[ISN] Secunia Weekly Summary - Issue: 2006-23

InfoSec News isn at c4i.org
Thu Jun 8 05:03:57 EDT 2006


========================================================================

                  The Secunia Weekly Advisory Summary                  
                        2006-06-01 - 2006-06-08                        

                       This week: 79 advisories                        

========================================================================
Table of Contents:

1.....................................................Word From Secunia
2....................................................This Week In Brief
3...............................This Weeks Top Ten Most Read Advisories
4.......................................Vulnerabilities Summary Listing
5.......................................Vulnerabilities Content Listing

========================================================================
1) Word From Secunia:

The Secunia staff is spending hours every day to assure you the best
and most reliable source for vulnerability information. Every single 
vulnerability report is being validated and verified before a Secunia
advisory is written.

Secunia validates and verifies vulnerability reports in many different
ways e.g. by downloading the software and performing comprehensive
tests, by reviewing source code, or by validating the credibility of
the source from which the vulnerability report was issued.

As a result, Secunia's database is the most correct and complete source
for recent vulnerability information available on the Internet.

Secunia Online Vulnerability Database:
http://secunia.com/

========================================================================
2) This Week in Brief:

Multiple browsers are affected by a vulnerability rated "Less
Critical", which can be exploited by malicious people to trick users
into disclosing sensitive information.

Additional details for the different affected browsers can be found in
the referenced Secunia advisories below.

References:
http://secunia.com/SA20442
http://secunia.com/SA20467
http://secunia.com/SA20449
http://secunia.com/SA20472
http://secunia.com/SA20470

 --

Updates have been released for several Mozilla based products,
including Firefox and Thunderbird, which corrects several
vulnerabilities.

Further details can be found in the referenced Secunia advisories
below.

References:
http://secunia.com/SA20376
http://secunia.com/SA20382
http://secunia.com/SA20394

 --

VIRUS ALERTS:

During the past week Secunia collected 44 virus descriptions from the
Antivirus vendors. However, none were deemed MEDIUM risk or higher
according to the Secunia assessment scale.

========================================================================
3) This Weeks Top Ten Most Read Advisories:

1.  [SA20384] Microsoft Windows "mhtml:" URI Buffer Overflow
              Vulnerability
2.  [SA20376] Firefox Multiple Vulnerabilities
3.  [SA20153] Microsoft Word Malformed Object Code Execution
              Vulnerability
4.  [SA20442] Firefox File Upload Form Keystroke Event Cancel
              Vulnerability
5.  [SA19762] Internet Explorer "object" Tag Memory Corruption
              Vulnerability
6.  [SA20449] Internet Explorer File Upload Form Keystroke Event
              Cancel Vulnerability
7.  [SA20382] Thunderbird Multiple Vulnerabilities
8.  [SA20365] MySQL Multibyte Encoding SQL Injection Vulnerability
9.  [SA19738] Internet Explorer "mhtml:" Redirection Disclosure of
              Sensitive Information
10. [SA19521] Internet Explorer Window Loading Race Condition Address
              Bar Spoofing

========================================================================
4) Vulnerabilities Summary Listing

Windows:
[SA20462] LocazoList Classifieds "msgid" Parameter SQL Injection
[SA20423] myNewsletter "UserName" SQL Injection Vulnerability
[SA20419] aspWebLinks SQL Injection and Password Change
Vulnerabilities
[SA20416] ASPScriptz Guest Book "submit.asp" Script Insertion
Vulnerabilities
[SA20411] CodeAvalanche FreeForum Multiple Vulnerabilities
[SA20483] WinGate WWW Proxy Server Buffer Overflow Vulnerability
[SA20477] Microsoft NetMeeting Denial of Service Vulnerability
[SA20449] Internet Explorer File Upload Form Keystroke Event Cancel
Vulnerability
[SA20425] ASP Discussion Forum "search" Parameter Cross-Site Scripting

