[ISN] Secunia Weekly Summary - Issue: 2005-29

InfoSec News isn at c4i.org
Fri Jul 22 14:30:54 EDT 2005


========================================================================

                  The Secunia Weekly Advisory Summary                  
                        2005-07-14 - 2005-07-21                        

                       This week : 58 advisories                       

========================================================================
Table of Contents:

1.....................................................Word From Secunia
2....................................................This Week In Brief
3...............................This Weeks Top Ten Most Read Advisories
4.......................................Vulnerabilities Summary Listing
5.......................................Vulnerabilities Content Listing

========================================================================
1) Word From Secunia:

The Secunia staff is spending hours every day to assure you the best
and most reliable source for vulnerability information. Every single 
vulnerability report is being validated and verified before a Secunia
advisory is written.

Secunia validates and verifies vulnerability reports in many different
ways e.g. by downloading the software and performing comprehensive
tests, by reviewing source code, or by validating the credibility of
the source from which the vulnerability report was issued.

As a result, Secunia's database is the most correct and complete source
for recent vulnerability information available on the Internet.

Secunia Online Vulnerability Database:
http://secunia.com/

========================================================================
2) This Week in Brief:

Leon Juranic has reported a vulnerability in Winamp, which can be
exploited by malicious people to compromise a user's system.

The vendor has released an updated version, please view Secunia
advisory below for additional details.

Reference:
http://secunia.com/SA16077


VIRUS ALERTS:

Secunia has not issued any virus alerts during the week.

========================================================================
3) This Weeks Top Ten Most Read Advisories:

1.  [SA16071] Windows Remote Desktop Protocol Denial of Service
              Vulnerability
2.  [SA16105] Skype "skype_profile.jpg" Insecure Temporary File
              Creation
3.  [SA16004] Microsoft Windows Color Management Module Buffer Overflow
4.  [SA16043] Firefox Multiple Vulnerabilities
5.  [SA16077] Winamp ID3v2 Tag Handling Buffer Overflow Vulnerability
6.  [SA15998] Microsoft Word Font Parsing Buffer Overflow Vulnerability
7.  [SA16065] Windows Network Connections Service Denial of Service
8.  [SA16059] Mozilla Multiple Vulnerabilities
9.  [SA15489] Mozilla / Firefox / Camino Dialog Origin Spoofing
              Vulnerability
10. [SA12758] Microsoft Word Document Parsing Buffer Overflow
              Vulnerabilities

========================================================================
4) Vulnerabilities Summary Listing

Windows:
[SA16077] Winamp ID3v2 Tag Handling Buffer Overflow Vulnerability
[SA16115] Hosting Controller Multiple Vulnerabilities
[SA16104] VP-ASP Shopping Cart SQL Injection Vulnerabilities
[SA16098] Novell GroupWise WebAccess Script Insertion Vulnerability
[SA16097] MDaemon IMAP Authentication Denial of Service Vulnerability
[SA16135] Hitachi Groupmax Form and Web Workflow Server Set Denial of
Service
[SA16131] DVBBS "showerr.asp" Cross-Site Scripting Vulnerability
[SA16124] PeanutHull Privilege Escalation Vulnerability
[SA16127] Check Point VPN-1 SecuRemote / SecureClient Information
Disclosure Weakness

