AOH :: ISN-2011.HTM

Secunia Weekly Summary - Issue: 2006-5




Secunia Weekly Summary - Issue: 2006-5
Secunia Weekly Summary - Issue: 2006-5



=======================================================================
                  The Secunia Weekly Advisory Summary                  
                        2006-01-26 - 2006-02-02                        

                       This week : 54 advisories                       

=======================================================================Table of Contents:

1.....................................................Word From Secunia
2....................................................This Week In Brief
3...............................This Weeks Top Ten Most Read Advisories
4.......................................Vulnerabilities Summary Listing
5.......................................Vulnerabilities Content Listing

=======================================================================1) Word From Secunia:

The Secunia staff is spending hours every day to assure you the best
and most reliable source for vulnerability information. Every single 
vulnerability report is being validated and verified before a Secunia
advisory is written.

Secunia validates and verifies vulnerability reports in many different
ways e.g. by downloading the software and performing comprehensive
tests, by reviewing source code, or by validating the credibility of
the source from which the vulnerability report was issued.

As a result, Secunia's database is the most correct and complete source
for recent vulnerability information available on the Internet.

Secunia Online Vulnerability Database:
http://secunia.com/ 

=======================================================================2) This Week in Brief:

A vulnerability has been discovered in Winamp, which can be exploited
by malicious people to compromise a user's system.

Successful exploitation allows execution of arbitrary code on a user's
system when e.g. a malicious website is visited.

The vulnerability has been confirmed in version 5.12. Other versions
may also be affected.

NOTE: An exploit is publicly available.

Please refer to the referenced Secunia advisory below for additional
details.

Reference:
http://secunia.com/SA18649 


VIRUS ALERTS:

Secunia has not issued any virus alerts during the week.

=======================================================================3) This Weeks Top Ten Most Read Advisories:

1.  [SA18649] Winamp Computer Name Handling Buffer Overflow
              Vulnerability
2.  [SA18621] Oracle Products PL/SQL Gateway Security Bypass
              Vulnerability
3.  [SA18629] Cisco VPN 3000 Concentrator HTTP Packet Denial of Service
4.  [SA18613] Cisco IOS AAA Command Authentication Bypass Vulnerability
5.  [SA15546] Microsoft Internet Explorer "window()" Arbitrary Code
              Execution Vulnerability
6.  [SA18614] nfs-server "rpc.mountd" Buffer Overflow Vulnerability
7.  [SA18628] My Little Forum/Guestbook/Weblog "link" BBcode Script
              Insertion
8.  [SA18630] Debian update for drupal
9.  [SA18255] Microsoft Windows WMF "SETABORTPROC" Arbitrary Code
              Execution
10. [SA18529] F-Secure Anti-Virus Archive Handling Vulnerabilities


=======================================================================4) Vulnerabilities Summary Listing

Windows:
[SA18649] Winamp Computer Name Handling Buffer Overflow Vulnerability
[SA18646] @Mail Webmail Attachment Upload Directory Traversal
[SA18636] ASPThai Forums Login SQL Injection Vulnerability
[SA18668] MailEnable Professional EXAMINE Command Denial of Service