UNIX/Linux:
[SA20487] Wikiwig "WK[wkPath]" File Inclusion Vulnerability
[SA20473] HP Tru64 UNIX and HP Internet Express Sendmail Vulnerability
[SA20415] iShopCart Buffer Overflow and Directory Traversal
Vulnerabilities
[SA20466] LoudHush iaxclient Unspecified Vulnerability
[SA20457] SUSE Updates for Multiple Packages
[SA20451] Debian update for postgresql
[SA20446] Debian update for centericq
[SA20435] Trustix update for postgresql
[SA20422] Red Hat update for dia
[SA20482] Red Hat update for spamassassin
[SA20443] Debian update for spamassassin
[SA20430] SpamAssassin "spamd" Shell Command Injection Vulnerability
[SA20498] GANTTy Cross-Site Scripting and Information Disclosure
[SA20476] Sylpheed-Claws URI Check Bypass Security Issue
[SA20497] Asterisk IAX2 Channel Driver Denial of Service Vulnerability
[SA20461] Debian update for freeradius
[SA20424] Slackware update for mysql
[SA20421] Red Hat update for quagga
[SA20420] Red Hat update for zebra
[SA20456] Avaya Products XScreenSaver Insecure Temporary File Creation
Vulnerability
[SA20445] Sun StorADE Privilege Escalation Vulnerability
[SA20459] Avaya PDS HP-UX Kernel Denial of Service Vulnerability

Other:
[SA20479] Ingate Firewall and SIParator Two Vulnerabilities
[SA20474] D-Link DWL-2100AP Exposure of Configuration Files

Cross Platform:
[SA20480] Clan Manager Pro cmpro_header.inc.php File Inclusion
[SA20475] MiraksGalerie Multiple File Inclusion Vulnerabilities
[SA20468] DreamAccount "da_path" File Inclusion Vulnerabilities
[SA20463] dotWidget CMS "file_path" Parameter File Inclusion
Vulnerability
[SA20448] Informium "CONF[local_path]" File Inclusion Vulnerability
[SA20440] CS-Cart "classes_dir" Parameter File Inclusion Vulnerability
[SA20439] WebspotBlogging Multiple File Inclusion Vulnerabilities
[SA20437] DotClear "blog_dc_path" File Inclusion Vulnerability
[SA20434] Claroline Two File Inclusion Vulnerabilities
[SA20429] DokuWiki Spell Checker Code Execution Vulnerability
[SA20426] AssoCIateD "root_path" File Inclusion Vulnerabilities
[SA20408] REDAXO "REX[INCLUDE_PATH]" File Inclusion Vulnerabilities
[SA20486] Open Business Management Multiple Vulnerabilities
[SA20471] Kmita FAQ Cross-Site Scripting and SQL Injection
Vulnerabilities
[SA20469] Alex News-Engine "newsid" Parameter SQL Injection
Vulnerability
[SA20465] Coppermine Photo Gallery usermgr.php Unspecified
Vulnerability
[SA20460] LifeType "articleId" SQL Injection Vulnerability
[SA20458] MediaWiki Edit Form Script Insertion Vulnerability
[SA20450] Dmx Forum Disclosure of Sensitive Information
[SA20447] Weblog Oggi Script Insertion Vulnerability
[SA20438] BlueShoes Framework Multiple File Inclusion Vulnerabilities
[SA20433] FunkBoard Authentication Bypass and Cross-Site Scripting
[SA20428] Particle Wiki Script Insertion and SQL Injection
[SA20427] Particle Gallery "imageid" SQL Injection Vulnerability
[SA20414] TAL RateMyPic Multiple Vulnerabilities
[SA20413] Snort "http_inspect" Preprocessor Bypass Vulnerability
[SA20410] Unak-CMS SQL Injection and Cross-Site Scripting
Vulnerabilities
[SA20409] SimpleBoard "sb_authorname" Script Insertion Vulnerability
[SA20452] TIBCO Rendezvous HTTP Administrative Interface Buffer
Overflow
[SA20500] GD Graphics Library GIF File Handling Denial of Service
[SA20491] Particle Links "username" Parameter Cross-Site Scripting
[SA20490] Particle Whois "target" Parameter Cross-Site Scripting
[SA20478] DokuWiki Restricted Page Content Disclosure Vulnerability
[SA20472] Mozilla SeaMonkey File Upload Form Keystroke Event Cancel
Vulnerability
[SA20470] Netscape File Upload Form Keystroke Event Cancel
Vulnerability
[SA20467] Mozilla Suite File Upload Form Keystroke Event Cancel
Vulnerability
[SA20455] KnowledgeTree Open Source Cross-Site Scripting
Vulnerabilities
[SA20453] PHP ManualMaker Multiple Cross-Site Scripting
Vulnerabilities
[SA20444] PHP Pro Publish "catname" Parameter Cross-Site Scripting
[SA20442] Firefox File Upload Form Keystroke Event Cancel
Vulnerability
[SA20441] OSADS Board Comments Script Insertion Vulnerability
[SA20436] PyBlosxom Contributed Packages Cross-Site Scripting
Vulnerability
[SA20418] dotProject Cross-Site Scripting Vulnerability
[SA20417] LabWiki Cross-Site Scripting Vulnerabilities
[SA20412] Drupal Taxonomy Module Cross-Site Scripting Vulnerability
[SA20431] TIBCO Hawk "tibhawkhma" Privilege Escalation Vulnerability

