AOH :: ISN-1377.HTM

Secunia Weekly Summary - Issue: 2005-36




Secunia Weekly Summary - Issue: 2005-36
Secunia Weekly Summary - Issue: 2005-36



=======================================================================
                  The Secunia Weekly Advisory Summary                  
                        2005-09-01 - 2005-09-08                        

                       This week : 60 advisories                       

=======================================================================Table of Contents:

1.....................................................Word From Secunia
2....................................................This Week In Brief
3...............................This Weeks Top Ten Most Read Advisories
4.......................................Vulnerabilities Summary Listing
5.......................................Vulnerabilities Content Listing

=======================================================================1) Word From Secunia:

The Secunia staff is spending hours every day to assure you the best
and most reliable source for vulnerability information. Every single 
vulnerability report is being validated and verified before a Secunia
advisory is written.

Secunia validates and verifies vulnerability reports in many different
ways e.g. by downloading the software and performing comprehensive
tests, by reviewing source code, or by validating the credibility of
the source from which the vulnerability report was issued.

As a result, Secunia's database is the most correct and complete source
for recent vulnerability information available on the Internet.

Secunia Online Vulnerability Database:
http://secunia.com/ 

=======================================================================2) This Week in Brief:

Secunia Research has discovered a vulnerability in ALZip, which can be
exploited by malicious people to compromise a vulnerable system.

Additional details can be found in the referenced Secunia advisory.

Reference:
http://secunia.com/SA16479 


VIRUS ALERTS:

Secunia has not issued any virus alerts during the week.

=======================================================================3) This Weeks Top Ten Most Read Advisories:

1.  [SA16686] OpenSSH Two Security Issues
2.  [SA16661] Gentoo update for phpwebsite
3.  [SA16560] Windows Registry Editor Utility String Concealment
              Weakness
4.  [SA16480] Microsoft DDS Library Shape Control Code Execution
              Vulnerability
5.  [SA16466] Adobe Acrobat / Reader Plug-in Buffer Overflow
              Vulnerability
6.  [SA15601] Mozilla / Mozilla Firefox Frame Injection Vulnerability
7.  [SA16653] Symantec Anti-Virus LiveUpdate Credentials Disclosure
8.  [SA12758] Microsoft Word Document Parsing Buffer Overflow
              Vulnerabilities
9.  [SA16700] mod_ssl "SSLVerifyClient" Security Bypass Security Issue
10. [SA16683] Barracuda Spam Firewall Multiple Vulnerabilities

=======================================================================4) Vulnerabilities Summary Listing

Windows:
[SA16722] WebArchiveX ActiveX Control Insecure Methods
[SA16698] Free SMTP Server Open Mail Relay Vulnerability
[SA16685] Rediff Bol Exposure of Windows Address Book
[SA16684] N-Stealth Security Scanner "Server" Header Script Insertion
[SA16678] SlimFTPd Denial of Service Vulnerability
[SA16666] Savant Web Server Exposure of User Credentials

UNIX/Linux:
[SA16714] Ubuntu Updates for Multiple Packages
[SA16697] Gentoo update for openttd
[SA16696] OpenTTD Format String and Buffer Overflow Vulnerabilities
[SA16675] Debian update for webcalendar
[SA16670] Debian update for phpgroupware
[SA16723] Mandriva update for mplayer
[SA16709] Fedora update for squid
[SA16708] Squid "storeBuffer()" Denial of Service Vulnerability
[SA16705] Red Hat update for httpd
[SA16704] SqWebMail Conditional Comments Script Insertion
Vulnerability
[SA16700] mod_ssl "SSLVerifyClient" Security Bypass Security Issue
[SA16694] Gentoo update for gnumeric
[SA16690] Debian update for zsync
[SA16689] Debian update for affix
[SA16681] Debian update for proftpd
[SA16679] Debian update for pcre3
[SA16677] Trustix update for multiple packages
[SA16674] Squid "sslConnectTimeout()" Denial of Service Vulnerability
[SA16672] zsync Multiple zlib Vulnerabilities
[SA16737] Avaya Intuity Audix cpio Directory Traversal Vulnerability
[SA16702] Gentoo update for phpldapadmin
[SA16701] UnixWare ICMP Message Handling Denial of Service
[SA16686] OpenSSH Two Security Issues
[SA16676] Trustix update for cups
[SA16730] DCC dccifd Proxy Mode Denial of Service
[SA16736] Mandriva update for smb4k
[SA16724] Smb4k Insecure Temporary File Handling Vulnerability
[SA16720] Ubuntu update for kdebase-bin
[SA16716] Mandriva update for kdeedu
[SA16715] Mandriva update for kdebase
[SA16703] Fedora update for perl-DBI
[SA16695] Gentoo update for net-snmp
[SA16692] KDE kcheckpass Insecure Lock File Creation Vulnerability
[SA16725] Debian udpate for cvs
[SA16706] Red Hat update for cvs
[SA16687] Debian update for ntp
[SA16680] URBAN Symlink and Multiple Local Buffer Overflow
Vulnerabilities
[SA16673] Debian update for polygen
[SA16671] Polygen Output Files Insecure Permissions Weakness

