AOH :: ISN-1630.HTM

Secunia Weekly Summary - Issue: 2005-22




Secunia Weekly Summary - Issue: 2005-22
Secunia Weekly Summary - Issue: 2005-22



=======================================================================
                  The Secunia Weekly Advisory Summary                  
                        2005-05-26 - 2005-06-02                        

                       This week : 57 advisories                       

=======================================================================Table of Contents:

1.....................................................Word From Secunia
2....................................................This Week In Brief
3...............................This Weeks Top Ten Most Read Advisories
4.......................................Vulnerabilities Summary Listing
5.......................................Vulnerabilities Content Listing

=======================================================================1) Word From Secunia:

The Secunia staff is spending hours every day to assure you the best
and most reliable source for vulnerability information. Every single 
vulnerability report is being validated and verified before a Secunia
advisory is written.

Secunia validates and verifies vulnerability reports in many different
ways e.g. by downloading the software and performing comprehensive
tests, by reviewing source code, or by validating the credibility of
the source from which the vulnerability report was issued.

As a result, Secunia's database is the most correct and complete source
for recent vulnerability information available on the Internet.

Secunia Online Vulnerability Database:
http://secunia.com/ 

=======================================================================2) This Week in Brief:

infamous41md has reported four vulnerabilities in GNU Mailutils, which
can be exploited to cause a DoS (Denial of Service) or compromise a
vulnerable system.

Please refer to Secunia advisory below for additional details.

Reference:
http://secunia.com/SA15442 



VIRUS ALERTS:

During the last week, Secunia issued 2 MEDIUM RISK virus alerts.
Please refer to the grouped virus profiles below for more information:

Mytob.CU - MEDIUM RISK Virus Alert - 2005-06-01 03:19 GMT+1
http://secunia.com/virus_information/18440/mytob.cu/ 

Mytob.bh - MEDIUM RISK Virus Alert - 2005-05-30 15:04 GMT+1
http://secunia.com/virus_information/18395/mytob.bh/ 

=======================================================================3) This Weeks Top Ten Most Read Advisories:

1.  [SA15470] CA Multiple Products Vet Antivirus Engine Buffer Overflow
2.  [SA15546] Microsoft Internet Explorer "window()" Denial of Service
              Weakness
3.  [SA15292] Mozilla Firefox Two Vulnerabilities
4.  [SA15531] BIG-IP TCP Timestamp Denial of Service
5.  [SA15528] Ubuntu update for mozilla-firefox
6.  [SA15526] HP-UX ICMP Message Handling Denial of Service
7.  [SA15525] HP-UX Unspecified Security Bypass Vulnerability
8.  [SA15548] Nortel VPN Routers IKE Packet Handling Denial of Service
9.  [SA14820] Mozilla Firefox JavaScript Engine Information Disclosure
              Vulnerability
10. [SA15530] Fedora update for imagemagick

=======================================================================4) Vulnerabilities Summary Listing

Windows:
[SA15520] Terminator 3: War of the Machines Two Vulnerabilities
[SA15564] JiRo's Upload System "password" SQL Injection Vulnerability
[SA15560] NEXTWEB (i)Site Multiple Vulnerabilities
[SA15557] Hummingbird InetD Components Buffer Overflow Vulnerabilities
[SA15556] Stronghold 2 Nickname Denial of Service Vulnerability
[SA15515] ZonGG "password" SQL Injection Vulnerability
[SA15511] MaxWebPortal "memKey" SQL Injection Vulnerability
[SA15539] FutureSoft TFTP Server 2000 Directory Traversal and Buffer
Overflows
[SA15540] Hosting Controller "jresourceid" SQL Injection Vulnerability
[SA15546] Microsoft Internet Explorer "window()" Denial of Service
Weakness
[SA15522] SoftICE DbgMsg.sys Driver Denial of Service Vulnerability

