AOH :: ISNQ3929.HTM

Secunia Weekly Summary - Issue: 2007-16




Secunia Weekly Summary - Issue: 2007-16
Secunia Weekly Summary - Issue: 2007-16



=======================================================================
                  The Secunia Weekly Advisory Summary                  
                        2007-04-12 - 2007-04-19                        

                       This week: 65 advisories                        

=======================================================================Table of Contents:

1.....................................................Word From Secunia
2....................................................This Week In Brief
3...............................This Weeks Top Ten Most Read Advisories
4.......................................Vulnerabilities Summary Listing
5.......................................Vulnerabilities Content Listing

=======================================================================1) Word From Secunia:

Should you be interested in a career within Secunia, the current job
openings are available right now:

Security Sales Engineer:
http://corporate.secunia.com/about_secunia/54/ 

German Key Account Manager:
http://corporate.secunia.com/about_secunia/55/ 

International Account Manager - Enterprise Sales:
http://corporate.secunia.com/about_secunia/52/ 

International Sales Manager - IT Security Partner:
http://corporate.secunia.com/about_secunia/51/ 

Danish: Disassembling og Reversing
http://secunia.com/Disassembling_og_Reversing/ 

Linux Security Specialist:
http://secunia.com/Linux_Security_Specialist/ 

=======================================================================2) This Week in Brief:

Without skipping a beat, hackers have once again managed to take the
fun out of Microsoft Tuesday with the release of a new Microsoft
vulnerability, this time affecting the DNS service.

The vulnerability is due to a boundary error in an RPC interface of the
DNS service, and can be exploited to cause a stack-based buffer
overflow by creating an RPC request with specific parameters.
Successful exploitation allows an attacker to execute arbitrary code
with SYSTEM privileges.

While Microsoft has yet to issue a patch, they have already released a
security advisory for the vulnerability. Secunia has rated this
advisory as "Highly critical". All users are encouraged to implement
the vendor-recommended workarounds while a patch is being prepared.

For more information, please refer to:
http://secunia.com/advisories/24871/ 

 --

Two vulnerabilities have been reported in Clam Antivirus. The first is
an unspecified file descriptor leak error within the
libclamav/chmunpack.c file, and the other is a signedness error within
the "cab_unstore()" function in the libclamav/cab.c file.

The "cab_unstore()" vulnerability can be exploited to cause a stack
based buffer overflow via a specially crafted ".cab" file. This can
lead to a crash of the clamd process, or may allow an attacker to
execute arbitrary code in the system.

The vendor has released a patch for these vulnerabilities. For more
information, please refer to:
http://secunia.com/advisories/24891/ 

 --

Oracle has released a critical security patch covering 36
vulnerabilities. The vulnerabilities, allowing everything from
cross-site scripting attacks, to crashes, to execution of arbitrary
code, are reported in various Oracle products.

Users are advised to apply the patches for their affected products as
soon as possible. There is a publicly available exploit for at least
one of the patches, and more are sure to follow, as detailed analysis
of the patches are sure to come out in the days following the patch
release.

For more information:
http://secunia.com/advisories/24929/ 

 --

VIRUS ALERTS:

During the past week Secunia collected 174 virus descriptions from the
Antivirus vendors. However, none were deemed MEDIUM risk or higher
according to the Secunia assessment scale.

=======================================================================3) This Weeks Top Ten Most Read Advisories:

1.  [SA24871] Microsoft Windows DNS Service Buffer Overflow
              Vulnerability
2.  [SA24659] Microsoft Windows Animated Cursor Buffer Overflow
              Vulnerability
3.  [SA22896] Microsoft Agent URL Parsing Memory Corruption
              Vulnerability
4.  [SA18787] Internet Explorer Drag-and-Drop Vulnerability
5.  [SA24891] Clam AntiVirus Two Vulnerabilities
6.  [SA24877] Opera Unspecified Flash Player Plug-In Vulnerability
7.  [SA24865] Cisco Products Multiple Vulnerabilities
8.  [SA24880] Aircrack-ng 802.11 Authentication Packet Processing
              Buffer Overflow
9.  [SA24857] Sun Solaris IP Packet Denial of Service
10. [SA23370] Debian update for kernel

