[ISN] Secunia Weekly Summary - Issue: 2006-24
InfoSec News
isn at c4i.org
Fri Jun 16 04:30:15 EDT 2006
========================================================================
The Secunia Weekly Advisory Summary
2006-06-08 - 2006-06-15
This week: 149 advisories
========================================================================
Table of Contents:
1.....................................................Word From Secunia
2....................................................This Week In Brief
3...............................This Weeks Top Ten Most Read Advisories
4.......................................Vulnerabilities Summary Listing
5.......................................Vulnerabilities Content Listing
========================================================================
1) Word From Secunia:
The Secunia staff is spending hours every day to assure you the best
and most reliable source for vulnerability information. Every single
vulnerability report is being validated and verified before a Secunia
advisory is written.
Secunia validates and verifies vulnerability reports in many different
ways e.g. by downloading the software and performing comprehensive
tests, by reviewing source code, or by validating the credibility of
the source from which the vulnerability report was issued.
As a result, Secunia's database is the most correct and complete source
for recent vulnerability information available on the Internet.
Secunia Online Vulnerability Database:
http://secunia.com/
========================================================================
2) This Week in Brief:
Tuesday Microsoft issued a total of 12 bulletins.
One of the bulletins addressed the Extremely Critical Word
vulnerability which already has been exploited by malicious malware.
Another addressed the Internet Explorer vulnerability which was
discovered by Secunia Security Researcher Andreas Sandblad while
researching the crash bug reported by Michal Zalewski.
References:
http://secunia.com/SA20153
http://secunia.com/SA19762
--
VIRUS ALERTS:
During the past week Secunia collected 297 virus descriptions from the
Antivirus vendors. However, none were deemed MEDIUM risk or higher
according to the Secunia assessment scale.
========================================================================
3) This Weeks Top Ten Most Read Advisories:
1. [SA20153] Microsoft Word Malformed Object Pointer Vulnerability
2. [SA20595] Microsoft Internet Explorer Multiple Vulnerabilities
3. [SA20639] Microsoft Windows TCP/IP Protocol Driver Buffer Overflow
4. [SA19762] Internet Explorer Exception Handling Memory Corruption
Vulnerability
5. [SA20442] Firefox File Upload Form Keystroke Event Cancel
Vulnerability
6. [SA19521] Internet Explorer Window Loading Race Condition
Vulnerability
7. [SA20543] FilZip Multiple Archive Directory Traversal Vulnerability
8. [SA19738] Internet Explorer "mhtml:" Redirection Disclosure of
Sensitive Information
9. [SA20626] Windows Media Player PNG Processing Buffer Overflow
10. [SA15601] Mozilla / Mozilla Firefox Frame Injection Vulnerability
========================================================================
4) Vulnerabilities Summary Listing
Windows:
[SA20631] Microsoft Windows Graphics Rendering Engine Vulnerability
[SA20626] Windows Media Player PNG Processing Buffer Overflow
[SA20620] Microsoft JScript Memory Corruption Vulnerability
[SA20605] Microsoft Windows ART Image Handling Buffer Overflow
[SA20595] Microsoft Internet Explorer Multiple Vulnerabilities
[SA20575] WinSCP Protocol Handler Command Line Switch Injection
[SA20639] Microsoft Windows TCP/IP Protocol Driver Buffer Overflow
[SA20634] Microsoft Exchange Server Outlook Web Access Script
Insertion
[SA20609] ePhotos Multiple SQL Injection Vulnerabilities
[SA20574] CesarFTP MKD Command Buffer Overflow Vulnerability
[SA20556] MailEnable Enterprise Multiple WebMail Vulnerabilities
[SA20554] My Photo Scrapbook SQL Injection and Cross-Site Scripting
[SA20545] OfficeFlow Cross-Site Scripting and SQL Injection
Vulnerabilities
[SA20517] ASP ListPics Cross-Site Scripting and Script Insertion
[SA20637] Microsoft Windows RPC Mutual Authentication Vulnerability
[SA20630] Microsoft Windows Routing and Remote Access Vulnerabilities
[SA20617] fipsCMS "index.asp" Cross-Site Scripting Vulnerabilities
[SA20614] ClickGallery Cross-Site Scripting Vulnerabilities
[SA20610] i-Gallery Cross-Site Scripting Vulnerabilities
[SA20606] Uphotogallery thumbnails.asp Cross-Site Scripting
[SA20604] Xtreme ASP Photo Gallery Cross-Site Scripting
Vulnerabilities
[SA20603] DwZone Shopping Cart "ProductDetailsForm.asp" Cross-Site
Scripting
[SA20583] Cabacos Web CMS "suchtext" Parameter Cross-Site Scripting
[SA20582] CFXe CMS "voltext_suche" Parameter Cross-Site Scripting
[SA20578] LogiSphere Cross-Site Scripting Vulnerability
[SA20559] fipsGallery "path" Parameter Cross-Site Scripting
Vulnerability
[SA20553] EZGallery Multiple Cross-Site Scripting Vulnerabilities
[SA20544] VanillaSoft Helpdesk "username" Cross-Site Scripting
[SA20543] FilZip Multiple Archive Directory Traversal Vulnerability
[SA20537] WS-Album "FullPhoto.asp" Cross-Site Scripting
Vulnerabilities
[SA20527] ClickCart "cat" Parameter Cross-Site Scripting Vulnerability
[SA20635] Windows SMB Denial of Service and Privilege Escalation
[SA20629] Kaspersky Anti-Virus "klif.sys" Denial of Service
Vulnerability
UNIX/Linux:
[SA20669] Gentoo update for DokuWiki
[SA20592] Zeroboard ".htaccess" File Upload Vulnerability
[SA20569] free QBoard "qb_path" Parameter File Inclusion Vulnerability
[SA20561] Gentoo update for firefox
[SA20689] Ubuntu update for wv2
[SA20683] Slackware update for sendmail
[SA20675] IBM AIX update for Sendmail
[SA20673] SGI IRIX update for sendmail
[SA20671] Debian update for kernel-source-2.4.27
[SA20667] Avaya Products LibTIFF Multiple Vulnerabilities
[SA20665] wvWare wv2 Library Integer Overflow Vulnerability
[SA20654] SUSE update for sendmail
[SA20653] Avaya Products PostgreSQL Multiple Vulnerabilities
[SA20651] FreeBSD update for sendmail
