AOH :: ISN-3073.HTM

Secunia Weekly Summary - Issue: 2006-39




Secunia Weekly Summary - Issue: 2006-39
Secunia Weekly Summary - Issue: 2006-39



=======================================================================
                  The Secunia Weekly Advisory Summary                  
                        2006-09-21 - 2006-09-28                        

                       This week: 88 advisories                        

=======================================================================Table of Contents:

1.....................................................Word From Secunia
2....................................................This Week In Brief
3...............................This Weeks Top Ten Most Read Advisories
4.......................................Vulnerabilities Summary Listing
5.......................................Vulnerabilities Content Listing

=======================================================================1) Word From Secunia:

Secunia Corporate Website has been Released

Learn more about what Secunia can offer you and your company, see and
download detailed product descriptions, and view comprehensive flash
presentations of both our products and corporate profile.

Visit the Secunia Corporate Website:
http://corporate.secunia.com/ 


Secunia Vulnerability and Advisory Portal has been Updated

Our publicly available Vulnerability and Advisory Portal
secunia.com has been updated with improved accessibility and usability,
enhanced features, and improved search capabilities along with
availability of extensive product reports.

Over the years, the Secunia brand has become synonymous with credible,
accurate, and reliable vulnerability intelligence and our services
are used by more than 5 million unique users every year at secunia.com.

Visit the Secunia Vulnerability and Advisory Portal:
http://secunia.com/ 

=======================================================================2) This Week in Brief:

Two "Extremely Critical" Secunia advisories have been released
regarding two new vulnerabilities in Internet Explorer and Powerpoint.

Currently, no solution is available from Microsoft.

Please see the two referenced Secunia advisories for additional
details.

References:
http://secunia.com/SA22159 
http://secunia.com/SA22127 

 --

VIRUS ALERTS:

During the past week Secunia collected 274 virus descriptions from the
Antivirus vendors. However, none were deemed MEDIUM risk or higher
according to the Secunia assessment scale.

=======================================================================3) This Weeks Top Ten Most Read Advisories:

1.  [SA21989] Microsoft Vector Graphics Rendering Library Buffer
              Overflow
2.  [SA21910] Internet Explorer daxctle.ocx "KeyFrame()" Method
              Vulnerability
3.  [SA21906] Mozilla Firefox Multiple Vulnerabilities
4.  [SA22068] Apple Airport Buffer Overflow and Integer Overflow
              Vulnerabilities
5.  [SA22091] OpenSSH Identical Blocks Denial of Service Vulnerability
6.  [SA21982] Opera SSL RSA Signature Forgery Vulnerability
7.  [SA22159] Microsoft Internet Explorer "WebViewFolderIcon" Integer
              Overflow
8.  [SA22048] Apple QuickTime Plug-In Local Resource Linking Weakness
9.  [SA20153] Microsoft Word Malformed Object Pointer Vulnerability
10. [SA22054] SUSE update for flash-player

=======================================================================4) Vulnerabilities Summary Listing

Windows:
[SA22159] Microsoft Internet Explorer "WebViewFolderIcon" Integer
Overflow
[SA22127] Microsoft PowerPoint Code Execution Vulnerability
[SA22052] xweblog "kategori" SQL Injection Vulnerability
[SA22058] Plesk filemanager.php Information Disclosure
[SA22073] CA eTrust Audit Event Alerting System Missing Authentication

