[ISN] Secunia Weekly Summary - Issue: 2005-38
InfoSec News
isn at c4i.org
Fri Sep 23 01:43:15 EDT 2005
========================================================================
The Secunia Weekly Advisory Summary
2005-09-15 - 2005-09-22
This week : 58 advisories
========================================================================
Table of Contents:
1.....................................................Word From Secunia
2....................................................This Week In Brief
3...............................This Weeks Top Ten Most Read Advisories
4.......................................Vulnerabilities Summary Listing
5.......................................Vulnerabilities Content Listing
========================================================================
1) Word From Secunia:
The Secunia staff is spending hours every day to assure you the best
and most reliable source for vulnerability information. Every single
vulnerability report is being validated and verified before a Secunia
advisory is written.
Secunia validates and verifies vulnerability reports in many different
ways e.g. by downloading the software and performing comprehensive
tests, by reviewing source code, or by validating the credibility of
the source from which the vulnerability report was issued.
As a result, Secunia's database is the most correct and complete source
for recent vulnerability information available on the Internet.
Secunia Online Vulnerability Database:
http://secunia.com/
========================================================================
2) This Week in Brief:
Peter Zelezny has discovered a vulnerability in various Mozilla based
products, which can be exploited by malicious people to compromise a
user's system.
This vulnerability can only be exploited on Unix / Linux based
environments.
Additional details about solutions and possible attack vectors can be
found in the referenced Secunia advisories below.
References:
http://secunia.com/SA16869
http://secunia.com/SA16846
--
Secunia Research has discovered two vulnerabilities in the Opera Mail
client, which can be exploited by a malicious person to conduct script
insertion attacks and to spoof the name of attached files.
The vendor has released an updated version, which fixes these
vulnerabilities.
Reference:
http://secunia.com/SA16645
--
Two vulnerabilities have been reported in ClamAV, which can be
exploited by malicious people to cause a DoS (Denial of Service), or
potentially to compromise a vulnerable system.
Additional details can be found in the referenced Secunia advisory
below.
Reference:
http://secunia.com/SA16848
VIRUS ALERTS:
Secunia has not issued any virus alerts during the week.
========================================================================
3) This Weeks Top Ten Most Read Advisories:
1. [SA16869] Firefox Command Line URL Shell Command Injection
2. [SA16764] Firefox IDN URL Domain Name Buffer Overflow
3. [SA16806] Linksys WRT54G Multiple Vulnerabilities
4. [SA16645] Opera Mail Client Attachment Spoofing and Script
Insertion
5. [SA11762] Opera Browser Favicon Displaying Address Bar Spoofing
Vulnerability
6. [SA15601] Mozilla / Mozilla Firefox Frame Injection Vulnerability
7. [SA16480] Microsoft DDS Library Shape Control Code Execution
Vulnerability
8. [SA16830] IBM Lotus Domino "BaseTarget" and "Src" Cross-Site
Scripting
9. [SA12758] Microsoft Word Document Parsing Buffer Overflow
Vulnerabilities
10. [SA16560] Windows Registry Editor Utility String Concealment
Weakness
========================================================================
4) Vulnerabilities Summary Listing
Windows:
[SA16877] BNBT / CBTT / XBNBT Denial of Service Vulnerability
[SA16871] VERITAS Storage Exec / StorageCentral DCOM Server Buffer
Overflow
[SA16854] TAC Vista "Template" Disclosure of Sensitive Information
Vulnerability
[SA16838] Compuware DriverStudio Two Vulnerabilities
[SA16870] Digger Solutions Intranet Open Source "project_id" SQL
Injection
