AOH :: ISN-3222.HTM

Secunia Weekly Summary - Issue: 2006-44




Secunia Weekly Summary - Issue: 2006-44
Secunia Weekly Summary - Issue: 2006-44



=======================================================================
                  The Secunia Weekly Advisory Summary                  
                        2006-10-26 - 2006-11-02                        

                       This week: 67 advisories                        

=======================================================================Table of Contents:

1.....................................................Word From Secunia
2....................................................This Week In Brief
3...............................This Weeks Top Ten Most Read Advisories
4.......................................Vulnerabilities Summary Listing
5.......................................Vulnerabilities Content Listing

=======================================================================1) Word From Secunia:

We are proud to announce the availability of the Secunia "Security
Watchdog" Blog.

The Secunia "Security Watchdog" Blog is used to communicate our
opinions about vulnerabilities, security, ethics, and our responses to
articles, research papers, and other blog entries regarding Secunia
and vulnerabilities.

To get the facts about vulnerabilities read our Secunia advisories. To
get our opinions read the Secunia "Security Watchdog" Blog.

The Blog:
http://secunia.com/blog/ 

Subscribe to the RSS Feed:
http://secunia.com/blog_rss/o.rss 

=======================================================================2) This Week in Brief:

A vulnerability has been reported in Microsoft Visual Studio, which can
be exploited by malicious people to compromise a user's system.

The vulnerability is reported in Microsoft Visual Studio 2005.

NOTE: The vulnerability is already being actively exploited.

Reference:
http://secunia.com/SA22603 

 --
 
A 2 year old vulnerability has been discovered in Internet Explorer 7,
which can be exploited by malicious people to spoof the content of
websites.

Secunia has constructed a test, which can be used to check if your
browser is affected by this issue:
http://secunia.com/multiple_browsers_window_injection_vulnerability_test/ 

Secunia has been confirmed the vulnerability on a fully patched system
with Internet Explorer 7.0 and Microsoft Windows XP SP2.

Reference:
http://secunia.com/SA22628 

 --

VIRUS ALERTS:

During the past week Secunia collected 175 virus descriptions from the
Antivirus vendors. However, none were deemed MEDIUM risk or higher
according to the Secunia assessment scale.

=======================================================================3) This Weeks Top Ten Most Read Advisories:

1.  [SA22542] Internet Explorer 7 Popup Address Bar Spoofing Weakness
2.  [SA22477] Internet Explorer 7 "mhtml:" Redirection Information
              Disclosure
3.  [SA22628] Internet Explorer 7 Window Injection Vulnerability
4.  [SA19738] Internet Explorer "mhtml:" Redirection Disclosure of
              Sensitive Information
5.  [SA21910] Internet Explorer daxctle.ocx "KeyFrame()" Method
              Vulnerability
6.  [SA22603] Microsoft Visual Studio WMI Object Broker ActiveX Control
              Code Execution
7.  [SA13129] Mozilla / Mozilla Firefox Window Injection Vulnerability
8.  [SA22580] Winamp Lyrics3 and Ultravox Processing Buffer Overflows
9.  [SA20153] Microsoft Word Malformed Object Pointer Vulnerability
10. [SA22592] Microsoft Windows Internet Connection Sharing Denial of
              Service

=======================================================================4) Vulnerabilities Summary Listing

Windows:
[SA22603] Microsoft Visual Studio WMI Object Broker ActiveX Control
Code Execution
[SA22666] BlooMooWeb ActiveX Control Two Insecure Methods
[SA22628] Internet Explorer 7 Window Injection Vulnerability
[SA22607] Hosting Controller Multiple Vulnerabilities
[SA22598] Techno Dreams Announcement "key" SQL Injection Vulnerability
[SA22600] Techno Dreams Guestbook "key" SQL Injection Vulnerability
[SA22592] Microsoft Windows Internet Connection Sharing Denial of
Service