UNIX/Linux:
[SA22100] Gentoo update for tikiwiki
[SA22090] HP-UX update for Kerberos
[SA22089] Avaya Products wireshark Vulnerabilities
[SA22088] Mandriva update for mozilla-thunderbird
[SA22085] Gentoo update for gzip
[SA22074] Ubuntu update for mozilla-thunderbird
[SA22069] Red Hat update for php
[SA22068] Apple Airport Buffer Overflow and Integer Overflow
Vulnerabilities
[SA22066] HP-UX update for firefox
[SA22065] HP-UX update for thunderbird
[SA22056] SUSE updates for MozillaFirefox, MozillaThunderbird, and
seamonkey
[SA22055] Ubuntu update for mozilla-thunderbird
[SA22054] SUSE update for flash-player
[SA22174] Avaya Products Linux Kernel Multiple Vulnerabilities
[SA22164] Gentoo update for openssh
[SA22146] Exporia "lan" Local File Inclusion Vulnerability
[SA22136] Sun Solaris Kernel SSL Denial of Service Vulnerability
[SA22129] rPath update for openoffice.org
[SA22103] Solaris IPv6 Denial of Service Vulnerability
[SA22101] SUSE update for gzip
[SA22096] Gentoo update for imagemagick
[SA22093] Debian update for kernel-source-2.6.8
[SA22091] OpenSSH Identical Blocks Denial of Service Vulnerability
[SA22087] Mandriva update for webmin
[SA22082] Debian update for kernel-source-2.4.27
[SA22080] SUSE Update for Multiple Packages
[SA22072] cPanel Unspecified Privilege Escalation Vulnerability
[SA22063] NixieAffiliate Multiple Vulnerabilities
[SA22104] Red Hat update for squirrelmail
[SA22097] Gentoo update for gnutls
[SA22084] Debian update for gnutls11 / gnutls13
[SA22060] MySource Cross-Site Scripting and Unauthenticated Proxy
Vulnerability
[SA22057] ELOG Entries Script Insertion Vulnerability
[SA22141] Avaya Modular Messaging X11 libXfont Integer Overflows
[SA22119] IBM AIX "utape" Privilege Escalation Vulnerability
[SA22112] IBM AIX "cfgmgr" Privilege Escalation Vulnerability
[SA22111] IBM AIX slip.login Privilege Escalation Vulnerability
[SA22108] IBM AIX snappd Privilege Escalation Vulnerability
[SA22106] IBM AIX mkvg Privilege Escalation Vulnerability
[SA22105] IBM AIX uucp Privilege Escalation Vulnerability
[SA22102] IBM AIX named8 Privilege Escalation Vulnerability
[SA22099] IBM AIX rdist Privlege Escalation Vulnerability
[SA22098] IBM AIX xlock Buffer Overflow Vulnerability
[SA22079] HP-UX CIFS Server Security Bypass and Privilege Escalation
[SA22062] IBM AIX Inventory Scout Arbitrary File Overwrite
Vulnerability
[SA22083] Sun Solaris "syslog" Denial of Service Vulnerability
[SA22064] FreeBSD "i386_set_ldt()" Integer Overflow / Signedness
Vulnerabilities

Other:


Cross Platform:
[SA22170] Comdev Links Directory "path[docroot]" Parameter File
Inclusion
[SA22169] Comdev Photo Gallery "path[docroot]" Parameter File
Inclusion
[SA22168] Comdev News Publisher "path[docroot]" Parameter File
Inclusion
[SA22163] Blog PixelMotion Multiple Vulnerabilities
[SA22160] Newswriter "NWCONF_SYSTEM[server_path]" File Inclusion
Vulnerability
[SA22157] Comdev Vote Caster "path[docroot]" Parameter File Inclusion
[SA22154] Comdev Customer Helpdesk "path[docroot]" Parameter File
Inclusion
[SA22153] Comdev Web Blogger "path[docroot]" Parameter File Inclusion
[SA22151] Comdev Contact Form "path[docroot]" Parameter File Inclusion
[SA22149] Comdev CSV Importer "path[docroot]" Parameter File Inclusion
[SA22147] Comdev Guestbook "path[docroot]" Parameter File Inclusion
[SA22143] JAF CMS Script Insertion and PHP Code Injection
[SA22135] Comdev FAQ Support "path[docroot]" Parameter File Inclusion
[SA22134] Comdev eCommerce "path[docroot]" Parameter File Inclusion
[SA22133] Comdev Newsletter "path[docroot]" Parameter File Inclusion
[SA22131] Pie Cart Pro Site Builder "Inc_Dir" File Inclusion
Vulnerabilities
[SA22121] PBLang "temppath" Parameter File Inclusion Vulnerability
[SA22120] Comdev Events Calendar "path[docroot]" Parameter File
Inclusion
[SA22115] BrudaNews/BrudaGB "o" Parameter File Inclusion Vulnerability
[SA22113] IM Portal "phpbb_root_path" File Inclusion Vulnerability
[SA22110] Sugar Suite Unspecified Vulnerability
[SA22107] faceStones personal "fsinit[objpath]" Parameter File
Inclusion
[SA22078] Call of Duty "callvote map" Buffer Overflow
[SA22076] WEB//NEWS "WN_BASEDIR" Parameter File Inclusion
[SA22075] Web-News "content_page" File Inclusion Vulnerability
[SA22070] Advanced-Clan-Script "content" File Inclusion Vulnerability
[SA22067] SyntaxCMS "init_path" File Inclusion Vulnerabilities
[SA22061] A-Blog "navigation_start" Parameter File Inclusion
[SA22053] PHPartenaire "url_phpartenaire" File Inclusion Vulnerability
[SA22123] PHP Invoice "home.php" Cross-Site Scripting Vulnerabilities
[SA22122] PhotoStore Cross-Site Scripting Vulnerabilities
[SA22117] eyeOS Cross-Site Scripting Vulnerabilities
[SA22109] Movable Type Search Unspecified Cross-Site Scripting
[SA22092] Opial Audio/Video Download Management Cross-Site Scripting
[SA22077] Jamroom "forgot" Cross-Site Scripting Vulnerability
[SA22071] TYPO3 "Indexed Search" Cross-Site Scripting Vulnerability

