AOH :: ISN-2498.HTM

Secunia Weekly Summary - Issue: 2006-21




Secunia Weekly Summary - Issue: 2006-21
Secunia Weekly Summary - Issue: 2006-21



=======================================================================
                  The Secunia Weekly Advisory Summary                  
                        2006-05-18 - 2006-05-25                        

                       This week: 108 advisories                       

=======================================================================Table of Contents:

1.....................................................Word From Secunia
2....................................................This Week In Brief
3...............................This Weeks Top Ten Most Read Advisories
4.......................................Vulnerabilities Summary Listing
5.......................................Vulnerabilities Content Listing

=======================================================================1) Word From Secunia:

The Secunia staff is spending hours every day to assure you the best
and most reliable source for vulnerability information. Every single 
vulnerability report is being validated and verified before a Secunia
advisory is written.

Secunia validates and verifies vulnerability reports in many different
ways e.g. by downloading the software and performing comprehensive
tests, by reviewing source code, or by validating the credibility of
the source from which the vulnerability report was issued.

As a result, Secunia's database is the most correct and complete source
for recent vulnerability information available on the Internet.

Secunia Online Vulnerability Database:
http://secunia.com/ 

=======================================================================2) This Week in Brief:

Secunia has issued a rare "Extremely Critical" Secunia advisory for a
"Zero-day" vulnerability in Microsoft Word, which can be exploited by
malicious people to compromise a user's system.

See additional details and other references in the referenced Secunia
advisory below.

Reference:
http://secunia.com/SA20153 

 --

VIRUS ALERTS:

Secunia has not issued any virus alerts during the week.

=======================================================================3) This Weeks Top Ten Most Read Advisories:

1.  [SA20153] Microsoft Word Malformed Object Code Execution
              Vulnerability
2.  [SA20154] Skype URL Handling File Disclosure Vulnerability
3.  [SA20107] RealVNC Password Authentication Bypass Vulnerability
4.  [SA19762] Internet Explorer "object" Tag Memory Corruption
              Vulnerability
5.  [SA20244] Firefox Exception Handling Full Path Disclosure Weakness
6.  [SA19521] Internet Explorer Window Loading Race Condition Address
              Bar Spoofing
7.  [SA19738] Internet Explorer "mhtml:" Redirection Disclosure of
              Sensitive Information
8.  [SA20168] Solaris in.ftpd Directory Access Restriction Bypass
              Vulnerability
9.  [SA18680] Microsoft Internet Explorer "createTextRange()" Code
              Execution
10. [SA20158] Invision Power Board Multiple Vulnerabilities

=======================================================================4) Vulnerabilities Summary Listing

Windows:
[SA20233] PDF Form Filling and Flattening Tool Field Name Buffer
Overflow
[SA20190] Zix Forum "layid" SQL Injection Vulnerability
[SA20178] Fujitsu MyWeb Products SQL Injection Vulnerability
[SA20172] IntelliTamper Site Map File Buffer Overflow Vulnerability
[SA20171] CodeAvalanche News "password" SQL Injection Vulnerability
[SA20165] FrontRange iHEAT Host System Access Vulnerability
[SA20207] BitZipper Multiple Archive Directory Traversal Vulnerability
[SA20175] aspbb Cross-Site Scripting Vulnerabilities
[SA20261] Cisco VPN Client Privilege Escalation Vulnerability
[SA20194] Novell Client Clipboard Content Handling Weakness

UNIX/Linux:
[SA20275] Debian update for mpg123
[SA20247] Debian update for nagios
[SA20243] UnixWare update for Sendmail
[SA20240] mpg123 "III_i_stereo()" Function Buffer Overflow
Vulnerability
[SA20235] HP-UX Motif Applications libXpm Image Decoding
Vulnerabilities
[SA20215] SUSE Updates for Multiple Packages
[SA20214] HP Tru64 UNIX Firefox/Mozilla Application Suite
Vulnerability
[SA20210] SGI Advanced Linux Environment Multiple Updates
[SA20203] Debian update for phpgroupware
[SA20186] Ubuntu update for awstats
[SA20170] Debian update for awstats
[SA20277] Tor Weakness and Multiple Vulnerabilities
[SA20274] Publicist SQL Injection and Script Insertion Vulnerabilities
[SA20254] Ubuntu update for dia
[SA20238] Perlpodder Shell Command Injection Vulnerability
[SA20237] Red Hat update for kernel
[SA20232] Red Hat update for postgresql
[SA20222] Red Hat update for php
[SA20217] HP-UX BIND4 DNS Cache Poisoning Vulnerability
[SA20208] Prodder Podcast Feed Shell Command Injection Vulnerability
[SA20202] Debian update for kernel-source-2.4.18
[SA20199] Dia Multiple Format String Vulnerabilities
[SA20191] Debian update for cscope
[SA20188] GNU Binutils libbfd TekHex Record Handling Vulnerability
[SA20185] Linux Kernel Netfilter Weakness and Two SCTP Vulnerabilities
[SA20163] Debian update for kernel-source-2.4.19
[SA20162] Debian update for kernel-source-2.4.16
[SA20269] Mandriva update for php
[SA20205] Debian update for popfile
[SA20197] Debian update for phpbb2
[SA20168] Solaris in.ftpd Directory Access Restriction Bypass
Vulnerability
[SA20267] Apple Xcode WebObjects Plugin Access Control Vulnerability
[SA20265] Mandriva update for hostapd
[SA20253] Debian update for mysql
[SA20241] Debian update for mysql-dfsg
[SA20225] Linux Kernel SNMP NAT Helper Denial of Service
[SA20223] Trustix update for mysql
[SA20221] Debian update for quagga
[SA20195] Debian update for hostapd
[SA20182] Mandriva update for kernel
[SA20230] HP-UX Software Distributor Privilege Escalation
Vulnerability
[SA20224] XScreenSaver Insecure Temporary File Creation Vulnerability
[SA20206] Debian update for kernel-patch-vserver
[SA20180] SAP sapdba Command Insecure Environment Variable Handling
[SA20166] Debian update for fbi
[SA20227] HP-UX Kernel Denial of Service Vulnerability