========================================================================
5) Vulnerabilities Content Listing

Windows:--

[SA20462] LocazoList Classifieds "msgid" Parameter SQL Injection

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2006-06-05

ajann has discovered a vulnerability in LocazoList Classifieds, which
can be exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/20462/

 --

[SA20423] myNewsletter "UserName" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2006-06-06

FarhadKey has discovered a vulnerability in myNewsletter, which can be
exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/20423/

 --

[SA20419] aspWebLinks SQL Injection and Password Change
Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data, Security Bypass
Released:    2006-06-02

ajann has discovered two vulnerabilities in aspWebLinks, which can be
exploited by malicious people to conduct SQL injection attacks and to
bypass certain security restrictions.

Full Advisory:
http://secunia.com/advisories/20419/

 --

[SA20416] ASPScriptz Guest Book "submit.asp" Script Insertion
Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2006-06-06

omnipresent has discovered some vulnerabilities in ASPScriptz Guest
Book, which can be exploited by malicious people to conduct script
insertion attacks.

Full Advisory:
http://secunia.com/advisories/20416/

 --

[SA20411] CodeAvalanche FreeForum Multiple Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting, Manipulation of data
Released:    2006-06-02

Some vulnerabilities have been discovered in CodeAvalanche FreeForum,
which can be exploited by malicious people to conduct script insertion
attacks and SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/20411/

 --

[SA20483] WinGate WWW Proxy Server Buffer Overflow Vulnerability

Critical:    Moderately critical
Where:       From local network
Impact:      DoS, System access
Released:    2006-06-07

kcope has discovered a vulnerability in WinGate, which can be exploited
by malicious people to cause a DoS (Denial of Service) and potentially
to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/20483/

 --

[SA20477] Microsoft NetMeeting Denial of Service Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      DoS
Released:    2006-06-07

HexView has reported a vulnerability in Microsoft NetMeeting, which can
be exploited by malicious users to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/20477/

 --

[SA20449] Internet Explorer File Upload Form Keystroke Event Cancel
Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Exposure of sensitive information
Released:    2006-06-06

A vulnerability has been reported in Internet Explorer, which can be
exploited by malicious people to trick users into disclosing sensitive
information.

Full Advisory:
http://secunia.com/advisories/20449/

 --

[SA20425] ASP Discussion Forum "search" Parameter Cross-Site Scripting

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2006-06-02

omnipresent has discovered a vulnerability in ASP Discussion Forum,
which can be exploited by malicious people to conduct cross-site
scripting attacks.

