[ISN] Secunia Weekly Summary - Issue: 2006-11

InfoSec News isn at c4i.org
Fri Mar 17 03:34:30 EST 2006


========================================================================

                  The Secunia Weekly Advisory Summary                  
                        2006-03-09 - 2006-03-16                        

                       This week : 56 advisories                       

========================================================================
Table of Contents:

1.....................................................Word From Secunia
2....................................................This Week In Brief
3...............................This Weeks Top Ten Most Read Advisories
4.......................................Vulnerabilities Summary Listing
5.......................................Vulnerabilities Content Listing

========================================================================
1) Word From Secunia:

The Secunia staff is spending hours every day to assure you the best
and most reliable source for vulnerability information. Every single 
vulnerability report is being validated and verified before a Secunia
advisory is written.

Secunia validates and verifies vulnerability reports in many different
ways e.g. by downloading the software and performing comprehensive
tests, by reviewing source code, or by validating the credibility of
the source from which the vulnerability report was issued.

As a result, Secunia's database is the most correct and complete source
for recent vulnerability information available on the Internet.

Secunia Online Vulnerability Database:
http://secunia.com/

========================================================================
2) This Week in Brief:

Again this week Apple has released a security update, which fixes
multiple vulnerabilities.

However, the "Extremely Critical" vulnerability released on the 21st
of February 2006 remains only partially fixed, due to the fact that it
is still possible to trick users into opening malicious shell scripts
(masqueraded as a safe file type) in ZIP archives.

You can test whether or not your system is affected by this
vulnerability here:
http://secunia.com/mac_os_x_command_execution_vulnerability_test/

For additional details about the other vulnerabilities fixed please
refer to SA19129, the first of the referenced Secunia advisories
below.

Details about the partial fixed vulnerability may be found in SA18963.

References:
http://secunia.com/SA19129
http://secunia.com/SA18963

-- 

Microsoft has released 2 security bulletins as part of their monthly
patch release cycle.

All users are advised to visit Windows Update and apply available
patches. For additional details about the issues corrected, please
refer to the referenced Secunia advisories below.

References:
http://secunia.com/SA19138
http://secunia.com/SA18756

-- 

Some vulnerabilities have been reported in Flash Player, which can be
exploited by malicious people to compromise a user's system.

See referenced Secunia advisory for a list of affected products as
well as links to updated versions.

Reference:
http://secunia.com/SA19218


VIRUS ALERTS:

Secunia has not issued any virus alerts during the week.

========================================================================
3) This Weeks Top Ten Most Read Advisories:

1.  [SA19218] Flash Player Unspecified Code Execution Vulnerabilities
2.  [SA19129] Mac OS X Security Update Fixes Multiple Vulnerabilities
3.  [SA19138] Microsoft Office Multiple Code Execution Vulnerabilities
4.  [SA19118] AVG Anti-Virus Updated Files Insecure File Permissions
5.  [SA18963] Mac OS X File Association Meta Data Shell Script
              Execution
6.  [SA19173] GnuPG Unsigned Data Injection Detection Vulnerability
7.  [SA19175] Gallery "stepOrder[]" Local File Inclusion Vulnerability
8.  [SA19189] Red Hat update for python
9.  [SA19064] Mac OS X Security Update Fixes Multiple Vulnerabilities
10. [SA19150] Kerio MailServer IMAP LOGIN Denial of Service
              Vulnerability

========================================================================
4) Vulnerabilities Summary Listing

Windows:
[SA19247] ASP Portal Cross-Site Scripting and SQL Injection
Vulnerabilities
[SA19191] Hosting Controller "search" Forum SQL Injection
[SA19229] Adobe Document/Graphics Server File URI Resource Access
[SA19238] Avaya Modular Messaging Windows Privilege Escalation Security
Issues
[SA19217] AntiVir PersonalEdition Update Report Privilege Escalation

