========================================================================
The Secunia Weekly Advisory Summary
2006-11-30 - 2006-12-07
This week: 100 advisories
========================================================================
Table of Contents:
1.....................................................Word From Secunia
2....................................................This Week In Brief
3...............................This Weeks Top Ten Most Read Advisories
4.......................................Vulnerabilities Summary Listing
5.......................................Vulnerabilities Content Listing
========================================================================
1) Word From Secunia:
Secunia is proud to announce the availability of the Secunia Software
Inspector.
The Secunia Software Inspector is a free service that detects insecure
versions of software that you may have installed in your system. When
insecure versions are detected, the Secunia Software Inspector also
provides thorough guidelines for updating the software to the latest
secure version from the vendor.
Feature Overview - The Secunia Software Inspector:
* Detects insecure versions of applications installed
* Verifies that all Microsoft patches are applied
* Assists you in updating your system and applications
* Runs through your browser. No installation or download is required.
Try it out online:
http://secunia.com/software_inspector/
Read more in our blog:
http://secunia.com/blog/3/
========================================================================
2) This Week in Brief:
A "zero-day" vulnerability has been reported in Microsoft Word, which
potentially can be exploited by malicious people to compromise a user's
system.
Due to the nature of the vulnerability, combined with the facts that
the vulnerability is currently unpatched and is already being exploited
in the wild, Secunia has rated this "Extremely Critical".
Please refer to the referenced Secunia advisory for additional details.
Reference:
http://secunia.com/SA23232
--
Tavis Ormandy has reported a vulnerability in GnuPG, which can be
exploited by malicious people to compromise a vulnerable system.
Successful exploitation allows execution of arbitrary code.
Reference:
http://secunia.com/SA23245
--
A vulnerability has been reported in Adobe Download Manager, which can
be exploited by malicious people to compromise a user's system.
Successful exploitation allows execution of arbitrary code when a user
e.g. visits a malicious website.
Reference:
http://secunia.com/SA23233
--
VIRUS ALERTS:
During the past week Secunia collected 182 virus descriptions from the
Antivirus vendors. However, none were deemed MEDIUM risk or higher
according to the Secunia assessment scale.
========================================================================
3) This Weeks Top Ten Most Read Advisories:
1. [SA23232] Microsoft Word Unspecified Memory Corruption
Vulnerability
2. [SA21910] Internet Explorer Multiple Vulnerabilities
3. [SA23196] Microsoft Windows Print Spooler Denial of Service
Vulnerability
4. [SA23178] Mac OS X ftpd Buffer Overflow Vulnerability
5. [SA22477] Internet Explorer 7 "mhtml:" Redirection Information
Disclosure
6. [SA23138] Adobe Reader / Acrobat AcroPDF ActiveX Control Bugs
7. [SA23159] Apple AirPort Beacon Frame Denial of Service
8. [SA23080] MailEnable IMAP Service Two Vulnerabilities
9. [SA23046] Firefox Password Manager Information Disclosure
10. [SA23155] Mac OS X Security Update Fixes Multiple Vulnerabilities
========================================================================
4) Vulnerabilities Summary Listing
Windows:
[SA23272] Nostra DivX Player M3U Playlist Buffer Overflow
Vulnerability
[SA23246] Citrix ICA Client ActiveX Control Buffer Overflow
Vulnerability
[SA23185] JustSystems Multiple Products Buffer Overflow Vulnerability
[SA23228] DUware DUnews Two SQL Injection Vulnerabilities
[SA23224] DUware DUdownload "iFile" SQL Injection Vulnerability
[SA23222] DUware DUpaypal "iPro" and "iType" SQL Injection
[SA23192] BlazeVideo HDTV Player PLF Parsing Buffer Overflow
Vulnerability
[SA23182] VUPlayer M3U/PLS Playlist Parsing Buffer Overflow
Vulnerability
[SA23225] Ultimate HelpDesk Cross-Site Scripting and Directory
Traversal
[SA23244] Novell Client srvloc.sys Denial of Service Vulnerability
[SA23243] Novell ZENworks Patch Management SQL Injection Vulnerability
[SA23196] Microsoft Windows Print Spooler Denial of Service
Vulnerability
[SA23191] GNotebooks Plugin Insecure Permissions Security Issue
UNIX/Linux:
[SA23269] Slackware update for gnupg
[SA23259] rPath update for gnupg
[SA23255] Ubuntu update for gnupg
[SA23249] Ubuntu update for xine-lib
[SA23245] GnuPG OpenPGP Message Decryption Vulnerability
[SA23242] Mandriva update for xine-lib
[SA23220] Mandriva update for koffice
[SA23218] xine-lib libreal and libmms Buffer Overflow Vulnerabilities
[SA23202] Debian update for mozilla-firefox
[SA23197] Debian update for mozilla
[SA23194] deV!L'z Clanportal File Upload and SQL Injection
[SA23162] Ubuntu update for koffice
[SA23266] Ubuntu update for evince-gtk
[SA23260] HP-UX update for Apache
[SA23251] Red Hat update for mod_auth_kerb
[SA23241] HP-UX update for Secure Shell
[SA23237] Fail2ban Denial of Service Vulnerability
[SA23236] DenyHosts "hosts.deny" Denial of Service
[SA23235] Debian update for mozilla-thunderbird
[SA23227] Ubuntu update for libgsf
[SA23219] Mandriva update for ImageMagick
[SA23212] Debian update for asterisk
[SA23209] Slackware update for tar
[SA23207] Slackware update for proftpd
[SA23198] FreeBSD update for gtar
[SA23184] Mandriva update for proftpd
[SA23183] Ubuntu update for evince
[SA23179] Gentoo update for proftpd
[SA23178] Mac OS X ftpd Buffer Overflow Vulnerability
[SA23174] Debian update for proftpd
[SA23173] rPath update for tar
[SA23172] rPath update for dovecot
[SA23171] rPath update for gnupg
[SA23170] rPath update for openldap
[SA23167] Debian update for libgsf
[SA23166] Mandriva update for libgsf
[SA23164] GNOME Structured File Library "ole_info_read_metabat()"
Buffer Overflow
[SA23163] Debian update for tar
[SA23161] Mandriva update for GnuPG
[SA23234] Debian update for elinks
[SA23230] l2tpns Heartbeat Packets Buffer Overflow Vulnerability
[SA23188] Debian update for links
[SA23264] Upload Script Administrator Password Hash Exposure
[SA23239] Google Search Appliances UTF-7 Cross-Site Scripting
[SA23226] Vt-Forum Lite System "StrMes" Cross-Site Scripting
Vulnerability
[SA23208] Slackware update for libpng
[SA23181] @lex Guestbook "skin" Cross-Site Scripting Vulnerability
[SA23159] Apple AirPort Beacon Frame Denial of Service
[SA23252] rPath update for kernel
[SA23213] SUSE update for mono
[SA23268] Mandriva update for ruby
[SA23203] KDE JPEG kfile-info EXIF Denial of Service Weakness
[SA23187] Sun Solaris Unspecified Local Denial of Service
Other:
[SA23215] Barracuda Spam Firewall Buffer Overflow Vulnerability
[SA23265] XEROX WorkCentre Products Multiple Vulnerabilities
[SA23256] Linksys WIP 330 "PhoneCtrl.exe" Denial of Service
Cross Platform:
[SA23232] Microsoft Word Unspecified Memory Corruption Vulnerability
[SA23250] Red Hat update for gnupg
[SA23233] Adobe Download Manager AOM Buffer Overflow Vulnerability
[SA23216] JAB Guest Book PHP Command Injection Vulnerabilities
[SA23206] mxBB Portal mx_tinies Module "module_root_path" File
Inclusion
[SA23204] PHP Upload Center "footerpage" and "language" File Inclusion
[SA23262] SAP Internet Graphics Service Two Vulnerabilities
[SA23223] AgileBill / AgileVoice Denial of Service Vulnerability
[SA23200] Anna^ IRC Bot SQL Injection Vulnerabilities
[SA23195] SquirrelMail Multiple Cross-Site Scripting Vulnerabilities
[SA23190] plx Pay "read" File Inclusion Vulnerability
[SA23189] TWiki Authentication Bypass Vulnerability
[SA23180] Seditio SQL Injection and Unspecified Vulnerabilities
[SA23176] Photo Organizer Multiple Vulnerabilities
[SA23169] Online-Bookmarks Multiple Vulnerabilities
[SA23168] Quick.Cart "config[db_type]" Local File Inclusion
Vulnerabilities
[SA23158] ContentServ "src" Directory Traversal Vulnerability
[SA23177] IBM Tivoli Storage Manager Buffer Overflow Vulnerabilities
[SA23157] Novell ZENworks Asset Management Buffer Overflow
Vulnerability
[SA23261] Drupal CVS management/tracker Module Cross-Site Scripting
[SA23240] Plone Group Masquerading Vulnerability
[SA23238] BlueSocket BlueSecure Controller "ad_name" Cross-Site
Scripting
[SA23229] ISMail "error" Cross-Site Scripting Vulnerability
[SA23214] PHPNews "link_temp.php" Cross-Site Scripting Vulnerabilities
[SA23193] Cerberus Helpdesk "js" Cross-Site Scripting Vulnerability
[SA23186] Sun Java System Server Products HTTP Request Smuggling
[SA23175] Simple Machines Forum Cross-Site Scripting Vulnerability
[SA23248] 2X ThinClientServer Admin Account Replay Vulnerability
[SA23221] Intel LAN Driver Unspecified Privilege Escalation
Vulnerability
[SA23199] H-Sphere Control Panel Insecure Permissions of Logfiles
[SA23231] Emdros Local Denial of Service Vulnerabilities
========================================================================
5) Vulnerabilities Content Listing
Windows:--
[SA23272] Nostra DivX Player M3U Playlist Buffer Overflow
Vulnerability
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2006-12-07
Parvez Anwar has discovered a vulnerability in Nostra DivX Player,
which can be exploited by malicious people to compromise a user's
system.