=======================================================================5) Vulnerabilities Content Listing

Windows:--

[SA22159] Microsoft Internet Explorer "WebViewFolderIcon" Integer
Overflow

Critical:    Extremely critical
Where:       From remote
Impact:      System access
Released:    2006-09-28

H D Moore has discovered a vulnerability in Microsoft Internet
Explorer, which can be exploited by malicious people to compromise a
user's system.

Full Advisory:
http://secunia.com/advisories/22159/ 

 --

[SA22127] Microsoft PowerPoint Code Execution Vulnerability

Critical:    Extremely critical
Where:       From remote
Impact:      System access
Released:    2006-09-28

A vulnerability has been reported in Microsoft PowerPoint, which can be
exploited by malicious people to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/22127/ 

 --

[SA22052] xweblog "kategori" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2006-09-25

Muhacir has discovered a vulnerability in xweblog, which can be
exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/22052/ 

 --

[SA22058] Plesk filemanager.php Information Disclosure

Critical:    Less critical
Where:       From remote
Impact:      Exposure of system information
Released:    2006-09-25

GuanYu has reported a vulnerability in Plesk, which potentially can be
exploited by malicious users to disclose certain information.

Full Advisory:
http://secunia.com/advisories/22058/ 

 --

[SA22073] CA eTrust Audit Event Alerting System Missing Authentication

Critical:    Less critical
Where:       From local network
Impact:      Security Bypass
Released:    2006-09-22

A vulnerability has been reported in CA eTrust Audit, which can be
exploited by malicious people to bypass certain security restrictions.

Full Advisory:
http://secunia.com/advisories/22073/ 


UNIX/Linux:--

[SA22100] Gentoo update for tikiwiki

Critical:    Highly critical
Where:       From remote
Impact:      Cross Site Scripting, System access
Released:    2006-09-27

Gentoo has issued an update for tikiwiki. This fixes some
vulnerabilities, which can be exploited by malicious people to conduct
cross-site scripting attacks and compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/22100/ 

 --

[SA22090] HP-UX update for Kerberos

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2006-09-26

HP has issued an update for Kerberos. This fixes a vulnerability, which
can be exploited by malicious people to cause a DoS (Denial of Service)
or potentially compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/22090/ 

 --

[SA22089] Avaya Products wireshark Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2006-09-25

Avaya has acknowledged some vulnerabilities in various products, which
can be exploited by malicious people to cause a DoS (Denial of Service)
and potentially compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/22089/ 

 --

[SA22088] Mandriva update for mozilla-thunderbird

Critical:    Highly critical
Where:       From remote
Impact:      Security Bypass, DoS, System access
Released:    2006-09-26

Mandriva has issued an update for mozilla-thunderbird. This fixes some
vulnerabilities, which can be exploited by malicious people to conduct
man-in-the-middle attacks, bypass certain security restrictions, and
potentially compromise a user's system.

Full Advisory:
http://secunia.com/advisories/22088/ 

 --

[SA22085] Gentoo update for gzip

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2006-09-25

Gentoo has issued an update for gzip. This fixes some vulnerabilities,
which can be exploited by malicious people to cause a DoS (Denial of
Service) and potentially compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/22085/ 

 --

[SA22074] Ubuntu update for mozilla-thunderbird

Critical:    Highly critical
Where:       From remote
Impact:      Security Bypass, DoS, System access
Released:    2006-09-25

Ubuntu has issued an update for mozilla-thunderbird. This fixes some
vulnerabilities, which can be exploited by malicious people to conduct
man-in-the-middle attacks, bypass certain security restrictions, and
potentially compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/22074/ 

 --

[SA22069] Red Hat update for php

Critical:    Highly critical
Where:       From remote
Impact:      Security Bypass, System access
Released:    2006-09-22

Red Hat has issued an update for php. This fixes some vulnerabilities,
which can be exploited by malicious, local users to bypass certain
security restrictions, and by malicious people to potentially
compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/22069/ 

 --

[SA22068] Apple Airport Buffer Overflow and Integer Overflow
Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2006-09-22

Some vulnerabilities have been reported in AirPort, which can be
exploited by malicious people to cause a DoS (Denial of Service) or to
compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/22068/ 

 --

[SA22066] HP-UX update for firefox

Critical:    Highly critical
Where:       From remote
Impact:      Cross Site Scripting, Spoofing, Exposure of sensitive
information, DoS, System access
Released:    2006-09-22

HP has issued an update for firefox. This fixes some vulnerabilities,
which can be exploited by malicious people to bypass certain security
restrictions, gain knowledge of potentially sensitive information,
conduct cross-site scripting, phishing, and HTTP response smuggling
attacks, or compromise a user's system.