=======================================================================4) Vulnerabilities Summary Listing

Windows:
[SA24960] Second Sight ActiveGS ActiveX Control Buffer Overflow
Vulnerabilities
[SA24928] Second Sight ActiveMod ActiveX Control Buffer Overflow
Vulnerability
[SA24900] Akamai Download Manager ActiveX Control Buffer Overflow
Vulnerabilities
[SA24914] McAfee VirusScan Enterprise On-Access Scanner Unicode
Filename Buffer Overflow
[SA24898] MiniShare Multiple Connections Denial of Service
[SA24894] FileZilla Unspecified Format String Vulnerabilities
[SA24938] IBM Tivoli Monitoring Various Services Buffer Overflow
Vulnerabilities
[SA24937] BMC PATROL "bgs_sdservice.exe" Memory Corruption
[SA24892] LANDesk Management Suite Alert Service Buffer Overflow
[SA24882] MailBee WebMail Pro Cross-Site Scripting Vulnerabilities
[SA24881] eIQNetworks Enterprise Security Analyzer Command Processing
Vulnerabilities

UNIX/Linux:
[SA24948] Sun Solaris Mozilla 1.7 Vulnerabilities
[SA24930] HP UX Tru64 Multiple SSL and BIND Vulnerabilities
[SA24906] Gentoo update for openoffice and openoffice-bin
[SA24897] Gentoo update for xine-lib
[SA24947] rPath update for lighttpd
[SA24945] rPath update for php, php-mysql, and php-pgsql
[SA24931] Gentoo update for madwifi-ng
[SA24924] Red Hat update for php
[SA24911] Red Hat update for squid
[SA24910] Red Hat update for php
[SA24889] SUSE Update for Multiple Packages
[SA24887] PHP-Nuke vWar Module SQL Injection and Cross-Site Scripting
[SA24886] lighttpd "mtime" and "\r\n\r\n\" Denial of Service
Vulnerabilities
[SA24885] Red Hat update for freetype
[SA24884] VCDGear Cue File Buffer Overflow Vulnerability
[SA24950] HP Insight Management Agents SSL Vulnerabilities
[SA24951] WordPress Pingback Denial of Service Security Issue
[SA24919] oe2edit "q" Cross-Site Scripting Vulnerability
[SA24918] Gentoo file Denial of Service Security Issue
[SA24917] Gentoo update for freeradius
[SA24909] Mandriva update for php
[SA24907] Mandriva update for freeradius
[SA24901] rPath update for kernel
[SA24895] Mandriva update for cups
[SA24953] Ubuntu update for libx11
[SA24916] SSH Tectia Server Insecure Permissions
[SA24903] ScramDisk 4 Linux Privilege Escalation Security Issues
[SA24905] Gentoo update for vixie-cron

Other:
[SA24940] Canon Network Camera Server VB100 Series Cross-Site Scripting
Vulnerability

Cross Platform:
[SA24956] jGallery "G_JGALL[inc_path]" File Inclusion Vulnerability
[SA24955] AimStats "process.php" PHP Code Injection
[SA24944] Novell GroupWise WebAccess Base64 Decoding Buffer Overflow
[SA24939] ShoutPro "shout" PHP Code Injection Vulnerability
[SA24929] Oracle Products Multiple Vulnerabilities
[SA24927] Sun Solaris and Java Web Console Format String Vulnerability
[SA24926] Rezervi Generic "root" File Inclusion Vulnerabilities
[SA24915] Opensurveypilot Two File Inclusion Vulnerabilities
[SA24913] Mozilla Firefox Wizz RSS News Reader Extension Cross-Context
Scripting
[SA24912] Simple PHP Scripts Gallery "gallery" File Inclusion
[SA24908] Anthologia "ads_file" File Inclusion Vulnerability
[SA24904] LS simple guestbook "message" PHP Code Execution
[SA24902] CNStats File Inclusion Vulnerabilities
[SA24891] Clam AntiVirus Two Vulnerabilities
[SA24890] StoreFront for Gallery "GALLERY_BASEDIR" File Inclusion
Vulnerabilities
[SA24888] PhpWiki "UpLoad" PHP Script Upload Vulnerability
[SA24933] webMethods Glue "resource" Directory Traversal Vulnerability
[SA24899] Zomplog "file" Directory Traversal Vulnerability
[SA24896] NMDeluxe "template" Local File Inclusion Vulnerability
[SA24880] Aircrack-ng 802.11 Authentication Packet Processing Buffer
Overflow
[SA24943] Wabbit PHP Gallery Script Two Cross-Site Scripting
Vulnerabilities
[SA24942] my little weblog "id" Cross-Site Scripting
[SA24922] JEX-Treme Einfacher Passwortschutz "msg"
Cross-Site-Scripting
[SA24879] chCounter "login_name" Cross-Site Scripting
[SA24893] McAfee e-Business Server Authentication Packet Processing
Denial Of Service