UNIX/Linux:
[SA16114] Debian update for krb5
[SA16109] SGI Advanced Linux Environment Multiple Updates
[SA16103] Gentoo update for php
[SA16101] Gentoo update for mozilla-thunderbird
[SA16095] Gentoo update for mozilla-firefox
[SA16089] SUSE update for acroread
[SA16086] Trustix update for multiple packages
[SA16079] Conectiva update for php4
[SA16122] Debian update for affix
[SA16116] Debian update for phppgadmin
[SA16106] Avaya Predictive Dialing System TCP/IP Denial of Service
[SA16094] Avaya telnet Two Vulnerabilities
[SA16085] BitDefender for Mail Servers Malware Detection Bypass
[SA16080] Slackware update for xv
[SA16121] Sun Management Center Oracle Listener Vulnerabilities
[SA16112] Debian update for heimdal
[SA16132] Apple Airport Insecure Association Security Issue
[SA16130] Gentoo update for mediawiki
[SA16119] HP Tru64 UNIX TCP/IP Implementation Vulnerabilities
[SA16083] Slackware update for tcpdump
[SA16113] Mandriva update for nss_ldap / pam_ldap
[SA16107] Gentoo update for dhcpcd
[SA16088] Red Hat update for cups
[SA16087] Shorewall Rules / Policies Bypass Security Issue
[SA16076] Gentoo update for pam_ldap / nss_ldap
[SA16133] Fedora update for kdelibs
[SA16120] Debian update for ekg
[SA16118] Debian update for heartbeat
[SA16105] Skype "skype_profile.jpg" Insecure Temporary File Creation
[SA16102] ekg Shell Command Injection and Insecure Temporary File
Creation
[SA16099] KDE Kate / KWrite Backup File Insecure File Permissions
[SA16084] Avaya Various Products glibc Vulnerabilities

Other:
[SA16125] F5 Networks BIG-IP / 3-DNS Three Vulnerabilities
[SA16126] Blue Coat Products ICMP Message Handling Denial of Service

Cross Platform:
[SA16093] MooseGallery "type" File Inclusion Vulnerability
[SA16091] Race Driver Format String and Buffer Overflow
Vulnerabilities
[SA16090] CaLogic "CLPATH" Arbitrary File Inclusion Vulnerability
[SA16134] ReviewPost PHP Pro "sort" SQL Injection Vulnerability
[SA16117] e107 Nested BBcode Script Insertion Vulnerability
[SA16111] PowerDNS Two Denial of Service Vulnerabilities
[SA16108] Sybase EAServer WebConsole Buffer Overflow Vulnerability
[SA16092] Oracle Reports / Forms Multiple Vulnerabilities
[SA16082] Sophos Anti-Virus ZIP Archive Denial of Service
Vulnerability
[SA16078] class-1 Forum Software Cross-Site Scripting and SQL
Injection
[SA16129] CuteNews "selected_search_arch" Cross-Site Scripting
Vulnerability
[SA16123] PHP Surveyor SQL Injection Vulnerabilities
[SA16110] PHPPageProtect Cross-Site Scripting Vulnerabilities
[SA16096] PHP-Fusion BBcode "color" CSS Code Insertion Vulnerability
[SA16081] Macromedia JRun Authentication Token Security Issue

========================================================================
5) Vulnerabilities Content Listing

Windows:--

[SA16077] Winamp ID3v2 Tag Handling Buffer Overflow Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2005-07-15

Leon Juranic has reported a vulnerability in Winamp, which can be
exploited by malicious people to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/16077/

 --

[SA16115] Hosting Controller Multiple Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data, Exposure of sensitive information
Released:    2005-07-18

Soroush Dalili has discovered some vulnerabilities in Hosting
Controller, which can be exploited by malicious users to gain knowledge
of sensitive information, modify data, or conduct SQL injection
attacks.

Full Advisory:
http://secunia.com/advisories/16115/

 --

[SA16104] VP-ASP Shopping Cart SQL Injection Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2005-07-18

Some vulnerabilities have been reported in VP-ASP Shopping Cart, which
can be exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/16104/

 --

[SA16098] Novell GroupWise WebAccess Script Insertion Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2005-07-19

Francisco Amato has reported a vulnerability in Novell GroupWise, which
can be exploited by malicious people to conduct script insertion
attacks.

Full Advisory:
http://secunia.com/advisories/16098/

 --

[SA16097] MDaemon IMAP Authentication Denial of Service Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2005-07-19

kcope has discovered a vulnerability in MDaemon, which can be exploited
by malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/16097/

 --

[SA16135] Hitachi Groupmax Form and Web Workflow Server Set Denial of
Service

Critical:    Less critical
Where:       From remote
Impact:      DoS
Released:    2005-07-20

A vulnerability has been reported in Groupmax Web Workflow Server Set
for (ASP) Active Server Pages and Groupmax Form for ASP, which can be
exploited by malicious users to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/16135/

 --

[SA16131] DVBBS "showerr.asp" Cross-Site Scripting Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2005-07-20

rUnViRuS has discovered a vulnerability in DVBBS, which can be
exploited by malicious people to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/16131/

 --

[SA16124] PeanutHull Privilege Escalation Vulnerability

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2005-07-20

Sowhat has discovered a vulnerability in PeanutHull, which can be
exploited by malicious, local users to gain escalated privileges.

