Secunia staff is spending hours every day to assure you the best
and most reliable source for vulnerability information. Every single
vulnerability report is being validated and verified before a Secunia
advisory is written.
Secunia validates and verifies vulnerability reports in many different
ways e.g. by downloading the software and performing comprehensive
tests, by reviewing source code, or by validating the credibility of
the source from which the vulnerability report was issued.
As a result, Secunia's database is the most correct and complete source
for recent vulnerability information available on the Internet.
Secunia Online Vulnerability Database:
http://secunia.com/
========================================================================
2) This Week in Brief:
Microsoft has released their monthly security updates, which corrects
several vulnerabilities in various Microsoft products.
All users of Microsoft products are advised to check Windows Update for
available security updates.
Additional details can be found in referenced Secunia advisories below.
Reference:
http://secunia.com/SA16373
http://secunia.com/SA16372
http://secunia.com/SA16368
http://secunia.com/SA16356
http://secunia.com/SA16354
VIRUS ALERTS:
Secunia has not issued any virus alerts during the week.
========================================================================
3) This Weeks Top Ten Most Read Advisories:
1. [SA16373] Internet Explorer Three Vulnerabilities
2. [SA16105] Skype "skype_profile.jpg" Insecure Temporary File
Creation
3. [SA15601] Mozilla / Mozilla Firefox Frame Injection Vulnerability
4. [SA16298] Linux Kernel xfrm Array Indexing Overflow Vulnerability
5. [SA15870] Opera Download Dialog Spoofing Vulnerability
6. [SA16372] Microsoft Windows Plug-and-Play Service Buffer Overflow
7. [SA12758] Microsoft Word Document Parsing Buffer Overflow
Vulnerabilities
8. [SA15756] Opera Image Dragging Vulnerability
9. [SA16210] Microsoft Windows Unspecified USB Device Driver
Vulnerability
10. [SA16071] Windows Remote Desktop Protocol Denial of Service
Vulnerability
========================================================================
4) Vulnerabilities Summary Listing
Windows:
[SA16373] Internet Explorer Three Vulnerabilities
[SA16364] Lasso Professional Auth Tag Security Bypass Vulnerability
[SA16372] Microsoft Windows Plug-and-Play Service Buffer Overflow
[SA16356] Microsoft Windows Print Spooler Service Buffer Overflow
Vulnerability
[SA16354] Microsoft Windows Telephony Service Vulnerability
[SA16344] EMC Navisphere Manager Directory Traversal and Directory
Listing
[SA16368] Microsoft Windows Two Kerberos Vulnerabilities
UNIX/Linux:
[SA16387] Red Hat update for gaim
[SA16384] Red Hat update for gaim
[SA16379] Gaim Away Message Buffer Overflow and Denial of Service
[SA16363] Ubuntu update for ekg/libgadu3
[SA16341] Conectiva update for krb5
[SA16331] Mandriva update for ethereal
[SA16358] Red Hat update for ruby
[SA16349] Trustix update for multiple packages
[SA16336] Gentoo update for netpbm
[SA16391] Red Hat update for cups
[SA16390] Fedora update for kdegraphics
[SA16385] Ubuntu update for xpdf/kpdf
[SA16383] Red Hat update for xpdf/kdegraphics
[SA16380] CUPS xpdf Temporary File Writing Denial of Service
[SA16374] Xpdf Temporary File Writing Denial of Service
[SA16370] VegaDNS "message" Cross-Site Scripting Vulnerability
[SA16362] cPanel Password Change Privilege Escalation Security Issue
[SA16334] Ubuntu update for apache2
[SA16382] Red Hat update for ucd-snmp
[SA16367] Sun Solaris printd Daemon Arbitrary File Deletion
Vulnerability
[SA16381] Red Hat update for sysreport
[SA16360] Gentoo update for heartbeat
[SA16359] FFTW fftw-wisdom-to-conf.in Insecure Temporary File Creation
[SA16345] Lantonix Secure Console Server Multiple Vulnerabilities
[SA16343] Inkscape ps2epsi.sh Insecure Temporary File Creation
[SA16335] Conectiva update for heartbeat
[SA16355] Linux Kernel Keyring Management Denial of Service
