AOH :: ISNQ4424.HTM

Secunia Weekly Summary - Issue: 2007-33




Secunia Weekly Summary - Issue: 2007-33
Secunia Weekly Summary - Issue: 2007-33



  This message is in MIME format.  The first part should be readable text,
  while the remaining parts are likely unreadable without MIME-aware tools.

--1457021584-1697277096-1187337794=:28741
Content-Type: TEXT/PLAIN; charset=UTF-8
Content-Transfer-Encoding: QUOTED-PRINTABLE

=======================================================================
                  The Secunia Weekly Advisory Summary                  
                        2007-08-09 - 2007-08-16                        

                       This week: 98 advisories                        

=======================================================================Table of Contents:

1.....................................................Word From Secunia
2....................................................This Week In Brief
3...............................This Weeks Top Ten Most Read Advisories
4.......................................Vulnerabilities Summary Listing
5.......................................Vulnerabilities Content Listing

=======================================================================1) Word From Secunia:

BETA test the new Secunia Personal Software Inspector!

The Secunia PSI detects installed software on your computer and
categorises it as either Insecure, End-of-Life, or Up-To-Date.
Effectively enabling you to focus your attention on software
installations where more secure versions are available from the
vendors.

Download the free PSI BETA from the Secunia website:
https://psi.secunia.com/

=======================================================================2) This Week in Brief:

Microsoft released nine security bulletins this month, all but one of
which are rated as =E2=80=9CHighly critical=E2=80=9D.

A vulnerability in Microsoft XML Core Services due to an integer
overflow error in the "substringData()" method of an XMLDOM/TextNode
JavaScript object can be exploited to cause a heap-based buffer
overflow via specially-crafted arguments passed to the affected method.
Successful exploitation may allow execution of arbitrary code when a
user e.g. visits a malicious website.

For more information refer to:
http://secunia.com/advisories/26447/ 

--

A vulnerability in the Vector Markup Language (VML) implementation due
to an integer underflow can be exploited to cause a heap-based buffer
overflow when processing compressed content referenced from VML.
Successful exploitation may allow execution of arbitrary code when a
user e.g. visits a malicious website.

For more information refer to:
http://secunia.com/advisories/26409/ 

--

Some vulnerabilities have been reported in Internet Explorer, which can
be exploited by malicious people to compromise a user's system. An
error when parsing certain CSS strings in Internet Explorer 5 can be
exploited to cause a memory corruption when a user e.g. visits a
malicious website.
The tblinf32.dll or vstlbinf.dll ActiveX control incorrectly implements
IObjectsafety, which can be exploited to execute arbitrary code when a
user e.g. visits a malicious website. An error in the pdwizard.ocx
ActiveX control can be exploited to cause a memory corruption when a
user e.g. visits a malicious website.

For more information refer to:
http://secunia.com/advisories/26419/ 

--

A vulnerability in the "substringData()" method of an XMLDOM/TextNode
JavaScript object in Microsoft Windows, which is caused due to an
integer overflow error, can be exploited to cause a heap-based buffer
overflow via specially-crafted arguments passed to the affected method.
Successful exploitation may allow execution of arbitrary code when a
user e.g. visits a malicious website.

For more information refer to:
http://secunia.com/advisories/26449/ 

--

Microsoft also released an update for three vulnerabilities reported in
Microsoft Windows Vista, which can be exploited by malicious people to
compromise a user's system. An error in the Feed Headlines gadget when
parsing HTML attributes can be exploited to execute arbitrary code via
a specially crafted RSS post. Successful exploitation requires that a
user e.g. is tricked into subscribing to a malicious RSS feed in the
Feed Headlines gadget using Internet Explorer. An error in the Contacts
Gadget when processing contacts can also be exploited to execute
arbitrary code when selecting a specially-crafted contact or if it is
the first contact in the list. Successful exploitation requires that a
user e.g. is tricked into adding or importing a malicious contact into
the Contacts Gadget, which is not the default configuration. An error
in the Weather Gadget when processing HTML attributes can be exploited
to execute arbitrary code when a user e.g. clicks on a link on the
affected gadget. However, successful exploitation requires a MitM
(Man-in-the-Middle) attack and that the links are visible in the
Weather Gadget by dragging and dropping the gadget on the desktop.

For more information refer to:
http://secunia.com/advisories/26439/ 

--

Two vulnerabilities in Windows Media Player, which can be exploited by
malicious people to compromise a user's system, have also been
reported. Errors in parsing header information, and in decompressing
skin files can be exploited to execute arbitrary code on a user's
system by tricking the user into visiting a malicious website or
opening a malicious skin file.

For more information refer to:
http://secunia.com/advisories/26433/ 

--

A vulnerability in the graphics rendering engine in Microsoft Windows,
which potentially can be exploited by malicious people to compromise a
user's system, is due to an integer overflow within the
"AttemptWrite()" function when parsing Windows metafiles. This can
be exploited to cause a heap-based buffer overflow by tricking a user
into viewing a malicious metafile containing a large record length.

For more information refer to:
http://secunia.com/advisories/26423/ 

--

Secunia Research has discovered a vulnerability in Microsoft Excel,
which can be exploited by malicious people to compromise a user's
system. The vulnerability is caused due to an error when validating an
index value in the rtWnDesk record and can be exploited to corrupt
memory via a specially crafted Excel Workspace (XLW) file. Other
unspecified security issues discovered internally by Microsoft have
also been reported and fixed in the security update.

For more information refer to:
http://secunia.com/advisories/26145/ 

--

A vulnerability in Microsoft Virtual PC and Virtual Server can be
exploited by malicious, local users to gain escalated privileges. The
vulnerability is caused by an error within certain components that
communicate with the host OS and can be exploited to cause a heap-based
buffer overflow. Successful exploitation allows an administrative user
on a guest machine to, for example, execute arbitrary code on the host
machine or other guest machines.