=======================================================================5) Vulnerabilities Content Listing

Windows:--

[SA24960] Second Sight ActiveGS ActiveX Control Buffer Overflow
Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2007-04-19

Will Dormann has reported some vulnerabilities in Second Sight ActiveGS
ActiveX control, which potentially can be exploited by malicious people
to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/24960/ 

 --

[SA24928] Second Sight ActiveMod ActiveX Control Buffer Overflow
Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2007-04-19

Will Dormann has reported a vulnerability in Second Sight ActiveMod
ActiveX control, which can be exploited by malicious people to
potentially compromise a user's system.

Full Advisory:
http://secunia.com/advisories/24928/ 

 --

[SA24900] Akamai Download Manager ActiveX Control Buffer Overflow
Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2007-04-17

Two vulnerabilities have been reported in Akamai Download Manager
ActiveX control, which can be exploited by malicious people to
compromise a user's system.

Full Advisory:
http://secunia.com/advisories/24900/ 

 --

[SA24914] McAfee VirusScan Enterprise On-Access Scanner Unicode
Filename Buffer Overflow

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2007-04-18

A vulnerability has been reported in McAfee VirusScan Enterprise, which
can be exploited by malicious people to cause a DoS or to potentially
compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/24914/ 

 --

[SA24898] MiniShare Multiple Connections Denial of Service

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2007-04-16

device has reported a vulnerability in MiniShare, which can be
exploited by malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/24898/ 

 --

[SA24894] FileZilla Unspecified Format String Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2007-04-16

Some vulnerabilities have been reported in FileZilla, which potentially
can be exploited by malicious people to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/24894/ 

 --

[SA24938] IBM Tivoli Monitoring Various Services Buffer Overflow
Vulnerabilities

Critical:    Moderately critical
Where:       From local network
Impact:      System access
Released:    2007-04-19

Some vulnerabilities have been reported in IBM Tivoli Monitoring, which
can be exploited by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/24938/ 

 --

[SA24937] BMC PATROL "bgs_sdservice.exe" Memory Corruption

Critical:    Moderately critical
Where:       From local network
Impact:      System access
Released:    2007-04-19

A vulnerability has been reported in BMC PATROL, which can be exploited
by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/24937/ 

 --

[SA24892] LANDesk Management Suite Alert Service Buffer Overflow

Critical:    Moderately critical
Where:       From local network
Impact:      System access
Released:    2007-04-16

Aaron Portnoy has reported a vulnerability in LANDesk Management Suite,
which can be exploited by malicious people to compromise a vulnerable
system.

Full Advisory:
http://secunia.com/advisories/24892/ 

 --

[SA24882] MailBee WebMail Pro Cross-Site Scripting Vulnerabilities

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2007-04-17

Some vulnerabilities have been reported in MailBee WebMail Pro, which
can be exploited by malicious people to conduct cross-site scripting
attacks.

Full Advisory:
http://secunia.com/advisories/24882/ 

 --

[SA24881] eIQNetworks Enterprise Security Analyzer Command Processing
Vulnerabilities

Critical:    Less critical
Where:       From local network
Impact:      DoS, System access
Released:    2007-04-13

Leon Juranic has discovered some vulnerabilities in eIQNetworks
Enterprise Security Analyzer, which can be exploited by malicious
people to cause a DoS (Denial of Service) or to potentially compromise
a vulnerable system.

Full Advisory:
http://secunia.com/advisories/24881/ 


UNIX/Linux:--

[SA24948] Sun Solaris Mozilla 1.7 Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2007-04-19

Sun has acknowledged some vulnerabilities in Mozilla 1.7 for Sun
Solaris, which potentially can be exploited by malicious people to
compromise a user's system.