Vulnerabilities
[SA16352] Wine winelauncher.in Insecure Temporary File Creation
[SA16328] Red Hat update for dump
Other:
Cross Platform:
[SA16386] WordPress "cache_lastpostdate" PHP Code Insertion
[SA16347] SysCP Two Vulnerabilities
[SA16346] Comdev eCommerce File Inclusion Vulnerability
[SA16342] Gravity Board X Multiple Vulnerabilities
[SA16339] XOOPS PHPMailer and XML-RPC Vulnerabilities
[SA16330] Flatnuke Multiple Vulnerabilities
[SA16388] PHlyMail Unspecified Login Bypass Vulnerability
[SA16375] XMB Forum Server Set Variable Overwrite and SQL Injection
[SA16369] Open Bulletin Board SQL Injection Vulnerabilities
[SA16366] MyFAQ Multiple Scripts SQL Injection Vulnerability
[SA16361] PHPSiteStats Unspecified Login Bypass Vulnerability
[SA16353] PHPLite Calendar Express Two Vulnerabilities
[SA16351] phpIncludes News System SQL Injection Vulnerability
[SA16371] FunkBoard Multiple Cross-Site Scripting Vulnerabilities
[SA16365] Chipmunk Forum "fontcolor" Cross-Site Scripting
Vulnerability
[SA16357] e107 HTML / TXT Attachment Script Insertion Vulnerability
[SA16348] Invision Power Board HTML / TXT Attachment Script Insertion
[SA16338] Jax LinkLists Cross-Site Scripting and Information
Disclosure
[SA16337] Jax Guestbook Cross-Site Scripting and Information
Disclosure
[SA16333] Jax Calendar Cross-Site Scripting Vulnerability
[SA16332] Jax Newsletter Cross-Site Scripting and Information
Disclosure
[SA16329] tDiary Cross-Site Request Forgery Vulnerability
========================================================================
5) Vulnerabilities Content Listing
Windows:--
[SA16373] Internet Explorer Three Vulnerabilities
Critical: Highly critical
Where: From remote
Impact: Cross Site Scripting
Released: 2005-08-09
Three vulnerabilities have been reported in Internet Explorer, which
can be exploited by malicious people to conduct cross-site scripting
attacks or compromise a user's system.
Full Advisory:
http://secunia.com/advisories/16373/
--
[SA16364] Lasso Professional Auth Tag Security Bypass Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Security Bypass
Released: 2005-08-10
A vulnerability has been reported in Lasso, which can be exploited by
malicious people to bypass certain security restrictions.
Full Advisory:
http://secunia.com/advisories/16364/
--
[SA16372] Microsoft Windows Plug-and-Play Service Buffer Overflow
Critical: Moderately critical
Where: From local network
Impact: Privilege escalation, System access
Released: 2005-08-09
ISS X-Force has reported a vulnerability in Microsoft Windows, which
can be exploited by malicious users to gain escalated privileges or by
malicious people to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/16372/
--
[SA16356] Microsoft Windows Print Spooler Service Buffer Overflow
Vulnerability
Critical: Moderately critical
Where: From local network
Impact: Privilege escalation, System access
Released: 2005-08-09
A vulnerability has been reported in Microsoft Windows, which can be
exploited by malicious people to cause a DoS (Denial of Service) or
potentially compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/16356/
--
[SA16354] Microsoft Windows Telephony Service Vulnerability
Critical: Moderately critical
Where: From local network
Impact: Privilege escalation, System access
Released: 2005-08-09
A vulnerability has been reported in Microsoft Windows, which can be
exploited by malicious, local users to gain escalated privileges or by
malicious people to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/16354/
--
[SA16344] EMC Navisphere Manager Directory Traversal and Directory
Listing
Critical: Moderately critical
Where: From local network
Impact: Exposure of system information, Exposure of sensitive
information
Released: 2005-08-08
Two vulnerabilities have been reported in EMC Navisphere Manager, which
can be exploited by malicious people to gain knowledge of sensitive
information.
