AOH :: ISN-2908.HTM

Secunia Weekly Summary - Issue: 2006-34




Secunia Weekly Summary - Issue: 2006-34
Secunia Weekly Summary - Issue: 2006-34



=======================================================================
                  The Secunia Weekly Advisory Summary                  
                        2006-08-17 - 2006-08-24                        

                       This week: 51 advisories                        

=======================================================================Table of Contents:

1.....................................................Word From Secunia
2....................................................This Week In Brief
3...............................This Weeks Top Ten Most Read Advisories
4.......................................Vulnerabilities Summary Listing
5.......................................Vulnerabilities Content Listing

=======================================================================1) Word From Secunia:

60%* of the users of our weekly summary value real-time and filtered
advisories - a solution Secunia provides businesses today through our
commercial products.

We would therefore like to bring your attention upon our commercial
products that will enable you to get real-time and filtered advisories
on vulnerabilities.

Please click on the links below: 

The Secunia Security Manager Product:
http://secunia.com/security_manager/?menu=prod 

Request An Account:
https://ca.secunia.com/?page=requestaccount&f=wsum

Or send a mail to: sales@secunia.com 

Or by phone: +45 7020 5144

Stay Secure,

Secunia

*: According to our recent survey.


=======================================================================2) This Week in Brief:

A vulnerability has been reported in Internet Explorer, which can be
exploited by malicious people to compromise a user's system.

Successful exploitation allows execution of arbitrary code when a user
is e.g. tricked into visiting a malicious website.

The vulnerability affects Internet Explorer 6 SP1 on Windows 2000 and
Windows XP SP1 and was introduced by the MS06-042 patches.

Reference:
http://secunia.com/SA21557 

 --

VIRUS ALERTS:

During the past week Secunia collected 215 virus descriptions from the
Antivirus vendors. However, none were deemed MEDIUM risk or higher
according to the Secunia assessment scale.

=======================================================================3) This Weeks Top Ten Most Read Advisories:

1.  [SA21513] Mozilla Firefox Memory Corruption Weakness
2.  [SA21557] Internet Explorer URL Parsing Buffer Overflow
              Vulnerability
3.  [SA21546] PHP Multiple Vulnerabilities
4.  [SA21484] Zen Cart SQL Injection and File Inclusion Vulnerabilities
5.  [SA21545] Joomla JIM Component File Inclusion Vulnerability
6.  [SA21539] Mambo Coppermine Component File Inclusion Vulnerability
7.  [SA21515] Linux Kernel Multiple Vulnerabilities
8.  [SA21531] Mambo mosListMessenger Component File Inclusion
9.  [SA21532] Mandriva update for mozilla-firefox
10. [SA21550] DB2 Universal Database Denial of Service Vulnerabilities

=======================================================================4) Vulnerabilities Summary Listing

Windows:
[SA21557] Internet Explorer URL Parsing Buffer Overflow Vulnerability
[SA21596] LBlog "id" SQL Injection Vulnerability
[SA21569] Cool Messenger Server / Cool Manager "username" SQL
Injection
[SA21556] PowerZip File Handling Buffer Overflow Vulnerability
[SA21547] WFTPD Server/Pro Server "SIZE" Command Buffer Overflow
[SA21595] MDaemon POP3 Server Buffer Overflow Vulnerabilities
[SA21558] WebAdmin Account Manipulation and Arbitrary File Disclosure

UNIX/Linux:
[SA21607] Mandriva update for mozilla-thunderbird
[SA21562] Debian update for clamav
[SA21605] Red Hat update for kernel
[SA21585] Avaya Products GnuPG Denial of Service Vulnerability
[SA21567] Red Hat update for xorg-x11
[SA21566] Red Hat update for XFree86
[SA21564] Avaya Products PHP Multiple Vulnerabilities
[SA21592] cPanel Multiple Cross-Site Scripting Vulnerabilities
[SA21586] Debian update for squirrelmail
[SA21591] Honeyd ARP Denial of Service Vulnerability
[SA21608] Mandriva update for php
[SA21581] Sun Solaris RBAC Profile Privilege Escalation
Vulnerabilities
[SA21576] Linux Kernel SCTP Privilege Escalation Vulnerability
[SA21551] Xsan Filesystem Path Name Buffer Overflow Vulnerability
[SA21563] Linux Kernel Uncleared HID0[31] Denial of Service
[SA21555] Linux Kernel SG Driver Denial of Service Vulnerability