Full Advisory:
http://secunia.com/advisories/22066/ 

 --

[SA22065] HP-UX update for thunderbird

Critical:    Highly critical
Where:       From remote
Impact:      Security Bypass, Cross Site Scripting, Spoofing, Exposure
of system information, Exposure of sensitive information, DoS, System
access
Released:    2006-09-22

HP has issued an update for thunderbird. This fixes some
vulnerabilities, which can be exploited by malicious people to bypass
certain security restrictions, gain knowledge of potentially sensitive
information, conduct cross-site scripting, HTTP response smuggling, and
phishing attacks, or compromise a user's system.

Full Advisory:
http://secunia.com/advisories/22065/ 

 --

[SA22056] SUSE updates for MozillaFirefox, MozillaThunderbird, and
seamonkey

Critical:    Highly critical
Where:       From remote
Impact:      Security Bypass, Cross Site Scripting, Spoofing, DoS,
System access
Released:    2006-09-25

SUSE has issued updates for MozillaFirefox, MozillaThunderbird, and
seamonkey. These fix some vulnerabilities, which can be exploited by
malicious people to bypass certain security restrictions,  conduct
man-in-the-middle, spoofing, and cross-site scripting attacks, and
potentially compromise a user's system.

Full Advisory:
http://secunia.com/advisories/22056/ 

 --

[SA22055] Ubuntu update for mozilla-thunderbird

Critical:    Highly critical
Where:       From remote
Impact:      Security Bypass, Cross Site Scripting, DoS, System access
Released:    2006-09-22

Ubuntu has issued an update for mozilla-thunderbird. This fixes some
vulnerabilities, which can be exploited by malicious people to conduct
man-in-the-middle and cross-site scripting attacks, bypass certain
security restrictions and compromise a user's system.

Full Advisory:
http://secunia.com/advisories/22055/ 

 --

[SA22054] SUSE update for flash-player

Critical:    Highly critical
Where:       From remote
Impact:      Security Bypass, Cross Site Scripting, DoS, System access
Released:    2006-09-21

SUSE has issued an update for flash-player. This fixes some
vulnerabilities, which can be exploited by malicious people to bypass
certain security restrictions or compromise a user's system.

Full Advisory:
http://secunia.com/advisories/22054/ 

 --

[SA22174] Avaya Products Linux Kernel Multiple Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Privilege escalation, DoS
Released:    2006-09-28

Avaya has acknowledged some vulnerabilities in various Avaya products,
which can be exploited by malicious, local users to cause a DoS or gain
escalated privileges and by malicious people to cause a DoS.

Full Advisory:
http://secunia.com/advisories/22174/ 

 --

[SA22164] Gentoo update for openssh

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2006-09-28

Gentoo has issued an update for openssh. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/22164/ 

 --

[SA22146] Exporia "lan" Local File Inclusion Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Exposure of sensitive information
Released:    2006-09-27

Root3r_H3ll has discovered a vulnerability in Exporia, which can be
exploited by malicious people to disclose potentially sensitive
information.

Full Advisory:
http://secunia.com/advisories/22146/ 

 --

[SA22136] Sun Solaris Kernel SSL Denial of Service Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2006-09-27

A vulnerability has been reported in Sun Solaris, which can be
exploited by malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/22136/ 

 --

[SA22129] rPath update for openoffice.org

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2006-09-27

rPath has issued an update for openoffice.org. This fixes some
vulnerabilities, which can be exploited by malicious people to
compromise a user's system.