Other:
[SA16683] Barracuda Spam Firewall Multiple Vulnerabilities

Cross Platform:
[SA16707] GuppY Multiple Vulnerabilities
[SA16693] MAXdev MD-Pro Multiple Vulnerabilities
[SA16682] WebGUI Perl Code Execution Vulnerabilities
[SA16733] Symantec Brightmail AntiSpam Denial of Service
Vulnerabilities
[SA16731] MAXdev MD-Pro Cross-Site Scripting and File Upload
Vulnerabilities
[SA16726] Unclassified NewsBoard "Description" Script Insertion
Vulnerability
[SA16721] phpCommunityCalendar Multiple Vulnerabilities
[SA16710] Land Down Under "neventtext" Script Insertion Vulnerability
[SA16699] myBloggie "username" SQL Injection Vulnerability
[SA16669] Nikto "Server" Header Script Insertion Vulnerability
[SA16667] Phorum "Username" Script Insertion Vulnerability
[SA16734] Open WebMail "sessionid" Cross-Site Scripting Vulnerability
[SA16668] gBook Unspecified Cross-Site Scripting Vulnerabilities
[SA16688] Apache PCRE Integer Overflow Vulnerability

=======================================================================5) Vulnerabilities Content Listing

Windows:--

[SA16722] WebArchiveX ActiveX Control Insecure Methods

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2005-09-07

Brett Moore has reported a vulnerability in WebArchiveX, which can be
exploited by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/16722/ 

 --

[SA16698] Free SMTP Server Open Mail Relay Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass
Released:    2005-09-05

basher13 has discovered a vulnerability in Free SMTP Server, which can
be exploited by malicious people to use it as an open mail relay.

Full Advisory:
http://secunia.com/advisories/16698/ 

 --

[SA16685] Rediff Bol Exposure of Windows Address Book

Critical:    Moderately critical
Where:       From remote
Impact:      Exposure of sensitive information
Released:    2005-09-05

Gregory R. Panakkal has discovered a security issue in Rediff Bol,
which can be exploited by malicious people to disclose sensitive
information.

Full Advisory:
http://secunia.com/advisories/16685/ 

 --

[SA16684] N-Stealth Security Scanner "Server" Header Script Insertion

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2005-09-02

Mariano Nunez Di Croce has reported a vulnerability in N-Stealth
Security Scanner, which can be exploited by malicious people to conduct
script insertion attacks.

Full Advisory:
http://secunia.com/advisories/16684/ 

 --

[SA16678] SlimFTPd Denial of Service Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2005-09-02

Critical Security has discovered a vulnerability in SlimFTPd, which can
be exploited by malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/16678/ 

 --

[SA16666] Savant Web Server Exposure of User Credentials

Critical:    Less critical
Where:       Local system
Impact:      Exposure of sensitive information
Released:    2005-09-02

basher13 has discovered a security issue in Savant Web Server, which
can be exploited by malicious, local users to disclose potentially
sensitive information.

Full Advisory:
http://secunia.com/advisories/16666/ 


UNIX/Linux:--

[SA16714] Ubuntu Updates for Multiple Packages

Critical:    Highly critical
Where:       From remote
Impact:      Security Bypass, DoS, System access
Released:    2005-09-07

Ubuntu has issued updates for multiple packages. These fix various
vulnerabilities and security issues, which can be exploited by
malicious people to cause a DoS (Denial of Service), and potentially
bypass certain security restrictions or compromise a vulnerable
system.