Full Advisory:
http://secunia.com/advisories/24948/ 

 --

[SA24930] HP UX Tru64 Multiple SSL and BIND Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2007-04-18

HP has acknowledged some vulnerabilities in HP Tru64 Unix.

Full Advisory:
http://secunia.com/advisories/24930/ 

 --

[SA24906] Gentoo update for openoffice and openoffice-bin

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2007-04-17

Gentoo has issued an update for openoffice and openoffice-bin. This
fixes some vulnerabilities, which can be exploited by malicious people
to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/24906/ 

 --

[SA24897] Gentoo update for xine-lib

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2007-04-16

Gentoo has issued an update for xine-lib. This fixes a vulnerability,
which potentially can be exploited by malicious people to compromise a
vulnerable system.

Full Advisory:
http://secunia.com/advisories/24897/ 

 --

[SA24947] rPath update for lighttpd

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2007-04-19

rPath has issued an update for lighttpd. This fixes some
vulnerabilities, which can be exploited by malicious users and
malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/24947/ 

 --

[SA24945] rPath update for php, php-mysql, and php-pgsql

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass, DoS, System access
Released:    2007-04-19

rPath has issued an update for php, php-mysql, and php-pgsql. This
fixes some vulnerabilities, which can be exploited by malicious, local
users to bypass certain security restrictions, and by malicious people
to cause a DoS (Denial of Service) and potentially compromise a user's
system.

Full Advisory:
http://secunia.com/advisories/24945/ 

 --

[SA24931] Gentoo update for madwifi-ng

Critical:    Moderately critical
Where:       From remote
Impact:      Exposure of sensitive information, DoS
Released:    2007-04-18

Gentoo has issued an update for madwifi-ng. This fixes some
vulnerabilities, which can be exploited by malicious people to gain
knowledge of potentially sensitive information or cause a DoS (Denial
of Service).

Full Advisory:
http://secunia.com/advisories/24931/ 

 --

[SA24924] Red Hat update for php

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass, DoS, System access
Released:    2007-04-17

Red Hat has issued an update for php. This fixes some vulnerabilities,
which can be exploited by malicious, local users to bypass certain
security restrictions, and by malicious people to cause a DoS (Denial
of Service) and potentially compromise a user's system.

Full Advisory:
http://secunia.com/advisories/24924/ 

 --

[SA24911] Red Hat update for squid

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2007-04-16

Red Hat has issued an update for squid. This fixes a  vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/24911/ 

 --

[SA24910] Red Hat update for php

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass, DoS, System access
Released:    2007-04-17

Red Hat has issued an update for php. This fixes some vulnerabilities,
which can be exploited by malicious, local users to bypass certain
security restrictions, and by malicious people to potentially
compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/24910/ 

 --

[SA24889] SUSE Update for Multiple Packages

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting, Privilege escalation, DoS, System
access
Released:    2007-04-16

SUSE has issued an update for various packages. This fixes some
vulnerabilities, which can be exploited by malicious, local users to
gain escalated privileges and by malicious people to conduct cross-site
scripting attacks, cause a DoS (Denial of Service), and compromise a
user's system.

Full Advisory:
http://secunia.com/advisories/24889/ 

 --

[SA24887] PHP-Nuke vWar Module SQL Injection and Cross-Site Scripting

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting, Manipulation of data, Exposure of
sensitive information
Released:    2007-04-18

Janek Vind has discovered some vulnerabilities in the vWar module for
PHP-Nuke, which can be exploited by malicious people to conduct SQL
injection attacks and cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/24887/ 

 --

[SA24886] lighttpd "mtime" and "\r\n\r\n\" Denial of Service
Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2007-04-16

Some vulnerabilities have been reported in lighttpd, which can be
exploited by malicious users and malicious people to cause a DoS
(Denial of Service).

Full Advisory:
http://secunia.com/advisories/24886/ 

 --

[SA24885] Red Hat update for freetype

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2007-04-16

Red Hat has issued an update for freetype. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service) and potentially compromise an application using the library.