For more information refer to:
http://secunia.com/advisories/26444/ 

---

Barely a day before this month's Microsoft Security Updates, a
vulnerability in Microsoft DirectX Media SDK was discovered, which can
be exploited by malicious people to compromise a vulnerable system.

The vulnerability is caused by a boundary error in Live Picture
Corporation's DXSurface.LivePicture.FLashPix.1 (DXTLIPI.DLL) ActiveX
control when handling the "SourceUrl" property. This can be exploited
to cause a heap-based buffer overflow by assigning an overly long
(greater than 1024 bytes) string to the affected property. Successful
exploitation allows execution of arbitrary code when e.g. a user visits
a malicious website.

The vulnerability is confirmed in the Microsoft DirectX Media SDK
version 6.0 including DXTLIPI.DLL version 6.0.2.827. Other versions and
applications that use the affected ActiveX control may also be
affected.

For more information refer to:
http://secunia.com/advisories/26426/ 


 --

VIRUS ALERTS:

During the past week Secunia collected 175 virus descriptions from the
Antivirus vendors. However, none were deemed MEDIUM risk or higher
according to the Secunia assessment scale.

=======================================================================3) This Weeks Top Ten Most Read Advisories:

1.  [SA25215] Symantec Products NavComUI ActiveX Control Code Execution
2.  [SA26354] BlueCat Networks Proteus TFTP Directory Traversal
              Vulnerability
3.  [SA26477] Opera JavaScript Invalid Pointer Vulnerability
4.  [SA26394] HP OpenView Products Shared Trace Service Buffer Overflow
              Vulnerabilities
5.  [SA26360] Cisco IOS Next Hop Resolution Protocol Buffer Overflow
6.  [SA26388] pfstools "readRadianceHeader()" Buffer Overflow
              Vulnerability
7.  [SA26387] Qtpfsgui "readRadianceHeader()" Buffer Overflow
              Vulnerability
8.  [SA26389] Linux Kernel Insecure Batch Buffers Privilege Escalation
9.  [SA26373] HP-UX 11.11 ldcconn Buffer Overflow Vulnerability
10. [SA26348] Atheros Wireless Driver Management Frame Handling Denial
              of Service

=======================================================================4) Vulnerabilities Summary Listing

Windows:
[SA26482] IBM / Lenovo Access Support acpRunner ActiveX Multiple
Vulnerabilities
[SA26481] Motive Communications ActiveUtils EmailData ActiveX Buffer
Overflow Vulnerabilities
[SA26461] Easy Chat Server "username" Buffer Overflow Vulnerability
[SA26449] Microsoft Windows OLE Automation "substringData()" Integer
Overflow
[SA26447] Microsoft XML Core Services "substringData()" Integer
Overflow Vulnerability
[SA26439] Microsoft Windows Vista Gadgets Code Execution
Vulnerabilities
[SA26433] Windows Media Player Skin Handling Code Execution
Vulnerabilities
[SA26426] Microsoft DirectX Media SDK FlashPix ActiveX Control Buffer
Overflow
[SA26423] Windows Graphics Rendering Engine Image Handling
Vulnerability
[SA26419] Microsoft Internet Explorer Multiple Vulnerabilities
[SA26412] Qbik WinGate SMTP Service Format String Vulnerabilities
[SA26409] Microsoft Windows Vector Markup Language Buffer Overflow
[SA26491] Advanced mIRC Integration Plugin id3 Tag Input Validation
Error
[SA26431] Diskeeper RPC Request Handling Information Disclosure and
Denial of Service
[SA26459] Cisco VPN Client Privilege Escalation Vulnerabilities
[SA26435] Symantec Altiris Deployment Solution Aclient Log File Viewer
Privilege Escalation
[SA26427] Microsoft Internet Explorer FTP Credentials Exposure
[SA26448] AMD Catalyst Software Suite DSM Dynamic Driver Vista Kernel
Protection Bypass

UNIX/Linux:
[SA26476] rPath update for openoffice.org
[SA26460] Gentoo update for Mozilla Products
[SA26424] Gentoo update for squirrelmail
[SA26404] Debian update for tcpdump
[SA26400] Bilder Galerie "config[root_ordner]" Multiple File Inclusion
[SA26398] Web News "config[root_ordner]" Multiple File Inclusion
[SA26395] SUSE Update for Multiple Packages
[SA26493] rsync "f_name()" Off-By-One Vulnerability
[SA26470] Mandriva update for kdegraphics
[SA26468] Mandriva update for koffice
[SA26467] Mandriva update for tetex
[SA26432] Debian update for gpdf
[SA26429] Ubuntu update for libvorbis
[SA26428] Dell Remote Access Card SSH Denial of Service Vulnerability
[SA26425] Mandriva update for cups
[SA26415] Trustix Update for Multiple Packages
[SA26413] rPath update for cups, poppler, and tetex
[SA26410] Debian update for kdegraphics
[SA26407] Mandriva update for xpdf
[SA26405] Mandriva update for pdftohtml
[SA26403] Mandriva update for poppler
[SA26393] rPath update for firefox and thunderbird
[SA26391] Slackware update for seamonkey
[SA26390] Gentoo update for gd
[SA26490] xmms.pl for weechat id3 Tag Input Validation Error
[SA26489] xmms.bx for BitchX id3 Tag Input Validation Error
[SA26488] Another xmms-info script for XChat id3 Tag Input Validation
Error
[SA26487] a2x for XChat id3 Tag Input Validation Error
[SA26486] Disrok for XChat id3 Tag Input Validation Error
[SA26485] XMMS Remote Control Script for XChat id3 Tag Input Validation
Error
[SA26484] xmms-thing for XChat id3 Tag Input Validation Error
[SA26483] Multiple irssi Music Announcement Scripts id3 Tag Input
Validation Error
[SA26457] now_playing.rb for weechat id3 Tag Input Validation Error
[SA26456] Konversation Media Script id3 Tag Input Validation Error
[SA26455] xchat-xmms for XChat id3 Tag Input Validation Error
[SA26454] XMMS-Control for XChat id3 Tag Input Validation Error
[SA26417] Gentoo update for Net-DNS
[SA26430] rPath update for mysql, mysql-bench, and mysql-server
[SA26479] OpenBSD Systrace and Sysjail Multiple Race Condition
Vulnerabilities
[SA26478] Red Hat update for kernel
[SA26474] CerbNG Multiple Race Condition Vulnerabilities
[SA26437] IBM AIX "at" Command Privilege Escalation Vulnerability
[SA26420] IBM AIX Multiple Privilege Escalation Vulnerabilities
[SA26475] rPath update for dovecot
[SA26418] Gentoo update for terminal
[SA26392] Ubuntu update for xfce4-terminal
[SA26480] Tomboy Insecure LD_LIBRARY_PATH Privilege Escalation
[SA26438] SUSE update for open-iscsi
[SA26411] rPath update for openssl
[SA26389] Linux Kernel Insecure Batch Buffers Privilege Escalation