UNIX/Linux:
[SA18679] Debian update for pdfkit.framework
[SA18677] Xpdf PDF Splash Image Handling Vulnerability
[SA18675] Debian update for pdftohtml
[SA18674] GNUStep PDFKit Framework Xpdf Multiple Vulnerabilities
[SA18669] Avaya Products PHP Multiple Vulnerabilities
[SA18665] Debian update for unalz
[SA18659] Avaya Intuity Audix Lynx Arbitrary Command Execution
[SA18654] libpng "png_set_strip_alpha()" Buffer Overflow Vulnerability
[SA18653] Gentoo update for mydns
[SA18647] Pioneers Long Chat Message Denial of Service Vulnerability
[SA18644] Gentoo updates for xpdf/poppler/gpdf/libextractor/pdftohtml
[SA18643] GIT "git-checkout-index" Symbolic Link Handling Buffer
Overflow
[SA18642] pdftohtml xpdf Multiple Integer Overflow Vulnerabilities
[SA18631] Debian update for imagemagick
[SA18630] Debian update for drupal
[SA18627] Gentoo update for gallery
[SA18638] SUSE update for nfs-server
[SA18663] Avaya Intuity Audix OpenSSL Potential SSL 2.0 Rollback
[SA18662] Avaya Intuity Audix TCP Timestamp Denial of Service
[SA18661] Avaya Intuity Audix Two OpenSSH Security Issues
[SA18625] Gentoo update for trac
[SA18635] Mandriva update for net-snmp
[SA18626] Gentoo update for paros
[SA18660] Avaya Intuity Audix "uidadmin' Buffer Overflow
[SA18656] Debian update for libmail-audit-perl
[SA18652] Mail::Audit Insecure Log File Creation Vulnerability
[SA18639] Mandriva update for perl-Net_SSLeay
[SA18632] Gentoo update for libast
[SA18623] Debian update for lsh-utils
[SA18671] Sun Solaris x64 Kernel Processing Denial of Service
[SA18650] Trustix update for openssh

Other:
[SA18629] Cisco VPN 3000 Concentrator HTTP Packet Denial of Service

Cross Platform:
[SA18648] CRE Loaded "HTML AREA" File Upload Security Issue
[SA18640] CommuniGate Pro Server LDAP BER Decoding Vulnerabilities
[SA18634] PmWiki Unregister "register_globals" Layer Bypass
[SA18678] MyBB "templatelist" SQL Injection Vulnerability
[SA18676] SPIP Cross-Site Scripting and SQL Injection Vulnerabilities
[SA18667] Calendarix Basic SQL Injection Vulnerabilities
[SA18666] SZUserMgnt "username" SQL Injection Vulnerability
[SA18664] IPB Dragoran Portal Module "site" SQL Injection
Vulnerability
[SA18655] UebiMiau Webmail HTML Email Script Insertion Vulnerability
[SA18633] AndoNET Blog "entrada" SQL Injection Vulnerability
[SA18628] My Little Forum/Guestbook/Weblog "link" BBcode Script
Insertion
[SA18624] NewsPHP SQL Injection Vulnerabilities
[SA18673] Easy CMS Cross-Site Scripting Vulnerabilities
[SA18672] sPaiz-Nuke "query" Cross-Site Scripting Vulnerability
[SA18670] Nuked-Klan "letter" Cross-Site Scripting Vulnerability
[SA18658] BrowserCRM "query" Cross-Site Scripting Vulnerability
[SA18657] Cerberus Helpdesk "contact_search" Cross-Site Scripting
[SA18645] PHP-Ping "count" Denial of Service Vulnerability

=======================================================================5) Vulnerabilities Content Listing

Windows:--

[SA18649] Winamp Computer Name Handling Buffer Overflow Vulnerability

Critical:    Extremely critical
Where:       From remote
Impact:      System access
Released:    2006-01-30

ATmaCA has discovered a vulnerability in Winamp, which can be exploited
by malicious people to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/18649/ 

 --

[SA18646] @Mail Webmail Attachment Upload Directory Traversal

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2006-02-02

Secunia Research has discovered a vulnerability in @Mail Webmail, which
can be exploited by malicious users to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/18646/ 

 --

[SA18636] ASPThai Forums Login SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass, Manipulation of data
Released:    2006-01-30

Emperor Hacking Team has reported a vulnerability in ASPThai Forums,
which can be exploited by malicious people to conduct SQL injection
attacks.

Full Advisory:
http://secunia.com/advisories/18636/ 

 --

[SA18668] MailEnable Professional EXAMINE Command Denial of Service

Critical:    Less critical
Where:       From remote
Impact:      DoS
Released:    2006-02-01

A vulnerability has been reported in MailEnable Professional, which
potentially can be exploited by malicious users to cause a DoS (Denial
of Service).