Full Advisory:
http://secunia.com/advisories/24885/ 

 --

[SA24884] VCDGear Cue File Buffer Overflow Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2007-04-16

A vulnerability has been discovered in VCDGear, which can be exploited
by malicious people to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/24884/ 

 --

[SA24950] HP Insight Management Agents SSL Vulnerabilities

Critical:    Moderately critical
Where:       From local network
Impact:      Security Bypass, DoS, System access
Released:    2007-04-18

HP has acknowledged some vulnerabilities in HP Insight Management
Agents, which can be exploited by malicious people to bypass certain
security restrictions, cause a DoS (Denial of Service) or compromise a
vulnerable system.

Full Advisory:
http://secunia.com/advisories/24950/ 

 --

[SA24951] WordPress Pingback Denial of Service Security Issue

Critical:    Less critical
Where:       From remote
Impact:      DoS
Released:    2007-04-19

foobarwp12 has reported a security issue in WordPress, which
potentially can be exploited by malicious people to cause a DoS (Denial
of Service).

Full Advisory:
http://secunia.com/advisories/24951/ 

 --

[SA24919] oe2edit "q" Cross-Site Scripting Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2007-04-17

David Vieira-Kurz has reported a vulnerability in oe2edit, which can be
exploited by malicious people to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/24919/ 

 --

[SA24918] Gentoo file Denial of Service Security Issue

Critical:    Less critical
Where:       From remote
Impact:      DoS
Released:    2007-04-18

Gentoo has acknowledged a security issue in file, which potentially can
be exploited by malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/24918/ 

 --

[SA24917] Gentoo update for freeradius

Critical:    Less critical
Where:       From remote
Impact:      DoS
Released:    2007-04-18

Gentoo has issued an update for freeradius. This fixes a security
issue, which can be exploited by malicious people to cause a DoS
(Denial of Service).

Full Advisory:
http://secunia.com/advisories/24917/ 

 --

[SA24909] Mandriva update for php

Critical:    Less critical
Where:       From remote
Impact:      Security Bypass, DoS
Released:    2007-04-19

Mandriva has issued an update for php. This fixes some vulnerabilities,
which can be exploited by malicious users to bypass certain security
restrictions and by malicious people to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/24909/ 

 --

[SA24907] Mandriva update for freeradius

Critical:    Less critical
Where:       From remote
Impact:      DoS
Released:    2007-04-17

Mandriva has issued an update for freeradius. This fixes a security
issue, which can be exploited by malicious people to cause a DoS
(Denial of Service).

Full Advisory:
http://secunia.com/advisories/24907/ 

 --

[SA24901] rPath update for kernel

Critical:    Less critical
Where:       From local network
Impact:      Exposure of sensitive information, Privilege escalation,
DoS
Released:    2007-04-17

rPath has issued an update for the kernel. This fixes some
vulnerabilities, which can be exploited by malicious, local users to
cause a DoS (Denial of Service), disclose potentially sensitive
information, gain escalated privileges, and by malicious people to
cause a DoS.

Full Advisory:
http://secunia.com/advisories/24901/ 

 --

[SA24895] Mandriva update for cups

Critical:    Less critical
Where:       From local network
Impact:      DoS
Released:    2007-04-17

Mandriva has issued an update for cups. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/24895/ 

 --

[SA24953] Ubuntu update for libx11

Critical:    Less critical
Where:       Local system
Impact:      Exposure of sensitive information, DoS
Released:    2007-04-19

Ubuntu has issued an update for libx11. This fixes a vulnerability,
which can be exploited by malicious, local users to disclose sensitive
information or cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/24953/ 

 --

[SA24916] SSH Tectia Server Insecure Permissions

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2007-04-16

A security issue has been reported in SSH Tectia Server for IBM z/OS,
which potentially can be exploited by malicious, local users to gain
escalated privileges.

Full Advisory:
http://secunia.com/advisories/24916/ 

 --

[SA24903] ScramDisk 4 Linux Privilege Escalation Security Issues

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2007-04-16

Two security issues have been reported in ScramDisk 4 Linux. These can
be exploited by malicious, local users to gain escalated privileges.