Other:
[SA26442] Infrant ReadyNAS Devices SSH Default Root Password Weakness

Cross Platform:
[SA26477] Opera JavaScript Invalid Pointer Vulnerability
[SA26453] Babo Violent Multiple Vulnerabilities
[SA26434] PHPCentral Poll "_SERVER[DOCUMENT_ROOT]" File Inclusion
[SA26414] Php Blue Dragon CMS activecontent.php File Inclusion
[SA26402] Sun JRE Font Parsing Vulnerability
[SA26401] Gstebuch "config[root_ordner]" File Inclusion
[SA26399] Bilder Uploader "root" and "config[root_ordner]" File
Inclusions
[SA26397] File Uploader "config[root_ordner]" File Inclusion
[SA26396] Shoutbox "root" File Inclusion
[SA26472] SOTEeSKLEP "file" Directory Traversal Vulnerability
[SA26464] SurgeMail "SEARCH" Command Buffer Overflow
[SA26451] Zoidcom Packet Handling Double Free Vulnerability
[SA26446] Prozilla Webring "cat" SQL Injection
[SA26445] Fedora Commons Empty LDAP Passwords Authentication Bypass
[SA26436] pdftohtml "StreamPredictor::StreamPredictor()" Integer
Overflow Vulnerability
[SA26421] Family Connections "fcms_login_id" Cookie Authentication
Bypass
[SA26406] Streamripper "httplib_parse_sc_header()" Buffer Overflows
[SA26471] IBM DB2 Multiple Vulnerabilities
[SA26452] ESRI ArcSDE Buffer Overflow Vulnerability
[SA26394] HP OpenView Products Shared Trace Service Buffer Overflow
Vulnerabilities
[SA26473] phpGroupWare phpSysInfo index.php URL Cross-Site Scripting
[SA26466] Apache Tomcat Cookie Handling Session ID Disclosure
[SA26465] Apache Tomcat Host Manager Servlet "aliases" Cross-Site
Scripting
[SA26441] OWASP Stinger Multipart Encoded Request Security Bypass
[SA26422] Php-Stats "IP" Cross-Site Scripting
[SA26416] Drupal Content Construction Kit Nodereference Module
Cross-Site Scripting
[SA26408] StoreSprite "next" Cross-Site Scripting Vulnerabilities
[SA26469] Generic Software Wrappers Toolkit  Multiple Race Condition
Vulnerabilities
[SA26444] Microsoft Virtual PC / Virtual Server Privilege Escalation
Vulnerability

=======================================================================5) Vulnerabilities Content Listing

Windows:--

[SA26482] IBM / Lenovo Access Support acpRunner ActiveX Multiple
Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2007-08-15

Will Dormann has reported multiple vulnerabilities in the acpRunner
ActiveX control, which can be exploited by malicious people to
compromise a user's system.

Full Advisory:
http://secunia.com/advisories/26482/ 

 --

[SA26481] Motive Communications ActiveUtils EmailData ActiveX Buffer
Overflow Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2007-08-15

Will Dormann has reported some vulnerabilities in the Motive
Communications ActiveUtils EmailData ActiveX control, which potentially
can be exploited by malicious people to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/26481/ 

 --

[SA26461] Easy Chat Server "username" Buffer Overflow Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2007-08-15

NetJackal has discovered a vulnerability in Easy Chat Server, which can
be exploited by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/26461/ 

 --

[SA26449] Microsoft Windows OLE Automation "substringData()" Integer
Overflow

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2007-08-14

A vulnerability has been reported in Microsoft Windows, which can be
exploited by malicious people to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/26449/ 

 --

[SA26447] Microsoft XML Core Services "substringData()" Integer
Overflow Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2007-08-14

A vulnerability has been reported in Microsoft XML Core Services, which
can be exploited by malicious people to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/26447/ 

 --

[SA26439] Microsoft Windows Vista Gadgets Code Execution
Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2007-08-14

Three vulnerabilities have been reported in Microsoft Windows Vista,
which can be exploited by malicious people to compromise a user's
system.

Full Advisory:
http://secunia.com/advisories/26439/ 

 --

[SA26433] Windows Media Player Skin Handling Code Execution
Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2007-08-14

Two vulnerabilities have been reported in Windows Media Player, which
can be exploited by malicious people to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/26433/ 

 --

[SA26426] Microsoft DirectX Media SDK FlashPix ActiveX Control Buffer
Overflow

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2007-08-13

Krystian Kloskowski has discovered a vulnerability in DirectX Media
SDK, which can be exploited by malicious people to compromise a
vulnerable system.

Full Advisory:
http://secunia.com/advisories/26426/ 

 --

[SA26423] Windows Graphics Rendering Engine Image Handling
Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2007-08-14

A vulnerability has been reported in Microsoft Windows, which
potentially can be exploited by malicious people to compromise a user's
system.