Full Advisory:
http://secunia.com/advisories/18668/ 


UNIX/Linux:--

[SA18679] Debian update for pdfkit.framework

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2006-02-01

Debian has issued an update for pdfkit.framework. This fixes some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service) and potentially compromise a user's system.

Full Advisory:
http://secunia.com/advisories/18679/ 

 --

[SA18677] Xpdf PDF Splash Image Handling Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2006-02-01

Dirk Mueller has reported a vulnerability in Xpdf, which can be
exploited by malicious people to cause a DoS (Denial of Service) and
potentially compromise a user's system.

Full Advisory:
http://secunia.com/advisories/18677/ 

 --

[SA18675] Debian update for pdftohtml

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2006-02-01

Debian has issued an update for pdftohtml. This fixes some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service) and potentially compromise a user's system.

Full Advisory:
http://secunia.com/advisories/18675/ 

 --

[SA18674] GNUStep PDFKit Framework Xpdf Multiple Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2006-02-01

Some vulnerabilities have been reported in GNUStep PDFKit Framework,
which can be exploited by malicious people to cause a DoS (Denial of
Service) and potentially compromise a user's system.

Full Advisory:
http://secunia.com/advisories/18674/ 

 --

[SA18669] Avaya Products PHP Multiple Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass, Cross Site Scripting
Released:    2006-02-01

Avaya has acknowledged some vulnerabilities in various products, which
can be exploited by malicious people to conduct cross-site scripting
attacks and bypass certain security restrictions.

Full Advisory:
http://secunia.com/advisories/18669/ 

 --

[SA18665] Debian update for unalz

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2006-01-31

Debian has issued an update for unalz. This fixes a vulnerability,
which potentially can be exploited by malicious people to compromise a
user's system.

Full Advisory:
http://secunia.com/advisories/18665/ 

 --

[SA18659] Avaya Intuity Audix Lynx Arbitrary Command Execution

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2006-01-31

Avaya has acknowledged a vulnerability in Intuity Audix, which can be
exploited by malicious people to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/18659/ 

 --

[SA18654] libpng "png_set_strip_alpha()" Buffer Overflow Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2006-02-01

A vulnerability has been reported in libpng, which can be exploited by
malicious people to cause a DoS (Denial of Service) against
applications using libpng or potentially compromise a vulnerable
system.

Full Advisory:
http://secunia.com/advisories/18654/ 

 --

[SA18653] Gentoo update for mydns

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2006-01-31

Gentoo has issued an update for mydns. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/18653/ 

 --

[SA18647] Pioneers Long Chat Message Denial of Service Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2006-01-30

Bas Wijnen has discovered a vulnerability in Pioneers, which can be
exploited by malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/18647/ 

 --

[SA18644] Gentoo updates for xpdf/poppler/gpdf/libextractor/pdftohtml

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2006-01-31

Gentoo has issued updates for xpdf/poppler/gpdf/libextractor/pdftohtml.
This fixes some vulnerabilities, which can be exploited by malicious
people to cause a DoS (Denial of Service), and potentially to
compromise a user's system.

Full Advisory:
http://secunia.com/advisories/18644/ 

 --

[SA18643] GIT "git-checkout-index" Symbolic Link Handling Buffer
Overflow

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2006-01-30

A vulnerability has been reported in GIT, which potentially can be
exploited by malicious people to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/18643/ 

 --

[SA18642] pdftohtml xpdf Multiple Integer Overflow Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2006-01-31

Some vulnerabilities have been reported in pdftohtml, which can be
exploited by malicious people to cause a DoS (Denial of Service) and
potentially compromise a user's system.

Full Advisory:
http://secunia.com/advisories/18642/ 

 --

[SA18631] Debian update for imagemagick

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2006-01-27

Debian has issued an update for imagemagick. This fixes a
vulnerability, which potentially can be exploited by malicious people
to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/18631/ 

 --

[SA18630] Debian update for drupal

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass, Cross Site Scripting
Released:    2006-01-27

Debian has issued an update for drupal. This fixes some
vulnerabilities, which can be exploited by malicious people to bypass
certain security restrictions, and conduct script insertion and HTTP
response splitting attacks.