UNIX/Linux:
[SA15579] Conectiva update for php4
[SA15529] Gentoo update for mailutils
[SA15528] Ubuntu update for mozilla-firefox
[SA15574] Red Hat update for gnutls
[SA15523] NewLife Blogger Unspecified SQL Injection Vulnerabilities
[SA15514] SGI IRIX update for telnet
[SA15513] Red Hat update for imagemagick
[SA15576] Red Hat update for postgresql
[SA15570] Mandriva update for postgresql
[SA15525] HP-UX Unspecified Security Bypass Vulnerability
[SA15578] Conectiva update for gftp
[SA15533] qmail Memory Corruption Vulnerability
[SA15526] HP-UX ICMP Message Handling Denial of Service
[SA15577] Red Hat update for openssl
[SA15575] Trustix update for binutils
[SA15554] Mandriva update for gdb
[SA15544] Fast n Furious DtDNS Updater Command Line Argument
Disclosure
[SA15527] Ubuntu update for binutils/binutils-multiarch
[SA15524] Ubuntu update for gdb
[SA15512] Red Hat update for kernel
[SA15530] Fedora update for imagemagick
[SA15542] Clam AntiVirus on Mac OS X Privilege Escalation
Vulnerability

Other:
[SA15541] PicoWebServer HTTP Request Processing Buffer Overflow
[SA15548] Nortel VPN Routers IKE Packet Handling Denial of Service
[SA15531] BIG-IP TCP Timestamp Denial of Service

Cross Platform:
[SA15537] PowerDownload "incdir" File Inclusion Vulnerability
[SA15536] PeerCast URL Format String Vulnerability
[SA15519] C'Nedra "READ_TCP_STRING()" Buffer Overflow Vulnerability
[SA15510] PHP Poll Creator "relativer_pfad" File Inclusion
Vulnerability
[SA15569] Calendarix Advanced SQL Injection Vulnerabilities
[SA15558] I-Man File Attachments Upload Vulnerability
[SA15555] Qualiteam X-Cart Gold SQL Injection Vulnerabilities
[SA15552] MyBulletinBoard Multiple Vulnerabilities
[SA15550] ezUserManager Script Insertion and SQL Injection
[SA15538] FreeStyle Wiki Attachments Script Insertion Vulnerability
[SA15535] Ettercap "curses_msg()" Format String Vulnerability
[SA15534] phpThumb() "src" Exposure of Sensitive Information
[SA15532] NPDS Multiple Vulnerabilities
[SA15521] Hosting Controller "UserProfile.asp" Authentication Bypass
[SA15517] WordPress "cat_ID" SQL Injection Vulnerability
[SA15516] PHPstat "check" Authentication Bypass Vulnerability
[SA15562] Symantec Brightmail AntiSpam Static Database Password
[SA15547] Jaws "term" Cross-Site Scripting Vulnerability
[SA15543] PHPMailer "Data()" Denial of Service Vulnerability
[SA15518] NikoSoft WebMail Unspecified Cross-Site Scripting
Vulnerability
[SA15545] Invision Power Board Privilege Escalation Vulnerability

=======================================================================5) Vulnerabilities Content Listing

Windows:--

[SA15520] Terminator 3: War of the Machines Two Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2005-05-27

Luigi Auriemma has reported two vulnerabilities in Terminator 3: War of
the Machines, which can be exploited by malicious people to cause a DoS
(Denial of Service) and potentially compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/15520/ 

 --

[SA15564] JiRo's Upload System "password" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2005-06-01

Romty has reported a vulnerability in JiRo's Upload System, which can
be exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/15564/ 

 --

[SA15560] NEXTWEB (i)Site Multiple Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data, Exposure of sensitive information,
DoS
Released:    2005-06-01

Trash-80 has reported some vulnerabilities in NEXTWEB (i)Site, which
can be exploited by malicious people to cause a DoS (Denial of
Service), conduct SQL injection attacks and disclose sensitive
information.