Full Advisory:
http://secunia.com/advisories/16344/
--
[SA16368] Microsoft Windows Two Kerberos Vulnerabilities
Critical: Less critical
Where: From local network
Impact: Spoofing, Exposure of sensitive information, DoS
Released: 2005-08-09
Two vulnerabilities have been reported in Microsoft Windows, which can
be exploited by malicious users to cause a DoS (Denial of Service),
reveal sensitive information, or impersonate other users.
Full Advisory:
http://secunia.com/advisories/16368/
UNIX/Linux:--
[SA16387] Red Hat update for gaim
Critical: Highly critical
Where: From remote
Impact: DoS, System access
Released: 2005-08-10
Red Hat has issued an update for gaim. This fixes a vulnerability and
two weaknesses, which can be exploited by malicious people to cause a
DoS (Denial of Service) or compromise a user's system.
Full Advisory:
http://secunia.com/advisories/16387/
--
[SA16384] Red Hat update for gaim
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2005-08-10
Red Hat has issued an update for gaim. This fixes a vulnerability,
which can be exploited by malicious people to compromise a user's
system.
Full Advisory:
http://secunia.com/advisories/16384/
--
[SA16379] Gaim Away Message Buffer Overflow and Denial of Service
Critical: Highly critical
Where: From remote
Impact: DoS, System access
Released: 2005-08-10
A vulnerability and a weakness have been reported in Gaim, which can be
exploited by malicious people to cause a DoS (Denial of Service) or
compromise a user's system.
Full Advisory:
http://secunia.com/advisories/16379/
--
[SA16363] Ubuntu update for ekg/libgadu3
Critical: Highly critical
Where: From remote
Impact: Unknown, Privilege escalation, DoS, System access
Released: 2005-08-09
Ubuntu has issued updates for ekg and libgadu3. These fix some
vulnerabilities, which can be exploited by malicious, local users to
perform certain actions with escalated privileges, or by malicious
people to cause a DoS (Denial of Service) or compromise a vulnerable
system.
Full Advisory:
http://secunia.com/advisories/16363/
--
[SA16341] Conectiva update for krb5
Critical: Highly critical
Where: From remote
Impact: DoS, System access
Released: 2005-08-09
Conectiva has issued an update for krb5. This fixes some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service) or potentially compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/16341/
--
[SA16331] Mandriva update for ethereal
Critical: Highly critical
Where: From remote
Impact: DoS, System access
Released: 2005-08-05
Mandriva has issued an update for ethereal. This fixes some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service) or compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/16331/
--
[SA16358] Red Hat update for ruby
Critical: Moderately critical
Where: From remote
Impact: Security Bypass
Released: 2005-08-08
Red Hat has issued an update for ruby. This fixes a vulnerability,
which potentially can be exploited by malicious people to bypass
certain security restrictions.
Full Advisory:
http://secunia.com/advisories/16358/
--
[SA16349] Trustix update for multiple packages
Critical: Moderately critical
Where: From remote
Impact: Exposure of sensitive information, DoS, System access
Released: 2005-08-08
Trustix has issued updates for multiple packages. These fix some
vulnerabilities, which can be exploited to disclose certain sensitive
information, cause a DoS (Denial of Service), or potentially compromise
a vulnerable system.
Full Advisory:
http://secunia.com/advisories/16349/
--
[SA16336] Gentoo update for netpbm
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2005-08-05
Gentoo has issued an update for netpbm. This fixes a vulnerability,
which can be exploited by malicious people to compromise a vulnerable
system.
Full Advisory:
http://secunia.com/advisories/16336/
--
[SA16391] Red Hat update for cups
Critical: Less critical
Where: From remote
Impact: DoS
Released: 2005-08-10
Red Hat has issued an update for cups. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service).
Full Advisory:
http://secunia.com/advisories/16391/
--
[SA16390] Fedora update for kdegraphics
Critical: Less critical
Where: From remote
Impact: DoS
Released: 2005-08-10
Fedora has issued an update for kdegraphics. This fixes a
vulnerability, which can be exploited by malicious people to cause a
DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/16390/
--
[SA16385] Ubuntu update for xpdf/kpdf
Critical: Less critical
Where: From remote
Impact: DoS
Released: 2005-08-10
Ubuntu has issued updates for xpdf and kpdf. These fix a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service).
