[ISN] Secunia Weekly Summary - Issue: 2005-46
InfoSec News
isn at c4i.org
Fri Nov 18 02:15:28 EST 2005
========================================================================
The Secunia Weekly Advisory Summary
2005-11-10 - 2005-11-17
This week : 69 advisories
========================================================================
Table of Contents:
1.....................................................Word From Secunia
2....................................................This Week In Brief
3...............................This Weeks Top Ten Most Read Advisories
4.......................................Vulnerabilities Summary Listing
5.......................................Vulnerabilities Content Listing
========================================================================
1) Word From Secunia:
The Secunia staff is spending hours every day to assure you the best
and most reliable source for vulnerability information. Every single
vulnerability report is being validated and verified before a Secunia
advisory is written.
Secunia validates and verifies vulnerability reports in many different
ways e.g. by downloading the software and performing comprehensive
tests, by reviewing source code, or by validating the credibility of
the source from which the vulnerability report was issued.
As a result, Secunia's database is the most correct and complete source
for recent vulnerability information available on the Internet.
Secunia Online Vulnerability Database:
http://secunia.com/
========================================================================
2) This Week in Brief:
A vulnerability has been reported in First4Internet XCP's
uninstallation ActiveX control, which potentially can be exploited by
malicious people to compromise a user's system.
The vulnerability is caused due to the "CodeSupport.ocx" ActiveX
control that is installed via Internet Explorer when the user
un-installs the XCP DRM software by visiting the vendor's website.
The ActiveX control is marked safe-for-scripting and supports several
potentially dangerous methods like "RebootMachine", "InstallUpdate",
and "IsAdministrator". This may be exploited to install arbitrary code
on the user's system.
Additional information may be found in the referenced Secunia
advisories below.
Reference:
http://secunia.com/SA17610
http://secunia.com/SA17408
--
A vulnerability has been reported in Lynx, which can be exploited by
malicious people to compromise a user's system.
The vendor has released a new version, which address this issue.
Reference:
http://secunia.com/SA17372
VIRUS ALERTS:
Secunia has not issued any virus alerts during the week.
========================================================================
3) This Weeks Top Ten Most Read Advisories:
1. [SA17430] Macromedia Flash Player SWF File Handling Arbitrary Code
Execution
2. [SA17498] Microsoft Windows WMF/EMF File Rendering Arbitrary Code
Execution
3. [SA17553] Cisco ISAKMP IKE Message Processing Denial of Service
4. [SA17514] RealPlayer/RealOne/HelixPlayer "rm" and "rjs" File
Handling Buffer Overflow
5. [SA17503] VERITAS NetBackup "vmd" Shared Library Buffer Overflow
Vulnerability
6. [SA15601] Mozilla / Mozilla Firefox Frame Injection Vulnerability
7. [SA17509] Nortel CallPilot Multiple Vulnerabilities
8. [SA13893] AWStats "configdir" Parameter Arbitrary Command Execution
9. [SA15852] XML-RPC for PHP PHP Code Execution Vulnerability
10. [SA17428] Apple QuickTime Multiple Vulnerabilities
========================================================================
4) Vulnerabilities Summary Listing
Windows:
[SA17610] Sony CD First4Internet XCP Uninstallation ActiveX Control
Vulnerability
[SA17583] Freeftpd USER Command Buffer Overflow Vulnerability
[SA17611] Macromedia Breeze Communication Server/Live Server Denial of
Service
[SA17582] AudienceView "TSerrorMessage" Cross-Site Scripting
Vulnerability
[SA17565] Internet Explorer Image Control Status Bar Spoofing Weakness
UNIX/Linux:
[SA17576] Fedora update for lynx
[SA17559] SUSE Updates for Multiple Packages
[SA17556] Red Hat update for lynx
[SA17549] Gentoo scorched3d Multiple Vulnerabilities
[SA17546] Mandriva update for lynx
[SA17592] Fedora update for gdk-pixbuf
