Secunia Weekly Summary - Issue: 2006-48

Software Inspectors

	Scan Online

	Personal (PSI)

	Network (NSI 2.0)

Solutions For

	Security Professionals

	Security Vendors

Free Solutions For

	Open Communities

	Journalists & Media

Secunia Advisories

	Search

	Historic Advisories

	Listed By Product

	Listed By Vendor

	Statistics / Graphs

	Secunia Research

	Report Vulnerability

	About Advisories

Virus Information

	Chronological List

	Last 10 Virus Alerts

	About Virus Information

Secunia Customers

	Customer Area

Secunia Weekly Summary - Issue: 2006-48

======================================================================== The Secunia Weekly Advisory Summary 2006-11-23 - 2006-11-30 This week: 66 advisories ======================================================================== Table of Contents: 1.....................................................Word From Secunia 2....................................................This Week In Brief 3...............................This Weeks Top Ten Most Read Advisories 4.......................................Vulnerabilities Summary Listing 5.......................................Vulnerabilities Content Listing ======================================================================== 1) Word From Secunia: We are proud to announce the availability of the Secunia "Security Watchdog" Blog. The Secunia "Security Watchdog" Blog is used to communicate our opinions about vulnerabilities, security, ethics, and our responses to articles, research papers, and other blog entries regarding Secunia and vulnerabilities. To get the facts about vulnerabilities read our Secunia advisories. To get our opinions read the Secunia "Security Watchdog" Blog. The Blog: http://secunia.com/blog/ Subscribe to the RSS Feed: http://secunia.com/blog_rss/orss ======================================================================== 2) This Week in Brief: Apple has issued a security update for Mac OS X, which fixes multiple vulnerabilities. Please see the referenced Secunia advisory for additional details. Reference: http://secunia.com/SA23155 -- Symantec has acknowledged a vulnerability in NetBackup Puredisk, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system. Further details and patch information is available in the referenced Secunia advisory. Reference: http://secunia.com/SA23139 -- VIRUS ALERTS: During the past week Secunia collected 208 virus descriptions from the Antivirus vendors. However, none were deemed MEDIUM risk or higher according to the Secunia assessment scale. ======================================================================== 3) This Weeks Top Ten Most Read Advisories: 1. [SA23046] Firefox Password Manager Information Disclosure 2. [SA23012] Apple Mac OS X UDIF Memory Corruption Vulnerability 3. [SA21910] Internet Explorer Multiple Vulnerabilities 4. [SA23088] Mac OS X Mach-O Universal Binary Memory Corruption 5. [SA22477] Internet Explorer 7 "mhtml:" Redirection Information Disclosure 6. [SA23089] Gentoo update for fvwm 7. [SA23115] GNU tar "GNUTYPES_NAMES" Record Type Security Issue 8. [SA23141] ProFTPD mod_tls Buffer Overflow Vulnerability 9. [SA20153] Microsoft Word Malformed Object Pointer Vulnerability 10. [SA23155] Mac OS X Security Update Fixes Multiple Vulnerabilities ======================================================================== 4) Vulnerabilities Summary Listing Windows: [SA23140] WarHound General Shopping Cart "ItemID" SQL Injection [SA23137] Crystal Reports Predictable Session Identifier Security Issue [SA23136] ClickGallery SQL Injection and Cross Site Scripting [SA23119] ClickContact default.asp SQL Injection Vulnerabilities [SA23105] MailEnable WebAdmin Blank Password Security Issue [SA23102] Basic Forum "id" SQL Injection Vulnerability [SA23098] SimpleBlog Authentication Bypass and SQL Injection [SA23091] Crystal Reports Unspecified RPT Processing Vulnerability [SA23085] JiRo's FAQ Manager "tID" SQL Injection Vulnerability [SA23113] 3CTftpSvc TFTP Server Long Mode Buffer Overflow Vulnerability [SA23106] AT-TFTP Server Long Filename Buffer Overflow Vulnerability [SA23123] iNews Publisher "articles.asp" Cross-Site Scripting Vulnerabilities [SA23138] Adobe Reader / Acrobat AcroPDF ActiveX Control Bugs UNIX/Linux: [SA23155] Mac OS X Security Update Fixes Multiple Vulnerabilities [SA23109] Sisfo Kampus File Inclusion and Directory Traversal [SA23087] GNU Radius "sqllog()" Format String Vulnerability [SA23079] OWLLib "OWLLIB_ROOT" File Inclusion Vulnerability [SA23078] HIOX Star Rating System Script "hm" File Inclusion Vulnerability [SA23156] Gentoo update for lha [SA23153] LHa Multiple Vulnerabilities [SA23152] Gentoo update for openldap [SA23150] Ubuntu update for dovecot [SA23142] Ubuntu update for tar [SA23141] ProFTPD mod_tls Buffer Overflow Vulnerability [SA23135] Debian update for pstotext [SA23133] SUSE update for openldap2-client [SA23132] SUSE Update for Multiple Packages [SA23125] Trustix update for openldap and proftpd [SA23122] Cahier de Texte Directory Traversal and Database Dump Exposure [SA23121] Gentoo update for imagemagick [SA23118] Gentoo update for gv [SA23117] Mandriva update for tar [SA23115] GNU tar "GNUTYPES_NAMES" Record Type Security Issue [SA23111] Evince "get_next_text()" Buffer Overflow Vulnerability [SA23101] Ubuntu update for ImageMagick [SA23100] Gentoo update for horde-ingo [SA23090] rPath update for ImageMagick [SA23084] Wallpaper Website "wallpaperid" SQL Injection [SA23083] Recipes Website "recipeid" and "categoryid" SQL Injection [SA23148] b2evolution Multiple Cross Site Scripting Vulnerabilities [SA23130] mmgallery "page" Cross Site Scripting Vulnerability [SA23104] Sun Solaris libike RSA Signature Forgery [SA23086] SUSE update for phpMyAdmin [SA23154] Gentoo update for mono [SA23120] Apple Mac OS X "shared_region_make_private_np()" Buffer Overflow [SA23099] Gentoo update for kile [SA23088] Mac OS X Mach-O Universal Binary Memory Corruption [SA23134] Apple Mac OS X AppleTalk Local Denial of Service [SA23114] Apple Mac OS X "kevent()" Local Denial of Service [SA23093] Fedora Core ReiserFS sync Memory Corruption Vulnerability [SA23089] Gentoo update for fvwm Other: [SA23096] Avaya Products Wireshark Multiple Vulnerabilities Cross Platform: [SA23139] Symantec NetBackup PureDisk PHP Buffer Overflow [SA23103] P-News Multiple Vulnerabilities [SA23082] site_news "page" File Inclusion Vulnerability [SA23081] Messagerie Locale "page" File Inclusion Vulnerability [SA23131] F-Secure Products OpenSSL ASN.1 Denial Of Service Vulnerability [SA23128] PHP-Nuke "modules/News/index.php" SQL Injection Vulnerabilities [SA23097] Mambo Flyspray ME Component "file" File Inclusion Vulnerability [SA23094] GnuPG "make_printable_string()" Buffer Overflow Vulnerability [SA23077] Woltlab Burning Board Lite "threadvisit" SQL Injection Vulnerability [SA23095] JBoss DeploymentFileRepository Directory Traversal Vulnerability [SA23126] Blogn Unspecified Cross-Site Scripting Vulnerability [SA23108] Netscape Passcard Manager Information Disclosure [SA23092] tDiary Unspecified Cross-Site Scripting Vulnerability [SA23129] MBoard "orig_id" File Creation Weakness ======================================================================== 5) Vulnerabilities Content Listing Windows:-- [SA23140] WarHound General Shopping Cart "ItemID" SQL Injection Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2006-11-28 Aria-Security Team has reported a vulnerability in WarHound General Merchandise Shopping Cart, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/23140/ -- [SA23137] Crystal Reports Predictable Session Identifier Security Issue Critical: Moderately critical Where: From remote Impact: Hijacking Released: 2006-11-29 MWR Infosecurity has reported a security issue in Crystal Reports, which can be exploited by malicious people to hijack user sessions. Full Advisory: http://secunia.com/advisories/23137/ -- [SA23136] ClickGallery SQL Injection and Cross Site Scripting Critical: Moderately critical Where: From remote Impact: Cross Site Scripting, Manipulation of data Released: 2006-11-28 Aria-Security Team have reported some vulnerabilities in ClickGallery, which can be exploited by malicious people to conduct SQL injection attacks and cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/23136/ -- [SA23119] ClickContact default.asp SQL Injection Vulnerabilities Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2006-11-28 Aria Security has reported some vulnerabilities in ClickContact, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/23119/ -- [SA23105] MailEnable WebAdmin Blank Password Security Issue Critical: Moderately critical Where: From remote Impact: Security Bypass Released: 2006-11-27 A security issue has been reported in MailEnable, which can be exploited by malicious people to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/23105/ -- [SA23102] Basic Forum "id" SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2006-11-27 bolivar has reported a vulnerability in Basic Forum, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/23102/ -- [SA23098] SimpleBlog Authentication Bypass and SQL Injection Critical: Moderately critical Where: From remote Impact: Manipulation of data, Security Bypass Released: 2006-11-28 Some vulnerabilities have been discovered in SimpleBlog, which can be exploited by malicious people to conduct SQL injection attacks and perform actions with escalated privileges. Full Advisory: http://secunia.com/advisories/23098/ -- [SA23091] Crystal Reports Unspecified RPT Processing Vulnerability Critical: Moderately critical Where: From remote Impact: System access Released: 2006-11-24 LSsecurity has reported a vulnerability in Crystal Reports, which potentially can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/23091/ -- [SA23085] JiRo's FAQ Manager "tID" SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2006-11-24 ajann has reported a vulnerability in JiRo's FAQ Manager, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/23085/ -- [SA23113] 3CTftpSvc TFTP Server Long Mode Buffer Overflow Vulnerability Critical: Moderately critical Where: From local network Impact: System access Released: 2006-11-28 Liu Qixu has discovered a vulnerability in 3CTftpSvc, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/23113/ -- [SA23106] AT-TFTP Server Long Filename Buffer Overflow Vulnerability Critical: Moderately critical Where: From local network Impact: System access Released: 2006-11-28 A vulnerability has been discovered in AT-TFTP Server, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/23106/ -- [SA23123] iNews Publisher "articles.asp" Cross-Site Scripting Vulnerabilities Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2006-11-27 Some vulnerabilities have been reported in iNews Publisher, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/23123/ -- [SA23138] Adobe Reader / Acrobat AcroPDF ActiveX Control Bugs Critical: Not critical Where: Local system Impact: DoS Released: 2006-11-30 Some bugs have been discovered in Adobe Reader and Adobe Acrobat, which may cause an included ActiveX control to crash. Full Advisory: http://secunia.com/advisories/23138/ UNIX/Linux:-- [SA23155] Mac OS X Security Update Fixes Multiple Vulnerabilities Critical: Highly critical Where: From remote Impact: Security Bypass, Manipulation of data, Exposure of sensitive information, Privilege escalation, DoS, System access Released: 2006-11-29 Apple has issued a security update for Mac OS X, which fixes multiple vulnerabilities. Full Advisory: http://secunia.com/advisories/23155/ -- [SA23109] Sisfo Kampus File Inclusion and Directory Traversal Critical: Highly critical Where: From remote Impact: Exposure of system information, Exposure of sensitive information, System access Released: 2006-11-27 Some vulnerabilities have been discovered in Sisfo Kampus, which can be exploited by malicious people to gain knowledge of sensitive information or compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/23109/ -- [SA23087] GNU Radius "sqllog()" Format String Vulnerability Critical: Highly critical Where: From remote Impact: System access Released: 2006-11-27 A vulnerability has been reported in GNU Radius, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/23087/ -- [SA23079] OWLLib "OWLLIB_ROOT" File Inclusion Vulnerability Critical: Highly critical Where: From remote Impact: System access Released: 2006-11-24 Dr.Pantagon has discovered a vulnerability in OWLLib, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/23079/ -- [SA23078] HIOX Star Rating System Script "hm" File Inclusion Vulnerability Critical: Highly critical Where: From remote Impact: System access Released: 2006-11-24 CoLd Zero has discovered a vulnerability in HIOX Star Rating System Script, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/23078/ -- [SA23156] Gentoo update for lha Critical: Moderately critical Where: From remote Impact: DoS, System access Released: 2006-11-29 Gentoo has issued an update for lha. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/23156/ -- [SA23153] LHa Multiple Vulnerabilities Critical: Moderately critical Where: From remote Impact: DoS, System access Released: 2006-11-29 Some vulnerabilities have been reported in LHa, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/23153/ -- [SA23152] Gentoo update for openldap Critical: Moderately critical Where: From remote Impact: DoS Released: 2006-11-29 Gentoo has issued an update for openldap. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/23152/ -- [SA23150] Ubuntu update for dovecot Critical: Moderately critical Where: From remote Impact: DoS, System access Released: 2006-11-29 Ubuntu has issued an update for dovecot. This fixes a vulnerability, which can be exploited by malicious users to cause a DoS (Denial of Service) or potentially compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/23150/ -- [SA23142] Ubuntu update for tar Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2006-11-28 Ubuntu has issued an update for tar. This fixes a security issue, which can be exploited by malicious people to overwrite arbitrary files. Full Advisory: http://secunia.com/advisories/23142/ -- [SA23141] ProFTPD mod_tls Buffer Overflow Vulnerability Critical: Moderately critical Where: From remote Impact: System access, DoS Released: 2006-11-28 Evgeny Legerov has reported a vulnerability in the mod_tls module for ProFTPD, which potentially can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/23141/ -- [SA23135] Debian update for pstotext Critical: Moderately critical Where: From remote Impact: System access Released: 2006-11-28 Debian has issued an update for pstotext. This fixes a vulnerability, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/23135/ -- [SA23133] SUSE update for openldap2-client Critical: Moderately critical Where: From remote Impact: DoS Released: 2006-11-27 SUSE has issued an update for openldap2-client. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/23133/ -- [SA23132] SUSE Update for Multiple Packages Critical: Moderately critical Where: From remote Impact: Security Bypass, Manipulation of data, Exposure of system information, Exposure of sensitive information, DoS Released: 2006-11-27 SUSE has issued an update for multiple packages. This fixes some vulnerabilities, which can be exploited by malicious users to cause a DoS (Denial of Service), and by malicious people to bypass certain security restrictions, expose sensitive information, and manipulate data. Full Advisory: http://secunia.com/advisories/23132/ -- [SA23125] Trustix update for openldap and proftpd Critical: Moderately critical Where: From remote Impact: DoS Released: 2006-11-28 Trustix has issued an update for openldap and proftpd. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/23125/ -- [SA23122] Cahier de Texte Directory Traversal and Database Dump Exposure Critical: Moderately critical Where: From remote Impact: Exposure of system information, Exposure of sensitive information Released: 2006-11-27 DarkFig has discovered two vulnerabilities in Cahier de Texte, which can be exploited by malicious people to disclose sensitive information. Full Advisory: http://secunia.com/advisories/23122/ -- [SA23121] Gentoo update for imagemagick Critical: Moderately critical Where: From remote Impact: DoS, System access Released: 2006-11-27 Gentoo has issued an update for imagemagick. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/23121/ -- [SA23118] Gentoo update for gv Critical: Moderately critical Where: From remote Impact: DoS, System access Released: 2006-11-27 Gentoo has issued an update for gv. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/23118/ -- [SA23117] Mandriva update for tar Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2006-11-29 Mandriva has issued an update for tar. This fixes a security issue, which can be exploited by malicious people to overwrite arbitrary files. Full Advisory: http://secunia.com/advisories/23117/ -- [SA23115] GNU tar "GNUTYPES_NAMES" Record Type Security Issue Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2006-11-28 Teemu Salmela has reported a security issue in GNU tar, which can be exploited by malicious people to overwrite arbitrary files. Full Advisory: http://secunia.com/advisories/23115/ -- [SA23111] Evince "get_next_text()" Buffer Overflow Vulnerability Critical: Moderately critical Where: From remote Impact: System access Released: 2006-11-29 A vulnerability has been discovered in Evince, which can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/23111/ -- [SA23101] Ubuntu update for ImageMagick Critical: Moderately critical Where: From remote Impact: DoS, System access Released: 2006-11-28 Ubuntu has issued an update for ImageMagick. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a user's system. Full Advisory: http://secunia.com/advisories/23101/ -- [SA23100] Gentoo update for horde-ingo Critical: Moderately critical Where: From remote Impact: System access Released: 2006-11-27 Gentoo has issued an update for horde-ingo. This fixes a vulnerability, which can be exploited by malicious users to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/23100/ -- [SA23090] rPath update for ImageMagick Critical: Moderately critical Where: From remote Impact: DoS, System access Released: 2006-11-28 rPath has issued an update for ImageMagick. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/23090/ -- [SA23084] Wallpaper Website "wallpaperid" SQL Injection Critical: Moderately critical Where: From remote Impact: Manipulation of data, Exposure of sensitive information Released: 2006-11-24 GregStar has discovered a vulnerability in Wallpaper Website, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/23084/ -- [SA23083] Recipes Website "recipeid" and "categoryid" SQL Injection Critical: Moderately critical Where: From remote Impact: Manipulation of data, Exposure of sensitive information Released: 2006-11-24 GregStar has discovered two vulnerabilities in Recipes Website, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/23083/ -- [SA23148] b2evolution Multiple Cross Site Scripting Vulnerabilities Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2006-11-29 tarkus has discovered some vulnerabilities in b2evolution, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/23148/ -- [SA23130] mmgallery "page" Cross Site Scripting Vulnerability Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2006-11-27 Al7ejaz HackerZ have discovered a vulnerability in mmgallery, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/23130/ -- [SA23104] Sun Solaris libike RSA Signature Forgery Critical: Less critical Where: From remote Impact: Security Bypass Released: 2006-11-28 Sun has acknowledged a vulnerability in Solaris, which can be exploited by malicious people to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/23104/ -- [SA23086] SUSE update for phpMyAdmin Critical: Less critical Where: From remote Impact: Hijacking, Cross Site Scripting Released: 2006-11-24 SUSE has issued an update for phpMyAdmin. This fixes some vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting and cross-site request forgery attacks. Full Advisory: http://secunia.com/advisories/23086/ -- [SA23154] Gentoo update for mono Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2006-11-29 Gentoo has issued an update for mono. This fixes a vulnerability, which can be exploited by malicious, local users to perform certain actions with escalated privileges. Full Advisory: http://secunia.com/advisories/23154/ -- [SA23120] Apple Mac OS X "shared_region_make_private_np()" Buffer Overflow Critical: Less critical Where: Local system Impact: Privilege escalation, DoS Released: 2006-11-29 LMH has reported a vulnerability in Mac OS X, which potentially can be exploited by malicious, local users to gain escalated privileges. Full Advisory: http://secunia.com/advisories/23120/ -- [SA23099] Gentoo update for kile Critical: Less critical Where: Local system Impact: Exposure of sensitive information Released: 2006-11-27 Gentoo has issued an update for kile. This fixes a security issue, which can be exploited by malicious, local users to gain knowledge of certain information. Full Advisory: http://secunia.com/advisories/23099/ -- [SA23088] Mac OS X Mach-O Universal Binary Memory Corruption Critical: Less critical Where: Local system Impact: DoS, System access Released: 2006-11-27 LMH has reported a vulnerability in Mac OS X, which can be exploited by malicious, local users to cause a DoS (Denial of Service) or potentially gain escalated privileges. Full Advisory: http://secunia.com/advisories/23088/ -- [SA23134] Apple Mac OS X AppleTalk Local Denial of Service Critical: Not critical Where: Local system Impact: DoS Released: 2006-11-28 LMH has reported a vulnerability in Mac OS X, which can be exploited by malicious, local users to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/23134/ -- [SA23114] Apple Mac OS X "kevent()" Local Denial of Service Critical: Not critical Where: Local system Impact: DoS Released: 2006-11-27 dugsong has discovered a vulnerability in Mac OS X, which can be exploited by malicious, local users to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/23114/ -- [SA23093] Fedora Core ReiserFS sync Memory Corruption Vulnerability Critical: Not critical Where: Local system Impact: DoS Released: 2006-11-27 LMH has reported a vulnerability in Fedora Core, which can be exploited by malicious, local users to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/23093/ -- [SA23089] Gentoo update for fvwm Critical: Not critical Where: Local system Impact: Security Bypass Released: 2006-11-24 Gentoo has issued an update for fvwm. This fixes a vulnerability, which can be exploited by malicious, local users to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/23089/ Other:-- [SA23096] Avaya Products Wireshark Multiple Vulnerabilities Critical: Less critical Where: From remote Impact: DoS Released: 2006-11-28 Avaya has acknowledged some vulnerabilities in Wireshark, included in various Avaya products, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/23096/ Cross Platform:-- [SA23139] Symantec NetBackup PureDisk PHP Buffer Overflow Critical: Highly critical Where: From remote Impact: DoS, System access Released: 2006-11-29 Symantec has acknowledged a vulnerability in NetBackup Puredisk, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/23139/ -- [SA23103] P-News Multiple Vulnerabilities Critical: Highly critical Where: From remote Impact: Exposure of sensitive information, System access Released: 2006-11-29 A security issue and a vulnerability have