AOH :: ISN-2723.HTM

Secunia Weekly Summary - Issue: 2006-28




Secunia Weekly Summary - Issue: 2006-28
Secunia Weekly Summary - Issue: 2006-28



=======================================================================
                  The Secunia Weekly Advisory Summary                  
                        2006-07-07 - 2006-07-14                        

                       This week: 68 advisories                        

=======================================================================Table of Contents:

1.....................................................Word From Secunia
2....................................................This Week In Brief
3...............................This Weeks Top Ten Most Read Advisories
4.......................................Vulnerabilities Summary Listing
5.......................................Vulnerabilities Content Listing

=======================================================================1) Word From Secunia:

The Secunia staff is spending hours every day to assure you the best
and most reliable source for vulnerability information. Every single 
vulnerability report is being validated and verified before a Secunia
advisory is written.

Secunia validates and verifies vulnerability reports in many different
ways e.g. by downloading the software and performing comprehensive
tests, by reviewing source code, or by validating the credibility of
the source from which the vulnerability report was issued.

As a result, Secunia's database is the most correct and complete source
for recent vulnerability information available on the Internet.

Secunia Online Vulnerability Database:
http://secunia.com/ 

=======================================================================2) This Week in Brief:

Microsoft has released their monthly security bulletins for July, which
fixes several vulnerabilities.

Additional details can be found in the referenced Secunia advisories
listed below.

All users of Microsoft products are advised to visit Windows Update and
apply available patches.

References:
http://secunia.com/SA21013 
http://secunia.com/SA21012 
http://secunia.com/SA21010 
http://secunia.com/SA21007 
http://secunia.com/SA21006 
http://secunia.com/SA20999 
http://secunia.com/SA20686 

 --

Haifei Li has reported a vulnerability in Flash Player, which
potentially can be exploited by malicious people to compromise a user's
system.

The vendor has released an updated version. Please see referenced
Secunia advisory for details.

Reference:
http://secunia.com/SA20971 

 --

VIRUS ALERTS:

During the past week Secunia collected 156 virus descriptions from the
Antivirus vendors. However, none were deemed MEDIUM risk or higher
according to the Secunia assessment scale.

=======================================================================3) This Weeks Top Ten Most Read Advisories:

1.  [SA20971] Flash Player Unspecified Vulnerability
2.  [SA20268] Microsoft Excel Style Buffer Overflow Vulnerability
3.  [SA20953] Linux Kernel "prctl" Privilege Escalation Vulnerability
4.  [SA20153] Microsoft Word Malformed Object Pointer Vulnerability
5.  [SA20686] Microsoft Excel Multiple Code Execution Vulnerabilities
6.  [SA20906] Internet Explorer HTML Help ActiveX Control Memory
              Corruption
7.  [SA20748] Microsoft Windows Hyperlink Object Library Buffer
              Overflow
8.  [SA21010] Windows DHCP Client Service Buffer Overflow Vulnerability
9.  [SA20956] WebEx Downloader Plug-in Multiple Vulnerabilities
10. [SA21014] Adobe Acrobat Buffer Overflow Vulnerability

=======================================================================4) Vulnerabilities Summary Listing

Windows:
[SA21013] Microsoft Office Image Filters Buffer Overflow
Vulnerabilities
[SA20971] Flash Player Unspecified Vulnerability
[SA20969] eBay Enhanced Picture Services ActiveX Control Buffer
Overflow
[SA21006] Microsoft Internet Information Services ASP Code Buffer
Overflow
[SA20999] Microsoft ASP.NET URL Validation Security Bypass
[SA20998] MIMEsweeper for Web Cross-Site Scripting and Denial of
Service
[SA21010] Windows DHCP Client Service Buffer Overflow Vulnerability
[SA21007] Microsoft Windows Server Service Two Vulnerabilities