[SA17591] Fedora update for gtk2
[SA17588] Red Hat update for gtk2
[SA17586] Debian update for linux-ftpd-ssl
[SA17584] Debian update for phpsysinfo
[SA17581] Openswan ISAKMP IKE Message Processing Denial of Service
[SA17562] Ubuntu update for gtk2-engines-pixbuf / libgdk-pixbuf2
[SA17554] Sun Solaris in.iked ISAKMP IKE Message Processing Denial of
Service
[SA17551] Debian update for abiword
[SA17544] Pnmtopng "alphas_of_color" Buffer Overflow Vulnerability
[SA17540] Gentoo update for sylpheed
[SA17538] Red Hat update for gdk-pixbuf
[SA17531] Red Hat update for php
[SA17529] Gentoo update for linux-ftpd-ssl
[SA17589] UnixWare update for openssl
[SA17587] LiteSpeed Web Server WebAdmin Cross-Site Scripting
Vulnerability
[SA17563] PEAR Installer Arbitrary Code Execution Vulnerability
[SA17558] Debian update for acidlab
[SA17552] ACID Cross-Site Scripting and SQL Injection Vulnerabilities
[SA17572] Debian update for uim
[SA17545] HP-UX xterm Unspecified Unauthorized Access Vulnerability
[SA17539] Fedora update for sysreport
[SA17535] Red Hat update for lm_sensors
[SA17534] Sudo Perl Environment Cleaning Privilege Escalation
Vulnerability
[SA17532] Red Hat update for cpio
[SA17530] MigrationTools Insecure Temporary File Usage Vulnerability
[SA17528] Campsite MySQL Password Exposure Mail Transfer Security
Issue
[SA17541] Fedora update for kernel
Other:
[SA17608] Nortel Switched Firewall ISAKMP IKE Message Processing Denial
of Service
[SA17568] Juniper JUNOS/JUNOSe ISAKMP IKE Message Processing Denial of
Service
[SA17553] Cisco ISAKMP IKE Message Processing Denial of Service
[SA17601] Belkin Wireless G Router Web Management Authentication
Bypass
[SA17550] Cisco ASA Failover Denial of Service Weakness
Cross Platform:
[SA17605] AlstraSoft Affiliate Network Pro Multiple Vulnerabilities
[SA17603] AlstraSoft Template Seller Pro File Inclusion and SQL
Injection
[SA17574] PollVote "pollname" File Inclusion Vulnerability
[SA17567] Secgo Crypto IP Gateway/Client ISAKMP IKE Message Processing
Vulnerability
[SA17561] iCMS "page" File Inclusion Vulnerability
[SA17542] CodeGrrl Products "siteurl" File Inclusion Vulnerability
[SA17612] Macromedia Flash Communication Server MX Denial of Service
[SA17596] OnContent // CMS "pid" SQL Injection Vulnerability
[SA17590] phpwcms Disclosure of Sensitive Information and Cross-Site
Scripting
[SA17580] Help Center Live "file" Local File Inclusion Vulnerability
[SA17579] phpPgAds Multiple Vulnerabilities
[SA17577] MyBulletinBoard Multiple Vulnerabilities
[SA17575] Xoops WF-Downloads Module "list" SQL Injection Vulnerability
[SA17573] Xoops "xoopsConfig[language]" Local File Inclusion
Vulnerability
[SA17569] Ekinboard Topic Title Script Insertion Vulnerability
[SA17566] StoneGate Firewall and VPN ISAKMP IKE Message Processing
Denial of Service
[SA17548] Wizz Forum Multiple SQL Injection Vulnerabilities
[SA17543] PHP-Nuke "query" SQL Injection Vulnerability
[SA17536] Peel "rubid" SQL Injection Vulnerability
[SA17533] Pearl Forums SQL Injection and Local File Inclusion
Vulnerabilities
[SA17578] phpMyAdmin HTTP Response Splitting Vulnerability
[SA17560] PHP GEN Cross-Site Scripting Vulnerabilities
[SA17547] Walla TeleSite Cross-Site Scripting Vulnerability
[SA17537] Dev-Editor Virtual Root Directory Restriction Bypass
[SA17613] Macromedia Contribute Publishing Server Weak Password
Encryption
[SA17571] Opera Image Control Status Bar Spoofing Weakness
========================================================================
5) Vulnerabilities Content Listing
Windows:--
[SA17610] Sony CD First4Internet XCP Uninstallation ActiveX Control
Vulnerability
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2005-11-16
A vulnerability has been reported in First4Internet XCP's
uninstallation ActiveX control, which potentially can be exploited by
malicious people to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/17610/
--
[SA17583] Freeftpd USER Command Buffer Overflow Vulnerability
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2005-11-17
barabas mutsonline has discovered a vulnerability in freeftpd, which
can be exploited by malicious people to compromise a vulnerable
system.