UNIX/Linux:
[SA19237] CrossFire "SetUp()" Buffer Overflow Vulnerability
[SA19230] SGI Advanced Linux Environment Multiple Updates
[SA19226] Debian update for metamail
[SA19210] Debian update for bomberclone
[SA19199] Gentoo cube Buffer Overflow and Denial of Service
[SA19244] Fedora update for gnupg
[SA19241] Apache Log4net Denial of Service Vulnerability
[SA19236] Gentoo update for tar
[SA19234] Debian update for gnupg
[SA19232] Gentoo update for gnupg
[SA19228] Gentoo update for flex
[SA19227] Debian update for freeciv
[SA19203] Slackware update for gnupg
[SA19197] SUSE update for gpg
[SA19196] Trustix update for mailman
[SA19194] Debian update for crossfire
[SA19193] SCO OpenServer Updates for Multiple Packages
[SA19192] Debian update for ffmpeg
[SA19190] Red Hat update for kdegraphics
[SA19189] Red Hat update for python
[SA19240] Debian update for webcalendar
[SA19225] sa-exim "greylistclean.cron" File Deletion Vulnerability
[SA19221] glFTPd IP Address Check Bypass Vulnerability
[SA19211] CGI::Session Insecure Default Session File Permissions
[SA19205] Gentoo update for squirrelmail
[SA19187] Debian update for libcrypt-cbc-perl
[SA19239] Apache mod_python FileSession Handling Vulnerability
[SA19235] AIX "mklvcopy" Command Unspecified Vulnerability
[SA19220] Ubuntu update for kernel
[SA19200] Ubuntu Installer Log Files Exposure of User Credentials

Other:
[SA19233] Funkwerk X2300 ISAKMP IKE Message Processing Vulnerabilities

Cross Platform:
[SA19218] Flash Player Unspecified Code Execution Vulnerabilities
[SA19246] Horde "url" Disclosure of Sensitive Information
Vulnerability
[SA19245] Drupal Multiple Vulnerabilities
[SA19224] @1 File Store Script Insertion and SQL Injection
[SA19222] GuppY "pg" Arbitrary File Overwrite Vulnerability
[SA19219] Vegas Forum "postid" SQL Injection Vulnerability
[SA19215] Jupiter Content Manager "image" BBcode Script Insertion
[SA19214] Zeroboard Multiple Script Insertion Vulnerabilities
[SA19209] DSPoll "pollid" SQL Injection Vulnerability
[SA19208] ENet Library Two Denial of Service Vulnerabilities
[SA19207] DSNewsletter "email" SQL Injection Vulnerability
[SA19206] DSCounter "X-Forwarded-For" SQL Injection Vulnerability
[SA19202] DSDownload Multiple SQL Injection Vulnerabilities
[SA19201] DSLogin Multiple SQL Injection Vulnerabilities
[SA19195] PHP SimpleNEWS "admin" Authentication Bypass
[SA19216] vCard Cross-Site Scripting Vulnerabilities
[SA19212] GGZ Gaming Zone XML Handling Denial of Service
[SA19204] WMNews Cross-Site Scripting Vulnerabilities
[SA19188] UnrealIRCd Server Link TKL Command Denial of Service
[SA19186] DokuWiki Mediamanager EXIF Data Cross-Site Scripting
Vulnerability

========================================================================
5) Vulnerabilities Content Listing

Windows:--

[SA19247] ASP Portal Cross-Site Scripting and SQL Injection
Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting, Manipulation of data
Released:    2006-03-15

CodeScan Labs have reported some vulnerabilities in ASP Portal, which
can be exploited by malicious people to conduct cross-site scripting
and SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/19247/

 --

[SA19191] Hosting Controller "search" Forum SQL Injection

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2006-03-10

"nope" has discovered a vulnerability in Hosting Controller, which can
be exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/19191/