Other:


Cross Platform:
[SA21552] Ichitaro Document Viewer Buffer Overflow Vulnerability
[SA21594] SportsPHool "mainnav" File Inclusion Vulnerability
[SA21593] NES Game & NES System "phphtmllib" File Inclusion
[SA21584] Empire CMS "check_path" File Inclusion Vulnerability
[SA21582] PHlyMail Lite "_PM_[path][handler]" File Inclusion
Vulnerability
[SA21574] Mambo bigAPE-Backup Component File Inclusion Vulnerability
[SA21572] Tutti Nova "TNLIB_DIR" File Inclusion Vulnerabilities
[SA21571] Fantastic News "CONFIG[script_path]" File Inclusion
Vulnerability
[SA21553] Sonium Enterprise Adressbook "folder" File Inclusion
Vulnerabilities
[SA21545] Joomla JIM Component File Inclusion Vulnerability
[SA21544] Mambo MambelFish Component File Inclusion Vulnerability
[SA21603] Drupal Easylinks Module Script Insertion and SQL Injection
[SA21580] WoltLab Burning Board Attachment Script Insertion
[SA21575] XennoBB "icon_topic" SQL Injection Vulnerability
[SA21565] indexcity SQL Injection and Script Insertion Vulnerabilities
[SA21560] Links Manager SQL Injection and Script Insertion
Vulnerabilites
[SA21549] Doika Guestbook "page" Script Insertion Vulnerability
[SA21543] mail f/w system Mail Header Injection Vulnerability
[SA21604] Drupal E-commerce Module Script Insertion Vulnerabilities
[SA21589] Diesel Job Site forgot.php Cross-Site Scripting
Vulnerabilities
[SA21588] Diesel Pay "read" Cross-Site Scripting Vulnerability
[SA21578] phpCodeGenie "BEAUT_PATH" File Inclusion Vulnerability
[SA21577] BlackBoard Learning System Script Insertion Vulnerability
[SA21570] Java Plugin and Web Start Version Specification Security
Issue
[SA21568] Diesel Paid Mail getad.php Cross-Site Scripting
Vulnerability
[SA21550] DB2 Universal Database Denial of Service Vulnerabilities
[SA21548] Symantec Enterprise Security Manager Denial of Service
[SA21546] PHP Multiple Vulnerabilities

=======================================================================5) Vulnerabilities Content Listing

Windows:--

[SA21557] Internet Explorer URL Parsing Buffer Overflow Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2006-08-23

A vulnerability has been reported in Internet Explorer, which can be
exploited by malicious people to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/21557/ 

 --

[SA21596] LBlog "id" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2006-08-21

Chironex Fleckeri has reported a vulnerability in LBlog, which can be
exploited by malicious people to conduct SQL  injection attacks.

Full Advisory:
http://secunia.com/advisories/21596/ 

 --

[SA21569] Cool Messenger Server / Cool Manager "username" SQL
Injection

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2006-08-23

Tan Chew Keong has reported a vulnerability in Cool Messenger Server
and Cool Manager, which can be exploited by malicious people to conduct
SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/21569/ 

 --

[SA21556] PowerZip File Handling Buffer Overflow Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2006-08-23

Tan Chew Keong has reported a vulnerability in PowerZip, which can be
exploited by malicious people to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/21556/ 

 --

[SA21547] WFTPD Server/Pro Server "SIZE" Command Buffer Overflow

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2006-08-23

h07 has discovered a vulnerability in WFPTD Server/Pro Server, which
can be exploited by malicious users to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/21547/ 

 --

[SA21595] MDaemon POP3 Server Buffer Overflow Vulnerabilities

Critical:    Moderately critical
Where:       From local network
Impact:      System access
Released:    2006-08-23

INFIGO IS has discovered some vulnerabilities in MDaemon, which can be
exploited by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/21595/ 

 --

[SA21558] WebAdmin Account Manipulation and Arbitrary File Disclosure

Critical:    Less critical
Where:       From local network
Impact:      Manipulation of data, Exposure of system information,
Exposure of sensitive information
Released:    2006-08-21

TTG has reported some vulnerabilities in WebAdmin, which can be
exploited by certain malicious users to manipulate or gain knowledge of
sensitive information.