Full Advisory:
http://secunia.com/advisories/16714/ 

 --

[SA16697] Gentoo update for openttd

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2005-09-06

Gentoo has issued an update for openttd. This fixes some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service) or potentially compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/16697/ 

 --

[SA16696] OpenTTD Format String and Buffer Overflow Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2005-09-06

Alexey Dobriyan has reported some vulnerabilities in OpenTTD, which can
be exploited by malicious people to cause a DoS (Denial of Service) or
potentially compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/16696/ 

 --

[SA16675] Debian update for webcalendar

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2005-09-02

Debian has issued an update for webcalendar. This fixes a
vulnerability, which can be exploited by malicious people to compromise
a vulnerable system.

Full Advisory:
http://secunia.com/advisories/16675/ 

 --

[SA16670] Debian update for phpgroupware

Critical:    Highly critical
Where:       From remote
Impact:      Security Bypass, Cross Site Scripting, System access
Released:    2005-09-02

Debian has issued an update for phpgroupware. This fixes some
vulnerabilities, which can be exploited by malicious administrative
users to conduct script insertion attacks, or by malicious people to
bypass certain security restrictions or compromise a vulnerable
system.

Full Advisory:
http://secunia.com/advisories/16670/ 

 --

[SA16723] Mandriva update for mplayer

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2005-09-07

Mandriva has issued an update for mplayer. This fixes a vulnerability,
which potentially can be exploited by malicious people to compromise a
vulnerable system.

Full Advisory:
http://secunia.com/advisories/16723/ 

 --

[SA16709] Fedora update for squid

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2005-09-07

Fedora has issued an update for squid. This fixes some vulnerabilities,
which potentially can be exploited by malicious people to cause a DoS
(Denial of Service).

Full Advisory:
http://secunia.com/advisories/16709/ 

 --

[SA16708] Squid "storeBuffer()" Denial of Service Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2005-09-07

Nickolay has reported a vulnerability in Squid, which potentially can
be exploited by malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/16708/ 

 --

[SA16705] Red Hat update for httpd

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass, DoS
Released:    2005-09-06

Red Hat has issued an update for httpd. This fixes a vulnerability and
a security issue, which can be exploited by malicious people to cause a
DoS (Denial of Service) and potentially bypass certain security
restrictions.

Full Advisory:
http://secunia.com/advisories/16705/ 

 --

[SA16704] SqWebMail Conditional Comments Script Insertion
Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2005-09-06

Secunia Research has discovered a vulnerability in SqWebMail, which can
be exploited by malicious people to conduct script insertion attacks.

Full Advisory:
http://secunia.com/advisories/16704/ 

 --

[SA16700] mod_ssl "SSLVerifyClient" Security Bypass Security Issue

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass
Released:    2005-09-05

A security issue has been reported in mod_ssl, which potentially can be
exploited by malicious people to bypass certain security restrictions.

Full Advisory:
http://secunia.com/advisories/16700/ 

 --

[SA16694] Gentoo update for gnumeric

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2005-09-05

Gentoo has issued an update for gnumeric. This fixes a vulnerability,
which potentially can be exploited by malicious people to compromise a
vulnerable system.

Full Advisory:
http://secunia.com/advisories/16694/ 

 --

[SA16690] Debian update for zsync

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2005-09-02

Debian has issued an update for zsync. This fixes some vulnerabilities,
which can be exploited by malicious people to cause a DoS (Denial of
Service) or potentially compromise a user's system.

Full Advisory:
http://secunia.com/advisories/16690/ 

 --

[SA16689] Debian update for affix

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2005-09-02

Debian has issued an update for affix. This fixes a vulnerability,
which can be exploited by malicious people to compromise a vulnerable
system.

