Secunia Updates - October 2008 - KillaNet Community

	Advanced Search

Welcome to Omgili,
Omgili (Oh My God I Love It ;) is a search engine for discussions. With Omgili you can find answers and solutions, debates, discussions, personal experiences, opinions and more... To learn more about Omgili click here.

This is a complete preview of the discussion as it was indexed by Omgili crawlers. Use this preview if the original discussion is unavailable.
Click here to view the original discussion.


	Secunia Updates - October 2008 - KillaNet Community Secunia Vulnerabilities Content Listing for the week of October 2 2008 Windows:-- [SA32097] Trend Micro OfficeScan Multiple Vulnerabilities Critical: Moderately critical Where: From remote Impact: Exposure of sensitive information, DoS, System access Released: 2008-10-02 Some vulnerabilities have been reported in Trend Micro OfficeScan, which can be exploited by malicious people to disclose sensitive information, cause a DoS (Denial of Service), or compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/32097/ [SA32079] hyBook Guestbook Script "hyBook.mdb" Database Disclosure Security Issue Critical: Moderately critical Where: From remote Impact: Exposure of sensitive information Released: 2008-09-30 Ghost Hacker has discovered a security issue in hyBook Guestbook Script, which can be exploited by malicious people to disclose potentially sensitive information. Full Advisory: http://secunia.com/advisories/32079/ [SA32056] ASPapp Knowledge Base "catid" SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2008-10-01 Crackers_Child has reported a vulnerability in ASPapp Knowledge Base, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/32056/ [SA32055] RealWin INFOTAG/SET_CONTROL Packet Processing Buffer Overflow Critical: Moderately critical Where: From remote Impact: DoS, System access Released: 2008-09-29 Ruben Santamarta has discovered a vulnerability in RealWin, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/32055/ [SA32047] ABB PCU400 X87 Buffer Overflow Vulnerability Critical: Moderately critical Where: From local network Impact: DoS, System access Released: 2008-09-26 A vulnerability has been reported in ABB PCU400, which can potentially be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/32047/ [SA32062] MailMarshal SQM Component Script Insertion Vulnerability Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2008-09-30 A vulnerability has been reported in MailMarshal SMTP, which can be exploited by malicious users to conduct script insertion attacks. Full Advisory: http://secunia.com/advisories/32062/ [SA32061] HP Insight Diagnostics Unspecified File Disclosure Vulnerability Critical: Less critical Where: From local network Impact: Exposure of system information, Exposure of sensitive information Released: 2008-09-30 A vulnerability has been reported in HP Insight Diagnostics, which can be exploited by malicious people to disclose sensitive information. Full Advisory: http://secunia.com/advisories/32061/ -- [SA32040] Mozilla Firefox "keypress" User Interface Event Dispatching Weakness Critical: Not critical Where: From remote Impact: DoS Released: 2008-10-01 Aditya K Sood has discovered a weakness in Mozilla Firefox, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/32040/ UNIX/Linux:-- [SA32099] SUSE Update for Multiple Packages Critical: Highly critical Where: From remote Impact: Security Bypass, Exposure of sensitive information, Privilege escalation, DoS, System access Released: 2008-09-29 SUSE has issued an update for multiple packages. This fixes some vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service), disclose potentially sensitive information, or to gain escalated privileges, and by malicious people to bypass certain security restrictions, cause a DoS, or to compromise a user's system. Full Advisory: http://secunia.com/advisories/32099/ [SA32096] Fedora update for firefox Critical: Highly critical Where: From remote Impact: Security Bypass, Exposure of system information, Exposure of sensitive information, DoS, System access Released: 2008-09-29 Fedora has issued an update for firefox. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions, to disclose sensitive information, or to potentially compromise a user's system. Full Advisory: http://secunia.com/advisories/32096/ [SA32095] Fedora update for firefox and xulrunner Critical: Highly critical Where: From remote Impact: Security Bypass, Exposure of system information, Exposure of sensitive information, DoS, System access Released: 2008-09-29 Fedora has issued an update for firefox and xulrunner. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions, to disclose sensitive information, or to potentially compromise a user's system. Full Advisory: http://secunia.com/advisories/32095/ [SA32092] Red Hat update for thunderbird Critical: Highly critical Where: From remote Impact: Security Bypass, Exposure of system information, Exposure of sensitive information, DoS, System access Released: 2008-10-02 Red Hat has issued an update for thunderbird. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions, to disclose sensitive information, or to potentially compromise a user's system. Full Advisory: http://secunia.com/advisories/32092/ [SA32089] Fedora update for seamonkey Critical: Highly critical Where: From remote Impact: Security Bypass, Exposure of system information, Exposure of sensitive information, DoS, System access Released: 2008-09-29 Fedora has issued an update for seamonkey. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions, to disclose sensitive information, or to potentially compromise a user's system. Full Advisory: http://secunia.com/advisories/32089/ [SA32082] Slackware update for mozilla-thunderbird Critical: Highly critical Where: From remote Impact: Security Bypass, Exposure of system information, Exposure of sensitive information, DoS, System access Released: 2008-09-29 Slackware has issued an update for mozilla-thunderbird. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions, to disclose sensitive information, or to potentially compromise a user's system. Full Advisory: http://secunia.com/advisories/32082/ -- [SA32044] Slackware update for seamonkey Critical: Highly critical Where: From remote Impact: Security Bypass, Exposure of system information, Exposure of sensitive information, DoS, System access Released: 2008-09-26 Slackware has issued an update for seamonkey. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions, to disclose sensitive information, or to potentially compromise a user's system. Full Advisory: http://secunia.com/advisories/32044/ [SA32042] Slackware update for mozilla-firefox Critical: Highly critical Where: From remote Impact: Security Bypass, Exposure of system information, Exposure of sensitive information, DoS, System access Released: 2008-09-26 Slackware has issued an update for mozilla-firefox. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions, to disclose sensitive information, or to potentially compromise a user's system. Full Advisory: http://secunia.com/advisories/32042/ [SA32091] Red Hat update for wireshark Critical: Moderately critical Where: From remote Impact: DoS Released: 2008-10-02 Red Hat has issued an update for wireshark. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/32091/ [SA32090] Fedora update for rubygems / rubygem packages Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2008-09-29 Fedora has issued an update for rubygems, rubygem-activerecord, rubygem-activesupport, rubygem-activeresource, rubygem-rails, rubygem-actionpack, and rubygem-actionmailer. This fixes some vulnerabilities, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/32090/ [SA32080] Ubuntu update for openssh-server Critical: Moderately critical Where: From remote Impact: Security Bypass, DoS Released: 2008-10-02 Ubuntu has issued an update for openssh-server. This fixes a weakness and a vulnerability, which can be exploited by malicious local users to bypass certain security restrictions and by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/32080/ [SA32107] SUSE update for kernel Critical: Moderately critical Where: From local network Impact: Security Bypass, Exposure of sensitive information, DoS Released: 2008-10-02 SUSE has issued an update for the kernel. This fixes some vulnerabilities, which can be exploited by malicious, local users to disclose potentially sensitive information and cause a DoS (Denial of Service), and by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/32107/ [SA32104] SUSE update for kernel Critical: Moderately critical Where: From local network Impact: Exposure of sensitive information, DoS, System access Released: 2008-10-02 SUSE has issued an update for the kernel. This fixes some vulnerabilities, which can be exploited by malicious, local users to disclose potentially sensitive information and cause a DoS (Denial of Service), and by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/32104/ [SA32103] SUSE update for kernel Critical: Moderately critical Where: From local network Impact: DoS Released: 2008-10-02 SUSE has issued an update for the kernel. This fixes some vulnerabilities, which can be exploited by malicious, local users to disclose potentially sensitive information and cause a DoS (Denial of Service), and malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/32103/ [SA32070] OpenBSD ftpd Long Command Processing Vulnerability Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2008-09-29 Maksymilian Arciemowicz has reported a vulnerability in OpenBSD ftpd, which can be exploited by malicious people to conduct cross-site request forgery attacks. Full Advisory: http://secunia.com/advisories/32070/ [SA32068] NetBSD ftpd Long Command Processing Vulnerability Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2008-09-29 Maksymilian Arciemowicz has reported a vulnerability in NetBSD ftpd, which can be exploited by malicious people to conduct cross-site request forgery attacks. Full Advisory: http://secunia.com/advisories/32068/ [SA32059] Ubuntu update for nasm Critical: Less critical Where: From remote Impact: System access Released: 2008-10-01 Ubuntu has issued an update for nasm. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/32059/ [SA32112] FreeBSD IPv6 Neighbor Discovery Protocol Neighbor Solicitation Vulnerability Critical: Less critical Where: From local network Impact: Spoofing, Exposure of sensitive information, DoS Released: 2008-10-02 A vulnerability has been reported in FreeBSD, which can be exploited by malicious people to conduct spoofing attacks, disclose potentially sensitive information, or to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/32112/ [SA32088] Red Hat update for xen Critical: Less critical Where: Local system Impact: Security Bypass, DoS Released: 2008-10-02 Red Hat has issued an update for xen. This fixes some vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service) or bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/32088/ [SA32063] Xen DomU HVM Disk Format Security Bypass Critical: Less critical Where: Local system Impact: Security Bypass Released: 2008-10-02 A vulnerability has been reported in Xen, which can be exploited by malicious, local users in a DomU domain to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/32063/ [SA32110] Ubuntu update for openssh-server Critical: Not critical Where: Local system Impact: Security Bypass Released: 2008-10-02 Ubuntu has issued an update for openssh-server. This fixes a weakness, which can be exploited by malicious, local users to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/32110/ [SA32071] Fedora update for emacspeak Critical: Not critical Where: Local system Impact: Privilege escalation Released: 2008-10-01 Fedora has issued an update for emacspeak. This fixes some security issues, which can be exploited by malicious, local users to perform certain actions with escalated privileges. Full Advisory: http://secunia.com/advisories/32071/ [SA32064] Xen XenStore Domain Backend Configuration Weakness Critical: Not critical Where: Local system Impact: Security Bypass Released: 2008-10-01 A weakness has been reported in Xen, which can be exploited by malicious, local users in a Xen DomU to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/32064/ Other:-- [SA32078] Juniper NetScreen ScreenOS Script Insertion Vulnerability Critical: Moderately critical Where: From remote Impact: Cross Site Scripting Released: 2008-10-02 A vulnerability has been reported in Juniper NetScreen ScreenOS, which can be exploited by malicious people to conduct script insertion attacks. Full Advisory: http://secunia.com/advisories/32078/ [SA32117] Force10 FTOS Routers IPv6 Neighbor Discovery Protocol Vulnerability Critical: Less critical Where: From local network Impact: Spoofing, Exposure of sensitive information, DoS Released: 2008-10-02 A vulnerability has been reported in Force10 FTOS Routers, which can be exploited by malicious people to conduct spoofing attacks, disclose potentially sensitive information, or to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/32117/ Cross Platform:-- [SA32083] A4Desk PHP Event Calendar Multiple Vulnerabilities Critical: Highly critical Where: From remote Impact: System access Released: 2008-10-01 Some vulnerabilities have been reported in A4Desk PHP Event Calendar, which can be exploited by malicious people to conduct SQL injection attacks or compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/32083/ [SA32057] The Gemini Portal File Inclusion and Security Bypass Critical: Highly critical Where: From remote Impact: Security Bypass, Exposure of system information, Exposure of sensitive information, System access Released: 2008-09-30 Two vulnerabilities have been discovered in The Gemini Portal, which can be exploited by malicious people to disclose sensitive information, bypass certain security restrictions, and compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/32057/ -- [SA32045] MPlayer "demux_real_fill_buffer()" Buffer Overflow Vulnerabilities Critical: Highly critical Where: From remote Impact: DoS, System access Released: 2008-09-30 Some vulnerabilities have been reported in MPlayer, which potentially can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/32045/ [SA32077] Link Trader Script "linkid" SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Manipulation of data, Exposure of sensitive information Released: 2008-10-02 Hussin X has reported a vulnerability in Link Trader Script, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/32077/ [SA32076] phpscripts Ranking Script "admin" Cookie Security Bypass Critical: Moderately critical Where: From remote Impact: Security Bypass Released: 2008-10-02 Crackers_Child has reported a vulnerability in phpscripts Ranking