Full Advisory:
http://secunia.com/advisories/23272/
--
[SA23246] Citrix ICA Client ActiveX Control Buffer Overflow
Vulnerability
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2006-12-06
A vulnerability has been discovered in Citrix Presentation Server
Client, which can be exploited by malicious people to compromise a
user's system.
Full Advisory:
http://secunia.com/advisories/23246/
--
[SA23185] JustSystems Multiple Products Buffer Overflow Vulnerability
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2006-12-05
Yuu Arai has discovered a vulnerability in various JustSystems
products, which potentially can be exploited by malicious people to
compromise a user's system.
Full Advisory:
http://secunia.com/advisories/23185/
--
[SA23228] DUware DUnews Two SQL Injection Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2006-12-04
Aria-Security Team have reported two vulnerabilities in DUware DUnews,
which can be exploited by malicious people to conduct SQL injection
attacks.
Full Advisory:
http://secunia.com/advisories/23228/
--
[SA23224] DUware DUdownload "iFile" SQL Injection Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2006-12-04
Aria-Security Team have reported a vulnerability in DUware DUdownload,
which can be exploited by malicious people to conduct SQL injection
attacks.
Full Advisory:
http://secunia.com/advisories/23224/
--
[SA23222] DUware DUpaypal "iPro" and "iType" SQL Injection
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2006-12-04
Aria-Security Team have reported two vulnerabilities in DUware
DUpaypal, which can be exploited by malicious people to conduct SQL
injection attacks.
Full Advisory:
http://secunia.com/advisories/23222/
--
[SA23192] BlazeVideo HDTV Player PLF Parsing Buffer Overflow
Vulnerability
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2006-12-04
Greg Linares has discovered a vulnerability in BlazeVideo HDTV Player,
which can be exploited by malicious people to compromise a user's
system.
Full Advisory:
http://secunia.com/advisories/23192/
--
[SA23182] VUPlayer M3U/PLS Playlist Parsing Buffer Overflow
Vulnerability
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2006-12-01
Greg Linares has discovered a vulnerability in VUPlayer, which can be
exploited by malicious people to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/23182/
--
[SA23225] Ultimate HelpDesk Cross-Site Scripting and Directory
Traversal
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting, Exposure of sensitive information
Released: 2006-12-04
ajann has reported some vulnerabilities in Ultimate HelpDesk, which can
be exploited by malicious users to disclose sensitive information or by
malicious people to conduct cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/23225/
--
[SA23244] Novell Client srvloc.sys Denial of Service Vulnerability
Critical: Less critical
Where: From local network
Impact: DoS
Released: 2006-12-07
A vulnerability has been reported in Novell Client, which can be
exploited by malicious people to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/23244/
--
[SA23243] Novell ZENworks Patch Management SQL Injection Vulnerability
Critical: Less critical
Where: From local network
Impact: Manipulation of data
Released: 2006-12-07
A vulnerability has been reported in Novell ZENWorks Patch Management,
which can be exploited by malicious users to conduct SQL injection
attacks.
Full Advisory:
http://secunia.com/advisories/23243/
--
[SA23196] Microsoft Windows Print Spooler Denial of Service
Vulnerability
Critical: Less critical
Where: From local network
Impact: DoS
Released: 2006-12-04
h07 has discovered a vulnerability in Microsoft Windows, which can be
exploited by malicious people to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/23196/
--
[SA23191] GNotebooks Plugin Insecure Permissions Security Issue
Critical: Less critical
Where: Local system
Impact: Exposure of sensitive information
Released: 2006-12-05
Richard Reed has discovered a security issue in the GNotebooks Plugin
for Google Desktop, which can be exploited by malicious, local users to
disclose certain sensitive information.
Full Advisory:
http://secunia.com/advisories/23191/
UNIX/Linux:--
[SA23269] Slackware update for gnupg
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2006-12-07
Slackware has issued an update for gnupg. This fixes some
vulnerabilities, which can be exploited by malicious people to
compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/23269/
--
[SA23259] rPath update for gnupg
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2006-12-07
rPath has issued an update for gnupg. This fixes a vulnerability, which
can be exploited by malicious people to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/23259/
--
[SA23255] Ubuntu update for gnupg
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2006-12-07
Ubuntu has issued an update for gnupg. This fixes a vulnerability,
which can be exploited by malicious people to compromise a vulnerable
system.
Full Advisory:
http://secunia.com/advisories/23255/
--
[SA23249] Ubuntu update for xine-lib
Critical: Highly critical
Where: From remote
Impact: DoS, System access
Released: 2006-12-05
Ubuntu has issued an update for xine-lib. This fixes a vulnerability,
which potentially can be exploited by malicious people to compromise a
user's system.
Full Advisory:
http://secunia.com/advisories/23249/
--
[SA23245] GnuPG OpenPGP Message Decryption Vulnerability
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2006-12-06
Tavis Ormandy has reported a vulnerability in GnuPG, which can be
exploited by malicious people to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/23245/
--
[SA23242] Mandriva update for xine-lib
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2006-12-06
Mandriva has issued an update for xine-lib. This fixes a vulnerability,
which can be exploited by malicious people to potentially compromise a
user's system.
Full Advisory:
http://secunia.com/advisories/23242/
--
[SA23220] Mandriva update for koffice
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2006-12-04
Mandriva has issued an update for koffice. This fixes a vulnerability,
which can be exploited by malicious people to potentially compromise a
user's system.
Full Advisory:
http://secunia.com/advisories/23220/
--
[SA23218] xine-lib libreal and libmms Buffer Overflow Vulnerabilities
Critical: Highly critical
Where: From remote
Impact: DoS, System access
Released: 2006-12-05
Some vulnerabilities have been reported in xine-lib, which potentially
can be exploited by malicious people to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/23218/
--
[SA23202] Debian update for mozilla-firefox
Critical: Highly critical
Where: From remote
Impact: Security Bypass, Cross Site Scripting, DoS, System access
Released: 2006-12-04
Debian has issued an update for mozilla-firefox. This fixes some
vulnerabilities, which can be exploited by malicious people to bypass
certain security restrictions, conduct cross-site scripting attacks,
and potentially compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/23202/
--
[SA23197] Debian update for mozilla
Critical: Highly critical
Where: From remote
Impact: Security Bypass, Cross Site Scripting, DoS, System access
Released: 2006-12-04
Debian has issued an update for mozilla. This fixes some
vulnerabilities, which can be exploited by malicious people to bypass
certain security restrictions, conduct cross-site scripting attacks,
and potentially compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/23197/
--
[SA23194] deV!L'z Clanportal File Upload and SQL Injection
Critical: Highly critical
Where: From remote
Impact: Manipulation of data, System access
Released: 2006-12-06
Tim Weber has discovered two vulnerabilities in deV!L'z Clanportal,
which can be exploited by malicious people to compromise a vulnerable
system and manipulate data.
Full Advisory:
http://secunia.com/advisories/23194/
--
[SA23162] Ubuntu update for koffice
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2006-11-30
Ubuntu has issued an update for koffice. This fixes a vulnerability,
which can be exploited by malicious people to potentially compromise a
user's system.
Full Advisory:
http://secunia.com/advisories/23162/
--
[SA23266] Ubuntu update for evince-gtk
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2006-12-07
Ubuntu has issued an update for evince-gtk. This fixes a vulnerability,
which can be exploited by malicious people to compromise a user's
system.
Full Advisory:
http://secunia.com/advisories/23266/
--
[SA23260] HP-UX update for Apache
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting, DoS, System access
Released: 2006-12-06
HP has issued an update for Apache-based Web Server. This fixes some
vulnerabilities, which can be exploited by malicious people to conduct
cross-site scripting attacks, to cause a DoS (Denial of Service), or to
compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/23260/
--
[SA23251] Red Hat update for mod_auth_kerb
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2006-12-07
Red Hat has issued an update for mod_auth_kerb. This fixes a
vulnerability, which can be exploited by malicious people to cause a
DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/23251/
--
[SA23241] HP-UX update for Secure Shell
Critical: Moderately critical
Where: From remote
Impact: Privilege escalation, DoS
Released: 2006-12-06
HP has issued an update for HP-UX. This fixes a vulnerability, which
can be exploited by malicious people to cause a DoS (Denial of
Service), and also fixes a weakness, which potentially can be exploited
by malicious, local users to perform certain actions with escalated
privileges.
