AOH :: ISN-2460.HTM

Secunia Weekly Summary - Issue: 2006-20




Secunia Weekly Summary - Issue: 2006-20
Secunia Weekly Summary - Issue: 2006-20



=======================================================================
                  The Secunia Weekly Advisory Summary                  
                        2006-05-11 - 2006-05-18                        

                       This week: 54 advisories                        

=======================================================================Table of Contents:

1.....................................................Word From Secunia
2....................................................This Week In Brief
3...............................This Weeks Top Ten Most Read Advisories
4.......................................Vulnerabilities Summary Listing
5.......................................Vulnerabilities Content Listing

=======================================================================1) Word From Secunia:

The Secunia staff is spending hours every day to assure you the best
and most reliable source for vulnerability information. Every single 
vulnerability report is being validated and verified before a Secunia
advisory is written.

Secunia validates and verifies vulnerability reports in many different
ways e.g. by downloading the software and performing comprehensive
tests, by reviewing source code, or by validating the credibility of
the source from which the vulnerability report was issued.

As a result, Secunia's database is the most correct and complete source
for recent vulnerability information available on the Internet.

Secunia Online Vulnerability Database:
http://secunia.com/ 

=======================================================================2) This Week in Brief:

Steve Wiseman has reported a vulnerability in RealVNC, which can be
exploited by malicious people to bypass certain security restrictions.

The vulnerability is caused due to an error within the handling of VNC
password authentication requests. This can be exploited to bypass
authentication and allows access to the remote system without
requiring knowledge of the VNC password.

Additional details are available in the referenced Secunia advisory
below.

Reference:
http://secunia.com/SA20107 

 --

Multiple vulnerabilities have been reported in QuickTime, which can
be exploited by malicious people to compromise a user's system.

All users of QuickTime are advised to check for available updates.

Reference:
http://secunia.com/SA20069 

 --

VIRUS ALERTS:

Secunia has not issued any virus alerts during the week.

=======================================================================3) This Weeks Top Ten Most Read Advisories:

1.  [SA20069] QuickTime Multiple Code Execution Vulnerabilities
2.  [SA20107] RealVNC Password Authentication Bypass Vulnerability
3.  [SA19762] Internet Explorer "object" Tag Memory Corruption
              Vulnerability
4.  [SA20077] Mac OS X Security Update Fixes Multiple Vulnerabilities
5.  [SA19738] Internet Explorer "mhtml:" Redirection Disclosure of
              Sensitive Information
6.  [SA19521] Internet Explorer Window Loading Race Condition Address
              Bar Spoofing
7.  [SA18680] Microsoft Internet Explorer "createTextRange()" Code
              Execution
8.  [SA20083] Linux Kernel "lease_init()" Denial of Service
              Vulnerability
9.  [SA20082] Symantec Firewall Products Internal IP Addresses
              Disclosure
10. [SA20084] AliPAGER "ubild" Cross-Site Scripting and SQL Injection

=======================================================================4) Vulnerabilities Summary Listing

Windows:
[SA20136] FreeFTPd SFTP Key Exchange Algorithm String Buffer Overflow
[SA20114] FortressSSH SSH_MSG_KEXINIT Logging Buffer Overflow
[SA20107] RealVNC Password Authentication Bypass Vulnerability
[SA20146] LiveData ICCP Server Buffer Overflow Vulnerability
[SA20112] Azboard Multiple SQL Injection Vulnerabilities
[SA20102] DUbanner Insecure File Upload Vulnerability
[SA20086] FileZilla Unspecified Buffer Overflow Vulnerability
[SA20132] Sun Java JRE Large Temporary File Creation Vulnerability

UNIX/Linux:
[SA20123] Nagios Content-Length Integer Overflow Vulnerability
[SA20117] SUSE Updates for Multiple Packages
[SA20094] Empire Server "client_cmd()" Denial of Service Vulnerability
[SA20139] Novell eDirectory iMonitor Unspecified Buffer Overflow
Vulnerability
[SA20124] Debian update for phpldapadmin
[SA20137] Ubuntu update for Quagga
[SA20127] Sun N1 System Manager Password Disclosure Vulnerability
[SA20108] Debian update for webcalendar
[SA20116] Quagga bgpd Denial of Service Vulnerability

Other:
[SA20109] AdderLink IP Unspecified VNC Vulnerability
[SA20085] ClamXav freshclam suid Permissions Security Issue