Script, which can be exploited by malicious people to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/32076/ [SA32069] lighttpd Duplicate Request Headers Memory Leak Vulnerability Critical: Moderately critical Where: From remote Impact: DoS Released: 2008-09-29 A vulnerability has been reported in lighttpd, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/32069/ [SA32067] Adult Banner Exchange Website "targetid" SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2008-10-01 Hussin X has reported a vulnerability in Adult Banner Exchange Website, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/32067/ [SA32065] EC-CUBE Multiple Vulnerabilities Critical: Moderately critical Where: From remote Impact: Cross Site Scripting, Manipulation of data, Exposure of sensitive information Released: 2008-10-01 Multiple vulnerabilities have been reported in EC-CUBE, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks. Full Advisory: http://secunia.com/advisories/32065/ [SA32058] Crux Gallery Security Bypass and File Inclusion Vulnerabilities Critical: Moderately critical Where: From remote Impact: Security Bypass, Exposure of sensitive information Released: 2008-09-30 Pepelux has discovered some vulnerabilities in Crux Gallery, which can be exploited by malicious people to bypass certain security restrictions and disclose sensitive information. Full Advisory: http://secunia.com/advisories/32058/ [SA32054] vBulletin VBGooglemap Module "mapid" SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2008-09-29 elusiven has reported a vulnerability in the VBGooglemap module for vBulletin, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/32054/ [SA32052] FAQ Management Script "catid" SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Manipulation of data, Exposure of sensitive information Released: 2008-10-01 Hussin X has reported a vulnerability in FAQ Management Script, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/32052/ [SA32050] CoAST "sections_file" File Inclusion Vulnerability Critical: Moderately critical Where: From remote Impact: System access Released: 2008-09-29 DaRkLiFe has reported a vulnerability in CoAST, which can be exploited by malicious users to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/32050/ [SA32049] Real Estate Manager "cat_id" SQL Injection Critical: Moderately critical Where: From remote Impact: Manipulation of data, Exposure of sensitive information Released: 2008-09-30 CraCkEr has reported a vulnerability in Real Estate Manager, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/32049/ [SA32041] EasyRealtorPRO Multiple SQL Injection Vulnerabilities Critical: Moderately critical Where: From remote Impact: Manipulation of data, Exposure of sensitive information Released: 2008-09-26 David Sopas has reported some vulnerabilities in EasyRealtorPRO, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/32041/ [SA32108] Xerces-C++ "maxOccurs" Denial of Service Vulnerability Critical: Less critical Where: From remote Impact: DoS Released: 2008-10-02 A vulnerability has been reported in Xerces-C++, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/32108/ [SA32106] Drupal Brilliant Gallery Module SQL Injection and Script Insertion Critical: Less critical Where: From remote Impact: Cross Site Scripting, Manipulation of data, Privilege escalation Released: 2008-10-02 Two vulnerabilities have been reported in the Brilliant Gallery module for Drupal, which can be exploited by malicious users to conduct script insertion and SQL injection attacks. Full Advisory: http://secunia.com/advisories/32106/ [SA32101] OpenNMS "viewName" Cross-Site Scripting Vulnerability Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2008-10-02 A vulnerability has been reported in OpenNMS, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/32101/ [SA32087] WikyBlog Multiple Cross-Site Scripting Vulnerabilities Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2008-10-02 Omer Singer has discovered multiple vulnerabilities in WikyBlog, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/32087/ [SA32085] WhoDomLite "dom" Cross-Site Scripting Vulnerability Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2008-09-29 Ghost Hacker has discovered a vulnerability in WhoDomLite, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/32085/ [SA32081] Celoxis "ni.smessage" Cross-Site Scripting Vulnerability Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2008-10-02 teuquooch1seero at hushmail dot com has reported a vulnerability in Celoxis, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/32081/ [SA32074] Blosxom "flav" Cross-Site Scripting Vulnerability Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2008-10-02 A vulnerability has been reported in Blosxom, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/32074/ [SA32060] WordPress MU "s" and "ip_address" Cross-Site Scripting Vulnerabilities Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2008-09-30 Juan Galiana Lara has reported a vulnerability in Wordpress MU, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/32060/ [SA32043] FlatPress Multiple Cross-Site Scripting Vulnerabilities Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2008-09-26 Fabian Fingerle has discovered some vulnerabilities in FlatPress, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/32043/ [SA32039] MyCard "id" SQL Injection Vulnerability Critical: Less critical Where: From remote Impact: Manipulation of data Released: 2008-09-29 r45c4l has reported a vulnerability in MyCard, which can be exploited by malicious users to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/32039/ -- [SA32072] MySQL HTML Output Script Insertion Security Issue Critical: Not critical Where: From remote Impact: Cross Site Scripting Released: 2008-10-02 Thomas Henlich has reported a security issue in MySQL, which can be exploited by malicious people to conduct script insertion attacks. Full Advisory: http://secunia.com/advisories/32072/


	Secunia Vulnerabilities Content Listing for the week of October 9 2008 Windows:-- [SA32140] iseemedia LPViewer ActiveX Control Multiple Buffer Overflow Vulnerabilities Critical: Highly critical Where: From remote Impact: System access Released: 2008-10-07 Will Dormann has reported some vulnerabilities in the iseemedia LPViewer ActiveX control, which can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/32140/ -- [SA32206] Avaya IP Softphone H.323 Denial of Service Vulnerability Critical: Moderately critical Where: From remote Impact: DoS Released: 2008-10-09 A vulnerability has been reported in Avaya IP Softphone, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/32206/ -- [SA32205] Avaya one-X Desktop Edition SIP Denial of Service Vulnerability Critical: Moderately critical Where: From remote Impact: DoS Released: 2008-10-09 A vulnerability has been reported in Avaya one-X Desktop Edition, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/32205/ -- [SA32154] WinZip GDI+ Multiple Vulnerabilities Critical: Moderately critical Where: From remote Impact: DoS, System access Released: 2008-10-09 Some vulnerabilities have been reported in WinZip, which can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/32154/ -- [SA32150] Serv-U File Renaming Vulnerabilities and STOU Denial of Service Critical: Moderately critical Where: From remote Impact: DoS, System access Released: 2008-10-06 Some vulnerabilities have been reported in Serv-U, which can be exploited by malicious users to cause a DoS (Denial of Service) or compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/32150/ -- [SA32156] Kontiki Delivery Management System "action" Cross-Site Scripting Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2008-10-06 A vulnerability has been reported in Kontiki Delivery Management System, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/32156/ -- [SA32187] Cisco Unity Multiple Vulnerabilities Critical: Less critical Where: From local network Impact: Security Bypass, Exposure of sensitive information, DoS Released: 2008-10-09 Some vulnerabilities and a security issue have been reported in Cisco Unity, which can be exploited by malicious, local users to disclose potentially sensitive information, and by malicious people to bypass certain security restrictions and cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/32187/ -- [SA32207] Cisco Unity Script Insertion Vulnerability Critical: Not critical Where: From local network Impact: Cross Site Scripting Released: 2008-10-09 A vulnerability has been reported in Cisco Unity, which can be exploited by malicious users to conduct script insertion attacks. Full Advisory: http://secunia.com/advisories/32207/ UNIX/Linux:-- [SA32196] SUSE update for MozillaFirefox, MozillaThunderbird, seamonkey, and mozilla Critical: Highly critical Where: From remote Impact: Security Bypass, Exposure of system information, Exposure of sensitive information, DoS, System access Released: 2008-10-09 SUSE has issued an update for MozillaFirefox, MozillaThunderbird, seamonkey, and mozilla. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions, to disclose sensitive information, or to potentially compromise a user's system. Full Advisory: http://secunia.com/advisories/32196/ -- [SA32185] Debian update for iceweasel Critical: Highly critical Where: From remote Impact: Security Bypass, Exposure of system information, Exposure of sensitive information, DoS, System access Released: 2008-10-09 Debian has issued an update for iceweasel. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions, to disclose sensitive information, or to potentially compromise a user's system. Full Advisory: http://secunia.com/advisories/32185/ -- [SA32180] VMware ESX Server Sun Java JDK / JRE Multiple Vulnerabilities Critical: Highly critical Where: From remote Impact: Security Bypass, Exposure of system information, Exposure of sensitive information, DoS, System access Released: 2008-10-06 VMware has acknowledged some vulnerabilities in VMware ESX Server, which can be exploited by malicious people to bypass certain security restrictions, disclose system information or potentially sensitive information, cause a DoS (Denial of Service), or compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/32180/ -- [SA32153] Debian update for mplayer Critical: Highly critical Where: From remote Impact: DoS, System access Released: 2008-10-06 Debian has issued an update for mplayer. This fixes some vulnerabilities, which potentially can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/32153/ -- [SA32144] SUSE update for MozillaFirefox Critical: Highly critical Where: From remote Impact: Security Bypass, Exposure of system information, Exposure of sensitive information, DoS, System access Released: 2008-10-07 SUSE has issued an update for MozillaFirefox. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions, to disclose sensitive information, or to potentially compromise a user's system. Full Advisory: http://secunia.com/advisories/32144/ -- [SA32204] Avaya Communication Manager Arbitrary Command Execution Vulnerabilities Critical: Moderately critical Where: From remote Impact: System access Released: 2008-10-09 Two vulnerabilities have been reported in Avaya Communication Manager, which can be exploited by malicious users to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/32204/ -- [SA32193] Red Hat update for condor Critical: Moderately critical Where: From remote Impact: Security Bypass, DoS, System access Released: 2008-10-08 Red Hat has issued an update for condor. This fixes some vulnerabilities, which can be exploited by malicious users to bypass certain security restrictions, cause a DoS (Denial of Service), and potentially compromise a vulnerable system, and by malicious people to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/32193/ -- [SA32190] Red Hat update for kernel Critical: Moderately critical Where: From remote Impact: Exposure of sensitive information, DoS Released: 2008-10-08 Red Hat has issued an update for the kernel. This fixes some vulnerabilities, which can be exploited by malicious, local users to disclose potentially sensitive information and cause a DoS (Denial of Service) and malicious people to cause a DoS.. Full Advisory: http://secunia.com/advisories/32190/ -- [SA32189] Condor Multiple Vulnerabilities Critical: Moderately critical Where: From remote Impact: Security Bypass, DoS, System access Released: 2008-10-08 Some vulnerabilities have been reported Condor, which can be exploited by malicious users to bypass certain security restrictions, cause a DoS (Denial of Service), and potentially compromise a vulnerable system, and by malicious people to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/32189/ -- [SA32188] Avaya Products Wireshark Multiple Denial of Service Vulnerabilities Critical: Moderately critical Where: From remote Impact: DoS Released: 2008-10-09 Avaya has acknowledged some vulnerabilities in various Avaya products, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/32188/ -- [SA32184] Gentoo update for wordnet Critical: Moderately critical Where: From remote Impact: Privilege escalation, DoS, System access Released: 2008-10-08 Gentoo has issued an update for wordnet. This fixes some vulnerabilities, which can potentially be exploited by malicious, local users to gain escalated privileges, and by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/32184/ -- [SA32181] SUSE update for openssh Critical: Moderately critical Where: From remote Impact: DoS Released: 2008-10-07 SUSE has issued an update for openssh. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/32181/ -- [SA32175] Fedora update for libxml2 Critical: Moderately critical Where: From remote Impact: DoS Released: 2008-10-06 Fedora has issued an update for libxml2. