AOH :: ISN-1358.HTM

Secunia Weekly Summary - Issue: 2005-35




Secunia Weekly Summary - Issue: 2005-35
Secunia Weekly Summary - Issue: 2005-35



=======================================================================
                  The Secunia Weekly Advisory Summary                  
                        2005-08-25 - 2005-09-01                        

                       This week : 64 advisories                       

=======================================================================Table of Contents:

1.....................................................Word From Secunia
2....................................................This Week In Brief
3...............................This Weeks Top Ten Most Read Advisories
4.......................................Vulnerabilities Summary Listing
5.......................................Vulnerabilities Content Listing

=======================================================================1) Word From Secunia:

The Secunia staff is spending hours every day to assure you the best
and most reliable source for vulnerability information. Every single 
vulnerability report is being validated and verified before a Secunia
advisory is written.

Secunia validates and verifies vulnerability reports in many different
ways e.g. by downloading the software and performing comprehensive
tests, by reviewing source code, or by validating the credibility of
the source from which the vulnerability report was issued.

As a result, Secunia's database is the most correct and complete source
for recent vulnerability information available on the Internet.

Secunia Online Vulnerability Database:
http://secunia.com/ 

=======================================================================2) This Week in Brief:

A vulnerability has been reported in mplayer, which potentially can be
exploited by malicious people to compromise a vulnerable system.

Additional details can be found in the referenced Secunia advisory
below.

Reference:
http://secunia.com/SA16509 


VIRUS ALERTS:

Secunia has not issued any virus alerts during the week.

=======================================================================3) This Weeks Top Ten Most Read Advisories:

1.  [SA16560] Windows Registry Editor Utility String Concealment
              Weakness
2.  [SA16105] Skype "skype_profile.jpg" Insecure Temporary File
              Creation
3.  [SA16480] Microsoft DDS Library Shape Control Code Execution
              Vulnerability
4.  [SA16466] Adobe Acrobat / Reader Plug-in Buffer Overflow
              Vulnerability
5.  [SA16562] Symantec AntiVirus Corporate Edition / Client Security
              Privilege Escalation
6.  [SA15601] Mozilla / Mozilla Firefox Frame Injection Vulnerability
7.  [SA16559] Apache Byte-Range Filter Denial of Service Vulnerability
8.  [SA12758] Microsoft Word Document Parsing Buffer Overflow
              Vulnerabilities
9.  [SA16598] Simple PHP Blog Image File Upload Vulnerability
10. [SA16494] Linux Kernel Denial of Service and IPsec Policy Bypass

=======================================================================4) Vulnerabilities Summary Listing

Windows:
[SA16629] BFCommand & Control Server Manager Multiple Vulnerabilities
[SA16613] BNBT EasyTracker Denial of Service Vulnerability
[SA16615] BlueWhaleCRM "Account ID" SQL Injection Vulnerability

UNIX/Linux:
[SA16637] Slackware update for gaim
[SA16635] Slackware update for php
[SA16631] Debian update for php4
[SA16628] Red Hat update for evolution
[SA16621] Gentoo update for phpgroupware
[SA16619] SUSE update for php4/php5
[SA16601] Fedora update for lesstif
[SA16593] Gentoo update for phpwiki
[SA16592] Fedora update for openmotif
[SA16589] Fedora update for php
[SA16576] Debian update for simpleproxy
[SA16644] Avaya Multiple Ethereal Vulnerabilities
[SA16638] Slackware update for pcre
[SA16634] Debian update for kismet
[SA16624] Debian update for pstotext
[SA16618] SUSE update for pcre
[SA16614] UMN Gopher "VIfromLine()" Buffer Overflow Vulnerability
[SA16600] SqWebMail HTML Emails Script Insertion Vulnerability
[SA16599] Mandriva update for gnumeric
[SA16587] Gentoo update for libpcre
[SA16584] Gnumeric PCRE Integer Overflow Vulnerability
[SA16582] Mandriva update for bluez-utils
[SA16581] Mandriva update for pcre
[SA16580] Mandriva update for php
[SA16575] Mandriva update for python
[SA16574] Affix Device Name Shell Command Injection Vulnerability
[SA16641] Avaya PDS HP-UX Unspecified Security Bypass Vulnerability
[SA16643] Avaya gzip Directory Traversal Vulnerability
[SA16636] Debian update for phpldapadmin
[SA16622] Avaya Media Servers rsh Directory Traversal Vulnerability
[SA16603] Ubuntu update for courier-base
[SA16590] Fedora update for freeradius
[SA16588] Debian update for libpam-ldap
[SA16578] Astaro Security Linux Proxy Security Issue
[SA16642] Avaya OpenSSL "der_chop" Script Insecure Temporary File
Creation
[SA16626] Gentoo update for lm_sensors
[SA16610] Debian update for maildrop
[SA16608] Fedora update for kernel
[SA16591] Debian update for backup-manager
[SA16586] HP-UX Veritas File System Security Bypass Vulnerability
[SA16579] Mandriva update for lm_sensors
[SA16606] Fedora update for ntp
[SA16602] NTP Incorrect Group Permissions Security Issue