Cross Platform:
[SA20135] DeluxeBB Multiple File Extensions File Upload Vulnerability
[SA20128] NewsPortal Cross-Site Scripting and File Inclusion
[SA20121] Squirrelcart "cart_isp_root" File Inclusion Vulnerability
[SA20120] Quezza "quezza_root_path" File Inclusion Vulnerability
[SA20119] TR Newsportal "file_newsportal" Parameter File Inclusion
Vulnerability
[SA20115] Php Blue Dragon CMS "vsDragonRootPath" File Inclusion
[SA20103] ezUserManager "ezUserManager_Path" File Inclusion
Vulnerability
[SA20099] Genecys Buffer Overflow and Denial of Service
[SA20098] Outgun Multiple Vulnerabilities
[SA20097] Raydium Multiple Vulnerabilities
[SA20092] phpBB foing Module "phpbb_root_path" File Inclusion
[SA20090] Unclassified NewsBoard "ABBC[Config][smileset]" Local File
Inclusion
[SA20087] PopPhoto "cfg[popphoto_base_path]" File Inclusion
Vulnerability
[SA20133] RadLance Gold "popup.php" Local File Inclusion Vulnerability
[SA20131] Sphider Multiple Vulnerabilities
[SA20129] PHP-Fusion "srch_where" SQL Injection Vulnerablility
[SA20125] Caucho Resin Two Disclosure of Sensitive Information
Vulnerabilities
[SA20106] Hitachi EUR Unspecified SQL Injection Vulnerability
[SA20104] DeluxeBB "name" SQL Injection Vulnerability
[SA20096] GNUnet Empty UDP Datagram Denial of Service Vulnerability
[SA20089] e107 "e107_cookie" Parameter SQL Injection Vulnerability
[SA20088] phpCOIN E-Mail Address Disclosure of Arbitrary Messages
[SA20084] AliPAGER "ubild" Cross-Site Scripting and SQL Injection
[SA20144] Sun Java System Directory Server Authentication Bypass
[SA20141] phpRemoteView Multiple Cross-Site Scripting Vulnerabilities
[SA20130] BEA WebLogic Server/Express Multiple Security Issues
[SA20118] Directory Listing Script "dir" Cross-Site Scripting
Vulnerability
[SA20113] phpMyAdmin "theme" and "db" Cross-Site Scripting
Vulnerabilities
[SA20111] phpODP "browse" Cross-Site Scripting Vulnerability
[SA20110] Jax Guestbook "guestbook.admin.php" Cross-Site Scripting
[SA20105] Confixx Pro "login" Parameter Cross-Site Scripting
Vulnerability
[SA20101] FlexChat "username" Parameter Cross-Site Scripting
[SA20095] GPhotos Cross-Site Scripting and Disclosure of Arbitrary
Directories
[SA20091] OZJournals "vname" Parameter Cross-Site Scripting
[SA20093] phpBB "Upload Avatar from a URL" Remote HTTP Request
Weakness

=======================================================================5) Vulnerabilities Content Listing

Windows:--

[SA20136] FreeFTPd SFTP Key Exchange Algorithm String Buffer Overflow

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2006-05-17

A vulnerability has been reported in FreeFTPd, which can be exploited
by malicious people to cause a DoS (Denial of Service) and potentially
compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/20136/ 

 --

[SA20114] FortressSSH SSH_MSG_KEXINIT Logging Buffer Overflow

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2006-05-16

Gerry Eisenhaur has discovered a vulnerability in FortressSSH, which
can be exploited by malicious people to compromise a vulnerable
system.

Full Advisory:
http://secunia.com/advisories/20114/ 

 --

[SA20107] RealVNC Password Authentication Bypass Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      Security Bypass
Released:    2006-05-15

Steve Wiseman has reported a vulnerability in RealVNC, which can be
exploited by malicious people to bypass certain security restrictions.

Full Advisory:
http://secunia.com/advisories/20107/ 

 --

[SA20146] LiveData ICCP Server Buffer Overflow Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2006-05-17

A vulnerability has been reported in LiveData ICCP Server, which can be
exploited by malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/20146/ 

 --

[SA20112] Azboard Multiple SQL Injection Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2006-05-16

x90c has reported some vulnerabilities, which can be exploited by
malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/20112/ 

 --

[SA20102] DUbanner Insecure File Upload Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2006-05-16

Dj ReMix has discovered a vulnerability in DUbanner, which can be
exploited by malicious users to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/20102/ 

 --

[SA20086] FileZilla Unspecified Buffer Overflow Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2006-05-15

A vulnerability has been reported in FileZilla, which potentially can
be exploited by malicious people to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/20086/ 

 --

[SA20132] Sun Java JRE Large Temporary File Creation Vulnerability

Critical:    Not critical
Where:       From remote
Impact:      DoS
Released:    2006-05-16

