AOH :: ISN-2878.HTM

Secunia Weekly Summary - Issue: 2006-33




Secunia Weekly Summary - Issue: 2006-33
Secunia Weekly Summary - Issue: 2006-33



=======================================================================
                  The Secunia Weekly Advisory Summary                  
                        2006-08-10 - 2006-08-17                        

                       This week: 62 advisories                        

=======================================================================Table of Contents:

1.....................................................Word From Secunia
2....................................................This Week In Brief
3...............................This Weeks Top Ten Most Read Advisories
4.......................................Vulnerabilities Summary Listing
5.......................................Vulnerabilities Content Listing

=======================================================================1) Word From Secunia:

60%* of the users of our weekly summary value real-time and filtered
advisories - a solution Secunia provides businesses today through our
commercial products.

We would therefore like to bring your attention upon our commercial
products that will enable you to get real-time and filtered advisories
on vulnerabilities.

Please click on the links below: 

The Secunia Security Manager Product:
http://secunia.com/security_manager/?menu=prod 

Request An Account:
https://ca.secunia.com/?page=requestaccount&f=wsum

Or send a mail to: sales@secunia.com 

Or by phone: +45 7020 5144

Stay Secure,

Secunia

*: According to our recent survey.


=======================================================================2) This Week in Brief:

A vulnerability has been reported in Backup Exec, which can be
exploited by malicious people to cause a DoS (Denial of Service) or
compromise a vulnerable system.

The vendor has released updated versions correcting this vulnerability.

Reference:
http://secunia.com/SA21472 

 --

A vulnerability has been reported in Ruby on Rails, which can be
exploited can be exploited by malicious people to cause a DoS (Denial
of Service).

Further details can be found in the referenced Secunia advisory below.

Reference:
http://secunia.com/SA21424 

 --

VIRUS ALERTS:

During the past week Secunia collected 146 virus descriptions from the
Antivirus vendors. However, none were deemed MEDIUM risk or higher
according to the Secunia assessment scale.

=======================================================================3) This Weeks Top Ten Most Read Advisories:

1.  [SA21490] Apache "mod_alias" URL Validation Canonicalization
              Vulnerability
2.  [SA21394] Windows DNS Resolution Code Execution Vulnerabilities
3.  [SA21476] Linux Kernel Multiple Vulnerabilities
4.  [SA21472] Backup Exec Remote Agent RPC Interface Buffer Overflows
5.  [SA20748] Microsoft Windows Hyperlink Object Library
              Vulnerabilities
6.  [SA20153] Microsoft Word Malformed Object Pointer Vulnerability
7.  [SA21478] IBM HTTP Server Two Vulnerabilities
8.  [SA21465] Red Hat update for kernel
9.  [SA21477] Mambo Remository Component File Inclusion Vulnerability
10. [SA21464] Red Hat update for ntp


1.  [SA20748] Microsoft Windows Hyperlink Object Library
              Vulnerabilities
2.  [SA21394] Windows DNS Resolution Code Execution Vulnerabilities
3.  [SA21360] vBulletin Cross-Site Scripting and Script Insertion
4.  [SA20153] Microsoft Word Malformed Object Pointer Vulnerability
5.  [SA21253] Mac OS X Security Update Fixes Multiple Vulnerabilities
6.  [SA21374] Clam AntiVirus pefromupx() Buffer Overflow Vulnerability
7.  [SA21377] Microsoft Windows WMF File Handling Denial of Service
8.  [SA21417] Microsoft Windows Two Vulnerabilities
9.  [SA21345] DHCP "supersede_lease()" DHCPOFFER Denial of Service
10. [SA21388] Windows Server Service Buffer Overflow Vulnerability

=======================================================================4) Vulnerabilities Summary Listing

Windows:
[SA21512] Sony VAIO Media Integrated Server Two Vulnerabilities
[SA21510] SonicStage Mastering Studio Project File Import Buffer
Overflow
[SA21504] 04WebServer Cross-Site Scripting and Security Bypass
[SA21482] Spidey Blog Script "pid" SQL Injection Vulnerability
[SA21472] Backup Exec Remote Agent RPC Interface Buffer Overflows
[SA21490] Apache "mod_alias" URL Validation Canonicalization
Vulnerability
[SA21468] IPCheck Server Monitor Directory Traversal Vulnerability
[SA21494] DeviceLock Device Object Improper Restriction Weakness