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/32175/ -- [SA32151] SUSE update for dovecot and graphicsmagic Critical: Moderately critical Where: From remote Impact: Security Bypass, DoS Released: 2008-10-07 SUSE has issued an update for dovecot and graphicsmagic. This fixes a security issue and some vulnerabilities, which can be exploited by malicious users to bypass certain security restrictions and by malicious people to bypass certain security restrictions and cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/32151/ -- [SA32148] Debian update for php5 Critical: Moderately critical Where: From remote Impact: DoS, System access Released: 2008-10-07 Debian has issued an update for php5. This fixes some vulnerabilities, which can potentially be exploited by malicious people to cause a DoS (Denial of Service) or compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/32148/ -- [SA32136] Avaya AES LibTIFF LZW Decoder Buffer Underflow Vulnerability Critical: Moderately critical Where: From remote Impact: DoS, System access Released: 2008-10-09 Avaya has acknowledged a vulnerability in Avaya Application Enablement Services (AES), which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a user's system. Full Advisory: http://secunia.com/advisories/32136/ -- [SA32132] Debian update for lighttpd Critical: Moderately critical Where: From remote Impact: Security Bypass, Exposure of sensitive information, DoS Released: 2008-10-07 Debian has issued an update for lighttpd. This fixes a weakness and some vulnerabilities, which can be exploited by malicious people to disclose potentially sensitive information, bypass certain security restrictions, and cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/32132/ -- [SA32130] Libxml2 Predefined Entities Denial of Service Vulnerability Critical: Moderately critical Where: From remote Impact: DoS Released: 2008-10-03 A vulnerability has been reported in Libxml2, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/32130/ -- [SA32120] Red Hat update for tomcat Critical: Moderately critical Where: From remote Impact: Security Bypass, Cross Site Scripting, Exposure of system information, Exposure of sensitive information Released: 2008-10-03 Red Hat has issued an update for tomcat. This fixes some vulnerabilities, which can be exploited by malicious, local users to bypass certain security restrictions, malicious users to disclose potentially sensitive information, and by malicious people to conduct cross-site scripting attacks, bypass certain security restrictions, or disclose sensitive information. Full Advisory: http://secunia.com/advisories/32120/ -- [SA32182] SUSE update for mercurial Critical: Less critical Where: From remote Impact: Security Bypass Released: 2008-10-07 SUSE has issued an update for mercurial. This fixes a vulnerability, which can be exploited by malicious people to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/32182/ -- [SA32168] AmpJuke "special" SQL Injection Vulnerability Critical: Less critical Where: From remote Impact: Manipulation of data Released: 2008-10-06 S_DLA_S has discovered a vulnerability in AmpJuke, which can be exploited by malicious users to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/32168/ -- [SA32164] Dovecot ACL Plugin Security Bypass Security Issues Critical: Less critical Where: From remote Impact: Security Bypass Released: 2008-10-06 Two security issues have been reported in Dovecot, which can be exploited by malicious users to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/32164/ -- [SA32128] Fedora update for mediawiki Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2008-10-07 Fedora has issued an update for mediawiki. This fixes a vulnerability, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/32128/ -- [SA32161] HP-UX NFS/ONCplus Denial of Service Vulnerability Critical: Less critical Where: From local network Impact: DoS Released: 2008-10-07 A vulnerability has been reported in HP-UX, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/32161/ -- [SA32133] OpenBSD IPv6 Neighbor Discovery Protocol Neighbor Solicitation Vulnerability Critical: Less critical Where: From local network Impact: Spoofing, Exposure of sensitive information, DoS Released: 2008-10-03 A vulnerability has been reported in OpenBSD, which can be exploited by malicious people to conduct spoofing attacks, disclose potentially sensitive information, or to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/32133/ -- [SA32174] Fedora update for pam_krb5 Critical: Less critical Where: Local system Impact: Security Bypass Released: 2008-10-06 Fedora has issued an update for pam_krb5. This fixes a security issue, which can be exploited by malicious, local users to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/32174/ -- [SA32170] FreeRADIUS "dialup_admin" Insecure Temporary Files Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2008-10-08 Some vulnerabilities have been reported in FreeRADIUS, which can be exploited by malicious, local users to perform certain actions with escalated privileges. Full Advisory: http://secunia.com/advisories/32170/ -- [SA32155] Debian update for feta Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2008-10-06 Debian has issued an update for feta. This fixes a security issue, which can be exploited by malicious, local users to perform certain actions with escalated privileges. Full Advisory: http://secunia.com/advisories/32155/ -- [SA32135] Red Hat update for pam_krb5 Critical: Less critical Where: Local system Impact: Security Bypass Released: 2008-10-03 Red Hat has issued an update for pam_krb5. This fixes a security issue, which can be exploited by malicious, local users to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/32135/ -- [SA32124] Linux Kernel "vmi_write_ldt_entry()" Privilege Escalation Critical: Less critical Where: Local system Impact: Privilege escalation, DoS Released: 2008-10-03 Eugene Teo has reported a vulnerability in the Linux Kernel, which can be exploited by malicious, local users in a VMI guest to cause a DoS (Denial of Service) and potentially gain escalated privileges. Full Advisory: http://secunia.com/advisories/32124/ -- [SA32119] pam_krb5 Credential Cache "exisiting_ticket" Security Bypass Critical: Less critical Where: Local system Impact: Security Bypass Released: 2008-10-03 A security issue has been reported in pam_krb5, which can be exploited by malicious, local users to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/32119/ -- [SA32127] D-Bus "_dbus_validate_signature_with_reason()" Denial of Service Critical: Not critical Where: Local system Impact: DoS Released: 2008-10-07 A weakness has been reported in D-Bus, which can be exploited by malicious, local users to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/32127/ -- [SA32125] Avaya CMS Solaris ACL for UFS File Systems Local Denial of Service Critical: Not critical Where: Local system Impact: DoS Released: 2008-10-03 Avaya has acknowledged a vulnerability in Avaya CMS, which can be exploited by malicious, local users to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/32125/ Other:-- [SA32121] Apple TV Multiple Vulnerabilities Critical: Highly critical Where: From remote Impact: System access Released: 2008-10-03 Some vulnerabilities have been reported in Apple TV, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/32121/ -- [SA32122] Blue Coat SGOS ICAP Patience Page Cross-Site Scripting Vulnerability Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2008-10-03 Juan Pablo Lopez Yacubian has reported a vulnerability in Blue Coat Security Gateway OS (SGOS), which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/32122/ -- [SA32203] Nortel Multimedia Communication Server 5100 Multiple Vulnerabilities Critical: Less critical Where: From local network Impact: Security Bypass, Spoofing, DoS Released: 2008-10-09 Some vulnerabilities have been reported in Nortel Multimedia Communication Server 5100, which can be exploited by malicious people to bypass certain security restrictions, conduct spoofing attacks, or cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/32203/ Cross Platform:-- [SA32179] VMware VirtualCenter Multiple Vulnerabilities Critical: Highly critical Where: From remote Impact: Security Bypass, Exposure of system information, Exposure of sensitive information, DoS, System access Released: 2008-10-06 VMware has acknowledged a weakness and some vulnerabilities in VMware VirtualCenter, which can be exploited by malicious, local users to disclose sensitive information, and by malicious people to bypass certain security restrictions, disclose system information or potentially sensitive information, cause a DoS (Denial of Service), or compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/32179/ -- [SA32177] Opera Multiple Vulnerabilities Critical: Highly critical Where: From remote Impact: Security Bypass, Exposure of system information, Exposure of sensitive information, DoS, System access Released: 2008-10-08 Some vulnerabilities have been reported in Opera, which can be exploited by malicious people to bypass certain security restrictions, disclose potentially sensitive information, or potentially compromise a user's system. Full Advisory: http://secunia.com/advisories/32177/ -- [SA32198] Drupal Attach File Security Bypass Vulnerability Critical: Moderately critical Where: From remote Impact: Security Bypass, Manipulation of data Released: 2008-10-09 A vulnerability has been reported in Drupal, which can be exploited by malicious people to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/32198/ -- [SA32195] Drupal Multiple Modules Security Bypass Vulnerability Critical: Moderately critical Where: From remote Impact: Security Bypass, Exposure of sensitive information Released: 2008-10-09 A vulnerability has been reported in various modules for Drupal, which can be exploited by malicious people to bypass certain security restrictions or disclose sensitive information. Full Advisory: http://secunia.com/advisories/32195/ -- [SA32194] Drupal EveryBlog Module Multiple Vulnerabilities Critical: Moderately critical Where: From remote Impact: Security Bypass, Cross Site Scripting, Manipulation of data, Privilege escalation Released: 2008-10-09 Some vulnerabilities have been reported in the EveryBlog module for Drupal, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks, bypass certain security restrictions, and gain escalated privileges. Full Advisory: http://secunia.com/advisories/32194/ -- [SA32191] Drupal SIOC Module Security Bypass Vulnerability Critical: Moderately critical Where: From remote Impact: Security Bypass, Exposure of sensitive information Released: 2008-10-09 A vulnerability has been reported in the SIOC (Semantically-Interconnected Online Communities) module for Drupal, which can be exploited by malicious people to bypass certain security restrictions and disclose sensitive information. Full Advisory: http://secunia.com/advisories/32191/ -- [SA32186] Graphviz "push_subg" Buffer Overflow Vulnerability Critical: Moderately critical Where: From remote Impact: System access Released: 2008-10-09 Roee Hay has discovered a vulnerability in Graphviz, which can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/32186/ -- [SA32171] AdaptCMS "user_name" SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2008-10-06 A vulnerability has been reported in AdaptCMS, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/32171/ -- [SA32169] CMME Information Disclosure Security Issues Critical: Moderately critical Where: From remote Impact: Exposure of sensitive information Released: 2008-10-07 AmnPardaz Security Research & Penetration Testing Group has discovered some security issues in CMME, which can be exploited by malicious people to disclose sensitive information. Full Advisory: http://secunia.com/advisories/32169/ -- [SA32162] Hispah Text Links Ads "idcat" / "idtl" SQL Injection Vulnerabilities Critical: Moderately critical Where: From remote Impact: Manipulation of data, Exposure of sensitive information Released: 2008-10-09 Some vulnerabilities have been reported in Hispah Text Links Ads, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/32162/ -- [SA32160] AdMan "campaignId" SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Manipulation of data, Exposure of sensitive information Released: 2008-10-09 SuB-ZeRo has reported a vulnerability in AdMan, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/32160/ -- [SA32159] YaCy Unspecified Vulnerabilities Critical: Moderately critical Where: From remote Impact: Unknown Released: 2008-10-09 Some vulnerabilities with unknown impacts have been reported in YaCy. Full Advisory: http://secunia.com/advisories/32159/ -- [SA32158] WebBiscuits FAQ Support "download" File Disclosure Vulnerability Critical: Moderately critical Where: From remote Impact: Exposure of sensitive information Released: 2008-10-09 Gold_M has discovered a vulnerability in WebBiscuits FAQ Support, which can be exploited by malicious people to disclose sensitive information. Full Advisory: http://secunia.com/advisories/32158/ -- [SA32149] PHP Realtor "v_cat" SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Manipulation of data, Exposure of sensitive information Released: 2008-10-08 Mr.SQL has discovered a vulnerability in PHP Realtor, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/32149/ -- [SA32147] PHP Auto Dealer "v_cat" SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Manipulation of data, Exposure of sensitive information Released: 2008-10-08 Mr.SQL has reported a vulnerability in PHP Auto Dealer, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/32147/ -- [SA32145] Kwalbum "UploaditemsPage.php" File Upload Vulnerability Critical: Moderately critical Where: From remote Impact: System access Released: 2008-10-07 A vulnerability has been discovered in Kwalbum, which can be exploited by malicious users to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/32145/ -- [SA32141] JMweb MP3 Script "src" File Inclusion Vulnerabilities Critical: Moderately critical Where: From remote Impact: Exposure of sensitive information Released: 2008-10-06 SirGod has discovered some vulnerabilities in JMweb MP3 Music Audio Search and Download Script, which can be exploited by malicious people to disclose sensitive information. Full Advisory: http://secunia.com/advisories/32141/ -- [SA32139] PHP Autos "catid" SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Manipulation of data, Exposure of sensitive information Released: 2008-10-08 Mr.SQL has reported a vulnerability in PHP Autos, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/32139/ -- [SA32126] Fastpublish CMS Multiple Vulnerabilities Critical: Moderately critical Where: From remote Impact: Manipulation of data, Exposure of sensitive information Released: 2008-10-06 Multiple vulnerabilities have been discovered in Fastpublish CMS, which can be exploited by malicious people to conduct SQL injection attacks and gain knowledge of sensitive information. Full Advisory: http://secunia.com/advisories/32126/ -- [SA32201] Drupal User and BlogAPI Security Bypass Vulnerabilities Critical: Less critical Where: From remote Impact: Security Bypass, Manipulation of data Released: 2008-10-09 Two vulnerabilities have been reported in Drupal, which can be exploited by malicious users to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/32201/ -- [SA32200] Drupal Upload and Node Module API Security Bypass Critical: Less critical Where: From remote Impact: Security Bypass, Exposure of sensitive information Released: 2008-10-09 Two vulnerabilities have been reported in Drupal, which can be exploited by malicious people and users to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/32200/ -- [SA32199] HP System Management Homepage