Full Advisory:
http://secunia.com/advisories/23241/
--
[SA23237] Fail2ban Denial of Service Vulnerability
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2006-12-06
Tavis Ormandy has discovered a vulnerability in Fail2ban, which can be
exploited by malicious people to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/23237/
--
[SA23236] DenyHosts "hosts.deny" Denial of Service
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2006-12-06
Tavis Ormandy has discovered a vulnerability in DenyHosts, which can be
exploited by malicious people to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/23236/
--
[SA23235] Debian update for mozilla-thunderbird
Critical: Moderately critical
Where: From remote
Impact: Security Bypass, Cross Site Scripting, DoS, System access
Released: 2006-12-04
Debian has issued an update for mozilla-thunderbird. This fixes some
vulnerabilities, which can be exploited by malicious people to bypass
certain security restrictions, conduct cross-site scripting attacks,
and potentially compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/23235/
--
[SA23227] Ubuntu update for libgsf
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2006-12-05
Ubuntu has issued an update for libgsf. This fixes a vulnerability,
which potentially can be exploited by malicious people to compromise an
application using the library.
Full Advisory:
http://secunia.com/advisories/23227/
--
[SA23219] Mandriva update for ImageMagick
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2006-12-04
Mandriva has issued an update for ImageMagick. This fixes a
vulnerability, which can be exploited by malicious people to cause a
DoS (Denial of Service) and potentially compromise a user's system.
Full Advisory:
http://secunia.com/advisories/23219/
--
[SA23212] Debian update for asterisk
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2006-12-06
Debian has issued an update for asterisk. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service) and potentially compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/23212/
--
[SA23209] Slackware update for tar
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2006-12-04
Slackware has issued an update for tar. This fixes a security issue,
which can be exploited by malicious people to overwrite arbitrary
files.
Full Advisory:
http://secunia.com/advisories/23209/
--
[SA23207] Slackware update for proftpd
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2006-12-04
Slackware has issued an update for proftpd. This fixes some
vulnerabilities, which can be exploited by malicious users and
malicious people to potentially compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/23207/
--
[SA23198] FreeBSD update for gtar
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2006-12-06
FreeBSD has issued an update for gtar. This fixes a security issue,
which can be exploited by malicious people to overwrite arbitrary
files.
Full Advisory:
http://secunia.com/advisories/23198/
--
[SA23184] Mandriva update for proftpd
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2006-12-01
Mandriva has issued an update for proftpd. This fixes some
vulnerabilities, which can be exploited by malicious users and
malicious people to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/23184/
--
[SA23183] Ubuntu update for evince
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2006-12-01
Ubuntu has issued an update for evince. This fixes a vulnerability,
which can be exploited by malicious people to compromise a user's
system.
Full Advisory:
http://secunia.com/advisories/23183/
--
[SA23179] Gentoo update for proftpd
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2006-12-01
Gentoo has issued an update for proftpd. This fixes some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service) and by malicious users and malicious people to
potentially compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/23179/
--
[SA23178] Mac OS X ftpd Buffer Overflow Vulnerability
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2006-12-05
A vulnerability has been reported in Mac OS X, which potentially can be
exploited by malicious users to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/23178/
--
[SA23174] Debian update for proftpd
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2006-12-01
Debian has issued an update for proftpd. This fixes some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service) and by malicious users and malicious people to
potentially compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/23174/
--
[SA23173] rPath update for tar
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2006-12-01
rPath has issued an update for tar. This fixes a security issue, which
can be exploited by malicious people to overwrite arbitrary files.
Full Advisory:
http://secunia.com/advisories/23173/
--
[SA23172] rPath update for dovecot
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2006-12-01
rPath has issued an update for Dovecot. This fixes a vulnerability,
which can be exploited by malicious users to cause a DoS (Denial of
Service) or potentially compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/23172/
--
[SA23171] rPath update for gnupg
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2006-12-01
rPath has issued an update for gnupg. This fixes a vulnerability, which
potentially can be exploited by malicious people to compromise a user's
system.
Full Advisory:
http://secunia.com/advisories/23171/
--
[SA23170] rPath update for openldap
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2006-12-01
rPath has issued an update for openldap. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service).
Full Advisory:
http://secunia.com/advisories/23170/
--
[SA23167] Debian update for libgsf
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2006-11-30
Debian has issued an update for libgsf. This fixes a vulnerability,
which can be exploited by malicious people to potentially compromise a
vulnerable system.
Full Advisory:
http://secunia.com/advisories/23167/
--
[SA23166] Mandriva update for libgsf
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2006-12-01
Mandriva has issued an update for libgsf. This fixes a vulnerability,
which potentially can be exploited by malicious people to compromise an
application using the library.
Full Advisory:
http://secunia.com/advisories/23166/
--
[SA23164] GNOME Structured File Library "ole_info_read_metabat()"
Buffer Overflow
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2006-11-30
A vulnerability has been reported in libgsf, which potentially can be
exploited by malicious people to compromise an application using the
library.
Full Advisory:
http://secunia.com/advisories/23164/
--
[SA23163] Debian update for tar
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2006-12-04
Debian has issued an update for tar. This fixes a security issue, which
can be exploited by malicious people to overwrite arbitrary files.
Full Advisory:
http://secunia.com/advisories/23163/
--
[SA23161] Mandriva update for GnuPG
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2006-12-01
Mandriva has issued an update for GnuPG. This fixes a vulnerability,
which potentially can be exploited by malicious people to compromise a
user's system.
Full Advisory:
http://secunia.com/advisories/23161/
--
[SA23234] Debian update for elinks
Critical: Moderately critical
Where: From local network
Impact: Manipulation of data, Exposure of system information,
Exposure of sensitive information
Released: 2006-12-06
Debian has issued an update for elinks. This fixes a vulnerability,
which can be exploited by malicious people to expose sensitive
information and manipulate data.
Full Advisory:
http://secunia.com/advisories/23234/
--
[SA23230] l2tpns Heartbeat Packets Buffer Overflow Vulnerability
Critical: Moderately critical
Where: From local network
Impact: System access
Released: 2006-12-05
Rhys Kidd has reported a vulnerability in l2tpns, which potentially can
be exploited by malicious people to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/23230/
--
[SA23188] Debian update for links
Critical: Moderately critical
Where: From local network
Impact: Manipulation of data, Exposure of system information,
Exposure of sensitive information
Released: 2006-12-05
Debian has issued an update for links. This fixes a vulnerability,
which can be exploited by malicious people to expose sensitive
information and manipulate data.
Full Advisory:
http://secunia.com/advisories/23188/
--
[SA23264] Upload Script Administrator Password Hash Exposure
Critical: Less critical
Where: From remote
Impact: Exposure of sensitive information
Released: 2006-12-07
hack2prison has reported a security issue in Upload Script, which can
be exploited by malicious people to view administrator password
hashes.
Full Advisory:
http://secunia.com/advisories/23264/
--
[SA23239] Google Search Appliances UTF-7 Cross-Site Scripting
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2006-12-05
maluc has reported a vulnerability in Google Mini Search Appliance and
Google Search Appliance, which can be exploited by malicious people to
conduct cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/23239/
--
[SA23226] Vt-Forum Lite System "StrMes" Cross-Site Scripting
Vulnerability
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2006-12-06
St@rExT has discovered a vulnerability in VT-Forum Lite System, which
can be exploited by malicious people to conduct cross-site scripting
attacks.
Full Advisory:
http://secunia.com/advisories/23226/
--
[SA23208] Slackware update for libpng
Critical: Less critical
Where: From remote
Impact: DoS
Released: 2006-12-04
Slackware has issued an update for libpng. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service).
Full Advisory:
http://secunia.com/advisories/23208/
--
[SA23181] @lex Guestbook "skin" Cross-Site Scripting Vulnerability
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2006-12-01
Mr_KaLiMaN has reported a vulnerability in @lex Guestbook, which can be
exploited by malicious people to conduct cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/23181/
--
[SA23159] Apple AirPort Beacon Frame Denial of Service
Critical: Less critical
Where: From remote
Impact: DoS
Released: 2006-12-01
LMH has reported a vulnerability in the Apple AirPort Extreme driver,
which can be exploited by malicious people to cause a DoS (Denial of
Service).
Full Advisory:
http://secunia.com/advisories/23159/
--
[SA23252] rPath update for kernel
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2006-12-07
rPath has issued an update for the kernel. This fixes a vulnerability,
which can be exploited by malicious, local users to gain escalated
privileges.
Full Advisory:
http://secunia.com/advisories/23252/
--
[SA23213] SUSE update for mono
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2006-12-04
SUSE has issued an update for mono. This fixes a vulnerability, which
can be exploited by malicious, local users to perform certain actions
with escalated privileges.
Full Advisory:
http://secunia.com/advisories/23213/
--
[SA23268] Mandriva update for ruby
Critical: Not critical
Where: From remote
Impact: DoS
Released: 2006-12-07
Mandriva has issued an update for ruby. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service).
Full Advisory:
http://secunia.com/advisories/23268/
--
[SA23203] KDE JPEG kfile-info EXIF Denial of Service Weakness
Critical: Not critical
Where: From remote
Impact: DoS
Released: 2006-12-04
A weakness has been reported in KDE, which can be exploited by
malicious people to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/23203/
--
[SA23187] Sun Solaris Unspecified Local Denial of Service
Critical: Not critical
Where: Local system
Impact: DoS
Released: 2006-12-01
Sun has acknowledged a vulnerability in Sun Solaris, which can be
exploited by malicious, local users to cause a DoS (Denial of
Service).
Full Advisory:
http://secunia.com/advisories/23187/
Other:--
[SA23215] Barracuda Spam Firewall Buffer Overflow Vulnerability
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2006-12-06
Jean-Sbastien Guay-Leroux has reported a vulnerability in Barracuda
Spam Firewall, which can be exploited by malicious people to compromise
a vulnerable system.