Full Advisory:
http://secunia.com/advisories/21558/ 


UNIX/Linux:--

[SA21607] Mandriva update for mozilla-thunderbird

Critical:    Highly critical
Where:       From remote
Impact:      Security Bypass, Cross Site Scripting, DoS, System access
Released:    2006-08-23

Mandriva has issued an update for mozilla-thunderbird. This fixes some
vulnerabilities, which can be exploited by malicious people to bypass
certain security restrictions, conduct cross-site scripting and HTTP
response smuggling attacks, and potentially compromise a user's
system.

Full Advisory:
http://secunia.com/advisories/21607/ 

 --

[SA21562] Debian update for clamav

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2006-08-21

Debian has issued an update for clamav. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service) and potentially compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/21562/ 

 --

[SA21605] Red Hat update for kernel

Critical:    Moderately critical
Where:       From remote
Impact:      Privilege escalation, DoS
Released:    2006-08-23

Red Hat has issued an update for the kernel. This fixes some
vulnerabilities, which can be exploited by malicious, local users to
cause a DoS or gain escalated privileges and by malicious people to
cause a DoS.

Full Advisory:
http://secunia.com/advisories/21605/ 

 --

[SA21585] Avaya Products GnuPG Denial of Service Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2006-08-21

Avaya has acknowledged a vulnerability in various products, which
potentially can be exploited by malicious people to cause a DoS (Denial
of Service).

Full Advisory:
http://secunia.com/advisories/21585/ 

 --

[SA21567] Red Hat update for xorg-x11

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2006-08-22

Red Hat has issued an update for xorg-x11. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service) and potentially compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/21567/ 

 --

[SA21566] Red Hat update for XFree86

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2006-08-22

Red Hat has issued an update for XFree86. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service) and potentially compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/21566/ 

 --

[SA21564] Avaya Products PHP Multiple Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass, Cross Site Scripting, DoS, System access
Released:    2006-08-21

Avaya has acknowledged some vulnerabilities in PHP included in various
Avaya products, which can be exploited by malicious users to cause a
DoS (Denial of Service) or compromise a vulnerable system, and by
malicious people to conduct cross-site scripting attacks and
potentially compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/21564/ 

 --

[SA21592] cPanel Multiple Cross-Site Scripting Vulnerabilities

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2006-08-21

Preth00nker has reported some vulnerabilities in cPanel, which can be
exploited by malicious people to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/21592/ 

 --

[SA21586] Debian update for squirrelmail

Critical:    Less critical
Where:       From remote
Impact:      Manipulation of data, Exposure of sensitive information
Released:    2006-08-21

Debian has issued an update for squirrelmail. This fixes a
vulnerability, which can be exploited by malicious users to disclose or
manipulate sensitive information.

Full Advisory:
http://secunia.com/advisories/21586/ 

 --

[SA21591] Honeyd ARP Denial of Service Vulnerability

Critical:    Less critical
Where:       From local network
Impact:      DoS
Released:    2006-08-21

A vulnerability has been reported in Honeyd, which can be exploited by
malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/21591/ 

 --

[SA21608] Mandriva update for php

Critical:    Less critical
Where:       Local system
Impact:      Security Bypass
Released:    2006-08-23

Mandriva has issued an update for php. This fixes a vulnerability,
which can be exploited by malicious, local users to bypass certain
security restrictions.

Full Advisory:
http://secunia.com/advisories/21608/ 

 --

[SA21581] Sun Solaris RBAC Profile Privilege Escalation
Vulnerabilities

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2006-08-23

Some vulnerabilities have been reported in Sun Solaris, which can be
exploited by malicious, local users to gain escalated privileges.

Full Advisory:
http://secunia.com/advisories/21581/ 

 --

[SA21576] Linux Kernel SCTP Privilege Escalation Vulnerability

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2006-08-23

McAfee Avert Labs has reported a vulnerability in the Linux Kernel,
which can be exploited by malicious, local users to gain escalated
privileges.

Full Advisory:
http://secunia.com/advisories/21576/ 

 --

[SA21551] Xsan Filesystem Path Name Buffer Overflow Vulnerability

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2006-08-18

A vulnerability has been reported in Xsan Filesystem, which potentially
can be exploited by malicious, local users to gain escalated
privileges.

