Secunia Weekly Summary - Issue: 2006-23

Thread: Secunia Weekly Summary - Issue: 2006-23

Search this list only Search all lists
Secunia Weekly Summary - Issue: 2006-23
	2006-06-08 09:03:57
============================================================ ============ The Secunia Weekly Advisory Summary 2006-06-01 - 2006-06-08 This week: 79 advisories ============================================================ ============ Table of Contents: 1.....................................................Word From Secunia 2....................................................This Week In Brief 3...............................This Weeks Top Ten Most Read Advisories 4.......................................Vulnerabilities Summary Listing 5.......................................Vulnerabilities Content Listing ============================================================ ============ 1) Word From Secunia: The Secunia staff is spending hours every day to assure you the best and most reliable source for vulnerability information. Every single vulnerability report is being validated and verified before a Secunia advisory is written. Secunia validates and verifies vulnerability reports in many different ways e.g. by downloading the software and performing comprehensive tests, by reviewing source code, or by validating the credibility of the source from which the vulnerability report was issued. As a result, Secunia's database is the most correct and complete source for recent vulnerability information available on the Internet. Secunia Online Vulnerability Database: http://secunia.com/ ============================================================ ============ 2) This Week in Brief: Multiple browsers are affected by a vulnerability rated "Less Critical", which can be exploited by malicious people to trick users into disclosing sensitive information. Additional details for the different affected browsers can be found in the referenced Secunia advisories below. References: http://secunia.com/SA20442 http://secunia.com/SA20467 http://secunia.com/SA20449 http://secunia.com/SA20472 http://secunia.com/SA20470 -- Updates have been released for several Mozilla based products, including Firefox and Thunderbird, which corrects several vulnerabilities. Further details can be found in the referenced Secunia advisories below. References: http://secunia.com/SA20376 http://secunia.com/SA20382 http://secunia.com/SA20394 -- VIRUS ALERTS: During the past week Secunia collected 44 virus descriptions from the Antivirus vendors. However, none were deemed MEDIUM risk or higher according to the Secunia assessment scale. ============================================================ ============ 3) This Weeks Top Ten Most Read Advisories: 1. [SA20384] Microsoft Windows "mhtml:" URI Buffer Overflow Vulnerability 2. [SA20376] Firefox Multiple Vulnerabilities 3. [SA20153] Microsoft Word Malformed Object Code Execution Vulnerability 4. [SA20442] Firefox File Upload Form Keystroke Event Cancel Vulnerability 5. [SA19762] Internet Explorer "object" Tag Memory Corruption Vulnerability 6. [SA20449] Internet Explorer File Upload Form Keystroke Event Cancel Vulnerability 7. [SA20382] Thunderbird Multiple Vulnerabilities 8. [SA20365] MySQL Multibyte Encoding SQL Injection Vulnerability 9. [SA19738] Internet Explorer "mhtml:" Redirection Disclosure of Sensitive Information 10. [SA19521] Internet Explorer Window Loading Race Condition Address Bar Spoofing ============================================================ ============ 4) Vulnerabilities Summary Listing Windows: [SA20462] LocazoList Classifieds "msgid" Parameter SQL Injection [SA20423] myNewsletter "UserName" SQL Injection Vulnerability [SA20419] aspWebLinks SQL Injection and Password Change Vulnerabilities [SA20416] ASPScriptz Guest Book "submit.asp" Script Insertion Vulnerabilities [SA20411] CodeAvalanche FreeForum Multiple Vulnerabilities [SA20483] WinGate WWW Proxy Server Buffer Overflow Vulnerability [SA20477] Microsoft NetMeeting Denial of Service Vulnerability [SA20449] Internet Explorer File Upload Form Keystroke Event Cancel Vulnerability [SA20425] ASP Discussion Forum "search" Parameter Cross-Site Scripting UNIX/Linux: [SA20487] Wikiwig "WK[wkPath]" File Inclusion Vulnerability [SA20473] HP Tru64 UNIX and HP Internet Express Sendmail Vulnerability [SA20415] iShopCart Buffer Overflow and Directory Traversal Vulnerabilities [SA20466] LoudHush iaxclient Unspecified Vulnerability [SA20457] SUSE Updates