Unspecified Cross Site Scripting Vulnerability Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2008-10-09 A vulnerability has been reported in HP System Management Homepage (SMH), which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/32199/ -- [SA32176] Website Directory "keyword" Cross-Site Scripting Vulnerability Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2008-10-06 Ghost Hacker has reported a vulnerability in Website Directory, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/32176/ -- [SA32172] WOW Raid Manager Unspecified Cross-Site Scripting Vulnerability Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2008-10-09 A vulnerability has been reported in WOW Raid Manager, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/32172/ -- [SA32167] vbDrupal Multiple Security Bypass Vulnerabilities Critical: Less critical Where: From remote Impact: Security Bypass, Manipulation of data, Exposure of sensitive information Released: 2008-10-09 Some vulnerabilities have been reported in vbDrupal, which can be exploited by malicious people and users to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/32167/ -- [SA32163] Adobe Flash Player "Clickjacking" Security Bypass Vulnerability Critical: Less critical Where: From remote Impact: Security Bypass, Exposure of sensitive information Released: 2008-10-08 A vulnerability has been reported in Adobe Flash Player, which can be exploited by malicious people to bypass certain security restrictions and disclose potentially sensitive information. Full Advisory: http://secunia.com/advisories/32163/ -- [SA32146] ModSecurity "SecCacheTransformations" Vulnerability Critical: Less critical Where: From remote Impact: Security Bypass Released: 2008-10-09 A vulnerability has been reported in ModSecurity, which potentially can be exploited by malicious people to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/32146/ -- [SA32134] XAMPP adodb.php Cross-Site Scripting Vulnerabilities Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2008-10-03 Jaykishan Nirmal has discovered some vulnerabilities in XAMPP, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/32134/ -- [SA32131] MediaWiki "useskin" Cross-Site Scripting Vulnerability Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2008-10-03 A vulnerability has been reported in MediaWiki, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/32131/ [SA32123] Nucleus EUC-JP Cross-Site Scripting Vulnerability Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2008-10-06 A vulnerability has been reported in Nucleus EUC-JP, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/32123/ [SA32157] VMware ESX / ESXi "JMP" Privilege Escalation Vulnerability Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2008-10-06 A vulnerability has been reported in VMware ESX / ESXi, which can be exploited by malicious, local users to gain escalated privileges. Full Advisory: http://secunia.com/advisories/32157/


	Secunia Vulnerabilities Content Listing for the week of October 16 2008 Windows:-- [SA32248] Microsoft Windows IIS IPP Service Integer Overflow Vulnerability Critical: Highly critical Where: From remote Impact: System access Released: 2008-10-14 A vulnerability has been reported in Microsoft Windows, which can be exploited by malicious users to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/32248/ -- [SA32246] Adobe Flash CS3 SWF Processing Buffer Overflow Vulnerabilities Critical: Highly critical Where: From remote Impact: DoS, System access Released: 2008-10-16 Some vulnerabilities have been reported in Adobe Flash CS3, which potentially can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/32246/ -- [SA32236] System Requirements Lab ActiveX Control Code Execution Vulnerability Critical: Highly critical Where: From remote Impact: System access Released: 2008-10-16 A vulnerability has been reported in the System Requirements Lab ActiveX control, which can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/32236/ -- [SA32211] Microsoft Excel Multiple Vulnerabilities Critical: Highly critical Where: From remote Impact: System access Released: 2008-10-14 Some vulnerabilities have been reported in Microsoft Excel, which can be exploited by malicious people to potentially compromise a user's system. Full Advisory: http://secunia.com/advisories/32211/ -- [SA32244] Ayco Okul "linkid" SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Manipulation of data, Exposure of sensitive information Released: 2008-10-13 Crackers_Child has reported a vulnerability in Ayco Okul, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/32244/ -- [SA32238] MunzurSoft Wep Portal W3 "kat" SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Manipulation of data, Exposure of sensitive information Released: 2008-10-13 LUPUS has reported a vulnerability in MunzurSoft Wep Portal W3, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/32238/ -- [SA32218] GuildFTPd "LIST" Processing Buffer Overflow Vulnerability Critical: Moderately critical Where: From remote Impact: DoS, System access Released: 2008-10-13 dmnt has discovered a vulnerability in GuildFTPd, which can be exploited by malicious users to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/32218/ -- [SA32216] RaidenFTPD Directory Name Buffer Overflow Vulnerability Critical: Moderately critical Where: From remote Impact: DoS, System access Released: 2008-10-14 dmnt has discovered a vulnerability in RaidenFTPD, which can be exploited by malicious users to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/32216/ -- [SA32260] Microsoft Windows 2000 Message Queuing Service Vulnerability Critical: Moderately critical Where: From local network Impact: System access Released: 2008-10-14 A vulnerability has been reported in Microsoft Windows 2000, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/32260/ -- [SA32249] Microsoft Windows SMB Buffer Underflow Vulnerability Critical: Moderately critical Where: From local network Impact: System access Released: 2008-10-14 A vulnerability has been reported in Microsoft Windows, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/32249/ -- [SA32242] Microsoft Windows Active Directory Buffer Overflow Vulnerability Critical: Moderately critical Where: From local network Impact: System access Released: 2008-10-14 A vulnerability has been reported in Microsoft Windows, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/32242/ -- [SA32233] Microsoft Host Integration Server SNA RPC Vulnerability Critical: Moderately critical Where: From local network Impact: Security Bypass, System access Released: 2008-10-14 A vulnerability has been reported in Microsoft Host Integration Server, which can be exploited by malicious people to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/32233/ -- [SA32220] CA ARCserve Backup Multiple Vulnerabilities Critical: Moderately critical Where: From local network Impact: DoS, System access Released: 2008-10-10 Some vulnerabilities have been reported in CA ARCserve Backup, which can be exploited by malicious people to cause a DoS (Denial of Service) or to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/32220/ -- [SA32264] Websense SQL Password Disclosure Security Issue Critical: Less critical Where: Local system Impact: Exposure of sensitive information Released: 2008-10-14 Eric Beaulieu has reported a security issue in Websense, which can be exploited by malicious, local users to disclose sensitive information. Full Advisory: http://secunia.com/advisories/32264/ -- [SA32261] Microsoft Windows Ancillary Function Driver Privilege Escalation Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2008-10-14 A vulnerability has been reported in Microsoft Windows, which can be exploited by malicious, local users to gain escalated privileges. Full Advisory: http://secunia.com/advisories/32261/ -- [SA32252] Lenovo Rescue and Recovery "tvtumon.sys" Privilege Escalation Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2008-10-14 A vulnerability has been reported in Lenovo Rescue and Recovery, which potentially can be exploited by malicious, local users to gain escalated privileges. Full Advisory: http://secunia.com/advisories/32252/ -- [SA32251] Microsoft Windows Virtual Address Descriptor Privilege Escalation Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2008-10-14 A vulnerability has been reported in Microsoft Windows, which can be exploited by malicious, local users to gain escalated privileges. Full Advisory: http://secunia.com/advisories/32251/ -- [SA32247] Microsoft Windows Privilege Escalation Vulnerabilities Critical: Less critical Where: Local system Impact: Privilege escalation, DoS Released: 2008-10-14 Some vulnerabilities have been reported in Microsoft Windows, which can be exploited by malicious, local users to cause a DoS (Denial of Service) or gain escalated privileges. Full Advisory: http://secunia.com/advisories/32247/ UNIX/Linux:-- [SA32282] Ubuntu update for lcms Critical: Moderately critical Where: From remote Impact: System access Released: 2008-10-15 Ubuntu has issued an update for lcms. This fixes a vulnerability, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/32282/ -- [SA32280] Debian update for libxml2 Critical: Moderately critical Where: From remote Impact: DoS, System access Released: 2008-10-15 Debian has issued an update for libxml2. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise an application using the library. Full Advisory: http://secunia.com/advisories/32280/ -- [SA32275] Fedora update for drupal Critical: Moderately critical Where: From remote Impact: Security Bypass, Manipulation of data, Exposure of sensitive information Released: 2008-10-16 Fedora has issued an update for drupal. This fixes some vulnerabilities, which can be exploited by malicious users and malicious people to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/32275/ -- [SA32274] Ubuntu update for libexif Critical: Moderately critical Where: From remote Impact: DoS, System access Released: 2008-10-15 Ubuntu has issued an update for libexif. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) or compromise an application using the library. Full Advisory: http://secunia.com/advisories/32274/ -- [SA32273] Ubuntu update for exiv2 Critical: Moderately critical Where: From remote Impact: DoS, System access Released: 2008-10-15 Ubuntu has issued an update for exiv2. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise an application using the library. Full Advisory: http://secunia.com/advisories/32273/ -- [SA32266] Avaya AES / MX Apache Tomcat Multiple Vulnerabilities Critical: Moderately critical Where: From remote Impact: Security Bypass, Cross Site Scripting, Exposure of system information, Exposure of sensitive information Released: 2008-10-14 Avaya has acknowledged some vulnerabilities in Avaya AES / MX, which can be exploited by malicious, local users to bypass certain security restrictions, by malicious users to disclose potentially sensitive information, and by malicious people to conduct cross-site scripting attacks, bypass certain security restrictions, or disclose sensitive information. Full Advisory: http://secunia.com/advisories/32266/ -- [SA32265] Avaya Products libxml2 XML Entity Name Buffer Overflow Vulnerability Critical: Moderately critical Where: From remote Impact: DoS, System access Released: 2008-10-14 Avaya has acknowledged a vulnerability in various Avaya products, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise an application using the library. Full Advisory: http://secunia.com/advisories/32265/ -- [SA32263] Avaya Products vsftpd PAM Memory Leak Vulnerability Critical: Moderately critical Where: From remote Impact: DoS Released: 2008-10-14 Avaya has acknowledged a vulnerability in various Avaya products, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/32263/ -- [SA32256] Debian update for ruby1.8 Critical: Moderately critical Where: From remote Impact: Security Bypass, DoS Released: 2008-10-13 Debian has issued an update for ruby1.8. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions or cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/32256/ -- [SA32255] Debian update for ruby1.9 Critical: Moderately critical Where: From remote Impact: Security Bypass, DoS Released: 2008-10-13 Debian has issued an update for ruby1.9. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions or cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/32255/ -- [SA32241] Avaya Products Red Hat Tampered OpenSSH Packages Critical: Moderately critical Where: From remote Impact: Unknown Released: 2008-10-14 Avaya has acknowledged that a small number of OpenSSH packages have been tampered with. Full Advisory: http://secunia.com/advisories/32241/ -- [SA32232] Fedora update for condor Critical: Moderately critical Where: From remote Impact: Security Bypass, DoS, System access Released: 2008-10-10 Fedora has issued an update for condor. This fixes some vulnerabilities, which can be exploited by malicious users to bypass certain security restrictions, cause a DoS (Denial of Service), and potentially compromise a vulnerable system, and by malicious people to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/32232/ -- [SA32222] Apple Mac OS X Security Update Fixes Multiple Vulnerabilities Critical: Moderately critical Where: From remote Impact: Security Bypass, Cross Site Scripting, Manipulation of data, Exposure of system information, Exposure of sensitive information, Privilege escalation, DoS, System access Released: 2008-10-10 Apple has issued a security update for Mac OS X, which fixes multiple vulnerabilities. Full Advisory: http://secunia.com/advisories/32222/ -- [SA32219] Ubuntu update for ruby1.8 Critical: Moderately critical Where: From remote Impact: Security Bypass, Spoofing, DoS Released: 2008-10-10 Ubuntu has issued an update for ruby1.8. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions, cause a DoS (Denial of Service), and conduct spoofing attacks. Full Advisory: http://secunia.com/advisories/32219/ -- [SA32217] GForge Multiple SQL Injection Vulnerabilities Critical: Moderately critical Where: From remote Impact: Manipulation of data, Exposure of sensitive information Released: 2008-10-13 Some vulnerabilities have been reported in Gforge, which can be exploited by malicious people and users to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/32217/ -- [SA32292] Ubuntu update for cups Critical: Moderately critical Where: From local network Impact: DoS, System access Released: 2008-10-16 Ubuntu has issued an update for cups. This fixes some vulnerabilities, which potentially can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/32292/ -- [SA32284] Fedora update for cups Critical: Moderately critical Where: From local network Impact: DoS, System access Released: 2008-10-16 Fedora has issued an update for cups. This fixes some vulnerabilities, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/32284/ -- [SA32283] Sun Solaris "sadmind" Buffer Overflow Vulnerability Critical: Moderately critical Where: From local network Impact: System access Released: 2008-10-15 Adriano Lima has reported a vulnerability in Sun Solaris, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/32283/ -- [SA32279] Fedora update for bluez-utils and bluez-libs Critical: Moderately critical Where: From local network Impact: DoS, System access Released: 2008-10-16 Fedora has issued an update for bluez-utils and bluez-libs. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) or to potentially compromise a user's system. Full Advisory: http://secunia.com/advisories/32279/ -- [SA32226] CUPS Multiple Vulnerabilities Critical: Moderately critical Where: From local network Impact: DoS, System access Released: 2008-10-10 Some vulnerabilities have been reported in CUPS, which potentially can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/32226/ -- [SA32286] Fedora update for neon Critical: Less critical Where: From remote Impact: DoS Released: 2008-10-16 Fedora has issued an update for neon. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/32286/ -- [SA32254] Debian update for openldap Critical: Less critical Where: From local network Impact: DoS Released: 2008-10-13 Debian has issued an update for openldap. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/32254/ -- [SA32281] Ubuntu update for dbus Critical: Less critical Where: Local system Impact: Security Bypass, DoS Released: 2008-10-15 Ubuntu has issued an update for dbus. This fixes a weakness and a security issue, which can be exploited by malicious, local users to cause a DoS (Denial of Service) and bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/32281/ -- [SA32237] Debian update for linux-2.6 Critical: Less critical Where: Local system Impact: Privilege escalation, DoS Released: 2008-10-14 Debian has issued an update for linux-2.6. This fixes some vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service) and gain escalated privileges. Full Advisory: http://secunia.com/advisories/32237/ -- [SA32231] Fedora update for postfix Critical: Less critical Where: Local system Impact: Exposure of sensitive information, Privilege escalation, DoS Released: 2008-10-10 Fedora has issued an update for postfix. This fixes some security issues, which can be exploited by malicious, local users to disclose potentially sensitive information, cause a DoS (Denial of Service), and perform certain actions with escalated privileges. Full Advisory: http://secunia.com/advisories/32231/ -- [SA32257] chm2pdf Insecure Temporary Directories Critical: Not critical Where: Local system Impact: Privilege escalation, DoS Released: 2008-10-13 A security issue has been reported in chm2pdf, which can be exploited by malicious, local users to perform certain actions with escalated privileges or to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/32257/ -- [SA32230] Fedora update for dbus Critical: Not critical Where: Local system Impact: DoS Released: 2008-10-10 Fedora has issued an update for dbus. This fixes a weakness, which can be exploited by malicious, local users to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/32230/ -- [SA32228] Gentoo Portage Insecure Python Module Search Path Security Issue Critical: Not critical Where: Local system Impact: Privilege escalation Released: 2008-10-10 Gentoo has acknowledged a security issue in portage, which can be exploited by malicious, local users to gain escalated privileges. Full Advisory: http://secunia.com/advisories/32228/ Other:-- [SA32259] Linksys WAP4400N Denial of Service and SNMPv3 Vulnerability Critical: Moderately critical Where: From remote Impact: Unknown, DoS Released: 2008-10-14 Some vulnerabilities have been reported in Linksys WAP4400N, where one has unknown impacts and the other can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/32259/ -- [SA32258] Telecom Italia Alice Routers Magic Packet Security Bypass Critical: Less critical Where: From local network Impact: Security Bypass Released: 2008-10-16 saxdax and drpepperONE have reported a vulnerability in various Telecom Italia Alice routers, which can be exploited by malicious people to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/32258/ Cross Platform:-- [SA32301] BEA WebLogic Server Multiple Vulnerabilities Critical: Highly critical Where: From remote Impact: Security Bypass, DoS, System access Released: 2008-10-15 Some vulnerabilities have been reported in BEA WebLogic Server, which can be exploited by malicious users to bypass certain security restrictions, and by malicious people to bypass certain security restrictions and compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/32301/ -- [SA32267] VLC Media Player XSPF Processing Memory Corruption Vulnerability Critical: Highly critical Where: From remote Impact: DoS, System access Released: 2008-10-15 A vulnerability has been reported by VLC Media Player, which potentially can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/32267/ -- [SA32227] Sun Java System Web Proxy Server Two Vulnerabilities Critical: Highly critical Where: From remote Impact: System access Released: 2008-10-10 Two vulnerabilities have been reported in Sun Java System Web Proxy Server, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/32227/ -- [SA32304] BEA WebLogic Server Multiple Authorizers Security Bypass Critical: Moderately critical Where: From remote Impact: Security Bypass Released: 2008-10-15 A vulnerability has been reported in BEA WebLogic Server, which can be exploited by malicious people to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/32304/ -- [SA32303] BEA WebLogic Workshop NetUI Pageflow Information Disclosure Vulnerability Critical: Moderately critical Where: From remote Impact: Exposure of sensitive information Released: 2008-10-15 A vulnerability has been reported in BEA WebLogic Workshop, which can be exploited by malicious people to disclose potentially sensitive information. Full Advisory: http://secunia.com/advisories/32303/ -- [SA32302] BEA WebLogic Workshop NetUI Tags Information Disclosure Vulnerability Critical: Moderately critical Where: From remote Impact: Exposure of sensitive information Released: 2008-10-15 A vulnerability has been reported in BEA WebLogic Workshop, which can be exploited by malicious people to disclose potentially sensitive information. Full Advisory: http://secunia.com/advisories/32302/ -- [SA32291] Oracle Products Multiple Vulnerabilities Critical: Moderately critical Where: From remote Impact: Unknown Released: 2008-10-15 Some vulnerabilities with unknown impacts have been reported in various Oracle products. Full Advisory: http://secunia.com/advisories/32291/ -- [SA32290] AstroSPACES "id" SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Manipulation of data, Exposure of sensitive information Released: 2008-10-16 TurkishWarriorr has discovered a vulnerability in AstroSPACES, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/32290/ -- [SA32289] myWebland myStats SQL Injection and Security Bypass Critical: Moderately critical Where: From remote Impact: Security Bypass, Manipulation of data Released: 2008-10-16 JosS has discovered two vulnerabilities in myWebland myStats, which can be exploited by malicious people to bypass certain security restrictions and conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/32289/ -- [SA32288] Webscene eCommerce "level" SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Manipulation of data, Exposure of sensitive information Released: 2008-10-15 Angela Chang has reported a vulnerability in Webscene eCommerce, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/32288/ -- [SA32287] HP Systems Insight Manager Unspecified Unauthorised Access Critical: Moderately critical Where: From remote Impact: Security Bypass, Exposure of system information, Exposure of sensitive information Released: 2008-10-16 A vulnerability has been reported in HP Systems Insight Manager (SIM), which can be exploited by malicious people to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/32287/ -- [SA32285] Drupal Shindig-Integrator Module Multiple Vulnerabilities Critical: Moderately critical Where: From remote Impact: Unknown, Security Bypass, Cross Site Scripting Released: 2008-10-16 Some vulnerabilities have been reported in the Shindig-Integrator module for Drupal, where some have an unknown impact, and others can be exploited by malicious users to conduct script insertion attacks, and by malicious people to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/32285/ -- [SA32277] SweetCMS "page" SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2008-10-16 Dapirates & underc have reported a vulnerability in SweetCMS, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/32277/ -- [SA32268] MyPHPDating "id" SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Manipulation of data, Exposure of sensitive information Released: 2008-10-15 Hakxer has reported a vulnerability in MyPHPDating (My PHP Dating), which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/32268/ -- [SA32253] WordPress WP Comment Remix Plugin Multiple Vulnerabilities Critical: Moderately critical Where: From remote Impact: Cross Site Scripting, Manipulation of data Released: 2008-10-15 g30rg3_x has reported some vulnerabilities in the WP Comment Remix plugin for WordPress, which can be exploited by malicious people to conduct cross-site request forgery, script insertion, and SQL injection attacks. Full Advisory: http://secunia.com/advisories/32253/ -- [SA32240] Joomla Ignite Gallery Component "gallery" SQL Injection Critical: Moderately critical Where: From remote Impact: Manipulation of data, Exposure of sensitive information Released: 2008-10-13 H!tm@N has reported a vulnerability in the Ignite Gallery component for Joomla!, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/32240/ -- [SA32239] Joomla Mad4Joomla Mailforms Component "jid" SQL Injection Critical: Moderately critical Where: From remote Impact: Manipulation of data, Exposure of sensitive information Released: 2008-10-13 H!tm@N has reported a vulnerability in the Mad4Joomla Mailforms component for Joomla!, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/32239/ -- [SA32235] Joomla OwnBiblio Component "catid" SQL Injection Critical: Moderately critical Where: From remote Impact: Manipulation of data, Exposure of sensitive information Released: 2008-10-13 H!tm@N has discovered a vulnerability in the OwnBiblio component for Joomla!, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/32235/ -- [SA32225] Phorum BBcode Nested "img" Tags Script Insertion Critical: Moderately critical Where: From remote Impact: Cross Site Scripting Released: 2008-10-14 Julian A. Rodriguez has reported a vulnerability in Phorum, which can be exploited by malicious people to conduct script insertion attacks. Full Advisory: http://secunia.com/advisories/32225/ -- [SA32223] Real Estates Classifieds "cat" SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Manipulation of data, Exposure of sensitive information Released: 2008-10-13 Hakxer has reported a vulnerability in Real Estates Classifieds, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/32223/ -- [SA32215] My PHP Indexer "d" File Disclosure Vulnerability Critical: Moderately critical Where: From remote Impact: Exposure of system information, Exposure of sensitive information Released: 2008-10-13 JosS has discovered a vulnerability in My PHP Indexer, which can be exploited by malicious people to disclose sensitive information. Full Advisory: http://secunia.com/advisories/32215/ -- [SA32214] NewLife Blogger "nlb3" SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2008-10-13 Pepelux has reported a vulnerability in NewLife Blogger, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/32214/ -- [SA32278] Elxis mod_language.php Cross-Site Scripting Vulnerability Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2008-10-15 swappie aka faithlove has discovered a vulnerability in Elxis, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/32278/ -- [SA32276] Drupal Node Vote Module Vote Again SQL Injection Critical: Less critical Where: From remote Impact: Manipulation of data, Privilege escalation Released: 2008-10-16 A vulnerability has been reported in the Node Vote module for Drupal, which can be exploited by malicious users to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/32276/ -- [SA32270] Adobe Flash Player Multiple Security Issues Critical: Less critical Where: From remote Impact: Security Bypass, Manipulation of data Released: 2008-10-16 Some security issues have been reported in Adobe Flash Player, which can be exploited by malicious people to bypass certain security restrictions or manipulate certain data. Full Advisory: http://secunia.com/advisories/32270/ -- [SA32243] Mantis Referenced Reports Information Disclosure Security Issue Critical: Less critical Where: From remote Impact: Exposure of sensitive information Released: 2008-10-14 A security issue has been reported in Mantis, which can be exploited by malicious users to disclose potentially sensitive information. Full Advisory: http://secunia.com/advisories/32243/ -- [SA32212] ScriptsEz Mini Hosting Panel "dir" File Disclosure Critical: Less critical Where: From remote Impact: Exposure of system information, Exposure of sensitive information Released: 2008-10-13 JosS has reported a vulnerability in ScriptsEz Mini Hosting Panel, which can be exploited by malicious users to disclose sensitive information. Full Advisory: http://secunia.com/advisories/32212/ -- [SA32234] FUJITSU Interstage Products Apache Tomcat Security Bypass Critical: Not critical Where: From remote Impact: Security Bypass Released: 2008-10-10 A security issue has been reported in various FUJITSU Interstage products, which potentially can be exploited by malicious people to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/32234/ -- [SA32213] Apache Tomcat "RemoteFilterValve" Security Bypass Security Issue Critical: Not critical Where: From remote Impact: Security Bypass Released: 2008-10-13 A security issue has been reported in Apache Tomcat, which potentially can be exploited by malicious people to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/32213/