been discovered in P-News, which can be exploited by malicious people to disclose sensitive information and malicious users to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/23103/ -- [SA23082] site_news "page" File Inclusion Vulnerability Critical: Highly critical Where: From remote Impact: System access Released: 2006-11-24 DaDIsS has reported a vulnerability in site_news, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/23082/ -- [SA23081] Messagerie Locale "page" File Inclusion Vulnerability Critical: Highly critical Where: From remote Impact: System access Released: 2006-11-24 DaDIsS has reported a vulnerability in Messagerie Locale, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/23081/ -- [SA23131] F-Secure Products OpenSSL ASN.1 Denial Of Service Vulnerability Critical: Moderately critical Where: From remote Impact: DoS Released: 2006-11-29 F-Secure has acknowledged a vulnerability in multiple products, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/23131/ -- [SA23128] PHP-Nuke "modules/News/index.php" SQL Injection Vulnerabilities Critical: Moderately critical Where: From remote Impact: Manipulation of data, Exposure of sensitive information Released: 2006-11-28 Paisterist has discovered two vulnerabilities in PHP-Nuke, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/23128/ -- [SA23097] Mambo Flyspray ME Component "file" File Inclusion Vulnerability Critical: Moderately critical Where: From remote Impact: Exposure of sensitive information Released: 2006-11-27 Dr Max Virus has discovered a vulnerability in the Flyspray ME component for Mambo, which can be exploited by malicious people to disclose sensitive information. Full Advisory: http://secunia.com/advisories/23097/ -- [SA23094] GnuPG "make_printable_string()" Buffer Overflow Vulnerability Critical: Moderately critical Where: From remote Impact: System access Released: 2006-11-28 Hugh Warrington has reported a vulnerability in GnuPG, which potentially can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/23094/ -- [SA23077] Woltlab Burning Board Lite "threadvisit" SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2006-11-24 rgod has discovered vulnerability in Woltlab Burning Board Lite, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/23077/ -- [SA23095] JBoss DeploymentFileRepository Directory Traversal Vulnerability Critical: Moderately critical Where: From local network Impact: Manipulation of data, Exposure of sensitive information, System access Released: 2006-11-28 Oliver Karow has reported a vulnerability in JBoss, which can be exploited by malicious users to disclose sensitive information, manipulate data, or potentially to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/23095/ -- [SA23126] Blogn Unspecified Cross-Site Scripting Vulnerability Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2006-11-29 Fukumori has reported a vulnerability in Blogn, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/23126/ -- [SA23108] Netscape Passcard Manager Information Disclosure Critical: Less critical Where: From remote Impact: Exposure of sensitive information Released: 2006-11-28 A vulnerability has been discovered in Netscape, which can be exploited by malicious people to conduct phishing attacks. Full Advisory: http://secunia.com/advisories/23108/ -- [SA23092] tDiary Unspecified Cross-Site Scripting Vulnerability Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2006-11-27 A vulnerability has been reported in tDiary, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/23092/ -- [SA23129] MBoard "orig_id" File Creation Weakness Critical: Not critical Where: From remote Impact: Manipulation of data Released: 2006-11-29 Mayhemic Labs have discovered a weakness in MBoard, which can be exploited by malicious people to manipulate data. Full Advisory: http://secunia.com/advisories/23129/ ======================================================================== Secunia recommends that you verify all advisories you receive, by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Subscribe: http://secunia.com/secunia_weekly_summary/ Contact details: Web : http://secunia.com/ E-mail : support@secunia.com Tel : +45 70 20 51 44 Fax : +45 70 20 51 45 ========================================================================

Secunia PSI
Scan | Patch | Track
Free Download

Secunia Poll

Most Popular Advisories

1.	Red Hat update for kernel

2.	Atom PhotoBlog "photoId" SQL Injection Vulnerability

3.	Red Hat update for mysql

4.	Red Hat update for coreutils

5.	Red Hat update for nss_ldap

6.	Red Hat update for rdesktop

7.	Red Hat update for rdesktop

8.	Red Hat update for vsftpd

9.	OpenBSD BIND Query Port DNS Cache Poisoning

10.	Red Hat update for kernel