Full Advisory:
http://secunia.com/advisories/20425/


UNIX/Linux:--

[SA20487] Wikiwig "WK[wkPath]" File Inclusion Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2006-06-07

Kacper has discovered a vulnerability in Wikiwig, which can be
exploited by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/20487/

 --

[SA20473] HP Tru64 UNIX and HP Internet Express Sendmail Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2006-06-07

HP has acknowledged a vulnerability in HP Tru64 UNIX and HP Internet
Express running sendmail, which can be exploited by malicious people to
compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/20473/

 --

[SA20415] iShopCart Buffer Overflow and Directory Traversal
Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      Exposure of system information, Exposure of sensitive
information, System access
Released:    2006-06-02

K-sPecial has reported some vulnerabilities in iShopCart, which can be
exploited by malicious people to disclose potentially sensitive
information and compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/20415/

 --

[SA20466] LoudHush iaxclient Unspecified Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Unknown
Released:    2006-06-06

A vulnerability with an unknown impact has been reported in LoudHush.

Full Advisory:
http://secunia.com/advisories/20466/

 --

[SA20457] SUSE Updates for Multiple Packages

Critical:    Moderately critical
Where:       From remote
Impact:      Exposure of sensitive information, DoS, System access
Released:    2006-06-05

SUSE has issued updates for multiple packages. These fix
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service), to disclose potentially sensitive information,
and to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/20457/

 --

[SA20451] Debian update for postgresql

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass, Manipulation of data
Released:    2006-06-05

Debian has issued an update for postgresql. This fixes two
vulnerabilities, which potentially can be exploited by malicious people
to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/20451/

 --

[SA20446] Debian update for centericq

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2006-06-05

Debian has issued an update for centericq. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service) and potentially to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/20446/

 --

[SA20435] Trustix update for postgresql

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass, Manipulation of data
Released:    2006-06-05

Trustix has issued an update for postgresql. This fixes two
vulnerabilities, which potentially can be exploited by malicious people
to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/20435/

 --

[SA20422] Red Hat update for dia

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2006-06-02

Red Hat has issued an update for dia. This fixes some vulnerabilities,
which potentially can be exploited by malicious people to compromise a
user's system.

Full Advisory:
http://secunia.com/advisories/20422/

 --

[SA20482] Red Hat update for spamassassin

Critical:    Moderately critical
Where:       From local network
Impact:      System access
Released:    2006-06-07

Red Hat has issued an update for spamassassin. This fixes a
vulnerability, which can be exploited by malicious people to compromise
a vulnerable system.

Full Advisory:
http://secunia.com/advisories/20482/

 --

[SA20443] Debian update for spamassassin

Critical:    Moderately critical
Where:       From local network
Impact:      System access
Released:    2006-06-06

Debian has issued an update for spamassassin, which can be exploited by
malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/20443/

 --

[SA20430] SpamAssassin "spamd" Shell Command Injection Vulnerability

Critical:    Moderately critical
Where:       From local network
Impact:      System access
Released:    2006-06-06

A vulnerability has been reported in SpamAssassin,  which can be
exploited by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/20430/

 --

[SA20498] GANTTy Cross-Site Scripting and Information Disclosure

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting, Exposure of system information
Released:    2006-06-07

luny has reported two vulnerabilities in GANTTy, which can be exploited
by malicious people to disclose system information and conduct
cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/20498/

 --

[SA20476] Sylpheed-Claws URI Check Bypass Security Issue

Critical:    Less critical
Where:       From remote
Impact:      Security Bypass
Released:    2006-06-07

A security issue has been reported in Sylpheed-Claws, which potentially
can be exploited by malicious people to bypass certain security
restrictions.