[SA16865] Multi-Computer Control System (MCCS) Denial of Service
Vulnerability
UNIX/Linux:
[SA16869] Firefox Command Line URL Shell Command Injection
[SA16846] Mozilla Command Line URL Shell Command Injection
[SA16895] Alkalay contribute "template" Shell Command Injection
Vulnerability
[SA16894] HP OpenVMS Secure Web Browser Multiple Vulnerabilities
[SA16887] Alkalay man-cgi "topic" Shell Command Injection
Vulnerability
[SA16886] Alkalay notify "from" Shell Command Injection Vulnerability
[SA16884] Mandriva update for clamav
[SA16880] Alkalay nslookup Shell Command Injection Vulnerabilities
[SA16879] HP Tru64 UNIX libXpm Multiple Vulnerabilities
[SA16862] Gentoo update for clamav
[SA16848] ClamAV UPX and FSG Handling Vulnerabilities
[SA16844] Gentoo update for mozilla/mozilla-firefox
[SA16834] SUSE update for evolution
[SA16892] Gentoo update for zebedee
[SA16872] Unixware update for Libtiff
[SA16864] Gentoo update for apache/mod_ssl
[SA16858] Webmin / Usermin PAM Authentication Bypass Vulnerability
[SA16856] Gentoo update for mailutils
[SA16849] SUSE update for squid
[SA16876] Tofu Game Engine Arbitrary Python Code Execution
Vulnerability
[SA16863] Gentoo workaround for py2play
[SA16855] Py2Play Game Engine Arbitrary Python Code Execution
Vulnerability
[SA16888] PerlDiver "module" Cross-Site Scripting Vulnerability
[SA16893] HP Tru64 UNIX FTP Daemon Denial of Service Vulnerability
[SA16885] Mandriva update for cups
[SA16883] MasqMail Two Privilege Escalation Vulnerabilities
[SA16874] Sun Solaris "tl" Driver Denial of Service Vulnerability
[SA16866] Bacula Multiple Insecure Temporary File Creation
Vulnerability
[SA16861] Trustix update for multiple packages
[SA16860] Fedora update for xorg-x11
[SA16850] Debian update for kdebase
[SA16845] Sun Solaris X11 Pixmap Creation Integer Overflow
Vulnerability
[SA16842] Debian update for lm-sensors
[SA16835] SimpleCDR-X Insecure Temporary Image File Creation
[SA16875] Safari "data:" URI Handler Denial of Service Weakness
[SA16891] Gentoo update for util-linux
[SA16882] Mandriva update for util-linux
[SA16857] Ubuntu update for util-linux
Other:
[SA16840] vxTftpSrv Long Filename Buffer Overflow
[SA16837] vxFtpSrv "USER" Command Buffer Overflow Vulnerability
[SA16836] Avocent CCM Port Access Control Bypass Vulnerability
[SA16839] vxWeb Denial of Service Vulnerability
Cross Platform:
[SA16841] Digital Scribe "username" SQL Injection
[SA16896] Zengaia Unspecified SQL Injection Vulnerability
[SA16881] Simplog SQL Injection Vulnerabilities
[SA16878] Land Down Under "Referer" SQL Injection Vulnerability
[SA16867] PHP Advanced Transfer Manager Multiple Vulnerabilities
[SA16859] Helpdesk software Hesk Authentication Bypass Vulnerability
[SA16853] NooToplist "o" SQL Injection Vulnerability
[SA16843] PHP-Nuke Unspecified wysiwyg Editor Vulnerabilities
[SA16873] vBulletin Multiple Vulnerabilities
[SA16868] phpBB Remote Avatar Information Disclosure Weakness
========================================================================
5) Vulnerabilities Content Listing
Windows:--
[SA16877] BNBT / CBTT / XBNBT Denial of Service Vulnerability
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2005-09-20
A vulnerability has been reported in BNBT / CBTT / XBNBT, which can be
exploited by malicious people to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/16877/
--
[SA16871] VERITAS Storage Exec / StorageCentral DCOM Server Buffer
Overflow
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2005-09-20
A vulnerability has been reported in Storage Exec / StorageCentral,
which can be exploited by malicious people to compromise a user's
system.
Full Advisory:
http://secunia.com/advisories/16871/
--
[SA16854] TAC Vista "Template" Disclosure of Sensitive Information
Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Exposure of sensitive information
Released: 2005-09-19
Dennis Rand has reported a vulnerability in TAC Vista, which can be
exploited by malicious people to disclose sensitive information.