Full Advisory:
http://secunia.com/advisories/17583/
--
[SA17611] Macromedia Breeze Communication Server/Live Server Denial of
Service
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2005-11-16
A vulnerability has been reported in Breeze Communication Server and
Breeze Live Server, which potentially can be exploited by malicious
people to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/17611/
--
[SA17582] AudienceView "TSerrorMessage" Cross-Site Scripting
Vulnerability
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2005-11-16
syst3m_f4ult has reported a vulnerability in AudienceView, which can be
exploited by malicious people to conduct cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/17582/
--
[SA17565] Internet Explorer Image Control Status Bar Spoofing Weakness
Critical: Not critical
Where: From remote
Impact: Security Bypass
Released: 2005-11-16
Claudio "Sverx" has discovered a weakness in Internet Explorer, which
can be exploited by malicious people to trick users into visiting a
malicious website by obfuscating URLs displayed in the status bar.
Full Advisory:
http://secunia.com/advisories/17565/
UNIX/Linux:--
[SA17576] Fedora update for lynx
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2005-11-15
Fedora has issued an update for lynx. This fixes a vulnerability, which
can be exploited by malicious people to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/17576/
--
[SA17559] SUSE Updates for Multiple Packages
Critical: Highly critical
Where: From remote
Impact: DoS, System access
Released: 2005-11-14
SUSE has issued updates for multiple packages. These fix various
vulnerabilities, which can be exploited by malicious people to disclose
system information, cause a DoS (Denial of Service) and potentially to
compromise a vulnerable or a user's system.
Full Advisory:
http://secunia.com/advisories/17559/
--
[SA17556] Red Hat update for lynx
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2005-11-14
Red Hat has issued an update for lynx. This fixes a vulnerability,
which can be exploited by malicious people to compromise a user's
system.
Full Advisory:
http://secunia.com/advisories/17556/
--
[SA17549] Gentoo scorched3d Multiple Vulnerabilities
Critical: Highly critical
Where: From remote
Impact: DoS, System access
Released: 2005-11-15
Gentoo has acknowledged some vulnerabilities in scorched3d, which can
be exploited by malicious people to cause a DoS (Denial of Service) and
potentially compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/17549/
--
[SA17546] Mandriva update for lynx
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2005-11-14
Mandriva has issued an update for lynx. This fixes a vulnerability,
which can be exploited by malicious people to compromise a user's
system.
Full Advisory:
http://secunia.com/advisories/17546/
--
[SA17592] Fedora update for gdk-pixbuf
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2005-11-16
Fedora has issued an update for gdk-pixbuf. This fixes some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service) and potentially to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/17592/
--
[SA17591] Fedora update for gtk2
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2005-11-16
Fedora has issued an update for gtk2. This fixes some vulnerabilities,
which can be exploited by malicious people to cause a DoS (Denial of
Service) and potentially to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/17591/
--
[SA17588] Red Hat update for gtk2
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2005-11-15
Red Hat has issued an update for gtk2. This fixes some vulnerabilities,
which can be exploited by malicious people to cause a DoS (Denial of
Service) and potentially to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/17588/
--
[SA17586] Debian update for linux-ftpd-ssl
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2005-11-15
Debian has issued an update for linux-ftpd-ssl. This fixes a
vulnerability, which can be exploited by malicious users to compromise
a vulnerable system.
Full Advisory:
http://secunia.com/advisories/17586/
--
[SA17584] Debian update for phpsysinfo
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting, Manipulation of data, Exposure of
system information, Exposure of sensitive information
Released: 2005-11-15
Debian has issued an update for phpsysinfo. This fixes some
vulnerabilities, which can be exploited by malicious people to conduct
cross-site scripting attacks and manipulate certain information.