Other:
[SA16640] Novell NetWare CIFS Denial of Service Vulnerability

Cross Platform:
[SA16627] FUDforum Avatar Upload Vulnerability
[SA16620] AutoLinks Pro "alpath" File Inclusion Vulnerability
[SA16617] phpLDAPadmin welcome.php Arbitrary File Inclusion
[SA16607] Looking Glass Cross-Site Scripting and Shell Command
Injection
[SA16585] Quake 2 Lithium II Mod Nickname Format String Vulnerability
[SA16632] PHP-Fusion Nested BBcode "url" Script Insertion
Vulnerability
[SA16625] Cosmoshop Login SQL Injection Vulnerability
[SA16623] Helpdesk software Hesk Authentication Bypass Vulnerability
[SA16616] Simple PHP Blog comment_delete_cgi.php Arbitrary File
Deletion
[SA16612] FreeStyle Wiki Arbitrary Command Injection Vulnerability
[SA16597] PhotoPost PHP Pro EXIF Data Script Insertion Vulnerability
[SA16596] YaPig EXIF Data Script Insertion Vulnerability
[SA16595] phpGraphy EXIF Data Script Insertion Vulnerability
[SA16594] Gallery EXIF Data Script Insertion and File Disclosure
Vulnerability
[SA16611] phpLDAPadmin Anonymous Bind Security Bypass
[SA16605] phpMyAdmin Two Cross-Site Scripting Vulnerabilities
[SA16598] Simple PHP Blog Image File Upload Vulnerability

=======================================================================5) Vulnerabilities Content Listing

Windows:--

[SA16629] BFCommand & Control Server Manager Multiple Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass
Released:    2005-08-30

Luigi Auriemma has reported some vulnerabilities in BFCommand & Control
Server Manager, which can be exploited by malicious people to bypass
certain security restrictions or cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/16629/ 

 --

[SA16613] BNBT EasyTracker Denial of Service Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2005-08-30

Sowhat has discovered a vulnerability in BNBT EasyTracker, which can be
exploited by malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/16613/ 

 --

[SA16615] BlueWhaleCRM "Account ID" SQL Injection Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Manipulation of data
Released:    2005-08-30

Kutbuddin Trunkwala has reported a vulnerability in BlueWhaleCRM, which
can be exploited by malicious users to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/16615/ 


UNIX/Linux:--

[SA16637] Slackware update for gaim

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2005-08-31

Slackware has issued an update for gaim. This fixes a vulnerability and
two weaknesses, which can be exploited by malicious people to cause a
DoS (Denial of Service) or compromise a user's system.

Full Advisory:
http://secunia.com/advisories/16637/ 

 --

[SA16635] Slackware update for php

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2005-08-31

Slackware has issued an update for php. This fixes two vulnerabilities,
which can be exploited by malicious people to compromise a vulnerable
system.

Full Advisory:
http://secunia.com/advisories/16635/ 

 --

[SA16631] Debian update for php4

Critical:    Highly critical
Where:       From remote
Impact:      Privilege escalation, System access
Released:    2005-08-30

Debian has issued an update for php4. This fixes some vulnerabilities,
which can be exploited by malicious, local users to perform certain
actions with escalated privileges, or by malicious people to compromise
a vulnerable system.

Full Advisory:
http://secunia.com/advisories/16631/ 

 --

[SA16628] Red Hat update for evolution

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2005-08-30

Red Hat has issued an update for evolution. This fixes some
vulnerabilities, which can be exploited by malicious people to
compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/16628/ 

 --

[SA16621] Gentoo update for phpgroupware

Critical:    Highly critical
Where:       From remote
Impact:      Security Bypass, Cross Site Scripting, System access
Released:    2005-08-31

Gentoo has issued an update for phpgroupware. This fixes some
vulnerabilities, which can be exploited by malicious administrative
users to conduct script insertion attacks, or by malicious people to
bypass certain security restrictions or compromise a vulnerable
system.