Full Advisory:
http://secunia.com/advisories/15560/ 

 --

[SA15557] Hummingbird InetD Components Buffer Overflow Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2005-05-31

Two vulnerabilities have been reported in Hummingbird InetD, which can
be exploited by malicious people to cause a DoS (Denial of Service) and
potentially compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/15557/ 

 --

[SA15556] Stronghold 2 Nickname Denial of Service Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2005-05-31

Luigi Auriemma has reported a vulnerability in Stronghold 2, which can
be exploited by malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/15556/ 

 --

[SA15515] ZonGG "password" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2005-05-27

Romty has reported a vulnerability in ZonGG, which can be exploited by
malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/15515/ 

 --

[SA15511] MaxWebPortal "memKey" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2005-05-26

Soroush Dalili has reported a vulnerability in MaxWebPortal, which can
be exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/15511/ 

 --

[SA15539] FutureSoft TFTP Server 2000 Directory Traversal and Buffer
Overflows

Critical:    Moderately critical
Where:       From local network
Impact:      Exposure of system information, Exposure of sensitive
information, System access
Released:    2005-05-31

Tan Chew Keong has reported some vulnerabilities in TFTP Server 2000,
which can be exploited by malicious people to gain knowledge of
sensitive information or compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/15539/ 

 --

[SA15540] Hosting Controller "jresourceid" SQL Injection Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Manipulation of data
Released:    2005-05-30

Soroush Dalili has reported a vulnerability in Hosting Controller,
which can be exploited by malicious users to conduct SQL injection
attacks.

Full Advisory:
http://secunia.com/advisories/15540/ 

 --

[SA15546] Microsoft Internet Explorer "window()" Denial of Service
Weakness

Critical:    Not critical
Where:       From remote
Impact:      DoS
Released:    2005-05-31

Benjamin Tobias Franz has discovered a weakness in Internet Explorer,
which can be exploited by malicious people to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/15546/ 

 --

[SA15522] SoftICE DbgMsg.sys Driver Denial of Service Vulnerability

Critical:    Not critical
Where:       Local system
Impact:      DoS
Released:    2005-05-30

Piotr Bania has reported a vulnerability in SoftICE, which can be
exploited by malicious, local users to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/15522/ 


UNIX/Linux:--

[SA15579] Conectiva update for php4

Critical:    Highly critical
Where:       From remote
Impact:      Unknown, DoS, System access
Released:    2005-06-01

Conectiva has issued an update for php4. This fixes some
vulnerabilities, where some have an unknown impact and others can be
exploited by malicious people to cause a DoS (Denial of Service) and
potentially compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/15579/ 

 --

[SA15529] Gentoo update for mailutils

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2005-05-27

Gentoo has issued an update for mailutils. This fixes some
vulnerabilities, which can be exploited to cause a DoS (Denial of
Service) or compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/15529/ 

 --

[SA15528] Ubuntu update for mozilla-firefox

Critical:    Highly critical
Where:       From remote
Impact:      Cross Site Scripting, System access
Released:    2005-05-27

Ubuntu has issued an update for mozilla-firefox. This fixes two
vulnerabilities, which can be exploited by malicious people to conduct
cross-site scripting attacks and compromise a user's system.

Full Advisory:
http://secunia.com/advisories/15528/ 

 --

[SA15574] Red Hat update for gnutls

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2005-06-01

Red Hat has issued an update for gnutls. This fixes a vulnerability,
which potentially can be exploited by malicious people to cause a DoS
(Denial of Service).

Full Advisory:
http://secunia.com/advisories/15574/ 

 --

[SA15523] NewLife Blogger Unspecified SQL Injection Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2005-05-30

Some vulnerabilities have been reported in NewLife Blogger, which can
be exploited to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/15523/ 

 --

[SA15514] SGI IRIX update for telnet

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2005-05-26

SGI has issued an update for telnet. This fixes two vulnerabilities,
which can be exploited by malicious people to compromise a user's
system.

Full Advisory:
http://secunia.com/advisories/15514/ 

 --

[SA15513] Red Hat update for imagemagick

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2005-05-26

Red Hat has issued an update for imagemagick. This fixes a
vulnerability, which can be exploited by malicious people to cause a
DoS (Denial of Service) or potentially compromise a user's system.

Full Advisory:
http://secunia.com/advisories/15513/ 

 --

[SA15576] Red Hat update for postgresql

Critical:    Moderately critical
Where:       From local network
Impact:      Unknown, Privilege escalation, DoS
Released:    2005-06-02

Red Hat has released an update for postgresql. This fixes two
vulnerabilities, which can be exploited by malicious users to cause a
DoS (Denial of Service) or potentially gain escalated privileges.