Full Advisory:
http://secunia.com/advisories/16854/
--
[SA16838] Compuware DriverStudio Two Vulnerabilities
Critical: Moderately critical
Where: From local network
Impact: Security Bypass, System access
Released: 2005-09-16
cocoruder has reported two vulnerabilities in DriverStudio, which can
be exploited by malicious people to bypass certain security
restrictions, and potentially compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/16838/
--
[SA16870] Digger Solutions Intranet Open Source "project_id" SQL
Injection
Critical: Less critical
Where: From remote
Impact: Manipulation of data
Released: 2005-09-21
Kutbuddin Trunkwala has reported a vulnerability in Digger Solutions
Intranet Open Source, which can be exploited by malicious users to
conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/16870/
--
[SA16865] Multi-Computer Control System (MCCS) Denial of Service
Vulnerability
Critical: Less critical
Where: From local network
Impact: DoS
Released: 2005-09-19
basher13 has discovered a vulnerability in MCCS, which can be exploited
by malicious people to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/16865/
UNIX/Linux:--
[SA16869] Firefox Command Line URL Shell Command Injection
Critical: Extremely critical
Where: From remote
Impact: System access
Released: 2005-09-20
Peter Zelezny has discovered a vulnerability in Firefox, which can be
exploited by malicious people to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/16869/
--
[SA16846] Mozilla Command Line URL Shell Command Injection
Critical: Extremely critical
Where: From remote
Impact: System access
Released: 2005-09-21
A vulnerability has been discovered in Mozilla Suite, which can be
exploited by malicious people to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/16846/
--
[SA16895] Alkalay contribute "template" Shell Command Injection
Vulnerability
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2005-09-21
sullo has discovered a vulnerability in Alkalay contribute, which can
be exploited by malicious people to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/16895/
--
[SA16894] HP OpenVMS Secure Web Browser Multiple Vulnerabilities
Critical: Highly critical
Where: From remote
Impact: Security Bypass, Cross Site Scripting, Spoofing, System
access
Released: 2005-09-21
HP has acknowledged some vulnerabilities in OpenVMS running Secure Web
Browser, which can be exploited by malicious people to bypass certain
security restrictions, conduct cross-site scripting attacks, spoof the
contents of web sites, spoof dialog boxes, or compromise a user's
system.
Full Advisory:
http://secunia.com/advisories/16894/
--
[SA16887] Alkalay man-cgi "topic" Shell Command Injection
Vulnerability
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2005-09-21
sullo has discovered a vulnerability in Alkalay man-cgi, which can be
exploited by malicious people to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/16887/
--
[SA16886] Alkalay notify "from" Shell Command Injection Vulnerability
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2005-09-21
sullo has discovered a vulnerability in Alkalay notify, which can be
exploited by malicious people to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/16886/
--
[SA16884] Mandriva update for clamav
Critical: Highly critical
Where: From remote
Impact: DoS, System access
Released: 2005-09-21
Mandriva has issued an update for clamav. This fixes two
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service), or potentially to compromise a vulnerable
system.
Full Advisory:
http://secunia.com/advisories/16884/
--
[SA16880] Alkalay nslookup Shell Command Injection Vulnerabilities
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2005-09-21
sullo has discovered some vulnerabilities in Alkalay nslookup, which
can be exploited by malicious people to compromise a vulnerable
system.
Full Advisory:
http://secunia.com/advisories/16880/
--
[SA16879] HP Tru64 UNIX libXpm Multiple Vulnerabilities
Critical: Highly critical
Where: From remote
Impact: DoS, System access
Released: 2005-09-21
HP has acknowledged some vulnerabilities in HP Tru64 UNIX, which can be
exploited by malicious people to cause a DoS (Denial of Service) or
compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/16879/
--
[SA16862] Gentoo update for clamav
Critical: Highly critical
Where: From remote
Impact: DoS, System access
Released: 2005-09-19
Gentoo has issued an update for clamav. This fixes two vulnerabilities,
which can be exploited by malicious people to cause a DoS (Denial of
Service), or potentially to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/16862/
--
[SA16848] ClamAV UPX and FSG Handling Vulnerabilities
Critical: Highly critical
Where: From remote
Impact: DoS, System access
Released: 2005-09-19
Two vulnerabilities have been reported in ClamAV, which can be
exploited by malicious people to cause a DoS (Denial of Service), or
potentially to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/16848/
--
[SA16844] Gentoo update for mozilla/mozilla-firefox
Critical: Highly critical
Where: From remote
Impact: DoS, System access
Released: 2005-09-19
Gentoo has issued an update for mozilla/mozilla-firefox. This fixes a
vulnerability, which can be exploited by malicious people to cause a
DoS (Denial of Service) or to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/16844/
--
[SA16834] SUSE update for evolution
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2005-09-16
SUSE has issued an update for evolution. This fixes some
vulnerabilities, which can be exploited by malicious people to
compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/16834/
--
[SA16892] Gentoo update for zebedee
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2005-09-21
Gentoo has issued an update for zebedee. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service).