Full Advisory:
http://secunia.com/advisories/23215/
--
[SA23265] XEROX WorkCentre Products Multiple Vulnerabilities
Critical: Moderately critical
Where: From local network
Impact: Security Bypass, Manipulation of data, Exposure of system
information, Exposure of sensitive information, DoS, System access
Released: 2006-12-06
Some vulnerabilities and weaknesses have been reported in various XEROX
WorkCentre products, which can be exploited by malicious people to
bypass certain security restrictions, expose certain sensitive
information, cause a DoS (Denial of Service), and compromise a
vulnerable system.
Full Advisory:
http://secunia.com/advisories/23265/
--
[SA23256] Linksys WIP 330 "PhoneCtrl.exe" Denial of Service
Critical: Less critical
Where: From local network
Impact: DoS
Released: 2006-12-07
A vulnerability has been reported in Linksys WIP 330, which can be
exploited by malicious people to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/23256/
Cross Platform:--
[SA23232] Microsoft Word Unspecified Memory Corruption Vulnerability
Critical: Extremely critical
Where: From remote
Impact: System access
Released: 2006-12-06
A vulnerability has been reported in Microsoft Word, which potentially
can be exploited by malicious people to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/23232/
--
[SA23250] Red Hat update for gnupg
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2006-12-06
Red Hat has issued an update for gnupg. This fixes some
vulnerabilities, which can be exploited by malicious people to
compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/23250/
--
[SA23233] Adobe Download Manager AOM Buffer Overflow Vulnerability
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2006-12-06
A vulnerability has been reported in Adobe Download Manager, which can
be exploited by malicious people to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/23233/
--
[SA23216] JAB Guest Book PHP Command Injection Vulnerabilities
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2006-12-05
Some vulnerabilities have been reported in JAB Guest Book, which can be
exploited by malicious people to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/23216/
--
[SA23206] mxBB Portal mx_tinies Module "module_root_path" File
Inclusion
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2006-12-04
bd0rk has reported a vulnerability in the mx_tinies module for MxBB,
which can be exploited by malicious people to compromise a vulnerable
system.
Full Advisory:
http://secunia.com/advisories/23206/
--
[SA23204] PHP Upload Center "footerpage" and "language" File Inclusion
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2006-12-04
GregStar has discovered two vulnerabilities in PHP Upload Center, which
can be exploited by malicious people to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/23204/
--
[SA23262] SAP Internet Graphics Service Two Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Security Bypass, Manipulation of data, Exposure of system
information, Exposure of sensitive information, DoS
Released: 2006-12-06
Mariano Nuez Di Croce has reported two vulnerabilities in SAP Internet
Graphics Service (IGS), which can be exploited by malicious people to
gain knowledge of various information, bypass certain security
restrictions, manipulate data, or cause a DoS (Denial of Service),
Full Advisory:
http://secunia.com/advisories/23262/
--
[SA23223] AgileBill / AgileVoice Denial of Service Vulnerability
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2006-12-06
Urs J Reinhart has reported a vulnerability in AgileBill and
AgileVoice, which can be exploited by malicious people to cause a DoS
(Denial of Service).
Full Advisory:
http://secunia.com/advisories/23223/
--
[SA23200] Anna^ IRC Bot SQL Injection Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2006-12-05
Some vulnerabilities have been reported in Anna^ IRC Bot, which can be
exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/23200/
--
[SA23195] SquirrelMail Multiple Cross-Site Scripting Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting
Released: 2006-12-04
Some vulnerabilities have been reported in SquirrelMail, which can be
exploited by malicious people to conduct cross-site scripting and
script insertion attacks.
Full Advisory:
http://secunia.com/advisories/23195/
--
[SA23190] plx Pay "read" File Inclusion Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Exposure of sensitive information
Released: 2006-12-01
arabhat has reported a vulnerability in plx Pay, which can be exploited
by malicious people to disclose sensitive information.
Full Advisory:
http://secunia.com/advisories/23190/
--
[SA23189] TWiki Authentication Bypass Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Security Bypass, Exposure of sensitive information
Released: 2006-12-01
A vulnerability has been reported in TWiki, which can be exploited by
malicious people to disclose certain sensitive information.
Full Advisory:
http://secunia.com/advisories/23189/
--
[SA23180] Seditio SQL Injection and Unspecified Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Unknown, Manipulation of data
Released: 2006-12-01
Some vulnerabilities have been reported in Seditio, which can be
exploited by malicious people to conduct SQL injection attacks and
other attacks with unknown impacts.
Full Advisory:
http://secunia.com/advisories/23180/
--
[SA23176] Photo Organizer Multiple Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data, Privilege escalation
Released: 2006-12-05
Some vulnerabilities have been reported in Photo Organizer, which can
be exploited by malicious users to manipulate data and by malicious
people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/23176/
--
[SA23169] Online-Bookmarks Multiple Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting, Manipulation of data
Released: 2006-12-05
Some vulnerabilities have been reported in Online-Bookmarks, which can
be exploited by malicious people to conduct SQL injection and
cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/23169/
--
[SA23168] Quick.Cart "config[db_type]" Local File Inclusion
Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Exposure of sensitive information
Released: 2006-12-05
r0ut3r has reported some vulnerabilities in Quick.Cart, which can be
exploited by malicious people to disclose sensitive information.
Full Advisory:
http://secunia.com/advisories/23168/
--
[SA23158] ContentServ "src" Directory Traversal Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Exposure of system information, Exposure of sensitive
information
Released: 2006-12-01
capt.nem0 has reported a vulnerability in ContentServ, which can be
exploited by malicious people to disclose sensitive information.
Full Advisory:
http://secunia.com/advisories/23158/
--
[SA23177] IBM Tivoli Storage Manager Buffer Overflow Vulnerabilities
Critical: Moderately critical
Where: From local network
Impact: DoS, System access
Released: 2006-12-05
TippingPoint Security Research Team has reported some vulnerabilities
in Tivoli Storage Manager, which can be exploited by malicious people
to cause a DoS (Denial of Service) and potentially compromise a
vulnerable system.
Full Advisory:
http://secunia.com/advisories/23177/
--
[SA23157] Novell ZENworks Asset Management Buffer Overflow
Vulnerability
Critical: Moderately critical
Where: From local network
Impact: System access
Released: 2006-12-04
Eric Detoisien has reported a vulnerability in Novell ZENWorks Asset
Management, which potentially can be exploited by malicious people to
compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/23157/
--
[SA23261] Drupal CVS management/tracker Module Cross-Site Scripting
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2006-12-06
A vulnerability has been reported in the CVS management/tracker module
for Drupal, which can be exploited by malicious users to conduct
cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/23261/
--
[SA23240] Plone Group Masquerading Vulnerability
Critical: Less critical
Where: From remote
Impact: Spoofing
Released: 2006-12-06
A vulnerability has been reported in Plone, which can be exploited by
malicious people to conduct spoofing attacks.
Full Advisory:
http://secunia.com/advisories/23240/
--
[SA23238] BlueSocket BlueSecure Controller "ad_name" Cross-Site
Scripting
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2006-12-05
Jesus Olmos Gonzalez has reported a vulnerability in BlueSocket
BlueSecure Controller, which can be exploited by malicious people to
conduct cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/23238/
--
[SA23229] ISMail "error" Cross-Site Scripting Vulnerability
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2006-12-05
Vicente Aguilera Diaz has reported a vulnerability in ISMail, which can
be exploited by malicious people to conduct cross-site scripting
attacks.
Full Advisory:
http://secunia.com/advisories/23229/
--
[SA23214] PHPNews "link_temp.php" Cross-Site Scripting Vulnerabilities
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2006-12-04
Detefix has discovered some vulnerabilities in PHPNews, which can be
exploited by malicious people to conduct cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/23214/
--
[SA23193] Cerberus Helpdesk "js" Cross-Site Scripting Vulnerability
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2006-12-05
En Douli has reported a vulnerability in Cerberus Helpdesk, which can
be exploited by malicious people to conduct cross-site scripting
attacks.
Full Advisory:
http://secunia.com/advisories/23193/
--
[SA23186] Sun Java System Server Products HTTP Request Smuggling
Critical: Less critical
Where: From remote
Impact: Security Bypass, Cross Site Scripting, Manipulation of
data
Released: 2006-12-04
Sun has acknowledged a vulnerability in various Sun Java System Server
products, which can be exploited by malicious people to conduct HTTP
request smuggling attacks.
Full Advisory:
http://secunia.com/advisories/23186/
--
[SA23175] Simple Machines Forum Cross-Site Scripting Vulnerability
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2006-12-04
Jessica Hope has discovered a vulnerability in Simple Machines Forum,
which can be exploited by malicious people to conduct cross-site
scripting attacks.
Full Advisory:
http://secunia.com/advisories/23175/
--
[SA23248] 2X ThinClientServer Admin Account Replay Vulnerability
Critical: Less critical
Where: From local network
Impact: Security Bypass
Released: 2006-12-07
A vulnerability has been reported in 2X ThinClientServer, which can be
exploited by malicious people to bypass certain security restrictions.
Full Advisory:
http://secunia.com/advisories/23248/
--
[SA23221] Intel LAN Driver Unspecified Privilege Escalation
Vulnerability
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2006-12-06
A vulnerability has been reported in Intel LAN drivers, which can be
exploited by malicious, local users to gain escalated privileges.