Full Advisory:
http://secunia.com/advisories/16621/ 

 --

[SA16619] SUSE update for php4/php5

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2005-08-31

SUSE has issued updates for php4 and php5. These fix some
vulnerabilities, which can be exploited by malicious people to
compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/16619/ 

 --

[SA16601] Fedora update for lesstif

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2005-08-29

Fedora has issued an update for lesstif. This fixes multiple
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service) or potentially compromise a user's system.

Full Advisory:
http://secunia.com/advisories/16601/ 

 --

[SA16593] Gentoo update for phpwiki

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2005-08-26

Gentoo has issued an update for phpwiki. This fixes a vulnerability,
which can be exploited by malicious people to compromise a vulnerable
system.

Full Advisory:
http://secunia.com/advisories/16593/ 

 --

[SA16592] Fedora update for openmotif

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2005-08-26

Fedora has issued an update for openmotif. This fixes a vulnerability,
which potentially can be exploited by malicious people to compromise a
vulnerable system.

Full Advisory:
http://secunia.com/advisories/16592/ 

 --

[SA16589] Fedora update for php

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2005-08-26

Fedora has issued an update for php. This fixes a vulnerability, which
can be exploited by malicious people to compromise a vulnerable
system.

Full Advisory:
http://secunia.com/advisories/16589/ 

 --

[SA16576] Debian update for simpleproxy

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2005-08-26

Debian has issued an update for simpleproxy. This fixes a
vulnerability, which potentially can be exploited by malicious people
to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/16576/ 

 --

[SA16644] Avaya Multiple Ethereal Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2005-08-31

Avaya has acknowledged some vulnerabilities in Ethereal included in
some products, which can be exploited by malicious people to cause a
DoS (Denial of Service) or compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/16644/ 

 --

[SA16638] Slackware update for pcre

Critical:    Moderately critical
Where:       From remote
Impact:      System access, DoS
Released:    2005-08-31

Slackware has issued an update for pcre. This fixes a vulnerability,
which potentially can be exploited by malicious people to compromise a
vulnerable system.

Full Advisory:
http://secunia.com/advisories/16638/ 

 --

[SA16634] Debian update for kismet

Critical:    Moderately critical
Where:       From remote
Impact:      Unknown, System access
Released:    2005-08-30

Debian has issued an update for Kismet. This fixes some
vulnerabilities, which potentially can be exploited by malicious people
to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/16634/ 

 --

[SA16624] Debian update for pstotext

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2005-09-01

Debian has issued an update for pstotext. This fixes a vulnerability,
which can be exploited by malicious people to compromise a vulnerable
system.

Full Advisory:
http://secunia.com/advisories/16624/ 

 --

[SA16618] SUSE update for pcre

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2005-08-31

SUSE has issued an update for pcre. This fixes a vulnerability, which
potentially can be exploited by malicious people to compromise a
vulnerable system.

Full Advisory:
http://secunia.com/advisories/16618/ 

 --

[SA16614] UMN Gopher "VIfromLine()" Buffer Overflow Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2005-08-30

vade79 has discovered a vulnerability in Gopher client, which can be
exploited by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/16614/ 

 --

[SA16600] SqWebMail HTML Emails Script Insertion Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2005-08-29

Secunia Research has discovered a vulnerability in SqWebMail, which can
be exploited by malicious people to conduct script insertion attacks.

Full Advisory:
http://secunia.com/advisories/16600/ 

 --

[SA16599] Mandriva update for gnumeric

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2005-08-29

Mandriva has issued an update for gnumeric. This fixes a vulnerability,
which potentially can be exploited by malicious people to compromise a
vulnerable system.

Full Advisory:
http://secunia.com/advisories/16599/ 

 --

[SA16587] Gentoo update for libpcre

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2005-08-26

Gentoo has issued an update for libpcre. This fixes a vulnerability,
which potentially can be exploited by malicious people to compromise a
vulnerable system.