UNIX/Linux:
[SA21532] Mandriva update for mozilla-firefox
[SA21529] SUSE update for MozillaFirefox, MozillaThunderbird, and
Seamonkey
[SA21497] Kolab Server ClamAV Buffer Overflow Vulnerability
[SA21488] Red Hat update for wireshark
[SA21474] Gentoo warzone2100 Buffer Overflow Vulnerabilities
[SA21473] Gentoo update for libwmf
[SA21469] Spaminator "page" Parameter File Inclusion Vulnerability
[SA21467] SUSE Update for Multiple Packages
[SA21525] Ubuntu update for imagemagick
[SA21524] Mandriva update for gnupg
[SA21522] Avaya Products Integer Overflow and Denial of Service
[SA21520] Avaya Products Multiple Vulnerabilities
[SA21502] Debian update for gallery
[SA21498] SUSE update for kernel
[SA21476] Linux Kernel Multiple Vulnerabilities
[SA21466] Gentoo update for rails
[SA21465] Red Hat update for kernel
[SA21521] Mandriva update for heartbeat
[SA21518] Debian update for heartbeat
[SA21503] Debian update for drupal
[SA21471] Sun Solaris netstat/SNMP queries and ifconfig Race Condition
[SA21511] Heartbeat Denial of Service Vulnerability
[SA21505] Ubuntu update for heartbeat
[SA21499] HP-UX LP Subsystem Denial of Service Vulnerability
[SA21496] Novell eDirectory Denial of Service and Password Exposure
[SA21527] Ubuntu update for krb5
[SA21516] Globus Toolkit Multiple Vulnerabilities
[SA21514] Avaya PDS HP-UX mkdir Unspecified Unauthorized Access
[SA21481] Red Hat update for kdebase
[SA21480] Debian update for shadow
[SA21492] Avaya Products OpenSSH scp Shell Command Injection
[SA21491] HP-UX Support Tools Manager Denial of Service Vulnerability
[SA21475] HP-UX Trusted Mode Denial of Service Vulnerability
[SA21464] Red Hat update for ntp

Other:


Cross Platform:
[SA21531] Mambo mosListMessenger Component File Inclusion
[SA21526] PHProjekt "path_pre"/"lib_path" File Inclusion
Vulnerabilities
[SA21495] Joomla Webring Component "component_dir" File Inclusion
[SA21489] Chaussette "_BASE" File Inclusion Vulnerabilities
[SA21484] Zen Cart SQL Injection and File Inclusion Vulnerabilities
[SA21479] Mambo MMP Component File Inclusion Vulnerability
[SA21477] Mambo Remository Component File Inclusion Vulnerability
[SA21470] Mambo PeopleBook Component File Inclusion Vulnerability
[SA21463] WEBInsta CMS File Inclusion Vulnerabilities
[SA21519] Owl Intranet Engine Cross-Site Scripting and SQL Injection
[SA21509] IBM HTTP Server Apache mod_rewrite Vulnerability
[SA21487] IBM WebSphere Application Server Multiple Vulnerabilities
[SA21478] IBM HTTP Server Two Vulnerabilities
[SA21462] ImageMagick "ReadSGIImage()" Integer Overflow Vulnerability
[SA21507] Symantec NetBackup PureDisk Authentication Bypass
[SA21485] HP OpenView Storage Data Protector Backup Agents
Vulnerability
[SA21486] WordPress WP-DB Backup Plugin Directory Traversal
Vulnerability
[SA21483] XennoBB "category" Parameter Directory Traversal Weakness
[SA21523] ASSP "file" Parameter Disclosure of Sensitive Information
[SA21506] MySQL Create Database Bypass and Privilege Escalation

=======================================================================5) Vulnerabilities Content Listing

Windows:--

[SA21512] Sony VAIO Media Integrated Server Two Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      Exposure of system information, Exposure of sensitive
information, System access
Released:    2006-08-16

Pentest Limited has reported some vulnerabilities in Sony VAIO Media
Integrated Server, which can be exploited by malicious people to gain
knowledge of sensitive information or compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/21512/ 

 --

[SA21510] SonicStage Mastering Studio Project File Import Buffer
Overflow

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2006-08-16

Pentest Limited has reported a vulnerability in Sony SonicStage
Mastering Studio, which can be exploited by malicious people to
compromise a user's system.

