Information Security News mailing list archives
Secunia Weekly Summary - Issue: 2006-40
From: InfoSec News <alerts () infosecnews org>
Date: Fri, 6 Oct 2006 01:30:30 -0500 (CDT)
========================================================================
The Secunia Weekly Advisory Summary
2006-09-28 - 2006-10-05
This week: 71 advisories
========================================================================
Table of Contents:
1.....................................................Word From Secunia
2....................................................This Week In Brief
3...............................This Weeks Top Ten Most Read Advisories
4.......................................Vulnerabilities Summary Listing
5.......................................Vulnerabilities Content Listing
========================================================================
1) Word From Secunia:
Secunia Corporate Website has been Released
Learn more about what Secunia can offer you and your company, see and
download detailed product descriptions, and view comprehensive flash
presentations of both our products and corporate profile.
Visit the Secunia Corporate Website:
http://corporate.secunia.com/
Secunia Vulnerability and Advisory Portal has been Updated
Our publicly available Vulnerability and Advisory Portal
secunia.com has been updated with improved accessibility and usability,
enhanced features, and improved search capabilities along with
availability of extensive product reports.
Over the years, the Secunia brand has become synonymous with credible,
accurate, and reliable vulnerability intelligence and our services
are used by more than 5 million unique users every year at secunia.com.
Visit the Secunia Vulnerability and Advisory Portal:
http://secunia.com/
========================================================================
2) This Week in Brief:
Tom Ferris has reported a vulnerability in Skype for Mac, which
potentially can be exploited by malicious people to compromise a
user's system.
The vendor has released an updated version that corrects this
vulnerability.
References:
http://secunia.com/SA22185
--
Apple has issued a security update for Mac OS X, which fixes multiple
vulnerabilities.
Please refer to the referenced Secunia advisory for a comprehensive
listing of the issues corrected with this update.
References:
http://secunia.com/SA22187
--
VIRUS ALERTS:
During the past week Secunia collected 196 virus descriptions from the
Antivirus vendors. However, none were deemed MEDIUM risk or higher
according to the Secunia assessment scale.
========================================================================
3) This Weeks Top Ten Most Read Advisories:
1. [SA22159] Microsoft Windows Shell Code Execution Vulnerability
2. [SA22127] Microsoft PowerPoint Code Execution Vulnerability
3. [SA21910] Internet Explorer daxctle.ocx "KeyFrame()" Method
Vulnerability
4. [SA21906] Mozilla Firefox Multiple Vulnerabilities
5. [SA21989] Microsoft Vector Graphics Rendering Library Buffer
Overflow
6. [SA22173] OpenSSH Signal Handling Vulnerability
7. [SA22130] OpenSSL Multiple Vulnerabilities
8. [SA20153] Microsoft Word Malformed Object Pointer Vulnerability
9. [SA22187] Mac OS X Security Update Fixes Multiple Vulnerabilities
10. [SA22185] Skype URI Argument Handling Format String Vulnerability
========================================================================
4) Vulnerabilities Summary Listing
Windows:
[SA22249] IBM Rational RequisitePro OpenSSL Vulnerability
[SA22232] OpenVPN Multiple Vulnerabilities
[SA22179] MailEnable Multiple Vulnerabilities
[SA22244] GroupWise Messenger Blowfish Zero-Sized Strings Denial of
Service
[SA22229] CA Unicenter Web Service Distributed Management Directory
Traversal
[SA22224] OfficeScan Corporate Edition "ATXCONSOLE.OCX" Format String
Vulnerability
[SA22222] McAfee ePolicy Orchestrator / ProtectionPilot Source Header
Buffer Overflow
[SA22234] Kerio Personal Firewall Hooked Functions Denial of Service
UNIX/Linux:
[SA22259] Mandriva update for ntp
[SA22245] Mandriva update for openssh
[SA22240] Debian update for openssl
[SA22236] FreeBSD update for openssh
[SA22220] rPath update for openssl
[SA22216] Kolab Server Multiple Vulnerabilities
[SA22212] Mandriva update for openssl
[SA22210] Ubuntu update for firefox
[SA22208] Ubuntu update for openssh
[SA22207] Slackware update for openssl
[SA22203] Mandriva update for gstreamer-ffmpeg
[SA22202] GStreamer FFmpeg Plug-in Multiple Buffer Overflows
[SA22201] Mandriva update for mplayer
[SA22200] Mandriva update for xine-lib
[SA22199] Gentoo update for dokuwiki