Full Advisory:
http://secunia.com/advisories/17584/
--
[SA17581] Openswan ISAKMP IKE Message Processing Denial of Service
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2005-11-15
Two vulnerabilities have been reported in openswan-2, which can be
exploited by malicious people to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/17581/
--
[SA17562] Ubuntu update for gtk2-engines-pixbuf / libgdk-pixbuf2
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2005-11-16
Ubuntu has issued an update for gtk2-engines-pixbuf / libgdk-pixbuf2.
This fixes some vulnerabilities, which can be exploited by malicious
people to cause a DoS (Denial of Service) and potentially to compromise
a user's system.
Full Advisory:
http://secunia.com/advisories/17562/
--
[SA17554] Sun Solaris in.iked ISAKMP IKE Message Processing Denial of
Service
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2005-11-15
Sun has acknowledged a vulnerability in Solaris, which can be exploited
by malicious people to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/17554/
--
[SA17551] Debian update for abiword
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2005-11-15
Debian has issued an update for abiword. This fixes some
vulnerabilities, which potentially can be exploited by malicious people
to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/17551/
--
[SA17544] Pnmtopng "alphas_of_color" Buffer Overflow Vulnerability
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2005-11-15
A vulnerability has been reported in pnmtopng, which can be exploited
by malicious people to cause a DoS (Denial of Service) and potentially
to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/17544/
--
[SA17540] Gentoo update for sylpheed
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2005-11-15
Gentoo has issued an update for sylpheed. This fixes a vulnerability,
which potentially can be exploited by malicious people to compromise a
user's system.
Full Advisory:
http://secunia.com/advisories/17540/
--
[SA17538] Red Hat update for gdk-pixbuf
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2005-11-15
Red Hat has issued an update for gdk-pixbuf. This fixes some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service) and potentially to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/17538/
--
[SA17531] Red Hat update for php
Critical: Moderately critical
Where: From remote
Impact: Security Bypass, Cross Site Scripting
Released: 2005-11-11
Red Hat has issued an update for php. This fixes some vulnerabilities,
which can be exploited by malicious people to conduct cross-site
scripting attacks and bypass certain security restrictions.
Full Advisory:
http://secunia.com/advisories/17531/
--
[SA17529] Gentoo update for linux-ftpd-ssl
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2005-11-14
Gentoo has issued an update for ftpd. This fixes a vulnerability, which
can be exploited by malicious users to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/17529/
--
[SA17589] UnixWare update for openssl
Critical: Less critical
Where: From remote
Impact: Security Bypass
Released: 2005-11-16
SCO has issued an update for openssl. This fixes a vulnerability, which
potentially can be exploited by malicious people to bypass certain
security restrictions.
Full Advisory:
http://secunia.com/advisories/17589/
--
[SA17587] LiteSpeed Web Server WebAdmin Cross-Site Scripting
Vulnerability
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2005-11-17
Ziv Kamir has discovered a vulnerability in LiteSpeed Web Server, which
can be exploited by malicious people to conduct cross-site scripting
attacks.
Full Advisory:
http://secunia.com/advisories/17587/
--
[SA17563] PEAR Installer Arbitrary Code Execution Vulnerability
Critical: Less critical
Where: From remote
Impact: Security Bypass
Released: 2005-11-16
A vulnerability has been reported in PEAR, which can be exploited by
malicious people to bypass certain security restrictions.
Full Advisory:
http://secunia.com/advisories/17563/
--
[SA17558] Debian update for acidlab
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting, Manipulation of data
Released: 2005-11-15
Debian has issued an update for acidlab. This fixes some
vulnerabilities, which can be exploited by malicious users to conduct
SQL injection attacks and by malicious people to conduct cross-site
scripting attacks.
Full Advisory:
http://secunia.com/advisories/17558/
--
[SA17552] ACID Cross-Site Scripting and SQL Injection Vulnerabilities
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting, Manipulation of data
Released: 2005-11-15
Some vulnerabilities have been reported in ACID, which can be exploited
by malicious users to conduct SQL injection attacks and by malicious
people to conduct cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/17552/
--
[SA17572] Debian update for uim
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2005-11-15
Debian has issued an update for uim. This fixes a vulnerability, which
potentially can be exploited by malicious, local users to gain
escalated privileges.