Full Advisory:
http://secunia.com/advisories/20476/

 --

[SA20497] Asterisk IAX2 Channel Driver Denial of Service Vulnerability

Critical:    Less critical
Where:       From local network
Impact:      DoS
Released:    2006-06-07

A vulnerability has been reported in Asterisk, which can be exploited
by malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/20497/

 --

[SA20461] Debian update for freeradius

Critical:    Less critical
Where:       From local network
Impact:      Security Bypass, DoS
Released:    2006-06-05

Debian has issued an update for freeradius. This fixes some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service) or bypass certain security restrictions.

Full Advisory:
http://secunia.com/advisories/20461/

 --

[SA20424] Slackware update for mysql

Critical:    Less critical
Where:       From local network
Impact:      Exposure of sensitive information
Released:    2006-06-05

Slackware has issued an update for mysql. This fixes two
vulnerabilities, which can be exploited by malicious users to disclose
potentially sensitive information.

Full Advisory:
http://secunia.com/advisories/20424/

 --

[SA20421] Red Hat update for quagga

Critical:    Less critical
Where:       From local network
Impact:      Security Bypass, Exposure of system information, DoS
Released:    2006-06-02

Red Hat has issued an update for quagga. This fixes two security issues
and a vulnerability, which can be exploited by malicious, local users to
cause a DoS (Denial of Service) and by malicious people to bypass
certain security restrictions, and to disclose system information.

Full Advisory:
http://secunia.com/advisories/20421/

 --

[SA20420] Red Hat update for zebra

Critical:    Less critical
Where:       From local network
Impact:      Security Bypass, Exposure of system information, DoS
Released:    2006-06-02

Red Hat has issued an update for zebra. This fixes two security issues
and a vulnerability, which can be exploited by malicious, local users
to cause a DoS (Denial of Service) and by malicious people to bypass
certain security restrictions, and to disclose system information.

Full Advisory:
http://secunia.com/advisories/20420/

 --

[SA20456] Avaya Products XScreenSaver Insecure Temporary File Creation
Vulnerability

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2006-06-06

Avaya has acknowledged a vulnerability in various Avaya products, which
can be exploited by malicious, local users to perform certain actions
with escalated privileges.

Full Advisory:
http://secunia.com/advisories/20456/

 --

[SA20445] Sun StorADE Privilege Escalation Vulnerability

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2006-06-05

A vulnerability has been reported in Storage Automated Diagnostic
Environment (StorADE), which can be exploited by malicious, local users
to gain escalated privileges.

Full Advisory:
http://secunia.com/advisories/20445/

 --

[SA20459] Avaya PDS HP-UX Kernel Denial of Service Vulnerability

Critical:    Not critical
Where:       Local system
Impact:      DoS
Released:    2006-06-06

Avaya has acknowledged a vulnerability in Avaya Predictive Dialing
System (PDS), which can be exploited by malicious, local users to cause
a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/20459/


Other:--

[SA20479] Ingate Firewall and SIParator Two Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting, DoS
Released:    2006-06-07

Two vulnerabilities have been reported in Ingate Firewall and
SIParator, which can be exploited by malicious people to conduct
cross-site scripting attacks and to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/20479/

 --

[SA20474] D-Link DWL-2100AP Exposure of Configuration Files

Critical:    Less critical
Where:       From local network
Impact:      Exposure of sensitive information
Released:    2006-06-07

A security issue has been reported in D-Link DWL-2100AP, which can be
exploited by malicious people to disclose sensitive information.

Full Advisory:
http://secunia.com/advisories/20474/


Cross Platform:--

[SA20480] Clan Manager Pro cmpro_header.inc.php File Inclusion

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2006-06-07

Sx02 has discovered two vulnerabilities in Clan Manager Pro, which can
be exploited by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/20480/

 --

[SA20475] MiraksGalerie Multiple File Inclusion Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2006-06-07

Federico Fazzi has discovered some vulnerabilities in MiraksGalerie,
which can be exploited by malicious people to compromise a vulnerable
system.