Full Advisory:
http://secunia.com/advisories/16385/
--
[SA16383] Red Hat update for xpdf/kdegraphics
Critical: Less critical
Where: From remote
Impact: DoS
Released: 2005-08-10
Red Hat has issued updates for xpdf and kdegraphics. These fix a
vulnerability, which can be exploited by malicious people to cause a
DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/16383/
--
[SA16380] CUPS xpdf Temporary File Writing Denial of Service
Critical: Less critical
Where: From remote
Impact: DoS
Released: 2005-08-10
A vulnerability has been reported in CUPS, which can be exploited by
malicious people to cause a DoS (Denial of Service) on a vulnerable
system.
Full Advisory:
http://secunia.com/advisories/16380/
--
[SA16374] Xpdf Temporary File Writing Denial of Service
Critical: Less critical
Where: From remote
Impact: DoS
Released: 2005-08-10
A vulnerability has been reported in Xpdf, which can be exploited by
malicious people to cause a DoS (Denial of Service) on a vulnerable
system.
Full Advisory:
http://secunia.com/advisories/16374/
--
[SA16370] VegaDNS "message" Cross-Site Scripting Vulnerability
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2005-08-10
dyn0 has discovered a vulnerability in VegaDNS, which can be exploited
by malicious people to conduct cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/16370/
--
[SA16362] cPanel Password Change Privilege Escalation Security Issue
Critical: Less critical
Where: From remote
Impact: Privilege escalation
Released: 2005-08-10
IHS has discovered a security issue in cPanel, which may allow
malicious users to gain escalated privileges.
Full Advisory:
http://secunia.com/advisories/16362/
--
[SA16334] Ubuntu update for apache2
Critical: Less critical
Where: From remote
Impact: Security Bypass, Cross Site Scripting, Manipulation of
data, DoS
Released: 2005-08-05
Ubuntu has issued an update for apache2. This fixes two
vulnerabilities, which can be exploited by malicious people to
potentially cause a DoS (Denial of Service) and conduct HTTP request
smuggling attacks.
Full Advisory:
http://secunia.com/advisories/16334/
--
[SA16382] Red Hat update for ucd-snmp
Critical: Less critical
Where: From local network
Impact: DoS
Released: 2005-08-10
Red Hat has issued an update for ucd-snmp. This fixes a vulnerability,
which can be exploited by malicious users to cause a DoS (Denial of
Service).
Full Advisory:
http://secunia.com/advisories/16382/
--
[SA16367] Sun Solaris printd Daemon Arbitrary File Deletion
Vulnerability
Critical: Less critical
Where: From local network
Impact: Manipulation of data
Released: 2005-08-09
A vulnerability has been reported in Solaris, which can be exploited by
malicious users to delete files on a vulnerable system.
Full Advisory:
http://secunia.com/advisories/16367/
--
[SA16381] Red Hat update for sysreport
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2005-08-10
Red Hat has issued an update for sysreport. This fixes a
vulnerability, which can be exploited by malicious, local users to
perform certain actions on a vulnerable system with escalated
privileges.
Full Advisory:
http://secunia.com/advisories/16381/
--
[SA16360] Gentoo update for heartbeat
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2005-08-08
Gentoo has issued an update for heartbeat. This fixes a vulnerability,
which can be exploited by malicious, local users to perform certain
actions on a vulnerable system with escalated privileges.
Full Advisory:
http://secunia.com/advisories/16360/
--
[SA16359] FFTW fftw-wisdom-to-conf.in Insecure Temporary File Creation
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2005-08-08
Javier Fernandez-Sanguino Pena has reported a vulnerability in FFTW,
which can be exploited by malicious, local users to perform certain
actions on a vulnerable system with escalated privileges.
Full Advisory:
http://secunia.com/advisories/16359/
--
[SA16345] Lantonix Secure Console Server Multiple Vulnerabilities
Critical: Less critical
Where: Local system
Impact: Exposure of sensitive information, Privilege escalation
Released: 2005-08-08
c0ntex has reported some vulnerabilities in Lantonix Secure Console
Server, which can be exploited by malicious, local users to gain
escalated privileges.