Full Advisory:
http://secunia.com/advisories/21510/ 

 --

[SA21504] 04WebServer Cross-Site Scripting and Security Bypass

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass, Cross Site Scripting
Released:    2006-08-14

Two vulnerabilities have been reported in 04WebServer, which can be
exploited by malicious people to conduct cross-site scripting attacks
and bypass certain security restrictions.

Full Advisory:
http://secunia.com/advisories/21504/ 

 --

[SA21482] Spidey Blog Script "pid" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2006-08-15

ASIANEAGLE has reported a vulnerability in Spidey Blog Script, which
can be exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/21482/ 

 --

[SA21472] Backup Exec Remote Agent RPC Interface Buffer Overflows

Critical:    Moderately critical
Where:       From local network
Impact:      DoS, System access
Released:    2006-08-11

A vulnerability has been reported in Backup Exec, which can be
exploited by malicious people to cause a DoS (Denial of Service) or
compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/21472/ 

 --

[SA21490] Apache "mod_alias" URL Validation Canonicalization
Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Security Bypass, Exposure of sensitive information
Released:    2006-08-11

Susam Pal has discovered a vulnerability in Apache, which can be
exploited by malicious people to bypass certain security restrictions
and disclose potentially sensitive information.

Full Advisory:
http://secunia.com/advisories/21490/ 

 --

[SA21468] IPCheck Server Monitor Directory Traversal Vulnerability

Critical:    Less critical
Where:       From local network
Impact:      Exposure of system information, Exposure of sensitive
information
Released:    2006-08-11

Tassi Raeburn has discovered a vulnerability in IPCheck Server Monitor,
which can be exploited by malicious people to gain knowledge of
sensitive information.

Full Advisory:
http://secunia.com/advisories/21468/ 

 --

[SA21494] DeviceLock Device Object Improper Restriction Weakness

Critical:    Not critical
Where:       Local system
Impact:      Security Bypass
Released:    2006-08-16

seppi has reported a weakness in DeviceLock, which potentially can be
exploited by malicious, local users to bypass certain security
restrictions.

Full Advisory:
http://secunia.com/advisories/21494/ 


UNIX/Linux:--

[SA21532] Mandriva update for mozilla-firefox

Critical:    Highly critical
Where:       From remote
Impact:      Security Bypass, Cross Site Scripting, Spoofing, Exposure
of system information, Exposure of sensitive information, DoS, System
access
Released:    2006-08-17

Mandriva has issued an update for mozilla-firefox. This fixes some
vulnerabilities, which can be exploited by malicious people to trick
users into disclosing sensitive information, disclose system
information, bypass certain security restrictions, conduct cross-site
scripting and HTTP response smuggling attacks, and potentially
compromise a user's system.

Full Advisory:
http://secunia.com/advisories/21532/ 

 --

[SA21529] SUSE update for MozillaFirefox, MozillaThunderbird, and
Seamonkey

Critical:    Highly critical
Where:       From remote
Impact:      Cross Site Scripting, DoS, System access
Released:    2006-08-17

SUSE has issued an update for MozillaFirefox, MozillaThunderbird and
Seamonkey. These fix some vulnerabilities, which can be exploited by
malicious people to conduct cross-site scripting attacks and compromise
a user's system.