 --

[SA19229] Adobe Document/Graphics Server File URI Resource Access

Critical:    Moderately critical
Where:       From local network
Impact:      Manipulation of data, Exposure of sensitive information,
System access
Released:    2006-03-15

Secunia Research has discovered a vulnerability in Adobe Document
Server and Adobe Graphics Server, which can be exploited by malicious
people to gain knowledge of potentially sensitive information,
overwrite arbitrary files, or compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/19229/

 --

[SA19238] Avaya Modular Messaging Windows Privilege Escalation Security
Issues

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2006-03-15

Avaya has acknowledged some security issues in Avaya Modular Messaging,
which can be exploited by malicious, local users to gain escalated
privileges.

Full Advisory:
http://secunia.com/advisories/19238/

 --

[SA19217] AntiVir PersonalEdition Update Report Privilege Escalation

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2006-03-13

Ramon 'ports' Kukla has discovered a vulnerability in AntiVir
PersonalEdition Classic, which can be exploited by malicious, local
users to gain escalated privileges.

Full Advisory:
http://secunia.com/advisories/19217/


UNIX/Linux:--

[SA19237] CrossFire "SetUp()" Buffer Overflow Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2006-03-14

landser has discovered a vulnerability in CrossFire, which can be
exploited by malicious people to cause a DoS (Denial of Service) and
potentially to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/19237/

 --

[SA19230] SGI Advanced Linux Environment Multiple Updates

Critical:    Highly critical
Where:       From remote
Impact:      Cross Site Scripting, DoS, System access
Released:    2006-03-14

SGI has issued a patch for SGI Advanced Linux Environment. This fixes
some vulnerabilities and a weakness, which can be exploited by
malicious people to cause a DoS (Denial of Service), conduct cross-site
scripting attacks, and potentially to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/19230/

 --

[SA19226] Debian update for metamail

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2006-03-13

Debian has issued an update for metamail. This fixes a vulnerability,
which potentially can be exploited by malicious people to compromise a
user's system.

Full Advisory:
http://secunia.com/advisories/19226/

 --

[SA19210] Debian update for bomberclone

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2006-03-14

Debian has issued an update for bomberclone. This fixes a
vulnerability, which potentially can be exploited by malicious people
to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/19210/

 --

[SA19199] Gentoo cube Buffer Overflow and Denial of Service

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2006-03-13

Gentoo has acknowledged some vulnerabilities in cube, which can be
exploited by malicious people to cause a DoS (Denial of Service) and
potentially to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/19199/

 --

[SA19244] Fedora update for gnupg

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass
Released:    2006-03-14

Fedora has issued an update for gnupg. This fixes a vulnerability,
which can be exploited by malicious people to bypass certain security
restrictions.

Full Advisory:
http://secunia.com/advisories/19244/

 --

[SA19241] Apache Log4net Denial of Service Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2006-03-14

Sebastian Krahmer has reported a vulnerability in Log4net, which can be
exploited by malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/19241/

 --

[SA19236] Gentoo update for tar

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2006-03-13

Gentoo has issued an update for tar. This fixes a vulnerability, which
potentially can be exploited by malicious people to cause a DoS (Denial
of Service) and to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/19236/

 --

[SA19234] Debian update for gnupg

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass
Released:    2006-03-13

Debian has issued an update for gnupg. This fixes a vulnerability,
which can be exploited by malicious people to bypass certain security
restrictions.

Full Advisory:
http://secunia.com/advisories/19234/

 --

[SA19232] Gentoo update for gnupg

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass
Released:    2006-03-13

Gentoo has issued an update for gnupg. This fixes a vulnerability,
which can be exploited by malicious people to bypass certain security
restrictions.

Full Advisory:
http://secunia.com/advisories/19232/

 --

[SA19228] Gentoo update for flex

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2006-03-13

Gentoo has issued an update for flex. This fixes a vulnerability, which
potentially can be exploited by malicious people to compromise a user's
system.