UNIX/Linux:
[SA22639] SUSE Update for Multiple Packages
[SA22680] Ubuntu update for wvWare
[SA22672] rPath update for tshark and wireshark
[SA22669] HP-UX VirtualVault / Webproxy Apache Multiple
Vulnerabilities
[SA22661] HP Tru64 UNIX gzip Multiple Vulnerabilities
[SA22659] Debian update for ethereal
[SA22651] Gentoo update for asterisk
[SA22650] Gentoo update for php
[SA22645] Debian update for qt-x11-free
[SA22643] Gentoo update for cheesetracker
[SA22604] Mandriva update for ImageMagick
[SA22601] Ubuntu update for imagemagick
[SA22641] Mandriva update for xsupplicant
[SA22637] OpenPBS Unspecified Vulnerabilities
[SA22612] Xsupplicant  "eap_do_notify()" Buffer Overflow Vulnerability
[SA22663] Sun Java System Messenger Express "error" Cross-Site
Scripting
[SA22662] Apple Xcode GDB "DWARF" Buffer Overflow
[SA22649] Ubuntu update for screen
[SA22624] Ubuntu update for Ruby
[SA22615] Mandriva update for ruby
[SA22611] Mandriva update for screen
[SA22642] libX11 XCOMPOSEFILE File Descriptor Leak
[SA22614] Mandriva update for mono
[SA22609] IBM Informix Products Insecure Permissions and Temporary File
Creation
[SA22636] Trustix update for postgresql
[SA22606] Mandriva update for postgresql
[SA22686] Ubuntu update for mutt
[SA22665] Linux Kernel IPv6 Flow Label Denial of Service
[SA22640] Mandriva update for mutt
[SA22613] Mutt Insecure Temporary File Creation Weaknesses

Other:
[SA22626] SnapGear Multiple Vulnerabilities

Cross Platform:
[SA22644] phpProfiles "reqpath" and "usrinc" File Inclusions
[SA22632] MiniBILL "config[page_dir]" File Inclusion Vulnerability
[SA22630] phpBB Spider Friendly Module "phpbb_root_path" File Inclusion
Vulnerability
[SA22627] N/X WCMS "c[path]" File Inclusion Vulnerability
[SA22623] QnECMS "adminfolderpath" File Inclusion Vulnerabilities
[SA22622] PunBB "language" Parameter Local File Inclusion
[SA22621] Faq Administrator "email" File Inclusion Vulnerability
[SA22618] Simple Website Software "SWSDIR" File Inclusion
Vulnerability
[SA22608] P-Book "pb_lang" File Inclusion Vulnerabilities
[SA22605] mp3SDS "fullpath" File Inclusion Vulnerability
[SA22597] Free Image Hosting "AD_BODY_TEMP" File Inclusion
Vulnerability
[SA22596] miniBB "pathToFiles" File Inclusion Vulnerability
[SA22594] Free File Hosting "AD_BODY_TEMP" File Inclusion
Vulnerabilities
[SA22683] WordPress Unspecified Vulnerabilities
[SA22657] Novell iManager Tomcat Denial Of Service Vulnerability
[SA22646] Sun ONE/Java System Web Server NSS Denial of Service
[SA22635] Sophos Anti-Virus Petite Plugin Denial of Service
Vulnerability
[SA22631] E-Annu "login" SQL Injection Vulnerability
[SA22620] PHPMyRing "cherche.php" SQL Injection Vulnerabilities
[SA22617] PHP-Nuke "forwhat" SQL Injection Vulnerability
[SA22616] PHPEasyData Pro "cat" SQL Injection Vulnerability
[SA22610] Netref "ad_direct" Local File Inclusion Vulnerability
[SA22602] Easy File Sharing Web Server Multiple Vulnerabilities
[SA22595] wvWare Multiple Integer Overflow Vulnerabilities
[SA22648] foresite CMS "query" Cross-Site Scripting Vulnerability
[SA22629] phpFaber CMS "htmlarea.php" Cross-Site Scripting
Vulnerability
[SA22625] Coppermine Photo Gallery "aid" SQL Injection Vulnerability
[SA22599] phpMyAdmin Unspecified UTF-7 Cross-Site Scripting
Vulnerability
[SA22660] Novell eDirectory NMAS Denial Of Service Vulnerability

=======================================================================5) Vulnerabilities Content Listing

Windows:--

[SA22603] Microsoft Visual Studio WMI Object Broker ActiveX Control
Code Execution

Critical:    Extremely critical
Where:       From remote
Impact:      System access
Released:    2006-11-01

A vulnerability has been reported in Microsoft Visual Studio, which can
be exploited by malicious people to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/22603/ 

 --

[SA22666] BlooMooWeb ActiveX Control Two Insecure Methods

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2006-11-01

Max Gipehtykrop has discovered two vulnerabilities in BlooMooWeb's
ActiveX control, which can be exploited by malicious people to
compromise a user's system.