UNIX/Linux:
[SA21036] Mandriva update for xine-lib
[SA21033] UnixWare update for mozilla
[SA21030] Cisco Unified CallManager Multiple Vulnerabilities
[SA21023] Ubuntu update for libmms/xine-lib
[SA21039] Red Hat update for mutt
[SA21031] Red Hat update for php
[SA21027] Ubuntu update for libtunepimp
[SA21025] Ubuntu update for zope
[SA21005] Gentoo update for shoutcast-server-bin
[SA21002] Gentoo update for tiff
[SA21001] Gentoo update for postgresql
[SA21000] Gentoo update for freetype
[SA20995] Ubuntu update for openoffice.org
[SA20986] rPath update for kernel
[SA20979] Ubuntu update for gimp
[SA20975] Mandriva update for OpenOffice.org
[SA20968] Debian update for gnupg
[SA20991] Ubuntu update for kernel
[SA21019] rPath update for samba
[SA21018] Ubuntu update for samba
[SA20983] Mandriva update for samba
[SA20980] Samba Multiple Share Connection Requests Denial of Service
[SA21032] Red Hat update for vixie-cron
[SA21022] Ubuntu Installer Empty Root Password Security Issue
[SA21016] Adobe Acrobat / Adobe Reader Insecure Default Permissions
[SA20996] Debian update for ppp
[SA20987] Mandriva update for ppp

Other:
[SA21029] Cisco IPS Packet Handling Denial of Service Vulnerability
[SA21003] Juniper Networks JUNOS IPv6 Packet Handling Denial of
Service
[SA20990] Juniper Networks DX System Log Script Insertion
[SA21028] Cisco Router Web Setup Insecure Default Cisco IOS
Configuration
[SA20994] FlexWATCH Network Camera FW-3400 Two Vulnerabilities
[SA20982] BT Voyager 2091 Wireless Exposure of Configuration
Information
[SA20984] Network Appliance Data ONTAP Security Bypass Vulnerability

Cross Platform:
[SA21015] Mambo PccookBook Component File Inclusion Vulnerability
[SA21012] Microsoft Office String and Property Parsing Vulnerabilities
[SA20992] TWiki Multiple File Extensions File Upload Vulnerability
[SA20981] Mambo SimpleBoard Component "sbp" File Inclusion
Vulnerability
[SA20973] Kaillera Server Messages Buffer Overflow Vulnerability
[SA21026] libtunepimp Release Date Lookup Buffer Overflow
[SA21024] Fantastic Guestbook guestbook.php Script Insertion
[SA21021] Drupal webform Module Script Insertion Vulnerabilities
[SA21020] FatWire Content Server Administration Access Vulnerability
[SA21017] Graffiti Forums topics.php SQL Injection Vulnerability
[SA21014] Adobe Acrobat Buffer Overflow Vulnerability
[SA20997] sipXtapi "CSeq" Field Buffer Overflow Vulnerability
[SA20988] Zope reStructuredText "raw" Directive Information Disclosure
[SA20985] AjaxPortal SQL Injection Vulnerabilities
[SA20978] Papoo Cross-Site Scripting and SQL Injection
[SA20977] Sport Slo Advanced Guestbook Script Insertion
Vulnerabilities
[SA20976] Gimp XCF Parsing Buffer Overflow Vulnerability
[SA20974] Sparklet "WriteText()" Format String Vulnerability
[SA20972] AdPlug Multiple Buffer Overflow Vulnerabilities
[SA21034] Lazarus Guestbook "show" and "img" Cross-Site Scripting
[SA21011] ServerView Cross-Site Scripting and Directory Traversal
[SA21009] Ruby Safe Level Security Bypass Vulnerabilities
[SA21008] ATutor Multiple Cross-Site Scripting Vulnerabilities
[SA20993] HiveMail Cross-Site Scripting and SQL Injection
Vulnerabilities
[SA20989] PHP-Blogger Script Insertion Vulnerabilities
[SA20970] Mico "set_answer_invoke()" Denial of Service Vulnerability

=======================================================================5) Vulnerabilities Content Listing

Windows:--

[SA21013] Microsoft Office Image Filters Buffer Overflow
Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2006-07-11

Two vulnerabilities have been reported in Microsoft Office, which can
be exploited by malicious people to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/21013/ 

 --

[SA20971] Flash Player Unspecified Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2006-07-10

Haifei Li has reported a vulnerability in Flash Player, which
potentially can be exploited by malicious people to compromise a user's
system.