	Secunia Vulnerabilities Content Listing for the week of October 23 2008 Windows:-- [SA32337] Hummingbird Deployment Wizard ActiveX Control Insecure Methods Critical: Highly critical Where: From remote Impact: System access Released: 2008-10-20 shinnai has discovered some vulnerabilities in Hummingbird Deployment Wizard, which can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/32337/ -- [SA32319] Hummingbird Xweb ActiveX Control "PlainTextPassword" Property Buffer Overflow Critical: Highly critical Where: From remote Impact: DoS, System access Released: 2008-10-17 Thomas Pollet has reported a vulnerability in Hummingbird Xweb ActiveX Control, which potentially can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/32319/ -- [SA32375] GoodTech SSH Server SFTP Processing Buffer Overflow Vulnerability Critical: Moderately critical Where: From remote Impact: DoS, System access Released: 2008-10-23 r0ut3r has discovered a vulnerability in GoodTech SSH Server, which can be exploited by malicious users to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/32375/ -- [SA32364] Dorsa CMS "PageIDF" SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Manipulation of data, Exposure of sensitive information Released: 2008-10-23 syst3m_f4ult has reported a vulnerability in Dorsa CMS, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/32364/ -- [SA32366] freeSSHd Two Denial of Service Vulnerabilities Critical: Less critical Where: From remote Impact: DoS Released: 2008-10-23 Jeremy Brown has discovered two vulnerabilities in freeSSHd, which can be exploited by malicious users to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/32366/ -- [SA32383] EMC NetWorker Products "nsrexecd.exe" Denial of Service Critical: Less critical Where: From local network Impact: DoS Released: 2008-10-23 A vulnerability has been reported in several EMC NetWorker Products, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/32383/ UNIX/Linux:-- [SA32372] Red Hat update for ruby Critical: Moderately critical Where: From remote Impact: Security Bypass, DoS Released: 2008-10-22 Red Hat has issued an update for ruby. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions or cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/32372/ -- [SA32371] Red Hat update for ruby Critical: Moderately critical Where: From remote Impact: Security Bypass, Spoofing, DoS Released: 2008-10-22 Red Hat has issued an update for ruby. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions, cause a DoS (Denial of Service), and conduct spoofing attacks. Full Advisory: http://secunia.com/advisories/32371/ -- [SA32354] imlib2 Multiple Unspecified Vulnerabilities Critical: Moderately critical Where: From remote Impact: Unknown Released: 2008-10-23 Some vulnerabilities with unknown impact have been reported in imlib2. Full Advisory: http://secunia.com/advisories/32354/ -- [SA32351] Red Hat update for ruby Critical: Moderately critical Where: From remote Impact: Security Bypass, Spoofing, DoS Released: 2008-10-22 Red Hat has issued an update for ruby. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions, cause a DoS (Denial of Service), and conduct spoofing attacks. Full Advisory: http://secunia.com/advisories/32351/ -- [SA32345] LightBlog Two Local File Inclusion Vulnerabilities Critical: Moderately critical Where: From remote Impact: Exposure of system information, Exposure of sensitive information Released: 2008-10-22 JosS has discovered two vulnerabilities in LightBlog, which can be exploited by malicious people to disclose sensitive information. Full Advisory: http://secunia.com/advisories/32345/ -- [SA32316] SUSE Update for Multiple Packages Critical: Moderately critical Where: From remote Impact: Exposure of sensitive information, Privilege escalation, DoS, System access Released: 2008-10-17 SUSE has issued an update for multiple packages. This fixes some vulnerabilities, which can be exploited by malicious people to disclose sensitive information, cause a DoS (Denial of Service) or compromise a vulnerable system or by malicious, local users to cause a DoS (Denial of Service) or gain escalated privileges. Full Advisory: http://secunia.com/advisories/32316/ -- [SA32306] Avaya Products libxml2 Denial of Service Critical: Moderately critical Where: From remote Impact: DoS Released: 2008-10-17 Avaya has acknowledged a vulnerability in various Avaya products, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/32306/ -- [SA32370] SUSE update for kernel Critical: Moderately critical Where: From local network Impact: Exposure of sensitive information, Privilege escalation, DoS Released: 2008-10-22 SUSE has issued an update for the kernel. This fixes some vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service), disclose potentially sensitive information, and gain escalated privileges, and by malicious people to cause a DoS. Full Advisory: http://secunia.com/advisories/32370/ -- [SA32331] Debian update for cupsys Critical: Moderately critical Where: From local network Impact: DoS, System access Released: 2008-10-21 Debian has issued an update for cupsys. This fixes some vulnerabilities, which potentially can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/32331/ -- [SA32362] Fedora update for php-Smarty Critical: Less critical Where: From remote Impact: Security Bypass Released: 2008-10-22 Fedora has issued an update for php-smarty. This fixes a vulnerability, which can be exploited by malicious people to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/32362/ -- [SA32330] Fedora update for mantis Critical: Less critical Where: From remote Impact: Exposure of sensitive information Released: 2008-10-21 Fedora has issued an update for mantis. This fixes a vulnerability, which can be exploited by malicious users to disclose potentially sensitive information. Full Advisory: http://secunia.com/advisories/32330/ -- [SA32313] Avaya Products bzip2 Denial of Service Critical: Less critical Where: From remote Impact: DoS Released: 2008-10-17 Avaya has acknowledged a vulnerability in various Avaya products, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/32313/ -- [SA32346] nfs-utils TCP Wrappers NFS Netgroups Security Bypass Critical: Less critical Where: From local network Impact: Security Bypass Released: 2008-10-20 A security issue has been reported in nfs-utils, which can be exploited by malicious people to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/32346/ -- [SA32363] Fedora update for jhead Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2008-10-21 Fedora has issued an update for jhead. This fixes a security issue, which potentially can be exploited by malicious, local users to gain escalated privileges. Full Advisory: http://secunia.com/advisories/32363/ -- [SA32357] Ubuntu update for amarok Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2008-10-22 Ubuntu has issued an update for amarok. This fixes a vulnerability, which can be exploited by malicious, local users to perform certain actions with escalated privileges. Full Advisory: http://secunia.com/advisories/32357/ -- [SA32340] JHead "DoCommand()" Buffer Overflow Security Issue Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2008-10-21 A security issue has been reported in JHead, which potentially can be exploited by malicious, local users to gain escalated privileges. Full Advisory: http://secunia.com/advisories/32340/ -- [SA32335] Debian update for qemu Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2008-10-22 Debian has issued an update for qemu. This fixes a vulnerability, which can be exploited by malicious, local users to perform certain actions with escalated privileges. Full Advisory: http://secunia.com/advisories/32335/ -- [SA32332] Veritas File System Information Disclosure Security Issues Critical: Less critical Where: Local system Impact: Exposure of system information, Exposure of sensitive information Released: 2008-10-21 Two security issues have been reported in Veritas File System, which can be exploited by malicious, local users to disclose sensitive information. Full Advisory: http://secunia.com/advisories/32332/ -- [SA32320] Linux Kernel "splice()" O_APPEND Bypass and I915 Privilege Escalation Critical: Less critical Where: Local system Impact: Security Bypass, Privilege escalation Released: 2008-10-20 A weakness and a vulnerability have been reported in the Linux kernel, which can be exploited by malicious, local users to bypass certain security restrictions and potentially gain escalated privileges. Full Advisory: http://secunia.com/advisories/32320/ -- [SA32315] Debian update for linux-2.6 Critical: Less critical Where: Local system Impact: Exposure of sensitive information, Privilege escalation, DoS Released: 2008-10-20 Debian has issued an update for linux 2.6. This fixes some vulnerabilities, which can be exploited by malicious, local users to gain escalated privileges, cause a DoS (Denial of Service) or disclose sensitive information. Full Advisory: http://secunia.com/advisories/32315/ -- [SA32349] Red Hat update for ed Critical: Not critical Where: From remote Impact: System access Released: 2008-10-22 Red Hat has issued an update for ed. This fixes a security issue, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/32349/ -- [SA32385] Debian update for dbus Critical: Not critical Where: Local system Impact: DoS Released: 2008-10-23 Debian has issued an update for dbus. This fixes a weakness, which can be exploited by malicious, local users to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/32385/ -- [SA32356] SUSE update for kernel Critical: Not critical Where: Local system Impact: Privilege escalation, DoS Released: 2008-10-21 SUSE has issued an update for the kernel. This fixes a security issue and a vulnerability, which can be exploited by malicious, local users to cause a DoS (Denial of Service) and gain escalated privileges. Full Advisory: http://secunia.com/advisories/32356/ -- [SA32344] Linux Kernel Denial of Service and Privilege Escalation Critical: Not critical Where: Local system Impact: Privilege escalation, DoS Released: 2008-10-20 Some vulnerabilities have been reported in the Linux kernel, which can be exploited by malicious, local users to cause a DoS (Denial of Service) and gain escalated privileges. Full Advisory: http://secunia.com/advisories/32344/ Other:-- [SA32392] Cisco ASA Crypto Accelerator Memory Leak Critical: Moderately critical Where: From remote Impact: DoS Released: 2008-10-23 A vulnerability has been reported in Cisco ASA appliances, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/32392/ -- [SA32391] Cisco ASA and PIX IPv6 Denial of Service Critical: Moderately critical Where: From remote Impact: DoS Released: 2008-10-23 A vulnerability has been reported in Cisco ASA and PIX appliances, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/32391/ -- [SA32360] Cisco ASA and PIX VPN Authentication Bypass Critical: Moderately critical Where: From remote Impact: Security Bypass Released: 2008-10-23 A vulnerability has been reported in Cisco ASA and PIX appliances, which can be exploited by malicious people to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/32360/ Cross Platform:-- [SA32380] Iamma Simple Gallery File Upload Vulnerability Critical: Highly critical Where: From remote Impact: System access Released: 2008-10-23 X0r has discovered a vulnerability in Iamma Simple Gallery, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/32380/ -- [SA32361] Snoopy "_httpsrequest()" Shell Command Execution Vulnerability Critical: Highly critical Where: From remote Impact: System access Released: 2008-10-23 A vulnerability has been discovered in Snoopy, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/32361/ -- [SA32352] F-Secure Products RPM Parsing Integer Overflow Vulnerability Critical: Highly critical Where: From remote Impact: DoS, System access Released: 2008-10-21 A vulnerability has been reported in various F-Secure products, which potentially can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/32352/ -- [SA32339] VLC Media Player TY Processing Buffer Overflow Vulnerability Critical: Highly critical Where: From remote Impact: DoS, System access Released: 2008-10-20 A vulnerability has been reported in VLC Media Player, which potentially can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/32339/ -- [SA32328] Fast Click SQL Lite "CFG[CDIR]" File Inclusion Vulnerability Critical: Highly critical Where: From remote Impact: System access Released: 2008-10-20 NoGe has discovered a vulnerability in Fast Click SQL Lite, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/32328/ -- [SA32379] phpcrs "importFunction" Local File Inclusion Vulnerability Critical: Moderately critical Where: From remote Impact: Exposure of system information, Exposure of sensitive information Released: 2008-10-23 Pepelux has discovered a vulnerability in phpcrs, which can be exploited by malicious people to disclose sensitive information. Full Advisory: http://secunia.com/advisories/32379/ -- [SA32378] LoudBlog "colpick" SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Manipulation of data, Exposure of sensitive information Released: 2008-10-23 Xianur0 has discovered a vulnerability in LoudBlog, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/32378/ -- [SA32377] Joomla ionFiles Component "file" Information Disclosure Critical: Moderately critical Where: From remote Impact: Exposure of system information, Exposure of sensitive information Released: 2008-10-23 Vrs-hCk has discovered a vulnerability in the ionFiles component for Joomla!, which can be exploited by malicious people to disclose sensitive information. Full Advisory: http://secunia.com/advisories/32377/ -- [SA32369] TYPO3 simplesurvey Extension SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2008-10-21 A vulnerability has been reported in the Simple survey (simplesurvey) extension for TYPO3, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/32369/ -- [SA32368] IBM DB2 Multiple Vulnerabilities Critical: Moderately critical Where: From remote Impact: Unknown, Exposure of sensitive information, DoS Released: 2008-10-22 Some vulnerabilities have been reported in IBM DB2, where some have an unknown impact and others can be exploited by malicious people to cause a DoS (Denial of Service) and disclose potentially sensitive information. Full Advisory: http://secunia.com/advisories/32368/ -- [SA32355] Wireshark Multiple Denial of Service Vulnerabilities Critical: Moderately critical Where: From remote Impact: DoS Released: 2008-10-21 Some vulnerabilities and a weakness have been reported in Wireshark, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/32355/ -- [SA32347] XOOPS Makale Module "id" SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Manipulation of data, Exposure of sensitive information Released: 2008-10-21 EcHoLL has discovered a vulnerability in the Makale module for XOOPS, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/32347/ -- [SA32342] TYPO3 dmmjobcontrol Extension SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2008-10-21 A vulnerability has been reported in the JobControl (dmmjobcontrol) extension for TYPO3, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/32342/ -- [SA32341] TikiWiki CMS/Groupware Two Unspecified Vulnerabilities Critical: Moderately critical Where: From remote Impact: Unknown Released: 2008-10-22 Two vulnerabilities with unknown impact have been reported in TikiWiki CMS/Groupware. Full Advisory: http://secunia.com/advisories/32341/ -- [SA32338] WebSVN File Overwrite and Cross-Site Scripting Critical: Moderately critical Where: From remote Impact: Cross Site Scripting, Manipulation of data Released: 2008-10-23 James Bercegay has reported two vulnerabilities in WebSVN, which can be exploited by malicious people to conduct cross-site scripting attacks and manipulate data. Full Advisory: http://secunia.com/advisories/32338/ -- [SA32336] WordPress Newsletter Plugin "newsletter" SQL Injection Critical: Moderately critical Where: From remote Impact: Manipulation of data, Exposure of sensitive information Released: 2008-10-22 r45c4l has reported a vulnerability in the Newsletter plugin for WordPress, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/32336/ -- [SA32334] phpFastNews "fn-loggedin" Cookie Security Bypass Critical: Moderately critical Where: From remote Impact: Security Bypass Released: 2008-10-20 Qabandi has discovered a vulnerability in phpFastNews, which can be exploited by malicious people to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/32334/ -- [SA32333] Zeeproperty "adid" SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Manipulation of data, Exposure of sensitive information Released: 2008-10-20 Hussin X has reported a vulnerability in Zeeproperty, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/32333/ -- [SA32325] yappa-ng "album" Local File Inclusion Vulnerability Critical: Moderately critical Where: From remote Impact: Exposure of system information, Exposure of sensitive information Released: 2008-10-20 Vrs-hCk has discovered a vulnerability in yappa-ng, which can be exploited by malicious people to disclose sensitive information. Full Advisory: http://secunia.com/advisories/32325/ -- [SA32323] Woltlab Burning Board rGallery "itemID" SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Manipulation of data, Exposure of sensitive information Released: 2008-10-20 Five-Three-Nine has reported a vulnerability in the rGallery plugin for WoltLab Burning Board, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/32323/ -- [SA32321] Joomla DS-Syndicate Component "feed_id" SQL Injection Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2008-10-20 boom3rang has discovered a vulnerability in the DS-Syndicate component for Joomla!, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/32321/ -- [SA32318] MUSCLE "Message::AddToString()" Buffer Overflow Vulnerability Critical: Moderately critical Where: From remote Impact: DoS, System access Released: 2008-10-20 A vulnerability has been discovered in MUSCLE, which can be exploited by malicious people to cause a DoS (Denial of Service) or compromise an application using the library. Full Advisory: http://secunia.com/advisories/32318/ -- [SA32317] RealVNC VNC Viewer "CMsgReader::readRect()" Encoding Type Vulnerability Critical: Moderately critical Where: From remote Impact: DoS, System access Released: 2008-10-20 A vulnerability has been discovered in RealVNC VNC Viewer, which can potentially be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/32317/ -- [SA32314] Mantis "sort" PHP Code Execution Vulnerability Critical: Moderately critical Where: From remote Impact: System access Released: 2008-10-17 EgiX has discovered a vulnerability in Mantis, which can be exploited by malicious users to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/32314/ -- [SA32312] PokerMax Pro Poker League "ValidUserAdmin" Cookie Security Bypass Critical: Moderately critical Where: From remote Impact: Security Bypass Released: 2008-10-17 DaRkLiFe has discovered a vulnerability in PokerMax Pro Poker League, which can be exploited by malicious people to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/32312/ -- [SA32310] Mic_Blog Multiple SQL Injection Vulnerabilities Critical: Moderately critical Where: From remote Impact: Manipulation of data, Exposure of sensitive information Released: 2008-10-21 StAkeR has reported some vulnerabilities in Mic_Blog (mic blog), which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/32310/ -- [SA32309] Mosaic Commerce "cid" SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Manipulation of data, Exposure of sensitive information Released: 2008-10-21 Ali Abbasi has reported a vulnerability in Mosaic Commerce, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/32309/ -- [SA32308] CafeEngine "id" Two SQL Injection Vulnerabilities Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2008-10-17 0x has reported two vulnerabilities in CafeEngine, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/32308/ -- [SA32307] EasyCafeEngine "itemid" SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2008-10-17 0x has reported a vulnerability in EasyCafeEngine (Easy Cafe Engine), which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/32307/ -- [SA32388] Drupal Localization client Module Cross-Site Request Forgery Critical: Less critical Where: From remote Impact: Cross Site Scripting, Manipulation of data Released: 2008-10-23 A vulnerability has been reported in the Localization client module for Drupal, which can be exploited by malicious people to conduct cross-site request forgery attacks. Full Advisory: http://secunia.com/advisories/32388/ -- [SA32353] cpCommerce Multiple Cross-Site Scripting Vulnerabilities Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2008-10-20 Some vulnerabilities have been reported in cpCommerce, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/32353/ -- [SA32350] FlashChat "s" Security Bypass Critical: Less critical Where: From remote Impact: Security Bypass Released: 2008-10-22 eLiSiA has discovered a vulnerability in FlashChat, which can be exploited by malicious users to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/32350/ -- [SA32348] MyNETS Cross-Site Scripting Vulnerability Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2008-10-20 A vulnerability has been reported in MyNETS, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/32348/ -- [SA32329] Smarty "_expand_Quote: d_text()" Security Bypass Vulnerability Critical: Less critical Where: From remote Impact: Security Bypass Released: 2008-10-22 A vulnerability has been reported in Smarty, which can be exploited by malicious people to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/32329/ -- [SA32324] Vivvo CMS Unspecified Cross-Site Request Forgery Vulnerability Critical: Less critical Where: From remote Impact: Hijacking Released: 2008-10-20 A vulnerability has been reported in Vivvo CMS, which can be exploited by malicious people to conduct cross-site request forgery attacks. Full Advisory: http://secunia.com/advisories/32324/ -- [SA32322] e107 "ue[]" SQL Injection Vulnerability Critical: Less critical Where: From remote Impact: Manipulation of data, Exposure of sensitive information Released: 2008-10-20 __GiReX__ has discovered a vulnerability in e107, which can be exploited by malicious users to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/32322/ -- [SA32311] Habari "habari_username" Cross-Site Scripting Vulnerability Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2008-10-17 swappie has discovered a vulnerability in Habari, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/32311/ -- [SA32305] Movable Type Unspecified Cross-Site Scripting Vulnerability Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2008-10-20 A vulnerability has been reported in Movable Type, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/32305/ -- [SA32389] Drupal Virtual Hosts Local File Inclusion Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2008-10-23 A vulnerability has been reported in Drupal, which can potentially be exploited by malicious, local users to gain escalated privileges. Full Advisory: http://secunia.com/advisories/32389/


	Secunia Vulnerabilities Content Listing for the week of October 30, 2008 Windows:-- [SA32455] Blaze Media Pro NMSDVDX ActiveX Control Insecure Methods Critical: Highly critical Where: From remote Impact: DoS, System access Released: 2008-10-28 A vulnerability has been reported in Blaze Media Pro, which can be exploited by malicious people to potentially compromise a user's system. Full Advisory: http://secunia.com/advisories/32455/ -- [SA32411] TUGzip .zip File Buffer Overflow Vulnerability Critical: Highly critical Where: From remote Impact: System access Released: 2008-10-28 Stefan Marin has discovered a vulnerability in TUGzip, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/32411/ -- [SA32414] Persia BME E-Catalogue "q" SQL Injection Critical: Moderately critical Where: From remote Impact: Manipulation of data, Exposure of sensitive information Released: 2008-10-29 AmnPardaz Security Research Team have reported a vulnerability in Persia BME E-Catalogue, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/32414/ -- [SA32409] Ocean12 Products .mdb Database Disclosure Security Issues Critical: Moderately critical Where: From remote Impact: Exposure of sensitive information Released: 2008-10-28 Pouya_Server has reported some security issues in multiple Ocean12 products, which can be exploited by malicious people to disclose potentially sensitive information. Full Advisory: http://secunia.com/advisories/32409/ -- [SA32395] Novell eDirectory NCP Unspecified Vulnerability Critical: Moderately critical Where: From remote Impact: Unknown Released: 2008-10-28 A vulnerability with an unknown impact has been reported in Novell eDirectory. Full Advisory: http://secunia.com/advisories/32395/ -- [SA32444] Citrix Web Interface Improper Session Termination Security Issue Critical: Less critical Where: Local system Impact: Security Bypass Released: 2008-10-28 A security issue has been reported in Citrix Web Interface, which can be exploited by malicious, local users to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/32444/ UNIX/Linux:-- [SA32461] Debian update for openoffice.org Critical: Highly critical Where: From remote Impact: System access Released: 2008-10-30 Debian has issued an update for openoffice.org. This fixes some vulnerabilities, which potentially can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/32461/ -- [SA32436] Red Hat update for java-1.6.0-ibm Critical: Highly critical Where: From remote Impact: Security Bypass, Exposure of system information, Exposure of sensitive information, DoS, System access Released: 2008-10-27 Red Hat has issued an update for java-1.6.0-ibm. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions, disclose system information or potentially sensitive information, cause a DoS (Denial of Service), or compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/32436/ -- [SA32402] Ads Pro "page" Command Execution Vulnerability Critical: Highly critical Where: From remote Impact: System access Released: 2008-10-28 S0l1D has reported a vulnerability in Ads Pro, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/32402/ -- [SA32400] Ubuntu update for moodle Critical: Highly critical Where: From remote Impact: Security Bypass, System access Released: 2008-10-24 Ubuntu has issued an update for moodle. This fixes a vulnerability, which can be exploited by malicious people to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/32400/ -- [SA32394] SUSE Update for Multiple Packages Critical: Highly critical Where: From remote Impact: Security Bypass, Cross Site Scripting, Exposure of system information, Exposure of sensitive information, DoS, System access Released: 2008-10-24 SUSE has issued an update for multiple packages. This fixes some vulnerabilities, which can be exploited by malicious people to conduct script insertion attacks, bypass certain security restrictions, disclose system and potentially sensitive information, or potentially to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/32394/ -- [SA32454] rPath update for pcre Critical: Moderately critical Where: From remote Impact: DoS, System access Released: 2008-10-28 rPath has issued an update for pcre. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise an application using the library. Full Advisory: http://secunia.com/advisories/32454/ -- [SA32453] rPath update for libxslt Critical: Moderately critical Where: From remote Impact: DoS, System access Released: 2008-10-28 rPath has issued an update for libxslt. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise an application using the library. Full Advisory: http://secunia.com/advisories/32453/ -- [SA32448] Red Hat update for flash-plugin Critical: Moderately critical Where: From remote Impact: Security Bypass, Manipulation of data, Exposure of sensitive information Released: 2008-10-29 Red Hat has issued an update for flash-plugin. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions, disclose potentially sensitive information, and manipulate certain data. Full Advisory: http://secunia.com/advisories/32448/ -- [SA32447] KTorrent 2 Web Interface Torrent Upload and PHP Code Injection Critical: Moderately critical Where: From remote Impact: Security Bypass, System access Released: 2008-10-29 Some vulnerabilities have been reported in KTorrent, which can be exploited by malicious users to compromise a vulnerable system and malicious people to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/32447/ -- [SA32442] KTorrent Web Interface Torrent Upload and PHP Code Injection Critical: Moderately critical Where: From remote Impact: Security Bypass, System access Released: 2008-10-27 Some vulnerabilities have been discovered in KTorrent, which can be exploited by malicious users to compromise a vulnerable system and malicious people to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/32442/ -- [SA32437] Red Hat update for java-1.5.0-ibm Critical: Moderately critical Where: From remote Impact: Security Bypass Released: 2008-10-27 Red Hat has issued an update for java-1.5.0-ibm. This fixes a vulnerability, which can be exploited by malicious people to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/32437/ -- [SA32430] Venalsur Booking Centre SQL Injection and Cross-Site Scripting Critical: Moderately critical Where: From remote Impact: Cross Site Scripting, Manipulation of data, Exposure of sensitive information Released: 2008-10-30 d3b4g has reported two vulnerabilities in Venalsur Booking Centre, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks. Full Advisory: http://secunia.com/advisories/32430/ -- [SA32424] Debian update for clamav Critical: Moderately critical Where: From remote Impact: Unknown, DoS Released: 2008-10-27 Debian has issued an update for clamav. This fixes some vulnerabilities, where some have an unknown impact and others can potentially be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/32424/ -- [SA32401] NetBSD ICMPv6 "Packet Too Big" MTU Denial of Service Vulnerability Critical: Moderately critical Where: From remote Impact: DoS Released: 2008-10-28 NetBSD has acknowledged a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/32401/ -- [SA32396] Debian update for libspf2 Critical: Moderately critical Where: From remote Impact: DoS, System access Released: 2008-10-24 Debian has issued an update for libspf2. This fixes a vulnerability, which can be exploited by malicious people to potentially compromise an application using the library. Full Advisory: http://secunia.com/advisories/32396/ -- [SA32471] Fedora update for dovecot Critical: Less critical Where: From remote Impact: Security Bypass Released: 2008-10-30 Fedora has issued an update for dovecot. This fixes a security issue, which can be exploited by malicious users to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/32471/ -- [SA32446] Ubuntu update for moodle Critical: Less critical Where: From remote Impact: Security Bypass Released: 2008-10-27 Ubuntu has issued an update for moodle. This fixes a vulnerability, which can be exploited by malicious people to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/32446/ -- [SA32441] Fedora update for drupal Critical: Less critical Where: From remote Impact: Cross Site Scripting, Privilege escalation Released: 2008-10-27 Fedora has issued an update for drupal. This fixes some vulnerabilities, which can be exploited by malicious, local users to gain escalated privileges and by malicious users to conduct script insertion attacks. Full Advisory: http://secunia.com/advisories/32441/ -- [SA32475] Fedora update for libtirpc Critical: Less critical Where: From local network Impact: DoS Released: 2008-10-30 Fedora has issued an update for libtirpc. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/32475/ -- [SA32406] NetBSD IPv6 Neighbor Discovery Protocol Neighbor Solicitation Vulnerability Critical: Less critical Where: From local network Impact: Spoofing, Exposure of sensitive information, DoS Released: 2008-10-28 A vulnerability has been reported in NetBSD, which can be exploited by malicious people to conduct spoofing attacks, disclose potentially sensitive information, or to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/32406/ -- [SA32403] libtirpc "__rpc_taddr2uaddr_af()" Denial of Service Vulnerability Critical: Less critical Where: From local network Impact: DoS Released: 2008-10-28 A vulnerability has been reported in libtirpc, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/32403/ -- [SA32420] JHead "DoCommand()" Shell Command Injection Security Issue Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2008-10-27 A security issue has been reported in JHead, which can be exploited by malicious, local users to gain escalated privileges. Full Advisory: http://secunia.com/advisories/32420/ -- [SA32393] Ubuntu update for linux Critical: Less critical Where: Local system Impact: Security Bypass, Privilege escalation, DoS Released: 2008-10-28 Ubuntu has issued an update for linux, linux-source-2.6.15, and linux-source-2.6.22. This fixes some vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service), bypass certain security restrictions, and potentially gain escalated privileges. Full Advisory: http://secunia.com/advisories/32393/ -- [SA32460] Fedora update for ed Critical: Not critical Where: From remote Impact: System access Released: 2008-10-30 Fedora has issued an update for ed. This fixes a security issue, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/32460/ -- [SA32416] Red Hat update for lynx Critical: Not critical Where: Local system Impact: Privilege escalation Released: 2008-10-28 Red Hat has issued an update for lynx. This fixes a weakness, which can be exploited by malicious, local users to gain escalated privileges. Full Advisory: http://secunia.com/advisories/32416/ -- [SA32407] Lynx Insecure ".mailcap" and ".mime.types" Search Path Weakness Critical: Not critical Where: Local system Impact: Privilege escalation Released: 2008-10-28 A weakness has been reported in Lynx, which can be exploited by malicious, local users to potentially gain escalated privileges. Full Advisory: http://secunia.com/advisories/32407/ Cross Platform:-- [SA32452] Opera Command Execution and Cross-Site Scripting Critical: Highly critical Where: From remote Impact: Cross Site Scripting, System access Released: 2008-10-30 Some vulnerabilities have been reported in Opera, which can be exploited by malicious people to conduct cross-site scripting attacks or potentially to compromise a user's system. Full Advisory: http://secunia.com/advisories/32452/ -- [SA32433] H2O-CMS Cookie Security Bypass and Code Execution Vulnerabilities Critical: Highly critical Where: From remote Impact: Security Bypass, System access Released: 2008-10-29 Some vulnerabilities have been discovered in H2O-CMS, which can be exploited by malicious people to bypass certain security restrictions or by malicious users to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/32433/ -- [SA32419] OpenOffice WMF and EMF Processing Buffer Overflows Critical: Highly critical Where: From remote Impact: System access Released: 2008-10-29 Some vulnerabilities have been reported in OpenOffice, which potentially can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/32419/ -- [SA32412] NEPT Image Uploader uploadp.php File Upload Vulnerability Critical: Highly critical Where: From remote Impact: System access Released: 2008-10-27 Dentrasi has discovered a vulnerability in NEPT Image Uploader, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/32412/ -- [SA32467] Harlandscripts Pro Traffic One "trg" SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Manipulation of data, Exposure of sensitive information Released: 2008-10-30 Beenu Arora has reported a vulnerability in Harlandscripts Pro Traffic One, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/32467/ -- [SA32466] IBM Lotus Connections Multiple Vulnerabilities Critical: Moderately critical Where: From remote Impact: Unknown, Cross Site Scripting, Manipulation of data, Exposure of sensitive information Released: 2008-10-30 Multiple vulnerabilities and security issues have been reported in IBM Lotus Connections. Some have an unknown impact and others can be exploited by malicious, local users to disclose sensitive information and by malicious people to disclosure sensitive information, conduct cross-site scripting, script insertion, and SQL injection attacks. Full Advisory: http://secunia.com/advisories/32466/ -- [SA32451] MyBB Multiple Vulnerabilities Critical: Moderately critical Where: From remote Impact: Unknown, Cross Site Scripting, Brute force, Exposure of sensitive information Released: 2008-10-30 Some vulnerabilities and a weakness have been reported in MyBB, where some have an unknown impact, and others can be exploited by malicious people to conduct brute force or cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/32451/ -- [SA32443] SUSE update for kernel Critical: Moderately critical Where: From remote Impact: Privilege escalation, DoS Released: 2008-10-29 SUSE has issued an update for the kernel. This fixes some vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service) and potentially gain escalated privileges, and by malicious people to cause a DoS. Full Advisory: http://secunia.com/advisories/32443/ -- [SA32439] phplist "connector.php" File Extension Validation Vulnerability Critical: Moderately critical Where: From remote Impact: System access Released: 2008-10-28 A vulnerability has been reported in phplist, which potentially can be exploited by malicious users to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/32439/ -- [SA32438] WebGUI "loadModule()" Arbitrary Perl Code Execution Vulnerability Critical: Moderately critical Where: From remote Impact: System access Released: 2008-10-28 A vulnerability has been reported in WebGUI, which can be exploited by malicious users to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/32438/ -- [SA32431] All In One Control Panel (AIOCP) "poll_id" SQL Injection Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2008-10-28 ExSploiters has discovered a vulnerability in All In One Control Panel (AIOCP), which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/32431/ -- [SA32427] tlAds "tlAds_login" Cookie Security Bypass Critical: Moderately critical Where: From remote Impact: Security Bypass Released: 2008-10-28 X0r has discovered a vulnerability in tlAds, which can be exploited by malicious people to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/32427/ -- [SA32422] H&H WebSoccer "id" SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Manipulation of data, Exposure of sensitive information Released: 2008-10-29 d3v1l has reported a vulnerability in H&H WebSoccer, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/32422/ -- [SA32413] Aj Square RSS Reader "url" SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2008-10-29 yassine_enp has reported a vulnerability in Aj Square RSS Reader, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/32413/ -- [SA32410] KVIrc "irc://" URI Handling Format String Vulnerability Critical: Moderately critical Where: From remote Impact: DoS, System access Released: 2008-10-27 Gjoko 'LiquidWorm' Krstic has discovered a vulnerability in KVIrc, which potentially can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/32410/ -- [SA32408] PHP-Daily File Disclosure and SQL Injection Vulnerabilities Critical: Moderately critical Where: From remote Impact: Manipulation of data, Exposure of system information, Exposure of sensitive information Released: 2008-10-29 0x has discovered some vulnerabilities in PHP-Daily, which can be exploited by malicious people to disclose sensitive information and conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/32408/ -- [SA32405] tlNews "tlNews_login" Cookie Security Bypass Critical: Moderately critical Where: From remote Impact: Security Bypass Released: 2008-10-27 X0r has discovered a vulnerability in tlNews, which can be exploited by malicious people to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/32405/ -- [SA32404] SiteEngine SQL Injection and Information Disclosure Vulnerabilities Critical: Moderately critical Where: From remote Impact: Manipulation of data, Exposure of system information Released: 2008-10-29 Some vulnerabilities have been reported in SiteEngine, which can be exploited by malicious people to disclose system information and conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/32404/ -- [SA32397] SFS Ez Forum "forum" SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Exposure of sensitive information, Manipulation of data Released: 2008-10-27 Hurley has reported a vulnerability in SFS Ez Forum, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/32397/ -- [SA32465] IBM Tivoli Storage Manager Client Buffer Overflow Vulnerability Critical: Moderately critical Where: From local network Impact: DoS, System access Released: 2008-10-30 A vulnerability has been reported in IBM Tivoli Storage Manager (TSM) Client, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/32465/ -- [SA32456] Eaton MGE Network Shutdown Module Arbitrary Command Execution Vulnerability Critical: Moderately critical Where: From local network Impact: System access Released: 2008-10-28 n.runs AG has reported a vulnerability in Eaton MGE Network Shutdown Module, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/32456/ -- [SA32470] Quassel IRC CTCP Command Injection Vulnerability Critical: Less critical Where: From remote Impact: Hijacking Released: 2008-10-30 Wouter Coekaerts has reported a vulnerability in Quassel IRC, which can be exploited by malicious people to hijack IRC connections. Full Advisory: http://secunia.com/advisories/32470/ -- [SA32469] Saba "username" Cross-Site Scripting Vulnerability Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2008-10-30 The-0utl4w has reported a vulnerability in Saba, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/32469/ -- [SA32468] Dorsa CMS "search" Cross-Site Scripting Vulnerability Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2008-10-30 Pouya_Server has reported a vulnerability in Dorsa CMS, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/32468/ -- [SA32457] Kmita Catalogue "q" Cross-Site Scripting Vulnerability Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2008-10-29 cize0f has reported a vulnerability in Kmita Catalogue, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/32457/ -- [SA32449] phpMyAdmin "db" Cross-Site Scripting Vulnerability Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2008-10-28 Hadi Kiamarsi has discovered a vulnerability in phpMyAdmin, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/32449/ -- [SA32445] Kmita Gallery "begin" and "searchtext" Cross-Site Scripting Vulnerabilities Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2008-10-29 cize0f has reported some vulnerabilities in Kmita Gallery, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/32445/ -- [SA32432] MyKtools "langage" Local File Inclusion Critical: Less critical Where: From remote Impact: Exposure of system information, Exposure of sensitive information Released: 2008-10-28 A vulnerability has been discovered in MyKtools, which can be exploited by malicious users to disclose sensitive information. Full Advisory: http://secunia.com/advisories/32432/ -- [SA32429] iPei Guestbook "pg" Cross-Site Scripting Vulnerability Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2008-10-27 Ghost Hacker has discovered a vulnerability in iPei Guestbook, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/32429/ -- [SA32417] Smarty "regex_replace" Modifier Template Security Bypass Critical: Less critical Where: From remote Impact: Security Bypass Released: 2008-10-27 A vulnerability has been reported in Smarty, which can potentially be exploited by malicious people to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/32417/ -- [SA32399] ClipShare "title" Cross-Site Scripting Vulnerability Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2008-10-24 ShockShadow has reported a vulnerability is ClipShare, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/32399/ -- [SA32418] libpng "png_handle_tEXt()" Memory Leak Vulnerability Critical: Not critical Where: From remote Impact: DoS Released: 2008-10-27 A vulnerability has been reported in libpng, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/32418/

Discussion Title: Secunia Updates - October 2008
Title Keywords: Secunia Updates October 2008 KillaNet Community

Omgili Home

About

FAQ

Plugins

Usenet