AOH :: ISN-2152.HTM

Secunia Weekly Summary - Issue: 2006-10




Secunia Weekly Summary - Issue: 2006-10
Secunia Weekly Summary - Issue: 2006-10



=======================================================================
                  The Secunia Weekly Advisory Summary                  
                        2006-03-02 - 2006-03-09                        

                       This week : 82 advisories                       

=======================================================================Table of Contents:

1.....................................................Word From Secunia
2....................................................This Week In Brief
3...............................This Weeks Top Ten Most Read Advisories
4.......................................Vulnerabilities Summary Listing
5.......................................Vulnerabilities Content Listing

=======================================================================1) Word From Secunia:

The Secunia staff is spending hours every day to assure you the best
and most reliable source for vulnerability information. Every single 
vulnerability report is being validated and verified before a Secunia
advisory is written.

Secunia validates and verifies vulnerability reports in many different
ways e.g. by downloading the software and performing comprehensive
tests, by reviewing source code, or by validating the credibility of
the source from which the vulnerability report was issued.

As a result, Secunia's database is the most correct and complete source
for recent vulnerability information available on the Internet.

Secunia Online Vulnerability Database:
http://secunia.com/ 

=======================================================================2) This Week in Brief:

Apple has release the first security update for 2006, which fixes
multiple vulnerabilities.

Among the fixes are also a partial patch for the "Extremely Critical"
vulnerability, which was released on the 21st of February 2006.

You can test whether or not your system is affected by this
vulnerability here:
http://secunia.com/mac_os_x_command_execution_vulnerability_test/ 

For additional details about the other vulnerabilities fixed please
refer to the referenced Secunia advisories below.

References:
http://secunia.com/SA19064 
http://secunia.com/SA18963 


VIRUS ALERTS:

Secunia has not issued any virus alerts during the week.

=======================================================================3) This Weeks Top Ten Most Read Advisories:

1.  [SA18963] Mac OS X File Association Meta Data Shell Script
              Execution
2.  [SA19064] Mac OS X Security Update Fixes Multiple Vulnerabilities
3.  [SA19083] Linux Kernel Local Denial of Service Vulnerabilities
4.  [SA19105] Joomla! Multiple Vulnerabilities
5.  [SA19107] PHP Upload Center File Extensions Script Upload
              Vulnerability
6.  [SA19118] AVG Anti-Virus Updated Files Insecure File Permissions
7.  [SA19108] Fedora update for kernel
8.  [SA19087] Avaya CMS / IR Multiple Vulnerabilities
9.  [SA19073] Sun Solaris Multiple Apache Vulnerabilities
10. [SA19040] SecureCRT / SecureFX Potential Buffer Overflow
              Vulnerability

=======================================================================4) Vulnerabilities Summary Listing

Windows:
[SA19119] RevilloC MailServer USER Command Buffer Overflow
[SA19111] Sauerbraten Engine Multiple Vulnerabilities
[SA19110] Cube Engine Buffer Overflow and Denial of Service
[SA19079] Liero Xtreme Format String and Denial of Service
Vulnerabilities
[SA19157] Cilem Haber "haber_id" SQL Injection Vulnerability
[SA19156] manas tungare Site Membership Script Cross-Site Scripting and
SQL Injection
[SA19112] Akarru Social BookMarking Engine SQL Injection Vulnerability
[SA19103] Total Ecommerce "id" Parameter SQL Injection Vulnerability
[SA19081] Microsoft Visual Studio ".dbp" File Handling Buffer Overflow
[SA19163] Novell BorderManager Proxy Potential Denial of Service
[SA19097] EMC Retrospect Client Denial of Service Vulnerability
[SA19171] Symantec Ghost Multiple Vulnerabilities
[SA19140] IM Lock 2006 Insecure Registry Permissions
[SA19118] AVG Anti-Virus Updated Files Insecure File Permissions
[SA19082] NCP Secure Entry Client Two Vulnerabilities