Full Advisory:
http://secunia.com/advisories/16587/ 

 --

[SA16584] Gnumeric PCRE Integer Overflow Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2005-08-29

A vulnerability has been reported in Gnumeric, which potentially can be
exploited by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/16584/ 

 --

[SA16582] Mandriva update for bluez-utils

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass, System access
Released:    2005-08-26

Mandriva has issued an update for bluez-utils. This fixes a
vulnerability, which can be exploited by malicious people to bypass
certain security restrictions or compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/16582/ 

 --

[SA16581] Mandriva update for pcre

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2005-08-26

Mandriva has issued an update for pcre. This fixes a vulnerability,
which potentially can be exploited by malicious people to compromise a
vulnerable system.

Full Advisory:
http://secunia.com/advisories/16581/ 

 --

[SA16580] Mandriva update for php

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2005-08-26

Mandriva has issued an update for php. This fixes a vulnerability,
which potentially can be exploited by malicious people to compromise a
vulnerable system.

Full Advisory:
http://secunia.com/advisories/16580/ 

 --

[SA16575] Mandriva update for python

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2005-08-29

Mandriva has issued an update for python. This fixes a vulnerability,
which potentially can be exploited by malicious people to compromise a
vulnerable system.

Full Advisory:
http://secunia.com/advisories/16575/ 

 --

[SA16574] Affix Device Name Shell Command Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2005-08-29

Kevin Finisterre has reported a vulnerability in Affix, which can be
exploited by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/16574/ 

 --

[SA16641] Avaya PDS HP-UX Unspecified Security Bypass Vulnerability

Critical:    Moderately critical
Where:       From local network
Impact:      Security Bypass
Released:    2005-08-31

Avaya has acknowledged a vulnerability in Avaya PDS (Predictive Dialing
System), which potentially can be exploited by malicious people to
bypass certain security restrictions.

Full Advisory:
http://secunia.com/advisories/16641/ 

 --

[SA16643] Avaya gzip Directory Traversal Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Security Bypass, Manipulation of data
Released:    2005-08-31

Avaya has acknowledged a vulnerability in gzip included in some
products, which potentially can be exploited by malicious people to
extract files to arbitrary directories on a user's system.

Full Advisory:
http://secunia.com/advisories/16643/ 

 --

[SA16636] Debian update for phpldapadmin

Critical:    Less critical
Where:       From remote
Impact:      Security Bypass
Released:    2005-08-30

Debian has issued an update for phpldapadmin. This fixes a security
issue, which can be exploited by malicious people to bypass certain
security restrictions.

Full Advisory:
http://secunia.com/advisories/16636/ 

 --

[SA16622] Avaya Media Servers rsh Directory Traversal Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Manipulation of data
Released:    2005-08-31

Avaya has acknowledged a vulnerability in rsh included in S8XXX Media
Servers, which potentially can be exploited by malicious people to
overwrite arbitrary files on a vulnerable system.

Full Advisory:
http://secunia.com/advisories/16622/ 

 --

[SA16603] Ubuntu update for courier-base

Critical:    Less critical
Where:       From remote
Impact:      DoS
Released:    2005-08-29

Ubuntu has issued an update for courier-base. This fixes a
vulnerability, which potentially can be exploited by malicious people
to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/16603/ 

 --

[SA16590] Fedora update for freeradius

Critical:    Less critical
Where:       From remote
Impact:      Manipulation of data, DoS
Released:    2005-08-26

Fedora has issued an update for freeradius. This fixes some
vulnerabilities, which potentially can be exploited by malicious users
to conduct SQL injection attacks or to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/16590/ 

 --

[SA16588] Debian update for libpam-ldap

Critical:    Less critical
Where:       From remote
Impact:      Security Bypass
Released:    2005-08-26

Debian has issued an update for libpam-ldap. This fixes a security
issue, which can be exploited by malicious people to bypass certain
security restrictions.

Full Advisory:
http://secunia.com/advisories/16588/ 

 --

[SA16578] Astaro Security Linux Proxy Security Issue

Critical:    Less critical
Where:       From remote
Impact:      Security Bypass
Released:    2005-08-29

Oliver Karow has reported a security issue in Astaro Secure Linux,
which can be exploited by malicious people to bypass certain security
restrictions.

Full Advisory:
http://secunia.com/advisories/16578/ 

 --

[SA16642] Avaya OpenSSL "der_chop" Script Insecure Temporary File
Creation

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2005-08-31

Avaya has acknowledged a vulnerability in openssl included in some
products, which can be exploited by malicious, local users to perform
certain actions on a vulnerable system with escalated privileges.