Full Advisory:
http://secunia.com/advisories/21529/ 

 --

[SA21497] Kolab Server ClamAV Buffer Overflow Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2006-08-14

A vulnerability has been reported in Kolab Server, which can be
exploited by malicious people to cause a DoS (Denial of Service) and
potentially compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/21497/ 

 --

[SA21488] Red Hat update for wireshark

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2006-08-16

Red Hat has issued an update for wireshark. This fixes some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service) or compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/21488/ 

 --

[SA21474] Gentoo warzone2100 Buffer Overflow Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2006-08-11

Gentoo has acknowledged some vulnerabilities in warzone2100, which can
be exploited by malicious people to cause a DoS (Denial of Service) and
potentially compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/21474/ 

 --

[SA21473] Gentoo update for libwmf

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2006-08-11

Gentoo has issued an update for libwmf. This fixes a vulnerability,
which can be exploited by malicious people to compromise an application
using the vulnerable library.

Full Advisory:
http://secunia.com/advisories/21473/ 

 --

[SA21469] Spaminator "page" Parameter File Inclusion Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2006-08-11

Drago84 has discovered a vulnerability in Spaminator, which can be
exploited by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/21469/ 

 --

[SA21467] SUSE Update for Multiple Packages

Critical:    Highly critical
Where:       From remote
Impact:      Privilege escalation, DoS, System access
Released:    2006-08-15

SUSE has issued an update for multiple packages. These fix some
vulnerabilities, which can be exploited by malicious, local users to
perform certain actions with escalated privileges, or by malicious
people to cause a DoS (Denial of Service) and compromise a vulnerable
system.

Full Advisory:
http://secunia.com/advisories/21467/ 

 --

[SA21525] Ubuntu update for imagemagick

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2006-08-17

Ubuntu has issued an update for imagemagick. This fixes a
vulnerability, which can be exploited by malicious people to cause a
DoS (Denial of Service) or potentially compromise a user's system.

Full Advisory:
http://secunia.com/advisories/21525/ 

 --

[SA21524] Mandriva update for gnupg

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2006-08-16

Mandriva has issued an update for gnupg. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/21524/ 

 --

[SA21522] Avaya Products Integer Overflow and Denial of Service

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2006-08-16

Avaya has acknowledged two vulnerabilities in the python and gnupg
packages included in various Avaya products, which can be exploited by
malicious people to cause a DoS (Denial of Service) and potentially to
compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/21522/ 

 --

[SA21520] Avaya Products Multiple Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass, Exposure of sensitive information, DoS
Released:    2006-08-16

Avaya has acknowledged some vulnerabilities in the dump, openldap, and
nss_ldap packages included in various Avaya products, which can be
exploited by malicious, local users to cause a DoS (Denial of Service),
and by malicious people to gain knowledge of sensitive information or
bypass certain security restrictions.

Full Advisory:
http://secunia.com/advisories/21520/ 

 --

[SA21502] Debian update for gallery

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting, Exposure of sensitive information
Released:    2006-08-14

Debian has issued an update for gallery. This fixes some
vulnerabilities, which can be exploited by malicious people to conduct
script insertion attacks or disclose certain sensitive information.

Full Advisory:
http://secunia.com/advisories/21502/ 

 --

[SA21498] SUSE update for kernel

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass, Exposure of system information, Exposure
of sensitive information, Privilege escalation, DoS
Released:    2006-08-14

SUSE has issued an update for the kernel. This fixes some
vulnerabilities, which can be exploited by malicious, local users to
disclose potentially sensitive information, bypass certain security
restrictions, gain escalated privileges, cause a DoS (Denial of
Service), and by malicious people to cause a DoS.

Full Advisory:
http://secunia.com/advisories/21498/ 

 --

[SA21476] Linux Kernel Multiple Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass, Exposure of sensitive information, DoS
Released:    2006-08-11

Multiple vulnerabilities have been reported in the Linux Kernel, which
can be exploited by malicious, local users to cause a DoS (Denial of
Service), bypass certain security restrictions, and disclose
potentially sensitive information and by malicious people to cause a
DoS.

Full Advisory:
http://secunia.com/advisories/21476/ 

 --

[SA21466] Gentoo update for rails

Critical:    Moderately critical
Where:       From remote
Impact:      Unknown, DoS
Released:    2006-08-15

Gentoo has issued an update for rails. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/21466/ 

 --

[SA21465] Red Hat update for kernel

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass, Exposure of sensitive information, DoS
Released:    2006-08-11

Red Hat has issued an update for the kernel. This fixes some
vulnerabilities, which can be exploited by malicious, local users to
bypass certain security restrictions, gain knowledge of potentially
sensitive information, or cause a DoS (Denial of Service), and
malicious people to bypass certain security restrictions or cause a
DoS.