Full Advisory:
http://secunia.com/advisories/16689/ 

 --

[SA16681] Debian update for proftpd

Critical:    Moderately critical
Where:       From remote
Impact:      Exposure of sensitive information, DoS, System access
Released:    2005-09-02

Debian has issued an update for proftpd. This fixes two
vulnerabilities, which can be exploited by malicious users to disclose
certain sensitive information, cause a DoS (Denial of Service), or
potentially compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/16681/ 

 --

[SA16679] Debian update for pcre3

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2005-09-02

Debian has issued an update for pcre3. This fixes a vulnerability,
which potentially can be exploited by malicious people to compromise a
vulnerable system.

Full Advisory:
http://secunia.com/advisories/16679/ 

 --

[SA16677] Trustix update for multiple packages

Critical:    Moderately critical
Where:       From remote
Impact:      Privilege escalation, DoS, System access
Released:    2005-09-02

Trustix has issued updates for multiple packages. These fix some
vulnerabilities, which potentially can be exploited by malicious, local
users to perform certain actions on a vulnerable system with escalated
privileges, and by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/16677/ 

 --

[SA16674] Squid "sslConnectTimeout()" Denial of Service Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2005-09-02

Alex Masterov has reported a vulnerability in Squid, which potentially
can be exploited by malicious people to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/16674/ 

 --

[SA16672] zsync Multiple zlib Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2005-09-02

Some vulnerabilities have been reported in zsync, which can be
exploited by malicious people to conduct a DoS (Denial of Service) or
potentially compromise a user's system.

Full Advisory:
http://secunia.com/advisories/16672/ 

 --

[SA16737] Avaya Intuity Audix cpio Directory Traversal Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      System access
Released:    2005-09-07

Avaya has acknowledged a vulnerability in Intuity Audix, which can be
exploited by malicious people to cause files to be unpacked to
arbitrary locations on a user's system.

Full Advisory:
http://secunia.com/advisories/16737/ 

 --

[SA16702] Gentoo update for phpldapadmin

Critical:    Less critical
Where:       From remote
Impact:      Security Bypass
Released:    2005-09-06

Gentoo has issued an update for phpldapadmin. This fixes a security
issue, which can be exploited by malicious people to bypass certain
security restrictions.

Full Advisory:
http://secunia.com/advisories/16702/ 

 --

[SA16701] UnixWare ICMP Message Handling Denial of Service

Critical:    Less critical
Where:       From remote
Impact:      DoS
Released:    2005-09-05

SCO has issued an update for UnixWare. This fixes some vulnerabilities,
which can be exploited by malicious people to cause a DoS (Denial of
Service) on an active TCP session.

Full Advisory:
http://secunia.com/advisories/16701/ 

 --

[SA16686] OpenSSH Two Security Issues

Critical:    Less critical
Where:       From remote
Impact:      Security Bypass, Privilege escalation
Released:    2005-09-02

Two security issues have been reported in OpenSSH, which can be
exploited malicious users to gain escalated privileges or bypass
certain security restrictions.

Full Advisory:
http://secunia.com/advisories/16686/ 

 --

[SA16676] Trustix update for cups

Critical:    Less critical
Where:       From remote
Impact:      DoS
Released:    2005-09-02

Trustix has issued an update for cups. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service) on a vulnerable system.

Full Advisory:
http://secunia.com/advisories/16676/ 

 --

[SA16730] DCC dccifd Proxy Mode Denial of Service

Critical:    Less critical
Where:       From local network
Impact:      DoS
Released:    2005-09-07

Martin Pala has reported a vulnerability in DCC, which potentially can
be exploited by malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/16730/ 

 --

[SA16736] Mandriva update for smb4k

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2005-09-07

Mandriva has issued an update for smb4k. This fixes a vulnerability,
which can be exploited by malicious, local users to perform certain
actions on a vulnerable system with escalated privileges.

Full Advisory:
http://secunia.com/advisories/16736/ 

 --

[SA16724] Smb4k Insecure Temporary File Handling Vulnerability

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2005-09-07

A vulnerability has been reported in Smb4K, which can be exploited by
malicious, local users to perform certain actions on a vulnerable
system with escalated privileges.

Full Advisory:
http://secunia.com/advisories/16724/ 

 --

[SA16720] Ubuntu update for kdebase-bin

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2005-09-07

Ubuntu has issued an update for kdebase-bin. This fixes a
vulnerability, which potentially can be exploited by malicious, local
users to gain escalated privileges.