Full Advisory:
http://secunia.com/advisories/16642/ 

 --

[SA16626] Gentoo update for lm_sensors

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2005-08-31

Gentoo has issued an update for lm_sensors. This fixes a vulnerability,
which can be exploited by malicious, local users to perform certain
actions on a vulnerable system with escalated privileges.

Full Advisory:
http://secunia.com/advisories/16626/ 

 --

[SA16610] Debian update for maildrop

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2005-08-30

Debian has issued an update for maildrop. This fixes a security issue,
which can be exploited by malicious, local users to gain escalated
privileges.

Full Advisory:
http://secunia.com/advisories/16610/ 

 --

[SA16608] Fedora update for kernel

Critical:    Less critical
Where:       Local system
Impact:      Security Bypass
Released:    2005-08-29

Fedora has issued an update for the kernel. This fixes a vulnerability,
which can be exploited by malicious, local users to bypass certain
security restrictions.

Full Advisory:
http://secunia.com/advisories/16608/ 

 --

[SA16591] Debian update for backup-manager

Critical:    Less critical
Where:       Local system
Impact:      Exposure of sensitive information, Privilege escalation
Released:    2005-08-29

Debian has issued an update for backup-manager. This fixes two
vulnerabilities, which potentially can be exploited by malicious, local
users to disclose potentially sensitive information or perform certain
actions on a vulnerable system with escalated privileges.

Full Advisory:
http://secunia.com/advisories/16591/ 

 --

[SA16586] HP-UX Veritas File System Security Bypass Vulnerability

Critical:    Less critical
Where:       Local system
Impact:      Security Bypass
Released:    2005-08-26

A vulnerability has been reported in HP-UX, which can be exploited by
malicious, local users to bypass certain security restrictions.

Full Advisory:
http://secunia.com/advisories/16586/ 

 --

[SA16579] Mandriva update for lm_sensors

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2005-08-26

Mandriva has issued an update for lm_sensors. This fixes a
vulnerability, which can be exploited by malicious, local users to
perform certain actions on a vulnerable system with escalated
privileges.

Full Advisory:
http://secunia.com/advisories/16579/ 

 --

[SA16606] Fedora update for ntp

Critical:    Not critical
Where:       Local system
Impact:      Privilege escalation
Released:    2005-08-29

Fedora has issued an update for ntp. This fixes a security issue, which
can cause ntpd to run with incorrect group permissions.

Full Advisory:
http://secunia.com/advisories/16606/ 

 --

[SA16602] NTP Incorrect Group Permissions Security Issue

Critical:    Not critical
Where:       Local system
Impact:      Privilege escalation
Released:    2005-08-29

Josh Bressers has reported a security issue in ntpd, which can cause
ntpd to run with incorrect group permissions.

Full Advisory:
http://secunia.com/advisories/16602/ 


Other:--

[SA16640] Novell NetWare CIFS Denial of Service Vulnerability

Critical:    Less critical
Where:       From local network
Impact:      DoS
Released:    2005-08-31

A vulnerability has been reported in NetWare, which can be exploited by
malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/16640/ 


Cross Platform:--

[SA16627] FUDforum Avatar Upload Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2005-08-30

riklaunim has discovered a vulnerability in FUDforum, which can be
exploited by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/16627/ 

 --

[SA16620] AutoLinks Pro "alpath" File Inclusion Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2005-08-30

NewAngels Team and 4Degrees have reported a vulnerability in AutoLinks
Pro, which can be exploited by malicious people to compromise a
vulnerable system.

Full Advisory:
http://secunia.com/advisories/16620/ 

 --

[SA16617] phpLDAPadmin welcome.php Arbitrary File Inclusion

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2005-08-30

rgod has discovered a vulnerability in phpLDAPadmin, which can be
exploited by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/16617/ 

 --

[SA16607] Looking Glass Cross-Site Scripting and Shell Command
Injection

Critical:    Highly critical
Where:       From remote
Impact:      Cross Site Scripting, System access
Released:    2005-08-29

rgod has discovered some vulnerabilities in Looking Glass, which can be
exploited by malicious people to conduct cross-site scripting attacks
and compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/16607/ 

 --

[SA16585] Quake 2 Lithium II Mod Nickname Format String Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2005-08-29

SinNULL has reported a vulnerability in Lithium II Mod, which can be
exploited by malicious people to cause a DoS (Denial of Service) or
potentially compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/16585/ 

 --

[SA16632] PHP-Fusion Nested BBcode "url" Script Insertion
Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2005-08-30

slacker4ever_1 has discovered a vulnerability in PHP-Fusion, which can
be exploited by malicious people to conduct script insertion attacks.