Full Advisory:
http://secunia.com/advisories/20475/

 --

[SA20468] DreamAccount "da_path" File Inclusion Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2006-06-06

David "Aesthetico" Vieira-Kurz has reported some vulnerabilities in
DreamAccount, which can be exploited by malicious people to compromise
a vulnerable system.

Full Advisory:
http://secunia.com/advisories/20468/

 --

[SA20463] dotWidget CMS "file_path" Parameter File Inclusion
Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2006-06-05

David 'Aesthetico' Vieira-Kurz has reported a vulnerability in
dotWidget CMS, which can be exploited by malicious people to compromise
a vulnerable system.

Full Advisory:
http://secunia.com/advisories/20463/

 --

[SA20448] Informium "CONF[local_path]" File Inclusion Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2006-06-05

Kacper has reported a vulnerability in Informium, which can be
exploited by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/20448/

 --

[SA20440] CS-Cart "classes_dir" Parameter File Inclusion Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2006-06-05

Kacper has reported a vulnerability in CS-Cart, which can be exploited
by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/20440/

 --

[SA20439] WebspotBlogging Multiple File Inclusion Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2006-06-05

Kacper has reported some vulnerabilities in WebspotBlogging, which can
be exploited by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/20439/

 --

[SA20437] DotClear "blog_dc_path" File Inclusion Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2006-06-05

rgod has reported a vulnerability in DotClear, which can be exploited
by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/20437/

 --

[SA20434] Claroline Two File Inclusion Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2006-06-05

rgod has reported two vulnerabilities in Claroline, which can be
exploited by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/20434/

 --

[SA20429] DokuWiki Spell Checker Code Execution Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2006-06-05

Stefan Esser has reported a vulnerability in DokuWiki, which can be
exploited by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/20429/

 --

[SA20426] AssoCIateD "root_path" File Inclusion Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2006-06-02

Kacper has discovered some vulnerabilities in AssoCIateD, which can be
exploited by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/20426/

 --

[SA20408] REDAXO "REX[INCLUDE_PATH]" File Inclusion Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2006-06-02

beford has discovered some vulnerabilities in REDAXO, which can be
exploited by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/20408/

 --

[SA20486] Open Business Management Multiple Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting, Manipulation of data
Released:    2006-06-07

r0t has reported some vulnerabilities in Open Business Management,
which can be exploited by malicious users to conduct SQL injection
attacks and by malicious people to conduct cross-site scripting
attacks.

Full Advisory:
http://secunia.com/advisories/20486/

 --

[SA20471] Kmita FAQ Cross-Site Scripting and SQL Injection
Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting, Manipulation of data
Released:    2006-06-06

luny has reported two vulnerabilities in Kmita FAQ, which can be
exploited by malicious people to conduct cross-site scripting and SQL
injection attacks.

Full Advisory:
http://secunia.com/advisories/20471/

 --

[SA20469] Alex News-Engine "newsid" Parameter SQL Injection
Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2006-06-06

ajann has discovered a vulnerability in Alex News-Engine, which can be
exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/20469/

 --

[SA20465] Coppermine Photo Gallery usermgr.php Unspecified
Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Unknown
Released:    2006-06-07

A vulnerability with an unknown impact has been reported in Coppermine
Photo Gallery.

Full Advisory:
http://secunia.com/advisories/20465/

 --

[SA20460] LifeType "articleId" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2006-06-05

rgod has discovered a vulnerability in LifeType, which can be exploited
by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/20460/

 --

[SA20458] MediaWiki Edit Form Script Insertion Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2006-06-06

A vulnerability has been reported in MediaWiki, which can be exploited
by malicious people to conduct script insertion attacks.

Full Advisory:
http://secunia.com/advisories/20458/

 --

[SA20450] Dmx Forum Disclosure of Sensitive Information

Critical:    Moderately critical
Where:       From remote
Impact:      Exposure of sensitive information
Released:    2006-06-06

DarkFig has discovered two security issues in Dmx Forum, which can be
exploited by malicious people to disclose sensitive information.