Full Advisory:
http://secunia.com/advisories/22666/ 

 --

[SA22628] Internet Explorer 7 Window Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Spoofing
Released:    2006-10-30

A vulnerability has been discovered in Internet Explorer 7, which can
be exploited by malicious people to spoof the content of websites.

Full Advisory:
http://secunia.com/advisories/22628/ 

 --

[SA22607] Hosting Controller Multiple Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass, Manipulation of data
Released:    2006-11-01

Soroush Dalili has reported some vulnerabilities in Hosting Controller,
which can be exploited by malicious people to bypass certain security
restrictions and to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/22607/ 

 --

[SA22598] Techno Dreams Announcement "key" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2006-10-31

ajann has reported a vulnerability in Techno Dreams Announcement, which
can be exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/22598/ 

 --

[SA22600] Techno Dreams Guestbook "key" SQL Injection Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Manipulation of data
Released:    2006-10-31

ajann has reported a vulnerability in Techno Dreams Guestbook, which
can be exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/22600/ 

 --

[SA22592] Microsoft Windows Internet Connection Sharing Denial of
Service

Critical:    Less critical
Where:       From local network
Impact:      DoS
Released:    2006-10-30

h07 has discovered a vulnerability in Microsoft Windows, which can be
exploited by malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/22592/ 


UNIX/Linux:--

[SA22639] SUSE Update for Multiple Packages

Critical:    Highly critical
Where:       From remote
Impact:      Cross Site Scripting, DoS, System access
Released:    2006-10-30

SUSE has issued an update for multiple packages. These fix some
vulnerabilities, which can be exploited by malicious, local users to
compromise a vulnerable system, or by malicious people to conduct
cross-site scripting and phishing attacks, cause a DoS (Denial of
Service), or compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/22639/ 

 --

[SA22680] Ubuntu update for wvWare

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2006-11-02

Ubuntu has issued an update for wvWare. This fixes some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service) and potentially compromise a vulnerable
system.

Full Advisory:
http://secunia.com/advisories/22680/ 

 --

[SA22672] rPath update for tshark and wireshark

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2006-11-02

rPath has issued an update for tshark and wireshark. This fixes some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/22672/ 

 --

[SA22669] HP-UX VirtualVault / Webproxy Apache Multiple
Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting, DoS, System access
Released:    2006-11-02

HP has acknowledged some vulnerabilities in VirtualVault and Webproxy,
which can be exploited by malicious people to conduct cross-site
scripting attacks, cause a DoS (Denial of Service), or to compromise a
vulnerable system.

Full Advisory:
http://secunia.com/advisories/22669/ 

 --

[SA22661] HP Tru64 UNIX gzip Multiple Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2006-10-31

HP has acknowledged some vulnerabilities in HP Tru64 Unix, which can be
exploited by malicious people to cause a DoS (Denial of Service) and
potentially compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/22661/ 

 --

[SA22659] Debian update for ethereal

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2006-11-01

Debian has issued an update for ethereal. This fixes some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/22659/ 

 --

[SA22651] Gentoo update for asterisk

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2006-10-31

Gentoo has issued an update for asterisk. This fixes some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service) and potentially compromise a vulnerable
system.

Full Advisory:
http://secunia.com/advisories/22651/ 

 --

[SA22650] Gentoo update for php

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2006-10-31

Gentoo has issued an update in php. This fixes a vulnerability, which
can be exploited by malicious people to cause a DoS (Denial of Service)
or potentially compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/22650/ 

 --

[SA22645] Debian update for qt-x11-free

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2006-10-31

Debian has issue an update for qt-x11-free. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service) and potentially compromise an application using the library.

Full Advisory:
http://secunia.com/advisories/22645/ 

 --

[SA22643] Gentoo update for cheesetracker

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2006-10-31

Gentoo has issued an update for cheesetracker. This fixes a
vulnerability, which can be exploited by malicious people to compromise
a vulnerable system.

Full Advisory:
http://secunia.com/advisories/22643/ 

 --

[SA22604] Mandriva update for ImageMagick

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2006-10-31

Mandriva has issued an update for ImageMagick. This fixes some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service) and potentially compromise a vulnerable
system.

Full Advisory:
http://secunia.com/advisories/22604/ 

 --

[SA22601] Ubuntu update for imagemagick

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2006-11-02

Ubuntu has issued an update for imagemagick. This fixes some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service) and potentially compromise a vulnerable
system.