Other:
[SA20183] Sitecom WL-153 UPnP Shell Command Injection Vulnerability
[SA20169] Edimax BR-6104K UPnP Shell Command Injection Vulnerability
[SA20184] ZyXEL P-335WT UPnP Port Mapping Vulnerability

Cross Platform:
[SA20264] RWiki Script Insertion and Ruby Code Injection
Vulnerabilities
[SA20260] Docebo Multiple File Inclusion Vulnerabilities
[SA20258] DSChat Script Insertion and PHP Code Execution
Vulnerabilities
[SA20257] PunkBuster WebTool Buffer Overflow Vulnerability
[SA20245] PHP Easy Galerie "includepath" Parameter File Inclusion
Vulnerability
[SA20242] UBB.threads "thispath" Parameter File Inclusion
Vulnerability
[SA20236] Russcom.Ping "domain" Shell Command Injection Vulnerability
[SA20219] Nucleus "GLOBALS[DIR_LIBS]" Parameter File Inclusion
Vulnerability
[SA20209] phpMyDirectory "ROOT_PATH" File Inclusion Vulnerability
[SA20204] artmedic newsletter "log.php" PHP Code Injection
Vulnerability
[SA20198] phpBazar "language_dir" File Inclusion Vulnerability
[SA20278] HyperStop Web Host Directory "uri" SQL Injection
Vulnerability
[SA20276] AlstraSoft Web Host Directory "uri" SQL Injection
Vulnerability
[SA20263] Diesel Joke Site "id" Parameter SQL Injection Vulnerability
[SA20262] e107 Unspecified SQL Injection Vulnerabilities
[SA20259] Chatty "username" Parameter Script Insertion Vulnerability
[SA20252] Hiox Guestbook Script Insertion Vulnerability
[SA20250] NetPanzer "setFrame()" Denial of Service Vulnerability
[SA20248] Destiney Links Script Multiple Vulnerabilities
[SA20246] ipLogger "User-Agent" HTTP Header Script Insertion
Vulnerability
[SA20239] phpwcms Cross-Site Scripting and Local File Inclusion
[SA20234] SkyeBox "post.php" Script Insertion Vulnerability
[SA20231] PostgreSQL Encoding-Based SQL Injection Vulnerability
[SA20229] AlstraSoft E-Friends Script Insertion Vulnerabilities
[SA20228] AlstraSoft Article Manager Pro SQL Injection and Script
Insertion
[SA20220] phpListPro "Language" Local File Inclusion Vulnerability
[SA20216] Dayfox Blog "slog_users.txt" Exposure of User Credentials
[SA20213] Stylish Text Ads Script "id" SQL Injection Vulnerability
[SA20211] Coppermine Photo Gallery Multiple File Extensions
Vulnerability
[SA20201] DGBook "index.php" Multiple Vulnerabilities
[SA20192] Xtreme Topsites Cross-Site Scripting and SQL Injection
Vulnerabilities
[SA20189] MediaWiki Script Insertion Vulnerabilities
[SA20187] UseBB Cross-Site Scripting and SQL Injection Vulnerabilities
[SA20181] Horizontal Shooter BOR Mod File Handling Format String
Vulnerability
[SA20177] Cosmoshop SQL Injection and Disclosure of Sensitive
Information
[SA20176] Xoops Local File Inclusion Vulnerabilities
[SA20174] OpenBOR Engine Mod File Handling Format String Vulnerability
[SA20173] Beats of Rage (BOR) Engine Format String Vulnerability
[SA20167] 4R Linklist "cat" SQL Injection Vulnerability
[SA20196] HP OpenView Storage Data Protector Arbitrary Command
Execution
[SA20193] HP OpenView Network Node Manager Arbitrary Command Execution
[SA20251] Alkacon OpenCms "query" Cross-Site Scripting Vulnerability
[SA20249] Destiney Rated Images Script Multiple Script Insertion
Vulnerabilities
[SA20212] JemScripts DownloadControl "dcid" Cross-Site Scripting
Vulnerability
[SA20266] SiteScape Forum Information Disclosure Weaknesses
[SA20256] Mozilla Suite Exception Handling Full Path Disclosure
Weakness
[SA20255] Netscape Exception Handling Full Path Disclosure Weakness
[SA20244] Firefox Exception Handling Full Path Disclosure Weakness

=======================================================================5) Vulnerabilities Content Listing

Windows:--

[SA20233] PDF Form Filling and Flattening Tool Field Name Buffer
Overflow

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2006-05-24

George D. Gal has reported a vulnerability in PDF Form Filling and
Flattening Tool, which potentially can be exploited by malicious people
to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/20233/ 

 --

[SA20190] Zix Forum "layid" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2006-05-22

PHP Emperor has discovered a vulnerability in Zix Forum, which can be
exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/20190/ 

 --

[SA20178] Fujitsu MyWeb Products SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2006-05-22

A vulnerability has been reported in Fujitsu MyWeb products, which can
be exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/20178/ 

 --

[SA20172] IntelliTamper Site Map File Buffer Overflow Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2006-05-19

Devil00 has discovered a vulnerability in IntelliTamper, which can be
exploited by malicious people to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/20172/ 

 --

[SA20171] CodeAvalanche News "password" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2006-05-19

Omnipresent has reported a vulnerability in CodeAvalanche News, which
can be exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/20171/ 

 --

[SA20165] FrontRange iHEAT Host System Access Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2006-05-24

mcdanielar has reported a vulnerability in FrontRange iHEAT, which
potentially can be exploited by malicious users to compromise a
vulnerable system.