[SA22195] Gentoo update for mozilla-firefox
[SA22193] rPath update for openssl
[SA22191] Mandriva update for libmusicbrainz
[SA22190] HP-UX Ignite-UX Server Unspecified Vulnerability
[SA22187] Mac OS X Security Update Fixes Multiple Vulnerabilities
[SA22186] Red Hat update for openssl
[SA22185] Skype URI Argument Handling Format String Vulnerability
[SA22183] Red Hat update for openssh
[SA22181] xine-lib FFmpeg Multiple Buffer Overflow Vulnerabilities
[SA22180] FFmpeg Multiple Buffer Overflow Vulnerabilities
[SA22260] Mandriva update for MySQL
[SA22239] Debian update for cscope
[SA22227] Debian update for mailman
[SA22226] Sun Solaris RSA Signature Forgery Vulnerability
[SA22219] rPath update for openldap
[SA22205] Ubuntu update for gdb
[SA22243] Debian update for migrationtools
[SA22223] IBM Informix Dynamic Server Insecure Temporary File Creation
[SA22213] IBM AIX acctctl Privilege Escalation Vulnerability
Other:
Cross Platform:
[SA22261] Drupal IMCE Module Multiple Vulnerabilities
[SA22256] Minerva "phpbb_root_path" File Inclusion Vulnerability
[SA22242] HAMweather "do_parse_code" Command Injection Vulnerability
[SA22231] BasiliX "BSX_LIBDIR" File Inclusion Vulnerabilities
[SA22214] Forum82 "repertorylevel" File Inclusion Vulnerabilities
[SA22209] PowerPortal "file_name[]" File Inclusion Vulnerability
[SA22198] Mandriva update for ffmpeg
[SA22196] Red Hat update for openssh
[SA22194] Travelsized CMS "setup_folder" File Inclusion Vulnerability
[SA22192] DokuWiki Denial of Service and Command Injection
[SA22184] VideoDB "config[pdf_module]" File Inclusion Vulnerability
[SA22182] MPlayer FFmpeg Multiple Buffer Overflow Vulnerabilities
[SA22178] phpMyWebmin File Inclusions and Information Disclosure
[SA22177] phpBB XS "phpbb_root_path" File Inclusion Vulnerability
[SA22262] IBM WebSphere Application Server Apache mod_rewrite
Vulnerability
[SA22257] Taskjitsu "key" SQL Injection Vulnerability
[SA22241] OlateDownload Script Insertion and SQL Injection
[SA22238] OpenBiblio Local File Inclusion and SQL Injection
[SA22206] Intoto iGateway VPN / SSL-VPN Denial of Service
Vulnerability
[SA22176] DeluxeBB "templatefolder" File Inclusion Vulnerability
[SA22255] net2ftp "username" Cross-Site Scripting Vulnerability
[SA22248] TeraStation HD-HTGL Series Cross-Site Request Forgery
[SA22215] Mercury SiteScope Multiple Script Insertion Vulnerabilities
[SA22211] WWWthreads "Cat" Cross-Site Scripting Vulnerabilities
[SA22204] Sun Java JDK / SDK RSA Signature Forgery Vulnerability
[SA22197] PostNuke "hits" SQL Injection Vulnerability
[SA22188] phpBB "avatar_path" PHP Code Execution Vulnerability
[SA22235] PHP "open_basedir" Symlink Security Bypass Vulnerability
========================================================================
5) Vulnerabilities Content Listing
Windows:--
[SA22249] IBM Rational RequisitePro OpenSSL Vulnerability
Critical: Highly critical
Where: From remote
Impact: DoS, System access
Released: 2006-10-04
IBM has acknowledged a vulnerability in Rational RequisitePro
RequisiteWeb, which can be exploited by malicious people to cause a DoS
(Denial of Service) or to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/22249/
--
[SA22232] OpenVPN Multiple Vulnerabilities
Critical: Highly critical
Where: From remote
Impact: DoS, System access
Released: 2006-10-02
Some vulnerabilities have been reported in OpenVPN, which can be
exploited by malicious people to cause a DoS (Denial of Service) or
potentially compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/22232/
--
[SA22179] MailEnable Multiple Vulnerabilities
Critical: Highly critical
Where: From remote
Impact: DoS, System access
Released: 2006-10-02
Some vulnerabilities have been reported in MailEnable, which can be
exploited by malicious people to cause a DoS (Denial of Service) and
potentially compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/22179/
--
[SA22244] GroupWise Messenger Blowfish Zero-Sized Strings Denial of
Service
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2006-10-03
A vulnerability has been reported in GroupWise Messenger, which can be
exploited by malicious people to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/22244/
--
[SA22229] CA Unicenter Web Service Distributed Management Directory
Traversal
Critical: Moderately critical
Where: From remote
Impact: Exposure of system information, Exposure of sensitive
information
Released: 2006-10-04
A vulnerability has been reported in CA Unicenter Web Services
Distributed Management (WSDM), which can be exploited by malicious
people to disclose sensitive information.