Full Advisory:
http://secunia.com/advisories/19228/

 --

[SA19227] Debian update for freeciv

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2006-03-13

Debian has issued an update for freeciv. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/19227/

 --

[SA19203] Slackware update for gnupg

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass
Released:    2006-03-14

Slackware has issued an update for gnupg. This fixes a vulnerability
and a security issue, which can be exploited by malicious people to
bypass certain security restrictions.

Full Advisory:
http://secunia.com/advisories/19203/

 --

[SA19197] SUSE update for gpg

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass
Released:    2006-03-13

SUSE has issued an update for gpg. This fixes a vulnerability, which
can be exploited by malicious people to bypass certain security
restrictions.

Full Advisory:
http://secunia.com/advisories/19197/

 --

[SA19196] Trustix update for mailman

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2006-03-10

Trustix has issued an update for mailman. This fixes two
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/19196/

 --

[SA19194] Debian update for crossfire

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2006-03-15

Debian has issued an update for crossfire. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/19194/

 --

[SA19193] SCO OpenServer Updates for Multiple Packages

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2006-03-15

SCO has issued updates for multiple packages. These fix various
vulnerabilities, which can be exploited by malicious people to
potentially cause a DoS (Denial of Service) and to compromise a user's
system or vulnerable system.

Full Advisory:
http://secunia.com/advisories/19193/

 --

[SA19192] Debian update for ffmpeg

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2006-03-13

Debian has issued an update for ffmpeg. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service) and potentially to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/19192/

 --

[SA19190] Red Hat update for kdegraphics

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2006-03-10

Red Hat has issued an update for kdegraphics. This fixes a
vulnerability, which can be exploited by malicious people to cause a
DoS (Denial of Service) and potentially compromise a user's system.

Full Advisory:
http://secunia.com/advisories/19190/

 --

[SA19189] Red Hat update for python

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2006-03-10

Red Hat has issued an update for python. This fixes a vulnerability,
which potentially can be exploited by malicious people to compromise a
vulnerable system.

Full Advisory:
http://secunia.com/advisories/19189/

 --

[SA19240] Debian update for webcalendar

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting, Manipulation of data
Released:    2006-03-15

Debian has issued an update for webcalendar. This fixes some
vulnerabilities, which can be exploited by malicious users to
manipulate certain information and conduct SQL injection attacks, and
by malicious people to conduct HTTP response splitting attacks.

Full Advisory:
http://secunia.com/advisories/19240/

 --

[SA19225] sa-exim "greylistclean.cron" File Deletion Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Security Bypass
Released:    2006-03-13

Chris Morris has reported a vulnerability in sa-exim, which potentially
can be exploited by malicious people to bypass certain security
restrictions.

Full Advisory:
http://secunia.com/advisories/19225/

 --

[SA19221] glFTPd IP Address Check Bypass Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Security Bypass
Released:    2006-03-15

A vulnerability has been reported in glFTPd, which potentially can be
exploited by malicious users to bypass certain security restrictions.

Full Advisory:
http://secunia.com/advisories/19221/

 --

[SA19211] CGI::Session Insecure Default Session File Permissions

Critical:    Less critical
Where:       From remote
Impact:      Exposure of sensitive information
Released:    2006-03-13

Joey Hess has reported some security issues in CGI::Session, which
potentially can be exploited by malicious, local users and by malicious
people to disclose certain sensitive information.

Full Advisory:
http://secunia.com/advisories/19211/

 --

[SA19205] Gentoo update for squirrelmail

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting, Manipulation of data
Released:    2006-03-13

Gentoo has issued an update for squirrelmail. This fixes some
vulnerabilities, which can be exploited by malicious users to
manipulate certain information and by malicious people to conduct
cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/19205/

 --

[SA19187] Debian update for libcrypt-cbc-perl

Critical:    Less critical
Where:       From remote
Impact:      Security Bypass
Released:    2006-03-13

Debian has issued an update for libcrypt-cbc-perl. This fixes a
security issue, which can be exploited by malicious people to bypass
certain security restrictions.