Full Advisory:
http://secunia.com/advisories/17572/
--
[SA17545] HP-UX xterm Unspecified Unauthorized Access Vulnerability
Critical: Less critical
Where: Local system
Impact: Security Bypass
Released: 2005-11-15
A vulnerability has been reported in HP-UX, which can be exploited by
malicious, local users to bypass certain security restrictions.
Full Advisory:
http://secunia.com/advisories/17545/
--
[SA17539] Fedora update for sysreport
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2005-11-11
Fedora has issued an update for sysreport. This fixes a vulnerability,
which can be exploited by malicious, local users to perform certain
actions on a vulnerable system with escalated privileges.
Full Advisory:
http://secunia.com/advisories/17539/
--
[SA17535] Red Hat update for lm_sensors
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2005-11-11
Red Hat has issued an update for lm_sensors. This fixes a
vulnerability, which can be exploited by malicious, local users to
perform certain actions on a vulnerable system with escalated
privileges.
Full Advisory:
http://secunia.com/advisories/17535/
--
[SA17534] Sudo Perl Environment Cleaning Privilege Escalation
Vulnerability
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2005-11-11
A vulnerability has been reported in Sudo, which can be exploited by
malicious, local users to gain escalated privileges.
Full Advisory:
http://secunia.com/advisories/17534/
--
[SA17532] Red Hat update for cpio
Critical: Less critical
Where: Local system
Impact: Manipulation of data, Exposure of sensitive information
Released: 2005-11-11
Red Hat has issued an update for cpio. This fixes a vulnerability,
which can be exploited by by malicious, local users to disclose and
manipulate information.
Full Advisory:
http://secunia.com/advisories/17532/
--
[SA17530] MigrationTools Insecure Temporary File Usage Vulnerability
Critical: Less critical
Where: Local system
Impact: Exposure of sensitive information
Released: 2005-11-15
Jason Hoover has discovered a vulnerability in MigrationTools, which
can be exploited by malicious, local users to disclose potentially
sensitive information or to perform certain actions on a vulnerable
system with escalated privileges.
Full Advisory:
http://secunia.com/advisories/17530/
--
[SA17528] Campsite MySQL Password Exposure Mail Transfer Security
Issue
Critical: Not critical
Where: From remote
Impact: Exposure of sensitive information
Released: 2005-11-11
john has reported a security issue in Campsite, which can be exploited
by malicious people to disclose sensitive information.
Full Advisory:
http://secunia.com/advisories/17528/
--
[SA17541] Fedora update for kernel
Critical: Not critical
Where: Local system
Impact: DoS
Released: 2005-11-11
Fedora has issued an update for the kernel. This fixes some
vulnerabilities, which can be exploited by malicious, local users to
cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/17541/
Other:--
[SA17608] Nortel Switched Firewall ISAKMP IKE Message Processing Denial
of Service
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2005-11-16
A vulnerability has been reported in Nortel Switched Firewall, which
potentially can be exploited by malicious people to cause a DoS (Denial
of Service).
Full Advisory:
http://secunia.com/advisories/17608/
--
[SA17568] Juniper JUNOS/JUNOSe ISAKMP IKE Message Processing Denial of
Service
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2005-11-14
A vulnerability has been reported in JUNOS and JUNOSe, which can be
exploited by malicious people to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/17568/
--
[SA17553] Cisco ISAKMP IKE Message Processing Denial of Service
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2005-11-14
A vulnerability has been reported in various Cisco products, which can
be exploited by malicious people to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/17553/
--
[SA17601] Belkin Wireless G Router Web Management Authentication
Bypass
Critical: Less critical
Where: From local network
Impact: Security Bypass
Released: 2005-11-16
Andrei Mikhailovsky has reported a vulnerability in Belkin Wireless G
Router, which can be exploited by malicious people to bypass certain
security restrictions.
Full Advisory:
http://secunia.com/advisories/17601/
--
[SA17550] Cisco ASA Failover Denial of Service Weakness
Critical: Not critical
Where: From local network
Impact: DoS
Released: 2005-11-15
Amin Tora has reported a weakness in Cisco ASA (Adaptive Security
Appliances), which can be exploited by malicious people to cause a DoS
(Denial of Service).