[SA20650] Solaris update for sendmail
[SA20641] Red Hat update for sendmail
[SA20638] Mandriva update for freetype2
[SA20625] Red Hat update for mysql
[SA20624] Red Hat update for mailman
[SA20608] Gentoo update for wordpress
[SA20591] Debian update for freetype
[SA20564] Gentoo update for cscope
[SA20562] Gentoo update for mysql
[SA20555] SUSE update for postgresql
[SA20551] 0verkill Denial of Service Vulnerability
[SA20550] Ubuntu update for binutils
[SA20548] Ubuntu update for courier-mta
[SA20542] Debian update for webcalendar
[SA20541] Debian update for mysql-dfsg-4.1
[SA20531] Trustix updates for binutils / mysql / spamassassin
[SA20525] Ubuntu update for libfreetype6
[SA20520] Debian update for tiff
[SA20519] Courier Mail Server Username Encoding Denial of Service
[SA20658] Gentoo update for asterisk
[SA20566] Gentoo update for Spamassassin
[SA20676] SUSE update for php4 / php5
[SA20672] Debian update for horde3
[SA20627] SUSE Updates for Multiple Packages
[SA20622] Debian update for gforge
[SA20601] P.A.I.D "read" Parameter Cross-Site Scripting Vulnerability
[SA20571] Ubuntu update for libgd2
[SA20563] Gentoo update for jpeg
[SA20677] aRts "artswrapper" Helper Application setuid Security Issue
[SA20674] Ubuntu update for kdm
[SA20660] Red Hat update for kdebase
[SA20636] Gentoo update for gdm
[SA20616] Gentoo update for vixie-cron
[SA20602] KDE KDM Arbitrary File Reading Vulnerability
[SA20587] Mandriva update for gdm
[SA20552] Ubuntu update for gdm
[SA20532] GNOME Display Manager Configuration GUI Access Vulnerability
[SA20549] Ubuntu update for xine-lib
[SA20666] Avaya Products vixie-cron Exposure of Arbitrary Cron Files
Other:
[SA20618] FAST360 Appliance DNS Analysis Denial of Service
[SA20570] FAST360 Appliance HTTP Analysis Bypass Vulnerability
[SA20644] Cisco WebVPN Cross-Site Scripting Vulnerability
[SA20647] Symantec Security Information Manager Authentication Bypass
Cross Platform:
[SA20656] PictureDis Products "lang" Parameter File Inclusion
Vulnerability
[SA20633] Microsoft PowerPoint Malformed Record Vulnerability
[SA20632] Flipper Poll "root_path" File Inclusion Vulnerability
[SA20588] aePartner "dir[data]" File Inclusion Vulnerability
[SA20573] phpCMS "PHPCMS_INCLUDEPATH" File Inclusion Vulnerabilities
[SA20568] webprojectdb "INCDIR" Parameter File Inclusion
Vulnerabilities
[SA20558] AWF CMS "spaw_root" Parameter File Inclusion Vulnerability
[SA20557] Content*Builder File Inclusion Vulnerabilities
[SA20536] Minerva "phpbb_root_path" File Inclusion Vulnerability
[SA20522] Enterprise Payroll Systems "absolutepath" File Inclusion
[SA20687] phpBannerExchange "email" Parameter SQL Injection
[SA20648] TikiWiki Unspecified Cross-Site Scripting and SQL Injection
[SA20646] blur6ex "ID" Parameter SQL Injection Vulnerability
[SA20642] PhpMyFactures Multiple Vulnerabilities
[SA20613] Five Star Review Script Multiple Vulnerabilities
[SA20611] Mobile Space Community Multiple Vulnerabilities
[SA20607] tinyMuw "comment" Script Insertion Vulnerability
[SA20599] MyScrapbook Script Insertion Vulnerabilities
[SA20598] ST AdManager Lite Article Submission Script Insertion
Vulnerability
[SA20597] Coppermine Photo Gallery "add_hit()" SQL Injection
[SA20581] Fast Menu Restaurant Ordering Multiple Vulnerabilities
[SA20576] Adobe Reader Unspecified Vulnerabilities
[SA20547] i.List Cross-Site Scripting and Script Insertion
Vulnerabilities
[SA20535] E-Dating System Multiple Vulnerabilities
[SA20534] CS-Forum Multiple Vulnerabilities
[SA20529] Mafia Moblog "img" Parameter SQL Injection Vulnerability
[SA20526] PBL Guestbook Script Insertion Vulnerabilities
[SA20523] NPDS Local File Inclusion and Cross-Site Scripting
Vulnerabilities
[SA20521] KAPhotoservice Cross-Site Scripting and Script Insertion
[SA20623] iaxComm iaxclient Buffer Overflow Vulnerability
[SA20567] Kiax iaxclient Buffer Overflow Vulnerability
[SA20560] IDE FISK iaxclient Buffer Overflow Vulnerability
[SA20661] Horde Cross-Site Scripting Vulnerabilities
[SA20652] 35mm Slide Gallery Multiple Cross-Site Scripting
Vulnerabilities
[SA20640] Event Registration Multiple Cross-Site Scripting
Vulnerabilities
[SA20621] OkMall "search.php" Cross-Site Scripting Vulnerabilities
[SA20619] iFoto "file" Cross-Site Scripting Vulnerability
[SA20612] Mole Group Ticket Booking Script Cross-Site Scripting
[SA20594] QuickLinks "q" Cross-Site Scripting Vulnerability
[SA20593] OkArticles "q" Cross-Site Scripting Vulnerability
[SA20590] Ringlink "ringid" Cross-Site Scripting Vulnerabilities
[SA20586] Realty Room Rent "sel_menu" Cross-Site Scripting
Vulnerability
[SA20585] ZMS "raw" Parameter Cross-Site Scripting Vulnerability
[SA20584] Realty Home Rent "sel_menu" Cross-Site Scripting
Vulnerability
[SA20580] SubText MultiBlog Admin Logon Security Issue
[SA20577] Sylpheed URI Check Bypass Security Issue
[SA20572] myPHP Guestbook "lang" Cross-Site Scripting
[SA20565] Car Classifieds "make_id" Cross-Site Scripting Vulnerability
[SA20546] EvGenius Counter "page" Parameter Cross-Site Scripting
[SA20540] Chemical Directory Search Functionality Cross-Site Scripting
[SA20539] Easy Ad-Manager "mbid" Parameter Cross-Site Scripting
[SA20538] ViArt Shop Free Cross-Site Scripting Vulnerabilities
[SA20533] vSCAL / vsREAL Cross-Site Scripting Vulnerabilities
[SA20530] Ez Ringtone Manager Cross-Site Scripting Vulnerabilities
[SA20528] IntegraMOD "STYLE_URL" Parameter Cross-Site Scripting
[SA20524] SHOUTcast Server DJ Script Insertion Vulnerabilities
[SA20579] DB2 Universal Database Multiple Denial of Service
Vulnerabilities
[SA20518] Sun Grid Engine CSP Mode Authentication Security Issue
========================================================================
5) Vulnerabilities Content Listing
Windows:--
[SA20631] Microsoft Windows Graphics Rendering Engine Vulnerability
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2006-06-13
Symantec has reported a vulnerability in certain old versions of
Windows, which can be exploited by malicious people to compromise a
user's system.