Full Advisory:
http://secunia.com/advisories/20450/

 --

[SA20447] Weblog Oggi Script Insertion Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2006-06-05

luny has discovered a vulnerability in Weblog Oggi, which can be
exploited by malicious users to conduct script insertion attacks.

Full Advisory:
http://secunia.com/advisories/20447/

 --

[SA20438] BlueShoes Framework Multiple File Inclusion Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2006-06-05

Kacper has reported some vulnerabilities in BlueShoes Framework, which
can be exploited by malicious people to compromise a vulnerable
system.

Full Advisory:
http://secunia.com/advisories/20438/

 --

[SA20433] FunkBoard Authentication Bypass and Cross-Site Scripting

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass, Cross Site Scripting
Released:    2006-06-06

Some vulnerabilities have been reported in FunkBoard, which can be
exploited by malicious people to bypass certain security restrictions
and to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/20433/

 --

[SA20428] Particle Wiki Script Insertion and SQL Injection

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting, Manipulation of data
Released:    2006-06-05

Some vulnerabilities have been discovered in Particle Wiki, which can
be exploited by malicious people to conduct script insertion attacks
and SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/20428/

 --

[SA20427] Particle Gallery "imageid" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2006-06-05

r0t has discovered a vulnerability in Particle Gallery, which can be
exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/20427/

 --

[SA20414] TAL RateMyPic Multiple Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting, Manipulation of data
Released:    2006-06-02

Some vulnerabilities have been discovered in TAL RateMyPic, which can
be exploited by malicious people to conduct script insertion attacks,
cross-site scripting attacks, and SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/20414/

 --

[SA20413] Snort "http_inspect" Preprocessor Bypass Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass
Released:    2006-06-02

Blake Hartstein has reported a vulnerability in Snort, which can be
exploited by malicious people to bypass certain security restrictions.

Full Advisory:
http://secunia.com/advisories/20413/

 --

[SA20410] Unak-CMS SQL Injection and Cross-Site Scripting
Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting, Manipulation of data
Released:    2006-06-02

Some vulnerabilities have been reported in Unak-CMS, which can be
exploited by malicious people to conduct cross-site scripting attacks
and SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/20410/

 --

[SA20409] SimpleBoard "sb_authorname" Script Insertion Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2006-06-02

Yannick von Arx has discovered a vulnerability in SimpleBoard, which
can be exploited by malicious people to conduct script insertion
attacks.

Full Advisory:
http://secunia.com/advisories/20409/

 --

[SA20452] TIBCO Rendezvous HTTP Administrative Interface Buffer
Overflow

Critical:    Moderately critical
Where:       From local network
Impact:      DoS, System access
Released:    2006-06-06

A vulnerability has been reported in TIBCO Rendezvous, which can be
exploited by malicious people to cause DoS (Denial of Service) and
potentially compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/20452/

 --

[SA20500] GD Graphics Library GIF File Handling Denial of Service

Critical:    Less critical
Where:       From remote
Impact:      DoS
Released:    2006-06-07

Xavier Roche has discovered a vulnerability in the GD Graphics Library,
which potentially can be exploited by malicious people to cause a DoS
(Denial of Service) against applications and services using libgd.

Full Advisory:
http://secunia.com/advisories/20500/

 --

[SA20491] Particle Links "username" Parameter Cross-Site Scripting

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2006-06-07

luny has discovered a vulnerability in Particle Links, which can be
exploited by malicious people to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/20491/

 --

[SA20490] Particle Whois "target" Parameter Cross-Site Scripting

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2006-06-07

luny has discovered a vulnerability in Particle Whois, which can be
exploited by malicious people to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/20490/

 --

[SA20478] DokuWiki Restricted Page Content Disclosure Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Security Bypass, Exposure of sensitive information
Released:    2006-06-07

A vulnerability has been reported in DokuWiki, which can be exploited
by malicious users to bypass certain security restrictions.