Full Advisory:
http://secunia.com/advisories/22129/ 

 --

[SA22103] Solaris IPv6 Denial of Service Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2006-09-26

A vulnerability has been reported in Sun Solaris, which can be
exploited by malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/22103/ 

 --

[SA22101] SUSE update for gzip

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2006-09-27

SUSE has issued an update for gzip. This fixes some vulnerabilities,
which can be exploited by malicious people to cause a DoS (Denial of
Service) and potentially compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/22101/ 

 --

[SA22096] Gentoo update for imagemagick

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2006-09-27

Gentoo has issued an update for imagemagick. This fixes some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service) or potentially compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/22096/ 

 --

[SA22093] Debian update for kernel-source-2.6.8

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass, Exposure of sensitive information,
Privilege escalation, DoS
Released:    2006-09-26

Debian has issued an update for kernel-source-2.6.8. This fixes some
vulnerabilities, which can be exploited by malicious, local users to
gain knowledge of potentially sensitive information, bypass certain
security restriction, and cause a DoS (Denial of Service), and
malicious people to cause a DoS.

Full Advisory:
http://secunia.com/advisories/22093/ 

 --

[SA22091] OpenSSH Identical Blocks Denial of Service Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2006-09-26

Tavis Ormandy has reported a vulnerability in OpenSSH, which can be
exploited by malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/22091/ 

 --

[SA22087] Mandriva update for webmin

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting, Exposure of sensitive information
Released:    2006-09-26

Mandriva has issued an update for webmin. This fixes some
vulnerabilities, which can be exploited by malicious people to conduct
cross-site scripting attacks and disclose potentially sensitive
information.

Full Advisory:
http://secunia.com/advisories/22087/ 

 --

[SA22082] Debian update for kernel-source-2.4.27

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2006-09-25

Debian has issued an update for the kernel. This fixes some
vulnerabilities, which can be exploited by malicious, local users to
gain escalated privileges and cause a DoS (Denial of Service), and by
malicious people to cause a DoS.

Full Advisory:
http://secunia.com/advisories/22082/ 

 --

[SA22080] SUSE Update for Multiple Packages

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass, Manipulation of data, Exposure of
sensitive information, Privilege escalation, DoS, System access
Released:    2006-09-28

SUSE has issued an update for multiple packages. These fix some
vulnerabilities, which can be exploited by malicious, local users to
gain escalated privileges, by malicious users to bypass certain
security restrictions, gain escalated privileges, and disclose or
manipulate potentially sensitive data, or by malicious people to bypass
certain security restrictions, cause a DoS (Denial of Service), and
potentially compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/22080/ 

 --

[SA22072] cPanel Unspecified Privilege Escalation Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Privilege escalation
Released:    2006-09-25

A vulnerability has been reported in cPanel, which can be exploited by
malicious users to gain escalated privileges.

Full Advisory:
http://secunia.com/advisories/22072/ 

 --

[SA22063] NixieAffiliate Multiple Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass, Cross Site Scripting, Manipulation of
data
Released:    2006-09-22

s3rv3r_hack3r has reported some vulnerabilities in NixieAffiliate,
which can be exploited by malicious people to bypass certain security
restrictions and conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/22063/ 

 --

[SA22104] Red Hat update for squirrelmail

Critical:    Less critical
Where:       From remote
Impact:      Manipulation of data, Exposure of sensitive information
Released:    2006-09-27

Red Hat has issued an update for squirrelmail. This fixes some
vulnerabilities, which can be exploited by malicious users to disclose
or manipulate sensitive information.

Full Advisory:
http://secunia.com/advisories/22104/ 

 --

[SA22097] Gentoo update for gnutls

Critical:    Less critical
Where:       From remote
Impact:      Security Bypass
Released:    2006-09-27

Gentoo has issued an update for gnutls. This fixes a vulnerability,
which can be exploited by malicious people to bypass certain security
restrictions.

Full Advisory:
http://secunia.com/advisories/22097/ 

 --

[SA22084] Debian update for gnutls11 / gnutls13

Critical:    Less critical
Where:       From remote
Impact:      Security Bypass
Released:    2006-09-25

Debian has issued updates for gnutls11 and gnutls13. These fix a
vulnerability, which can be exploited by malicious people to bypass
certain security restrictions.

Full Advisory:
http://secunia.com/advisories/22084/ 

 --

[SA22060] MySource Cross-Site Scripting and Unauthenticated Proxy
Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Security Bypass, Cross Site Scripting
Released:    2006-09-26

Patrick Webster has reported a vulnerability in MySource, which can be
exploited by malicious people to bypass certain security restrictions
and conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/22060/ 

 --

[SA22057] ELOG Entries Script Insertion Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2006-09-25

Tilman Koschnick has reported a vulnerability in ELOG, which can be
exploited by malicious people to conduct script insertion attacks.