Full Advisory:
http://secunia.com/advisories/20631/
--
[SA20626] Windows Media Player PNG Processing Buffer Overflow
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2006-06-13
iDefense Labs has reported a vulnerability in Windows Media Player,
which can be exploited by malicious people to compromise a user's
system.
Full Advisory:
http://secunia.com/advisories/20626/
--
[SA20620] Microsoft JScript Memory Corruption Vulnerability
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2006-06-13
A vulnerability has been reported in Microsoft Windows, which can be
exploited by malicious people to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/20620/
--
[SA20605] Microsoft Windows ART Image Handling Buffer Overflow
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2006-06-13
A vulnerability has been reported in Microsoft Windows, which can be
exploited by malicious people to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/20605/
--
[SA20595] Microsoft Internet Explorer Multiple Vulnerabilities
Critical: Highly critical
Where: From remote
Impact: Spoofing, System access
Released: 2006-06-13
Some vulnerabilities have been reported in Internet Explorer, which can
be exploited by malicious people to conduct phishing attacks and
compromise a user's system.
Full Advisory:
http://secunia.com/advisories/20595/
--
[SA20575] WinSCP Protocol Handler Command Line Switch Injection
Critical: Highly critical
Where: From remote
Impact: Manipulation of data, System access
Released: 2006-06-12
Jelmer Kuperus has discovered a vulnerability in WinSCP, which can be
exploited by malicious people to manipulate certain files on a user's
system and potentially to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/20575/
--
[SA20639] Microsoft Windows TCP/IP Protocol Driver Buffer Overflow
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2006-06-13
A vulnerability has been reported in Microsoft Windows, which can be
exploited by malicious people to cause a DoS (Denial of Service) or
potentially compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/20639/
--
[SA20634] Microsoft Exchange Server Outlook Web Access Script
Insertion
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting
Released: 2006-06-13
SEC Consult has reported a vulnerability in Microsoft Exchange Server,
which can be exploited by malicious people to conduct script insertion
attacks.
Full Advisory:
http://secunia.com/advisories/20634/
--
[SA20609] ePhotos Multiple SQL Injection Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2006-06-13
r0t has reported some vulnerabilities in ePhotos, which can be
exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/20609/
--
[SA20574] CesarFTP MKD Command Buffer Overflow Vulnerability
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2006-06-12
h07 has discovered a vulnerability in CesarFTP, which can be exploited
by malicious users to cause a DoS (Denial of Service) and potentially
compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/20574/
--
[SA20556] MailEnable Enterprise Multiple WebMail Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Security Bypass, Privilege escalation
Released: 2006-06-12
Soroush Dalili has discovered some vulnerabilities in MailEnable
Enterprise, which potentially can be exploited by malicious users to
gain escalated privileges, and by malicious people and users to bypass
certain security restrictions.
Full Advisory:
http://secunia.com/advisories/20556/
--
[SA20554] My Photo Scrapbook SQL Injection and Cross-Site Scripting
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting, Manipulation of data
Released: 2006-06-09
r0t has reported some vulnerabilities in My Photo Scrapbook, which can
be exploited by malicious people to conduct cross-site scripting and
SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/20554/
--
[SA20545] OfficeFlow Cross-Site Scripting and SQL Injection
Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting, Manipulation of data
Released: 2006-06-09
r0t has reported two vulnerabilities in OfficeFlow, which can be
exploited by malicious people to conduct cross-site scripting and SQL
injection attacks.
Full Advisory:
http://secunia.com/advisories/20545/
--
[SA20517] ASP ListPics Cross-Site Scripting and Script Insertion
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting
Released: 2006-06-09
Two vulnerabilities have been reported in ASP ListPics, which can be
exploited by malicious people to conduct cross-site scripting and
script insertion attacks.
Full Advisory:
http://secunia.com/advisories/20517/
--
[SA20637] Microsoft Windows RPC Mutual Authentication Vulnerability
Critical: Moderately critical
Where: From local network
Impact: Spoofing
Released: 2006-06-13
A vulnerability has been reported in Microsoft Windows, which can be
exploited by malicious people to spoof a valid RPC server.
Full Advisory:
http://secunia.com/advisories/20637/
--
[SA20630] Microsoft Windows Routing and Remote Access Vulnerabilities
Critical: Moderately critical
Where: From local network
Impact: System access
Released: 2006-06-13
Two vulnerabilities have been reported in Microsoft Windows, which can
be exploited by malicious people or users to compromise a vulnerable
system.
Full Advisory:
http://secunia.com/advisories/20630/
--
[SA20617] fipsCMS "index.asp" Cross-Site Scripting Vulnerabilities
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2006-06-12
r0t has reported some vulnerabilities in fipsCMS, which can be
exploited by malicious people to conduct cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/20617/
--
[SA20614] ClickGallery Cross-Site Scripting Vulnerabilities
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2006-06-13
r0t has reported two vulnerabilities in ClickGallery, which can be
exploited by malicious people to conduct cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/20614/
--
[SA20610] i-Gallery Cross-Site Scripting Vulnerabilities
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2006-06-13
r0t has reported some vulnerabilities in i-Gallery, which can be
exploited by malicious people to conduct cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/20610/
--
[SA20606] Uphotogallery thumbnails.asp Cross-Site Scripting
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2006-06-13
r0t has reported a vulnerability in Uphotogallery, which can be
exploited by malicious people to conduct cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/20606/
--
[SA20604] Xtreme ASP Photo Gallery Cross-Site Scripting
Vulnerabilities
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2006-06-13
r0t has discovered some vulnerabilities in Xtreme ASP Photo Gallery,
which can be exploited by malicious people to conduct cross-site
scripting attacks.
Full Advisory:
http://secunia.com/advisories/20604/
--
[SA20603] DwZone Shopping Cart "ProductDetailsForm.asp" Cross-Site
Scripting
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2006-06-13
r0t has reported two vulnerabilities in DwZone Shopping Cart, which can
be exploited by malicious people to conduct cross-site scripting
attacks.
Full Advisory:
http://secunia.com/advisories/20603/
--
[SA20583] Cabacos Web CMS "suchtext" Parameter Cross-Site Scripting
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2006-06-12
David "Aesthetico" Vieira-Kurz has reported a vulnerability in Cabacos
Web CMS, which can be exploited by malicious people to conduct
cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/20583/
--
[SA20582] CFXe CMS "voltext_suche" Parameter Cross-Site Scripting
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2006-06-12
David "Aesthetico" Vieira-Kurz has reported a vulnerability in CFXe
CMS, which can be exploited by malicious people to conduct cross-site
scripting attacks.