Full Advisory:
http://secunia.com/advisories/18630/ 

 --

[SA18627] Gentoo update for gallery

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2006-01-27

Gentoo has issued an update for gallery. This fixes a vulnerability,
which potentially can be exploited by malicious people to conduct
script insertion attacks.

Full Advisory:
http://secunia.com/advisories/18627/ 

 --

[SA18638] SUSE update for nfs-server

Critical:    Moderately critical
Where:       From local network
Impact:      System access
Released:    2006-01-27

SUSE has issued an update for nfs-server. This fixes a vulnerability,
which can be exploited by malicious users to compromise a vulnerable
system.

Full Advisory:
http://secunia.com/advisories/18638/ 

 --

[SA18663] Avaya Intuity Audix OpenSSL Potential SSL 2.0 Rollback

Critical:    Less critical
Where:       From remote
Impact:      Security Bypass
Released:    2006-01-31

Avaya has acknowledged a vulnerability in Intuity Audix, which
potentially can be exploited by malicious people to bypass certain
security restrictions.

Full Advisory:
http://secunia.com/advisories/18663/ 

 --

[SA18662] Avaya Intuity Audix TCP Timestamp Denial of Service

Critical:    Less critical
Where:       From remote
Impact:      DoS
Released:    2006-01-31

Avaya has acknowledged a vulnerability in Intuity Audix, which can be
exploited by malicious people to cause a DoS (Denial of Service) on
active TCP sessions.

Full Advisory:
http://secunia.com/advisories/18662/ 

 --

[SA18661] Avaya Intuity Audix Two OpenSSH Security Issues

Critical:    Less critical
Where:       From remote
Impact:      Security Bypass, Privilege escalation
Released:    2006-01-31

Avaya has acknowledged two security issues in Intuity Audix, which can
be exploited malicious users to gain escalated privileges or bypass
certain security restrictions.

Full Advisory:
http://secunia.com/advisories/18661/ 

 --

[SA18625] Gentoo update for trac

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2006-01-26

Gentoo has issued an update for trac. This fixes a vulnerability, which
can be exploited by malicious people to conduct cross-site scripting
attacks.

Full Advisory:
http://secunia.com/advisories/18625/ 

 --

[SA18635] Mandriva update for net-snmp

Critical:    Less critical
Where:       From local network
Impact:      Privilege escalation, DoS
Released:    2006-01-27

Mandriva has issued an update for net-snmp. This fixes some
vulnerabilities, which can be exploited by malicious, local users to
perform certain actions on a vulnerable system with escalated
privileges, or by malicious users to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/18635/ 

 --

[SA18626] Gentoo update for paros

Critical:    Less critical
Where:       From local network
Impact:      Security Bypass, Exposure of sensitive information
Released:    2006-01-30

Gentoo has issued an update for paros. This fixes a security issue,
which can be exploited by malicious people to disclose sensitive
information and bypass certain security restrictions.

Full Advisory:
http://secunia.com/advisories/18626/ 

 --

[SA18660] Avaya Intuity Audix "uidadmin' Buffer Overflow

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2006-01-31

Avaya has acknowledged a vulnerability in Intuity Audix, which can be
exploited by malicious, local users to gain escalated privileges.

Full Advisory:
http://secunia.com/advisories/18660/ 

 --

[SA18656] Debian update for libmail-audit-perl

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2006-01-31

Debian has issued an update for libmail-audit-perl. This fixes a
vulnerability, which can be exploited by malicious, local users to
perform certain actions on a vulnerable system with escalated
privileges.

Full Advisory:
http://secunia.com/advisories/18656/ 

 --

[SA18652] Mail::Audit Insecure Log File Creation Vulnerability

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2006-01-31

Niko Tyni has reported a vulnerability in Mail::Audit, which can be
exploited by malicious, local users to perform certain actions on a
vulnerable system with escalated privileges.