Full Advisory:
http://secunia.com/advisories/22057/ 

 --

[SA22141] Avaya Modular Messaging X11 libXfont Integer Overflows

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2006-09-28

Avaya has acknowledged some vulnerabilities in Avaya Modular Messaging,
which can be exploited by malicious, local users to gain escalated
privileges.

Full Advisory:
http://secunia.com/advisories/22141/ 

 --

[SA22119] IBM AIX "utape" Privilege Escalation Vulnerability

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2006-09-26

Two vulnerabilities has been reported in IBM AIX, which can be
exploited by malicious, local users to gain escalated privileges.

Full Advisory:
http://secunia.com/advisories/22119/ 

 --

[SA22112] IBM AIX "cfgmgr" Privilege Escalation Vulnerability

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2006-09-26

Two vulnerabilities have been reported in IBM AIX, which can be
exploited by malicious, local users to gain escalated privileges.

Full Advisory:
http://secunia.com/advisories/22112/ 

 --

[SA22111] IBM AIX slip.login Privilege Escalation Vulnerability

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2006-09-26

A vulnerability has been reported in IBM AIX, which can be exploited by
malicious, local users to gain escalated privileges.

Full Advisory:
http://secunia.com/advisories/22111/ 

 --

[SA22108] IBM AIX snappd Privilege Escalation Vulnerability

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2006-09-26

A vulnerability has been reported in IBM AIX, which can be exploited by
malicious, local users to gain escalated privileges.

Full Advisory:
http://secunia.com/advisories/22108/ 

 --

[SA22106] IBM AIX mkvg Privilege Escalation Vulnerability

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2006-09-26

A vulnerability has been reported in IBM AIX, which can be exploited by
malicious, local users to gain escalated privileges.

Full Advisory:
http://secunia.com/advisories/22106/ 

 --

[SA22105] IBM AIX uucp Privilege Escalation Vulnerability

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2006-09-26

A vulnerability has been reported in IBM AIX, which can be exploited by
malicious, local users to gain escalated privileges.

Full Advisory:
http://secunia.com/advisories/22105/ 

 --

[SA22102] IBM AIX named8 Privilege Escalation Vulnerability

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2006-09-26

A vulnerability has been reported in IBM AIX, which can be exploited by
malicious, local users to gain escalated privileges.

Full Advisory:
http://secunia.com/advisories/22102/ 

 --

[SA22099] IBM AIX rdist Privlege Escalation Vulnerability

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2006-09-26

A vulnerability has been reported in IBM AIX, which can be exploited by
malicious, local users to gain escalated privileges.

Full Advisory:
http://secunia.com/advisories/22099/ 

 --

[SA22098] IBM AIX xlock Buffer Overflow Vulnerability

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2006-09-26

A vulnerability has been reported in IBM AIX, which can be exploited by
malicious, local users to gain escalated privileges.

Full Advisory:
http://secunia.com/advisories/22098/ 

 --

[SA22079] HP-UX CIFS Server Security Bypass and Privilege Escalation

Critical:    Less critical
Where:       Local system
Impact:      Security Bypass, Privilege escalation
Released:    2006-09-26

A vulnerability has been reported in HP-UX, which can be exploited by
malicious, local users to bypass certain security restrictions or to
gain escalated privileges.

Full Advisory:
http://secunia.com/advisories/22079/ 

 --

[SA22062] IBM AIX Inventory Scout Arbitrary File Overwrite
Vulnerability

Critical:    Less critical
Where:       Local system
Impact:      Manipulation of data
Released:    2006-09-26

A vulnerability has been reported in IBM AIX, which can be exploited by
malicious, local users to perform certain actions with escalated
privileges.

Full Advisory:
http://secunia.com/advisories/22062/ 

 --

[SA22083] Sun Solaris "syslog" Denial of Service Vulnerability

Critical:    Not critical
Where:       Local system
Impact:      DoS
Released:    2006-09-26

A vulnerability has been reported in Sun Solaris, which can be
exploited by malicious, local users to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/22083/ 

 --

[SA22064] FreeBSD "i386_set_ldt()" Integer Overflow / Signedness
Vulnerabilities

Critical:    Not critical
Where:       Local system
Impact:      DoS
Released:    2006-09-26

Some vulnerabilities have been reported in FreeBSD, which can be
exploited by malicious, local users to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/22064/ 


Other:


Cross Platform:--

[SA22170] Comdev Links Directory "path[docroot]" Parameter File
Inclusion

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2006-09-28

rUnViRuS has discovered a vulnerability in Comdev Links Directory,
which can be exploited by malicious people to compromise a vulnerable
system.