UNIX/Linux:
[SA19130] SUSE Updates for Multiple Packages
[SA19174] HP Tru64 UNIX IPSEC/ISAKMP Processing Denial of Service
[SA19167] Red Hat update for mailman
[SA19161] Red Hat update for squid
[SA19152] Debian update for tar
[SA19148] Gentoo update for zoo
[SA19136] Lurker Multiple Vulnerabilities
[SA19134] Tenes Empanadas Graciela Denial of Service Vulnerability
[SA19133] Monopd String Parsing Denial of Service Vulnerability
[SA19126] Ubuntu update for flex / gpc
[SA19125] Gentoo update for teTeX / pTeX / CSTeX
[SA19123] Gentoo update for wordpress
[SA19114] Gentoo update for mplayer
[SA19113] Gentoo update for up-imapproxy
[SA19093] Red Hat update for tar
[SA19092] Debian update for libtasn1-2
[SA19091] Debian update for xpdf
[SA19086] Avaya PDS HP-UX TCP/IP "Rose Attack" Denial of Service
[SA19080] Debian update for gnutls11
[SA19158] Red Hat update for spamassassin
[SA19131] Fedora update for squirrelmail
[SA19094] GNOME Evolution Email Handling Denial of Service
[SA19090] Ubuntu irssi DCC ACCEPT Parameter Handling Denial of Service
[SA19162] Red Hat update for initscripts
[SA19160] Red Hat update for kernel
[SA19087] Avaya CMS / IR Multiple Vulnerabilities
[SA19159] Red Hat update for openssh
[SA19128] Sun Solaris "/proc" Denial of Service Vulnerability
[SA19108] Fedora update for kernel
[SA19083] Linux Kernel Local Denial of Service Vulnerabilities
[SA19078] Linux Kernel "die_if_kernel()" Potential Denial of Service

Other:
[SA19146] Xerox CopyCentre / WorkCentre Pro Multiple Denial of Service
Vulnerabilities
[SA19137] nCipher Products Multiple Vulnerabilities

Cross Platform:
[SA19154] Link Bank PHP Code Injection and Cross-Site Scripting
[SA19142] Owl Intranet Engine "xrms_file_root" File Inclusion
Vulnerability
[SA19121] m-phorum "go" File Inclusion Vulnerability
[SA19116] Php-Stats Multiple Vulnerabilities and Security Issue
[SA19107] PHP Upload Center File Extensions Script Upload
Vulnerability
[SA19106] LISTSERV WA CGI Script Buffer Overflow Vulnerabilities
[SA19172] Loudblog Multiple Vulnerabilities
[SA19151] sBlog Multiple Vulnerabilities
[SA19147] bMail GBK Charsets SQL Injection Vulnerability
[SA19144] Alien Arena 2006 Gold Edition Multiple Vulnerabilities
[SA19141] Invision Power Board Cross-Site Scripting and SQL Injection
Vulnerabilities
[SA19135] Cyboards PHP Lite "parent" SQL Injection Vulnerability
[SA19132] IPB D2-Shoutbox Module "load" SQL Injection
[SA19127] phpBannerExchange "email" Directory Traversal
[SA19120] Freeciv Packet Parsing Denial of Service Vulnerability
[SA19117] NMDeluxe Script Insertion and SQL Injection
[SA19115] Daverave Simplog File Inclusion Vulnerability
[SA19109] Wordpress "User-Agent" Header SQL Injection Vulnerability
[SA19104] Gallery Script Insertion and Session Handling
Vulnerabilities
[SA19102] Gregarius SQL Injection and Cross-Site Scripting
Vulnerabilities
[SA19101] bitweaver "title" Script Insertion Vulnerability
[SA19100] vBulletin User Email Address Script Insertion Vulnerability
[SA19096] Aztek Forum Message Body Script Insertion Vulnerability
[SA19089] PluggedOut Nexus forgotten_password.php SQL Injection
[SA19088] NZ Ecommerce Cross-Site Scripting and SQL Injection
[SA19084] VUBB "pass" SQL Injection Vulnerability
[SA19155] HitHost Cross-Site Scripting and Directory Deletion
[SA19143] Game-Panel "message" Cross-Site Scripting Vulnerability
[SA19124] phpArcadeScript Cross-Site Scripting Vulnerabilities
[SA19105] Joomla! Multiple Vulnerabilities
[SA19099] DVGuestbookV2.0 "page" Cross-Site Scripting Vulnerability
[SA19098] DVguestbook "dv_gbook.php" Cross-Site Scripting
Vulnerability
[SA19085] SAP Web Application Server URL Handling Vulnerability
[SA19095] Oreka RTP Handling Denial of Service Vulnerability

=======================================================================5) Vulnerabilities Content Listing

Windows:--

[SA19119] RevilloC MailServer USER Command Buffer Overflow

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2006-03-08

securma massine has discovered a vulnerability in RevilloC MailServer,
which potentially can be exploited by malicious people to compromise a
vulnerable system.