Full Advisory:
http://secunia.com/advisories/18652/ 

 --

[SA18639] Mandriva update for perl-Net_SSLeay

Critical:    Less critical
Where:       Local system
Impact:      Manipulation of data
Released:    2006-01-27

Mandriva has issued an update for perl-Net_SSLeay. This fixes a
vulnerability, which can be exploited by malicious, local users to
weaken certain cryptographic operations.

Full Advisory:
http://secunia.com/advisories/18639/ 

 --

[SA18632] Gentoo update for libast

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2006-01-30

Gentoo has issued an update for libast. This fixes a vulnerability,
which potentially can be exploited by malicious, local users to gain
escalated privileges.

Full Advisory:
http://secunia.com/advisories/18632/ 

 --

[SA18623] Debian update for lsh-utils

Critical:    Less critical
Where:       Local system
Impact:      Exposure of sensitive information, DoS
Released:    2006-01-26

Debian has issued an update for lsh-utils. This fixes a vulnerability,
which can be exploited by malicious, local users to gain knowledge of
potentially sensitive information or to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/18623/ 

 --

[SA18671] Sun Solaris x64 Kernel Processing Denial of Service

Critical:    Not critical
Where:       Local system
Impact:      DoS
Released:    2006-02-01

A vulnerability has been reported in Sun Solaris, which can be
exploited by malicious, local users to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/18671/ 

 --

[SA18650] Trustix update for openssh

Critical:    Not critical
Where:       Local system
Impact:      Privilege escalation
Released:    2006-01-30

Trustix has issued an update for openssh. This fixes a weakness, which
potentially can be exploited by malicious, local users to perform
certain actions with escalated privileges.

Full Advisory:
http://secunia.com/advisories/18650/ 


Other:--

[SA18629] Cisco VPN 3000 Concentrator HTTP Packet Denial of Service

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2006-01-27

Eldon Sprickerhoff has reported a vulnerability in Cisco VPN 3000
Concentrator, which can be exploited by malicious people to cause a DoS
(Denial of Service).

Full Advisory:
http://secunia.com/advisories/18629/ 


Cross Platform:--

[SA18648] CRE Loaded "HTML AREA" File Upload Security Issue

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2006-01-30

kaneda has discovered a security issue in CRE Loaded, which can be
exploited by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/18648/ 

 --

[SA18640] CommuniGate Pro Server LDAP BER Decoding Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2006-01-30

Evgeny Legerov has reported some vulnerabilities in CommuniGate Pro
Server, which can be exploited by malicious people to cause a DoS
(Denial of Service) and potentially compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/18640/ 

 --

[SA18634] PmWiki Unregister "register_globals" Layer Bypass

Critical:    Highly critical
Where:       From remote
Impact:      Security Bypass, Cross Site Scripting, Exposure of system
information, Exposure of sensitive information, System access
Released:    2006-01-30

Francesco "aScii" Ongaro has discovered a vulnerability in PmWiki,
which can be exploited by malicious people to bypass certain security
restrictions, conduct cross-site scripting attacks, disclose sensitive
information, and compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/18634/ 

 --

[SA18678] MyBB "templatelist" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2006-02-01

A vulnerability has been discovered in MyBB, which can be exploited by
malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/18678/ 

 --

[SA18676] SPIP Cross-Site Scripting and SQL Injection Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data, Exposure of system information,
Cross Site Scripting
Released:    2006-02-01

Zone-H Research Team has discovered some vulnerabilities in SPIP, which
can be exploited by malicious people to conduct cross-site scripting and
SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/18676/ 

 --

[SA18667] Calendarix Basic SQL Injection Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass, Manipulation of data
Released:    2006-02-01

Aliaksandr Hartsuyeu has discovered two vulnerabilities in Calendarix
Basic, which can be exploited by malicious people to conduct SQL
injection attacks.