Full Advisory:
http://secunia.com/advisories/16124/

 --

[SA16127] Check Point VPN-1 SecuRemote / SecureClient Information
Disclosure Weakness

Critical:    Not critical
Where:       Local system
Impact:      Exposure of sensitive information
Released:    2005-07-20

Sylvain Roger has discovered a weakness in SecuRemote / SecureClient,
which potentially can be exploited by malicious, local users to gain
knowledge of certain information.

Full Advisory:
http://secunia.com/advisories/16127/


UNIX/Linux:--

[SA16114] Debian update for krb5

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2005-07-18

Debian has issued an update for krb5. This fixes some vulnerabilities,
which can be exploited by malicious people to cause a DoS (Denial of
Service) or potentially compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/16114/

 --

[SA16109] SGI Advanced Linux Environment Multiple Updates

Critical:    Highly critical
Where:       From remote
Impact:      Security Bypass, Manipulation of data, Exposure of system
information, Privilege escalation, DoS, System access
Released:    2005-07-18

SGI has issued a patch for SGI Advanced Linux Environment. This fixes
multiple vulnerabilities, which can be exploited by malicious, local
users to potentially perform certain actions on a vulnerable system
with escalated privileges, by malicious users to bypass certain
security restrictions, and by malicious people to cause a DoS (Denial
of Service), overwrite arbitrary files on a user's system, gain
knowledge of various information, or compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/16109/

 --

[SA16103] Gentoo update for php

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2005-07-18

Gentoo has issued an update for php. This fixes a vulnerability, which
can be exploited by malicious people to compromise a vulnerable
system.

Full Advisory:
http://secunia.com/advisories/16103/

 --

[SA16101] Gentoo update for mozilla-thunderbird

Critical:    Highly critical
Where:       From remote
Impact:      Security Bypass, Cross Site Scripting, Exposure of system
information, Exposure of sensitive information, System access
Released:    2005-07-18

Gentoo has issued an update for mozilla-thunderbird. This fixes some
vulnerabilities, which can be exploited by malicious people to bypass
certain security restrictions, gain knowledge of potentially sensitive
information, conduct cross-site scripting attacks and compromise a
user's system.

Full Advisory:
http://secunia.com/advisories/16101/

 --

[SA16095] Gentoo update for mozilla-firefox

Critical:    Highly critical
Where:       From remote
Impact:      Security Bypass, Cross Site Scripting, Spoofing, System
access
Released:    2005-07-15

Gentoo has issued an update for mozilla-firefox. This fixes some
vulnerabilities, which can be exploited by malicious people to bypass
certain security restrictions, conduct spoofing and cross-site
scripting attacks, and compromise a user's system.

Full Advisory:
http://secunia.com/advisories/16095/

 --

[SA16089] SUSE update for acroread

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2005-07-15

SUSE has issued an update for acroread. This fixes a vulnerability,
which can be exploited by malicious people to compromise a user's
system.

Full Advisory:
http://secunia.com/advisories/16089/

 --

[SA16086] Trustix update for multiple packages

Critical:    Highly critical
Where:       From remote
Impact:      Privilege escalation, DoS, System access
Released:    2005-07-15

Trustix has issued various updated packages. These fix some
vulnerabilities, which potentially can be exploited by malicious, local
users to gain escalated privileges, or by malicious people to cause a
DoS (Denial of Service) or potentially compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/16086/

 --

[SA16079] Conectiva update for php4

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2005-07-15

Conectiva has issued an update for php4. This fixes a vulnerability,
which can be exploited by malicious people to compromise a vulnerable
system.

Full Advisory:
http://secunia.com/advisories/16079/

 --

[SA16122] Debian update for affix

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2005-07-19

Debian has issued an update for affix. This fixes two vulnerabilities,
which can be exploited by malicious people to compromise a vulnerable
system.