Full Advisory:
http://secunia.com/advisories/22170/ 

 --

[SA22169] Comdev Photo Gallery "path[docroot]" Parameter File
Inclusion

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2006-09-28

rUnViRuS has discovered a vulnerability in Comdev Photo Gallery, which
can be exploited by malicious people to compromise a vulnerable
system.

Full Advisory:
http://secunia.com/advisories/22169/ 

 --

[SA22168] Comdev News Publisher "path[docroot]" Parameter File
Inclusion

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2006-09-28

rUnViRuS has discovered a vulnerability in Comdev News Publisher, which
can be exploited by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/22168/ 

 --

[SA22163] Blog PixelMotion Multiple Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      Security Bypass, Manipulation of data, System access
Released:    2006-09-28

DarkFig has reported some vulnerabilities in Blog PixelMotion, which
can be exploited by malicious people to bypass certain security
restrictions and compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/22163/ 

 --

[SA22160] Newswriter "NWCONF_SYSTEM[server_path]" File Inclusion
Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2006-09-28

A vulnerability has been reported in Newswriter, which can be exploited
by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/22160/ 

 --

[SA22157] Comdev Vote Caster "path[docroot]" Parameter File Inclusion

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2006-09-28

rUnViRuS has discovered a vulnerability in Comdev Vote Caster, which
can be exploited by malicious people to compromise a vulnerable
system.

Full Advisory:
http://secunia.com/advisories/22157/ 

 --

[SA22154] Comdev Customer Helpdesk "path[docroot]" Parameter File
Inclusion

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2006-09-28

rUnViRuS has reported a vulnerability in Comdev Customer Helpdesk,
which can be exploited by malicious people to compromise a vulnerable
system.

Full Advisory:
http://secunia.com/advisories/22154/ 

 --

[SA22153] Comdev Web Blogger "path[docroot]" Parameter File Inclusion

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2006-09-28

rUnViRuS has reported a vulnerability in Comdev Web Blogger, which can
be exploited by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/22153/ 

 --

[SA22151] Comdev Contact Form "path[docroot]" Parameter File Inclusion

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2006-09-28

rUnViRuS has reported a vulnerability in Comdev Contact Form, which can
be exploited by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/22151/ 

 --

[SA22149] Comdev CSV Importer "path[docroot]" Parameter File Inclusion

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2006-09-28

rUnViRuS has reported a vulnerability in Comdev CSV Importer, which can
be exploited by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/22149/ 

 --

[SA22147] Comdev Guestbook "path[docroot]" Parameter File Inclusion

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2006-09-28

rUnViRuS has reported a vulnerability in Comdev Guestbook, which can be
exploited by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/22147/ 

 --

[SA22143] JAF CMS Script Insertion and PHP Code Injection

Critical:    Highly critical
Where:       From remote
Impact:      Cross Site Scripting, System access
Released:    2006-09-27

NanoyMaster has discovered some vulnerabilities in JAF CMS, which can
be exploited by malicious people to conduct script insertion attacks
and compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/22143/ 

 --

[SA22135] Comdev FAQ Support "path[docroot]" Parameter File Inclusion

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2006-09-28

rUnViRuS has discovered a vulnerability in Comdev FAQ Support, which
can be exploited by malicious people to compromise a vulnerable
system.

Full Advisory:
http://secunia.com/advisories/22135/ 

 --

[SA22134] Comdev eCommerce "path[docroot]" Parameter File Inclusion

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2006-09-28

rUnViRuS has discovered a vulnerability in Comdev eCommerce, which can
be exploited by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/22134/ 

 --

[SA22133] Comdev Newsletter "path[docroot]" Parameter File Inclusion

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2006-09-28

rUnViRuS has discovered a vulnerability in Comdev Newsletter, which can
be exploited by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/22133/ 

 --

[SA22131] Pie Cart Pro Site Builder "Inc_Dir" File Inclusion
Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2006-09-27

SnIpEr_SA has reported some vulnerabilities in Pie Cart Pro Site
Builder, which can be exploited by malicious people to compromise a
vulnerable system.

Full Advisory:
http://secunia.com/advisories/22131/ 

 --

[SA22121] PBLang "temppath" Parameter File Inclusion Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2006-09-26

SHiKaA has discovered a vulnerability in PBLang, which can be exploited
by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/22121/ 

 --

[SA22120] Comdev Events Calendar "path[docroot]" Parameter File
Inclusion

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2006-09-28

rUnViRuS has discovered a vulnerability in Comdev Events Calendar,
which can be exploited by malicious people to compromise a vulnerable
system.