Full Advisory:
http://secunia.com/advisories/15576/ 

 --

[SA15570] Mandriva update for postgresql

Critical:    Moderately critical
Where:       From local network
Impact:      Unknown, Privilege escalation, DoS
Released:    2005-06-02

Mandriva has issued an update for postgresql. This fixes two
vulnerabilities, which can be exploited by malicious users to cause a
DoS (Denial of Service) or potentially gain escalated privileges.

Full Advisory:
http://secunia.com/advisories/15570/ 

 --

[SA15525] HP-UX Unspecified Security Bypass Vulnerability

Critical:    Moderately critical
Where:       From local network
Impact:      Security Bypass
Released:    2005-05-27

A vulnerability has been reported in HP-UX, which potentially can be
exploited by malicious people to bypass certain security restrictions.

Full Advisory:
http://secunia.com/advisories/15525/ 

 --

[SA15578] Conectiva update for gftp

Critical:    Less critical
Where:       From remote
Impact:      Security Bypass, Manipulation of data
Released:    2005-06-01

Conectiva has issued an update for gftp. This fixes a vulnerability,
which can be exploited by malicious people to conduct directory
traversal attacks.

Full Advisory:
http://secunia.com/advisories/15578/ 

 --

[SA15533] qmail Memory Corruption Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      DoS, System access
Released:    2005-05-31

Georgi Guninski has reported a vulnerability in qmail, which can be
exploited by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/15533/ 

 --

[SA15526] HP-UX ICMP Message Handling Denial of Service

Critical:    Less critical
Where:       From remote
Impact:      DoS
Released:    2005-05-27

HP has acknowledged a vulnerability in HP-UX, which can be exploited by
malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/15526/ 

 --

[SA15577] Red Hat update for openssl

Critical:    Less critical
Where:       Local system
Impact:      Exposure of sensitive information, Privilege escalation
Released:    2005-06-02

Red Hat has issued an update for openssl. This fixes two
vulnerabilities, which can be exploited by malicious, local users to
gain knowledge of sensitive information or perform certain actions with
escalated privileges.

Full Advisory:
http://secunia.com/advisories/15577/ 

 --

[SA15575] Trustix update for binutils

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2005-06-01

Trustix has issued an update for binutils. This fixes a vulnerability,
which potentially can be exploited by malicious, local users to gain
escalated privileges.

Full Advisory:
http://secunia.com/advisories/15575/ 

 --

[SA15554] Mandriva update for gdb

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2005-05-31

Mandriva has issued an update for gdb. This fixes two vulnerabilities,
which potentially can be exploited by malicious, local users to gain
escalated privileges.

Full Advisory:
http://secunia.com/advisories/15554/ 

 --

[SA15544] Fast n Furious DtDNS Updater Command Line Argument
Disclosure

Critical:    Less critical
Where:       Local system
Impact:      Exposure of sensitive information
Released:    2005-05-30

A security issue has been reported in Fast n Furious DtDNS Updater,
which may disclose sensitive information to malicious, local users.

Full Advisory:
http://secunia.com/advisories/15544/ 

 --

[SA15527] Ubuntu update for binutils/binutils-multiarch

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2005-05-27

Ubuntu has issued updates for binutils and binutils-multiarch. These
fix a vulnerability, which potentially can be exploited by malicious,
local users to gain escalated privileges.

Full Advisory:
http://secunia.com/advisories/15527/ 

 --

[SA15524] Ubuntu update for gdb

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2005-05-27

Ubuntu has issued an update for gdb. This fixes two vulnerabilities,
which potentially can be exploited by malicious, local users to gain
escalated privileges.

Full Advisory:
http://secunia.com/advisories/15524/ 

 --

[SA15512] Red Hat update for kernel

Critical:    Less critical
Where:       Local system
Impact:      Exposure of sensitive information, Privilege escalation,
Security Bypass
Released:    2005-05-26

Red Hat has issued an update for the kernel. This fixes some
vulnerabilities, which can be exploited by malicious, local users to
gain knowledge of potentially sensitive information and gain escalated
privileges.