Full Advisory:
http://secunia.com/advisories/21465/ 

 --

[SA21521] Mandriva update for heartbeat

Critical:    Less critical
Where:       From remote
Impact:      DoS
Released:    2006-08-16

Mandriva has issued an update for heartbeat. This fixes some
vulnerabilities, which can be exploited by malicious, local users or
malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/21521/ 

 --

[SA21518] Debian update for heartbeat

Critical:    Less critical
Where:       From remote
Impact:      DoS
Released:    2006-08-16

Debian has issued an update for heartbeat. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/21518/ 

 --

[SA21503] Debian update for drupal

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2006-08-14

Debian has issued an update for drupal. This fixes a vulnerability,
which can be exploited by malicious people to conduct cross-site
scripting attacks.

Full Advisory:
http://secunia.com/advisories/21503/ 

 --

[SA21471] Sun Solaris netstat/SNMP queries and ifconfig Race Condition

Critical:    Less critical
Where:       From remote
Impact:      DoS
Released:    2006-08-14

A vulnerability has been reported in Sun Solaris, which can be
exploited by malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/21471/ 

 --

[SA21511] Heartbeat Denial of Service Vulnerability

Critical:    Less critical
Where:       From local network
Impact:      DoS
Released:    2006-08-16

Yan Rong Ge has reported a vulnerability in heartbeat, which can be
exploited by malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/21511/ 

 --

[SA21505] Ubuntu update for heartbeat

Critical:    Less critical
Where:       From local network
Impact:      DoS
Released:    2006-08-16

Ubuntu has issued an update for heartbeat. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/21505/ 

 --

[SA21499] HP-UX LP Subsystem Denial of Service Vulnerability

Critical:    Less critical
Where:       From local network
Impact:      DoS
Released:    2006-08-16

A vulnerability has been reported in HP-UX, which potentially can be
exploited by malicious users to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/21499/ 

 --

[SA21496] Novell eDirectory Denial of Service and Password Exposure

Critical:    Less critical
Where:       From local network
Impact:      Exposure of sensitive information, DoS
Released:    2006-08-14

A vulnerability and a security issue have been reported in Novell
eDirectory, which potentially can be exploited by malicious, local
users to disclose sensitive information and by malicious people to
cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/21496/ 

 --

[SA21527] Ubuntu update for krb5

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2006-08-16

Ubuntu has issued an update for krb5. This fixes a security issue,
which potentially can be exploited by malicious, local users to perform
certain actions with escalated privileges.

Full Advisory:
http://secunia.com/advisories/21527/ 

 --

[SA21516] Globus Toolkit Multiple Vulnerabilities

Critical:    Less critical
Where:       Local system
Impact:      Exposure of sensitive information, Privilege escalation
Released:    2006-08-16

Some vulnerabilities have been reported in the Globus Toolkit, which
potentially can be exploited by malicious, local users to disclose
sensitive information or perform certain actions with escalated
privileges.

Full Advisory:
http://secunia.com/advisories/21516/ 

 --

[SA21514] Avaya PDS HP-UX mkdir Unspecified Unauthorized Access

Critical:    Less critical
Where:       Local system
Impact:      Security Bypass
Released:    2006-08-16

Avaya has acknowledged a vulnerability in Avaya Predictive Dialing
System, which can be exploited by malicious, local users to bypass
certain security restrictions.

Full Advisory:
http://secunia.com/advisories/21514/ 

 --

[SA21481] Red Hat update for kdebase

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2006-08-11

Red Hat has issued an update for kdebase. This fixes a vulnerability,
which potentially can be exploited by malicious, local users to gain
escalated privileges.

Full Advisory:
http://secunia.com/advisories/21481/ 

 --

[SA21480] Debian update for shadow

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2006-08-14

Debian has issued an update for shadow. This fixes a security issue,
which potentially can be exploited by malicious, local users to perform
certain actions with escalated privileges.