for Multiple Packages [SA20451] Debian update for postgresql [SA20446] Debian update for centericq [SA20435] Trustix update for postgresql [SA20422] Red Hat update for dia [SA20482] Red Hat update for spamassassin [SA20443] Debian update for spamassassin [SA20430] SpamAssassin "spamd" Shell Command Injection Vulnerability [SA20498] GANTTy Cross-Site Scripting and Information Disclosure [SA20476] Sylpheed-Claws URI Check Bypass Security Issue [SA20497] Asterisk IAX2 Channel Driver Denial of Service Vulnerability [SA20461] Debian update for freeradius [SA20424] Slackware update for mysql [SA20421] Red Hat update for quagga [SA20420] Red Hat update for zebra [SA20456] Avaya Products XScreenSaver Insecure Temporary File Creation Vulnerability [SA20445] Sun StorADE Privilege Escalation Vulnerability [SA20459] Avaya PDS HP-UX Kernel Denial of Service Vulnerability Other: [SA20479] Ingate Firewall and SIParator Two Vulnerabilities [SA20474] D-Link DWL-2100AP Exposure of Configuration Files Cross Platform: [SA20480] Clan Manager Pro cmpro_header.inc.php File Inclusion [SA20475] MiraksGalerie Multiple File Inclusion Vulnerabilities [SA20468] DreamAccount "da_path" File Inclusion Vulnerabilities [SA20463] dotWidget CMS "file_path" Parameter File Inclusion Vulnerability [SA20448] Informium "CONF[local_path]" File Inclusion Vulnerability [SA20440] CS-Cart "classes_dir" Parameter File Inclusion Vulnerability [SA20439] WebspotBlogging Multiple File Inclusion Vulnerabilities [SA20437] DotClear "blog_dc_path" File Inclusion Vulnerability [SA20434] Claroline Two File Inclusion Vulnerabilities [SA20429] DokuWiki Spell Checker Code Execution Vulnerability [SA20426] AssoCIateD "root_path" File Inclusion Vulnerabilities [SA20408] REDAXO "REX[INCLUDE_PATH]" File Inclusion Vulnerabilities [SA20486] Open Business Management Multiple Vulnerabilities [SA20471] Kmita FAQ Cross-Site Scripting and SQL Injection Vulnerabilities [SA20469] Alex News-Engine "newsid" Parameter SQL Injection Vulnerability [SA20465] Coppermine Photo Gallery usermgr.php Unspecified Vulnerability [SA20460] LifeType "articleId" SQL Injection Vulnerability [SA20458] MediaWiki Edit Form Script Insertion Vulnerability [SA20450] Dmx Forum Disclosure of Sensitive Information [SA20447] Weblog Oggi Script Insertion Vulnerability [SA20438] BlueShoes Framework Multiple File Inclusion Vulnerabilities [SA20433] FunkBoard Authentication Bypass and Cross-Site Scripting [SA20428] Particle Wiki Script Insertion and SQL Injection [SA20427] Particle Gallery "imageid" SQL Injection Vulnerability [SA20414] TAL RateMyPic Multiple Vulnerabilities [SA20413] Snort "http_inspect" Preprocessor Bypass Vulnerability [SA20410] Unak-CMS SQL Injection and Cross-Site Scripting Vulnerabilities [SA20409] SimpleBoard "sb_authorname" Script Insertion Vulnerability [SA20452] TIBCO Rendezvous HTTP Administrative Interface Buffer Overflow [SA20500] GD Graphics Library GIF File Handling Denial of Service [SA20491] Particle Links "username" Parameter Cross-Site Scripting [SA20490] Particle Whois "target" Parameter Cross-Site Scripting [SA20478] DokuWiki Restricted Page Content Disclosure Vulnerability [SA20472] Mozilla SeaMonkey File Upload Form Keystroke Event Cancel Vulnerability [SA20470] Netscape File Upload Form Keystroke Event Cancel Vulnerability [SA20467] Mozilla Suite File Upload Form Keystroke Event Cancel Vulnerability [SA20455] KnowledgeTree Open Source Cross-Site Scripting Vulnerabilities [SA20453] PHP ManualMaker Multiple Cross-Site Scripting Vulnerabilities [SA20444] PHP Pro Publish "catname" Parameter Cross-Site Scripting [SA20442] Firefox File Upload Form Keystroke Event Cancel Vulnerability [SA20441] OSADS Board Comments Script Insertion Vulnerability [SA20436] PyBlosxom Contributed Packages Cross-Site Scripting Vulnerability [SA20418] dotProject Cross-Site Scripting Vulnerability [SA20417] LabWiki Cross-Site Scripting Vulnerabilities [SA20412] Drupal Taxonomy Module Cross-Site Scripting Vulnerability [SA20431] TIBCO Hawk "tibhawkhma" Privilege Escalation Vulnerability ============================================================ ============ 5) Vulnerabilities Content Listing Windows:-- [SA20462] LocazoList Classifieds "msgid" Parameter SQL Injection Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2006-06-05 ajann has discovered a vulnerability in LocazoList Classifieds, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.c om/advisories/20462/ -- [SA20423] myNewsletter "UserName" SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2006-06-06 FarhadKey has discovered a vulnerability in myNewsletter, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.c om/advisories/20423/ -- [SA20419] aspWebLinks SQL Injection and Password Change Vulnerabilities Critical: Moderately critical Where: From remote Impact: Manipulation of data, Security Bypass Released: 2006-06-02 ajann has discovered two vulnerabilities in aspWebLinks, which can be exploited by malicious people to conduct SQL injection attacks and to bypass certain security restrictions. Full Advisory: http://secunia.c om/advisories/20419/ -- [SA20416] ASPScriptz Guest Book "submit.asp" Script Insertion Vulnerabilities Critical: Moderately critical Where: From remote Impact: Cross Site Scripting Released: 2006-06-06 omnipresent has discovered some vulnerabilities in ASPScriptz Guest Book, which can be exploited by malicious people to conduct script insertion attacks. Full Advisory: http://secunia.c om/advisories/20416/ -- [SA20411] CodeAvalanche FreeForum Multiple Vulnerabilities Critical: Moderately critical Where: From remote Impact: Cross Site Scripting, Manipulation of data Released: 2006-06-02 Some vulnerabilities have been discovered in CodeAvalanche FreeForum, which can be exploited by malicious people to conduct script insertion attacks and SQL injection attacks. Full Advisory: http://secunia.c om/advisories/20411/ -- [SA20483] WinGate WWW Proxy Server Buffer Overflow Vulnerability Critical: Moderately critical Where: From local network Impact: DoS, System access Released: 2006-06-07 kcope has discovered a vulnerability in WinGate, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially to compromise a vulnerable system. Full Advisory: http://secunia.c om/advisories/20483/ -- [SA20477] Microsoft NetMeeting Denial of Service Vulnerability Critical: Less critical Where: From remote Impact: DoS Released: 2006-06-07 HexView has reported a vulnerability in Microsoft NetMeeting, which can be exploited by malicious users to cause a DoS (Denial of Service). Full Advisory: http://secunia.c om/advisories/20477/ -- [SA20449] Internet Explorer File Upload Form Keystroke Event Cancel Vulnerability Critical: Less critical Where: From remote Impact: Exposure of sensitive information Released: 2006-06-06 A vulnerability has been reported in Internet Explorer, which can be exploited by malicious people to trick users into disclosing sensitive information. Full Advisory: http://secunia.c om/advisories/20449/ -- [SA20425] ASP Discussion Forum "search" Parameter Cross-Site Scripting Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2006-06-02 omnipresent has discovered a vulnerability in ASP Discussion Forum, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.c om/advisories/20425/ UNIX/Linux:-- [SA20487] Wikiwig "WK[wkPath]" File Inclusion Vulnerability Critical: Highly critical Where: From remote Impact: System access Released: 2006-06-07 Kacper has discovered a vulnerability in Wikiwig, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.c om/advisories/20487/ -- [SA20473] HP Tru64 UNIX and HP Internet Express Sendmail Vulnerability Critical: Highly critical Where: From remote Impact: System access Released: 2006-06-07 HP has acknowledged a vulnerability in HP Tru64 UNIX and HP Internet Express running sendmail, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.c om/advisories/20473/ -- [SA20415] iShopCart Buffer Overflow and Directory Traversal Vulnerabilities Critical: Highly critical Where: From remote Impact: Exposure of system information, Exposure of sensitive information, System access Released: 2006-06-02 K-sPecial has reported some vulnerabilities in iShopCart, which can be exploited by malicious people to disclose potentially sensitive information and compromise a vulnerable system. Full Advisory: http://secunia.c om/advisories/20415/ -- [SA20466] LoudHush iaxclient Unspecified Vulnerability Critical: Moderately critical Where: From remote Impact: Unknown Released: 2006-06-06 A vulnerability with an unknown impact has been reported in LoudHush. Full Advisory: http://secunia.c om/advisories/20466/ -- [SA20457] SUSE Updates for Multiple Packages Critical: Moderately critical Where: From remote Impact: Exposure of sensitive information, DoS, System access Released: 2006-06-05 SUSE has issued updates for multiple packages. These fix vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service), to disclose potentially sensitive information, and to compromise a user's system. Full Advisory: http://secunia.c om/advisories/20457/ -- [SA20451] Debian update for postgresql Critical: Moderately critical Where: From remote Impact: Security Bypass, Manipulation of data Released: 2006-06-05 Debian has issued an update for postgresql. This fixes two vulnerabilities, which potentially can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.c om/advisories/20451/ -- [SA20446] Debian update for centericq Critical: Moderately critical Where: From remote Impact: DoS, System access Released: 2006-06-05 Debian has issued an update for centericq. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially to compromise a user's system. Full Advisory: http://secunia.c om/advisories/20446/ -- [SA20435] Trustix update for postgresql Critical: Moderately critical Where: From remote Impact: Security Bypass, Manipulation of data Released: 2006-06-05 Trustix has issued an update for postgresql. This fixes two vulnerabilities, which potentially can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.c om/advisories/20435/ -- [SA20422] Red Hat update for dia Critical: Moderately critical Where: From remote Impact: System access Released: 2006-06-02 Red Hat has issued an update for dia. This fixes some vulnerabilities, which potentially can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.c om/advisories/20422/ -- [SA20482] Red Hat update for spamassassin Critical: Moderately critical Where: From local network Impact: System access Released: 2006-06-07 Red Hat has issued an update for spamassassin. This fixes a vulnerability, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.c om/advisories/20482/ -- [SA20443] Debian update for spamassassin Critical: Moderately critical Where: From local network Impact: System access Released: 2006-06-06 Debian has issued an update for spamassassin, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.c om/advisories/20443/ -- [SA20430] SpamAssassin "spamd" Shell Command Injection Vulnerability Critical: Moderately critical Where: From local network Impact: System access Released: 2006-06-06 A vulnerability has been reported in SpamAssassin, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.c om/advisories/20430/ -- [SA20498] GANTTy Cross-Site Scripting and Information Disclosure Critical: Less critical Where: From remote Impact: Cross Site Scripting, Exposure of system information Released: 2006-06-07 luny has reported two vulnerabilities in GANTTy, which can be exploited by malicious people to disclose system information and conduct cross-site scripting attacks. Full Advisory: http://secunia.c om/advisories/20498/ -- [SA20476] Sylpheed-Claws URI Check Bypass Security Issue Critical: Less critical Where: From remote Impact: Security Bypass Released: 2006-06-07 A security issue has been reported in Sylpheed-Claws, which potentially can be exploited by malicious people to bypass certain security restrictions. Full Advisory: http://secunia.c om/advisories/20476/ -- [SA20497] Asterisk IAX2 Channel Driver Denial of Service Vulnerability Critical: Less critical Where: From local network Impact: DoS Released: 2006-06-07 A vulnerability has been reported in Asterisk, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.c om/advisories/20497/ -- [SA20461] Debian update for freeradius Critical: Less critical Where: From local network Impact: Security Bypass, DoS Released: 2006-06-05 Debian has issued an update for freeradius. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) or bypass certain security restrictions. Full Advisory: http://secunia.c om/advisories/20461/ -- [SA20424] Slackware update for mysql Critical: Less critical Where: From local network Impact: Exposure of sensitive information Released: 2006-06-05 Slackware has issued an update for mysql. This fixes two vulnerabilities, which can be exploited by malicious users to disclose potentially sensitive information. Full Advisory: http://secunia.c om/advisories/20424/ -- [SA20421] Red Hat update for quagga Critical: Less critical Where: From local network Impact: Security Bypass, Exposure of system information, DoS Released: 2006-06-02 Red Hat has issued an update for quagga. This fixes two security issues and a vulnerability, which can be exploited by malicious, local users to cause a DoS (Denial of Service) and by malicious people to bypass certain security restrictions, and to disclose system information. Full Advisory: http://secunia.c om/advisories/20421/ -- [SA20420] Red Hat update for zebra Critical: Less critical Where: From local network Impact: Security Bypass, Exposure of system information, DoS Released: 2006-06-02 Red Hat has issued an update for zebra. This fixes two security issues and a vulnerability, which can be exploited by malicious, local users to cause a DoS (Denial of Service) and by malicious people to bypass certain security restrictions, and to disclose system information. Full Advisory: http://secunia.c om/advisories/20420/ -- [SA20456] Avaya Products XScreenSaver Insecure Temporary File Creation Vulnerability Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2006-06-06 Avaya has acknowledged a vulnerability in various Avaya products, which can be exploited by malicious, local users to perform certain actions with escalated privileges. Full Advisory: http://secunia.c om/advisories/20456/ -- [SA20445] Sun StorADE Privilege Escalation Vulnerability Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2006-06-05 A vulnerability has been reported in Storage Automated Diagnostic Environment (StorADE), which can be exploited by malicious, local users to gain escalated privileges. Full Advisory: http://secunia.c om/advisories/20445/ -- [SA20459] Avaya PDS HP-UX Kernel Denial of Service Vulnerability Critical: Not critical Where: Local system Impact: DoS Released: 2006-06-06 Avaya has acknowledged a vulnerability in Avaya Predictive Dialing System (PDS), which can be exploited by malicious, local users to cause a DoS (Denial of Service). Full Advisory: http://secunia.c om/advisories/20459/ Other:-- [SA20479] Ingate Firewall and SIParator Two Vulnerabilities Critical: Moderately critical Where: From remote Impact: Cross Site Scripting, DoS Released: 2006-06-07 Two vulnerabilities have been reported in Ingate Firewall and SIParator, which can be exploited by malicious people to conduct cross-site scripting attacks and to cause a DoS (Denial of Service). Full Advisory: http://secunia.c om/advisories/20479/ -- [SA20474] D-Link DWL-2100AP Exposure of Configuration Files Critical: Less critical Where: From local network Impact: Exposure of sensitive information Released: 2006-06-07 A security issue has been reported in D-Link DWL-2100AP, which can be exploited by malicious people to disclose sensitive information. Full Advisory: http://secunia.c om/advisories/20474/ Cross Platform:-- [SA20480] Clan Manager Pro cmpro_header.inc.php File Inclusion Critical: Highly critical Where: From remote Impact: System access Released: 2006-06-07 Sx02 has discovered two vulnerabilities in Clan Manager Pro, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.c om/advisories/20480/ -- [SA20475] MiraksGalerie Multiple File Inclusion Vulnerabilities Critical: Highly critical Where: From remote Impact: System access Released: 2006-06-07 Federico Fazzi has discovered some vulnerabilities in MiraksGalerie, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.c om/advisories/20475/ -- [SA20468] DreamAccount "da_path" File Inclusion Vulnerabilities Critical: Highly critical Where: From remote Impact: System access Released: 2006-06-06 David "Aesthetico" Vieira-Kurz has reported some vulnerabilities in DreamAccount, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.c om/advisories/20468/ -- [SA20463] dotWidget CMS "file_path" Parameter File Inclusion Vulnerability Critical: Highly critical Where: From remote Impact: System access Released: 2006-06-05 David 'Aesthetico' Vieira-Kurz has reported a vulnerability in dotWidget CMS, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.c om/advisories/20463/ -- [SA20448] Informium "CONF[local_path]" File Inclusion Vulnerability Critical: Highly critical Where: From remote Impact: System access Released: 2006-06-05 Kacper has reported a vulnerability in Informium, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.c om/advisories/20448/ -- [SA20440] CS-Cart "classes_dir" Parameter File Inclusion Vulnerability Critical: Highly critical Where: From remote Impact: System access Released: 2006-06-05 Kacper has reported a vulnerability in CS-Cart, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.c om/advisories/20440/ -- [SA20439] WebspotBlogging Multiple File Inclusion Vulnerabilities Critical: Highly critical Where: From remote Impact: System access Released: 2006-06-05 Kacper has reported some vulnerabilities in WebspotBlogging, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.c