Full Advisory:
http://secunia.com/advisories/20582/
--
[SA20578] LogiSphere Cross-Site Scripting Vulnerability
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2006-06-12
Ziv Kamir has discovered a vulnerability in LogiSphere, which can be
exploited by malicious people to conduct cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/20578/
--
[SA20559] fipsGallery "path" Parameter Cross-Site Scripting
Vulnerability
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2006-06-12
r0t has reported a vulnerability in fipsGallery, which can be exploited
by malicious people to conduct cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/20559/
--
[SA20553] EZGallery Multiple Cross-Site Scripting Vulnerabilities
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2006-06-12
r0t has reported some vulnerabilities in EZGallery, which can be
exploited by malicious people to conduct cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/20553/
--
[SA20544] VanillaSoft Helpdesk "username" Cross-Site Scripting
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2006-06-09
r0t has reported a vulnerability in VanillaSoft Helpdesk, which can be
exploited by malicious people to conduct cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/20544/
--
[SA20543] FilZip Multiple Archive Directory Traversal Vulnerability
Critical: Less critical
Where: From remote
Impact: System access
Released: 2006-06-09
Claus Berghamer has discovered a vulnerability in FilZip, which
potentially can be exploited by malicious people to compromise a user's
system.
Full Advisory:
http://secunia.com/advisories/20543/
--
[SA20537] WS-Album "FullPhoto.asp" Cross-Site Scripting
Vulnerabilities
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2006-06-12
r0t has discovered some vulnerabilities in WS-Album, which can be
exploited by malicious people to conduct cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/20537/
--
[SA20527] ClickCart "cat" Parameter Cross-Site Scripting Vulnerability
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2006-06-12
r0t has reported a vulnerability in ClickCart, which can be exploited
by malicious people to conduct cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/20527/
--
[SA20635] Windows SMB Denial of Service and Privilege Escalation
Critical: Less critical
Where: Local system
Impact: Privilege escalation, DoS
Released: 2006-06-13
Ruben Santamarta has reported two vulnerabilities in Microsoft Windows,
which can be exploited by malicious, local users to cause a DoS (Denial
of Service) and gain escalated privileges.
Full Advisory:
http://secunia.com/advisories/20635/
--
[SA20629] Kaspersky Anti-Virus "klif.sys" Denial of Service
Vulnerability
Critical: Not critical
Where: Local system
Impact: DoS
Released: 2006-06-14
Skywing has discovered a vulnerability in Kaspersky Anti-Virus, which
potentially can be exploited by malicious, local users to cause a DoS
(Denial of Service).
Full Advisory:
http://secunia.com/advisories/20629/
UNIX/Linux:--
[SA20669] Gentoo update for DokuWiki
Critical: Highly critical
Where: From remote
Impact: Security Bypass, Exposure of sensitive information, System
access
Released: 2006-06-15
Gentoo has issued an update for DokuWiki. This fixes some
vulnerabilities, which can be exploited by malicious users to bypass
certain security restrictions and by malicious people to compromise a
vulnerable system.
Full Advisory:
http://secunia.com/advisories/20669/
--
[SA20592] Zeroboard ".htaccess" File Upload Vulnerability
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2006-06-13
Richard Son has discovered a vulnerability in Zeroboard, which can be
exploited by malicious people to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/20592/
--
[SA20569] free QBoard "qb_path" Parameter File Inclusion Vulnerability
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2006-06-12
Kacper has reported a vulnerability in free QBoard, which can be
exploited by malicious people to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/20569/
--
[SA20561] Gentoo update for firefox
Critical: Highly critical
Where: From remote
Impact: Security Bypass, Cross Site Scripting, System access
Released: 2006-06-12
Gentoo has issued an update for firefox. This fixes multiple
vulnerabilities, which can be exploited by malicious people to bypass
certain security restrictions, conduct cross-site scripting and HTTP
response smuggling attacks, and potentially compromise a user's
system.
Full Advisory:
http://secunia.com/advisories/20561/
--
[SA20689] Ubuntu update for wv2
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2006-06-15
Ubuntu has issued an update for wv2. This fixes a vulnerability, which
potentially can be exploited by malicious people to compromise an
application using the library.
Full Advisory:
http://secunia.com/advisories/20689/
--
[SA20683] Slackware update for sendmail
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2006-06-15
Slackware has issued an update for sendmail. This fixes a
vulnerability, which can be exploited by malicious people to cause a
DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/20683/
--
[SA20675] IBM AIX update for Sendmail
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2006-06-15
IBM has acknowledged a vulnerability in sendmail, which can be
exploited by malicious people to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/20675/
--
[SA20673] SGI IRIX update for sendmail
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2006-06-15
SGI has issued an update for sendmail. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service).
Full Advisory:
http://secunia.com/advisories/20673/
--
[SA20671] Debian update for kernel-source-2.4.27
Critical: Moderately critical
Where: From remote
Impact: Security Bypass, Exposure of system information, Exposure
of sensitive information, DoS
Released: 2006-06-15
Debian has issued an update for kernel-source-2.4.27. This fixes some
vulnerabilities and weaknesses, which can be exploited by malicious,
local users to bypass certain security restrictions, disclose
potentially sensitive information and cause a DoS (Denial of Service),
and by malicious people to bypass certain security restrictions, gain
knowledge of certain system information, and cause a DoS.
Full Advisory:
http://secunia.com/advisories/20671/
--
[SA20667] Avaya Products LibTIFF Multiple Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2006-06-14
Avaya has acknowledged some vulnerabilities in various Avaya products,
which can be exploited by malicious people to cause a DoS (Denial of
Service) and potentially compromise a user's system.
Full Advisory:
http://secunia.com/advisories/20667/
--
[SA20665] wvWare wv2 Library Integer Overflow Vulnerability
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2006-06-15
A vulnerability has been reported in wvWare wv2 Library, which
potentially can be exploited by malicious people to compromise an
application using the library.
Full Advisory:
http://secunia.com/advisories/20665/
--
[SA20654] SUSE update for sendmail
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2006-06-15
SUSE has issued an update for sendmail. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service).
Full Advisory:
http://secunia.com/advisories/20654/
--
[SA20653] Avaya Products PostgreSQL Multiple Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Security Bypass, Manipulation of data
Released: 2006-06-14
Avaya has acknowledged two vulnerabilities and a weakness in various
Avaya products, which potentially can be exploited by malicious, local
users to bypass certain security restrictions, and by malicious people
to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/20653/
--
[SA20651] FreeBSD update for sendmail
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2006-06-15
FreeBSD has issued an update for sendmail. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service).
Full Advisory:
http://secunia.com/advisories/20651/
--
[SA20650] Solaris update for sendmail
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2006-06-15
Sun has acknowledged an update for sendmail. This fixes a
vulnerability, which can be exploited by malicious people to cause a
DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/20650/
--
[SA20641] Red Hat update for sendmail
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2006-06-15
Red Hat has issued an update for sendmail. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service).
Full Advisory:
http://secunia.com/advisories/20641/
--
[SA20638] Mandriva update for freetype2
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2006-06-13
Mandriva has issued an update for freetype2. This fixes some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service) and potentially compromise a vulnerable
system.