Full Advisory:
http://secunia.com/advisories/21480/ 

 --

[SA21492] Avaya Products OpenSSH scp Shell Command Injection

Critical:    Not critical
Where:       Local system
Impact:      Privilege escalation
Released:    2006-08-16

Avaya has acknowledged a weakness in various Avaya products, which
potentially can be exploited by malicious, local users to perform
certain actions with escalated privileges.

Full Advisory:
http://secunia.com/advisories/21492/ 

 --

[SA21491] HP-UX Support Tools Manager Denial of Service Vulnerability

Critical:    Not critical
Where:       Local system
Impact:      DoS
Released:    2006-08-16

A vulnerability has been reported in HP-UX, which can be exploited by
malicious, local users to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/21491/ 

 --

[SA21475] HP-UX Trusted Mode Denial of Service Vulnerability

Critical:    Not critical
Where:       Local system
Impact:      DoS
Released:    2006-08-16

A vulnerability has been reported in HP-UX, which potentially can be
exploited by malicious, local users to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/21475/ 

 --

[SA21464] Red Hat update for ntp

Critical:    Not critical
Where:       Local system
Impact:      Privilege escalation
Released:    2006-08-11

Red Hat has issued an update for ntp. This fixes a security issue,
which can cause ntpd to run with incorrect group permissions.

Full Advisory:
http://secunia.com/advisories/21464/ 


Other:


Cross Platform:--

[SA21531] Mambo mosListMessenger Component File Inclusion

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2006-08-17

Crackers_Child has reported a vulnerability in the mosListMessenger
component for Mambo, which can be exploited by malicious people to
compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/21531/ 

 --

[SA21526] PHProjekt "path_pre"/"lib_path" File Inclusion
Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2006-08-16

Kacper has discovered some vulnerabilities in PHProjekt, which can be
exploited by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/21526/ 

 --

[SA21495] Joomla Webring Component "component_dir" File Inclusion

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2006-08-14

xoron has discovered a vulnerability in the Webring component for
Joomla, which can be exploited by malicious people to compromise a
vulnerable system.

Full Advisory:
http://secunia.com/advisories/21495/ 

 --

[SA21489] Chaussette "_BASE" File Inclusion Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2006-08-11

Drago84 has reported some vulnerabilities in Chaussette, which can be
exploited by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/21489/ 

 --

[SA21484] Zen Cart SQL Injection and File Inclusion Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      Manipulation of data, System access
Released:    2006-08-16

James Bercegay has reported some vulnerabilities in Zen Cart, which can
be exploited by malicious people to conduct SQL injection attacks and
compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/21484/ 

 --

[SA21479] Mambo MMP Component File Inclusion Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2006-08-15

mdx has discovered a vulnerability in the MMP component for Mambo,
which can be exploited by malicious people to compromise a vulnerable
system.

Full Advisory:
http://secunia.com/advisories/21479/ 

 --

[SA21477] Mambo Remository Component File Inclusion Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2006-08-11

camino has reported a vulnerability in the Remository component for
Mambo, which can be exploited by malicious people to compromise a
vulnerable system.

Full Advisory:
http://secunia.com/advisories/21477/ 

 --

[SA21470] Mambo PeopleBook Component File Inclusion Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2006-08-15

Matdhule has discovered a vulnerability in the PeopleBook component for
Mambo, which can be exploited by malicious people to compromise a
vulnerable system.

Full Advisory:
http://secunia.com/advisories/21470/ 

 --

[SA21463] WEBInsta CMS File Inclusion Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2006-08-15

Two vulnerabilities have been discovered in WEBInsta CMS, which can be
exploited by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/21463/ 

 --

[SA21519] Owl Intranet Engine Cross-Site Scripting and SQL Injection

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting, Manipulation of data
Released:    2006-08-16

Two vulnerabilities have been reported in Owl Intranet Engine, which
can be exploited by malicious people to conduct cross-site scripting
and SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/21519/ 

 --

[SA21509] IBM HTTP Server Apache mod_rewrite Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2006-08-16

IBM has acknowledged a vulnerability in IBM HTTP Server, which
potentially can be exploited by malicious people to compromise a
vulnerable system.