om/advisories/20439/ -- [SA20437] DotClear "blog_dc_path" File Inclusion Vulnerability Critical: Highly critical Where: From remote Impact: System access Released: 2006-06-05 rgod has reported a vulnerability in DotClear, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.c om/advisories/20437/ -- [SA20434] Claroline Two File Inclusion Vulnerabilities Critical: Highly critical Where: From remote Impact: System access Released: 2006-06-05 rgod has reported two vulnerabilities in Claroline, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.c om/advisories/20434/ -- [SA20429] DokuWiki Spell Checker Code Execution Vulnerability Critical: Highly critical Where: From remote Impact: System access Released: 2006-06-05 Stefan Esser has reported a vulnerability in DokuWiki, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.c om/advisories/20429/ -- [SA20426] AssoCIateD "root_path" File Inclusion Vulnerabilities Critical: Highly critical Where: From remote Impact: System access Released: 2006-06-02 Kacper has discovered some vulnerabilities in AssoCIateD, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.c om/advisories/20426/ -- [SA20408] REDAXO "REX[INCLUDE_PATH]" File Inclusion Vulnerabilities Critical: Highly critical Where: From remote Impact: System access Released: 2006-06-02 beford has discovered some vulnerabilities in REDAXO, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.c om/advisories/20408/ -- [SA20486] Open Business Management Multiple Vulnerabilities Critical: Moderately critical Where: From remote Impact: Cross Site Scripting, Manipulation of data Released: 2006-06-07 r0t has reported some vulnerabilities in Open Business Management, which can be exploited by malicious users to conduct SQL injection attacks and by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.c om/advisories/20486/ -- [SA20471] Kmita FAQ Cross-Site Scripting and SQL Injection Vulnerabilities Critical: Moderately critical Where: From remote Impact: Cross Site Scripting, Manipulation of data Released: 2006-06-06 luny has reported two vulnerabilities in Kmita FAQ, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks. Full Advisory: http://secunia.c om/advisories/20471/ -- [SA20469] Alex News-Engine "newsid" Parameter SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2006-06-06 ajann has discovered a vulnerability in Alex News-Engine, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.c om/advisories/20469/ -- [SA20465] Coppermine Photo Gallery usermgr.php Unspecified Vulnerability Critical: Moderately critical Where: From remote Impact: Unknown Released: 2006-06-07 A vulnerability with an unknown impact has been reported in Coppermine Photo Gallery. Full Advisory: http://secunia.c om/advisories/20465/ -- [SA20460] LifeType "articleId" SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2006-06-05 rgod has discovered a vulnerability in LifeType, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.c om/advisories/20460/ -- [SA20458] MediaWiki Edit Form Script Insertion Vulnerability Critical: Moderately critical Where: From remote Impact: Cross Site Scripting Released: 2006-06-06 A vulnerability has been reported in MediaWiki, which can be exploited by malicious people to conduct script insertion attacks. Full Advisory: http://secunia.c om/advisories/20458/ -- [SA20450] Dmx Forum Disclosure of Sensitive Information Critical: Moderately critical Where: From remote Impact: Exposure of sensitive information Released: 2006-06-06 DarkFig has discovered two security issues in Dmx Forum, which can be exploited by malicious people to disclose sensitive information. Full Advisory: http://secunia.c om/advisories/20450/ -- [SA20447] Weblog Oggi Script Insertion Vulnerability Critical: Moderately critical Where: From remote Impact: Cross Site Scripting Released: 2006-06-05 luny has discovered a vulnerability in Weblog Oggi, which can be exploited by malicious users to conduct script insertion attacks. Full Advisory: http://secunia.c om/advisories/20447/ -- [SA20438] BlueShoes Framework Multiple File Inclusion Vulnerabilities Critical: Moderately critical Where: From remote Impact: System access Released: 2006-06-05 Kacper has reported some vulnerabilities in BlueShoes Framework, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.c om/advisories/20438/ -- [SA20433] FunkBoard Authentication Bypass and Cross-Site Scripting Critical: Moderately critical Where: From remote Impact: Security Bypass, Cross Site