Full Advisory:
http://secunia.com/advisories/20638/
--
[SA20625] Red Hat update for mysql
Critical: Moderately critical
Where: From remote
Impact: Security Bypass, Manipulation of data, Exposure of
sensitive information
Released: 2006-06-12
Red Hat has issued an update for mysql. This fixes a security issue and
some vulnerabilities, which can be exploited by malicious users to
bypass certain security restrictions and to disclose potentially
sensitive information, and potentially by malicious people to conduct
SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/20625/
--
[SA20624] Red Hat update for mailman
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2006-06-12
Red Hat has issued an update for mailman. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service).
Full Advisory:
http://secunia.com/advisories/20624/
--
[SA20608] Gentoo update for wordpress
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2006-06-12
Gentoo has issued an update for wordpress. This fixes a vulnerability,
which can be exploited by malicious users to compromise a vulnerable
system.
Full Advisory:
http://secunia.com/advisories/20608/
--
[SA20591] Debian update for freetype
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2006-06-12
Debian has issued an update for freetype. This fixes some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service) and potentially compromise a vulnerable
system.
Full Advisory:
http://secunia.com/advisories/20591/
--
[SA20564] Gentoo update for cscope
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2006-06-12
Gentoo has issued an update for cscope. This fixes a vulnerability,
which can be exploited by malicious people to potentially compromise a
user's system.
Full Advisory:
http://secunia.com/advisories/20564/
--
[SA20562] Gentoo update for mysql
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2006-06-12
Gentoo has issued an update for MySQL. This fixes a vulnerability,
which potentially can be exploited by malicious people to conduct SQL
injection attacks.
Full Advisory:
http://secunia.com/advisories/20562/
--
[SA20555] SUSE update for postgresql
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2006-06-12
SUSE has issued an update for postgresql. This fixes two
vulnerabilities, which potentially can be exploited by malicious people
to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/20555/
--
[SA20551] 0verkill Denial of Service Vulnerability
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2006-06-09
Federico Fazzi has discovered a vulnerability in 0verkill, which can be
exploited by malicious people to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/20551/
--
[SA20550] Ubuntu update for binutils
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2006-06-09
Ubuntu has issued an update for binutils. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service) and potentially compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/20550/
--
[SA20548] Ubuntu update for courier-mta
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2006-06-09
Ubuntu has issued an update for courier-mta. This fixes a
vulnerability, which potentially can be exploited by malicious people
to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/20548/
--
[SA20542] Debian update for webcalendar
Critical: Moderately critical
Where: From remote
Impact: Security Bypass, Exposure of sensitive information
Released: 2006-06-13
Debian has issued an update for webcalendar. This fixes a
vulnerability, which can be exploited by malicious people to bypass
certain security restrictions and disclose sensitive information.
Full Advisory:
http://secunia.com/advisories/20542/
--
[SA20541] Debian update for mysql-dfsg-4.1
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2006-06-09
Debian has issued an update for mysql-dfsg-4.1. This fixes a
vulnerability, which potentially can be exploited by malicious people
to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/20541/
--
[SA20531] Trustix updates for binutils / mysql / spamassassin
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data, DoS, System access
Released: 2006-06-09
Trustix has issued updates for binutils, mysql, and spamassassin. These
fix some vulnerabilities, which can be exploited by malicious people to
conduct SQL injection attacks, cause a DoS (Denial of Service), and
potentially compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/20531/
--
[SA20525] Ubuntu update for libfreetype6
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2006-06-09
Ubuntu has issued an update for libfreetype6. This fixes some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service) and potentially compromise a vulnerable
system.
Full Advisory:
http://secunia.com/advisories/20525/
--
[SA20520] Debian update for tiff
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2006-06-08
Debian has issued an update for tiff. This fixes a vulnerability, which
can be exploited by malicious people to cause a DoS (Denial of Service)
and potentially compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/20520/
--
[SA20519] Courier Mail Server Username Encoding Denial of Service
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2006-06-08
A vulnerability has been reported in Courier Mail Server, which
potentially can be exploited by malicious people to cause a DoS (Denial
of Service).
Full Advisory:
http://secunia.com/advisories/20519/
--
[SA20658] Gentoo update for asterisk
Critical: Moderately critical
Where: From local network
Impact: System access
Released: 2006-06-15
Gentoo has issued an update for asterisk. This fixes a vulnerability,
which can be exploited by malicious people to compromise a vulnerable
system.
Full Advisory:
http://secunia.com/advisories/20658/
--
[SA20566] Gentoo update for Spamassassin
Critical: Moderately critical
Where: From local network
Impact: System access
Released: 2006-06-12
Gentoo has issued an update for spamassassin. This fixes a
vulnerability, which can be exploited by malicious people to compromise
a vulnerable system.
Full Advisory:
http://secunia.com/advisories/20566/
--
[SA20676] SUSE update for php4 / php5
Critical: Less critical
Where: From remote
Impact: DoS, System access
Released: 2006-06-15
SUSE has issued an update for php. This fixes some vulnerabilities,
which potentially can be exploited by malicious people to cause a DoS
(Denial of Service) or to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/20676/
--
[SA20672] Debian update for horde3
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2006-06-15
Debian has issued an update for horde3. This fixes some
vulnerabilities, which can be exploited by malicious people to conduct
cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/20672/
--
[SA20627] SUSE Updates for Multiple Packages
Critical: Less critical
Where: From remote
Impact: Security Bypass, Cross Site Scripting
Released: 2006-06-12
SUSE has issued updates for multiple packages. These fix
vulnerabilities, which can be exploited by malicious, local users to
bypass certain security restrictions and by malicious people to conduct
cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/20627/
--
[SA20622] Debian update for gforge
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2006-06-12
Debian has issued an update for gforge. This fixes some
vulnerabilities, which can be exploited by malicious people to conduct
cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/20622/
--
[SA20601] P.A.I.D "read" Parameter Cross-Site Scripting Vulnerability
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2006-06-13
luny has reported a vulnerability in P.A.I.D, which can be exploited by
malicious people to conduct cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/20601/
--
[SA20571] Ubuntu update for libgd2
Critical: Less critical
Where: From remote
Impact: DoS
Released: 2006-06-14
Ubuntu has issued an update for libgd2. This fixes a vulnerability,
which potentially can be exploited by malicious people to cause a DoS
(Denial of Service) against applications and services using libgd2.
Full Advisory:
http://secunia.com/advisories/20571/
--
[SA20563] Gentoo update for jpeg
Critical: Less critical
Where: From remote
Impact: DoS
Released: 2006-06-12
Gentoo has issued an update for jpeg. This fixes a security issue,
which potentially can be malicious people to cause a DoS (Denial of
Service) against applications and services using the jpeg library.
Full Advisory:
http://secunia.com/advisories/20563/
--
[SA20677] aRts "artswrapper" Helper Application setuid Security Issue
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2006-06-15
A security issue has been reported in aRts, which potentially can be
exploited by malicious, local users to perform certain actions with
escalated privileges.