Full Advisory:
http://secunia.com/advisories/22229/
--
[SA22224] OfficeScan Corporate Edition "ATXCONSOLE.OCX" Format String
Vulnerability
Critical: Moderately critical
Where: From local network
Impact: DoS, System access
Released: 2006-10-02
A vulnerability has been reported in Trend Micro OfficeScan Corporate
Edition, which can be exploited by malicious people to potentially
compromise a user's system.
Full Advisory:
http://secunia.com/advisories/22224/
--
[SA22222] McAfee ePolicy Orchestrator / ProtectionPilot Source Header
Buffer Overflow
Critical: Moderately critical
Where: From local network
Impact: System access
Released: 2006-10-02
A vulnerability has been reported in McAfee ProtectionPilot and McAfee
ePolicy Orchestrator, which can be exploited by malicious people to
compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/22222/
--
[SA22234] Kerio Personal Firewall Hooked Functions Denial of Service
Critical: Not critical
Where: Local system
Impact: DoS
Released: 2006-10-02
David Matousek has reported some vulnerabilities in Kerio Personal
Firewall, which can be exploited by malicious, local users to cause a
DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/22234/
UNIX/Linux:--
[SA22259] Mandriva update for ntp
Critical: Highly critical
Where: From remote
Impact: DoS, System access
Released: 2006-10-03
Mandriva has issued an update for ntp. This fixes some vulnerabilities,
which can be exploited by malicious people to cause a DoS (Denial of
Service) and potentially compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/22259/
--
[SA22245] Mandriva update for openssh
Critical: Highly critical
Where: From remote
Impact: DoS, System access
Released: 2006-10-04
Mandriva has issued an update for openssh. This fixes some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service) and potentially compromise a vulnerable
system.
Full Advisory:
http://secunia.com/advisories/22245/
--
[SA22240] Debian update for openssl
Critical: Highly critical
Where: From remote
Impact: DoS, System access
Released: 2006-10-02
Debian has issued an update for openssl. This fixes some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service) and compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/22240/
--
[SA22236] FreeBSD update for openssh
Critical: Highly critical
Where: From remote
Impact: System access, DoS
Released: 2006-10-02
FreeBSD has issued an update for openssh. This fixes some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service) or potentially compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/22236/
--
[SA22220] rPath update for openssl
Critical: Highly critical
Where: From remote
Impact: DoS, System access
Released: 2006-10-02
rPath has issued an update for openssl. This fixes some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service) and compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/22220/
--
[SA22216] Kolab Server Multiple Vulnerabilities
Critical: Highly critical
Where: From remote
Impact: DoS, System access
Released: 2006-10-04
Some vulnerabilities have been reported in Kolab Server, which can be
exploited by malicious people to cause a DoS (Denial of Service) and
compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/22216/
--
[SA22212] Mandriva update for openssl
Critical: Highly critical
Where: From remote
Impact: DoS, System access
Released: 2006-10-03
Mandriva has issued an update for openssl. This fixes some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service) and compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/22212/
--
[SA22210] Ubuntu update for firefox
Critical: Highly critical
Where: From remote
Impact: Security Bypass, Cross Site Scripting, Spoofing, DoS,
System access
Released: 2006-10-04
Ubuntu has issued an update for firefox. This fixes some
vulnerabilities, which can be exploited by malicious people to conduct
man-in-the-middle, spoofing, and cross-site scripting attacks, and
compromise a user's system.