Full Advisory:
http://secunia.com/advisories/17550/
Cross Platform:--
[SA17605] AlstraSoft Affiliate Network Pro Multiple Vulnerabilities
Critical: Highly critical
Where: From remote
Impact: Security Bypass, Cross Site Scripting, Manipulation of
data, Exposure of system information, System access
Released: 2005-11-16
Robin Verton has reported some vulnerabilities in AlstraSoft Affiliate
Network Pro, which can be exploited by malicious people to conduct
cross-site scripting and SQL injection attacks, and compromise a
vulnerable system.
Full Advisory:
http://secunia.com/advisories/17605/
--
[SA17603] AlstraSoft Template Seller Pro File Inclusion and SQL
Injection
Critical: Highly critical
Where: From remote
Impact: Manipulation of data, System access
Released: 2005-11-16
Robin Verton has reported two vulnerabilities in AlstraSoft Template
Seller Pro, which can be exploited by malicious people to conduct SQL
injection attacks and compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/17603/
--
[SA17574] PollVote "pollname" File Inclusion Vulnerability
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2005-11-15
rUnViRuS has reported a vulnerability in PollVote, which can be
exploited by malicious people to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/17574/
--
[SA17567] Secgo Crypto IP Gateway/Client ISAKMP IKE Message Processing
Vulnerability
Critical: Highly critical
Where: From remote
Impact: DoS, System access
Released: 2005-11-14
Secgo has acknowledged a vulnerability in Secgo Crypto IP
Gateway/Client, which can be exploited by malicious people to cause a
DoS (Denial of Service) and potentially to compromise a vulnerable
system.
Full Advisory:
http://secunia.com/advisories/17567/
--
[SA17561] iCMS "page" File Inclusion Vulnerability
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2005-11-14
r0t has reported a vulnerability in iCMS, which can be exploited by
malicious people to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/17561/
--
[SA17542] CodeGrrl Products "siteurl" File Inclusion Vulnerability
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2005-11-14
Robin Verton has discovered a vulnerability in various CodeGrrl
products, which can be exploited by malicious people to compromise a
vulnerable system.
Full Advisory:
http://secunia.com/advisories/17542/
--
[SA17612] Macromedia Flash Communication Server MX Denial of Service
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2005-11-16
A vulnerability has been reported in Macromedia Flash Communication
Server MX, which potentially can be exploited by malicious people to
cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/17612/
--
[SA17596] OnContent // CMS "pid" SQL Injection Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2005-11-16
r0t has reported a vulnerability in OnContent // CMS, which can be
exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/17596/
--
[SA17590] phpwcms Disclosure of Sensitive Information and Cross-Site
Scripting
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting, Exposure of sensitive information
Released: 2005-11-16
Stefan Lochbihler has reported some vulnerabilities in phpwcms, which
can be exploited by malicious people to conduct cross-site scripting
attacks and disclose sensitive information.
Full Advisory:
http://secunia.com/advisories/17590/
--
[SA17580] Help Center Live "file" Local File Inclusion Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Exposure of sensitive information
Released: 2005-11-16
HACKERS PAL has discovered a vulnerability in Help Center Live, which
can be exploited by malicious people to disclose sensitive
information.
Full Advisory:
http://secunia.com/advisories/17580/
--
[SA17579] phpPgAds Multiple Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting, Manipulation of data, Exposure of
system information
Released: 2005-11-15
Some vulnerabilities and a weakness have been reported in phpPgAds,
which can be exploited by malicious people to disclose system
information, and conduct HTTP response splitting and SQL injection
attacks.
Full Advisory:
http://secunia.com/advisories/17579/
--
[SA17577] MyBulletinBoard Multiple Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting, Manipulation of data, DoS
Released: 2005-11-15
syini666 has reported some vulnerabilities in MyBulletinBoard, which
can be exploited by malicious people to cause a DoS (Denial of
Service), manipulate certain information, and conduct script insertion
attacks.
Full Advisory:
http://secunia.com/advisories/17577/
--
[SA17575] Xoops WF-Downloads Module "list" SQL Injection Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2005-11-15
rgod has reported a vulnerability in the WF-Downloads module for Xoops,
which can be exploited by malicious people to conduct SQL injection
attacks.