Scripting Released: 2006-06-06 Some vulnerabilities have been reported in FunkBoard, which can be exploited by malicious people to bypass certain security restrictions and to conduct cross-site scripting attacks. Full Advisory: http://secunia.c om/advisories/20433/ -- [SA20428] Particle Wiki Script Insertion and SQL Injection Critical: Moderately critical Where: From remote Impact: Cross Site Scripting, Manipulation of data Released: 2006-06-05 Some vulnerabilities have been discovered in Particle Wiki, which can be exploited by malicious people to conduct script insertion attacks and SQL injection attacks. Full Advisory: http://secunia.c om/advisories/20428/ -- [SA20427] Particle Gallery "imageid" SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2006-06-05 r0t has discovered a vulnerability in Particle Gallery, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.c om/advisories/20427/ -- [SA20414] TAL RateMyPic Multiple Vulnerabilities Critical: Moderately critical Where: From remote Impact: Cross Site Scripting, Manipulation of data Released: 2006-06-02 Some vulnerabilities have been discovered in TAL RateMyPic, which can be exploited by malicious people to conduct script insertion attacks, cross-site scripting attacks, and SQL injection attacks. Full Advisory: http://secunia.c om/advisories/20414/ -- [SA20413] Snort "http_inspect" Preprocessor Bypass Vulnerability Critical: Moderately critical Where: From remote Impact: Security Bypass Released: 2006-06-02 Blake Hartstein has reported a vulnerability in Snort, which can be exploited by malicious people to bypass certain security restrictions. Full Advisory: http://secunia.c om/advisories/20413/ -- [SA20410] Unak-CMS SQL Injection and Cross-Site Scripting Vulnerabilities Critical: Moderately critical Where: From remote Impact: Cross Site Scripting, Manipulation of data Released: 2006-06-02 Some vulnerabilities have been reported in Unak-CMS, which can be exploited by malicious people to conduct cross-site scripting attacks and SQL injection attacks. Full Advisory: http://secunia.c om/advisories/20410/ -- [SA20409] SimpleBoard "sb_authorname" Script Insertion Vulnerability Critical: Moderately critical Where: From remote Impact: Cross Site Scripting Released: 2006-06-02 Yannick von Arx has discovered a vulnerability in SimpleBoard, which can be exploited by malicious people to conduct script insertion attacks. Full Advisory: http://secunia.c om/advisories/20409/ -- [SA20452] TIBCO Rendezvous HTTP Administrative Interface Buffer Overflow Critical: Moderately critical Where: From local network Impact: DoS, System access Released: 2006-06-06 A vulnerability has been reported in TIBCO Rendezvous, which can be exploited by malicious people to cause DoS (Denial of Service) and potentially compromise a vulnerable system. Full Advisory: http://secunia.c om/advisories/20452/ -- [SA20500] GD Graphics Library GIF File Handling Denial of Service Critical: Less critical Where: From remote Impact: DoS Released: 2006-06-07 Xavier Roche has discovered a vulnerability in the GD Graphics Library, which potentially can be exploited by malicious people to cause a DoS (Denial of Service) against applications and services using libgd. Full Advisory: http://secunia.c om/advisories/20500/ -- [SA20491] Particle Links "username" Parameter Cross-Site Scripting Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2006-06-07 luny has discovered a vulnerability in Particle Links, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.c om/advisories/20491/ -- [SA20490] Particle Whois "target" Parameter Cross-Site Scripting Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2006-06-07 luny has discovered a vulnerability in Particle Whois, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.c om/advisories/20490/ -- [SA20478] DokuWiki Restricted Page Content Disclosure Vulnerability Critical: Less critical Where: From remote Impact: Security Bypass, Exposure of sensitive information Released: 2006-06-07 A vulnerability has been reported in DokuWiki, which can be exploited by malicious users to bypass certain security restrictions. Full Advisory: http://secunia.c om/advisories/20478/ -- [SA20472] Mozilla SeaMonkey File Upload Form Keystroke Event Cancel Vulnerability Critical: Less critical Where: From remote Impact: Exposure of sensitive information Released: 2006-06-06 A vulnerability has been reported in Mozilla SeaMonkey, which can be exploited by malicious people to