Full Advisory:
http://secunia.com/advisories/26423/ 

 --

[SA26419] Microsoft Internet Explorer Multiple Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2007-08-14

Some vulnerabilities have been reported in Internet Explorer, which can
be exploited by malicious people to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/26419/ 

 --

[SA26412] Qbik WinGate SMTP Service Format String Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2007-08-13

Two vulnerabilities have been discovered in Qbik WinGate, which can be
exploited by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/26412/ 

 --

[SA26409] Microsoft Windows Vector Markup Language Buffer Overflow

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2007-08-14

A vulnerability has been reported in Microsoft Windows, which can be
exploited by malicious people to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/26409/ 

 --

[SA26491] Advanced mIRC Integration Plugin id3 Tag Input Validation
Error

Critical:    Less critical
Where:       From remote
Impact:      Security Bypass
Released:    2007-08-15

Wouter Coekaerts has discovered a vulnerability in Advanced mIRC
Integration Plugin, which can be exploited by malicious people to
bypass certain security restrictions.

Full Advisory:
http://secunia.com/advisories/26491/ 

 --

[SA26431] Diskeeper RPC Request Handling Information Disclosure and
Denial of Service

Critical:    Less critical
Where:       From local network
Impact:      Exposure of system information, DoS
Released:    2007-08-14

Pravus has discovered two vulnerabilities in Diskeeper, which can be
exploited by malicious people to cause a DoS (Denial of Service) or
disclose certain system information.

Full Advisory:
http://secunia.com/advisories/26431/ 

 --

[SA26459] Cisco VPN Client Privilege Escalation Vulnerabilities

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2007-08-16

Some vulnerabilities have been reported in Cisco VPN Client, which can
be exploited by malicious, local users to gain escalated privileges.

Full Advisory:
http://secunia.com/advisories/26459/ 

 --

[SA26435] Symantec Altiris Deployment Solution Aclient Log File Viewer
Privilege Escalation

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2007-08-14

A vulnerability has been reported in Symantec's Altiris Deployment
Solution, which can be exploited by malicious, local users to gain
escalated privileges.

Full Advisory:
http://secunia.com/advisories/26435/ 

 --

[SA26427] Microsoft Internet Explorer FTP Credentials Exposure

Critical:    Not critical
Where:       From remote
Impact:      Exposure of sensitive information
Released:    2007-08-13

A weakness has been reported in Microsoft Internet Explorer, which may
expose FTP usernames and passwords.

Full Advisory:
http://secunia.com/advisories/26427/ 

 --

[SA26448] AMD Catalyst Software Suite DSM Dynamic Driver Vista Kernel
Protection Bypass

Critical:    Not critical
Where:       Local system
Impact:      Security Bypass
Released:    2007-08-15

A weakness has been reported in AMD Catalyst Software Suite, which can
be exploited by malicious, local users to bypass certain security
restrictions.

Full Advisory:
http://secunia.com/advisories/26448/ 


UNIX/Linux:--

[SA26476] rPath update for openoffice.org

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2007-08-15

rPath has issued an update for openoffice.org. This fixes a
vulnerability, which can potentially be exploited by malicious people
to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/26476/ 

 --

[SA26460] Gentoo update for Mozilla Products

Critical:    Highly critical
Where:       From remote
Impact:      Security Bypass, Spoofing, Exposure of sensitive
information, DoS, System access
Released:    2007-08-15

Gentoo has issued an update for Mozilla Products. This fixes some
vulnerabilities, which can be exploited by malicious people to disclose
potentially sensitive information, conduct spoofing and cross-site
scripting attacks, and potentially compromise a user's system.

Full Advisory:
http://secunia.com/advisories/26460/ 

 --

[SA26424] Gentoo update for squirrelmail

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2007-08-13

Gentoo has issued an update for squirrelmail. This fixes some
vulnerabilities, which can be exploited by malicious people to
compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/26424/ 

 --

[SA26404] Debian update for tcpdump

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2007-08-13

Debian has issued an update for tcpdump. This fixes a vulnerability,
which potentially can be exploited by malicious people to compromise a
user's system.

Full Advisory:
http://secunia.com/advisories/26404/ 

 --

[SA26400] Bilder Galerie "config[root_ordner]" Multiple File Inclusion

Critical:    Highly critical
Where:       From remote
Impact:      Exposure of system information, Exposure of sensitive
information, System access
Released:    2007-08-10

Rizgar has discovered some vulnerabilities in Bilder Galerie, which can
be exploited by malicious people to disclose sensitive information or to
compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/26400/ 

 --

[SA26398] Web News "config[root_ordner]" Multiple File Inclusion

Critical:    Highly critical
Where:       From remote
Impact:      Exposure of system information, Exposure of sensitive
information, System access
Released:    2007-08-10

Rizgar has discovered some vulnerabilities in Web News, which can be
exploited by malicious people to disclose sensitive information or to
compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/26398/ 

 --

[SA26395] SUSE Update for Multiple Packages

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2007-08-13

SUSE has issued an update for multiple packages. This fixes some
vulnerabilities, which can be exploited by malicious people to
compromise a user's system.

Full Advisory:
http://secunia.com/advisories/26395/ 

 --

[SA26493] rsync "f_name()" Off-By-One Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2007-08-16

Sebastian Krahmer has reported a vulnerability in rsync, which can
potentially be exploited by malicious people to compromise a vulnerable
system.

Full Advisory:
http://secunia.com/advisories/26493/ 

 --

[SA26470] Mandriva update for kdegraphics

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2007-08-15

Mandriva has issued an update for kdegraphics. This fixes a
vulnerability, which potentially can be exploited by malicious people
to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/26470/ 

 --

[SA26468] Mandriva update for koffice

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2007-08-15

Mandriva has issued an update for koffice. This fixes a vulnerability,
which potentially can be exploited by malicious people to compromise a
user's system.