Full Advisory:
http://secunia.com/advisories/20971/ 

 --

[SA20969] eBay Enhanced Picture Services ActiveX Control Buffer
Overflow

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2006-07-10

Will Dormann has reported a vulnerability in eBay Enhanced Picture
Services ActiveX Control, which can be exploited by malicious people to
compromise a user's system.

Full Advisory:
http://secunia.com/advisories/20969/ 

 --

[SA21006] Microsoft Internet Information Services ASP Code Buffer
Overflow

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2006-07-11

A vulnerability has been reported in Microsoft Internet Information
Services, which can be exploited by malicious users to compromise a
vulnerable system.

Full Advisory:
http://secunia.com/advisories/21006/ 

 --

[SA20999] Microsoft ASP.NET URL Validation Security Bypass

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass
Released:    2006-07-11

A vulnerability has been reported in .NET Framework, which can be
exploited by malicious people to bypass certain security restrictions.

Full Advisory:
http://secunia.com/advisories/20999/ 

 --

[SA20998] MIMEsweeper for Web Cross-Site Scripting and Denial of
Service

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting, DoS
Released:    2006-07-10

Two vulnerabilities have been reported in MIMEsweeper for Web, which
can be exploited by malicious people to cause a DoS (Denial of Service)
and conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/20998/ 

 --

[SA21010] Windows DHCP Client Service Buffer Overflow Vulnerability

Critical:    Moderately critical
Where:       From local network
Impact:      System access
Released:    2006-07-11

Cybsec Security Systems has reported a vulnerability in Microsoft
Windows, which can be exploited by malicious people to compromise a
user's system.

Full Advisory:
http://secunia.com/advisories/21010/ 

 --

[SA21007] Microsoft Windows Server Service Two Vulnerabilities

Critical:    Moderately critical
Where:       From local network
Impact:      Exposure of system information, System access
Released:    2006-07-11

Two vulnerabilities have been reported in Microsoft Windows, which can
be exploited by malicious people to expose sensitive information and
compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/21007/ 


UNIX/Linux:--

[SA21036] Mandriva update for xine-lib

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2006-07-13

Mandriva has issued an update for xine-lib. This fixes some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service) and potentially compromise a user's system.

Full Advisory:
http://secunia.com/advisories/21036/ 

 --

[SA21033] UnixWare update for mozilla

Critical:    Highly critical
Where:       From remote
Impact:      Security Bypass, Cross Site Scripting, Spoofing, Exposure
of sensitive information, DoS, System access
Released:    2006-07-13

SCO has issued an update for mozilla. This fixes some vulnerabilities,
which can be exploited by malicious people to cause a DoS (Denial of
Service), conduct cross-site scripting and phishing attacks, bypass
certain security restrictions, disclose sensitive information, and
potentially compromise a user's system.

Full Advisory:
http://secunia.com/advisories/21033/ 

 --

[SA21030] Cisco Unified CallManager Multiple Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      Privilege escalation, DoS, System access
Released:    2006-07-13

Some vulnerabilities have been reported in Cisco Unified CallManager,
which can be exploited by malicious, local users to gain escalated
privileges or by malicious people to cause a DoS (Denial of Service) or
compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/21030/ 

 --

[SA21023] Ubuntu update for libmms/xine-lib

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2006-07-13

Ubuntu has issued an update for libmms and xine-lib. This fixes some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service) and potentially compromise a user's system.

Full Advisory:
http://secunia.com/advisories/21023/ 

 --

[SA21039] Red Hat update for mutt

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2006-07-13

Red Hat has issued an update for mutt. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service) and potentially compromise a user's system.

Full Advisory:
http://secunia.com/advisories/21039/ 

 --

[SA21031] Red Hat update for php

Critical:    Moderately critical
Where:       From remote
Impact:      Unknown, Security Bypass, System access
Released:    2006-07-13

Red Hat has issued an update for php. This fixes some vulnerabilities,
which can be exploited by malicious, local users to bypass certain
security restrictions and by malicious people to compromise a
vulnerable system.