Full Advisory:
http://secunia.com/advisories/23221/
--
[SA23199] H-Sphere Control Panel Insecure Permissions of Logfiles
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2006-12-05
fireD has reported a vulnerability in H-Sphere, which can be exploited
by malicious, local users to perform certain actions with escalated
privileges.
Full Advisory:
http://secunia.com/advisories/23199/
--
[SA23231] Emdros Local Denial of Service Vulnerabilities
Critical: Not critical
Where: Local system
Impact: DoS
Released: 2006-12-05
Some vulnerabilities have been reported in Emdros, which can be
exploited by malicious, local users to cause a DoS (Denial of
Service).
Full Advisory:
http://secunia.com/advisories/23231/
========================================================================
Secunia recommends that you verify all advisories you receive,
by clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only use
those supplied by the vendor.
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Subscribe:
http://secunia.com/secunia_weekly_summary/
Contact details:
Web : http://secunia.com/
E-mail : support@secunia.com
Tel : +45 70 20 51 44
Fax : +45 70 20 51 45
========================================================================
< Secunia Weekly Summary - Issue: 2006-49
Date: 7 Dec 2006 11:55:46 -0000 (12:55 CET)
========================================================================
The Secunia Weekly Advisory Summary
2006-11-30 - 2006-12-07
This week: 100 advisories
========================================================================
Table of Contents:
1.....................................................Word From Secunia
2....................................................This Week In Brief
3...............................This Weeks Top Ten Most Read Advisories
4.......................................Vulnerabilities Summary Listing
5.......................................Vulnerabilities Content Listing
========================================================================
1) Word From Secunia:
Secunia is proud to announce the availability of the Secunia Software
Inspector.
The Secunia Software Inspector is a free service that detects insecure
versions of software that you may have installed in your system. When
insecure versions are detected, the Secunia Software Inspector also
provides thorough guidelines for updating the software to the latest
secure version from the vendor.
Feature Overview - The Secunia Software Inspector:
* Detects insecure versions of applications installed
* Verifies that all Microsoft patches are applied
* Assists you in updating your system and applications
* Runs through your browser. No installation or download is required.
Try it out online:
http://secunia.com/software_inspector/
Read more in our blog:
http://secunia.com/blog/3/
========================================================================
2) This Week in Brief:
A "zero-day" vulnerability has been reported in Microsoft Word, which
potentially can be exploited by malicious people to compromise a user's
system.
Due to the nature of the vulnerability, combined with the facts that
the vulnerability is currently unpatched and is already being exploited
in the wild, Secunia has rated this "Extremely Critical".
Please refer to the referenced Secunia advisory for additional details.
Reference:
http://secunia.com/SA23232
--
Tavis Ormandy has reported a vulnerability in GnuPG, which can be
exploited by malicious people to compromise a vulnerable system.
Successful exploitation allows execution of arbitrary code.
Reference:
http://secunia.com/SA23245
--
A vulnerability has been reported in Adobe Download Manager, which can
be exploited by malicious people to compromise a user's system.
Successful exploitation allows execution of arbitrary code when a user
e.g. visits a malicious website.
Reference:
http://secunia.com/SA23233
--
VIRUS ALERTS:
During the past week Secunia collected 182 virus descriptions from the
Antivirus vendors. However, none were deemed MEDIUM risk or higher
according to the Secunia assessment scale.
========================================================================
3) This Weeks Top Ten Most Read Advisories:
1. [SA23232] Microsoft Word Unspecified Memory Corruption
Vulnerability
2. [SA21910] Internet Explorer Multiple Vulnerabilities
3. [SA23196] Microsoft Windows Print Spooler Denial of Service
Vulnerability
4. [SA23178] Mac OS X ftpd Buffer Overflow Vulnerability
5. [SA22477] Internet Explorer 7 "mhtml:" Redirection Information
Disclosure
6. [SA23138] Adobe Reader / Acrobat AcroPDF ActiveX Control Bugs
7. [SA23159] Apple AirPort Beacon Frame Denial of Service
8. [SA23080] MailEnable IMAP Service Two Vulnerabilities
9. [SA23046] Firefox Password Manager Information Disclosure
10. [SA23155] Mac OS X Security Update Fixes Multiple Vulnerabilities
========================================================================
4) Vulnerabilities Summary Listing
Windows:
[SA23272] Nostra DivX Player M3U Playlist Buffer Overflow
Vulnerability
[SA23246] Citrix ICA Client ActiveX Control Buffer Overflow
Vulnerability
[SA23185] JustSystems Multiple Products Buffer Overflow Vulnerability
[SA23228] DUware DUnews Two SQL Injection Vulnerabilities
[SA23224] DUware DUdownload "iFile" SQL Injection Vulnerability
[SA23222] DUware DUpaypal "iPro" and "iType" SQL Injection
[SA23192] BlazeVideo HDTV Player PLF Parsing Buffer Overflow
Vulnerability
[SA23182] VUPlayer M3U/PLS Playlist Parsing Buffer Overflow
Vulnerability
[SA23225] Ultimate HelpDesk Cross-Site Scripting and Directory
Traversal
[SA23244] Novell Client srvloc.sys Denial of Service Vulnerability
[SA23243] Novell ZENworks Patch Management SQL Injection Vulnerability
[SA23196] Microsoft Windows Print Spooler Denial of Service
Vulnerability
[SA23191] GNotebooks Plugin Insecure Permissions Security Issue
UNIX/Linux:
[SA23269] Slackware update for gnupg
[SA23259] rPath update for gnupg
[SA23255] Ubuntu update for gnupg
[SA23249] Ubuntu update for xine-lib
[SA23245] GnuPG OpenPGP Message Decryption Vulnerability
[SA23242] Mandriva update for xine-lib
[SA23220] Mandriva update for koffice
[SA23218] xine-lib libreal and libmms Buffer Overflow Vulnerabilities
[SA23202] Debian update for mozilla-firefox
[SA23197] Debian update for mozilla
[SA23194] deV!L'z Clanportal File Upload and SQL Injection
[SA23162] Ubuntu update for koffice
[SA23266] Ubuntu update for evince-gtk
[SA23260] HP-UX update for Apache
[SA23251] Red Hat update for mod_auth_kerb
[SA23241] HP-UX update for Secure Shell
[SA23237] Fail2ban Denial of Service Vulnerability
[SA23236] DenyHosts "hosts.deny" Denial of Service
[SA23235] Debian update for mozilla-thunderbird
[SA23227] Ubuntu update for libgsf
[SA23219] Mandriva update for ImageMagick
[SA23212] Debian update for asterisk
[SA23209] Slackware update for tar
[SA23207] Slackware update for proftpd
[SA23198] FreeBSD update for gtar
[SA23184] Mandriva update for proftpd
[SA23183] Ubuntu update for evince
[SA23179] Gentoo update for proftpd
[SA23178] Mac OS X ftpd Buffer Overflow Vulnerability
[SA23174] Debian update for proftpd
[SA23173] rPath update for tar
[SA23172] rPath update for dovecot
[SA23171] rPath update for gnupg
[SA23170] rPath update for openldap
[SA23167] Debian update for libgsf
[SA23166] Mandriva update for libgsf
[SA23164] GNOME Structured File Library "ole_info_read_metabat()"
Buffer Overflow
[SA23163] Debian update for tar
[SA23161] Mandriva update for GnuPG
[SA23234] Debian update for elinks
[SA23230] l2tpns Heartbeat Packets Buffer Overflow Vulnerability
[SA23188] Debian update for links
[SA23264] Upload Script Administrator Password Hash Exposure
[SA23239] Google Search Appliances UTF-7 Cross-Site Scripting
[SA23226] Vt-Forum Lite System "StrMes" Cross-Site Scripting
Vulnerability
[SA23208] Slackware update for libpng
[SA23181] @lex Guestbook "skin" Cross-Site Scripting Vulnerability
[SA23159] Apple AirPort Beacon Frame Denial of Service
[SA23252] rPath update for kernel
[SA23213] SUSE update for mono
[SA23268] Mandriva update for ruby
[SA23203] KDE JPEG kfile-info EXIF Denial of Service Weakness
[SA23187] Sun Solaris Unspecified Local Denial of Service
Other:
[SA23215] Barracuda Spam Firewall Buffer Overflow Vulnerability
[SA23265] XEROX WorkCentre Products Multiple Vulnerabilities
[SA23256] Linksys WIP 330 "PhoneCtrl.exe" Denial of Service
Cross Platform:
[SA23232] Microsoft Word Unspecified Memory Corruption Vulnerability
[SA23250] Red Hat update for gnupg
[SA23233] Adobe Download Manager AOM Buffer Overflow Vulnerability
[SA23216] JAB Guest Book PHP Command Injection Vulnerabilities
[SA23206] mxBB Portal mx_tinies Module "module_root_path" File
Inclusion
[SA23204] PHP Upload Center "footerpage" and "language" File Inclusion
[SA23262] SAP Internet Graphics Service Two Vulnerabilities
[SA23223] AgileBill / AgileVoice Denial of Service Vulnerability
[SA23200] Anna^ IRC Bot SQL Injection Vulnerabilities
[SA23195] SquirrelMail Multiple Cross-Site Scripting Vulnerabilities
[SA23190] plx Pay "read" File Inclusion Vulnerability
[SA23189] TWiki Authentication Bypass Vulnerability
[SA23180] Seditio SQL Injection and Unspecified Vulnerabilities
[SA23176] Photo Organizer Multiple Vulnerabilities
[SA23169] Online-Bookmarks Multiple Vulnerabilities
[SA23168] Quick.Cart "config[db_type]" Local File Inclusion
Vulnerabilities
[SA23158] ContentServ "src" Directory Traversal Vulnerability
[SA23177] IBM Tivoli Storage Manager Buffer Overflow Vulnerabilities
[SA23157] Novell ZENworks Asset Management Buffer Overflow
Vulnerability
[SA23261] Drupal CVS management/tracker Module Cross-Site Scripting
[SA23240] Plone Group Masquerading Vulnerability
[SA23238] BlueSocket BlueSecure Controller "ad_name" Cross-Site
Scripting
[SA23229] ISMail "error" Cross-Site Scripting Vulnerability
[SA23214] PHPNews "link_temp.php" Cross-Site Scripting Vulnerabilities
[SA23193] Cerberus Helpdesk "js" Cross-Site Scripting Vulnerability
[SA23186] Sun Java System Server Products HTTP Request Smuggling
[SA23175] Simple Machines Forum Cross-Site Scripting Vulnerability
[SA23248] 2X ThinClientServer Admin Account Replay Vulnerability
[SA23221] Intel LAN Driver Unspecified Privilege Escalation
Vulnerability
[SA23199] H-Sphere Control Panel Insecure Permissions of Logfiles
[SA23231] Emdros Local Denial of Service Vulnerabilities
========================================================================
5) Vulnerabilities Content Listing
Windows:--
[SA23272] Nostra DivX Player M3U Playlist Buffer Overflow
Vulnerability
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2006-12-07
Parvez Anwar has discovered a vulnerability in Nostra DivX Player,
which can be exploited by malicious people to compromise a user's
system.