Full Advisory:
http://secunia.com/advisories/22210/
--
[SA22208] Ubuntu update for openssh
Critical: Highly critical
Where: From remote
Impact: DoS, System access
Released: 2006-10-03
Ubuntu has issued an update for openssh. This fixes some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service) and potentially compromise a vulnerable
system.
Full Advisory:
http://secunia.com/advisories/22208/
--
[SA22207] Slackware update for openssl
Critical: Highly critical
Where: From remote
Impact: DoS, System access
Released: 2006-09-29
Slackware has issued an update for openssl. This fixes some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service) or compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/22207/
--
[SA22203] Mandriva update for gstreamer-ffmpeg
Critical: Highly critical
Where: From remote
Impact: DoS, System access
Released: 2006-09-29
Mandriva has issued an update for gstreamer-ffmpeg. This fixes some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service) and potentially compromise a vulnerable
system.
Full Advisory:
http://secunia.com/advisories/22203/
--
[SA22202] GStreamer FFmpeg Plug-in Multiple Buffer Overflows
Critical: Highly critical
Where: From remote
Impact: DoS, System access
Released: 2006-09-29
Some vulnerabilities have been reported in GStreamer FFmpeg Plug-in,
which can be exploited by malicious people to cause a DoS (Denial of
Service) and potentially compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/22202/
--
[SA22201] Mandriva update for mplayer
Critical: Highly critical
Where: From remote
Impact: DoS, System access
Released: 2006-09-29
Mandriva has issued an update for mplayer. This fixes some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service) and potentially compromise a vulnerable
system.
Full Advisory:
http://secunia.com/advisories/22201/
--
[SA22200] Mandriva update for xine-lib
Critical: Highly critical
Where: From remote
Impact: DoS, System access
Released: 2006-09-29
Mandriva has issued an update for xine-lib. This fixes some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service) and potentially compromise a vulnerable
system.
Full Advisory:
http://secunia.com/advisories/22200/
--
[SA22199] Gentoo update for dokuwiki
Critical: Highly critical
Where: From remote
Impact: DoS, System access
Released: 2006-09-29
Gentoo has issued an update for dokuwiki. This fixes some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service) or compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/22199/
--
[SA22195] Gentoo update for mozilla-firefox
Critical: Highly critical
Where: From remote
Impact: Security Bypass, Cross Site Scripting, Spoofing, DoS,
System access
Released: 2006-09-29
Gentoo has issued an update for mozilla-firefox. This fixes some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service), conduct man-in-the-middle, spoofing, and
cross-site scripting attacks, and potentially compromise a vulnerable
system.
Full Advisory:
http://secunia.com/advisories/22195/
--
[SA22193] rPath update for openssl
Critical: Highly critical
Where: From remote
Impact: DoS, System access
Released: 2006-09-29
rPath has issued an update for openssl. This fixes some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service) and compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/22193/
--
[SA22191] Mandriva update for libmusicbrainz
Critical: Highly critical
Where: From remote
Impact: DoS, System access
Released: 2006-09-29
Mandriva has issued an update for libmusicbrainz. This fixes some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service) and potentially compromise a vulnerable
system.
Full Advisory:
http://secunia.com/advisories/22191/
--
[SA22190] HP-UX Ignite-UX Server Unspecified Vulnerability
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2006-10-03
A vulnerability has been reported in HP-UX, which can be exploited by
malicious people to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/22190/
--
[SA22187] Mac OS X Security Update Fixes Multiple Vulnerabilities
Critical: Highly critical
Where: From remote
Impact: Security Bypass, Spoofing, Exposure of sensitive
information, Privilege escalation, DoS, System access
Released: 2006-09-29
Apple has issued a security update for Mac OS X, which fixes multiple
vulnerabilities.
Full Advisory:
http://secunia.com/advisories/22187/
--
[SA22186] Red Hat update for openssl
Critical: Highly critical
Where: From remote
Impact: DoS, System access
Released: 2006-09-29
Red Hat has issued an update for openssl. This fixes some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service) and compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/22186/
--
[SA22185] Skype URI Argument Handling Format String Vulnerability
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2006-10-03
Tom Ferris has reported a vulnerability in Skype for Mac, which
potentially can be exploited by malicious people to compromise a user's
system.