Full Advisory:
http://secunia.com/advisories/20165/ 

 --

[SA20207] BitZipper Multiple Archive Directory Traversal Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      System access
Released:    2006-05-22

Hamid Ebadi has discovered a vulnerability in BitZipper, which
potentially can be exploited by malicious people to compromise a user's
system.

Full Advisory:
http://secunia.com/advisories/20207/ 

 --

[SA20175] aspbb Cross-Site Scripting Vulnerabilities

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2006-05-19

TeufeL has reported two vulnerabilities in aspbb, which can be
exploited by malicious people to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/20175/ 

 --

[SA20261] Cisco VPN Client Privilege Escalation Vulnerability

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2006-05-25

A vulnerability has been reported in Cisco VPN Client, which can be
exploited by malicious, local users to gain escalated privileges on a
vulnerable system.

Full Advisory:
http://secunia.com/advisories/20261/ 

 --

[SA20194] Novell Client Clipboard Content Handling Weakness

Critical:    Not critical
Where:       Local system
Impact:      Manipulation of data, Exposure of sensitive information
Released:    2006-05-23

Eitan Caspi has reported a weakness in Novell Client, which can be
exploited by malicious people to disclose potentially sensitive
information and to manipulate certain information.

Full Advisory:
http://secunia.com/advisories/20194/ 


UNIX/Linux:--

[SA20275] Debian update for mpg123

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2006-05-25

Debian has issued an update for mpg123. This fixes a vulnerability,
which potentially can be exploited by malicious people to compromise a
user's system.

Full Advisory:
http://secunia.com/advisories/20275/ 

 --

[SA20247] Debian update for nagios

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2006-05-23

Debian has issued an update for nagios. This fixes two vulnerabilities,
which can be exploited by malicious people to cause a DoS (Denial of
Service) and potentially compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/20247/ 

 --

[SA20243] UnixWare update for Sendmail

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2006-05-23

SCO has issued an update for Sendmail. This fixes a vulnerability,
which can be exploited by malicious people to compromise a vulnerable
system.

Full Advisory:
http://secunia.com/advisories/20243/ 

 --

[SA20240] mpg123 "III_i_stereo()" Function Buffer Overflow
Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2006-05-25

A. Alejandro Hern=E1ndez has reported a vulnerability in mpg123, which
potentially can be exploited by malicious people to compromise a user's
system.

Full Advisory:
http://secunia.com/advisories/20240/ 

 --

[SA20235] HP-UX Motif Applications libXpm Image Decoding
Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2006-05-23

HP has acknowledged a vulnerability in HP-UX running Motif
applications, which potentially can be exploited by malicious people to
compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/20235/ 

 --

[SA20215] SUSE Updates for Multiple Packages

Critical:    Highly critical
Where:       From remote
Impact:      Security Bypass, Cross Site Scripting, Manipulation of
data, DoS, System access
Released:    2006-05-22

SUSE has issued updates for multiple packages. These fix some
vulnerabilities, which potentially can be exploited by malicious people
to conduct HTTP request smuggling attacks, cause a DoS (Denial of
Service) and potentially compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/20215/ 

 --

[SA20214] HP Tru64 UNIX Firefox/Mozilla Application Suite
Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2006-05-23

HP has acknowledged a vulnerability in HP Tru64 UNIX running
Firefox/Mozilla Application Suite, which can be exploited by malicious
people to cause a DoS (Denial of Service) and potentially compromise a
user's system.

Full Advisory:
http://secunia.com/advisories/20214/ 

 --

[SA20210] SGI Advanced Linux Environment Multiple Updates

Critical:    Highly critical
Where:       From remote
Impact:      Security Bypass, Cross Site Scripting, Manipulation of
data, Exposure of sensitive information, DoS, System access
Released:    2006-05-24

SGI has issued a patch for SGI Advanced Linux Environment. This fixes
some vulnerabilities, which can be exploited by malicious, local users
to bypass certain security restrictions, by malicious users to cause a
DoS (Denial of Service), manipulate certain information, and compromise
a vulnerable system, or by malicious people to use PHP as an open mail
relay, gain knowledge of potentially sensitive information, conduct
cross-site scripting attacks and script insertion attacks, cause a DoS,
and compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/20210/ 

 --

[SA20203] Debian update for phpgroupware

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2006-05-22

Debian has issued an update for phpgroupware. This fixes a
vulnerability, which can be exploited by malicious people to compromise
a vulnerable system.

Full Advisory:
http://secunia.com/advisories/20203/ 

 --

[SA20186] Ubuntu update for awstats

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2006-05-23

Ubuntu has issued an update for awstats. This fixes a vulnerability,
which can be exploited by malicious people to compromise a vulnerable
system.