Full Advisory:
http://secunia.com/advisories/22120/ 

 --

[SA22115] BrudaNews/BrudaGB "o" Parameter File Inclusion Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2006-09-26

SHiKaA has discovered a vulnerability in BrudaNews and BrudaGB, which
can be exploited by malicious people to compromise a vulnerable
system.

Full Advisory:
http://secunia.com/advisories/22115/ 

 --

[SA22113] IM Portal "phpbb_root_path" File Inclusion Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2006-09-26

SHiKaA has discovered a vulnerability in IM Portal, which can be
exploited by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/22113/ 

 --

[SA22110] Sugar Suite Unspecified Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2006-09-26

A vulnerability has been reported in Sugar Suite, which potentially can
be exploited by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/22110/ 

 --

[SA22107] faceStones personal "fsinit[objpath]" Parameter File
Inclusion

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2006-09-26

SHiKaA has discovered a vulnerability in faceStones personal, which can
be exploited by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/22107/ 

 --

[SA22078] Call of Duty "callvote map" Buffer Overflow

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2006-09-25

A vulnerability has been reported in Call of Duty, Call of Duty United
Offensive, and Call of Duty 2, which can be exploited by malicious
people to cause a DoS (Denial of Service) and potentially compromise a
vulnerable system.

Full Advisory:
http://secunia.com/advisories/22078/ 

 --

[SA22076] WEB//NEWS "WN_BASEDIR" Parameter File Inclusion

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2006-09-27

ThE-WoLf-KsA has discovered a vulnerability in WEB//NEWS, which can be
exploited by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/22076/ 

 --

[SA22075] Web-News "content_page" File Inclusion Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2006-09-25

Drago84 has discovered a vulnerability in Web-News, which can be
exploited by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/22075/ 

 --

[SA22070] Advanced-Clan-Script "content" File Inclusion Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2006-09-25

xdh has discovered a vulnerability in Advanced-Clan-Script, which can
be exploited by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/22070/ 

 --

[SA22067] SyntaxCMS "init_path" File Inclusion Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2006-09-25

Some vulnerabilities have been reported in SyntaxCMS, which can be
exploited by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/22067/ 

 --

[SA22061] A-Blog "navigation_start" Parameter File Inclusion

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2006-09-27

Drago84 has discovered a vulnerability in A-Blog, which can be
exploited by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/22061/ 

 --

[SA22053] PHPartenaire "url_phpartenaire" File Inclusion Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2006-09-22

DaDIsS has reported a vulnerability in PHPartenaire, which can be
exploited by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/22053/ 

 --

[SA22123] PHP Invoice "home.php" Cross-Site Scripting Vulnerabilities

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2006-09-27

Some vulnerabilities have been reported in PHP Invoice, which can be
exploited by malicious people to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/22123/ 

 --

[SA22122] PhotoStore Cross-Site Scripting Vulnerabilities

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2006-09-26

meto5757 has reported two vulnerabilities in PhotoStore, which can be
exploited by malicious people to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/22122/ 

 --

[SA22117] eyeOS Cross-Site Scripting Vulnerabilities

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2006-09-26

Some vulnerabilities have been reported in eyeOS, which can be
exploited by malicious people to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/22117/ 

 --

[SA22109] Movable Type Search Unspecified Cross-Site Scripting

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2006-09-26

Arai has reported a vulnerability in Movable Type and Movable Type
Enterprise, which can be exploited by malicious people to conduct
cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/22109/ 

 --

[SA22092] Opial Audio/Video Download Management Cross-Site Scripting

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2006-09-26

meto5757 has reported a vulnerability in Opial Audio/Video Download
Management, which can be exploited by malicious people to conduct
cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/22092/ 

 --

[SA22077] Jamroom "forgot" Cross-Site Scripting Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2006-09-25

meto5757 has discovered a vulnerability in Jamroom, which can be
exploited by malicious people to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/22077/ 

 --

[SA22071] TYPO3 "Indexed Search" Cross-Site Scripting Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2006-09-26

A vulnerability has been reported in TYPO3, which can be exploited by
malicious people to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/22071/ 



=======================================================================
Secunia recommends that you verify all advisories you receive,
by clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only use
those supplied by the vendor.

Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/ 

Subscribe:
http://secunia.com/secunia_weekly_summary/ 

Contact details:
Web	: http://secunia.com/ 
E-mail	: support@secunia.com 
Tel	: +45 70 20 51 44
Fax	: +45 70 20 51 45



_________________________________
Visit the InfoSec News store!
http://www.shopinfosecnews.org 

Site design & layout copyright © 1986-2014 CodeGods