Full Advisory:
http://secunia.com/advisories/22185/
--
[SA22183] Red Hat update for openssh
Critical: Highly critical
Where: From remote
Impact: DoS, System access
Released: 2006-09-29
Red Hat has issued an update for openssh. This fixes some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service) and potentially compromise a vulnerable
system.
Full Advisory:
http://secunia.com/advisories/22183/
--
[SA22181] xine-lib FFmpeg Multiple Buffer Overflow Vulnerabilities
Critical: Highly critical
Where: From remote
Impact: DoS, System access
Released: 2006-09-29
Some vulnerabilities have been reported in xine-lib, which can be
exploited by malicious people to cause a DoS (Denial of Service) and
potentially compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/22181/
--
[SA22180] FFmpeg Multiple Buffer Overflow Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2006-09-29
Some vulnerabilities have been reported in FFmpeg, which can be
exploited by malicious people to cause a DoS (Denial of Service) and
potentially compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/22180/
--
[SA22260] Mandriva update for MySQL
Critical: Moderately critical
Where: From local network
Impact: DoS, System access
Released: 2006-10-03
Mandriva has issued an update for MySQL. This fixes some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service) and potentially compromise a vulnerable
system.
Full Advisory:
http://secunia.com/advisories/22260/
--
[SA22239] Debian update for cscope
Critical: Less critical
Where: From remote
Impact: DoS, System access
Released: 2006-10-02
Debian has issued an update for cscope. This fixes some
vulnerabilities, which potentially can be exploited by malicious people
to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/22239/
--
[SA22227] Debian update for mailman
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting, Spoofing
Released: 2006-10-04
Debian has issued an update for mailman. This fixes some
vulnerabilities, which can be exploited by malicious people to conduct
cross-site scripting and phishing attacks.
Full Advisory:
http://secunia.com/advisories/22227/
--
[SA22226] Sun Solaris RSA Signature Forgery Vulnerability
Critical: Less critical
Where: From remote
Impact: Security Bypass
Released: 2006-10-04
Sun has acknowledged a vulnerability in various products included in
Solaris, which potentially can be exploited by malicious people to
bypass certain security restrictions.
Full Advisory:
http://secunia.com/advisories/22226/
--
[SA22219] rPath update for openldap
Critical: Less critical
Where: From remote
Impact: Security Bypass
Released: 2006-10-02
rPath has issued an update for openldap. This fixes a security issue,
which can be exploited by malicious users to bypass certain security
restrictions.
Full Advisory:
http://secunia.com/advisories/22219/
--
[SA22205] Ubuntu update for gdb
Critical: Less critical
Where: From remote
Impact: DoS, System access
Released: 2006-10-03
Ubuntu has issued an update for gdb. This fixes some vulnerabilities,
which can be exploited by malicious, local users to gain escalated
privileges or malicious people to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/22205/
--
[SA22243] Debian update for migrationtools
Critical: Less critical
Where: Local system
Impact: Exposure of sensitive information
Released: 2006-10-02
Debian has issued an update for migrationtools. This fixes a
vulnerability, which can be exploited by malicious, local users to
disclose potentially sensitive information and perform certain actions
with escalated privileges on a vulnerable system.
Full Advisory:
http://secunia.com/advisories/22243/
--
[SA22223] IBM Informix Dynamic Server Insecure Temporary File Creation
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2006-10-03
Larry Cashdollar has discovered a vulnerability in IBM Informix Dynamic
Server, which can be exploited by malicious, local users to perform
certain actions with escalated privileges.
Full Advisory:
http://secunia.com/advisories/22223/
--
[SA22213] IBM AIX acctctl Privilege Escalation Vulnerability
Critical: Not critical
Where: Local system
Impact: Privilege escalation
Released: 2006-10-02
A vulnerability has been reported in IBM AIX, which can be exploited by
malicious, local users to gain escalated privileges.
Full Advisory:
http://secunia.com/advisories/22213/
Other:
Cross Platform:--
[SA22261] Drupal IMCE Module Multiple Vulnerabilities
Critical: Highly critical
Where: From remote
Impact: Manipulation of data, System access
Released: 2006-10-03
Some vulnerabilities have been reported in the IMCE Module for Drupal,
which can be exploited by malicious users to delete files or compromise
a vulnerable system.