Full Advisory:
http://secunia.com/advisories/19119/ 

 --

[SA19111] Sauerbraten Engine Multiple Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2006-03-07

Luigi Auriemma has reported some vulnerabilities in Sauerbraten Engine,
which can be exploited by malicious people to cause a DoS (Denial of
Service) and potentially to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/19111/ 

 --

[SA19110] Cube Engine Buffer Overflow and Denial of Service

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2006-03-07

Luigi Auriemma has reported some vulnerabilities in Cube Engine, which
can be exploited by malicious people to cause a DoS (Denial of Service)
and potentially to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/19110/ 

 --

[SA19079] Liero Xtreme Format String and Denial of Service
Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2006-03-08

Luigi Auriemma has reported two vulnerabilities in Liero Xtreme, which
can be exploited by malicious people to cause a DoS (Denial of Service)
and potentially compromise a user's system.

Full Advisory:
http://secunia.com/advisories/19079/ 

 --

[SA19157] Cilem Haber "haber_id" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2006-03-08

Mustafa Can Bjorn has discovered a vulnerability in Cilem Haber, which
can be exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/19157/ 

 --

[SA19156] manas tungare Site Membership Script Cross-Site Scripting and
SQL Injection

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting, Manipulation of data
Released:    2006-03-08

Syst3m_f4ult has discovered two vulnerabilities in manas tungare Site
Membership Script, which can be exploited by malicious people to
conduct cross-site scripting and SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/19156/ 

 --

[SA19112] Akarru Social BookMarking Engine SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2006-03-06

A vulnerability has been reported in Akarru Social BookMarking Engine,
which can be exploited by malicious people to conduct SQL injection
attacks.

Full Advisory:
http://secunia.com/advisories/19112/ 

 --

[SA19103] Total Ecommerce "id" Parameter SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2006-03-06

Mustafa Can Bjorn has reported a vulnerability in Total Ecommerce,
which can be exploited by malicious people to conduct SQL injection
attacks.

Full Advisory:
http://secunia.com/advisories/19103/ 

 --

[SA19081] Microsoft Visual Studio ".dbp" File Handling Buffer Overflow

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2006-03-07

ATmaCA has reported a vulnerability in Microsoft Visual Studio, which
can be exploited by malicious people to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/19081/ 

 --

[SA19163] Novell BorderManager Proxy Potential Denial of Service

Critical:    Less critical
Where:       From local network
Impact:      DoS
Released:    2006-03-08

A vulnerability has been reported in BorderManager, which potentially
can be exploited by malicious people to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/19163/ 

 --

[SA19097] EMC Retrospect Client Denial of Service Vulnerability

Critical:    Less critical
Where:       From local network
Impact:      DoS
Released:    2006-03-03

A vulnerability has been reported in EMC Retrospect Client for Windows,
which can be exploited by malicious people to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/19097/ 

 --

[SA19171] Symantec Ghost Multiple Vulnerabilities

Critical:    Less critical
Where:       Local system
Impact:      Manipulation of data, Exposure of sensitive information,
Privilege escalation
Released:    2006-03-08

Three vulnerabilities have been reported in Symantec Ghost, which can
be exploited by malicious, local users to gain knowledge of potentially
sensitive information, modify certain data, and potentially gain
escalated privileges.

Full Advisory:
http://secunia.com/advisories/19171/ 

 --

[SA19140] IM Lock 2006 Insecure Registry Permissions

Critical:    Less critical
Where:       Local system
Impact:      Exposure of sensitive information
Released:    2006-03-07

fRoGGz has discovered a vulnerability in IM Lock 2006, which can be
exploited by malicious, local users to gain knowledge of potentially
sensitive information.