Full Advisory:
http://secunia.com/advisories/17575/
--
[SA17573] Xoops "xoopsConfig[language]" Local File Inclusion
Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Exposure of sensitive information
Released: 2005-11-15
rgod has discovered a vulnerability in Xoops, which can be exploited by
malicious people to disclose sensitive information.
Full Advisory:
http://secunia.com/advisories/17573/
--
[SA17569] Ekinboard Topic Title Script Insertion Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting
Released: 2005-11-15
trueend5 has discovered a vulnerability in Ekinboard, which can be
exploited by malicious people to conduct script insertion attacks.
Full Advisory:
http://secunia.com/advisories/17569/
--
[SA17566] StoneGate Firewall and VPN ISAKMP IKE Message Processing
Denial of Service
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2005-11-14
StoneSoft has acknowledged a vulnerability in StoneGate Firewall and
VPN, which can be exploited by malicious people to cause a DoS (Denial
of Service).
Full Advisory:
http://secunia.com/advisories/17566/
--
[SA17548] Wizz Forum Multiple SQL Injection Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2005-11-15
HACKERS PAL has discovered some vulnerabilities in Wizz Forum, which
can be exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/17548/
--
[SA17543] PHP-Nuke "query" SQL Injection Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2005-11-16
sp3x has discovered a vulnerability in PHP-Nuke, which can be exploited
by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/17543/
--
[SA17536] Peel "rubid" SQL Injection Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2005-11-14
r0t has reported a vulnerability in Peel, which can be exploited by
malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/17536/
--
[SA17533] Pearl Forums SQL Injection and Local File Inclusion
Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data, Exposure of sensitive information
Released: 2005-11-15
Abducter has discovered some vulnerabilities in Pearl Forums, which can
be exploited by malicious people to conduct SQL injection attacks and
disclose sensitive information.
Full Advisory:
http://secunia.com/advisories/17533/
--
[SA17578] phpMyAdmin HTTP Response Splitting Vulnerability
Critical: Less critical
Where: From remote
Impact: Exposure of system information, Cross Site Scripting
Released: 2005-11-16
Toni Koivunen has reported a vulnerability in phpMyAdmin, which can be
exploited by malicious people to conduct HTTP response splitting
attacks.
Full Advisory:
http://secunia.com/advisories/17578/
--
[SA17560] PHP GEN Cross-Site Scripting Vulnerabilities
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2005-11-16
Some vulnerabilities have been reported in PHP GEN, which can be
exploited by malicious people to conduct cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/17560/
--
[SA17547] Walla TeleSite Cross-Site Scripting Vulnerability
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2005-11-16
Rafi Nahum and Pokerface have reported a vulnerability in Walla
TeleSite, which can be exploited by malicious people to conduct
cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/17547/
--
[SA17537] Dev-Editor Virtual Root Directory Restriction Bypass
Critical: Less critical
Where: From remote
Impact: Security Bypass
Released: 2005-11-11
A security issue has been discovered in Dev-Editor, which can be
exploited by malicious users to bypass certain security restrictions.
Full Advisory:
http://secunia.com/advisories/17537/
--
[SA17613] Macromedia Contribute Publishing Server Weak Password
Encryption
Critical: Less critical
Where: Local system
Impact: Exposure of sensitive information
Released: 2005-11-16
A security issue has been reported in Macromedia Contribute Publishing
Server, which potentially can be exploited by malicious, local users to
disclose certain sensitive information.
Full Advisory:
http://secunia.com/advisories/17613/
--
[SA17571] Opera Image Control Status Bar Spoofing Weakness
Critical: Not critical
Where: From remote
Impact: Security Bypass
Released: 2005-11-16
Claudio "Sverx" has discovered a weakness in Opera, which can be
exploited by malicious people to trick users into visiting a malicious
website by obfuscating URLs displayed in the status bar.
Full Advisory:
http://secunia.com/advisories/17571/
========================================================================
Secunia recommends that you verify all advisories you receive,
by clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only use
those supplied by the vendor.
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Subscribe:
http://secunia.com/secunia_weekly_summary/
Contact details:
Web : http://secunia.com/
E-mail : support at secunia.com
Tel : +45 70 20 51 44
Fax : +45 70 20 51 45
More information about the ISN
mailing list