Full Advisory:
http://secunia.com/advisories/16345/
--
[SA16343] Inkscape ps2epsi.sh Insecure Temporary File Creation
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2005-08-09
Javier Fernandez-Sanguino Pena has reported a vulnerability in
Inkscape, which can be exploited by malicious, local users to perform
certain actions on a vulnerable system with escalated privileges.
Full Advisory:
http://secunia.com/advisories/16343/
--
[SA16335] Conectiva update for heartbeat
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2005-08-05
Conectiva has issued an update for heartbeat. This fixes a
vulnerability, which can be exploited by malicious, local users to
perform certain actions on a vulnerable system with escalated
privileges.
Full Advisory:
http://secunia.com/advisories/16335/
--
[SA16355] Linux Kernel Keyring Management Denial of Service
Vulnerabilities
Critical: Not critical
Where: Local system
Impact: DoS
Released: 2005-08-09
Some vulnerabilities have been reported in the Linux kernel, which can
be exploited by malicious, local users to cause a DoS (Denial of
Service).
Full Advisory:
http://secunia.com/advisories/16355/
--
[SA16352] Wine winelauncher.in Insecure Temporary File Creation
Critical: Not critical
Where: Local system
Impact: Privilege escalation
Released: 2005-08-08
Javier Fernandez-Sanguino Pena has reported a vulnerability in wine,
which can be exploited by malicious, local users to perform certain
actions on a vulnerable system with escalated privileges.
Full Advisory:
http://secunia.com/advisories/16352/
--
[SA16328] Red Hat update for dump
Critical: Not critical
Where: Local system
Impact: DoS
Released: 2005-08-04
Red Hat has issued an update for dump. This fixes a weakness, which can
be exploited by malicious, local users to cause a DoS (Denial of
Service).
Full Advisory:
http://secunia.com/advisories/16328/
Other:
Cross Platform:--
[SA16386] WordPress "cache_lastpostdate" PHP Code Insertion
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2005-08-10
kartoffelguru has discovered a vulnerability in WordPress, which can be
exploited by malicious people to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/16386/
--
[SA16347] SysCP Two Vulnerabilities
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2005-08-08
Christopher Kunz has reported two vulnerabilities in SysCP, which can
be exploited by malicious people to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/16347/
--
[SA16346] Comdev eCommerce File Inclusion Vulnerability
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2005-08-08
none has discovered a vulnerability in Comdev eCommerce, which can be
exploited by malicious people to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/16346/
--
[SA16342] Gravity Board X Multiple Vulnerabilities
Critical: Highly critical
Where: From remote
Impact: Security Bypass, Cross Site Scripting, Manipulation of
data, System access
Released: 2005-08-09
rgod has discovered some vulnerabilities in Gravity Board X, which can
be exploited by malicious people to conduct cross-site scripting
attacks, bypass certain security restrictions, or compromise a
vulnerable system.
Full Advisory:
http://secunia.com/advisories/16342/
--
[SA16339] XOOPS PHPMailer and XML-RPC Vulnerabilities
Critical: Highly critical
Where: From remote
Impact: DoS, System access
Released: 2005-08-09
Some vulnerabilities have been reported in XOOPS, which can be
exploited by malicious people to cause a DoS (Denial of Service) or
compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/16339/
--
[SA16330] Flatnuke Multiple Vulnerabilities
Critical: Highly critical
Where: From remote
Impact: Cross Site Scripting, System access
Released: 2005-08-05
rgod has discovered some vulnerabilities in Flatnuke, which can be
exploited by malicious people to conduct cross-site scripting attacks,
script insertion attacks, or compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/16330/
--
[SA16388] PHlyMail Unspecified Login Bypass Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Security Bypass
Released: 2005-08-10
A vulnerability has been reported in PHlyMail, which can be exploited
by malicious people to bypass certain security restrictions.
Full Advisory:
http://secunia.com/advisories/16388/
--
[SA16375] XMB Forum Server Set Variable Overwrite and SQL Injection
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2005-08-10
Heintz has discovered two vulnerabilities in XMB Forum, which can be
exploited by malicious users to overwrite certain server set variables
or conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/16375/
--
[SA16369] Open Bulletin Board SQL Injection Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2005-08-09
abducter has discovered some vulnerabilities in Open Bulletin Board,
which can be exploited by malicious people to conduct SQL injection
attacks.