Full Advisory:
http://secunia.com/advisories/16122/

 --

[SA16116] Debian update for phppgadmin

Critical:    Moderately critical
Where:       From remote
Impact:      Exposure of sensitive information
Released:    2005-07-18

Debian has issued an update for phppgadmin. This fixes a vulnerability,
which can be exploited by malicious people to disclose sensitive
information.

Full Advisory:
http://secunia.com/advisories/16116/

 --

[SA16106] Avaya Predictive Dialing System TCP/IP Denial of Service

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2005-07-19

Avaya has acknowledged a vulnerability in Avaya Predictive Dialing
System, which can be exploited by malicious people to cause a DoS
(Denial of Service).

Full Advisory:
http://secunia.com/advisories/16106/

 --

[SA16094] Avaya telnet Two Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2005-07-15

Avaya has acknowledged two vulnerabilities in Intuity Audix, which can
be exploited by malicious people to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/16094/

 --

[SA16085] BitDefender for Mail Servers Malware Detection Bypass

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass
Released:    2005-07-15

Alexander Hagenah has reported a vulnerability in BitDefender for Mail
Servers, which can be exploited by malware to bypass certain scanning
functionality.

Full Advisory:
http://secunia.com/advisories/16085/

 --

[SA16080] Slackware update for xv

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2005-07-15



Full Advisory:
http://secunia.com/advisories/16080/

 --

[SA16121] Sun Management Center Oracle Listener Vulnerabilities

Critical:    Moderately critical
Where:       From local network
Impact:      System access
Released:    2005-07-19

Sun has acknowledged some vulnerabilities in Sun Management Center,
which can be exploited by malicious users to compromise a vulnerable
system.

Full Advisory:
http://secunia.com/advisories/16121/

 --

[SA16112] Debian update for heimdal

Critical:    Moderately critical
Where:       From local network
Impact:      System access
Released:    2005-07-18

Debian has issued an update for heimdal. This fixes a vulnerability,
which potentially can be exploited by malicious people to compromise a
vulnerable system.

Full Advisory:
http://secunia.com/advisories/16112/

 --

[SA16132] Apple Airport Insecure Association Security Issue

Critical:    Less critical
Where:       From remote
Impact:      Security Bypass
Released:    2005-07-20

A security issue has been reported in Airport, which may result in a
user associating to an unsecure network without warning.

Full Advisory:
http://secunia.com/advisories/16132/

 --

[SA16130] Gentoo update for mediawiki

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2005-07-20

Gentoo has issued an update for mediawiki. This fixes a vulnerability,
which can be exploited by malicious people to conduct cross-site
scripting attacks.

Full Advisory:
http://secunia.com/advisories/16130/

 --

[SA16119] HP Tru64 UNIX TCP/IP Implementation Vulnerabilities

Critical:    Less critical
Where:       From remote
Impact:      Spoofing, DoS
Released:    2005-07-19

HP has acknowledged some vulnerabilities in HP Tru64 UNIX, which can be
exploited by malicious people to cause various types of DoS (Denial of
Service) or spoof TCP traffic.

Full Advisory:
http://secunia.com/advisories/16119/

 --

[SA16083] Slackware update for tcpdump

Critical:    Less critical
Where:       From remote
Impact:      DoS
Released:    2005-07-15

Slackware has issued an update for tcpdump. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/16083/

 --

[SA16113] Mandriva update for nss_ldap / pam_ldap

Critical:    Less critical
Where:       From local network
Impact:      Exposure of sensitive information
Released:    2005-07-19

Mandriva has issued an update for nss_ldap / pam_ldap. This fixes a
security issue, which can be exploit by malicious people to gain
knowledge of sensitive information.

Full Advisory:
http://secunia.com/advisories/16113/

 --

[SA16107] Gentoo update for dhcpcd

Critical:    Less critical
Where:       From local network
Impact:      DoS
Released:    2005-07-18

Gentoo has issued an update for dhcpcd. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/16107/

 --

[SA16088] Red Hat update for cups

Critical:    Less critical
Where:       From local network
Impact:      Security Bypass
Released:    2005-07-15

Red Hat has issued an update for cups. This fixes a vulnerability,
which can be exploited by malicious users to bypass certain security
restrictions.