Full Advisory:
http://secunia.com/advisories/16892/
--
[SA16872] Unixware update for Libtiff
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2005-09-20
SCO has issued an update for Libtiff. This fixes a vulnerability, which
potentially can be exploited by malicious people to compromise a
vulnerable system.
Full Advisory:
http://secunia.com/advisories/16872/
--
[SA16864] Gentoo update for apache/mod_ssl
Critical: Moderately critical
Where: From remote
Impact: Security Bypass, Privilege escalation
Released: 2005-09-19
Gentoo has issued an update for apache/mod_ssl. This fixes a security
issue and a vulnerability, which potentially can be exploited by
malicious people to bypass certain security restrictions, or by
malicious, local users to gain escalated privileges via a specially
crafted ".htaccess" file.
Full Advisory:
http://secunia.com/advisories/16864/
--
[SA16858] Webmin / Usermin PAM Authentication Bypass Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Security Bypass
Released: 2005-09-20
Keigo Yamazaki has reported a vulnerability in Webmin and Usermin,
which can be exploited by malicious people to bypass certain security
restrictions.
Full Advisory:
http://secunia.com/advisories/16858/
--
[SA16856] Gentoo update for mailutils
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2005-09-19
Gentoo has issued an update for mailutils. This fixes a vulnerability,
which can be exploited by malicious users to compromise a vulnerable
system.
Full Advisory:
http://secunia.com/advisories/16856/
--
[SA16849] SUSE update for squid
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2005-09-16
SUSE has issued an update for squid. This fixes two vulnerabilities,
which potentially can be exploited by malicious people to cause a DoS
(Denial of Service).
Full Advisory:
http://secunia.com/advisories/16849/
--
[SA16876] Tofu Game Engine Arbitrary Python Code Execution
Vulnerability
Critical: Moderately critical
Where: From local network
Impact: System access
Released: 2005-09-20
Arc Riley has reported a vulnerability in Tofu, which can be exploited
by malicious people to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/16876/
--
[SA16863] Gentoo workaround for py2play
Critical: Moderately critical
Where: From local network
Impact: System access
Released: 2005-09-19
Gentoo has published a workaround for py2play. This fixes a
vulnerability, which can be exploited by malicious people to compromise
a user's system.
Full Advisory:
http://secunia.com/advisories/16863/
--
[SA16855] Py2Play Game Engine Arbitrary Python Code Execution
Vulnerability
Critical: Moderately critical
Where: From local network
Impact: System access
Released: 2005-09-19
Arc Riley has reported a vulnerability in Py2Play, which can be
exploited by malicious people to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/16855/
--
[SA16888] PerlDiver "module" Cross-Site Scripting Vulnerability
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2005-09-21
Donnie Werner has reported a vulnerability in PerlDiver, which can be
exploited by malicious people to conduct cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/16888/
--
[SA16893] HP Tru64 UNIX FTP Daemon Denial of Service Vulnerability
Critical: Less critical
Where: From local network
Impact: DoS
Released: 2005-09-21
A vulnerability has been reported in HP Tru64 UNIX, which can be
exploited by malicious users to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/16893/
--
[SA16885] Mandriva update for cups
Critical: Less critical
Where: From local network
Impact: Security Bypass
Released: 2005-09-21
Mandriva has issued an update for cups. This fixes a vulnerability,
which can be exploited by malicious users to bypass certain security
restrictions.
Full Advisory:
http://secunia.com/advisories/16885/
--
[SA16883] MasqMail Two Privilege Escalation Vulnerabilities
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2005-09-21
Jens Steube has reported two vulnerabilities in MasqMail, which
potentially can be exploited by malicious, local users to gain
escalated privileges.