Full Advisory:
http://secunia.com/advisories/16369/
--
[SA16366] MyFAQ Multiple Scripts SQL Injection Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2005-08-09
Censored has discovered a vulnerability in MyFAQ, which can be
exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/16366/
--
[SA16361] PHPSiteStats Unspecified Login Bypass Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Security Bypass
Released: 2005-08-08
A vulnerability has been reported in PHPSiteStats, which can be
exploited by malicious people to bypass certain security restrictions.
Full Advisory:
http://secunia.com/advisories/16361/
--
[SA16353] PHPLite Calendar Express Two Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting, Manipulation of data
Released: 2005-08-09
Two vulnerabilities have been reported in Calendar Express, which can
be exploited by malicious people to conduct SQL injection or cross-site
scripting attacks.
Full Advisory:
http://secunia.com/advisories/16353/
--
[SA16351] phpIncludes News System SQL Injection Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2005-08-08
A vulnerability has been reported in phpIncludes, which can be
exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/16351/
--
[SA16371] FunkBoard Multiple Cross-Site Scripting Vulnerabilities
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2005-08-09
rgod has discovered multiple vulnerabilities in FunkBoard, which can be
exploited by malicious people to conduct cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/16371/
--
[SA16365] Chipmunk Forum "fontcolor" Cross-Site Scripting
Vulnerability
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2005-08-09
rgod has discovered a vulnerability in Chipmunk, which can be exploited
by malicious people to conduct cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/16365/
--
[SA16357] e107 HTML / TXT Attachment Script Insertion Vulnerability
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2005-08-09
edward11 has discovered a vulnerability in e107, which can be exploited
by malicious people to conduct script insertion attacks.
Full Advisory:
http://secunia.com/advisories/16357/
--
[SA16348] Invision Power Board HTML / TXT Attachment Script Insertion
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2005-08-09
V[i]RuS has discovered a vulnerability in Invision Power Board, which
can be exploited by malicious people to conduct script insertion
attacks.
Full Advisory:
http://secunia.com/advisories/16348/
--
[SA16338] Jax LinkLists Cross-Site Scripting and Information
Disclosure
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting, Exposure of sensitive information
Released: 2005-08-05
Lostmon has discovered some vulnerabilities in Jax LinkLists, which can
be exploited by malicious people to conduct cross-site scripting attacks
or disclose certain information.
Full Advisory:
http://secunia.com/advisories/16338/
--
[SA16337] Jax Guestbook Cross-Site Scripting and Information
Disclosure
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting, Exposure of sensitive information
Released: 2005-08-05
Lostmon has discovered some vulnerabilities in Jax Guestbook, which can
be exploited by malicious people to conduct cross-site scripting attacks
or disclose certain sensitive information.
Full Advisory:
http://secunia.com/advisories/16337/
--
[SA16333] Jax Calendar Cross-Site Scripting Vulnerability
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2005-08-05
Lostmon has discovered a vulnerability in Jax Calendar, which can be
exploited by malicious people to conduct cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/16333/
--
[SA16332] Jax Newsletter Cross-Site Scripting and Information
Disclosure
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting, Exposure of sensitive information
Released: 2005-08-05
Lostmon has discovered some vulnerabilities in Jax Newsletter, which
can be exploited by malicious people to conduct cross-site scripting
attacks or disclose certain sensitive information.
Full Advisory:
http://secunia.com/advisories/16332/
--
[SA16329] tDiary Cross-Site Request Forgery Vulnerability
Critical: Less critical
Where: From remote
Impact: Hijacking
Released: 2005-08-08
A vulnerability has been reported in tDiary, which can be exploited by
malicious people to conduct cross-site request forgery attacks.
Full Advisory:
http://secunia.com/advisories/16329/
========================================================================
Secunia recommends that you verify all advisories you receive,
by clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only use
those supplied by the vendor.
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Subscribe:
http://secunia.com/secunia_weekly_summary/
Contact details:
Web : http://secunia.com/
E-mail : support at secunia.com
Tel : +45 70 20 51 44
Fax : +45 70 20 51 45
More information about the ISN
mailing list