Full Advisory:
http://secunia.com/advisories/26468/ 

 --

[SA26467] Mandriva update for tetex

Critical:    Moderately critical
Where:       From remote
Impact:      Unknown, DoS, System access
Released:    2007-08-15

Mandriva has issued an update for tetex. This fixes some
vulnerabilities, where some have unknown impact and others can be
exploited by malicious people to cause a DoS (Denial of Service) or
potentially compromise a user's system.

Full Advisory:
http://secunia.com/advisories/26467/ 

 --

[SA26432] Debian update for gpdf

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2007-08-14

Debian has issued an update for gpdf. This fixes a vulnerability, which
potentially can be exploited by malicious people to compromise a user's
system.

Full Advisory:
http://secunia.com/advisories/26432/ 

 --

[SA26429] Ubuntu update for libvorbis

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2007-08-16

Ubuntu has issued an update for libvorbis. This fixes some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service) and potentially compromise an application using
the library.

Full Advisory:
http://secunia.com/advisories/26429/ 

 --

[SA26428] Dell Remote Access Card SSH Denial of Service Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2007-08-16

A vulnerability has been reported in Dell Remote Access Card 4, which
can be exploited by malicious people to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/26428/ 

 --

[SA26425] Mandriva update for cups

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2007-08-16

Mandriva has issued an update for cups. This fixes a vulnerability,
which potentially can be exploited by malicious people to compromise a
user's system.

Full Advisory:
http://secunia.com/advisories/26425/ 

 --

[SA26415] Trustix Update for Multiple Packages

Critical:    Moderately critical
Where:       From remote
Impact:      Unknown, Privilege escalation, DoS, System access
Released:    2007-08-13

Trustix has issued an update for multiple packages. This fixes some
vulnerabilities, which potentially can be exploited by malicious, local
users to gain escalated privileges and by malicious people to cause a
DoS (Denial of Service) or to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/26415/ 

 --

[SA26413] rPath update for cups, poppler, and tetex

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2007-08-13

rPath has issued an update for cups, poppler, and tetex. These fix some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service) and potentially compromise a user's system.

Full Advisory:
http://secunia.com/advisories/26413/ 

 --

[SA26410] Debian update for kdegraphics

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2007-08-14

Debian has issued an update for kdegraphics. This fixes a
vulnerability, which potentially can be exploited by malicious people
to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/26410/ 

 --

[SA26407] Mandriva update for xpdf

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2007-08-14

Mandriva has issued an update for xpdf. This fixes a vulnerability,
which potentially can be exploited by malicious people to compromise a
user's system.

Full Advisory:
http://secunia.com/advisories/26407/ 

 --

[SA26405] Mandriva update for pdftohtml

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2007-08-14

Mandriva has issued an update for pdftohtml. This fixes a
vulnerability, which potentially can be exploited by malicious people
to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/26405/ 

 --

[SA26403] Mandriva update for poppler

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2007-08-14

Mandriva has issued an update for poppler. This fixes a vulnerability,
which can be exploited by malicious people to compromise an application
using the library.

Full Advisory:
http://secunia.com/advisories/26403/ 

 --

[SA26393] rPath update for firefox and thunderbird

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting, System access
Released:    2007-08-13

rPath has issued an update for firefox and thunderbird. This fixes some
vulnerabilities, which can be exploited by malicious people to
compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/26393/ 

 --

[SA26391] Slackware update for seamonkey

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting, System access
Released:    2007-08-13

Slackware has issued an update for seamonkey. This fixes a
vulnerability, which potentially can be exploited by malicious people
to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/26391/ 

 --

[SA26390] Gentoo update for gd

Critical:    Moderately critical
Where:       From remote
Impact:      Unknown, DoS
Released:    2007-08-10

Gentoo has issued an update for gd. This fixes some vulnerabilities,
where some have unknown impacts and others can potentially be exploited
to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/26390/ 

 --

[SA26490] xmms.pl for weechat id3 Tag Input Validation Error

Critical:    Less critical
Where:       From remote
Impact:      Security Bypass
Released:    2007-08-15

Wouter Coekaerts has reported a vulnerability in xmms.pl, which can be
exploited by malicious people to bypass certain security restrictions.

Full Advisory:
http://secunia.com/advisories/26490/ 

 --

[SA26489] xmms.bx for BitchX id3 Tag Input Validation Error

Critical:    Less critical
Where:       From remote
Impact:      Security Bypass
Released:    2007-08-15

Wouter Coekaerts has reported a vulnerability in xmms.bx, which can be
exploited by malicious people to bypass certain security restrictions.

Full Advisory:
http://secunia.com/advisories/26489/ 

 --

[SA26488] Another xmms-info script for XChat id3 Tag Input Validation
Error

Critical:    Less critical
Where:       From remote
Impact:      Security Bypass
Released:    2007-08-15

Wouter Coekaerts has reported a vulnerability in Another xmms-info
script, which can be exploited by malicious people to bypass certain
security restrictions.

Full Advisory:
http://secunia.com/advisories/26488/ 

 --

[SA26487] a2x for XChat id3 Tag Input Validation Error

Critical:    Less critical
Where:       From remote
Impact:      Security Bypass
Released:    2007-08-15

Wouter Coekaerts has reported a vulnerability in a2x, which can be
exploited by malicious people to bypass certain security restrictions.

Full Advisory:
http://secunia.com/advisories/26487/ 

 --

[SA26486] Disrok for XChat id3 Tag Input Validation Error

Critical:    Less critical
Where:       From remote
Impact:      Security Bypass
Released:    2007-08-15

Wouter Coekaerts has reported a vulnerability in Disrok, which can be
exploited by malicious people to bypass certain security restrictions.

Full Advisory:
http://secunia.com/advisories/26486/ 

 --

[SA26485] XMMS Remote Control Script for XChat id3 Tag Input Validation
Error

Critical:    Less critical
Where:       From remote
Impact:      Security Bypass
Released:    2007-08-15

Wouter Coekaerts has reported a vulnerability in XMMS Remote Control
Script, which can be exploited by malicious people to bypass certain
security restrictions.