Full Advisory:
http://secunia.com/advisories/15512/ 

 --

[SA15530] Fedora update for imagemagick

Critical:    Not critical
Where:       From remote
Impact:      DoS
Released:    2005-05-27

Fedora has issued an update for imagemagick. This fixes a weakness,
which can be exploited by malicious people to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/15530/ 

 --

[SA15542] Clam AntiVirus on Mac OS X Privilege Escalation
Vulnerability

Critical:    Not critical
Where:       Local system
Impact:      Privilege escalation
Released:    2005-05-30

Tim Morgan and Kevin Amorin have reported a vulnerability in Clam
AntiVirus, which potentially can be exploited by malicious, local users
to gain escalated privileges.

Full Advisory:
http://secunia.com/advisories/15542/ 


Other:--

[SA15541] PicoWebServer HTTP Request Processing Buffer Overflow

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2005-05-30

Dennis Elser has reported a vulnerability in PicoWebServer, which can
be exploited by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/15541/ 

 --

[SA15548] Nortel VPN Routers IKE Packet Handling Denial of Service

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2005-05-30

NTA-Monitor has reported a vulnerability in Nortel VPN Routers, which
can be exploited by malicious people to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/15548/ 

 --

[SA15531] BIG-IP TCP Timestamp Denial of Service

Critical:    Less critical
Where:       From remote
Impact:      DoS
Released:    2005-05-27

F5 Networks has acknowledged a vulnerability in BIG-IP, which can be
exploited by malicious people to cause a DoS (Denial of Service) on an
active TCP session.

Full Advisory:
http://secunia.com/advisories/15531/ 


Cross Platform:--

[SA15537] PowerDownload "incdir" File Inclusion Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2005-05-31

SoulBlack Security Research has discovered a vulnerability in
PowerDownload, which can be exploited by malicious people to compromise
a vulnerable system.

Full Advisory:
http://secunia.com/advisories/15537/ 

 --

[SA15536] PeerCast URL Format String Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2005-05-30

James Bercegay has reported a vulnerability in PeerCast, which
potentially can be exploited by malicious people to compromise a
vulnerable system.

Full Advisory:
http://secunia.com/advisories/15536/ 

 --

[SA15519] C'Nedra "READ_TCP_STRING()" Buffer Overflow Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2005-05-27

Luigi Auriemma has reported a vulnerability in C'Nedra, which can be
exploited by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/15519/ 

 --

[SA15510] PHP Poll Creator "relativer_pfad" File Inclusion
Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2005-05-26

rash ilusion has reported a vulnerability in PHP Poll Creator, which
can be exploited by malicious people to compromise a vulnerable
system.

Full Advisory:
http://secunia.com/advisories/15510/ 

 --

[SA15569] Calendarix Advanced SQL Injection Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2005-06-01

DarkBicho has discovered some vulnerabilities in Calendarix Advanced,
which can be exploited by malicious people to conduct SQL injection
attacks.

Full Advisory:
http://secunia.com/advisories/15569/ 

 --

[SA15558] I-Man File Attachments Upload Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2005-06-01

A vulnerability has been reported in I-Man, which can be exploited by
malicious users to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/15558/ 

 --

[SA15555] Qualiteam X-Cart Gold SQL Injection Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2005-05-31

Censored has reported some vulnerabilities in Qualiteam X-Cart Gold,
which can be exploited by malicious people to conduct SQL injection
attacks.

Full Advisory:
http://secunia.com/advisories/15555/ 

 --

[SA15552] MyBulletinBoard Multiple Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting, Manipulation of data
Released:    2005-05-31

Some vulnerabilities have been reported in MyBulletinBoard (MyBB),
which can be exploited by malicious people to conduct cross-site
scripting, script insertion and SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/15552/ 

 --

[SA15550] ezUserManager Script Insertion and SQL Injection

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting, Manipulation of data
Released:    2005-06-01

Some vulnerabilities have been reported in ezUserManager, which can be
exploited by malicious people to conduct script insertion and SQL
injection attacks.