Full Advisory:
http://secunia.com/advisories/19140/ 

 --

[SA19118] AVG Anti-Virus Updated Files Insecure File Permissions

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2006-03-06

RedXII1234 has discovered a security issue in AVG Anti-Virus, which
potentially can be exploited by malicious, local users to gain
escalated privileges.

Full Advisory:
http://secunia.com/advisories/19118/ 

 --

[SA19082] NCP Secure Entry Client Two Vulnerabilities

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2006-03-02

Ramon 'ports' Kukla has reported two vulnerabilities in NCP Secure
Entry Cilent, which can be exploited by malicious, local users to gain
escalated privileges.

Full Advisory:
http://secunia.com/advisories/19082/ 


UNIX/Linux:--

[SA19130] SUSE Updates for Multiple Packages

Critical:    Highly critical
Where:       From remote
Impact:      Security Bypass, Cross Site Scripting, Manipulation of
data, DoS, System access
Released:    2006-03-06

SUSE has issued an update for multiple packages. This fixes some
vulnerabilities, which can be exploited by malicious users to
manipulate certain information and by malicious people to conduct
cross-site scripting attacks, cause a DoS (Denial of Service), bypass
certain security restrictions, to cause files to be extracted to
arbitrary locations on a user's system, to trick users into visiting a
malicious website by obfuscating URLs displayed in the status bar, and
to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/19130/ 

 --

[SA19174] HP Tru64 UNIX IPSEC/ISAKMP Processing Denial of Service

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2006-03-08

HP has acknowledged a vulnerability in HP Tru64 UNIX, which can be
exploited by malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/19174/ 

 --

[SA19167] Red Hat update for mailman

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2006-03-08

Red Hat has issued an update for mailman. This fixes some
vulnerabilities, which potentially can be exploited by malicious people
to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/19167/ 

 --

[SA19161] Red Hat update for squid

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2006-03-08

Red Hat has issued an update for squid. This fixes a vulnerability,
which potentially can be exploited by malicious people to cause a DoS
(Denial of Service).

Full Advisory:
http://secunia.com/advisories/19161/ 

 --

[SA19152] Debian update for tar

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2006-03-08

Debian has issued an update for tar. This fixes a vulnerability, which
potentially can be exploited by malicious people to cause a DoS (Denial
of Service) and to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/19152/ 

 --

[SA19148] Gentoo update for zoo

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2006-03-07

Gentoo has issued an update for zoo. This fixes a vulnerability, which
can be exploited by malicious people to cause a DoS (Denial of Service)
and potentially to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/19148/ 

 --

[SA19136] Lurker Multiple Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data, Exposure of sensitive information,
Cross Site Scripting
Released:    2006-03-06

Some vulnerabilities have been reported in Lurker, which can be
exploited by malicious people to conduct cross-site scripting attacks,
and disclose and manipulate sensitive information.

Full Advisory:
http://secunia.com/advisories/19136/ 

 --

[SA19134] Tenes Empanadas Graciela Denial of Service Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2006-03-06

Luigi Auriemma has reported a vulnerability in Tenes Empanadas Graciela
(TEG), which can be exploited by malicious people to cause a DoS (Denial
of Service).

Full Advisory:
http://secunia.com/advisories/19134/ 

 --

[SA19133] Monopd String Parsing Denial of Service Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2006-03-06

Luigi Auriemma has reported a vulnerability in Monopd, which can be
exploited by malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/19133/ 

 --

[SA19126] Ubuntu update for flex / gpc

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2006-03-07

Ubuntu has issued an update for flex / gpc. This fixes a vulnerability,
which potentially can be exploited by malicious people to compromise a
user's system.

Full Advisory:
http://secunia.com/advisories/19126/ 

 --

[SA19125] Gentoo update for teTeX / pTeX / CSTeX

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2006-03-06

Gentoo has issued updates for teTeX, pTeX, and CSTeX. These fix a
vulnerability, which can be exploited by malicious people to cause a
DoS (Denial of Service) and potentially to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/19125/ 

 --

[SA19123] Gentoo update for wordpress

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2006-03-06

Gentoo has issued an update for wordpress. This fixes a vulnerability,
which can be exploited by malicious people to conduct SQL injection
attacks.