Full Advisory:
http://secunia.com/advisories/21031/ 

 --

[SA21027] Ubuntu update for libtunepimp

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2006-07-13

Ubuntu has issued an update for libtunepimp. This fixes a
vulnerability, which potentially can be exploited by malicious people
to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/21027/ 

 --

[SA21025] Ubuntu update for zope

Critical:    Moderately critical
Where:       From remote
Impact:      Exposure of sensitive information
Released:    2006-07-13

Ubuntu has issued an update for zope. This fixes a vulnerability, which
can be exploited by malicious people to disclose potentially sensitive
information.

Full Advisory:
http://secunia.com/advisories/21025/ 

 --

[SA21005] Gentoo update for shoutcast-server-bin

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting, Exposure of sensitive information
Released:    2006-07-10

Gentoo has issued an update for shoutcast-server-bin. This fixes some
vulnerabilities, which can be exploited by malicious users to conduct
script insertion attacks or to gain knowledge of sensitive
information.

Full Advisory:
http://secunia.com/advisories/21005/ 

 --

[SA21002] Gentoo update for tiff

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2006-07-10

Gentoo has issued an update for tiff. This fixes some vulnerabilities,
which can be exploited by malicious people to cause a DoS (Denial of
Service) and potentially compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/21002/ 

 --

[SA21001] Gentoo update for postgresql

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2006-07-10

Gentoo has issued an update for postgresql. This fixes some
vulnerabilities, which potentially can be exploited by malicious people
to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/21001/ 

 --

[SA21000] Gentoo update for freetype

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2006-07-10

Gentoo has issued an update for freetype. This fixes some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service) and potentially compromise applications using
the library.

Full Advisory:
http://secunia.com/advisories/21000/ 

 --

[SA20995] Ubuntu update for openoffice.org

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2006-07-12

Ubuntu has issued an update for openoffice.org. This fixes some
vulnerabilities, which can be exploited by malicious people to
compromise a user's system.

Full Advisory:
http://secunia.com/advisories/20995/ 

 --

[SA20986] rPath update for kernel

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass, Privilege escalation, DoS, System access
Released:    2006-07-10

rPath has issued an update for the kernel. This fixes some
vulnerabilities, which can be exploited by malicious, local users to
bypass certain security restrictions or potentially gain escalated
privileges, or by malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/20986/ 

 --

[SA20979] Ubuntu update for gimp

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2006-07-10

Ubuntu has issued an update for gimp. This fixes a vulnerability, which
can be exploited by malicious people to cause a DoS (Denial of Service)
and potentially compromise a user's system.

Full Advisory:
http://secunia.com/advisories/20979/ 

 --

[SA20975] Mandriva update for OpenOffice.org

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2006-07-10

Mandriva has issued an update for OpenOffice.org. This fixes some
vulnerabilities, which can be exploited by malicious people to
compromise a user's system.

Full Advisory:
http://secunia.com/advisories/20975/ 

 --

[SA20968] Debian update for gnupg

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2006-07-10

Debian has issued an update for gnupg. This fixes a vulnerability,
which potentially can be exploited by malicious people to cause a DoS
(Denial of Service).

Full Advisory:
http://secunia.com/advisories/20968/ 

 --

[SA20991] Ubuntu update for kernel

Critical:    Moderately critical
Where:       Local system
Impact:      Exposure of sensitive information, Privilege escalation,
DoS
Released:    2006-07-11

Ubuntu has issued an update for the kernel. This fixes some
vulnerabilities, which can be exploited by malicious, local users to
cause a DoS (Denial of Service),  disclose potentially sensitive
information, bypass certain security restrictions, or potentially gain
escalated privileges.

Full Advisory:
http://secunia.com/advisories/20991/ 

 --

[SA21019] rPath update for samba

Critical:    Less critical
Where:       From local network
Impact:      DoS
Released:    2006-07-12

rPath has issued an update for samba. This fixes a vulnerability, which
can be exploited by malicious users to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/21019/ 

 --

[SA21018] Ubuntu update for samba

Critical:    Less critical
Where:       From local network
Impact:      DoS
Released:    2006-07-13

Ubuntu has issued an update for samba. This fixes a vulnerability,
which can be exploited by malicious users to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/21018/ 

 --

[SA20983] Mandriva update for samba

Critical:    Less critical
Where:       From local network
Impact:      DoS
Released:    2006-07-11