Full Advisory:
http://secunia.com/advisories/26485/ 

 --

[SA26484] xmms-thing for XChat id3 Tag Input Validation Error

Critical:    Less critical
Where:       From remote
Impact:      Security Bypass
Released:    2007-08-15

Wouter Coekaerts has reported a vulnerability in xmms-thing, which can
be exploited by malicious people to bypass certain security
restrictions.

Full Advisory:
http://secunia.com/advisories/26484/ 

 --

[SA26483] Multiple irssi Music Announcement Scripts id3 Tag Input
Validation Error

Critical:    Less critical
Where:       From remote
Impact:      Security Bypass
Released:    2007-08-15

Wouter Coekaerts has reported a vulnerability in multiple irssi music
announcement scripts, which can be exploited by malicious people to
bypass certain security restrictions.

Full Advisory:
http://secunia.com/advisories/26483/ 

 --

[SA26457] now_playing.rb for weechat id3 Tag Input Validation Error

Critical:    Less critical
Where:       From remote
Impact:      Security Bypass
Released:    2007-08-15

Wouter Coekaerts has reported a vulnerability in now_playing.rb, which
can be exploited by malicious people to bypass certain security
restrictions.

Full Advisory:
http://secunia.com/advisories/26457/ 

 --

[SA26456] Konversation Media Script id3 Tag Input Validation Error

Critical:    Less critical
Where:       From remote
Impact:      Security Bypass
Released:    2007-08-15

Wouter Coekaerts has discovered a vulnerability in Konversation, which
can be exploited by malicious people to bypass certain security
restrictions.

Full Advisory:
http://secunia.com/advisories/26456/ 

 --

[SA26455] xchat-xmms for XChat id3 Tag Input Validation Error

Critical:    Less critical
Where:       From remote
Impact:      Security Bypass
Released:    2007-08-15

Wouter Coekaerts has reported a vulnerability in xchat-xmms, which can
be exploited by malicious people to bypass certain security
restrictions.

Full Advisory:
http://secunia.com/advisories/26455/ 

 --

[SA26454] XMMS-Control for XChat id3 Tag Input Validation Error

Critical:    Less critical
Where:       From remote
Impact:      Security Bypass
Released:    2007-08-15

Wouter Coekaerts has reported a vulnerability in XMMS-Control, which
can be exploited by malicious people to bypass certain security
restrictions.

Full Advisory:
http://secunia.com/advisories/26454/ 

 --

[SA26417] Gentoo update for Net-DNS

Critical:    Less critical
Where:       From remote
Impact:      Spoofing, DoS
Released:    2007-08-13

Gentoo has issued an update for Net-DNS. This fixes two
vulnerabilities, which can be exploited by malicious people to poison
the DNS cache or cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/26417/ 

 --

[SA26430] rPath update for mysql, mysql-bench, and mysql-server

Critical:    Less critical
Where:       From local network
Impact:      Security Bypass, Privilege escalation, DoS
Released:    2007-08-14

rPath has issued an update for mysql, mysql-bench and mysql-server.
This fixes some vulnerabilities, which can be exploited by malicious
users to gain escalated privileges, bypass certain security
restrictions, or cause a DoS (Denial of Service) and by malicious
people to cause a DoS.

Full Advisory:
http://secunia.com/advisories/26430/ 

 --

[SA26479] OpenBSD Systrace and Sysjail Multiple Race Condition
Vulnerabilities

Critical:    Less critical
Where:       Local system
Impact:      Security Bypass
Released:    2007-08-16

Robert Watson has reported some vulnerabilities in Systrace and Sysjail
included in OpenBSD, which can be exploited by malicious, local users to
bypass certain security restrictions.

Full Advisory:
http://secunia.com/advisories/26479/ 

 --

[SA26478] Red Hat update for kernel

Critical:    Less critical
Where:       Local system
Impact:      Exposure of sensitive information, DoS
Released:    2007-08-16

Red Hat has issued an update for the kernel. This fixes some
vulnerabilities, which can be exploited by malicious, local users to
potentially disclose sensitive information or to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/26478/ 

 --

[SA26474] CerbNG Multiple Race Condition Vulnerabilities

Critical:    Less critical
Where:       Local system
Impact:      Security Bypass
Released:    2007-08-16

Robert Watson has reported some vulnerabilities in CerbNG, which can be
exploited by malicious, local users to bypass certain security
restrictions.

Full Advisory:
http://secunia.com/advisories/26474/ 

 --

[SA26437] IBM AIX "at" Command Privilege Escalation Vulnerability

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2007-08-15

A vulnerability has been reported in IBM AIX, which can be exploited by
malicious, local users to gain escalated privileges.

Full Advisory:
http://secunia.com/advisories/26437/ 

 --

[SA26420] IBM AIX Multiple Privilege Escalation Vulnerabilities

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2007-08-13

Some vulnerabilities have been reported in IBM AIX, which can be
exploited by malicious, local users to gain escalated privileges.

Full Advisory:
http://secunia.com/advisories/26420/ 

 --

[SA26475] rPath update for dovecot

Critical:    Not critical
Where:       From remote
Impact:      Security Bypass
Released:    2007-08-15

rPath has issued an update for dovecot. This fixes a weakness, which
can be exploited by malicious users to bypass certain security
restrictions.

Full Advisory:
http://secunia.com/advisories/26475/ 

 --

[SA26418] Gentoo update for terminal

Critical:    Not critical
Where:       From remote
Impact:      Security Bypass
Released:    2007-08-13

Gentoo has issued an update for terminal. This fixes a security issue,
which can be exploited by malicious people to inject shell commands.