Full Advisory:
http://secunia.com/advisories/19123/ 

 --

[SA19114] Gentoo update for mplayer

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2006-03-06

Gentoo has issued an update for mplayer. This fixes multiple
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service) and potentially compromise a user's system.

Full Advisory:
http://secunia.com/advisories/19114/ 

 --

[SA19113] Gentoo update for up-imapproxy

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2006-03-06

Gentoo has issued an update for up-imapproxy. This fixes a
vulnerability, which potentially can be exploited by malicious people
to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/19113/ 

 --

[SA19093] Red Hat update for tar

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2006-03-02

Red Hat has issued an update for tar. This fixes a vulnerability, which
potentially can be exploited by malicious people to cause a DoS (Denial
of Service) or compromise a user's system.

Full Advisory:
http://secunia.com/advisories/19093/ 

 --

[SA19092] Debian update for libtasn1-2

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2006-03-06

Debian has issued an update for libtasn1-2. This fixes some
vulnerabilities, which potentially can be exploited by malicious people
to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/19092/ 

 --

[SA19091] Debian update for xpdf

Critical:    Moderately critical
Where:       From remote
Impact:      Unknown
Released:    2006-03-02



Full Advisory:
http://secunia.com/advisories/19091/ 

 --

[SA19086] Avaya PDS HP-UX TCP/IP "Rose Attack" Denial of Service

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2006-03-08

Avaya has acknowledged a vulnerability in Avaya Predictive Dialing
System (PDS), which can be exploited by malicious people to cause a DoS
(Denial of Service).

Full Advisory:
http://secunia.com/advisories/19086/ 

 --

[SA19080] Debian update for gnutls11

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2006-03-06

Debian has issued an update for gnutls11. This fixes some
vulnerabilities, which potentially can be exploited by malicious people
to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/19080/ 

 --

[SA19158] Red Hat update for spamassassin

Critical:    Less critical
Where:       From remote
Impact:      DoS
Released:    2006-03-08

Red Hat has issued an update for spamassassin. This fixes a
vulnerability, which can be exploited by malicious people to cause a
DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/19158/ 

 --

[SA19131] Fedora update for squirrelmail

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting, Manipulation of data
Released:    2006-03-06

Fedora has issued an update for squirrelmail. This fixes multiple
vulnerabilities, which can be exploited by malicious users to
manipulate certain information and by malicious people to conduct
cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/19131/ 

 --

[SA19094] GNOME Evolution Email Handling Denial of Service

Critical:    Less critical
Where:       From remote
Impact:      DoS
Released:    2006-03-02

Alan Cox has discovered a vulnerability in Evolution, which can be
exploited by malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/19094/ 

 --

[SA19090] Ubuntu irssi DCC ACCEPT Parameter Handling Denial of Service

Critical:    Less critical
Where:       From remote
Impact:      DoS
Released:    2006-03-02

Scott Sinclair has reported a vulnerability in irssi, which can be
exploited by malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/19090/ 

 --

[SA19162] Red Hat update for initscripts

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2006-03-08

Red Hat has issued an update for initscripts. This fixes a
vulnerability, which can be exploited by malicious, local users to gain
escalated privileges.

Full Advisory:
http://secunia.com/advisories/19162/ 

 --

[SA19160] Red Hat update for kernel

Critical:    Less critical
Where:       Local system
Impact:      Exposure of sensitive information
Released:    2006-03-08

Red Hat has issued an update for the kernel. This fixes a
vulnerability, which can be exploited by malicious, local users to
disclose potentially sensitive information.

Full Advisory:
http://secunia.com/advisories/19160/ 

 --

[SA19087] Avaya CMS / IR Multiple Vulnerabilities

Critical:    Less critical
Where:       Local system
Impact:      Security Bypass, Privilege escalation
Released:    2006-03-04

Avaya has acknowledged some vulnerabilities in CMS and IR, which can be
exploited by malicious, local users to gain escalated privileges and to
bypass certain security restrictions.