Full Advisory:
http://secunia.com/advisories/16883/
--
[SA16874] Sun Solaris "tl" Driver Denial of Service Vulnerability
Critical: Less critical
Where: Local system
Impact: DoS
Released: 2005-09-20
A vulnerability has been reported in Solaris, which can be exploited by
malicious, local users to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/16874/
--
[SA16866] Bacula Multiple Insecure Temporary File Creation
Vulnerability
Critical: Less critical
Where: Local system
Impact: Exposure of sensitive information, Privilege escalation
Released: 2005-09-20
Eric Romang has reported some vulnerabilities in bacula, which can be
exploited by malicious, local users to perform certain actions on a
vulnerable system with escalated privileges, or to disclose certain
sensitive information.
Full Advisory:
http://secunia.com/advisories/16866/
--
[SA16861] Trustix update for multiple packages
Critical: Less critical
Where: Local system
Impact: Exposure of sensitive information, Privilege escalation,
DoS
Released: 2005-09-19
Trustix has issued updates for multiple packages. These fix some
vulnerabilities, which potentially can be exploited by malicious, local
users to disclose certain sensitive information, cause a DoS (Denial of
Service), and gain escalated privileges.
Full Advisory:
http://secunia.com/advisories/16861/
--
[SA16860] Fedora update for xorg-x11
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2005-09-19
Fedora has issued an update for xorg-x11. This fixes a vulnerability,
which potentially can be exploited by malicious, local users to gain
escalated privileges.
Full Advisory:
http://secunia.com/advisories/16860/
--
[SA16850] Debian update for kdebase
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2005-09-19
Debian has issued an update for kdebase. This fixes a vulnerability,
which potentially can be exploited by malicious, local users to gain
escalated privileges.
Full Advisory:
http://secunia.com/advisories/16850/
--
[SA16845] Sun Solaris X11 Pixmap Creation Integer Overflow
Vulnerability
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2005-09-16
Sun Microsystems has acknowledged a vulnerability in Solaris, which
potentially can be exploited by malicious, local users to gain
escalated privileges.
Full Advisory:
http://secunia.com/advisories/16845/
--
[SA16842] Debian update for lm-sensors
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2005-09-16
Debian has issued an update for lm-sensors. This fixes a vulnerability,
which can be exploited by malicious, local users to perform certain
actions on a vulnerable system with escalated privileges.
Full Advisory:
http://secunia.com/advisories/16842/
--
[SA16835] SimpleCDR-X Insecure Temporary Image File Creation
Critical: Less critical
Where: Local system
Impact: Exposure of sensitive information
Released: 2005-09-16
Jonas Thambert has reported a security issue in SimpleCDR-X, which can
be exploited by malicious, local users to gain access to sensitive
information.
Full Advisory:
http://secunia.com/advisories/16835/
--
[SA16875] Safari "data:" URI Handler Denial of Service Weakness
Critical: Not critical
Where: From remote
Impact: DoS
Released: 2005-09-20
Jonathan Rockway has discovered a weakness in Safari, which can be
exploited by malicious people to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/16875/
--
[SA16891] Gentoo update for util-linux
Critical: Not critical
Where: Local system
Impact: Privilege escalation
Released: 2005-09-21
Gentoo has issued an update for util-linux. This fixes a security
issue, which potentially can be exploited by malicious, local users to
gain escalated privileges.
Full Advisory:
http://secunia.com/advisories/16891/
--
[SA16882] Mandriva update for util-linux
Critical: Not critical
Where: Local system
Impact: Privilege escalation
Released: 2005-09-21
Mandriva has issued an update for util-linux. This fixes a security
issue, which potentially can be exploited by malicious, local users to
gain escalated privileges.
Full Advisory:
http://secunia.com/advisories/16882/
--
[SA16857] Ubuntu update for util-linux
Critical: Not critical
Where: Local system
Impact: Privilege escalation
Released: 2005-09-19
Ubuntu has issued an update for util-linux. This fixes a vulnerability,
which potentially can be exploited by malicious, local users to gain
escalated privileges.