Full Advisory:
http://secunia.com/advisories/16088/

 --

[SA16087] Shorewall Rules / Policies Bypass Security Issue

Critical:    Less critical
Where:       From local network
Impact:      Security Bypass
Released:    2005-07-18

A security issue has been reported in Shorewall, which can be exploited
by malicious people to bypass certain security restrictions.

Full Advisory:
http://secunia.com/advisories/16087/

 --

[SA16076] Gentoo update for pam_ldap / nss_ldap

Critical:    Less critical
Where:       From local network
Impact:      Exposure of sensitive information
Released:    2005-07-14

Gentoo has issued an update for pam_ldap and nss_ldap. This fixes a
security issue, which can be exploit by malicious people to gain
knowledge of sensitive information.

Full Advisory:
http://secunia.com/advisories/16076/

 --

[SA16133] Fedora update for kdelibs

Critical:    Less critical
Where:       Local system
Impact:      Exposure of sensitive information
Released:    2005-07-20

Fedora has issued an update for kdelibs. This fixes a security issue,
which can be exploited by malicious, local users to gain knowledge of
certain information.

Full Advisory:
http://secunia.com/advisories/16133/

 --

[SA16120] Debian update for ekg

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2005-07-19

Debian has issued an update for ekg. This fixes some vulnerabilities,
which can be exploited by malicious, local users to perform certain
actions on a vulnerable system with escalated privileges.

Full Advisory:
http://secunia.com/advisories/16120/

 --

[SA16118] Debian update for heartbeat

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2005-07-19

Debian has issued an update for heartbeat. This fixes a vulnerability,
which can be exploited by malicious, local users to perform certain
actions on a vulnerable system with escalated privileges.

Full Advisory:
http://secunia.com/advisories/16118/

 --

[SA16105] Skype "skype_profile.jpg" Insecure Temporary File Creation

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2005-07-18

Giovanni Delvecchio has discovered a vulnerability in Skype for Linux,
which can be exploited by malicious, local users to perform certain
actions on a vulnerable system with escalated privileges.

Full Advisory:
http://secunia.com/advisories/16105/

 --

[SA16102] ekg Shell Command Injection and Insecure Temporary File
Creation

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2005-07-19

Marcin Owsiany and Wojtek Kaniewski have reported two vulnerabilities
in ekg, which can be exploited by malicious, local users to perform
certain actions on a vulnerable system with escalated privileges.

Full Advisory:
http://secunia.com/advisories/16102/

 --

[SA16099] KDE Kate / KWrite Backup File Insecure File Permissions

Critical:    Less critical
Where:       Local system
Impact:      Exposure of sensitive information
Released:    2005-07-19

bjoern has reported a security issue in Kate and KWrite, which can be
exploited by malicious, local users to gain knowledge of certain
information.

Full Advisory:
http://secunia.com/advisories/16099/

 --

[SA16084] Avaya Various Products glibc Vulnerabilities

Critical:    Less critical
Where:       Local system
Impact:      Exposure of system information, Privilege escalation
Released:    2005-07-15

Avaya has acknowledged two vulnerabilities in several products, which
can be exploited by malicious, local users to gain knowledge of certain
system information or conduct certain actions with escalated
privileges.

Full Advisory:
http://secunia.com/advisories/16084/


Other:--

[SA16125] F5 Networks BIG-IP / 3-DNS Three Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2005-07-20

F5 Networks has acknowledged some vulnerabilities in BIG-IP and 3-DNS,
which can be exploited by malicious people to compromise a user's
system.

Full Advisory:
http://secunia.com/advisories/16125/

 --

[SA16126] Blue Coat Products ICMP Message Handling Denial of Service

Critical:    Less critical
Where:       From remote
Impact:      DoS
Released:    2005-07-20

Blue Coat Systems has acknowledged some vulnerabilities in various
products, which can be exploited by malicious people to cause a DoS
(Denial of Service) on an active TCP session.