Full Advisory:
http://secunia.com/advisories/20186/ 

 --

[SA20170] Debian update for awstats

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2006-05-19

Debian has issued an update for awstats. This fixes a vulnerability,
which can be exploited by malicious people to compromise a vulnerable
system.

Full Advisory:
http://secunia.com/advisories/20170/ 

 --

[SA20277] Tor Weakness and Multiple Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      
Released:    2006-05-25

Some vulnerabilities and a weakness have been reported in Tor, which
can be exploited by malicious people to spoof log entries, disclose
certain sensitive information, and cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/20277/ 

 --

[SA20274] Publicist SQL Injection and Script Insertion Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting, Manipulation of data
Released:    2006-05-25

luny has reported some vulnerabilities in Publicist, which can be
exploited by malicious people to conduct script insertion and SQL
injection attacks.

Full Advisory:
http://secunia.com/advisories/20274/ 

 --

[SA20254] Ubuntu update for dia

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2006-05-24

Ubuntu has issued an update for dia. This fixes some vulnerabilities,
which potentially can be exploited by malicious people to compromise a
user's system.

Full Advisory:
http://secunia.com/advisories/20254/ 

 --

[SA20238] Perlpodder Shell Command Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2006-05-23

RedTeam has reported a vulnerability in Perlpodder, which can be
exploited by malicious people to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/20238/ 

 --

[SA20237] Red Hat update for kernel

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass, DoS
Released:    2006-05-24

Red Hat has issued an update for the kernel. This fixes some
vulnerabilities, which can be exploited by malicious, local users and
by malicious people to bypass certain security restrictions and cause a
DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/20237/ 

 --

[SA20232] Red Hat update for postgresql

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass, Manipulation of data
Released:    2006-05-24

Red Hat has issued an update for postgresql. This fixes two
vulnerabilities and a weakness, which potentially can be exploited by
malicious, local users to bypass certain security restrictions, and by
malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/20232/ 

 --

[SA20222] Red Hat update for php

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting, DoS, System access
Released:    2006-05-24

Red Hat has issued an update for php. This fixes some vulnerabilities,
which can be exploited by malicious users to cause a DoS (Denial of
Service) or compromise a vulnerable system, and by malicious people to
conduct cross-site scripting attacks and potentially to compromise a
vulnerable system.

Full Advisory:
http://secunia.com/advisories/20222/ 

 --

[SA20217] HP-UX BIND4 DNS Cache Poisoning Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Spoofing, Manipulation of data
Released:    2006-05-23

A vulnerability has been reported in HP-UX, which can be exploited by
malicious people to poison the DNS cache.

Full Advisory:
http://secunia.com/advisories/20217/ 

 --

[SA20208] Prodder Podcast Feed Shell Command Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2006-05-22

RedTeam has reported a vulnerability in Prodder, which can be exploited
by malicious people to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/20208/ 

 --

[SA20202] Debian update for kernel-source-2.4.18

Critical:    Moderately critical
Where:       From remote
Impact:      Exposure of system information, Exposure of sensitive
information, Privilege escalation, DoS, System access
Released:    2006-05-23

Debian has issued an update for kernel-source-2.4.18. This fixes some
vulnerabilities, which can be exploited by malicious, local users to
gain knowledge of sensitive information, cause a DoS (Denial of
Service), gain escalated privileges, and by malicious people to cause a
DoS, and disclose potentially sensitive information.

Full Advisory:
http://secunia.com/advisories/20202/ 

 --

[SA20199] Dia Multiple Format String Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2006-05-22

Some vulnerabilities have been reported in Dia, which potentially can
be exploited by malicious people to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/20199/ 

 --

[SA20191] Debian update for cscope

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2006-05-22

Debian has issued an update for cscope. This fixes a vulnerability,
which can be exploited by malicious people to potentially compromise a
user's system.

Full Advisory:
http://secunia.com/advisories/20191/ 

 --

[SA20188] GNU Binutils libbfd TekHex Record Handling Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2006-05-23

Jes=FAs Olmos Gonzalez has reported a vulnerability in GNU Binutils,
which can be exploited by malicious people to cause a DoS (Denial of
Service) and potentially to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/20188/ 

 --

[SA20185] Linux Kernel Netfilter Weakness and Two SCTP Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Exposure of sensitive information, DoS
Released:    2006-05-22

Two vulnerabilities and a weakness have been reported in the Linux
Kernel, which can be exploited by malicious, local users to cause a DoS
(Denial of Service) and disclose potentially sensitive information, and
by malicious people to cause a DoS.

Full Advisory:
http://secunia.com/advisories/20185/ 

 --

[SA20163] Debian update for kernel-source-2.4.19

Critical:    Moderately critical
Where:       From remote
Impact:      Exposure of system information, Exposure of sensitive
information, Privilege escalation, DoS, System access
Released:    2006-05-22

Debian has issued an update for kernel-source-2.4.19. This fixes some
vulnerabilities, which can be exploited by malicious, local users to
gain knowledge of sensitive information, cause a DoS (Denial of
Service), gain escalated privileges, and by malicious people to cause a
DoS, and disclose potentially sensitive information.