Full Advisory:
http://secunia.com/advisories/16857/
Other:--
[SA16840] vxTftpSrv Long Filename Buffer Overflow
Critical: Moderately critical
Where: From local network
Impact: DoS, System access
Released: 2005-09-16
Seth Fogie has reported a vulnerability in vxTftpSrv, which can be
exploited by malicious people to cause a DoS (Denial of Service), or
potentially to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/16840/
--
[SA16837] vxFtpSrv "USER" Command Buffer Overflow Vulnerability
Critical: Moderately critical
Where: From local network
Impact: DoS, System access
Released: 2005-09-16
Seth Fogie has reported a vulnerability in vxFtpSrv, which can be
exploited by malicious people to cause a DoS (Denial of Service), or
potentially to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/16837/
--
[SA16836] Avocent CCM Port Access Control Bypass Vulnerability
Critical: Less critical
Where: From remote
Impact: Security Bypass
Released: 2005-09-16
Dirk Wetter has reported a vulnerability in Avocent CCM, which can be
exploited by malicious users to bypass certain security restrictions.
Full Advisory:
http://secunia.com/advisories/16836/
--
[SA16839] vxWeb Denial of Service Vulnerability
Critical: Less critical
Where: From local network
Impact: DoS
Released: 2005-09-16
Seth Fogie has reported a vulnerability in vxWeb, which can be
exploited by malicious people to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/16839/
Cross Platform:--
[SA16841] Digital Scribe "username" SQL Injection
Critical: Highly critical
Where: From remote
Impact: Security Bypass, Manipulation of data, System access
Released: 2005-09-16
rgod has discovered a vulnerability in Digital Scribe, which can be
exploited by malicious people to conduct SQL injection attacks and
compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/16841/
--
[SA16896] Zengaia Unspecified SQL Injection Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2005-09-21
A vulnerability has been reported in Zengaia, which can be exploited by
malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/16896/
--
[SA16881] Simplog SQL Injection Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2005-09-21
r0ut3r has discovered some vulnerabilities in Simplog, which can be
exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/16881/
--
[SA16878] Land Down Under "Referer" SQL Injection Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2005-09-21
A vulnerability has been discovered in Land Down Under, which can be
exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/16878/
--
[SA16867] PHP Advanced Transfer Manager Multiple Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting, Exposure of system information,
Exposure of sensitive information
Released: 2005-09-20
rgod has discovered some vulnerabilities and a security issue in PHP
Advanced Transfer Manager, which can be exploited by malicious people
to disclose system and sensitive information, and to conduct cross-site
scripting attacks.
Full Advisory:
http://secunia.com/advisories/16867/
--
[SA16859] Helpdesk software Hesk Authentication Bypass Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Security Bypass, Exposure of system information
Released: 2005-09-20
OS2A has reported a vulnerability in Helpdesk software Hesk, which can
be exploited by malicious people to bypass certain security
restrictions.
Full Advisory:
http://secunia.com/advisories/16859/
--
[SA16853] NooToplist "o" SQL Injection Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2005-09-19
David Sopas Ferreira has reported a vulnerability in NooToplist, which
can be exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/16853/
--
[SA16843] PHP-Nuke Unspecified wysiwyg Editor Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Unknown
Released: 2005-09-16
Some potential vulnerabilities have been reported in PHP-Nuke with
unknown impacts .
Full Advisory:
http://secunia.com/advisories/16843/
--
[SA16873] vBulletin Multiple Vulnerabilities
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting, Manipulation of data, System access
Released: 2005-09-20
Thomas Waldegger has reported some vulnerabilities in vBulletin, which
can be exploited by malicious users to conduct SQL injection attacks
and potentially compromise a vulnerable system, and by malicious people
to conduct cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/16873/
--
[SA16868] phpBB Remote Avatar Information Disclosure Weakness
Critical: Not critical
Where: From remote
Impact: Exposure of system information
Released: 2005-09-21
A weakness has been discovered in phpBB, which can be exploited by
malicious people to disclose certain system information.
Full Advisory:
http://secunia.com/advisories/16868/
========================================================================
Secunia recommends that you verify all advisories you receive,
by clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only use
those supplied by the vendor.
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Subscribe:
http://secunia.com/secunia_weekly_summary/
Contact details:
Web : http://secunia.com/
E-mail : support at secunia.com
Tel : +45 70 20 51 44
Fax : +45 70 20 51 45
More information about the ISN
mailing list