Full Advisory:
http://secunia.com/advisories/16632/ 

 --

[SA16625] Cosmoshop Login SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass, Manipulation of data, Exposure of
sensitive information
Released:    2005-08-30

l0om has reported a vulnerability in Cosmoshop, which can be exploited
by malicious people to conduct SQL injection attacks and disclose
sensitive information.

Full Advisory:
http://secunia.com/advisories/16625/ 

 --

[SA16623] Helpdesk software Hesk Authentication Bypass Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass
Released:    2005-08-30

s2b has discovered a vulnerability in Helpdesk software Hesk, which can
be exploited by malicious people to bypass certain security
restrictions.

Full Advisory:
http://secunia.com/advisories/16623/ 

 --

[SA16616] Simple PHP Blog comment_delete_cgi.php Arbitrary File
Deletion

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2005-08-30

Kenneth F. Belva has discovered a vulnerability in Simple PHP Blog,
which can be exploited by malicious people to manipulate sensitive
information.

Full Advisory:
http://secunia.com/advisories/16616/ 

 --

[SA16612] FreeStyle Wiki Arbitrary Command Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2005-08-30

A vulnerability has been reported in FreeStyle Wiki, which can be
exploited by malicious users to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/16612/ 

 --

[SA16597] PhotoPost PHP Pro EXIF Data Script Insertion Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2005-08-26

Cedric Cochin has reported a vulnerability in PhotoPost PHP Pro, which
can be exploited by malicious people to conduct script insertion
attacks.

Full Advisory:
http://secunia.com/advisories/16597/ 

 --

[SA16596] YaPig EXIF Data Script Insertion Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2005-08-26

Cedric Cochin has discovered a vulnerability in YaPig, which can be
exploited by malicious people to conduct script insertion attacks.

Full Advisory:
http://secunia.com/advisories/16596/ 

 --

[SA16595] phpGraphy EXIF Data Script Insertion Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2005-08-26

Cedric Cochin has reported a vulnerability in phpGraphy, which can be
exploited by malicious people to conduct script insertion attacks.

Full Advisory:
http://secunia.com/advisories/16595/ 

 --

[SA16594] Gallery EXIF Data Script Insertion and File Disclosure
Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting, Exposure of sensitive information
Released:    2005-08-26

Two vulnerabilities have been reported in Gallery, which can be
exploited by malicious people to conduct script insertion attacks or
disclose certain sensitive information.

Full Advisory:
http://secunia.com/advisories/16594/ 

 --

[SA16611] phpLDAPadmin Anonymous Bind Security Bypass

Critical:    Less critical
Where:       From remote
Impact:      Security Bypass
Released:    2005-08-30

Alexander Gerasiov has reported a security issue in phpLDAPadmin, which
can be exploited by malicious people to bypass certain security
restrictions.

Full Advisory:
http://secunia.com/advisories/16611/ 

 --

[SA16605] phpMyAdmin Two Cross-Site Scripting Vulnerabilities

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2005-08-29

Some vulnerabilities have been reported in phpMyAdmin, which can be
exploited by malicious people to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/16605/ 

 --

[SA16598] Simple PHP Blog Image File Upload Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      System access
Released:    2005-08-26

ReZEN and 0xception have discovered a vulnerability in Simple PHP Blog,
which can be exploited by malicious users to compromise a vulnerable
system.

Full Advisory:
http://secunia.com/advisories/16598/ 



=======================================================================
Secunia recommends that you verify all advisories you receive,
by clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only use
those supplied by the vendor.

Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/ 

Subscribe:
http://secunia.com/secunia_weekly_summary/ 

Contact details:
Web	: http://secunia.com/ 
E-mail	: support@secunia.com 
Tel	: +45 70 20 51 44
Fax	: +45 70 20 51 45




_________________________________________
Attend ToorCon 
Sept 16-18th, 2005
Convention Center
San Diego, California
www.toorcon.org 

Site design & layout copyright © 1986-2014 CodeGods