Full Advisory:
http://secunia.com/advisories/19187/

 --

[SA19239] Apache mod_python FileSession Handling Vulnerability

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2006-03-14

A vulnerability has been reported in mod_python, which can be exploited
by malicious, local users to gain escalated privileges.

Full Advisory:
http://secunia.com/advisories/19239/

 --

[SA19235] AIX "mklvcopy" Command Unspecified Vulnerability

Critical:    Less critical
Where:       Local system
Impact:      Unknown
Released:    2006-03-15

A vulnerability has been reported in IBM AIX, which has an unknown
impact.

Full Advisory:
http://secunia.com/advisories/19235/

 --

[SA19220] Ubuntu update for kernel

Critical:    Less critical
Where:       Local system
Impact:      Exposure of sensitive information, DoS
Released:    2006-03-13

Ubuntu has issued an update for the kernel. This fixes some
vulnerabilities, which can be exploited by malicious, local users to
cause a DoS (Denial of Service) and gain knowledge of potentially
sensitive information.

Full Advisory:
http://secunia.com/advisories/19220/

 --

[SA19200] Ubuntu Installer Log Files Exposure of User Credentials

Critical:    Less critical
Where:       Local system
Impact:      Exposure of sensitive information
Released:    2006-03-13

Karl Øie has reported a security issue in Ubuntu, which can be
exploited by malicious, local users to disclose sensitive information.

Full Advisory:
http://secunia.com/advisories/19200/


Other:--

[SA19233] Funkwerk X2300 ISAKMP IKE Message Processing Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Unknown, DoS
Released:    2006-03-15

Some vulnerabilities have been reported in Funkwerk X2300, which
potentially can be exploited by malicious people to cause a DoS (Denial
of Service), and with an unknown impact.

Full Advisory:
http://secunia.com/advisories/19233/


Cross Platform:--

[SA19218] Flash Player Unspecified Code Execution Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2006-03-15

Some vulnerabilities have been reported in Flash Player, which can be
exploited by malicious people to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/19218/

 --

[SA19246] Horde "url" Disclosure of Sensitive Information
Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Exposure of sensitive information
Released:    2006-03-15

Paul Craig has discovered a vulnerability in Horde, which can be
exploited by malicious people to disclose sensitive information.

Full Advisory:
http://secunia.com/advisories/19246/

 --

[SA19245] Drupal Multiple Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Hijacking, Security Bypass, Cross Site Scripting,
Manipulation of data
Released:    2006-03-14

Some vulnerabilities have been reported in Drupal, which can be
exploited by malicious people to bypass certain security restrictions,
conduct cross-site scripting and session fixation attacks, and
manipulate outgoing mails.

Full Advisory:
http://secunia.com/advisories/19245/

 --

[SA19224] @1 File Store Script Insertion and SQL Injection

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting, Manipulation of data
Released:    2006-03-13

Aliaksandr Hartsuyeu has reported some vulnerabilities in @1 File
Store, which can be exploited by malicious people to conduct script
insertion and SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/19224/

 --

[SA19222] GuppY "pg" Arbitrary File Overwrite Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2006-03-13

trueend5 has reported a vulnerability in GuppY, which can be exploited
by malicious people to manipulate certain information.

Full Advisory:
http://secunia.com/advisories/19222/

 --

[SA19219] Vegas Forum "postid" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2006-03-14

Aliaksandr Hartsuyeu has reported a vulnerability in Vegas Forum, which
can be exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/19219/

 --

[SA19215] Jupiter Content Manager "image" BBcode Script Insertion

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2006-03-13

Nomenumbra/[0x4F4C] has discovered a vulnerability in Jupiter Content
Manager, which can be exploited by malicious people to conduct script
insertion attacks.