Full Advisory:
http://secunia.com/advisories/16720/ 

 --

[SA16716] Mandriva update for kdeedu

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2005-09-07

Mandriva has issued an update for kdeedu. This fixes a vulnerability,
which can be exploited by malicious, local users to perform certain
actions with escalated privileges on a vulnerable system.

Full Advisory:
http://secunia.com/advisories/16716/ 

 --

[SA16715] Mandriva update for kdebase

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2005-09-07

Mandriva has issued an update for kdebase. This fixes a vulnerability,
which potentially can be exploited by malicious, local users to gain
escalated privileges.

Full Advisory:
http://secunia.com/advisories/16715/ 

 --

[SA16703] Fedora update for perl-DBI

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2005-09-06

Fedora has issued an update for perl-DBI. This fixes a vulnerability,
which can be exploited by malicious, local users to perform certain
actions on a vulnerable system with escalated privileges.

Full Advisory:
http://secunia.com/advisories/16703/ 

 --

[SA16695] Gentoo update for net-snmp

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2005-09-06

Gentoo has issued an update for net-snmp. This fixes a vulnerability,
which can be exploited by malicious, local users to gain escalated
privileges.

Full Advisory:
http://secunia.com/advisories/16695/ 

 --

[SA16692] KDE kcheckpass Insecure Lock File Creation Vulnerability

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2005-09-05

Ilja van Sprundel has reported a vulnerability in kcheckpass, which
potentially can be exploited by malicious, local users to gain
escalated privileges.

Full Advisory:
http://secunia.com/advisories/16692/ 

 --

[SA16725] Debian udpate for cvs

Critical:    Not critical
Where:       Local system
Impact:      Privilege escalation
Released:    2005-09-07

Debian has issued an update for cvs. This fixes a security issue, which
potentially can be exploited by malicious, local users to perform
certain actions on a vulnerable system with escalated privileges.

Full Advisory:
http://secunia.com/advisories/16725/ 

 --

[SA16706] Red Hat update for cvs

Critical:    Not critical
Where:       Local system
Impact:      Privilege escalation
Released:    2005-09-06

Red Hat has issued an update for cvs. This fixes a security issue,
which potentially can be exploited by malicious, local users to perform
certain actions on a vulnerable system with escalated privileges.

Full Advisory:
http://secunia.com/advisories/16706/ 

 --

[SA16687] Debian update for ntp

Critical:    Not critical
Where:       Local system
Impact:      Privilege escalation
Released:    2005-09-05

Debian has issued an update for ntp. This fixes a security issue, which
can cause ntpd to run with incorrect group permissions.

Full Advisory:
http://secunia.com/advisories/16687/ 

 --

[SA16680] URBAN Symlink and Multiple Local Buffer Overflow
Vulnerabilities

Critical:    Not critical
Where:       Local system
Impact:      Privilege escalation
Released:    2005-09-05

shaun has reported some vulnerabilities in URBAN, which can be
exploited by malicious, local users to gain escalated privileges.

Full Advisory:
http://secunia.com/advisories/16680/ 

 --

[SA16673] Debian update for polygen

Critical:    Not critical
Where:       Local system
Impact:      Manipulation of data
Released:    2005-09-02

Debian has issued an update for polygen. This fixes a weakness, which
can be exploited by malicious, local users to manipulate the contents
of certain files.

Full Advisory:
http://secunia.com/advisories/16673/ 

 --

[SA16671] Polygen Output Files Insecure Permissions Weakness

Critical:    Not critical
Where:       Local system
Impact:      Manipulation of data
Released:    2005-09-02

Justin B Rye has reported a weakness in polygen, which can be exploited
by malicious, local users to manipulate certain information.

Full Advisory:
http://secunia.com/advisories/16671/ 


Other:--

[SA16683] Barracuda Spam Firewall Multiple Vulnerabilities

Critical:    Moderately critical
Where:       From local network
Impact:      Manipulation of data, Exposure of system information,
Exposure of sensitive information, System access
Released:    2005-09-02

Francois Harvey has reported some vulnerabilities in Barracuda Spam
Firewall, which can be exploited by malicious users to disclose and
manipulate sensitive information and by malicious people to compromise
a vulnerable system.