Full Advisory:
http://secunia.com/advisories/21551/ 

 --

[SA21563] Linux Kernel Uncleared HID0[31] Denial of Service

Critical:    Not critical
Where:       Local system
Impact:      DoS
Released:    2006-08-21

A vulnerability has been reported in Linux Kernel, which can be
exploited by malicious, local users to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/21563/ 

 --

[SA21555] Linux Kernel SG Driver Denial of Service Vulnerability

Critical:    Not critical
Where:       Local system
Impact:      DoS
Released:    2006-08-21

A vulnerability has been reported in Linux Kernel, which can be
exploited by malicious, local users to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/21555/ 


Other:


Cross Platform:--

[SA21552] Ichitaro Document Viewer Buffer Overflow Vulnerability

Critical:    Extremely critical
Where:       From remote
Impact:      System access
Released:    2006-08-21

A vulnerability has been reported in Ichitaro, which can be exploited
by malicious people to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/21552/ 

 --

[SA21594] SportsPHool "mainnav" File Inclusion Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2006-08-21

Kacper has discovered a vulnerability in SportsPHool, which can be
exploited by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/21594/ 

 --

[SA21593] NES Game & NES System "phphtmllib" File Inclusion

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2006-08-21

Kacper has reported some vulnerabilities in NES Game & NES System,
which can be exploited by malicious people to compromise a vulnerable
system.

Full Advisory:
http://secunia.com/advisories/21593/ 

 --

[SA21584] Empire CMS "check_path" File Inclusion Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2006-08-23

Bob Linuson has discovered a vulnerability in Empire CMS, which can be
exploited by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/21584/ 

 --

[SA21582] PHlyMail Lite "_PM_[path][handler]" File Inclusion
Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2006-08-21

Kacper has discovered a vulnerability in PHlyMail Lite, which can be
exploited by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/21582/ 

 --

[SA21574] Mambo bigAPE-Backup Component File Inclusion Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2006-08-21

mdx has discovered a vulnerability within bigAPE-Backup, which can be
exploited by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/21574/ 

 --

[SA21572] Tutti Nova "TNLIB_DIR" File Inclusion Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2006-08-21

SHiKaA has discovered some vulnerabilities in Tutti Nova, which can be
exploited by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/21572/ 

 --

[SA21571] Fantastic News "CONFIG[script_path]" File Inclusion
Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2006-08-21

SHiKaA has reported a vulnerability in Fantastic News, which can be
exploited by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/21571/ 

 --

[SA21553] Sonium Enterprise Adressbook "folder" File Inclusion
Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2006-08-21

Philipp Niedziela has discovered some vulnerabilities in Sonium
Enterprise Adressbook, which can be exploited by malicious users to
compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/21553/ 

 --

[SA21545] Joomla JIM Component File Inclusion Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2006-08-18

XORON has discovered a vulnerability in the JIM component for Joomla,
which can be exploited by malicious people to compromise a vulnerable
system.

Full Advisory:
http://secunia.com/advisories/21545/ 

 --

[SA21544] Mambo MambelFish Component File Inclusion Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2006-08-18

mdx has reported a vulnerability in the MambelFish component for Mambo,
which can be exploited by malicious people to compromise a vulnerable
system.

Full Advisory:
http://secunia.com/advisories/21544/ 

 --

[SA21603] Drupal Easylinks Module Script Insertion and SQL Injection

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting, Manipulation of data
Released:    2006-08-23

Some vulnerabilities have been reported in the Easylinks Module for
Drupal, which can be exploited by malicious people to conduct script
insertion and SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/21603/ 

 --

[SA21580] WoltLab Burning Board Attachment Script Insertion

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2006-08-23

ZeberuS has reported a vulnerability in Woltlab Burning Board, which
can be exploited by malicious people to conduct script insertion
attacks.

Full Advisory:
http://secunia.com/advisories/21580/ 

 --

[SA21575] XennoBB "icon_topic" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2006-08-22

Chris Boulton has reported a vulnerability in XennoBB, which can be
exploited by malicious users to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/21575/ 

 --

[SA21565] indexcity SQL Injection and Script Insertion Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting, Manipulation of data
Released:    2006-08-22

Aliaksandr Hartsuyeu has discovered some vulnerabilities in indexcity,
which can be exploited by malicious people to conduct SQL injection and
script insertion attacks.

Full Advisory:
http://secunia.com/advisories/21565/ 

 --

[SA21560] Links Manager SQL Injection and Script Insertion
Vulnerabilites

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting, Manipulation of data
Released:    2006-08-22

Aliaksandr Hartsuyeu has discovered some vulnerabilities in Links
Manager, which can be exploited by malicious people to conduct SQL
injection and script insertion attacks.