Full Advisory:
http://secunia.com/advisories/22601/ 

 --

[SA22641] Mandriva update for xsupplicant

Critical:    Moderately critical
Where:       From local network
Impact:      System access
Released:    2006-10-30

Mandriva has issued an update for xsupplicant. This fixes a
vulnerability, which potentially can be exploited by malicious people
to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/22641/ 

 --

[SA22637] OpenPBS Unspecified Vulnerabilities

Critical:    Moderately critical
Where:       From local network
Impact:      System access
Released:    2006-10-30

Some vulnerabilities have been reported in OpenPBS, which can be
exploited by malicious, local users and malicious people to potentially
compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/22637/ 

 --

[SA22612] Xsupplicant  "eap_do_notify()" Buffer Overflow Vulnerability

Critical:    Moderately critical
Where:       From local network
Impact:      System access
Released:    2006-10-30

A vulnerability has been reported in Xsupplicant, which potentially can
be exploited by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/22612/ 

 --

[SA22663] Sun Java System Messenger Express "error" Cross-Site
Scripting

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2006-10-31

Handrix has reported a vulnerability in Sun Java System Messenger
Express, which can be exploited by malicious people to conduct
cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/22663/ 

 --

[SA22662] Apple Xcode GDB "DWARF" Buffer Overflow

Critical:    Less critical
Where:       From remote
Impact:      DoS, System access
Released:    2006-11-01

Apple has acknowledged a vulnerability in GDB included in Xcode, which
potentially can be exploited by malicious, local users to gain
escalated privileges or malicious people to compromise a vulnerable
system.

Full Advisory:
http://secunia.com/advisories/22662/ 

 --

[SA22649] Ubuntu update for screen

Critical:    Less critical
Where:       From remote
Impact:      DoS, System access
Released:    2006-11-02

Ubuntu has issued an update for screen. This fixes some
vulnerabilities, which can be exploited to cause a DoS (Denial of
Service) and potentially compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/22649/ 

 --

[SA22624] Ubuntu update for Ruby

Critical:    Less critical
Where:       From remote
Impact:      DoS
Released:    2006-11-02

Ubuntu has issued an update for ruby. This fixes a vulnerability, which
can be exploited by malicious people to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/22624/ 

 --

[SA22615] Mandriva update for ruby

Critical:    Less critical
Where:       From remote
Impact:      DoS
Released:    2006-10-30

Mandriva has issued an update for ruby. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/22615/ 

 --

[SA22611] Mandriva update for screen

Critical:    Less critical
Where:       From remote
Impact:      DoS, System access
Released:    2006-10-30

Mandriva has issued an update for screen. This fixes some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service) or potentially compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/22611/ 

 --

[SA22642] libX11 XCOMPOSEFILE File Descriptor Leak

Critical:    Less critical
Where:       Local system
Impact:      Exposure of sensitive information
Released:    2006-11-01

Kees Cook has reported a vulnerability in libX11, which can be
exploited by malicious, local users to disclose potentially sensitive
information.

Full Advisory:
http://secunia.com/advisories/22642/ 

 --

[SA22614] Mandriva update for mono

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2006-10-30

Mandriva has issued an update for mono. This fixes a vulnerability,
which can be exploited by malicious, local users to perform certain
actions with escalated privileges.

Full Advisory:
http://secunia.com/advisories/22614/ 

 --

[SA22609] IBM Informix Products Insecure Permissions and Temporary File
Creation

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2006-10-31

Some vulnerabilities have been reported in various Informix Products,
which can be exploited by malicious, local users to perform certain
actions with escalated privileges.

Full Advisory:
http://secunia.com/advisories/22609/ 

 --

[SA22636] Trustix update for postgresql

Critical:    Not critical
Where:       From local network
Impact:      DoS
Released:    2006-10-30

Trustix has issued an update for postgresql. This fixes some
vulnerabilities, which can be exploited by malicious users to cause a
DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/22636/ 

 --

[SA22606] Mandriva update for postgresql

Critical:    Not critical
Where:       From local network
Impact:      DoS
Released:    2006-10-31

Mandriva has issued an update for postgresql. This fixes some
vulnerabilities, which can be exploited by malicious users to cause a
DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/22606/ 

 --

[SA22686] Ubuntu update for mutt

Critical:    Not critical
Where:       Local system
Impact:      Privilege escalation
Released:    2006-11-02

Ubuntu has issued an update for mutt. This fixes some vulnerabilities,
which can be exploited by malicious people to perform certain actions
with escalated privileges.