Full Advisory:
http://secunia.com/advisories/22261/
--
[SA22256] Minerva "phpbb_root_path" File Inclusion Vulnerability
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2006-10-03
SHiKaA has reported a vulnerability in Minerva, which can be exploited
by malicious people to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/22256/
--
[SA22242] HAMweather "do_parse_code" Command Injection Vulnerability
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2006-10-03
Some vulnerabilities have been reported in HAMweather, which can be
exploited by malicious people to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/22242/
--
[SA22231] BasiliX "BSX_LIBDIR" File Inclusion Vulnerabilities
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2006-10-02
Kacper has reported some vulnerabilities in BasiliX, which can be
exploited by malicious people to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/22231/
--
[SA22214] Forum82 "repertorylevel" File Inclusion Vulnerabilities
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2006-10-02
Silahsiz Kuvvetler has discovered some vulnerabilities in Forum82,
which can be exploited by malicious people to compromise a vulnerable
system.
Full Advisory:
http://secunia.com/advisories/22214/
--
[SA22209] PowerPortal "file_name[]" File Inclusion Vulnerability
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2006-10-02
v1per-haCker has discovered a vulnerability in PowerPortal, which can
be exploited by malicious people to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/22209/
--
[SA22198] Mandriva update for ffmpeg
Critical: Highly critical
Where: From remote
Impact: DoS, System access
Released: 2006-09-29
Mandriva has issued an update for ffmpeg. This fixes some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service) and potentially compromise a vulnerable
system.
Full Advisory:
http://secunia.com/advisories/22198/
--
[SA22196] Red Hat update for openssh
Critical: Highly critical
Where: From remote
Impact: Security Bypass, Privilege escalation, DoS, System access
Released: 2006-09-29
Red Hat has issued an update for openssh. This fixes some
vulnerabilities, which can be exploited by malicious, local users to
perform certain actions with escalated privileges, and by malicious
people to bypass certain security restrictions, cause a DoS (Denial of
Service), and potentially compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/22196/
--
[SA22194] Travelsized CMS "setup_folder" File Inclusion Vulnerability
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2006-10-04
Kacper has discovered a vulnerability in Travelsized CMS, which can be
exploited by malicious people to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/22194/
--
[SA22192] DokuWiki Denial of Service and Command Injection
Critical: Highly critical
Where: From remote
Impact: DoS, System access
Released: 2006-09-29
Some vulnerabilities have been reported in DokuWiki, which can be
exploited by malicious people to cause a DoS (Denial of Service) or
potentially compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/22192/
--
[SA22184] VideoDB "config[pdf_module]" File Inclusion Vulnerability
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2006-10-02
Kacper has discovered a vulnerability in VideoDB, which can be
exploited by malicious people to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/22184/
--
[SA22182] MPlayer FFmpeg Multiple Buffer Overflow Vulnerabilities
Critical: Highly critical
Where: From remote
Impact: DoS, System access
Released: 2006-09-29
Some vulnerabilities have been reported in MPlayer, which can be
exploited by malicious people to cause a DoS (Denial of Service) and
potentially compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/22182/
--
[SA22178] phpMyWebmin File Inclusions and Information Disclosure
Critical: Highly critical
Where: From remote
Impact: Exposure of system information, System access
Released: 2006-09-29
Some vulnerabilities and two weaknesses have been discovered in
phpMyWebmin, which can be exploited by malicious people to disclose
system information and compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/22178/
--
[SA22177] phpBB XS "phpbb_root_path" File Inclusion Vulnerability
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2006-09-29
Solpot has discovered a vulnerability in phpBB XS, which can be
exploited by malicious people to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/22177/
--
[SA22262] IBM WebSphere Application Server Apache mod_rewrite
Vulnerability
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2006-10-03
IBM has acknowledged a vulnerability in WebSphere Application Server,
which potentially can be exploited by malicious people to compromise a
vulnerable system.