Full Advisory:
http://secunia.com/advisories/23272/
--
[SA23246] Citrix ICA Client ActiveX Control Buffer Overflow
Vulnerability
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2006-12-06
A vulnerability has been discovered in Citrix Presentation Server
Client, which can be exploited by malicious people to compromise a
user's system.
Full Advisory:
http://secunia.com/advisories/23246/
--
[SA23185] JustSystems Multiple Products Buffer Overflow Vulnerability
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2006-12-05
Yuu Arai has discovered a vulnerability in various JustSystems
products, which potentially can be exploited by malicious people to
compromise a user's system.
Full Advisory:
http://secunia.com/advisories/23185/
--
[SA23228] DUware DUnews Two SQL Injection Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2006-12-04
Aria-Security Team have reported two vulnerabilities in DUware DUnews,
which can be exploited by malicious people to conduct SQL injection
attacks.
Full Advisory:
http://secunia.com/advisories/23228/
--
[SA23224] DUware DUdownload "iFile" SQL Injection Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2006-12-04
Aria-Security Team have reported a vulnerability in DUware DUdownload,
which can be exploited by malicious people to conduct SQL injection
attacks.
Full Advisory:
http://secunia.com/advisories/23224/
--
[SA23222] DUware DUpaypal "iPro" and "iType" SQL Injection
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2006-12-04
Aria-Security Team have reported two vulnerabilities in DUware
DUpaypal, which can be exploited by malicious people to conduct SQL
injection attacks.
Full Advisory:
http://secunia.com/advisories/23222/
--
[SA23192] BlazeVideo HDTV Player PLF Parsing Buffer Overflow
Vulnerability
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2006-12-04
Greg Linares has discovered a vulnerability in BlazeVideo HDTV Player,
which can be exploited by malicious people to compromise a user's
system.
Full Advisory:
http://secunia.com/advisories/23192/
--
[SA23182] VUPlayer M3U/PLS Playlist Parsing Buffer Overflow
Vulnerability
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2006-12-01
Greg Linares has discovered a vulnerability in VUPlayer, which can be
exploited by malicious people to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/23182/
--
[SA23225] Ultimate HelpDesk Cross-Site Scripting and Directory
Traversal
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting, Exposure of sensitive information
Released: 2006-12-04
ajann has reported some vulnerabilities in Ultimate HelpDesk, which can
be exploited by malicious users to disclose sensitive information or by
malicious people to conduct cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/23225/
--
[SA23244] Novell Client srvloc.sys Denial of Service Vulnerability
Critical: Less critical
Where: From local network
Impact: DoS
Released: 2006-12-07
A vulnerability has been reported in Novell Client, which can be
exploited by malicious people to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/23244/
--
[SA23243] Novell ZENworks Patch Management SQL Injection Vulnerability
Critical: Less critical
Where: From local network
Impact: Manipulation of data
Released: 2006-12-07
A vulnerability has been reported in Novell ZENWorks Patch Management,
which can be exploited by malicious users to conduct SQL injection
attacks.
Full Advisory:
http://secunia.com/advisories/23243/
--
[SA23196] Microsoft Windows Print Spooler Denial of Service
Vulnerability
Critical: Less critical
Where: From local network
Impact: DoS
Released: 2006-12-04
h07 has discovered a vulnerability in Microsoft Windows, which can be
exploited by malicious people to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/23196/
--
[SA23191] GNotebooks Plugin Insecure Permissions Security Issue
Critical: Less critical
Where: Local system
Impact: Exposure of sensitive information
Released: 2006-12-05
Richard Reed has discovered a security issue in the GNotebooks Plugin
for Google Desktop, which can be exploited by malicious, local users to
disclose certain sensitive information.
Full Advisory:
http://secunia.com/advisories/23191/
UNIX/Linux:--
[SA23269] Slackware update for gnupg
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2006-12-07
Slackware has issued an update for gnupg. This fixes some
vulnerabilities, which can be exploited by malicious people to
compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/23269/
--
[SA23259] rPath update for gnupg
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2006-12-07
rPath has issued an update for gnupg. This fixes a vulnerability, which
can be exploited by malicious people to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/23259/
--
[SA23255] Ubuntu update for gnupg
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2006-12-07
Ubuntu has issued an update for gnupg. This fixes a vulnerability,
which can be exploited by malicious people to compromise a vulnerable
system.
Full Advisory:
http://secunia.com/advisories/23255/
--
[SA23249] Ubuntu update for xine-lib
Critical: Highly critical
Where: From remote
Impact: DoS, System access
Released: 2006-12-05
Ubuntu has issued an update for xine-lib. This fixes a vulnerability,
which potentially can be exploited by malicious people to compromise a
user's system.
Full Advisory:
http://secunia.com/advisories/23249/
--
[SA23245] GnuPG OpenPGP Message Decryption Vulnerability
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2006-12-06
Tavis Ormandy has reported a vulnerability in GnuPG, which can be
exploited by malicious people to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/23245/
--
[SA23242] Mandriva update for xine-lib
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2006-12-06
Mandriva has issued an update for xine-lib. This fixes a vulnerability,
which can be exploited by malicious people to potentially compromise a
user's system.
Full Advisory:
http://secunia.com/advisories/23242/
--
[SA23220] Mandriva update for koffice
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2006-12-04
Mandriva has issued an update for koffice. This fixes a vulnerability,
which can be exploited by malicious people to potentially compromise a
user's system.
Full Advisory:
http://secunia.com/advisories/23220/
--
[SA23218] xine-lib libreal and libmms Buffer Overflow Vulnerabilities
Critical: Highly critical
Where: From remote
Impact: DoS, System access
Released: 2006-12-05
Some vulnerabilities have been reported in xine-lib, which potentially
can be exploited by malicious people to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/23218/
--
[SA23202] Debian update for mozilla-firefox
Critical: Highly critical
Where: From remote
Impact: Security Bypass, Cross Site Scripting, DoS, System access
Released: 2006-12-04
Debian has issued an update for mozilla-firefox. This fixes some
vulnerabilities, which can be exploited by malicious people to bypass
certain security restrictions, conduct cross-site scripting attacks,
and potentially compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/23202/
--
[SA23197] Debian update for mozilla
Critical: Highly critical
Where: From remote
Impact: Security Bypass, Cross Site Scripting, DoS, System access
Released: 2006-12-04
Debian has issued an update for mozilla. This fixes some
vulnerabilities, which can be exploited by malicious people to bypass
certain security restrictions, conduct cross-site scripting attacks,
and potentially compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/23197/
--
[SA23194] deV!L'z Clanportal File Upload and SQL Injection
Critical: Highly critical
Where: From remote
Impact: Manipulation of data, System access
Released: 2006-12-06
Tim Weber has discovered two vulnerabilities in deV!L'z Clanportal,
which can be exploited by malicious people to compromise a vulnerable
system and manipulate data.
Full Advisory:
http://secunia.com/advisories/23194/
--
[SA23162] Ubuntu update for koffice
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2006-11-30
Ubuntu has issued an update for koffice. This fixes a vulnerability,
which can be exploited by malicious people to potentially compromise a
user's system.
Full Advisory:
http://secunia.com/advisories/23162/
--
[SA23266] Ubuntu update for evince-gtk
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2006-12-07
Ubuntu has issued an update for evince-gtk. This fixes a vulnerability,
which can be exploited by malicious people to compromise a user's
system.