Full Advisory:
http://secunia.com/advisories/16683/ 


Cross Platform:--

[SA16707] GuppY Multiple Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      Cross Site Scripting, System access
Released:    2005-09-06

Romano_45 has reported some vulnerabilities in GuppY, which can be
exploited by malicious people to conduct cross-site scripting and
script insertion attacks, and compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/16707/ 

 --

[SA16693] MAXdev MD-Pro Multiple Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      Unknown, System access
Released:    2005-09-05

Some vulnerabilities have been reported in MAXdev MD-Pro, where some
have unknown impacts and others can be exploited by malicious people to
compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/16693/ 

 --

[SA16682] WebGUI Perl Code Execution Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2005-09-02

Some vulnerabilities have been reported in WebGUI, which can be
exploited by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/16682/ 

 --

[SA16733] Symantec Brightmail AntiSpam Denial of Service
Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2005-09-07

Two vulnerabilities have been reported in Brightmail, which potentially
can be exploited by malicious people to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/16733/ 

 --

[SA16731] MAXdev MD-Pro Cross-Site Scripting and File Upload
Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting, Exposure of system information,
System access
Released:    2005-09-07

rgod has discovered some vulnerabilities in MAXdev MD-Pro, which can be
exploited by malicious people to conduct cross-site scripting and script
insertion attacks and potentially compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/16731/ 

 --

[SA16726] Unclassified NewsBoard "Description" Script Insertion
Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2005-09-07

rgod has discovered a vulnerability in Unclassified NewsBoard, which
can be exploited by malicious people to conduct script insertion
attacks.

Full Advisory:
http://secunia.com/advisories/16726/ 

 --

[SA16721] phpCommunityCalendar Multiple Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass, Cross Site Scripting, Manipulation of
data
Released:    2005-09-07

rgod has discovered some vulnerabilities in phpCommunityCalendar, which
can be exploited by malicious people to conduct cross-site scripting,
script insertion and SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/16721/ 

 --

[SA16710] Land Down Under "neventtext" Script Insertion Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2005-09-07

conor.e.buckley has discovered a vulnerability in Land Down Under,
which can be exploited by malicious people to conduct script insertion
attacks.

Full Advisory:
http://secunia.com/advisories/16710/ 

 --

[SA16699] myBloggie "username" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass, Manipulation of data
Released:    2005-09-05

OS2A has reported a vulnerability in myBloggie, which can be exploited
by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/16699/ 

 --

[SA16669] Nikto "Server" Header Script Insertion Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2005-09-02

Mariano Nunez Di Croce has reported a vulnerability in Nikto, which can
be exploited by malicious people to conduct script insertion attacks.

Full Advisory:
http://secunia.com/advisories/16669/ 

 --

[SA16667] Phorum "Username" Script Insertion Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2005-09-02

Scott Dewey has reported a vulnerability in Phorum, which can be
exploited by malicious people to conduct script insertion attacks.

Full Advisory:
http://secunia.com/advisories/16667/ 

 --

[SA16734] Open WebMail "sessionid" Cross-Site Scripting Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2005-09-07

s3cure has reported a vulnerability in Open WebMail, which can be
exploited by malicious people to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/16734/ 

 --

[SA16668] gBook Unspecified Cross-Site Scripting Vulnerabilities

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2005-09-02

Some vulnerabilities have been reported in gBook, which can be
exploited by malicious people to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/16668/ 

 --

[SA16688] Apache PCRE Integer Overflow Vulnerability

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2005-09-05

A vulnerability has been reported in Apache, which can be exploited by
malicious, local users to gain escalated privileges via a specially
crafted ".htaccess" file.

Full Advisory:
http://secunia.com/advisories/16688/ 



=======================================================================
Secunia recommends that you verify all advisories you receive,
by clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only use
those supplied by the vendor.

Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/ 

Subscribe:
http://secunia.com/secunia_weekly_summary/ 

Contact details:
Web	: http://secunia.com/ 
E-mail	: support@secunia.com 
Tel	: +45 70 20 51 44
Fax	: +45 70 20 51 45



_________________________________________
Attend ToorCon 
Sept 16-18th, 2005
Convention Center
San Diego, California
www.toorcon.org 

Site design & layout copyright © 1986-2014 CodeGods