Full Advisory:
http://secunia.com/advisories/19215/

 --

[SA19214] Zeroboard Multiple Script Insertion Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2006-03-13

dong-houn yoU has reported some vulnerabilities in Zeroboard, which can
be exploited by malicious people to conduct script-insertion attacks.

Full Advisory:
http://secunia.com/advisories/19214/

 --

[SA19209] DSPoll "pollid" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2006-03-13

Aliaksandr Hartsuyeu has reported a vulnerability in DSPoll, which can
be exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/19209/

 --

[SA19208] ENet Library Two Denial of Service Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2006-03-13

Luigi Auriemma has reported two vulnerabilities in ENet Library, which
potentially can be exploited by malicious people to cause a DoS (Denial
of Service).

Full Advisory:
http://secunia.com/advisories/19208/

 --

[SA19207] DSNewsletter "email" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2006-03-13

Aliaksandr Hartsuyeu has reported a vulnerability in DSNewsletter,
which can be exploited by malicious people to conduct SQL injection
attacks.

Full Advisory:
http://secunia.com/advisories/19207/

 --

[SA19206] DSCounter "X-Forwarded-For" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2006-03-13

Aliaksandr Hartsuyeu has reported a vulnerability in DSCounter, which
can be exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/19206/

 --

[SA19202] DSDownload Multiple SQL Injection Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2006-03-13

Aliaksandr Hartsuyeu has discovered some vulnerabilities in DSDownload,
which can be exploited by malicious people to conduct SQL injection
attacks.

Full Advisory:
http://secunia.com/advisories/19202/

 --

[SA19201] DSLogin Multiple SQL Injection Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2006-03-14

Aliaksandr Hartsuyeu has discovered multiple vulnerabilities in
DSLogin, which can be exploited by malicious people to conduct SQL
injection attacks.

Full Advisory:
http://secunia.com/advisories/19201/

 --

[SA19195] PHP SimpleNEWS "admin" Authentication Bypass

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass
Released:    2006-03-10

Aliaksandr Hartsuyeu has reported a vulnerability in PHP SimpleNEWS and
PHP SimpleNEWS MySQL, which can be exploited by malicious people to
bypass certain security restrictions.

Full Advisory:
http://secunia.com/advisories/19195/

 --

[SA19216] vCard Cross-Site Scripting Vulnerabilities

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2006-03-13

Linux_Drox has reported some vulnerabilities in vCard, which can be
exploited by malicious people to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/19216/

 --

[SA19212] GGZ Gaming Zone XML Handling Denial of Service

Critical:    Less critical
Where:       From remote
Impact:      DoS
Released:    2006-03-13

Luigi Auriemma has reported a vulnerability in GGZ Gaming Zone, which
can be exploited by malicious people to cause a DoS.

Full Advisory:
http://secunia.com/advisories/19212/

 --

[SA19204] WMNews Cross-Site Scripting Vulnerabilities

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2006-03-13

R00T3RR0R has reported some vulnerabilities in WMNews, which can be
exploited by malicious people to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/19204/

 --

[SA19188] UnrealIRCd Server Link TKL Command Denial of Service

Critical:    Less critical
Where:       From remote
Impact:      DoS
Released:    2006-03-10

A vulnerability has been reported in UnrealIRCd, which can be exploited
by malicious users to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/19188/

 --

[SA19186] DokuWiki Mediamanager EXIF Data Cross-Site Scripting
Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2006-03-10

A vulnerability has been reported in DokuWiki, which potentially can be
exploited by malicious people to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/19186/



========================================================================

Secunia recommends that you verify all advisories you receive,
by clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only use
those supplied by the vendor.

Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/

Subscribe:
http://secunia.com/secunia_weekly_summary/

Contact details:
Web	: http://secunia.com/
E-mail	: support at secunia.com
Tel	: +45 70 20 51 44
Fax	: +45 70 20 51 45





More information about the ISN mailing list