Full Advisory:
http://secunia.com/advisories/24903/ 

 --

[SA24905] Gentoo update for vixie-cron

Critical:    Not critical
Where:       Local system
Impact:      DoS
Released:    2007-04-17

Gentoo has issued an update for vixie-cron. This fixes a vulnerability,
which can be exploited by malicious, local users to cause a DoS (Denial
of Service).

Full Advisory:
http://secunia.com/advisories/24905/ 


Other:--

[SA24940] Canon Network Camera Server VB100 Series Cross-Site Scripting
Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2007-04-19

A vulnerability has been reported in Canon Network Camera Server VB100
Series, which can be exploited by malicious people to conduct
cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/24940/ 


Cross Platform:--

[SA24956] jGallery "G_JGALL[inc_path]" File Inclusion Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2007-04-19

Dj7xpl has discovered a vulnerability in jGallery, which can be
exploited by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/24956/ 

 --

[SA24955] AimStats "process.php" PHP Code Injection

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2007-04-19

Dj7xpl has discovered some vulnerabilities in AimStats, which can be
exploited by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/24955/ 

 --

[SA24944] Novell GroupWise WebAccess Base64 Decoding Buffer Overflow

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2007-04-19

A vulnerability has been reported in Novell GroupWise, which can be
exploited by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/24944/ 

 --

[SA24939] ShoutPro "shout" PHP Code Injection Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2007-04-18

Gammarays has discovered a vulnerability in ShoutPro, which can be
exploited by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/24939/ 

 --

[SA24929] Oracle Products Multiple Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      Unknown, Security Bypass, Cross Site Scripting,
Manipulation of data, Exposure of sensitive information, Privilege
escalation, DoS, System access
Released:    2007-04-18

Multiple vulnerabilities have been reported in various Oracle products.
Some of these vulnerabilities have unknown impacts, while others can be
exploited to bypass certain security restrictions, gain knowledge of 
sensitive information, gain escalated privileges, cause a DoS (Denial
of Service), conduct cross-site scripting and SQL injection attacks, or
potentially compromise a vulnerable system..

Full Advisory:
http://secunia.com/advisories/24929/ 

 --

[SA24927] Sun Solaris and Java Web Console Format String Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2007-04-18

Frank Dick has reported a vulnerability in Sun Solaris and Java Web
Console, which potentially can be exploited by malicious people to
compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/24927/ 

 --

[SA24926] Rezervi Generic "root" File Inclusion Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2007-04-19

GolD_M has discovered some vulnerabilities in Rezervi Generic, which
can be exploited by malicious people to compromise a vulnerable
system.

Full Advisory:
http://secunia.com/advisories/24926/ 

 --

[SA24915] Opensurveypilot Two File Inclusion Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      Exposure of system information, Exposure of sensitive
information, System access
Released:    2007-04-19

Two vulnerabilities have been discovered in Opensurveypilot, which can
be exploited by malicious people to compromise a vulnerable system or
to disclose sensitive information.

Full Advisory:
http://secunia.com/advisories/24915/ 

 --

[SA24913] Mozilla Firefox Wizz RSS News Reader Extension Cross-Context
Scripting

Critical:    Highly critical
Where:       From remote
Impact:      Cross Site Scripting, System access
Released:    2007-04-17

A vulnerability has been reported in the Wizz RSS News Reader extension
for Mozilla Firefox, which can be exploited by malicious people to
compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/24913/ 

 --

[SA24912] Simple PHP Scripts Gallery "gallery" File Inclusion

Critical:    Highly critical
Where:       From remote
Impact:      Exposure of system information, Exposure of sensitive
information, System access
Released:    2007-04-17

A vulnerability has been discovered in Simple PHP Scripts Gallery,
which can be exploited by malicious people to compromise a vulnerable
system or to disclose sensitive information.

Full Advisory:
http://secunia.com/advisories/24912/ 

 --

[SA24908] Anthologia "ads_file" File Inclusion Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      Exposure of system information, Exposure of sensitive
information, System access
Released:    2007-04-18

Dj7xpl has discovered a vulnerability in Anthologia, which can be
exploited by malicious people to compromise a vulnerable system or to
disclose sensitive information.

Full Advisory:
http://secunia.com/advisories/24908/ 

 --

[SA24904] LS simple guestbook "message" PHP Code Execution

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2007-04-16

Gammarays has discovered a vulnerability in LS simple guestbook, which
can be exploited by malicious people to compromise a vulnerable
system.