Mandriva has issued an update for samba. This fixes a vulnerability,
which can be exploited by malicious users to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/20983/ 

 --

[SA20980] Samba Multiple Share Connection Requests Denial of Service

Critical:    Less critical
Where:       From local network
Impact:      DoS
Released:    2006-07-11

A vulnerability has been reported in Samba, which can be exploited by
malicious users to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/20980/ 

 --

[SA21032] Red Hat update for vixie-cron

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2006-07-13

Red Hat has issued an update for vixie-cron. This fixes a security
issue, which potentially can be exploited by malicious, local users to
perform certain actions with escalated privileges.

Full Advisory:
http://secunia.com/advisories/21032/ 

 --

[SA21022] Ubuntu Installer Empty Root Password Security Issue

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2006-07-13

A security issue has been reported in Ubuntu, which potentially can be
exploited by malicious, local users to gain escalated privileges.

Full Advisory:
http://secunia.com/advisories/21022/ 

 --

[SA21016] Adobe Acrobat / Adobe Reader Insecure Default Permissions

Critical:    Less critical
Where:       Local system
Impact:      Security Bypass, Manipulation of data, Privilege
escalation
Released:    2006-07-12

A vulnerability has been reported in Adobe Acrobat and Adobe Reader,
which can be exploited by malicious, local users to bypass certain
security restrictions or gain escalated privileges.

Full Advisory:
http://secunia.com/advisories/21016/ 

 --

[SA20996] Debian update for ppp

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2006-07-10

Debian has issued an update for ppp. This fixes a vulnerability, which
potentially can be exploited by malicious, local users to perform
certain actions with escalated privileges.

Full Advisory:
http://secunia.com/advisories/20996/ 

 --

[SA20987] Mandriva update for ppp

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2006-07-11

Mandriva has issued an update for ppp. This fixes a vulnerability,
which potentially can be exploited by malicious, local users to perform
certain actions with escalated privileges.

Full Advisory:
http://secunia.com/advisories/20987/ 


Other:--

[SA21029] Cisco IPS Packet Handling Denial of Service Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2006-07-13

A vulnerability has been reported in Cisco Intrusion Prevention System
(IPS), which can be exploited by malicious people to cause a DoS
(Denial of Service).

Full Advisory:
http://secunia.com/advisories/21029/ 

 --

[SA21003] Juniper Networks JUNOS IPv6 Packet Handling Denial of
Service

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2006-07-11

A vulnerability has been reported in the M-series, T-series, and
J-Series routers, which can be exploited by malicious people to cause a
DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/21003/ 

 --

[SA20990] Juniper Networks DX System Log Script Insertion

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2006-07-11

Darren Bounds has reported a vulnerability for Juniper DX, which can be
exploited by malicious people to conduct script insertion attacks.

Full Advisory:
http://secunia.com/advisories/20990/ 

 --

[SA21028] Cisco Router Web Setup Insecure Default Cisco IOS
Configuration

Critical:    Moderately critical
Where:       From local network
Impact:      System access
Released:    2006-07-13

A security issue has been reported in Cisco Router Web Setup, which
potentially can be exploited by malicious people to compromise a
vulnerable system.

Full Advisory:
http://secunia.com/advisories/21028/ 

 --

[SA20994] FlexWATCH Network Camera FW-3400 Two Vulnerabilities

Critical:    Less critical
Where:       From remote
Impact:      Security Bypass, Cross Site Scripting
Released:    2006-07-11

Jaime Blasco has reported two vulnerabilities in FlexWATCH Network
Camera FW-3400, which can be exploited by malicious people to conduct
cross-site scripting attacks and bypass certain security restrictions.

Full Advisory:
http://secunia.com/advisories/20994/ 

 --

[SA20982] BT Voyager 2091 Wireless Exposure of Configuration
Information

Critical:    Less critical
Where:       From local network
Impact:      Exposure of system information, Exposure of sensitive
information
Released:    2006-07-10

pagvac has reported two security issues in BT Voyager 2091 Wireless,
which can be exploited by malicious people to disclose potentially
sensitive information.