Full Advisory:
http://secunia.com/advisories/18667/ 

 --

[SA18666] SZUserMgnt "username" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass, Manipulation of data
Released:    2006-02-01

Aliaksandr Hartsuyeu has discovered a vulnerability in SZUserMgnt,
which can be exploited by malicious people to conduct SQL injection
attacks.

Full Advisory:
http://secunia.com/advisories/18666/ 

 --

[SA18664] IPB Dragoran Portal Module "site" SQL Injection
Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2006-02-01

SkOd has reported a vulnerability in the Dragoran Portal module for
Invision Power Board, which can be exploited by malicious people to
conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/18664/ 

 --

[SA18655] UebiMiau Webmail HTML Email Script Insertion Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2006-01-31

M.Neset KABAKLI has discovered a vulnerability in UebiMiau, which can
be exploited by malicious people to conduct script insertion attacks.

Full Advisory:
http://secunia.com/advisories/18655/ 

 --

[SA18633] AndoNET Blog "entrada" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2006-01-27

Aliaksandr Hartsuyeu has discovered a vulnerability in AndoNET Blog,
which can be exploited by malicious people to conduct SQL injection
attacks.

Full Advisory:
http://secunia.com/advisories/18633/ 

 --

[SA18628] My Little Forum/Guestbook/Weblog "link" BBcode Script
Insertion

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2006-01-27

Aliaksandr Hartsuyeu has discovered a vulnerability in My Little Forum,
My Little Guestbook, and My Little Weblog, which can be exploited by
malicious people to conduct script insertion attacks.

Full Advisory:
http://secunia.com/advisories/18628/ 

 --

[SA18624] NewsPHP SQL Injection Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2006-01-26

SAUDI has reported some vulnerabilities in NewsPHP, which can be
exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/18624/ 

 --

[SA18673] Easy CMS Cross-Site Scripting Vulnerabilities

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2006-01-31

Preben Nylokken has reported some vulnerabilities in Easy CMS, which
can be exploited by malicious people to conduct cross-site scripting
attacks.

Full Advisory:
http://secunia.com/advisories/18673/ 

 --

[SA18672] sPaiz-Nuke "query" Cross-Site Scripting Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2006-01-31

Night_Warrior has reported a vulnerability in sPaiz-Nuke, which can be
exploited by malicious people to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/18672/ 

 --

[SA18670] Nuked-Klan "letter" Cross-Site Scripting Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2006-01-31

Night_Warrior has discovered a vulnerability in Nuked-Klan, which can
be exploited by malicious people to conduct cross-site scripting
attacks.

Full Advisory:
http://secunia.com/advisories/18670/ 

 --

[SA18658] BrowserCRM "query" Cross-Site Scripting Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2006-02-01

Preben Nyl=F8kken has reported a vulnerability in BrowserCRM, which can
be exploited by malicious people to conduct cross-site scripting
attacks.

Full Advisory:
http://secunia.com/advisories/18658/ 

 --

[SA18657] Cerberus Helpdesk "contact_search" Cross-Site Scripting

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2006-02-01

Preben Nyl=F8kken has reported a vulnerability in Cerberus Helpdesk,
which can be exploited by malicious people to conduct cross-site
scripting attacks.

Full Advisory:
http://secunia.com/advisories/18657/ 

 --

[SA18645] PHP-Ping "count" Denial of Service Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      DoS
Released:    2006-01-30

cvh has discovered a vulnerability in PHP-Ping, which can be exploited
by malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/18645/ 



=======================================================================
Secunia recommends that you verify all advisories you receive,
by clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only use
those supplied by the vendor.

Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/ 

Subscribe:
http://secunia.com/secunia_weekly_summary/ 

Contact details:
Web	: http://secunia.com/ 
E-mail	: support@secunia.com 
Tel	: +45 70 20 51 44
Fax	: +45 70 20 51 45




_________________________________
InfoSec News v2.0 - Coming Soon! 
http://www.infosecnews.org 

Site design & layout copyright © 1986-2014 CodeGods