Full Advisory:
http://secunia.com/advisories/20677/
--
[SA20674] Ubuntu update for kdm
Critical: Less critical
Where: Local system
Impact: Exposure of sensitive information
Released: 2006-06-15
Ubuntu has issued an update for kdm. This fixes a vulnerability, which
can be exploited by malicious, local users to gain knowledge of
sensitive information.
Full Advisory:
http://secunia.com/advisories/20674/
--
[SA20660] Red Hat update for kdebase
Critical: Less critical
Where: Local system
Impact: Exposure of sensitive information
Released: 2006-06-15
Red Hat has issued an update for kdm. This fixes a vulnerability, which
can be exploited by malicious, local users to gain knowledge of
sensitive information.
Full Advisory:
http://secunia.com/advisories/20660/
--
[SA20636] Gentoo update for gdm
Critical: Less critical
Where: Local system
Impact: Security Bypass
Released: 2006-06-13
Gentoo has issued an update for gdm. This fixes a vulnerability, which
can be exploited by malicious, local users to bypass certain security
restrictions.
Full Advisory:
http://secunia.com/advisories/20636/
--
[SA20616] Gentoo update for vixie-cron
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2006-06-12
Gentoo has issued an update for vixie-cron. This fixes a security
issue, which potentially can be exploited by malicious, local users to
perform certain actions with escalated privileges.
Full Advisory:
http://secunia.com/advisories/20616/
--
[SA20602] KDE KDM Arbitrary File Reading Vulnerability
Critical: Less critical
Where: Local system
Impact: Exposure of sensitive information
Released: 2006-06-15
A vulnerability has been reported in KDE, which can be exploited by
malicious, local users to gain knowledge of sensitive information.
Full Advisory:
http://secunia.com/advisories/20602/
--
[SA20587] Mandriva update for gdm
Critical: Less critical
Where: Local system
Impact: Security Bypass
Released: 2006-06-14
Mandriva has issued an update for gdm. This fixes a vulnerability,
which can be exploited by malicious, local users to bypass certain
security restrictions.
Full Advisory:
http://secunia.com/advisories/20587/
--
[SA20552] Ubuntu update for gdm
Critical: Less critical
Where: Local system
Impact: Security Bypass
Released: 2006-06-09
Ubuntu has issued an update for gdm. This fixes a vulnerability, which
can be exploited by malicious, local users to bypass certain security
restrictions.
Full Advisory:
http://secunia.com/advisories/20552/
--
[SA20532] GNOME Display Manager Configuration GUI Access Vulnerability
Critical: Less critical
Where: Local system
Impact: Security Bypass
Released: 2006-06-09
Victor Daniel has reported a vulnerability in GNOME Display Manager
(GDM), which can be exploited by malicious, local users to bypass
certain security restrictions.
Full Advisory:
http://secunia.com/advisories/20532/
--
[SA20549] Ubuntu update for xine-lib
Critical: Not critical
Where: From remote
Impact: DoS
Released: 2006-06-09
Ubuntu has issued an update for xine-lib. This fixes a weakness, which
can be exploited by malicious people to crash certain applications on a
user's system.
Full Advisory:
http://secunia.com/advisories/20549/
--
[SA20666] Avaya Products vixie-cron Exposure of Arbitrary Cron Files
Critical: Not critical
Where: Local system
Impact: Exposure of system information
Released: 2006-06-14
Avaya has acknowledged a vulnerability in various products, which can
be exploited by malicious, local users to read arbitrary cron files.
Full Advisory:
http://secunia.com/advisories/20666/
Other:--
[SA20618] FAST360 Appliance DNS Analysis Denial of Service
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2006-06-12
A vulnerability has been reported in FAST360 Appliance, which can be
exploited by malicious people to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/20618/
--
[SA20570] FAST360 Appliance HTTP Analysis Bypass Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Security Bypass
Released: 2006-06-12
A vulnerability has been reported in FAST360 Appliance, which can be
exploited by malicious people to bypass certain security restrictions.
Full Advisory:
http://secunia.com/advisories/20570/
--
[SA20644] Cisco WebVPN Cross-Site Scripting Vulnerability
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2006-06-14
A vulnerability has been reported in Cisco WebVPN, which can be
exploited by malicious people to conduct cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/20644/
--
[SA20647] Symantec Security Information Manager Authentication Bypass
Critical: Less critical
Where: Local system
Impact: Security Bypass
Released: 2006-06-14
A vulnerability has been reported in Symantec Security Information
Manager, which can be exploited by malicious, local users to bypass
certain security restrictions.
Full Advisory:
http://secunia.com/advisories/20647/
Cross Platform:--
[SA20656] PictureDis Products "lang" Parameter File Inclusion
Vulnerability
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2006-06-15
spykids has discovered some vulnerabilities in PictureDis products,
which can be exploited by malicious people to compromise a vulnerable
system.
Full Advisory:
http://secunia.com/advisories/20656/
--
[SA20633] Microsoft PowerPoint Malformed Record Vulnerability
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2006-06-13
A vulnerability has been reported in Microsoft PowerPoint, which can be
exploited by malicious people to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/20633/
--
[SA20632] Flipper Poll "root_path" File Inclusion Vulnerability
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2006-06-15
SpC-x has reported a vulnerability in Flipper Poll, which can be
exploited by malicious people to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/20632/
--
[SA20588] aePartner "dir[data]" File Inclusion Vulnerability
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2006-06-12
Kacper has discovered a vulnerability in aePartner, which can be
exploited by malicious people to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/20588/
--
[SA20573] phpCMS "PHPCMS_INCLUDEPATH" File Inclusion Vulnerabilities
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2006-06-13
Federico Fazzi has discovered some vulnerabilities in phpCMS, which can
be exploited by malicious people to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/20573/
--
[SA20568] webprojectdb "INCDIR" Parameter File Inclusion
Vulnerabilities
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2006-06-12
Kacper has discovered two vulnerabilities in webprojectdb, which can be
exploited by malicious people to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/20568/
--
[SA20558] AWF CMS "spaw_root" Parameter File Inclusion Vulnerability
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2006-06-12
Federico Fazzi has discovered a vulnerability in AWF CMS, which can be
exploited by malicious people to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/20558/
--
[SA20557] Content*Builder File Inclusion Vulnerabilities
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2006-06-12
Some vulnerabilities have been reported in Content*Builder, which can
be exploited by malicious people to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/20557/
--
[SA20536] Minerva "phpbb_root_path" File Inclusion Vulnerability
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2006-06-13
Kacper has discovered a vulnerability in Minerva, which can be
exploited by malicious people to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/20536/
--
[SA20522] Enterprise Payroll Systems "absolutepath" File Inclusion
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2006-06-09
Kacper has discovered two vulnerabilities in Enterprise Payroll
Systems, which can be exploited by malicious people to compromise a
vulnerable system.