Full Advisory:
http://secunia.com/advisories/16126/


Cross Platform:--

[SA16093] MooseGallery "type" File Inclusion Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2005-07-15

][GB][ has discovered a vulnerability in MooseGallery, which can be
exploited by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/16093/

 --

[SA16091] Race Driver Format String and Buffer Overflow
Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2005-07-19

Luigi Auriemma has reported two vulnerabilities in Race Driver, which
can be exploited by malicious people to cause a DoS (Denial of Service)
or potentially compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/16091/

 --

[SA16090] CaLogic "CLPATH" Arbitrary File Inclusion Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2005-07-19

sky has discovered a vulnerability in CaLogic, which can be exploited
by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/16090/

 --

[SA16134] ReviewPost PHP Pro "sort" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2005-07-20

A vulnerability has been reported in ReviewPost, which can be exploited
by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/16134/

 --

[SA16117] e107 Nested BBcode Script Insertion Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2005-07-20

Nick Griffin has discovered a vulnerability in e107, which can be
exploited by malicious people to conduct script insertion attacks.

Full Advisory:
http://secunia.com/advisories/16117/

 --

[SA16111] PowerDNS Two Denial of Service Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2005-07-18

Two vulnerabilities have been reported in PowerDNS, which can be
exploited by malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/16111/

 --

[SA16108] Sybase EAServer WebConsole Buffer Overflow Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2005-07-18

SPI Dynamics has reported a vulnerability in Sybase EAServer, which can
be exploited by malicious users to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/16108/

 --

[SA16092] Oracle Reports / Forms Multiple Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting, Manipulation of data, Exposure of
sensitive information, Privilege escalation, System access
Released:    2005-07-20

Alexander Kornbrust has reported some vulnerabilities in Oracle Reports
and Forms, which can be exploited to gain escalated privileges, gain
knowledge of certain information, overwrite arbitrary files, conduct
cross-site scripting attacks, or potentially compromise a vulnerable
system.

Full Advisory:
http://secunia.com/advisories/16092/

 --

[SA16082] Sophos Anti-Virus ZIP Archive Denial of Service
Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2005-07-15

A vulnerability has been reported in Sophos Anti-Virus, which can be
exploited by malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/16082/

 --

[SA16078] class-1 Forum Software Cross-Site Scripting and SQL
Injection

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting, Manipulation of data
Released:    2005-07-14

Lostmon has discovered some vulnerabilities in class-1 Forum Software,
which can be exploited by malicious people to conduct cross-site
scripting and SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/16078/

 --

[SA16129] CuteNews "selected_search_arch" Cross-Site Scripting
Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting, Exposure of system information
Released:    2005-07-20

rgod has discovered a vulnerability in CuteNews, which can be exploited
by malicious people to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/16129/

 --

[SA16123] PHP Surveyor SQL Injection Vulnerabilities

Critical:    Less critical
Where:       From remote
Impact:      Manipulation of data, Exposure of system information
Released:    2005-07-20

thegreatone has discovered some vulnerabilities in PHP Surveyor, which
can be exploited by malicious users to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/16123/

 --

[SA16110] PHPPageProtect Cross-Site Scripting Vulnerabilities

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2005-07-19

rgod has discovered some vulnerabilities in PHPPageProtect, which can
be exploited by malicious people to conduct cross-site scripting
attacks.

Full Advisory:
http://secunia.com/advisories/16110/

 --

[SA16096] PHP-Fusion BBcode "color" CSS Code Insertion Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Manipulation of data
Released:    2005-07-20

Grindordie has discovered a vulnerability in PHP-Fusion, which can be
exploited by malicious people to manipulate the view of the web site
interface.

Full Advisory:
http://secunia.com/advisories/16096/

 --

[SA16081] Macromedia JRun Authentication Token Security Issue

Critical:    Less critical
Where:       From remote
Impact:      Security Bypass
Released:    2005-07-15

A security issue has been reported in JRun, which can result in
malicious users gaining access to another user's session.

Full Advisory:
http://secunia.com/advisories/16081/



========================================================================

Secunia recommends that you verify all advisories you receive,
by clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only use
those supplied by the vendor.

Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/

Subscribe:
http://secunia.com/secunia_weekly_summary/

Contact details:
Web	: http://secunia.com/
E-mail	: support at secunia.com
Tel	: +45 70 20 51 44
Fax	: +45 70 20 51 45






More information about the ISN mailing list