trick users into disclosing sensitive information. Full Advisory: http://secunia.c om/advisories/20472/ -- [SA20470] Netscape File Upload Form Keystroke Event Cancel Vulnerability Critical: Less critical Where: From remote Impact: Exposure of sensitive information Released: 2006-06-06 A vulnerability has been reported in Netscape, which can be exploited by malicious people to trick users into disclosing sensitive information. Full Advisory: http://secunia.c om/advisories/20470/ -- [SA20467] Mozilla Suite File Upload Form Keystroke Event Cancel Vulnerability Critical: Less critical Where: From remote Impact: Exposure of sensitive information Released: 2006-06-06 A vulnerability has been reported in Mozilla Suite, which can be exploited by malicious people to trick users into disclosing sensitive information. Full Advisory: http://secunia.c om/advisories/20467/ -- [SA20455] KnowledgeTree Open Source Cross-Site Scripting Vulnerabilities Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2006-06-06 r0t has reported two vulnerabilities in KnowledgeTree Open Source, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.c om/advisories/20455/ -- [SA20453] PHP ManualMaker Multiple Cross-Site Scripting Vulnerabilities Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2006-06-05 luny has reported some vulnerabilities in PHP ManualMaker, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.c om/advisories/20453/ -- [SA20444] PHP Pro Publish "catname" Parameter Cross-Site Scripting Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2006-06-05 Soot has reported a vulnerability in PHP Pro Publish, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.c om/advisories/20444/ -- [SA20442] Firefox File Upload Form Keystroke Event Cancel Vulnerability Critical: Less critical Where: From remote Impact: Exposure of sensitive information Released: 2006-06-06 Charles McAuley has reported a vulnerability in Firefox, which can be exploited by malicious people to trick users into disclosing sensitive information. Full Advisory: http://secunia.c om/advisories/20442/ -- [SA20441] OSADS Board Comments Script Insertion Vulnerability Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2006-06-05 A vulnerability has been discovered in OSADS, which can be exploited by malicious users to conduct script insertion attacks. Full Advisory: http://secunia.c om/advisories/20441/ -- [SA20436] PyBlosxom Contributed Packages Cross-Site Scripting Vulnerability Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2006-06-06 A vulnerability has been reported in Contributed Packages for PyBlosxom 1.3, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.c om/advisories/20436/ -- [SA20418] dotProject Cross-Site Scripting Vulnerability Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2006-06-05 A vulnerability has been reported in dotProject, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.c om/advisories/20418/ -- [SA20417] LabWiki Cross-Site Scripting Vulnerabilities Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2006-06-05 Two vulnerabilities have been discovered in LabWiki, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.c om/advisories/20417/ -- [SA20412] Drupal Taxonomy Module Cross-Site Scripting Vulnerability Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2006-06-02 A vulnerability has been reported in Drupal, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.c om/advisories/20412/ -- [SA20431] TIBCO Hawk "tibhawkhma" Privilege Escalation Vulnerability Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2006-06-06 A vulnerability has been reported in TIBCO Hawk, which can be exploited by malicious, local users to gain escalated privileges. Full Advisory: http://secunia.c om/advisories/20431/ ============================================================ ============ Secunia recommends that you verify all advisories you receive, by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. Definitions: (Criticality, Where etc.) http://s ecunia.com/about_secunia_advisories/ Subscribe: http://sec unia.com/secunia_weekly_summary/ Contact details: Web : http://secunia.com/ E-mail : supportsecunia.com Tel : +45 70 20 51 44 Fax : +45 70 20 51 45 _________________________________ Attend the Black Hat Briefings and Training, Las Vegas July 29 - August 3 2,500+ international security experts from 40 nations, 10 tracks, no vendor pitches. www.blackhat.com

[1]

about | contact Other archives ( Real Estate discussion Medical topics )