Full Advisory:
http://secunia.com/advisories/20163/ 

 --

[SA20162] Debian update for kernel-source-2.4.16

Critical:    Moderately critical
Where:       From remote
Impact:      Exposure of system information, Exposure of sensitive
information, Privilege escalation, DoS, System access
Released:    2006-05-22

Debian has issued an update for kernel-source-2.4.16. This fixes some
vulnerabilities, which can be exploited by malicious, local users to
gain knowledge of sensitive information, cause a DoS (Denial of
Service), gain escalated privileges, and by malicious people to cause a
DoS, and disclose potentially sensitive information.

Full Advisory:
http://secunia.com/advisories/20162/ 

 --

[SA20269] Mandriva update for php

Critical:    Less critical
Where:       From remote
Impact:      DoS, System access
Released:    2006-05-25

Mandriva has issued an update for php. This fixes two vulnerabilities,
which potentially can be exploited by malicious people to cause a DoS
(Denial of Service) or compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/20269/ 

 --

[SA20205] Debian update for popfile

Critical:    Less critical
Where:       From remote
Impact:      DoS
Released:    2006-05-22

Debian has issued an update for popfile. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/20205/ 

 --

[SA20197] Debian update for phpbb2

Critical:    Less critical
Where:       From remote
Impact:      System access
Released:    2006-05-23

Debian has issued an update for phpbb2. This fixes a vulnerability,
which can be exploited by malicious users to compromise a vulnerable
system.

Full Advisory:
http://secunia.com/advisories/20197/ 

 --

[SA20168] Solaris in.ftpd Directory Access Restriction Bypass
Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Security Bypass
Released:    2006-05-19

Sun Microsystems has acknowledged a vulnerability in Solaris, which can
be exploited by malicious users to bypass certain security
restrictions.

Full Advisory:
http://secunia.com/advisories/20168/ 

 --

[SA20267] Apple Xcode WebObjects Plugin Access Control Vulnerability

Critical:    Less critical
Where:       From local network
Impact:      Security Bypass
Released:    2006-05-25

A vulnerability has been reported in Apple Xcode, which can be
exploited by malicious people to bypass certain security restrictions.

Full Advisory:
http://secunia.com/advisories/20267/ 

 --

[SA20265] Mandriva update for hostapd

Critical:    Less critical
Where:       From local network
Impact:      DoS
Released:    2006-05-25

Mandriva has issued an update for hostapd. This fixes a vulnerability,
which potentially can be exploited by malicious people to cause a DoS
(Denial of Service).

Full Advisory:
http://secunia.com/advisories/20265/ 

 --

[SA20253] Debian update for mysql

Critical:    Less critical
Where:       From local network
Impact:      Security Bypass, Exposure of sensitive information, System
access
Released:    2006-05-23

Debian has issued an update for mysql. This fixes some vulnerabilities,
which can be exploited by malicious users to bypass certain security
restrictions, disclose potentially sensitive information, and
compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/20253/ 

 --

[SA20241] Debian update for mysql-dfsg

Critical:    Less critical
Where:       From local network
Impact:      Security Bypass, Exposure of sensitive information, System
access
Released:    2006-05-23

Debian has issued an update for mysql-dfsg. This fixes some
vulnerabilities, which can be exploited by malicious users to bypass
certain security restrictions, disclose potentially sensitive
information, and compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/20241/ 

 --

[SA20225] Linux Kernel SNMP NAT Helper Denial of Service

Critical:    Less critical
Where:       From local network
Impact:      DoS
Released:    2006-05-23

A vulnerability has been reported in the Linux Kernel, which can be
exploited by malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/20225/ 

 --

[SA20223] Trustix update for mysql

Critical:    Less critical
Where:       From local network
Impact:      Exposure of sensitive information, System access
Released:    2006-05-22

Trustix has issued an update for mysql. This fixes some
vulnerabilities, which can be exploited by malicious users to disclose
potentially sensitive information and compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/20223/ 

 --

[SA20221] Debian update for quagga

Critical:    Less critical
Where:       From local network
Impact:      Security Bypass, Exposure of system information, DoS
Released:    2006-05-22

Debian has issued an update for quagga. This fixes two security issues
and a vulnerability, which can be exploited by malicious, local users
to cause a DoS (Denial of Service), and by malicious people to bypass
certain security restrictions and to disclose system information.

Full Advisory:
http://secunia.com/advisories/20221/ 

 --

[SA20195] Debian update for hostapd

Critical:    Less critical
Where:       From local network
Impact:      DoS
Released:    2006-05-22

Debian has issued an update for hostapd. This fixes a vulnerability,
which potentially can be exploited by malicious people to cause a DoS
(Denial of Service).

Full Advisory:
http://secunia.com/advisories/20195/ 

 --

[SA20182] Mandriva update for kernel

Critical:    Less critical
Where:       From local network
Impact:      DoS
Released:    2006-05-25

Mandriva has issued an update for kernel. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/20182/ 

 --

[SA20230] HP-UX Software Distributor Privilege Escalation
Vulnerability

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2006-05-24

A vulnerability has been reported in HP-UX, which can be exploited by
malicious, local users to gain escalated privileges.

Full Advisory:
http://secunia.com/advisories/20230/ 

 --

[SA20224] XScreenSaver Insecure Temporary File Creation Vulnerability

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2006-05-24

A vulnerability has been reported in XScreenSaver, which can be
exploited by malicious, local users to perform certain actions with
escalated privileges.

Full Advisory:
http://secunia.com/advisories/20224/ 

 --

[SA20206] Debian update for kernel-patch-vserver

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2006-05-22

Debian has issued an update for kernel-patch-vserver. This fixes a
security issue, which can be exploited by malicious, local users to
perform certain actions with escalated privileges.