Full Advisory:
http://secunia.com/advisories/15550/ 

 --

[SA15538] FreeStyle Wiki Attachments Script Insertion Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2005-05-31

A vulnerability has been reported in FreeStyle Wiki and FSWikiLite,
which can be exploited by malicious people to conduct script insertion
attacks.

Full Advisory:
http://secunia.com/advisories/15538/ 

 --

[SA15535] Ettercap "curses_msg()" Format String Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2005-05-31

A vulnerability has been reported in Ettercap, which can be exploited
by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/15535/ 

 --

[SA15534] phpThumb() "src" Exposure of Sensitive Information

Critical:    Moderately critical
Where:       From remote
Impact:      Exposure of sensitive information
Released:    2005-06-02

A vulnerability has been reported in phpThumb(), which can be exploited
by malicious people to disclose sensitive information.

Full Advisory:
http://secunia.com/advisories/15534/ 

 --

[SA15532] NPDS Multiple Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting, Manipulation of data
Released:    2005-05-30

NoSP and Romano has reported some vulnerabilities in NPDS, which can be
exploited by malicious people to conduct cross-site scripting, script
insertion and SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/15532/ 

 --

[SA15521] Hosting Controller "UserProfile.asp" Authentication Bypass

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass
Released:    2005-05-31

A vulnerability has been reported in Hosting Controller, which can be
exploited by malicious people to bypass certain security restrictions.

Full Advisory:
http://secunia.com/advisories/15521/ 

 --

[SA15517] WordPress "cat_ID" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2005-05-30

A vulnerability has been reported in WordPress, which can be exploited
by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/15517/ 

 --

[SA15516] PHPstat "check" Authentication Bypass Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass
Released:    2005-05-27

SoulBlack Security Research has discovered a vulnerability in PHPstat,
which can be exploited by malicious people to bypass certain security
restrictions.

Full Advisory:
http://secunia.com/advisories/15516/ 

 --

[SA15562] Symantec Brightmail AntiSpam Static Database Password

Critical:    Moderately critical
Where:       From local network
Impact:      Security Bypass
Released:    2005-06-01

A security issue has been reported in Symantec Brightmail AntiSpam,
which can be exploited by malicious people to bypass security
restrictions.

Full Advisory:
http://secunia.com/advisories/15562/ 

 --

[SA15547] Jaws "term" Cross-Site Scripting Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2005-05-30

Paulino Calderon has reported a vulnerability in Jaws, which can be
exploited by malicious people to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/15547/ 

 --

[SA15543] PHPMailer "Data()" Denial of Service Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      DoS
Released:    2005-05-31

Mariano Nu=F1ez Di Croce has reported a vulnerability in PHPMailer, which
can be exploited by malicious people to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/15543/ 

 --

[SA15518] NikoSoft WebMail Unspecified Cross-Site Scripting
Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2005-05-30

A vulnerability has been reported in NikoSoft WebMail, which
potentially can be exploited by malicious people to conduct cross-site
scripting attacks.

Full Advisory:
http://secunia.com/advisories/15518/ 

 --

[SA15545] Invision Power Board Privilege Escalation Vulnerability

Critical:    Not critical
Where:       From remote
Impact:      Privilege escalation
Released:    2005-05-30

Rapigator has reported a vulnerability in Invision Power Board, which
can be exploited by malicious users to gain escalated privileges.

Full Advisory:
http://secunia.com/advisories/15545/ 



=======================================================================
Secunia recommends that you verify all advisories you receive,
by clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only use
those supplied by the vendor.

Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/ 

Subscribe:
http://secunia.com/secunia_weekly_summary/ 

Contact details:
Web	: http://secunia.com/ 
E-mail	: support@secunia.com 
Tel	: +45 70 20 51 44
Fax	: +45 70 20 51 45



_________________________________________
Attend the Black Hat Briefings &
Training, Las Vegas July 23-28 - 
2,000+ international security experts, 10 tracks, no vendor pitches. www.blackhat.com 

Site design & layout copyright © 1986-2014 CodeGods