Full Advisory:
http://secunia.com/advisories/22686/ 

 --

[SA22665] Linux Kernel IPv6 Flow Label Denial of Service

Critical:    Not critical
Where:       Local system
Impact:      DoS
Released:    2006-11-01

A vulnerability has been reported in the Linux Kernel, which can be
exploited by malicious, local users to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/22665/ 

 --

[SA22640] Mandriva update for mutt

Critical:    Not critical
Where:       Local system
Impact:      Privilege escalation
Released:    2006-10-30

Mandriva has issued an update for mutt. This fixes some weaknesses,
which potentially can be exploited by malicious people to perform
certain actions with escalated privileges.

Full Advisory:
http://secunia.com/advisories/22640/ 

 --

[SA22613] Mutt Insecure Temporary File Creation Weaknesses

Critical:    Not critical
Where:       Local system
Impact:      Privilege escalation
Released:    2006-10-30

Some weaknesses have been reported in mutt, which potentially can be
exploited by malicious, local users to perform certain actions with
escalated privileges.

Full Advisory:
http://secunia.com/advisories/22613/ 


Other:--

[SA22626] SnapGear Multiple Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      Security Bypass, DoS, System access
Released:    2006-10-30

Some vulnerabilities have reported in SnapGear, which can be exploited
by malicious people to bypass certain security restrictions, cause a
DoS (Denial of Service) or compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/22626/ 


Cross Platform:--

[SA22644] phpProfiles "reqpath" and "usrinc" File Inclusions

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2006-10-31

v1per-haCker has discovered some vulnerabilities in phpProfiles, which
can be exploited by malicious people to compromise a vulnerable
system.

Full Advisory:
http://secunia.com/advisories/22644/ 

 --

[SA22632] MiniBILL "config[page_dir]" File Inclusion Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2006-10-30

xoron has discovered a vulnerability in MiniBILL, which can be
exploited by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/22632/ 

 --

[SA22630] phpBB Spider Friendly Module "phpbb_root_path" File Inclusion
Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2006-11-01

Kacper has reported a vulnerability in the Spider Friendly module for
phpBB, which can be exploited by malicious people to compromise a
vulnerable system.

Full Advisory:
http://secunia.com/advisories/22630/ 

 --

[SA22627] N/X WCMS "c[path]" File Inclusion Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2006-10-30

Kacper has discovered a vulnerability in N/X WCMS, which can be
exploited by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/22627/ 

 --

[SA22623] QnECMS "adminfolderpath" File Inclusion Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2006-10-30

K-159 has reported a vulnerability in QnECMS, which can be exploited by
malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/22623/ 

 --

[SA22622] PunBB "language" Parameter Local File Inclusion

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2006-10-31

Nms has discovered a vulnerability in PunBB, which can be exploited by
malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/22622/ 

 --

[SA22621] Faq Administrator "email" File Inclusion Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2006-10-30

v1per-haCker has discovered a vulnerability in Faq Administrator, which
can be exploited by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/22621/ 

 --

[SA22618] Simple Website Software "SWSDIR" File Inclusion
Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2006-10-30

Cyber-Security has discovered a vulnerability in Simple Website
Software, which can be exploited by malicious people to compromise a
vulnerable system.

Full Advisory:
http://secunia.com/advisories/22618/ 

 --

[SA22608] P-Book "pb_lang" File Inclusion Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2006-11-01

Matdhule has reported some vulnerabilities in P-Book, which can be
exploited by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/22608/ 

 --

[SA22605] mp3SDS "fullpath" File Inclusion Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2006-10-30

Cyber-Security has discovered a vulnerability in mp3SDS, which can be
exploited by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/22605/ 

 --

[SA22597] Free Image Hosting "AD_BODY_TEMP" File Inclusion
Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2006-10-30

Kacper has discovered a vulnerability in Free Image Hosting, which can
be exploited by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/22597/ 

 --

[SA22596] miniBB "pathToFiles" File Inclusion Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2006-10-27

Kacper has discovered a vulnerability in miniBB, which can be exploited
by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/22596/ 

 --

[SA22594] Free File Hosting "AD_BODY_TEMP" File Inclusion
Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2006-10-31

Some vulnerabilities have been reported in Free File Hosting, which can
be exploited by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/22594/ 

 --

[SA22683] WordPress Unspecified Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Unknown
Released:    2006-11-02

Some vulnerabilities with unknown impacts have been reported in
WordPress.