Full Advisory:
http://secunia.com/advisories/21509/ 

 --

[SA21487] IBM WebSphere Application Server Multiple Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Unknown, Exposure of sensitive information
Released:    2006-08-15

Some vulnerabilities have been reported in IBM Websphere Application
Server, where one has an unknown impact, and others can potentially be
exploited by malicious, local users and by malicious people to disclose
sensitive information.

Full Advisory:
http://secunia.com/advisories/21487/ 

 --

[SA21478] IBM HTTP Server Two Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting, DoS, System access
Released:    2006-08-11

IBM has acknowledged two vulnerabilities in IBM HTTP Server, which can
be exploited by malicious people to conduct cross-site scripting
attacks and potentially compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/21478/ 

 --

[SA21462] ImageMagick "ReadSGIImage()" Integer Overflow Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2006-08-15

Damian Put has discovered a vulnerability in ImageMagick, which can be
exploited by malicious people to cause a DoS (Denial of Service) or
potentially compromise a user's system.

Full Advisory:
http://secunia.com/advisories/21462/ 

 --

[SA21507] Symantec NetBackup PureDisk Authentication Bypass

Critical:    Moderately critical
Where:       From local network
Impact:      Security Bypass
Released:    2006-08-17

A vulnerability has been reported in Symantec NetBackup PureDisk, which
can be exploited by malicious people to bypass certain security
restrictions.

Full Advisory:
http://secunia.com/advisories/21507/ 

 --

[SA21485] HP OpenView Storage Data Protector Backup Agents
Vulnerability

Critical:    Moderately critical
Where:       From local network
Impact:      System access
Released:    2006-08-14

NISCC has reported a vulnerability in HP OpenView Storage Data
Protector, which can be exploited by malicious people to compromise a
vulnerable system.

Full Advisory:
http://secunia.com/advisories/21485/ 

 --

[SA21486] WordPress WP-DB Backup Plugin Directory Traversal
Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Exposure of sensitive information
Released:    2006-08-15

ssteam has reported a vulnerability in the WP-DB Backup plugin for
WordPress, which can be exploited by malicious users to disclose
sensitive information.

Full Advisory:
http://secunia.com/advisories/21486/ 

 --

[SA21483] XennoBB "category" Parameter Directory Traversal Weakness

Critical:    Not critical
Where:       From remote
Impact:      Exposure of system information
Released:    2006-08-11

Chris Boulton has discovered a weakness in XennoBB, which can be
exploited by malicious people to disclose system information.

Full Advisory:
http://secunia.com/advisories/21483/ 

 --

[SA21523] ASSP "file" Parameter Disclosure of Sensitive Information

Critical:    Not critical
Where:       From local network
Impact:      Exposure of sensitive information
Released:    2006-08-16

Micheal Espinola Jr has discovered a vulnerability in ASSP, which can
be exploited by malicious users to disclose sensitive information.

Full Advisory:
http://secunia.com/advisories/21523/ 

 --

[SA21506] MySQL Create Database Bypass and Privilege Escalation

Critical:    Not critical
Where:       From local network
Impact:      Security Bypass, Privilege escalation
Released:    2006-08-17

Two vulnerabilities have been reported in MySQL, which can be exploited
by malicious users to bypass certain security restrictions and perform
certain actions with escalated privileges.

Full Advisory:
http://secunia.com/advisories/21506/ 



=======================================================================
Secunia recommends that you verify all advisories you receive,
by clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only use
those supplied by the vendor.

Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/ 

Subscribe:
http://secunia.com/secunia_weekly_summary/ 

Contact details:
Web	: http://secunia.com/ 
E-mail	: support@secunia.com 
Tel	: +45 70 20 51 44
Fax	: +45 70 20 51 45




_________________________________
HITBSecConf2006 - Malaysia 
The largest network security event in Asia 
32 internationally renowned speakers 
7 tracks of hands-on technical training sessions. 
Register now: http://conference.hitb.org/hitbsecconf2006kl/ 

Site design & layout copyright © 1986-2014 CodeGods