Full Advisory:
http://secunia.com/advisories/20522/
--
[SA20687] phpBannerExchange "email" Parameter SQL Injection
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2006-06-15
RedTeam has reported a vulnerability in phpBannerExchange, which can be
exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/20687/
--
[SA20648] TikiWiki Unspecified Cross-Site Scripting and SQL Injection
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting, Manipulation of data
Released: 2006-06-14
securitynews has reported some vulnerabilities in TikiWiki, which can
be exploited by malicious people to conduct cross-site scripting and
SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/20648/
--
[SA20646] blur6ex "ID" Parameter SQL Injection Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2006-06-14
rgod has reported a vulnerability in blue6ex, which can be exploited by
malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/20646/
--
[SA20642] PhpMyFactures Multiple Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Security Bypass, Cross Site Scripting, Manipulation of
data
Released: 2006-06-14
DarkFig has discovered some vulnerabilities in PhpMyFactures, which can
be exploited by malicious people to conduct cross-site scripting and SQL
injection attacks, and to bypass certain security restrictions.
Full Advisory:
http://secunia.com/advisories/20642/
--
[SA20613] Five Star Review Script Multiple Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting
Released: 2006-06-14
luny has reported some vulnerabilities in Five Star Review Script,
which can be exploited by malicious users to conduct script insertion
attacks and by malicious people to conduct cross-site scripting
attacks.
Full Advisory:
http://secunia.com/advisories/20613/
--
[SA20611] Mobile Space Community Multiple Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting, Manipulation of data, Exposure of
sensitive information
Released: 2006-06-13
luny has reported some vulnerabilities in Mobile Space Community, which
can be exploited by malicious people to conduct script insertion and SQL
injection attacks, and potentially disclose sensitive information.
Full Advisory:
http://secunia.com/advisories/20611/
--
[SA20607] tinyMuw "comment" Script Insertion Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting
Released: 2006-06-13
luny has reported a vulnerability in tinyMuw, which can be exploited by
malicious users to conduct script insertion attacks.
Full Advisory:
http://secunia.com/advisories/20607/
--
[SA20599] MyScrapbook Script Insertion Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting
Released: 2006-06-13
luny has reported two vulnerabilities in MyScrapbook, which can be
exploited by malicious people to conduct script insertion attacks.
Full Advisory:
http://secunia.com/advisories/20599/
--
[SA20598] ST AdManager Lite Article Submission Script Insertion
Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting
Released: 2006-06-12
luny has reported a vulnerability in ST AdManager Lite, which can be
exploited by malicious people to conduct script insertion attacks.
Full Advisory:
http://secunia.com/advisories/20598/
--
[SA20597] Coppermine Photo Gallery "add_hit()" SQL Injection
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2006-06-13
imei addmimistrator has discovered two vulnerabilities in Coppermine
Photo Gallery, which can be exploited by malicious people to conduct
SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/20597/
--
[SA20581] Fast Menu Restaurant Ordering Multiple Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting, Manipulation of data
Released: 2006-06-14
luny has reported some vulnerabilities in Fast Menu Restaurant
Ordering, which can be exploited by malicious people to conduct
cross-site scripting attacks and SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/20581/
--
[SA20576] Adobe Reader Unspecified Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Unknown
Released: 2006-06-15
Some vulnerabilities with unknown impacts have been reported in Adobe
Reader.
Full Advisory:
http://secunia.com/advisories/20576/
--
[SA20547] i.List Cross-Site Scripting and Script Insertion
Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting
Released: 2006-06-09
David 'Aesthetico' Vieira-Kurz has discovered some vulnerabilities in
i.List, which can be exploited by malicious people to conduct
cross-site scripting and script insertion attacks.
Full Advisory:
http://secunia.com/advisories/20547/
--
[SA20535] E-Dating System Multiple Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting, Exposure of system information,
Exposure of sensitive information
Released: 2006-06-09
luny has reported some vulnerabilities and a security issue in E-Dating
System, which can be exploited by malicious people to conduct cross-site
scripting and script insertion attacks, and disclose sensitive
information.
Full Advisory:
http://secunia.com/advisories/20535/
--
[SA20534] CS-Forum Multiple Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting, Manipulation of data, Exposure of
system information, Security Bypass
Released: 2006-06-13
DarkFig has reported some vulnerabilities in CS-Forum, which can be
exploited by malicious people to conduct cross-site scripting and SQL
injection attacks, and use it as an open mail relay.
Full Advisory:
http://secunia.com/advisories/20534/
--
[SA20529] Mafia Moblog "img" Parameter SQL Injection Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2006-06-09
Simo64 has discovered a vulnerability in Mafia Moblog, which can be
exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/20529/
--
[SA20526] PBL Guestbook Script Insertion Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting
Released: 2006-06-09
luny has discovered some vulnerabilities in PBL Guestbook, which can be
exploited by malicious people to conduct script insertion attacks.
Full Advisory:
http://secunia.com/advisories/20526/
--
[SA20523] NPDS Local File Inclusion and Cross-Site Scripting
Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting, Exposure of system information,
Exposure of sensitive information
Released: 2006-06-09
DarkFig has discovered some vulnerabilities in NPDS, which can be
exploited by malicious people to conduct cross-site scripting attacks
and to disclose potentially sensitive information.
Full Advisory:
http://secunia.com/advisories/20523/
--
[SA20521] KAPhotoservice Cross-Site Scripting and Script Insertion
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting
Released: 2006-06-09
r0t has reported some vulnerabilities in KAPhotoservice, which can be
exploited by malicious people to conduct cross-site scripting and
script insertion attacks.
Full Advisory:
http://secunia.com/advisories/20521/
--
[SA20623] iaxComm iaxclient Buffer Overflow Vulnerability
Critical: Moderately critical
Where: From local network
Impact: DoS, System access
Released: 2006-06-12
Two vulnerabilities have been reported in iaxComm, which can be
exploited by malicious people to cause a DoS (Denial of Service) and
potentially to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/20623/
--
[SA20567] Kiax iaxclient Buffer Overflow Vulnerability
Critical: Moderately critical
Where: From local network
Impact: System access, DoS
Released: 2006-06-12
Two vulnerabilities have been reported in Kiax, which can be exploited
by malicious people to cause a DoS (Denial of Service) and potentially
to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/20567/
--
[SA20560] IDE FISK iaxclient Buffer Overflow Vulnerability
Critical: Moderately critical
Where: From local network
Impact: DoS, System access
Released: 2006-06-12
Two vulnerabilities have been reported in IDE FISK (IDEFISK), which can
be exploited by malicious people to cause a DoS (Denial of Service) and
potentially to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/20560/
--
[SA20661] Horde Cross-Site Scripting Vulnerabilities
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2006-06-15
Some vulnerabilities have been reported in Horde, which can be
exploited by malicious people to conduct cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/20661/
--
[SA20652] 35mm Slide Gallery Multiple Cross-Site Scripting
Vulnerabilities
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2006-06-15
black-code has reported some vulnerabilities in 35mm Slide Gallery,
which can be exploited by malicious people to conduct cross-site
scripting attacks.