Full Advisory:
http://secunia.com/advisories/24904/ 

 --

[SA24902] CNStats File Inclusion Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2007-04-16

Some vulnerabilities have been discovered in CNStats, which can be
exploited by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/24902/ 

 --

[SA24891] Clam AntiVirus Two Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      Unknown, DoS, System access
Released:    2007-04-13

Two vulnerabilities have been reported in Clam AntiVirus. One has an
unknown impact, while the other can be exploited by malicious people to
cause a DoS (Denial of Service) or to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/24891/ 

 --

[SA24890] StoreFront for Gallery "GALLERY_BASEDIR" File Inclusion
Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2007-04-17

Alkomandoz Hacker has reported a vulnerability in StoreFront for
Gallery, which can be exploited by malicious people to compromise a
vulnerable system.

Full Advisory:
http://secunia.com/advisories/24890/ 

 --

[SA24888] PhpWiki "UpLoad" PHP Script Upload Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2007-04-13

A vulnerability has been discovered in PhpWiki, which can be exploited
by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/24888/ 

 --

[SA24933] webMethods Glue "resource" Directory Traversal Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Exposure of system information, Exposure of sensitive
information
Released:    2007-04-18

Patrick Webster has reported a vulnerability in webMethods Glue, which
can be exploited by malicious people to disclose sensitive
information.

Full Advisory:
http://secunia.com/advisories/24933/ 

 --

[SA24899] Zomplog "file" Directory Traversal Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Exposure of system information, Exposure of sensitive
information
Released:    2007-04-19

Dj7xpl has discovered a vulnerability in Zomplog, which can be
exploited by malicious people to disclose sensitive information.

Full Advisory:
http://secunia.com/advisories/24899/ 

 --

[SA24896] NMDeluxe "template" Local File Inclusion Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Exposure of sensitive information
Released:    2007-04-16

BeyazKurt has reported a vulnerability in NMDeluxe, which can be
exploited by malicious people to disclose sensitive information.

Full Advisory:
http://secunia.com/advisories/24896/ 

 --

[SA24880] Aircrack-ng 802.11 Authentication Packet Processing Buffer
Overflow

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2007-04-13

Jonathan So has reported a vulnerability in Aircrack-ng, which can be
exploited by malicious people to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/24880/ 

 --

[SA24943] Wabbit PHP Gallery Script Two Cross-Site Scripting
Vulnerabilities

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2007-04-18

the_Edit0r has reported some vulnerabilities in Wabbit PHP Gallery
Script, which can be exploited by malicious people to conduct
cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/24943/ 

 --

[SA24942] my little weblog "id" Cross-Site Scripting

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2007-04-18

the_Edit0r has discovered a vulnerability in my little weblog, which
can be exploited by malicious people to conduct cross-site scripting
attacks.

Full Advisory:
http://secunia.com/advisories/24942/ 

 --

[SA24922] JEX-Treme Einfacher Passwortschutz "msg"
Cross-Site-Scripting

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2007-04-19

hackberry has discovered a vulnerability in Einfacher Passwortschutz,
which can be exploited by malicious people to conduct cross-site
scripting attacks.

Full Advisory:
http://secunia.com/advisories/24922/ 

 --

[SA24879] chCounter "login_name" Cross-Site Scripting

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2007-04-13

Hanno Bck has discovered a vulnerability in chCounter, which can be
exploited by malicious people to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/24879/ 

 --

[SA24893] McAfee e-Business Server Authentication Packet Processing
Denial Of Service

Critical:    Less critical
Where:       From local network
Impact:      DoS
Released:    2007-04-18

A vulnerability has been reported in McAfee e-Business Server, which
can be exploited by malicious people to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/24893/ 



=======================================================================
Secunia recommends that you verify all advisories you receive,
by clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only use
those supplied by the vendor.

Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/ 

Subscribe:
http://secunia.com/secunia_weekly_summary/ 

Contact details:
Web	: http://secunia.com/ 
E-mail	: support@secunia.com 
Tel	: +45 70 20 51 44
Fax	: +45 70 20 51 45


__________________________
Subscribe to InfoSec News
http://www.infosecnews.org 

Site design & layout copyright © 1986-2014 CodeGods