Full Advisory:
http://secunia.com/advisories/20982/ 

 --

[SA20984] Network Appliance Data ONTAP Security Bypass Vulnerability

Critical:    Less critical
Where:       Local system
Impact:      Security Bypass
Released:    2006-07-11

A vulnerability has been reported in Network Appliance Data ONTAP,
which can be exploited by malicious, local users to bypass certain
security restrictions.

Full Advisory:
http://secunia.com/advisories/20984/ 


Cross Platform:--

[SA21015] Mambo PccookBook Component File Inclusion Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2006-07-11

Ahmad Maulana has discovered a vulnerability in the PccookBook
component for Mambo, which can be exploited by malicious people to
compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/21015/ 

 --

[SA21012] Microsoft Office String and Property Parsing Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2006-07-11

Some vulnerabilities have been reported in Microsoft Office, which can
be exploited by malicious people to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/21012/ 

 --

[SA20992] TWiki Multiple File Extensions File Upload Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2006-07-10

A vulnerability has been reported in TWiki, which potentially can be
exploited by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/20992/ 

 --

[SA20981] Mambo SimpleBoard Component "sbp" File Inclusion
Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2006-07-10

h4ntu has discovered a vulnerability in the SimpleBoard component for
Mambo, which can be exploited by malicious people to compromise a
vulnerable system.

Full Advisory:
http://secunia.com/advisories/20981/ 

 --

[SA20973] Kaillera Server Messages Buffer Overflow Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2006-07-07

Luigi Auriemma has reported a vulnerability in Kaillera, which can be
exploited by malicious people to cause a DoS (Denial of Service) or
potentially compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/20973/ 

 --

[SA21026] libtunepimp Release Date Lookup Buffer Overflow

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2006-07-13

Kevin Kofler has reported a vulnerability in libtunepimp, which
potentially can be exploited by malicious people to compromise a user's
system.

Full Advisory:
http://secunia.com/advisories/21026/ 

 --

[SA21024] Fantastic Guestbook guestbook.php Script Insertion

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2006-07-12

omnipresent has discovered a vulnerability in Fantastic Guestbook,
which can be exploited by malicious people to conduct script insertion
attacks.

Full Advisory:
http://secunia.com/advisories/21024/ 

 --

[SA21021] Drupal webform Module Script Insertion Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2006-07-12

Some vulnerabilities have been reported in the webform module for
Drupal, which can be exploited by malicious people to conduct script
insertion attacks.

Full Advisory:
http://secunia.com/advisories/21021/ 

 --

[SA21020] FatWire Content Server Administration Access Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass
Released:    2006-07-12

Alberto Moro has reported a vulnerability in FatWire Content Server,
which can be exploited by malicious people to bypass certain security
restrictions.

Full Advisory:
http://secunia.com/advisories/21020/ 

 --

[SA21017] Graffiti Forums topics.php SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2006-07-11

Paisterist has discovered a vulnerability in Graffiti Forums, which can
be exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/21017/ 

 --

[SA21014] Adobe Acrobat Buffer Overflow Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2006-07-12

A vulnerability has been reported in Adobe Acrobat, which can be
exploited by malicious people to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/21014/ 

 --

[SA20997] sipXtapi "CSeq" Field Buffer Overflow Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2006-07-10

Michael Thumann has reported a vulnerability in sipXtapi, which
potentially can be exploited by malicious people to compromise a user's
system.

Full Advisory:
http://secunia.com/advisories/20997/ 

 --

[SA20988] Zope reStructuredText "raw" Directive Information Disclosure

Critical:    Moderately critical
Where:       From remote
Impact:      Exposure of sensitive information
Released:    2006-07-10

A vulnerability has been reported in Zope, which can be exploited by
malicious people to disclose potentially sensitive information.

Full Advisory:
http://secunia.com/advisories/20988/ 

 --

[SA20985] AjaxPortal SQL Injection Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass, Manipulation of data
Released:    2006-07-10

Two vulnerabilities have been discovered in AjaxPortal, which can be
exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/20985/ 

 --

[SA20978] Papoo Cross-Site Scripting and SQL Injection

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting, Manipulation of data
Released:    2006-07-10

rgod has discovered some vulnerabilities in Papoo, which can be
exploited by malicious people to conduct cross-site scripting attacks
and SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/20978/ 

 --

[SA20977] Sport Slo Advanced Guestbook Script Insertion
Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2006-07-10

luny has discovered some vulnerabilities in Sport Slo Advanced
Guestbook, which can be exploited by malicious people to conduct script
insertion attacks.