Full Advisory:
http://secunia.com/advisories/20652/
--
[SA20640] Event Registration Multiple Cross-Site Scripting
Vulnerabilities
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2006-06-14
luny has reported some vulnerabilities in Event Registration, which can
be exploited by malicious people to conduct cross-site scripting
attacks.
Full Advisory:
http://secunia.com/advisories/20640/
--
[SA20621] OkMall "search.php" Cross-Site Scripting Vulnerabilities
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2006-06-12
luny has reported some vulnerabilities in OkMall, which can be
exploited by malicious people to conduct cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/20621/
--
[SA20619] iFoto "file" Cross-Site Scripting Vulnerability
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2006-06-12
luny has discovered a vulnerability in iFoto, which can be exploited by
malicious people to conduct cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/20619/
--
[SA20612] Mole Group Ticket Booking Script Cross-Site Scripting
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2006-06-13
luny has reported a vulnerability Mole Group Ticket Booking Script,
which can be exploited by malicious people to conduct cross-site
scripting attacks.
Full Advisory:
http://secunia.com/advisories/20612/
--
[SA20594] QuickLinks "q" Cross-Site Scripting Vulnerability
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2006-06-12
luny has reported a vulnerability in QuickLinks, which can be exploited
by malicious people to conduct cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/20594/
--
[SA20593] OkArticles "q" Cross-Site Scripting Vulnerability
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2006-06-12
luny has reported a vulnerability in OkArticles, which can be exploited
by malicious people to conduct cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/20593/
--
[SA20590] Ringlink "ringid" Cross-Site Scripting Vulnerabilities
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2006-06-12
luny has reported some vulnerabilities in Ringlink, which can be
exploited by malicious people to conduct cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/20590/
--
[SA20586] Realty Room Rent "sel_menu" Cross-Site Scripting
Vulnerability
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2006-06-14
luny has reported a vulnerability in Realty Room Rent, which can be
exploited by malicious people to conduct cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/20586/
--
[SA20585] ZMS "raw" Parameter Cross-Site Scripting Vulnerability
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2006-06-12
David "Aesthetico" Vieira-Kurz has discovered a vulnerability in ZMS,
which can be exploited by malicious people to conduct cross-site
scripting attacks.
Full Advisory:
http://secunia.com/advisories/20585/
--
[SA20584] Realty Home Rent "sel_menu" Cross-Site Scripting
Vulnerability
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2006-06-14
luny has reported a vulnerability in Realty Home Rent, which can be
exploited by malicious people to conduct cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/20584/
--
[SA20580] SubText MultiBlog Admin Logon Security Issue
Critical: Less critical
Where: From remote
Impact: Security Bypass
Released: 2006-06-12
A security issue has been reported in SubText, which can be exploited
by malicious users to bypass certain security restrictions.
Full Advisory:
http://secunia.com/advisories/20580/
--
[SA20577] Sylpheed URI Check Bypass Security Issue
Critical: Less critical
Where: From remote
Impact: Security Bypass
Released: 2006-06-12
A security issue has been reported in Sylpheed, which potentially can
be exploited by malicious people to bypass certain security
restrictions.
Full Advisory:
http://secunia.com/advisories/20577/
--
[SA20572] myPHP Guestbook "lang" Cross-Site Scripting
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2006-06-13
x0r_1 has discovered a vulnerability in myPHP Guestbook, which can be
exploited by malicious people to conduct cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/20572/
--
[SA20565] Car Classifieds "make_id" Cross-Site Scripting Vulnerability
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2006-06-14
luny has reported a vulnerability in Car Classifieds, which can be
exploited by malicious people to conduct cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/20565/
--
[SA20546] EvGenius Counter "page" Parameter Cross-Site Scripting
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2006-06-13
r0t has reported two vulnerabilities in EvGenius Counter, which can be
exploited by malicious people to conduct cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/20546/
--
[SA20540] Chemical Directory Search Functionality Cross-Site Scripting
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2006-06-09
luny has reported a vulnerability in Chemical Directory, which can be
exploited by malicious people to conduct cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/20540/
--
[SA20539] Easy Ad-Manager "mbid" Parameter Cross-Site Scripting
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2006-06-09
luny has reported a vulnerability in Easy Ad-Manager, which can be
exploited by malicious people to conduct cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/20539/
--
[SA20538] ViArt Shop Free Cross-Site Scripting Vulnerabilities
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2006-06-09
John Cobb has discovered two vulnerabilities in ViArt Shop Free, which
can be exploited by malicious people to conduct cross-site scripting
attacks.
Full Advisory:
http://secunia.com/advisories/20538/
--
[SA20533] vSCAL / vsREAL Cross-Site Scripting Vulnerabilities
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2006-06-09
luny has reported two vulnerabilities in vSCAL and vsREAL, which can be
exploited by malicious people to conduct cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/20533/
--
[SA20530] Ez Ringtone Manager Cross-Site Scripting Vulnerabilities
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2006-06-09
luny has reported two vulnerabilities in Ez Ringtone Manager, which can
be exploited by malicious people to conduct cross-site scripting
attacks.
Full Advisory:
http://secunia.com/advisories/20530/
--
[SA20528] IntegraMOD "STYLE_URL" Parameter Cross-Site Scripting
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2006-06-09
ahwaz has discovered a vulnerability in IntegraMOD, which can be
exploited by malicious people to conduct cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/20528/
--
[SA20524] SHOUTcast Server DJ Script Insertion Vulnerabilities
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2006-06-09
UZUZZ has discovered some vulnerabilities in SHOUTcast, which can be
exploited by malicious users to conduct script insertion attacks.
Full Advisory:
http://secunia.com/advisories/20524/
--
[SA20579] DB2 Universal Database Multiple Denial of Service
Vulnerabilities
Critical: Less critical
Where: From local network
Impact: DoS
Released: 2006-06-14
Some vulnerabilities has been reported in DB2, which can be exploited
by malicious people and users to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/20579/
--
[SA20518] Sun Grid Engine CSP Mode Authentication Security Issue
Critical: Less critical
Where: Local system
Impact: Security Bypass
Released: 2006-06-08
A security issue has been reported in Sun Grid Engine, which can be
exploited by malicious, local users to bypass certain security
restrictions.
Full Advisory:
http://secunia.com/advisories/20518/
========================================================================
Secunia recommends that you verify all advisories you receive,
by clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only use
those supplied by the vendor.
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Subscribe:
http://secunia.com/secunia_weekly_summary/
Contact details:
Web : http://secunia.com/
E-mail : support at secunia.com
Tel : +45 70 20 51 44
Fax : +45 70 20 51 45
More information about the ISN
mailing list