Marc Schoenefeld has discovered a vulnerability in Sun Java JRE (Java
Runtime Environment), which can be exploited by malicious people to
cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/20132/ 


UNIX/Linux:--

[SA20123] Nagios Content-Length Integer Overflow Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2006-05-16

A vulnerability has been reported in Nagios, which can be exploited by
malicious people to cause a DoS (Denial of Service) and potentially
compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/20123/ 

 --

[SA20117] SUSE Updates for Multiple Packages

Critical:    Highly critical
Where:       From remote
Impact:      Security Bypass, Cross Site Scripting, DoS, System access
Released:    2006-05-15

SUSE has issued an update for multiple packages. This fixes some
vulnerabilities, which potentially can be exploited by malicious, local
users to cause a DoS (Denial of Service) and by malicious people to
cause files to be extracted to arbitrary locations on a user's system,
bypass certain security restrictions, conduct cross-site scripting
attacks, cause a DoS (Denial of Service), or compromise a vulnerable
system.

Full Advisory:
http://secunia.com/advisories/20117/ 

 --

[SA20094] Empire Server "client_cmd()" Denial of Service Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2006-05-15

Luigi Auriemma has reported a vulnerability in Empire Server, which can
be exploited by malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/20094/ 

 --

[SA20139] Novell eDirectory iMonitor Unspecified Buffer Overflow
Vulnerability

Critical:    Moderately critical
Where:       From local network
Impact:      DoS, System access
Released:    2006-05-18

A vulnerability has been reported in in Novell eDirectory, which
potentially can be exploited by malicious people to cause a DoS (Denial
of Service) and compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/20139/ 

 --

[SA20124] Debian update for phpldapadmin

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2006-05-16

Debian has issued an update for phpldapadmin. This fixes some
vulnerabilities, which can be exploited by malicious users to conduct
script insertion attacks and by malicious people to conduct cross-site
scripting attacks.

Full Advisory:
http://secunia.com/advisories/20124/ 

 --

[SA20137] Ubuntu update for Quagga

Critical:    Less critical
Where:       From local network
Impact:      Security Bypass, Exposure of system information, DoS
Released:    2006-05-16

Ubuntu has issued an update for Quagga. This fixes two security issues
and a vulnerability, which can be exploited by malicious, local users
to cause a DoS (Denial of Service) and by malicious people to bypass
certain security restrictions, and to disclose system information.

Full Advisory:
http://secunia.com/advisories/20137/ 

 --

[SA20127] Sun N1 System Manager Password Disclosure Vulnerability

Critical:    Less critical
Where:       Local system
Impact:      Exposure of sensitive information
Released:    2006-05-18

A vulnerability has been reported in Sun N1 System Manager, which can
be exploited by malicious, local users to disclose potentially
sensitive information.

Full Advisory:
http://secunia.com/advisories/20127/ 

 --

[SA20108] Debian update for webcalendar

Critical:    Not critical
Where:       From remote
Impact:      Exposure of system information
Released:    2006-05-15

Debian has issued an update for webcalendar. This fixes a weakness,
which can be exploited by malicious people to identify valid user
accounts.

Full Advisory:
http://secunia.com/advisories/20108/ 

 --

[SA20116] Quagga bgpd Denial of Service Vulnerability

Critical:    Not critical
Where:       Local system
Impact:      DoS
Released:    2006-05-15

Fredrik Widell has reported a vulnerability in Quagga, which can be
exploited by malicious, local users to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/20116/ 


Other:--

[SA20109] AdderLink IP Unspecified VNC Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      Unknown
Released:    2006-05-16

A vulnerability with unknown impact has been reported in AdderLink IP.

Full Advisory:
http://secunia.com/advisories/20109/ 

 --

[SA20085] ClamXav freshclam suid Permissions Security Issue

Critical:    Less critical
Where:       Local system
Impact:      Exposure of sensitive information
Released:    2006-05-15

Kevin Finisterre has reported a security issue in ClamXav, which can be
exploited by malicious, local users to disclose potentially sensitive
information.