Full Advisory:
http://secunia.com/advisories/22683/ 

 --

[SA22657] Novell iManager Tomcat Denial Of Service Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2006-11-01

A vulnerability has been reported in Novell iManager, which can be
exploited by malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/22657/ 

 --

[SA22646] Sun ONE/Java System Web Server NSS Denial of Service

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2006-11-01

A vulnerability has been reported in Sun ONE Application Server and Sun
Java System Web Server, which can be exploited by malicious people to
cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/22646/ 

 --

[SA22635] Sophos Anti-Virus Petite Plugin Denial of Service
Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2006-10-30

A vulnerability has been reported in Sophos Anti-Virus, which can be
exploited by malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/22635/ 

 --

[SA22631] E-Annu "login" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2006-10-31

ajann has discovered a vulnerability in E-Annu, which can be exploited
by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/22631/ 

 --

[SA22620] PHPMyRing "cherche.php" SQL Injection Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2006-10-30

ajann has reported some vulnerabilities in PHPMyRing, which can be
exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/22620/ 

 --

[SA22617] PHP-Nuke "forwhat" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2006-11-01

Paisterist has discovered a vulnerability in PHP-Nuke, which can be
exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/22617/ 

 --

[SA22616] PHPEasyData Pro "cat" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2006-10-30

ajann has reported a vulnerability in PHPEasyData Pro, which can be
exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/22616/ 

 --

[SA22610] Netref "ad_direct" Local File Inclusion Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Exposure of sensitive information
Released:    2006-10-30

ajann has reported a vulnerability in Netref, which can be exploited by
malicious people to disclose sensitive information.

Full Advisory:
http://secunia.com/advisories/22610/ 

 --

[SA22602] Easy File Sharing Web Server Multiple Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting, Exposure of sensitive information
Released:    2006-10-31

Greg Linares has discovered some vulnerabilities in Easy File Sharing
Web Server, which can be exploited by malicious users to conduct script
insertion attacks and by malicious people to disclose sensitive
information.

Full Advisory:
http://secunia.com/advisories/22602/ 

 --

[SA22595] wvWare Multiple Integer Overflow Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2006-10-27

Some vulnerabilities have been reported in wvWare, which can be
exploited by malicious people to cause a DoS (Denial of Service) and
potentially compromise an application using the library.

Full Advisory:
http://secunia.com/advisories/22595/ 

 --

[SA22648] foresite CMS "query" Cross-Site Scripting Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2006-10-31

David Vieira-Kurz has reported a vulnerability in foresite CMS, which
can be exploited by malicious people to conduct cross-site scripting
attacks.

Full Advisory:
http://secunia.com/advisories/22648/ 

 --

[SA22629] phpFaber CMS "htmlarea.php" Cross-Site Scripting
Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2006-10-30

Vigilon has reported a vulnerability in phpFaber CMS, which can be
exploited by malicious people to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/22629/ 

 --

[SA22625] Coppermine Photo Gallery "aid" SQL Injection Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Manipulation of data
Released:    2006-10-30

w4ck1ng has reported a vulnerability in Coppermine Photo Gallery, which
can be exploited by malicious users to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/22625/ 

 --

[SA22599] phpMyAdmin Unspecified UTF-7 Cross-Site Scripting
Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2006-11-01

A vulnerability has been reported in phpMyAdmin, which can be exploited
by malicious people to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/22599/ 

 --

[SA22660] Novell eDirectory NMAS Denial Of Service Vulnerability

Critical:    Less critical
Where:       From local network
Impact:      DoS
Released:    2006-11-01

A vulnerability has been reported in Novell eDirectory, which can be
exploited by malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/22660/ 



=======================================================================
Secunia recommends that you verify all advisories you receive,
by clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only use
those supplied by the vendor.

Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/ 

Subscribe:
http://secunia.com/secunia_weekly_summary/ 

Contact details:
Web	: http://secunia.com/ 
E-mail	: support@secunia.com 
Tel	: +45 70 20 51 44
Fax	: +45 70 20 51 45



_________________________________
Visit the InfoSec News store!
http://www.shopinfosecnews.org 

Site design & layout copyright © 1986-2014 CodeGods