Full Advisory:
http://secunia.com/advisories/21560/ 

 --

[SA21549] Doika Guestbook "page" Script Insertion Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2006-08-22

Aliaksandr Hartsuyeu has reported a vulnerability in Doika Guestbook,
which can be exploited by malicious people to conduct script insertion
attacks.

Full Advisory:
http://secunia.com/advisories/21549/ 

 --

[SA21543] mail f/w system Mail Header Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass
Released:    2006-08-23

A vulnerability has been reported in mail f/w system, which can be
exploited by malicious people to bypass certain security restrictions.

Full Advisory:
http://secunia.com/advisories/21543/ 

 --

[SA21604] Drupal E-commerce Module Script Insertion Vulnerabilities

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2006-08-23

Some vulnerabilities have been reported in the E-Commerce Module for
Drupal, which can be exploited by malicious users to conduct script
insertion attacks.

Full Advisory:
http://secunia.com/advisories/21604/ 

 --

[SA21589] Diesel Job Site forgot.php Cross-Site Scripting
Vulnerabilities

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2006-08-22

Night_Warrior has reported some vulnerabilities in Diesel Job Site,
which can be exploited by malicious people to conduct cross-site
scripting attacks.

Full Advisory:
http://secunia.com/advisories/21589/ 

 --

[SA21588] Diesel Pay "read" Cross-Site Scripting Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2006-08-22

Night_Warrior has reported a vulnerability in Diesel Pay, which can be
exploited by malicious people to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/21588/ 

 --

[SA21578] phpCodeGenie "BEAUT_PATH" File Inclusion Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      System access
Released:    2006-08-21

Kacper has discovered a vulnerability in phpCodeGenie, which can be
exploited by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/21578/ 

 --

[SA21577] BlackBoard Learning System Script Insertion Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2006-08-23

PrOtOn and digi7al64 have reported a vulnerability in BlackBoard
Learning and Community Portal Systems, which can be exploited by
malicious users to conduct script insertion attacks.

Full Advisory:
http://secunia.com/advisories/21577/ 

 --

[SA21570] Java Plugin and Web Start Version Specification Security
Issue

Critical:    Less critical
Where:       From remote
Impact:      Security Bypass
Released:    2006-08-22

A security issue has been reported in Sun Java Plugin and Sun Java Web
Start, which can be exploited by malicious people to bypass certain
security restrictions.

Full Advisory:
http://secunia.com/advisories/21570/ 

 --

[SA21568] Diesel Paid Mail getad.php Cross-Site Scripting
Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2006-08-22

Night_Warrior has reported a vulnerability in Diesel Paid Mail, which
can be exploited by malicious people to conduct cross-site scripting
attacks.

Full Advisory:
http://secunia.com/advisories/21568/ 

 --

[SA21550] DB2 Universal Database Denial of Service Vulnerabilities

Critical:    Less critical
Where:       From local network
Impact:      DoS
Released:    2006-08-18

Two vulnerabilities have been reported in DB2, which can be exploited
by malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/21550/ 

 --

[SA21548] Symantec Enterprise Security Manager Denial of Service

Critical:    Less critical
Where:       From local network
Impact:      DoS
Released:    2006-08-22

A vulnerability has been reported in Symantec Enterprise Security
Manager (ESM), which can be exploited by malicious people to cause a
DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/21548/ 

 --

[SA21546] PHP Multiple Vulnerabilities

Critical:    Less critical
Where:       Local system
Impact:      Unknown, Security Bypass
Released:    2006-08-18

Some vulnerabilities have been reported in PHP, where some have unknown
impacts, and others can be exploited by malicious, local users to bypass
certain security restrictions.

Full Advisory:
http://secunia.com/advisories/21546/ 



=======================================================================
Secunia recommends that you verify all advisories you receive,
by clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only use
those supplied by the vendor.

Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/ 

Subscribe:
http://secunia.com/secunia_weekly_summary/ 

Contact details:
Web	: http://secunia.com/ 
E-mail	: support@secunia.com 
Tel	: +45 70 20 51 44
Fax	: +45 70 20 51 45


_________________________________
HITBSecConf2006 - Malaysia 
The largest network security event in Asia 
32 internationally renowned speakers 
7 tracks of hands-on technical training sessions. 
Register now: http://conference.hitb.org/hitbsecconf2006kl/ 

Site design & layout copyright © 1986-2014 CodeGods