Full Advisory:
http://secunia.com/advisories/19087/ 

 --

[SA19159] Red Hat update for openssh

Critical:    Not critical
Where:       Local system
Impact:      Privilege escalation
Released:    2006-03-08

Red Hat has issued an update for openssh. This fixes a weakness, which
potentially can be exploited by malicious, local users to perform
certain actions with escalated privileges.

Full Advisory:
http://secunia.com/advisories/19159/ 

 --

[SA19128] Sun Solaris "/proc" Denial of Service Vulnerability

Critical:    Not critical
Where:       Local system
Impact:      DoS
Released:    2006-03-06

A vulnerability has been reported in Solaris, which can be exploited by
malicious, local users to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/19128/ 

 --

[SA19108] Fedora update for kernel

Critical:    Not critical
Where:       Local system
Impact:      DoS
Released:    2006-03-03

Fedora has issued an update for the kernel. This fixes some
vulnerabilities, which can be exploited by malicious, local users to
cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/19108/ 

 --

[SA19083] Linux Kernel Local Denial of Service Vulnerabilities

Critical:    Not critical
Where:       Local system
Impact:      DoS
Released:    2006-03-02

Some vulnerabilities have been reported in the Linux kernel, which can
be exploited by malicious, local users to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/19083/ 

 --

[SA19078] Linux Kernel "die_if_kernel()" Potential Denial of Service

Critical:    Not critical
Where:       Local system
Impact:      DoS
Released:    2006-03-07

A vulnerability has been reported in the Linux kernel, which
potentially can be exploited by malicious, local users to cause a DoS
(Denial of Service).

Full Advisory:
http://secunia.com/advisories/19078/ 


Other:--

[SA19146] Xerox CopyCentre / WorkCentre Pro Multiple Denial of Service
Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Unknown, DoS
Released:    2006-03-08

Some vulnerabilities have been reported in Xerox CopyCentre and Xerox
WorkCentre Pro, where one has an unknown impact, and others can be
exploited by malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/19146/ 

 --

[SA19137] nCipher Products Multiple Vulnerabilities

Critical:    Less critical
Where:       From remote
Impact:      Security Bypass
Released:    2006-03-07

Some vulnerabilities have been reported in nCipher products, which
potentially can be exploited by malicious people to bypass certain
security restrictions.

Full Advisory:
http://secunia.com/advisories/19137/ 


Cross Platform:--

[SA19154] Link Bank PHP Code Injection and Cross-Site Scripting

Critical:    Highly critical
Where:       From remote
Impact:      Cross Site Scripting, System access
Released:    2006-03-08

retard has discovered two vulnerabilities in Link Bank, which can be
exploited by malicious people to conduct cross-site scripting attacks
and compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/19154/ 

 --

[SA19142] Owl Intranet Engine "xrms_file_root" File Inclusion
Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2006-03-08

rgod has discovered a vulnerability in Owl Intranet Engine, which can
be exploited by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/19142/ 

 --

[SA19121] m-phorum "go" File Inclusion Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2006-03-08

uid0 has discovered a vulnerability in m-phorum, which can be exploited
by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/19121/ 

 --

[SA19116] Php-Stats Multiple Vulnerabilities and Security Issue

Critical:    Highly critical
Where:       From remote
Impact:      Manipulation of data, Exposure of system information,
Exposure of sensitive information, System access
Released:    2006-03-06

rgod has reported some vulnerabilities and a security issue in
Php-Stats, which can be exploited by malicious people to conduct SQL
injection attacks, disclose system and sensitive information, and
compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/19116/ 

 --

[SA19107] PHP Upload Center File Extensions Script Upload
Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2006-03-03

Liz0ziM has reported a vulnerability in PHP Upload Center, which
potentially can be exploited by malicious people to compromise a
vulnerable system.

Full Advisory:
http://secunia.com/advisories/19107/ 

 --

[SA19106] LISTSERV WA CGI Script Buffer Overflow Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2006-03-06

Peter Winter-Smith of NGSSoftware has reported some vulnerabilities in
LISTSERV, which can be exploited by malicious people to compromise a
vulnerable system.