Full Advisory:
http://secunia.com/advisories/26418/ 

 --

[SA26392] Ubuntu update for xfce4-terminal

Critical:    Not critical
Where:       From remote
Impact:      Security Bypass
Released:    2007-08-14

Ubuntu has issued an update for xfce4-terminal. This fixes a security
issue, which can be exploited by malicious people to inject shell
commands.

Full Advisory:
http://secunia.com/advisories/26392/ 

 --

[SA26480] Tomboy Insecure LD_LIBRARY_PATH Privilege Escalation

Critical:    Not critical
Where:       Local system
Impact:      Privilege escalation
Released:    2007-08-16

Jab Oravec has reported a security issue in Tomboy, which can be
exploited by malicious, local users to gain escalated privileges.

Full Advisory:
http://secunia.com/advisories/26480/ 

 --

[SA26438] SUSE update for open-iscsi

Critical:    Not critical
Where:       Local system
Impact:      DoS
Released:    2007-08-15

SUSE has issued an update for open-iscsi. This fixes some security
issues, which can be exploited by malicious, local users to cause a DoS
(Denial of Service),

Full Advisory:
http://secunia.com/advisories/26438/ 

 --

[SA26411] rPath update for openssl

Critical:    Not critical
Where:       Local system
Impact:      Exposure of sensitive information
Released:    2007-08-13

rPath has issued an update for openssl. This fixes a weakness, which
can be exploited by malicious, local users to disclose sensitive
information.

Full Advisory:
http://secunia.com/advisories/26411/ 

 --

[SA26389] Linux Kernel Insecure Batch Buffers Privilege Escalation

Critical:    Not critical
Where:       Local system
Impact:      Privilege escalation
Released:    2007-08-10

A vulnerability has been reported in the Linux Kernel, which can be
exploited by malicious, local users to gain escalated privileges.

Full Advisory:
http://secunia.com/advisories/26389/ 


Other:--

[SA26442] Infrant ReadyNAS Devices SSH Default Root Password Weakness

Critical:    Not critical
Where:       From remote
Impact:      Security Bypass
Released:    2007-08-14

Brian Chapados and Felix Domke have reported a weakness in Infrant
ReadyNAS devices, which can be exploited by malicious people to bypass
certain security restrictions.

Full Advisory:
http://secunia.com/advisories/26442/ 


Cross Platform:--

[SA26477] Opera JavaScript Invalid Pointer Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2007-08-15

A vulnerability has been reported in Opera, which potentially can be
exploited by malicious people to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/26477/ 

 --

[SA26453] Babo Violent Multiple Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2007-08-15

Luigi Auriemma has discovered some vulnerabilities in Babo Violent,
which can be exploited by malicious people to cause a DoS (Denial of
Service) or to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/26453/ 

 --

[SA26434] PHPCentral Poll "_SERVER[DOCUMENT_ROOT]" File Inclusion

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2007-08-15

Rizgar has discovered a vulnerability in PHPCentral Poll, which can be
exploited by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/26434/ 

 --

[SA26414] Php Blue Dragon CMS activecontent.php File Inclusion

Critical:    Highly critical
Where:       From remote
Impact:      Exposure of system information, Exposure of sensitive
information, System access
Released:    2007-08-13

Kacper has discovered a vulnerability in Php Blue Dragon CMS, which can
be exploited by malicious people to disclose sensitive information or to
compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/26414/ 

 --

[SA26402] Sun JRE Font Parsing Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2007-08-16

A vulnerability has been reported in Sun JRE, which can be exploited by
malicious people to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/26402/ 

 --

[SA26401] Gstebuch "config[root_ordner]" File Inclusion

Critical:    Highly critical
Where:       From remote
Impact:      Exposure of system information, Exposure of sensitive
information, System access
Released:    2007-08-10

Rizgar has discovered a vulnerability in Gstebuch, which can be
exploited by malicious people to disclose sensitive information or to
compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/26401/ 

 --

[SA26399] Bilder Uploader "root" and "config[root_ordner]" File
Inclusions

Critical:    Highly critical
Where:       From remote
Impact:      Exposure of sensitive information, System access
Released:    2007-08-10

Rizgar has discovered some vulnerabilities in Bilder Uploader, which
can be exploited by malicious people to disclose sensitive information
or to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/26399/ 

 --

[SA26397] File Uploader "config[root_ordner]" File Inclusion

Critical:    Highly critical
Where:       From remote
Impact:      Exposure of sensitive information, System access
Released:    2007-08-10

Rizgar has discovered some vulnerabilities in File Uploader, which can
be exploited by malicious people to disclose sensitive information or
to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/26397/ 

 --

[SA26396] Shoutbox "root" File Inclusion

Critical:    Highly critical
Where:       From remote
Impact:      Exposure of sensitive information, System access
Released:    2007-08-10

Rizgar has discovered a vulnerability in Shoutbox, which can be
exploited by malicious people to disclose sensitive information or to
compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/26396/ 

 --

[SA26472] SOTEeSKLEP "file" Directory Traversal Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Exposure of system information, Exposure of sensitive
information
Released:    2007-08-15

dun has reported a vulnerability in SOTEeSKLEP, which can be exploited
by malicious people to disclose sensitive information.

Full Advisory:
http://secunia.com/advisories/26472/ 

 --

[SA26464] SurgeMail "SEARCH" Command Buffer Overflow

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2007-08-15

Joey Mengele has discovered a vulnerability in SurgeMail, which can be
exploited by malicious users to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/26464/ 

 --

[SA26451] Zoidcom Packet Handling Double Free Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2007-08-15

Luigi Auriemma has discovered a vulnerability in Zoidcom, which can be
exploited by malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/26451/ 

 --

[SA26446] Prozilla Webring "cat" SQL Injection

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data, Exposure of sensitive information
Released:    2007-08-14

t0pP8uZz & xprog have reported a vulnerability in Prozilla Webring,
which can be exploited by malicious people to conduct SQL injection
attacks.