Full Advisory:
http://secunia.com/advisories/20478/

 --

[SA20472] Mozilla SeaMonkey File Upload Form Keystroke Event Cancel
Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Exposure of sensitive information
Released:    2006-06-06

A vulnerability has been reported in Mozilla SeaMonkey, which can be
exploited by malicious people to trick users into disclosing sensitive
information.

Full Advisory:
http://secunia.com/advisories/20472/

 --

[SA20470] Netscape File Upload Form Keystroke Event Cancel
Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Exposure of sensitive information
Released:    2006-06-06

A vulnerability has been reported in Netscape, which can be exploited
by malicious people to trick users into disclosing sensitive
information.

Full Advisory:
http://secunia.com/advisories/20470/

 --

[SA20467] Mozilla Suite File Upload Form Keystroke Event Cancel
Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Exposure of sensitive information
Released:    2006-06-06

A vulnerability has been reported in Mozilla Suite, which can be
exploited by malicious people to trick users into disclosing sensitive
information.

Full Advisory:
http://secunia.com/advisories/20467/

 --

[SA20455] KnowledgeTree Open Source Cross-Site Scripting
Vulnerabilities

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2006-06-06

r0t has reported two vulnerabilities in KnowledgeTree Open Source,
which can be exploited by malicious people to conduct cross-site
scripting attacks.

Full Advisory:
http://secunia.com/advisories/20455/

 --

[SA20453] PHP ManualMaker Multiple Cross-Site Scripting
Vulnerabilities

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2006-06-05

luny has reported some vulnerabilities in PHP ManualMaker, which can be
exploited by malicious people to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/20453/

 --

[SA20444] PHP Pro Publish "catname" Parameter Cross-Site Scripting

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2006-06-05

Soot has reported a vulnerability in PHP Pro Publish, which can be
exploited by malicious people to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/20444/

 --

[SA20442] Firefox File Upload Form Keystroke Event Cancel
Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Exposure of sensitive information
Released:    2006-06-06

Charles McAuley has reported a vulnerability in Firefox, which can be
exploited by malicious people to trick users into disclosing sensitive
information.

Full Advisory:
http://secunia.com/advisories/20442/

 --

[SA20441] OSADS Board Comments Script Insertion Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2006-06-05

A vulnerability has been discovered in OSADS, which can be exploited by
malicious users to conduct script insertion attacks.

Full Advisory:
http://secunia.com/advisories/20441/

 --

[SA20436] PyBlosxom Contributed Packages Cross-Site Scripting
Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2006-06-06

A vulnerability has been reported in Contributed Packages for PyBlosxom
1.3, which can be exploited by malicious people to conduct cross-site
scripting attacks.

Full Advisory:
http://secunia.com/advisories/20436/

 --

[SA20418] dotProject Cross-Site Scripting Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2006-06-05

A vulnerability has been reported in dotProject, which can be exploited
by malicious people to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/20418/

 --

[SA20417] LabWiki Cross-Site Scripting Vulnerabilities

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2006-06-05

Two vulnerabilities have been discovered in LabWiki, which can be
exploited by malicious people to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/20417/

 --

[SA20412] Drupal Taxonomy Module Cross-Site Scripting Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2006-06-02

A vulnerability has been reported in Drupal, which can be exploited by
malicious people to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/20412/

 --

[SA20431] TIBCO Hawk "tibhawkhma" Privilege Escalation Vulnerability

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2006-06-06

A vulnerability has been reported in TIBCO Hawk, which can be exploited
by malicious, local users to gain escalated privileges.

Full Advisory:
http://secunia.com/advisories/20431/



========================================================================

Secunia recommends that you verify all advisories you receive,
by clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only use
those supplied by the vendor.

Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/

Subscribe:
http://secunia.com/secunia_weekly_summary/

Contact details:
Web	: http://secunia.com/
E-mail	: support at secunia.com
Tel	: +45 70 20 51 44
Fax	: +45 70 20 51 45





More information about the ISN mailing list