Full Advisory:
http://secunia.com/advisories/20206/ 

 --

[SA20180] SAP sapdba Command Insecure Environment Variable Handling

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2006-05-19

Leandro Meiners has reported a vulnerability in SAP, which can be
exploited by malicious, local users to gain escalated privileges.

Full Advisory:
http://secunia.com/advisories/20180/ 

 --

[SA20166] Debian update for fbi

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2006-05-22

Debian has issued an update for fbi. This fixes a vulnerability, which
can be exploited by malicious, local users to perform certain actions
on a vulnerable system with escalated privileges.

Full Advisory:
http://secunia.com/advisories/20166/ 

 --

[SA20227] HP-UX Kernel Denial of Service Vulnerability

Critical:    Not critical
Where:       Local system
Impact:      DoS
Released:    2006-05-23

A vulnerability has been reported in HP-UX, which can be exploited by
malicious, local users to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/20227/ 


Other:--

[SA20183] Sitecom WL-153 UPnP Shell Command Injection Vulnerability

Critical:    Moderately critical
Where:       From local network
Impact:      DoS, System access
Released:    2006-05-22

Armijn Hemel has reported a vulnerability in Sitecom WL-153, which can
be exploited by malicious people to cause a DoS (Denial of Service) and
potentially compromise a vulnerable device.

Full Advisory:
http://secunia.com/advisories/20183/ 

 --

[SA20169] Edimax BR-6104K UPnP Shell Command Injection Vulnerability

Critical:    Moderately critical
Where:       From local network
Impact:      DoS, System access
Released:    2006-05-22

Armijn Hemel has reported a vulnerability in Edimax BR-6104K, which can
be exploited by malicious people to cause a DoS (Denial of Service) and
potentially compromise a vulnerable device.

Full Advisory:
http://secunia.com/advisories/20169/ 

 --

[SA20184] ZyXEL P-335WT UPnP Port Mapping Vulnerability

Critical:    Less critical
Where:       From local network
Impact:      Security Bypass
Released:    2006-05-22

Armijn Hemel has reported a vulnerability in ZyXEL P-335WT, which can
be exploited by malicious people to bypass certain security
restrictions.

Full Advisory:
http://secunia.com/advisories/20184/ 


Cross Platform:--

[SA20264] RWiki Script Insertion and Ruby Code Injection
Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      Cross Site Scripting, System access
Released:    2006-05-24

Two vulnerabilities have been reported in RWiki, which can be exploited
by malicious people to conduct script insertion attacks and potentially
compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/20264/ 

 --

[SA20260] Docebo Multiple File Inclusion Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2006-05-24

Kacper has discovered some vulnerabilities in Docebo, which can be
exploited by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/20260/ 

 --

[SA20258] DSChat Script Insertion and PHP Code Execution
Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      Cross Site Scripting, System access
Released:    2006-05-24

Two vulnerabilities have been discovered in DSChat, which can be
exploited by malicious people to conduct script insertion attacks and
compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/20258/ 

 --

[SA20257] PunkBuster WebTool Buffer Overflow Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2006-05-24

Luigi Auriemma has reported a vulnerability in PunkBuster, which can be
exploited by malicious people to cause a DoS (Denial of Service) and
potentially compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/20257/ 

 --

[SA20245] PHP Easy Galerie "includepath" Parameter File Inclusion
Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2006-05-23

BrEakerS has reported a vulnerability in PHP Easy Galerie, which can be
exploited by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/20245/ 

 --

[SA20242] UBB.threads "thispath" Parameter File Inclusion
Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2006-05-23

V4mu has discovered a vulnerability in UBB.threads, which can be
exploited by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/20242/ 

 --

[SA20236] Russcom.Ping "domain" Shell Command Injection Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2006-05-24

Nomenumbra has discovered a vulnerability in Russcom.Ping, which can be
exploited by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/20236/ 

 --

[SA20219] Nucleus "GLOBALS[DIR_LIBS]" Parameter File Inclusion
Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2006-05-24

rgod has discovered a vulnerability in Nucleus, which can be exploited
by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/20219/ 

 --

[SA20209] phpMyDirectory "ROOT_PATH" File Inclusion Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2006-05-22

OLiBekaS has reported a vulnerability in phpMyDirectory, which can be
exploited by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/20209/ 

 --

[SA20204] artmedic newsletter "log.php" PHP Code Injection
Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2006-05-23

C.Schmitz has discovered a vulnerability in artmedic newsletter, which
can be exploited by malicious people to compromise a vulnerable
system.

Full Advisory:
http://secunia.com/advisories/20204/ 

 --

[SA20198] phpBazar "language_dir" File Inclusion Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2006-05-22

PHP Emperor has discovered a vulnerability in phpBazar, which can be
exploited by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/20198/ 

 --

[SA20278] HyperStop Web Host Directory "uri" SQL Injection
Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2006-05-25

luny has reported a vulnerability in HyperStop Web Host (WebHost)
Directory, which can be exploited by malicious people to conduct SQL
injection attacks.

Full Advisory:
http://secunia.com/advisories/20278/ 

 --

[SA20276] AlstraSoft Web Host Directory "uri" SQL Injection
Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2006-05-25

luny has reported a vulnerability in AlstraSoft Web Host (WebHost)
Directory, which can be exploited by malicious people to conduct SQL
injection attacks.