Full Advisory:
http://secunia.com/advisories/22262/
--
[SA22257] Taskjitsu "key" SQL Injection Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2006-10-04
A vulnerability has been reported in Taskjitsu, which can be exploited
by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/22257/
--
[SA22241] OlateDownload Script Insertion and SQL Injection
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting, Manipulation of data
Released: 2006-10-02
Hessam-x has reported some vulnerabilities in OlateDownload, which can
be exploited by malicious people to conduct script insertion and SQL
injection attacks.
Full Advisory:
http://secunia.com/advisories/22241/
--
[SA22238] OpenBiblio Local File Inclusion and SQL Injection
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data, Exposure of sensitive information
Released: 2006-10-02
Some vulnerabilities have been reported in OpenBiblio, which can be
exploited by malicious people to disclose potentially sensitive
information, and by malicious users to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/22238/
--
[SA22206] Intoto iGateway VPN / SSL-VPN Denial of Service
Vulnerability
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2006-10-02
A vulnerability has been reported in Intoto iGateway VPN and Intoto
iGateway SSL-VPN, which can be exploited by malicious people to cause a
DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/22206/
--
[SA22176] DeluxeBB "templatefolder" File Inclusion Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Exposure of sensitive information
Released: 2006-10-02
r0ut3r has reported a vulnerability in DeluxeBB, which can be exploited
by malicious people to disclose sensitive information.
Full Advisory:
http://secunia.com/advisories/22176/
--
[SA22255] net2ftp "username" Cross-Site Scripting Vulnerability
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2006-10-03
securfrog has discovered a vulnerability in net2ftp, which can be
exploited by malicious people to conduct cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/22255/
--
[SA22248] TeraStation HD-HTGL Series Cross-Site Request Forgery
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting, Manipulation of data
Released: 2006-10-03
A vulnerability has been reported in TeraStation HD-HTGL Series, which
can be exploited by malicious people to conduct cross-site request
forgery attacks.
Full Advisory:
http://secunia.com/advisories/22248/
--
[SA22215] Mercury SiteScope Multiple Script Insertion Vulnerabilities
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2006-10-03
Ozkan Aziz has reported some vulnerabilities in Mercury SiteScope,
which can be exploited by malicious users to conduct script insertion
attacks.
Full Advisory:
http://secunia.com/advisories/22215/
--
[SA22211] WWWthreads "Cat" Cross-Site Scripting Vulnerabilities
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2006-10-02
Root3r_H3ll has reported some vulnerabilities in WWWthreads, which can
be exploited by malicious people to conduct cross-site scripting
attacks.
Full Advisory:
http://secunia.com/advisories/22211/
--
[SA22204] Sun Java JDK / SDK RSA Signature Forgery Vulnerability
Critical: Less critical
Where: From remote
Impact: Security Bypass
Released: 2006-10-04
Sun has acknowledged a vulnerability in Sun JDK / SDK, which
potentially can be exploited by malicious people to bypass certain
security restrictions.
Full Advisory:
http://secunia.com/advisories/22204/
--
[SA22197] PostNuke "hits" SQL Injection Vulnerability
Critical: Less critical
Where: From remote
Impact: Manipulation of data
Released: 2006-10-03
Omid has discovered a vulnerability in PostNuke, which can be exploited
by malicious users to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/22197/
--
[SA22188] phpBB "avatar_path" PHP Code Execution Vulnerability
Critical: Less critical
Where: From remote
Impact: System access
Released: 2006-10-04
ShAnKaR has discovered a vulnerability in phpBB, which can be exploited
by malicious users to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/22188/
--
[SA22235] PHP "open_basedir" Symlink Security Bypass Vulnerability
Critical: Less critical
Where: Local system
Impact: Security Bypass
Released: 2006-10-04
Stefan Esser has reported a vulnerability in PHP, which can be
exploited by malicious, local users to bypass certain security
restrictions.
Full Advisory:
http://secunia.com/advisories/22235/
========================================================================
Secunia recommends that you verify all advisories you receive,
by clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only use
those supplied by the vendor.
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Subscribe:
http://secunia.com/secunia_weekly_summary/
Contact details:
Web : http://secunia.com/
E-mail : support () secunia com
Tel : +45 70 20 51 44
Fax : +45 70 20 51 45
_________________________________
Donate online for the Ron Santo Walk to Cure Diabetes!
http://www.c4i.org/ethan.html
Current thread:
- Secunia Weekly Summary - Issue: 2006-40 InfoSec News (Oct 05)