Full Advisory:
http://secunia.com/advisories/23266/
--
[SA23260] HP-UX update for Apache
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting, DoS, System access
Released: 2006-12-06
HP has issued an update for Apache-based Web Server. This fixes some
vulnerabilities, which can be exploited by malicious people to conduct
cross-site scripting attacks, to cause a DoS (Denial of Service), or to
compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/23260/
--
[SA23251] Red Hat update for mod_auth_kerb
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2006-12-07
Red Hat has issued an update for mod_auth_kerb. This fixes a
vulnerability, which can be exploited by malicious people to cause a
DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/23251/
--
[SA23241] HP-UX update for Secure Shell
Critical: Moderately critical
Where: From remote
Impact: Privilege escalation, DoS
Released: 2006-12-06
HP has issued an update for HP-UX. This fixes a vulnerability, which
can be exploited by malicious people to cause a DoS (Denial of
Service), and also fixes a weakness, which potentially can be exploited
by malicious, local users to perform certain actions with escalated
privileges.
Full Advisory:
http://secunia.com/advisories/23241/
--
[SA23237] Fail2ban Denial of Service Vulnerability
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2006-12-06
Tavis Ormandy has discovered a vulnerability in Fail2ban, which can be
exploited by malicious people to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/23237/
--
[SA23236] DenyHosts "hosts.deny" Denial of Service
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2006-12-06
Tavis Ormandy has discovered a vulnerability in DenyHosts, which can be
exploited by malicious people to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/23236/
--
[SA23235] Debian update for mozilla-thunderbird
Critical: Moderately critical
Where: From remote
Impact: Security Bypass, Cross Site Scripting, DoS, System access
Released: 2006-12-04
Debian has issued an update for mozilla-thunderbird. This fixes some
vulnerabilities, which can be exploited by malicious people to bypass
certain security restrictions, conduct cross-site scripting attacks,
and potentially compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/23235/
--
[SA23227] Ubuntu update for libgsf
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2006-12-05
Ubuntu has issued an update for libgsf. This fixes a vulnerability,
which potentially can be exploited by malicious people to compromise an
application using the library.
Full Advisory:
http://secunia.com/advisories/23227/
--
[SA23219] Mandriva update for ImageMagick
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2006-12-04
Mandriva has issued an update for ImageMagick. This fixes a
vulnerability, which can be exploited by malicious people to cause a
DoS (Denial of Service) and potentially compromise a user's system.
Full Advisory:
http://secunia.com/advisories/23219/
--
[SA23212] Debian update for asterisk
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2006-12-06
Debian has issued an update for asterisk. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service) and potentially compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/23212/
--
[SA23209] Slackware update for tar
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2006-12-04
Slackware has issued an update for tar. This fixes a security issue,
which can be exploited by malicious people to overwrite arbitrary
files.
Full Advisory:
http://secunia.com/advisories/23209/
--
[SA23207] Slackware update for proftpd
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2006-12-04
Slackware has issued an update for proftpd. This fixes some
vulnerabilities, which can be exploited by malicious users and
malicious people to potentially compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/23207/
--
[SA23198] FreeBSD update for gtar
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2006-12-06
FreeBSD has issued an update for gtar. This fixes a security issue,
which can be exploited by malicious people to overwrite arbitrary
files.
Full Advisory:
http://secunia.com/advisories/23198/
--
[SA23184] Mandriva update for proftpd
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2006-12-01
Mandriva has issued an update for proftpd. This fixes some
vulnerabilities, which can be exploited by malicious users and
malicious people to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/23184/
--
[SA23183] Ubuntu update for evince
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2006-12-01
Ubuntu has issued an update for evince. This fixes a vulnerability,
which can be exploited by malicious people to compromise a user's
system.
Full Advisory:
http://secunia.com/advisories/23183/
--
[SA23179] Gentoo update for proftpd
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2006-12-01
Gentoo has issued an update for proftpd. This fixes some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service) and by malicious users and malicious people to
potentially compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/23179/
--
[SA23178] Mac OS X ftpd Buffer Overflow Vulnerability
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2006-12-05
A vulnerability has been reported in Mac OS X, which potentially can be
exploited by malicious users to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/23178/
--
[SA23174] Debian update for proftpd
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2006-12-01
Debian has issued an update for proftpd. This fixes some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service) and by malicious users and malicious people to
potentially compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/23174/
--
[SA23173] rPath update for tar
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2006-12-01
rPath has issued an update for tar. This fixes a security issue, which
can be exploited by malicious people to overwrite arbitrary files.
Full Advisory:
http://secunia.com/advisories/23173/
--
[SA23172] rPath update for dovecot
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2006-12-01
rPath has issued an update for Dovecot. This fixes a vulnerability,
which can be exploited by malicious users to cause a DoS (Denial of
Service) or potentially compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/23172/
--
[SA23171] rPath update for gnupg
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2006-12-01
rPath has issued an update for gnupg. This fixes a vulnerability, which
potentially can be exploited by malicious people to compromise a user's
system.
Full Advisory:
http://secunia.com/advisories/23171/
--
[SA23170] rPath update for openldap
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2006-12-01
rPath has issued an update for openldap. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service).
Full Advisory:
http://secunia.com/advisories/23170/
--
[SA23167] Debian update for libgsf
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2006-11-30
Debian has issued an update for libgsf. This fixes a vulnerability,
which can be exploited by malicious people to potentially compromise a
vulnerable system.
Full Advisory:
http://secunia.com/advisories/23167/
--
[SA23166] Mandriva update for libgsf
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2006-12-01
Mandriva has issued an update for libgsf. This fixes a vulnerability,
which potentially can be exploited by malicious people to compromise an
application using the library.
Full Advisory:
http://secunia.com/advisories/23166/
--
[SA23164] GNOME Structured File Library "ole_info_read_metabat()"
Buffer Overflow
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2006-11-30
A vulnerability has been reported in libgsf, which potentially can be
exploited by malicious people to compromise an application using the
library.
Full Advisory:
http://secunia.com/advisories/23164/
--
[SA23163] Debian update for tar
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2006-12-04
Debian has issued an update for tar. This fixes a security issue, which
can be exploited by malicious people to overwrite arbitrary files.
Full Advisory:
http://secunia.com/advisories/23163/
--
[SA23161] Mandriva update for GnuPG
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2006-12-01
Mandriva has issued an update for GnuPG. This fixes a vulnerability,
which potentially can be exploited by malicious people to compromise a
user's system.
Full Advisory:
http://secunia.com/advisories/23161/
--
[SA23234] Debian update for elinks
Critical: Moderately critical
Where: From local network
Impact: Manipulation of data, Exposure of system information,
Exposure of sensitive information
Released: 2006-12-06
Debian has issued an update for elinks. This fixes a vulnerability,
which can be exploited by malicious people to expose sensitive
information and manipulate data.
Full Advisory:
http://secunia.com/advisories/23234/
--
[SA23230] l2tpns Heartbeat Packets Buffer Overflow Vulnerability
Critical: Moderately critical
Where: From local network
Impact: System access
Released: 2006-12-05
Rhys Kidd has reported a vulnerability in l2tpns, which potentially can
be exploited by malicious people to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/23230/
--
[SA23188] Debian update for links
Critical: Moderately critical
Where: From local network
Impact: Manipulation of data, Exposure of system information,
Exposure of sensitive information
Released: 2006-12-05
Debian has issued an update for links. This fixes a vulnerability,
which can be exploited by malicious people to expose sensitive
information and manipulate data.
Full Advisory:
http://secunia.com/advisories/23188/
--
[SA23264] Upload Script Administrator Password Hash Exposure
Critical: Less critical
Where: From remote
Impact: Exposure of sensitive information
Released: 2006-12-07
hack2prison has reported a security issue in Upload Script, which can
be exploited by malicious people to view administrator password
hashes.
Full Advisory:
http://secunia.com/advisories/23264/
--
[SA23239] Google Search Appliances UTF-7 Cross-Site Scripting
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2006-12-05
maluc has reported a vulnerability in Google Mini Search Appliance and
Google Search Appliance, which can be exploited by malicious people to
conduct cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/23239/
--
[SA23226] Vt-Forum Lite System "StrMes" Cross-Site Scripting
Vulnerability
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2006-12-06
St@rExT has discovered a vulnerability in VT-Forum Lite System, which
can be exploited by malicious people to conduct cross-site scripting
attacks.
Full Advisory:
http://secunia.com/advisories/23226/
--
[SA23208] Slackware update for libpng
Critical: Less critical
Where: From remote
Impact: DoS
Released: 2006-12-04
Slackware has issued an update for libpng. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service).
Full Advisory:
http://secunia.com/advisories/23208/
--
[SA23181] @lex Guestbook "skin" Cross-Site Scripting Vulnerability
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2006-12-01
Mr_KaLiMaN has reported a vulnerability in @lex Guestbook, which can be
exploited by malicious people to conduct cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/23181/
--
[SA23159] Apple AirPort Beacon Frame Denial of Service
Critical: Less critical
Where: From remote
Impact: DoS
Released: 2006-12-01
LMH has reported a vulnerability in the Apple AirPort Extreme driver,
which can be exploited by malicious people to cause a DoS (Denial of
Service).
Full Advisory:
http://secunia.com/advisories/23159/
--
[SA23252] rPath update for kernel
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2006-12-07
rPath has issued an update for the kernel. This fixes a vulnerability,
which can be exploited by malicious, local users to gain escalated
privileges.