Full Advisory:
http://secunia.com/advisories/20977/ 

 --

[SA20976] Gimp XCF Parsing Buffer Overflow Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2006-07-07

Henning Makholm has reported a vulnerability in Gimp, which can be
exploited by malicious people to cause a DoS (Denial of Service) and
potentially compromise a user's system.

Full Advisory:
http://secunia.com/advisories/20976/ 

 --

[SA20974] Sparklet "WriteText()" Format String Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2006-07-07

Luigi Auriemma has reported a vulnerability in Sparklet, which
potentially can be exploited by malicious people to compromise a user's
system.

Full Advisory:
http://secunia.com/advisories/20974/ 

 --

[SA20972] AdPlug Multiple Buffer Overflow Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2006-07-07

Luigi Auriemma has reported some vulnerabilities in AdPlug, which can
be exploited by malicious people to cause a DoS (Denial of Service) and
potentially compromise applications using the library.

Full Advisory:
http://secunia.com/advisories/20972/ 

 --

[SA21034] Lazarus Guestbook "show" and "img" Cross-Site Scripting

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2006-07-13

simo64 has discovered two vulnerabilities in Lazarus Guestbook, which
can be exploited by malicious people to conduct cross-site scripting
attacks.

Full Advisory:
http://secunia.com/advisories/21034/ 

 --

[SA21011] ServerView Cross-Site Scripting and Directory Traversal

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting, Exposure of sensitive information
Released:    2006-07-12

Some vulnerabilities have been reported in ServerView, which can be
exploited by malicious users to disclose certain sensitive information
and by malicious people to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/21011/ 

 --

[SA21009] Ruby Safe Level Security Bypass Vulnerabilities

Critical:    Less critical
Where:       From remote
Impact:      Security Bypass
Released:    2006-07-12

Two vulnerabilities have been reported in Ruby, which can be exploited
by malicious people to bypass certain security restrictions.

Full Advisory:
http://secunia.com/advisories/21009/ 

 --

[SA21008] ATutor Multiple Cross-Site Scripting Vulnerabilities

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2006-07-10

Ellipsis Security has discovered some vulnerabilities in ATutor, which
can be exploited by malicious people to conduct cross-site scripting
attacks.

Full Advisory:
http://secunia.com/advisories/21008/ 

 --

[SA20993] HiveMail Cross-Site Scripting and SQL Injection
Vulnerabilities

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting, Manipulation of data
Released:    2006-07-12

r0t has reported some vulnerabilities in HiveMail, which can be
exploited by malicious users to conduct SQL injection attacks and by
malicious people to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/20993/ 

 --

[SA20989] PHP-Blogger Script Insertion Vulnerabilities

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2006-07-10

Pavithra Hanchagaiah has discovered some vulnerabilities in
PHP-Blogger, which can be exploited by malicious users to conduct
script insertion attacks.

Full Advisory:
http://secunia.com/advisories/20989/ 

 --

[SA20970] Mico "set_answer_invoke()" Denial of Service Vulnerability

Critical:    Less critical
Where:       From local network
Impact:      DoS
Released:    2006-07-07

tuergeist has discovered a vulnerability in Mico, which can be
exploited by malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/20970/ 



=======================================================================
Secunia recommends that you verify all advisories you receive,
by clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only use
those supplied by the vendor.

Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/ 

Subscribe:
http://secunia.com/secunia_weekly_summary/ 

Contact details:
Web	: http://secunia.com/ 
E-mail	: support@secunia.com 
Tel	: +45 70 20 51 44
Fax	: +45 70 20 51 45



_________________________________
Attend the Black Hat Briefings and
Training, Las Vegas July 29 - August 3
2,500+ international security experts from 40 nations,
10 tracks, no vendor pitches.
www.blackhat.com 

Site design & layout copyright © 1986-2014 CodeGods