Full Advisory:
http://secunia.com/advisories/19106/ 

 --

[SA19172] Loudblog Multiple Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data, Exposure of sensitive information
Released:    2006-03-08

kuze has reported some vulnerabilities in Loudblog, which can be
exploited by malicious people to disclose sensitive information and
conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/19172/ 

 --

[SA19151] sBlog Multiple Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2006-03-08

Kiki has discovered multiple vulnerabilities in sBlog, which can be
exploited by malicious people to conduct cross-site scripting and
script insertion attacks.

Full Advisory:
http://secunia.com/advisories/19151/ 

 --

[SA19147] bMail GBK Charsets SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2006-03-07

A vulnerability has been reported in bMail, which potentially can be
exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/19147/ 

 --

[SA19144] Alien Arena 2006 Gold Edition Multiple Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2006-03-08

Luigi Auriemma has reported some vulnerabilities in Alien Arena 2006
Gold Edition, which can be exploited by malicious users to cause a DoS
(Denial of Service) and potentially compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/19144/ 

 --

[SA19141] Invision Power Board Cross-Site Scripting and SQL Injection
Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting, Manipulation of data
Released:    2006-03-07

Two vulnerabilities have been reported in Invision Power Board, which
can be exploited by malicious people to conduct cross-site scripting
and SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/19141/ 

 --

[SA19135] Cyboards PHP Lite "parent" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2006-03-06

Aliaksandr Hartsuyeu has discovered a vulnerability in Cyboards PHP
Lite, which can be exploited by malicious people to conduct SQL
injection attacks.

Full Advisory:
http://secunia.com/advisories/19135/ 

 --

[SA19132] IPB D2-Shoutbox Module "load" SQL Injection

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2006-03-07

SkOd has reported a vulnerability in the D2-Shoutbox module for IPB,
which can be exploited by malicious people to conduct SQL injection
attacks.

Full Advisory:
http://secunia.com/advisories/19132/ 

 --

[SA19127] phpBannerExchange "email" Directory Traversal

Critical:    Moderately critical
Where:       From remote
Impact:      Exposure of system information, Exposure of sensitive
information
Released:    2006-03-08

Tix has discovered a vulnerability in phpBannerExchange, which can be
exploited by malicious people to disclose sensitive information.

Full Advisory:
http://secunia.com/advisories/19127/ 

 --

[SA19120] Freeciv Packet Parsing Denial of Service Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2006-03-06

Luigi Auriemma has reported a vulnerability in Freeciv, which can be
exploited by malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/19120/ 

 --

[SA19117] NMDeluxe Script Insertion and SQL Injection

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting, Manipulation of data
Released:    2006-03-07

Aliaksandr Hartsuyeu has reported two vulnerabilities in NMDeluxe,
which can be exploited by malicious people to conduct script insertion
and SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/19117/ 

 --

[SA19115] Daverave Simplog File Inclusion Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Exposure of sensitive information
Released:    2006-03-06

retard and jim has discovered a vulnerability in Davrave Simplog, which
can be exploited by malicious people to disclose potentially sensitive
information.

Full Advisory:
http://secunia.com/advisories/19115/ 

 --

[SA19109] Wordpress "User-Agent" Header SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2006-03-06

Patrik Karlsson has reported a vulnerability in Wordpress, which can be
exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/19109/ 

 --

[SA19104] Gallery Script Insertion and Session Handling
Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass, Cross Site Scripting, Manipulation of
data
Released:    2006-03-03

James Bercegay has reported some vulnerabilities in Gallery, which can
be exploited by malicious people to conduct script insertion attacks
and to bypass certain security restrictions.

Full Advisory:
http://secunia.com/advisories/19104/ 

 --

[SA19102] Gregarius SQL Injection and Cross-Site Scripting
Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting, Manipulation of data
Released:    2006-03-06

tzitaroth has reported a vulnerability in Gregarius, which can be
exploited by malicious people to conduct cross-site scripting and SQL
injection attacks.

Full Advisory:
http://secunia.com/advisories/19102/ 

 --

[SA19101] bitweaver "title" Script Insertion Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2006-03-06

Kiki has discovered a vulnerability in bitweaver, which can be
exploited by malicious people to conduct script insertion attacks.