Full Advisory:
http://secunia.com/advisories/26446/ 

 --

[SA26445] Fedora Commons Empty LDAP Passwords Authentication Bypass

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass
Released:    2007-08-14

Bill Niebel has reported a vulnerability in Fedora Commons, which can
be exploited by malicious people to bypass certain security
restrictions.

Full Advisory:
http://secunia.com/advisories/26445/ 

 --

[SA26436] pdftohtml "StreamPredictor::StreamPredictor()" Integer
Overflow Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2007-08-14

A vulnerability has been reported in pdftohtml, which potentially can
be exploited by malicious people to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/26436/ 

 --

[SA26421] Family Connections "fcms_login_id" Cookie Authentication
Bypass

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass
Released:    2007-08-13

ilkerkandemir has discovered a vulnerability in Family Connections,
which can be exploited by malicious people to bypass certain security
restrictions.

Full Advisory:
http://secunia.com/advisories/26421/ 

 --

[SA26406] Streamripper "httplib_parse_sc_header()" Buffer Overflows

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2007-08-13

Some vulnerabilities have been reported in Streamripper, which can be
exploited by malicious people to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/26406/ 

 --

[SA26471] IBM DB2 Multiple Vulnerabilities

Critical:    Moderately critical
Where:       From local network
Impact:      Unknown, Security Bypass, Privilege escalation
Released:    2007-08-16

Multiple vulnerabilities have been reported in IBM DB2, some of which
have an unknown impact, while others can potentially be exploited to
bypass certain security restrictions or perform certain actions with
escalated privileges.

Full Advisory:
http://secunia.com/advisories/26471/ 

 --

[SA26452] ESRI ArcSDE Buffer Overflow Vulnerability

Critical:    Moderately critical
Where:       From local network
Impact:      DoS, System access
Released:    2007-08-16

A vulnerability has been reported in ArcSDE, which can be exploited by
malicious people to cause a DoS (Denial of Service) and potentially
compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/26452/ 

 --

[SA26394] HP OpenView Products Shared Trace Service Buffer Overflow
Vulnerabilities

Critical:    Moderately critical
Where:       From local network
Impact:      System access
Released:    2007-08-10

Some vulnerabilities have been reported in HP OpenView products, which
can be exploited by malicious people to compromise a vulnerable
system.

Full Advisory:
http://secunia.com/advisories/26394/ 

 --

[SA26473] phpGroupWare phpSysInfo index.php URL Cross-Site Scripting

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2007-08-15

A vulnerability has been reported in phpGroupWare, which can be
exploited by malicious people to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/26473/ 

 --

[SA26466] Apache Tomcat Cookie Handling Session ID Disclosure

Critical:    Less critical
Where:       From remote
Impact:      Exposure of sensitive information
Released:    2007-08-15

Tomasz Kuczynski has reported two vulnerabilities in Apache Tomcat,
which can be exploited by malicious people to disclose sensitive
information.

Full Advisory:
http://secunia.com/advisories/26466/ 

 --

[SA26465] Apache Tomcat Host Manager Servlet "aliases" Cross-Site
Scripting

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2007-08-15

NTT OSS CENTER has reported a vulnerability in Apache Tomcat, which can
be exploited by malicious people to conduct cross-site scripting
attacks.

Full Advisory:
http://secunia.com/advisories/26465/ 

 --

[SA26441] OWASP Stinger Multipart Encoded Request Security Bypass

Critical:    Less critical
Where:       From remote
Impact:      Security Bypass
Released:    2007-08-14

Meder Kydyraliev has reported a weakness in OWASP Stinger, which can be
exploited by malicious people to bypass certain security restrictions.

Full Advisory:
http://secunia.com/advisories/26441/ 

 --

[SA26422] Php-Stats "IP" Cross-Site Scripting

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2007-08-13

vasodipandora has discovered a vulnerability in Php-Stats, which can be
exploited by malicious people to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/26422/ 

 --

[SA26416] Drupal Content Construction Kit Nodereference Module
Cross-Site Scripting

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2007-08-14

Some vulnerabilities have been reported in the Drupal Content
Construction Kit, which can be exploited by malicious people to conduct
cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/26416/ 

 --

[SA26408] StoreSprite "next" Cross-Site Scripting Vulnerabilities

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2007-08-10

r0t has discovered a vulnerability in StoreSprite, which can be
exploited by malicious people to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/26408/ 

 --

[SA26469] Generic Software Wrappers Toolkit  Multiple Race Condition
Vulnerabilities

Critical:    Less critical
Where:       Local system
Impact:      Security Bypass
Released:    2007-08-16

Robert Watson has reported some vulnerabilities in Generic Software
Wrappers Toolkit, which can be exploited by malicious, local users to
bypass certain security restrictions.

Full Advisory:
http://secunia.com/advisories/26469/ 

 --

[SA26444] Microsoft Virtual PC / Virtual Server Privilege Escalation
Vulnerability

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2007-08-14

A vulnerability has been reported in Microsoft Virtual PC and Virtual
Server, which can be exploited by malicious, local users to gain
escalated privileges.

Full Advisory:
http://secunia.com/advisories/26444/ 



=======================================================================
Secunia recommends that you verify all advisories you receive,
by clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only use
those supplied by the vendor.

Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/ 

Subscribe:
http://secunia.com/secunia_weekly_summary/ 

Contact details:
Web=09: http://secunia.com/ 
E-mail=09: support@secunia.com 
Tel=09: +45 70 20 51 44
Fax=09: +45 70 20 51 45


--1457021584-1697277096-1187337794=:28741
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

____________________________________
Attend HITBSecConf2007 - Malaysia 
Taking place September 3-6 2007 featuring seven tracks of technical 
training and a dual-track security conference with keynote speakers 
Lance Spitzner and Mikko Hypponen!  -  Book your seats today! 
http://conference.hitb.org/hitbsecconf2007kl/ 
--1457021584-1697277096-1187337794=:28741--

Site design & layout copyright © 1986-2014 CodeGods