Full Advisory:
http://secunia.com/advisories/23252/
--
[SA23213] SUSE update for mono
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2006-12-04
SUSE has issued an update for mono. This fixes a vulnerability, which
can be exploited by malicious, local users to perform certain actions
with escalated privileges.
Full Advisory:
http://secunia.com/advisories/23213/
--
[SA23268] Mandriva update for ruby
Critical: Not critical
Where: From remote
Impact: DoS
Released: 2006-12-07
Mandriva has issued an update for ruby. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service).
Full Advisory:
http://secunia.com/advisories/23268/
--
[SA23203] KDE JPEG kfile-info EXIF Denial of Service Weakness
Critical: Not critical
Where: From remote
Impact: DoS
Released: 2006-12-04
A weakness has been reported in KDE, which can be exploited by
malicious people to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/23203/
--
[SA23187] Sun Solaris Unspecified Local Denial of Service
Critical: Not critical
Where: Local system
Impact: DoS
Released: 2006-12-01
Sun has acknowledged a vulnerability in Sun Solaris, which can be
exploited by malicious, local users to cause a DoS (Denial of
Service).
Full Advisory:
http://secunia.com/advisories/23187/
Other:--
[SA23215] Barracuda Spam Firewall Buffer Overflow Vulnerability
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2006-12-06
Jean-Sbastien Guay-Leroux has reported a vulnerability in Barracuda
Spam Firewall, which can be exploited by malicious people to compromise
a vulnerable system.
Full Advisory:
http://secunia.com/advisories/23215/
--
[SA23265] XEROX WorkCentre Products Multiple Vulnerabilities
Critical: Moderately critical
Where: From local network
Impact: Security Bypass, Manipulation of data, Exposure of system
information, Exposure of sensitive information, DoS, System access
Released: 2006-12-06
Some vulnerabilities and weaknesses have been reported in various XEROX
WorkCentre products, which can be exploited by malicious people to
bypass certain security restrictions, expose certain sensitive
information, cause a DoS (Denial of Service), and compromise a
vulnerable system.
Full Advisory:
http://secunia.com/advisories/23265/
--
[SA23256] Linksys WIP 330 "PhoneCtrl.exe" Denial of Service
Critical: Less critical
Where: From local network
Impact: DoS
Released: 2006-12-07
A vulnerability has been reported in Linksys WIP 330, which can be
exploited by malicious people to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/23256/
Cross Platform:--
[SA23232] Microsoft Word Unspecified Memory Corruption Vulnerability
Critical: Extremely critical
Where: From remote
Impact: System access
Released: 2006-12-06
A vulnerability has been reported in Microsoft Word, which potentially
can be exploited by malicious people to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/23232/
--
[SA23250] Red Hat update for gnupg
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2006-12-06
Red Hat has issued an update for gnupg. This fixes some
vulnerabilities, which can be exploited by malicious people to
compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/23250/
--
[SA23233] Adobe Download Manager AOM Buffer Overflow Vulnerability
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2006-12-06
A vulnerability has been reported in Adobe Download Manager, which can
be exploited by malicious people to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/23233/
--
[SA23216] JAB Guest Book PHP Command Injection Vulnerabilities
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2006-12-05
Some vulnerabilities have been reported in JAB Guest Book, which can be
exploited by malicious people to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/23216/
--
[SA23206] mxBB Portal mx_tinies Module "module_root_path" File
Inclusion
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2006-12-04
bd0rk has reported a vulnerability in the mx_tinies module for MxBB,
which can be exploited by malicious people to compromise a vulnerable
system.
Full Advisory:
http://secunia.com/advisories/23206/
--
[SA23204] PHP Upload Center "footerpage" and "language" File Inclusion
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2006-12-04
GregStar has discovered two vulnerabilities in PHP Upload Center, which
can be exploited by malicious people to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/23204/
--
[SA23262] SAP Internet Graphics Service Two Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Security Bypass, Manipulation of data, Exposure of system
information, Exposure of sensitive information, DoS
Released: 2006-12-06
Mariano Nuez Di Croce has reported two vulnerabilities in SAP Internet
Graphics Service (IGS), which can be exploited by malicious people to
gain knowledge of various information, bypass certain security
restrictions, manipulate data, or cause a DoS (Denial of Service),
Full Advisory:
http://secunia.com/advisories/23262/
--
[SA23223] AgileBill / AgileVoice Denial of Service Vulnerability
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2006-12-06
Urs J Reinhart has reported a vulnerability in AgileBill and
AgileVoice, which can be exploited by malicious people to cause a DoS
(Denial of Service).
Full Advisory:
http://secunia.com/advisories/23223/
--
[SA23200] Anna^ IRC Bot SQL Injection Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2006-12-05
Some vulnerabilities have been reported in Anna^ IRC Bot, which can be
exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/23200/
--
[SA23195] SquirrelMail Multiple Cross-Site Scripting Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting
Released: 2006-12-04
Some vulnerabilities have been reported in SquirrelMail, which can be
exploited by malicious people to conduct cross-site scripting and
script insertion attacks.
Full Advisory:
http://secunia.com/advisories/23195/
--
[SA23190] plx Pay "read" File Inclusion Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Exposure of sensitive information
Released: 2006-12-01
arabhat has reported a vulnerability in plx Pay, which can be exploited
by malicious people to disclose sensitive information.
Full Advisory:
http://secunia.com/advisories/23190/
--
[SA23189] TWiki Authentication Bypass Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Security Bypass, Exposure of sensitive information
Released: 2006-12-01
A vulnerability has been reported in TWiki, which can be exploited by
malicious people to disclose certain sensitive information.
Full Advisory:
http://secunia.com/advisories/23189/
--
[SA23180] Seditio SQL Injection and Unspecified Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Unknown, Manipulation of data
Released: 2006-12-01
Some vulnerabilities have been reported in Seditio, which can be
exploited by malicious people to conduct SQL injection attacks and
other attacks with unknown impacts.
Full Advisory:
http://secunia.com/advisories/23180/
--
[SA23176] Photo Organizer Multiple Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data, Privilege escalation
Released: 2006-12-05
Some vulnerabilities have been reported in Photo Organizer, which can
be exploited by malicious users to manipulate data and by malicious
people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/23176/
--
[SA23169] Online-Bookmarks Multiple Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting, Manipulation of data
Released: 2006-12-05
Some vulnerabilities have been reported in Online-Bookmarks, which can
be exploited by malicious people to conduct SQL injection and
cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/23169/
--
[SA23168] Quick.Cart "config[db_type]" Local File Inclusion
Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Exposure of sensitive information
Released: 2006-12-05
r0ut3r has reported some vulnerabilities in Quick.Cart, which can be
exploited by malicious people to disclose sensitive information.
Full Advisory:
http://secunia.com/advisories/23168/
--
[SA23158] ContentServ "src" Directory Traversal Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Exposure of system information, Exposure of sensitive
information
Released: 2006-12-01
capt.nem0 has reported a vulnerability in ContentServ, which can be
exploited by malicious people to disclose sensitive information.
Full Advisory:
http://secunia.com/advisories/23158/
--
[SA23177] IBM Tivoli Storage Manager Buffer Overflow Vulnerabilities
Critical: Moderately critical
Where: From local network
Impact: DoS, System access
Released: 2006-12-05
TippingPoint Security Research Team has reported some vulnerabilities
in Tivoli Storage Manager, which can be exploited by malicious people
to cause a DoS (Denial of Service) and potentially compromise a
vulnerable system.
Full Advisory:
http://secunia.com/advisories/23177/
--
[SA23157] Novell ZENworks Asset Management Buffer Overflow
Vulnerability
Critical: Moderately critical
Where: From local network
Impact: System access
Released: 2006-12-04
Eric Detoisien has reported a vulnerability in Novell ZENWorks Asset
Management, which potentially can be exploited by malicious people to
compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/23157/
--
[SA23261] Drupal CVS management/tracker Module Cross-Site Scripting
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2006-12-06
A vulnerability has been reported in the CVS management/tracker module
for Drupal, which can be exploited by malicious users to conduct
cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/23261/
--
[SA23240] Plone Group Masquerading Vulnerability
Critical: Less critical
Where: From remote
Impact: Spoofing
Released: 2006-12-06
A vulnerability has been reported in Plone, which can be exploited by
malicious people to conduct spoofing attacks.
Full Advisory:
http://secunia.com/advisories/23240/
--
[SA23238] BlueSocket BlueSecure Controller "ad_name" Cross-Site
Scripting
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2006-12-05
Jesus Olmos Gonzalez has reported a vulnerability in BlueSocket
BlueSecure Controller, which can be exploited by malicious people to
conduct cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/23238/
--
[SA23229] ISMail "error" Cross-Site Scripting Vulnerability
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2006-12-05
Vicente Aguilera Diaz has reported a vulnerability in ISMail, which can
be exploited by malicious people to conduct cross-site scripting
attacks.
Full Advisory:
http://secunia.com/advisories/23229/
--
[SA23214] PHPNews "link_temp.php" Cross-Site Scripting Vulnerabilities
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2006-12-04
Detefix has discovered some vulnerabilities in PHPNews, which can be
exploited by malicious people to conduct cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/23214/
--
[SA23193] Cerberus Helpdesk "js" Cross-Site Scripting Vulnerability
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2006-12-05
En Douli has reported a vulnerability in Cerberus Helpdesk, which can
be exploited by malicious people to conduct cross-site scripting
attacks.
Full Advisory:
|