Full Advisory:
http://secunia.com/advisories/20276/ 

 --

[SA20263] Diesel Joke Site "id" Parameter SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2006-05-25

a_linuxer has reported a vulnerability in Diesel Joke Site, which can
be exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/20263/ 

 --

[SA20262] e107 Unspecified SQL Injection Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Unknown, Manipulation of data
Released:    2006-05-24

Some vulnerabilities have been reported in e107, which can be exploited
by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/20262/ 

 --

[SA20259] Chatty "username" Parameter Script Insertion Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2006-05-24

Nomenumbra has discovered a vulnerability in Chatty, which can be
exploited by malicious people to conduct script insertion attacks.

Full Advisory:
http://secunia.com/advisories/20259/ 

 --

[SA20252] Hiox Guestbook Script Insertion Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2006-05-23

luny has discovered a vulnerability in Hiox Guestbook, which can be
exploited by malicious people to conduct script insertion attacks.

Full Advisory:
http://secunia.com/advisories/20252/ 

 --

[SA20250] NetPanzer "setFrame()" Denial of Service Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2006-05-24

Luigi Auriemma has reported a vulnerability in NetPanzer, which can be
exploited by malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/20250/ 

 --

[SA20248] Destiney Links Script Multiple Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting, Manipulation of data, Exposure of
system information, Exposure of sensitive information
Released:    2006-05-23

Some vulnerabilities have been discovered in Destiney Links Script,
which can be exploited by malicious people to conduct script insertion
attacks, cross-site scripting attacks, and to disclose sensitive
information.

Full Advisory:
http://secunia.com/advisories/20248/ 

 --

[SA20246] ipLogger "User-Agent" HTTP Header Script Insertion
Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2006-05-24

Nomenumbra has discovered a vulnerability in ipLogger, which can be
exploited by malicious people to conduct script insertion attacks.

Full Advisory:
http://secunia.com/advisories/20246/ 

 --

[SA20239] phpwcms Cross-Site Scripting and Local File Inclusion

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting, Exposure of sensitive information,
System access
Released:    2006-05-23

trueend5 has discovered a vulnerability in phpwcms, which potentially
can be exploited by malicious users to compromise a vulnerable system,
and by malicious people to conduct cross-site scripting attacks and
disclose potentially sensitive information.

Full Advisory:
http://secunia.com/advisories/20239/ 

 --

[SA20234] SkyeBox "post.php" Script Insertion Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2006-05-24

Nomenumbra has discovered a vulnerability in SkyeBox, which can be
exploited by malicious people to conduct script insertion attacks.

Full Advisory:
http://secunia.com/advisories/20234/ 

 --

[SA20231] PostgreSQL Encoding-Based SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2006-05-24

Two vulnerabilities have been reported in PostgreSQL, which potentially
can be exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/20231/ 

 --

[SA20229] AlstraSoft E-Friends Script Insertion Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2006-05-24

luny has reported some vulnerabilities in AlstraSoft E-Friends, which
can be exploited by malicious people to conduct script insertion
attacks.

Full Advisory:
http://secunia.com/advisories/20229/ 

 --

[SA20228] AlstraSoft Article Manager Pro SQL Injection and Script
Insertion

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting, Manipulation of data, Exposure of
system information
Released:    2006-05-24

luny has reported some vulnerabilities in AlstraSoft Article Manager
Pro, which can be exploited by malicious people to conduct cross-site
scripting and SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/20228/ 

 --

[SA20220] phpListPro "Language" Local File Inclusion Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Exposure of sensitive information
Released:    2006-05-22

[Oo] has discovered a vulnerability in phpListPro, which can be
exploited by malicious people to disclose sensitive information.

Full Advisory:
http://secunia.com/advisories/20220/ 

 --

[SA20216] Dayfox Blog "slog_users.txt" Exposure of User Credentials

Critical:    Moderately critical
Where:       From remote
Impact:      Exposure of sensitive information
Released:    2006-05-22

omnipresent has discovered a security issue in Dayfox Blog, which can
be exploited by malicious people to disclose sensitive information.

Full Advisory:
http://secunia.com/advisories/20216/ 

 --

[SA20213] Stylish Text Ads Script "id" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2006-05-22

luny has reported a vulnerability in Stylish Text Ads Script, which can
be exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/20213/ 

 --

[SA20211] Coppermine Photo Gallery Multiple File Extensions
Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2006-05-22

A vulnerability has been reported in Coppermine Photo Gallery, which
can be exploited by malicious users to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/20211/ 

 --

[SA20201] DGBook "index.php" Multiple Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting, Manipulation of data
Released:    2006-05-24

Some vulnerabilities have been discovered in DGBook, which can be
exploited by malicious people to conduct script insertion attacks and
SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/20201/ 

 --

[SA20192] Xtreme Topsites Cross-Site Scripting and SQL Injection
Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting, Manipulation of data
Released:    2006-05-22

luny has discovered some vulnerabilities in Xtreme Topsites, which can
be exploited by malicious people to conduct cross-site scripting and
SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/20192/ 

 --

[SA20189] MediaWiki Script Insertion Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2006-05-23

Nick Jenkins has reported some vulnerabilities in MediaWiki, which can
be exploited by malicious people to conduct script insertion attacks.

Full Advisory:
http://secunia.com/advisories/20189/ 

 --

[SA20187] UseBB Cross-Site Scripting and SQL Injection Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting, Manipulation of data
Released:    2006-05-22

Two vulnerabilities have been reported in UseBB, which can be exploited
by malicious people to conduct cross-site scripting and SQL injection
attacks.