Full Advisory:
http://secunia.com/advisories/20085/ 


Cross Platform:--

[SA20135] DeluxeBB Multiple File Extensions File Upload Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2006-05-17

rgod has discovered a vulnerability in DeluxeBB, which potentially can
be exploited by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/20135/ 

 --

[SA20128] NewsPortal Cross-Site Scripting and File Inclusion

Critical:    Highly critical
Where:       From remote
Impact:      Cross Site Scripting, System access
Released:    2006-05-17

Some vulnerabilities have been reported in NewsPortal, which can be
exploited by malicious people to conduct cross-site scripting attacks
and compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/20128/ 

 --

[SA20121] Squirrelcart "cart_isp_root" File Inclusion Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2006-05-16

OLiBekaS has reported a vulnerability in Squirrelcart, which can be
exploited by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/20121/ 

 --

[SA20120] Quezza "quezza_root_path" File Inclusion Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2006-05-17

Mustafa Can Bjorn has reported a vulnerability in Quezza, which can be
exploited by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/20120/ 

 --

[SA20119] TR Newsportal "file_newsportal" Parameter File Inclusion
Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2006-05-16

Kacper has discovered a vulnerability in TR Newsportal, which can be
exploited by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/20119/ 

 --

[SA20115] Php Blue Dragon CMS "vsDragonRootPath" File Inclusion

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2006-05-15

Kacper has discovered a vulnerability in Php Blue Dragon CMS, which can
be exploited by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/20115/ 

 --

[SA20103] ezUserManager "ezUserManager_Path" File Inclusion
Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2006-05-16

OLiBekaS has discovered a vulnerability in ezUserManager, which can be
exploited by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/20103/ 

 --

[SA20099] Genecys Buffer Overflow and Denial of Service

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2006-05-15

Luigi Auriemma has reported two vulnerabilities in Genecys, which can
be exploited by malicious people to cause a DoS (Denial of Service) and
potentially to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/20099/ 

 --

[SA20098] Outgun Multiple Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2006-05-15

Luigi Auriemma has reported some vulnerabilities in Outgun, which can
be exploited by malicious people to cause a DoS (Denial of Service) and
potentially compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/20098/ 

 --

[SA20097] Raydium Multiple Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2006-05-15

Luigi Auriemma has reported some vulnerabilities in Raydium, which can
be exploited by malicious people to cause a DoS (Denial of Service) and
potentially compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/20097/ 

 --

[SA20092] phpBB foing Module "phpbb_root_path" File Inclusion

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2006-05-15

Kurdish Security has discovered some vulnerabilities in the foing
module for phpBB, which can be exploited by malicious people to
compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/20092/ 

 --

[SA20090] Unclassified NewsBoard "ABBC[Config][smileset]" Local File
Inclusion

Critical:    Highly critical
Where:       From remote
Impact:      Exposure of sensitive information, System access
Released:    2006-05-12

rgod has reported a vulnerability in Unclassified NewsBoard, which can
be exploited by malicious people to disclose sensitive information and
compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/20090/ 

 --

[SA20087] PopPhoto "cfg[popphoto_base_path]" File Inclusion
Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2006-05-15

VietMafia has reported a vulnerability in PopPhoto, which can be
exploited by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/20087/ 

 --

[SA20133] RadLance Gold "popup.php" Local File Inclusion Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Exposure of sensitive information
Released:    2006-05-16

Mr.CrackerZ has reported a vulnerability in RadLance Gold, which can be
exploited by malicious people to disclose sensitive information.

Full Advisory:
http://secunia.com/advisories/20133/ 

 --

[SA20131] Sphider Multiple Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting, Manipulation of data
Released:    2006-05-17

Some vulnerabilities have been discovered in Sphider, which can be
exploited by malicious people to conduct cross-site scripting attacks
and SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/20131/ 

 --

[SA20129] PHP-Fusion "srch_where" SQL Injection Vulnerablility

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2006-05-17

rgod has discovered a vulnerability in PHP-Fusion, which can be
exploited by malicious users to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/20129/ 

 --

[SA20125] Caucho Resin Two Disclosure of Sensitive Information
Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Exposure of sensitive information
Released:    2006-05-17

Two vulnerabilities have been reported in Caucho Resin, which can be
exploited by malicious people to disclose sensitive information.

Full Advisory:
http://secunia.com/advisories/20125/ 

 --

[SA20106] Hitachi EUR Unspecified SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2006-05-17

A vulnerability has been reported in EUR, which can be exploited by
malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/20106/ 

 --

[SA20104] DeluxeBB "name" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2006-05-16

KingOfSka has discovered a vulnerability in DeluxeBB, which can be
exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/20104/ 

 --

[SA20096] GNUnet Empty UDP Datagram Denial of Service Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2006-05-15

Luigi Auriemma has reported a vulnerability in GNUnet, which can be
exploited by malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/20096/ 

 --

[SA20089] e107 "e107_cookie" Parameter SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2006-05-15

socsam has discovered a vulnerability in e107, which can be exploited
by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/20089/ 

 --

[SA20088] phpCOIN E-Mail Address Disclosure of Arbitrary Messages

Critical:    Moderately critical
Where:       From remote
Impact:      Exposure of sensitive information
Released:    2006-05-12

A vulnerability has been reported in phpCOIN, which can be exploited by
malicious people to disclose sensitive information.