Full Advisory:
http://secunia.com/advisories/19101/ 

 --

[SA19100] vBulletin User Email Address Script Insertion Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2006-03-03

imei addmimistrator has reported a vulnerability in vBulletin, which
can be exploited by malicious people to conduct script insertion
attacks.

Full Advisory:
http://secunia.com/advisories/19100/ 

 --

[SA19096] Aztek Forum Message Body Script Insertion Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2006-03-03

lorenzo has discovered a vulnerability in Aztek Forum, which can be
exploited by malicious people to conduct script insertion attacks.

Full Advisory:
http://secunia.com/advisories/19096/ 

 --

[SA19089] PluggedOut Nexus forgotten_password.php SQL Injection

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2006-03-03

Hamid Ebadi has discovered a vulnerability in PluggedOut Nexus, which
can be exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/19089/ 

 --

[SA19088] NZ Ecommerce Cross-Site Scripting and SQL Injection

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting, Manipulation of data
Released:    2006-03-02

r0t has reported some vulnerabilities in NZ Ecommerce, which can be
exploited by malicious people to conduct cross-site scripting and SQL
injection attacks.

Full Advisory:
http://secunia.com/advisories/19088/ 

 --

[SA19084] VUBB "pass" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2006-03-02

KingOfSKa has discovered a vulnerability in VUBB, which can be
exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/19084/ 

 --

[SA19155] HitHost Cross-Site Scripting and Directory Deletion

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting, Manipulation of data
Released:    2006-03-08

retard has discovered two vulnerabilities in HitHost, which can be
exploited by malicious people to delete empty directories and conduct
cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/19155/ 

 --

[SA19143] Game-Panel "message" Cross-Site Scripting Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2006-03-07

A vulnerability has been reported in Game-Panel, which can be exploited
by malicious people to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/19143/ 

 --

[SA19124] phpArcadeScript Cross-Site Scripting Vulnerabilities

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2006-03-06

retard and jim have reported some vulnerabilities in phpArcadeScript,
which can be exploited by malicious people to conduct cross-site
scripting attacks.

Full Advisory:
http://secunia.com/advisories/19124/ 

 --

[SA19105] Joomla! Multiple Vulnerabilities

Critical:    Less critical
Where:       From remote
Impact:      Unknown, Security Bypass, Manipulation of data, Exposure
of system information
Released:    2006-03-03

Multiple vulnerabilities have been reported in Joomla!, which can be
exploited by malicious users to conduct SQL injection attacks, and by
malicious people to disclose system information and potentially bypass
certain security restrictions.

Full Advisory:
http://secunia.com/advisories/19105/ 

 --

[SA19099] DVGuestbookV2.0 "page" Cross-Site Scripting Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2006-03-06

Liz0ziM has discovered a vulnerability in DVGuestbookV2.0, which can be
exploited by malicious people to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/19099/ 

 --

[SA19098] DVguestbook "dv_gbook.php" Cross-Site Scripting
Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2006-03-06

Liz0ziM has discovered a vulnerability in DVguestbook, which can be
exploited by malicious people to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/19098/ 

 --

[SA19085] SAP Web Application Server URL Handling Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2006-03-03

Arnold Grossmann has reported a vulnerability in SAP Web Application
Server, which can be exploited by malicious people to conduct
cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/19085/ 

 --

[SA19095] Oreka RTP Handling Denial of Service Vulnerability

Critical:    Less critical
Where:       From local network
Impact:      DoS
Released:    2006-03-03

A vulnerability has been reported in Oreka, which can be exploited by
malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/19095/ 



=======================================================================
Secunia recommends that you verify all advisories you receive,
by clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only use
those supplied by the vendor.

Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/ 

Subscribe:
http://secunia.com/secunia_weekly_summary/ 

Contact details:
Web	: http://secunia.com/ 
E-mail	: support@secunia.com 
Tel	: +45 70 20 51 44
Fax	: +45 70 20 51 45



_________________________________
InfoSec News v2.0 - Coming Soon! 
http://www.infosecnews.org 

Site design & layout copyright © 1986-2014 CodeGods