Full Advisory:
http://secunia.com/advisories/20187/ 

 --

[SA20181] Horizontal Shooter BOR Mod File Handling Format String
Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2006-05-22

Luigi Auriemma has reported a vulnerability in Horizontal Shooter BOR
(HOR), which potentially can be exploited by malicious people to
compromise a user's system.

Full Advisory:
http://secunia.com/advisories/20181/ 

 --

[SA20177] Cosmoshop SQL Injection and Disclosure of Sensitive
Information

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data, Exposure of sensitive information
Released:    2006-05-19

l0om has reported some vulnerabilities in Cosmoshop, which can be
exploited by malicious users to disclose sensitive information and by
malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/20177/ 

 --

[SA20176] Xoops Local File Inclusion Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Exposure of sensitive information, System access
Released:    2006-05-22

rgod has reported two vulnerabilities in Xoops, which can be exploited
by malicious people to disclose sensitive information and potentially
compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/20176/ 

 --

[SA20174] OpenBOR Engine Mod File Handling Format String Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2006-05-22

Luigi Auriemma has reported a vulnerability in OpenBOR Engine, which
potentially can be exploited by malicious people to compromise a user's
system.

Full Advisory:
http://secunia.com/advisories/20174/ 

 --

[SA20173] Beats of Rage (BOR) Engine Format String Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2006-05-22

Luigi Auriemma has reported a vulnerability in Beats of Rage (BOR)
Engine, which potentially can be exploited by malicious people to
compromise a user's system.

Full Advisory:
http://secunia.com/advisories/20173/ 

 --

[SA20167] 4R Linklist "cat" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2006-05-23

Snake_23 has reported a vulnerability in 4R Linklist, which can be
exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/20167/ 

 --

[SA20196] HP OpenView Storage Data Protector Arbitrary Command
Execution

Critical:    Moderately critical
Where:       From local network
Impact:      System access
Released:    2006-05-24

A vulnerability has been reported in HP OpenView Storage Data
Protector, which can be exploited by malicious people to compromise a
vulnerable system.

Full Advisory:
http://secunia.com/advisories/20196/ 

 --

[SA20193] HP OpenView Network Node Manager Arbitrary Command Execution

Critical:    Moderately critical
Where:       From local network
Impact:      System access
Released:    2006-05-24

A vulnerability has been reported in HP OpenView Network Node Manager
(OV NNM), which can be exploited by malicious people to compromise a
vulnerable system.

Full Advisory:
http://secunia.com/advisories/20193/ 

 --

[SA20251] Alkacon OpenCms "query" Cross-Site Scripting Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2006-05-23

Jaime Blasco has reported a vulnerability in Alkacon OpenCms, which can
be exploited by malicious people to conduct cross-site scripting
attacks.

Full Advisory:
http://secunia.com/advisories/20251/ 

 --

[SA20249] Destiney Rated Images Script Multiple Script Insertion
Vulnerabilities

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2006-05-23

luny has discovered some vulnerabilities in Destiney Rated Images
Script, which can be exploited by malicious users to conduct script
insertion attacks.

Full Advisory:
http://secunia.com/advisories/20249/ 

 --

[SA20212] JemScripts DownloadControl "dcid" Cross-Site Scripting
Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2006-05-23

A vulnerability has been reported in JemScripts DownloadControl, which
can be exploited by malicious people to conduct cross-site scripting
attacks.

Full Advisory:
http://secunia.com/advisories/20212/ 

 --

[SA20266] SiteScape Forum Information Disclosure Weaknesses

Critical:    Not critical
Where:       From remote
Impact:      Exposure of system information
Released:    2006-05-25

Two weaknesses have been reported in SiteScape Forum, which can be
exploited by malicious people to disclose certain system information.

Full Advisory:
http://secunia.com/advisories/20266/ 

 --

[SA20256] Mozilla Suite Exception Handling Full Path Disclosure
Weakness

Critical:    Not critical
Where:       From remote
Impact:      Exposure of system information
Released:    2006-05-23

A weakness has been discovered in Mozilla Suite, which can be exploited
by malicious people to disclose system information.

Full Advisory:
http://secunia.com/advisories/20256/ 

 --

[SA20255] Netscape Exception Handling Full Path Disclosure Weakness

Critical:    Not critical
Where:       From remote
Impact:      Exposure of system information
Released:    2006-05-23

A weakness has been discovered in Netscape, which can be exploited by
malicious people to disclose system information.

Full Advisory:
http://secunia.com/advisories/20255/ 

 --

[SA20244] Firefox Exception Handling Full Path Disclosure Weakness

Critical:    Not critical
Where:       From remote
Impact:      Exposure of system information
Released:    2006-05-23

A weakness has been discovered in Firefox, which can be exploited by
malicious people to disclose system information.

Full Advisory:
http://secunia.com/advisories/20244/ 



=======================================================================
Secunia recommends that you verify all advisories you receive,
by clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only use
those supplied by the vendor.

Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/ 

Subscribe:
http://secunia.com/secunia_weekly_summary/ 

Contact details:
Web	: http://secunia.com/ 
E-mail	: support@secunia.com 
Tel	: +45 70 20 51 44
Fax	: +45 70 20 51 45



_________________________________
Attend the Black Hat Briefings and
Training, Las Vegas July 29 - August 3
2,500+ international security experts from 40 nations,
10 tracks, no vendor pitches.
www.blackhat.com 

Site design & layout copyright © 1986-2014 CodeGods