Full Advisory:
http://secunia.com/advisories/20088/ 

 --

[SA20084] AliPAGER "ubild" Cross-Site Scripting and SQL Injection

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting, Manipulation of data
Released:    2006-05-11

Hamid Ebadi has discovered a vulnerability in AliPAGER, which can be
exploited by malicious people to conduct cross-site scripting attacks
and SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/20084/ 

 --

[SA20144] Sun Java System Directory Server Authentication Bypass

Critical:    Moderately critical
Where:       From local network
Impact:      Security Bypass
Released:    2006-05-17

A security issue has been reported in Sun Java System Directory Server,
which can be exploited by malicious people to gain unauthorised access.

Full Advisory:
http://secunia.com/advisories/20144/ 

 --

[SA20141] phpRemoteView Multiple Cross-Site Scripting Vulnerabilities

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2006-05-17

Soot has discovered some vulnerabilities in phpRemoteView, which can be
exploited by malicious people to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/20141/ 

 --

[SA20130] BEA WebLogic Server/Express Multiple Security Issues

Critical:    Less critical
Where:       From remote
Impact:      Security Bypass, Exposure of system information, Exposure
of sensitive information
Released:    2006-05-16

Multiple security issues and a vulnerability have been reported in
WebLogic Server / Express, which can be exploited by malicious people
to disclose system and sensitive information, and bypass certain
security restrictions.

Full Advisory:
http://secunia.com/advisories/20130/ 

 --

[SA20118] Directory Listing Script "dir" Cross-Site Scripting
Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2006-05-15

Kiki has discovered a vulnerability in Directory Listing Script, which
can be exploited by malicious people to conduct cross-site scripting
attacks.

Full Advisory:
http://secunia.com/advisories/20118/ 

 --

[SA20113] phpMyAdmin "theme" and "db" Cross-Site Scripting
Vulnerabilities

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2006-05-15

Two vulnerabilities have been reported in phpMyAdmin, which can be
exploited by malicious people to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/20113/ 

 --

[SA20111] phpODP "browse" Cross-Site Scripting Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2006-05-15

Kiki has discovered a vulnerability in phpODP, which can be exploited
by malicious people to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/20111/ 

 --

[SA20110] Jax Guestbook "guestbook.admin.php" Cross-Site Scripting

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2006-05-15

Kiki has discovered a vulnerability in Jax Guestbook, which can be
exploited by malicious people to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/20110/ 

 --

[SA20105] Confixx Pro "login" Parameter Cross-Site Scripting
Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2006-05-16

LoK-Crew has reported a vulnerability in Confixx Pro, which can be
exploited by malicious people to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/20105/ 

 --

[SA20101] FlexChat "username" Parameter Cross-Site Scripting

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2006-05-15

r0t has discovered a vulnerability in FlexChat, which can be exploited
by malicious people to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/20101/ 

 --

[SA20095] GPhotos Cross-Site Scripting and Disclosure of Arbitrary
Directories

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting, Exposure of system information
Released:    2006-05-15

Moroccan Security has discovered some vulnerabilities and a weakness in
GPhotos, which can be exploited by malicious people to disclose system
information and conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/20095/ 

 --

[SA20091] OZJournals "vname" Parameter Cross-Site Scripting

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2006-05-12

Kiki has discovered a vulnerability in OZJournals, which can be
exploited by malicious people to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/20091/ 

 --

[SA20093] phpBB "Upload Avatar from a URL" Remote HTTP Request
Weakness

Critical:    Not critical
Where:       From remote
Impact:      Security Bypass
Released:    2006-05-16

rgod has discovered a weakness in phpBB, which can be exploited by
malicious people to use it for making HTTP requests to other sites.

Full Advisory:
http://secunia.com/advisories/20093/ 



=======================================================================
Secunia recommends that you verify all advisories you receive,
by clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only use
those supplied by the vendor.

Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/ 

Subscribe:
http://secunia.com/secunia_weekly_summary/ 

Contact details:
Web	: http://secunia.com/ 
E-mail	: support@secunia.com 
Tel	: +45 70 20 51 44
Fax	: +45 70 20 51 45



_________________________________
Attend the Black Hat Briefings and
Training, Las Vegas July 29 - August 3
2,500+ international security experts from 40 nations,
10 tracks, no vendor pitches.
www.blackhat.com 

Site design & layout copyright © 1986-2014 CodeGods