AOH :: ISNQ4854.HTM

Secunia Weekly Summary - Issue: 2007-47




Secunia Weekly Summary - Issue: 2007-47
Secunia Weekly Summary - Issue: 2007-47



=======================================================================
                  The Secunia Weekly Advisory Summary                  
                        2007-11-16 - 2007-11-23                        

                       This week: 73 advisories                        

=======================================================================Table of Contents:

1.....................................................Word From Secunia
2....................................................This Week In Brief
3...............................This Weeks Top Ten Most Read Advisories
4.......................................Vulnerabilities Summary Listing
5.......................................Vulnerabilities Content Listing

=======================================================================1) Word From Secunia:

2003: 2,700 advisories published
2004: 3,100 advisories published
2005: 4,600 advisories published
2006: 5,300 advisories published

How do you know which Secunia advisories are important to you?

The Secunia Vulnerability Intelligence Solutions allows you to filter
and structure all the information you need, so you can address issues
effectively.

Get a free trial of the Secunia Vulnerability Intelligence Solutions:
http://corporate.secunia.com/how_to_buy/38/vi/?ref=summary_sm 

=======================================================================2) This Week in Brief:

A vulnerability has been fixed in the BitDefender Online Scanner, which
can be exploited by malicious people to compromise a user's system.

The vulnerability is due to an input validation error within the Online
Scanner (OScan8.ocx / Oscan81.ocx) ActiveX control when handling
arguments passed to the "InitX()" method. By prepending two "%"
characters to the argument of the affected method, a remote attacker
can trigger a heap-based buffer overflow.

Successful exploitation allows execution of arbitrary code, and
requires that a user visits a web page containing the malicious code.

The vulnerability is reported in version 8.0 of the product. The vendor
has released an updated version of the ActiveX control. Customers are
urged to download the fixed version immediately.

Fore more information, refer to:
http://secunia.com/advisories/27717/ 

 --

Some vulnerabilities have been reported in IBM WebSphere Application
Server, one of which has an unknown impact, while the other can be
exploited by malicious people to cause a DoS (Denial of Service).

An error within the Apache mod_proxy module used by the IBM HTTP Server
component can be exploited to cause a DoS. This is caused by a
documented vulnerability in Apache reported from August of this year.

In addition, a security concern with monitor role users in the
Administrative Console component has been reported. No further
information is available.

Users are urged to apply Fix Pack 13 to solve the issues. For more
information, refer to:
http://secunia.com/advisories/27762/ 

 --

Samba has released an updated version to fix two vulnerabilities, which
can be exploited by malicious people to compromise a vulnerable system.

A boundary error discovered by Secunia Research exists within the
"reply_netbios_packet()" function in nmbd/nmbd_packets.c when sending
NetBIOS replies. This can be exploited to cause a stack-based buffer
overflow by sending multiple specially crafted WINS "Name Registration"
requests followed by a WINS "Name Query" request.

Successful exploitation of this vulnerability allows execution of
arbitrary code, but requires that Samba is configured to run as a WINS
server (the "wins support" option is enabled).

The vendor also reported a boundary error within the processing of
GETDC logon requests. This can be exploited to cause a buffer overflow
by sending specially crafted GETDC mailslot requests.

Successful exploitation of this vulnerability requires that Samba is
configured as a Primary or Backup Domain Controller.

The vulnerabilities are reported in version 3.0.26a, and are fixed in
version 3.0.27. Patches are also available for 3.0.26a.

For more information, refer to:
http://secunia.com/advisories/27450/ 

 --

VIRUS ALERTS:

During the past week Secunia collected 207 virus descriptions from the
Antivirus vendors. However, none were deemed MEDIUM risk or higher
according to the Secunia assessment scale.

=======================================================================3) This Weeks Top Ten Most Read Advisories:

1.  [SA27643] Apple Mac OS X Security Update Fixes Multiple
              Vulnerabilities
2.  [SA27450] Samba Multiple Buffer Overflow Vulnerabilities
3.  [SA27695] Apple Mac OS X Application Firewall Weaknesses and
              Security Issue
4.  [SA27717] BitDefender Online Scanner ActiveX Control Buffer
              Overflow
5.  [SA27664] Linux Kernel Multiple Denial of Service Vulnerabilities
6.  [SA27584] Microsoft Windows DNS Service Cache Poisoning
              Vulnerability
7.  [SA27694] Ubuntu update for vmware
8.  [SA27679] Ubuntu update for samba
9.  [SA27672] teTeX Multiple Vulnerabilities
10. [SA27693] HP-UX update for JRE/JDK

=======================================================================4) Vulnerabilities Summary Listing

Windows:
[SA27717] BitDefender Online Scanner ActiveX Control Buffer Overflow
[SA27779] VU Case Manager "default.asp" SQL Injection Vulnerabilities
[SA27774] GWExtranet Information Disclosure and Script Insertion
Vulnerabilities
[SA27758] VU Mass Mailer "redir.asp" SQL Injection Vulnerability
[SA27734] Lhaplus LZH Archive Processing Unspecified Buffer Overflow
[SA27700] Click&BaneX Two SQL Injection Vulnerabilities
[SA27736] Ability Mail Server Unspecified IMAP4 Command Processing
Denial of Service
[SA27751] Invensys Wonderware InTouch Insecure NetDDE Share Permissions
Security Issue

UNIX/Linux:
[SA27785] Apple Mail Command Execution Vulnerability
[SA27772] Debian update for kdegraphics
[SA27744] Slackware update for mozilla-thunderbird
[SA27716] SUSE update for java-1_5_0-ibm
[SA27706] Gentoo update for vmware
[SA27705] Gentoo update for poppler, koffice, kword, kdegraphics, and
kpdf
[SA27704] Gentoo update for mozilla-thunderbird
[SA27702] Gentoo update for link-grammar
[SA27693] HP-UX update for JRE/JDK
[SA27780] rPath update for flac
[SA27761] IRC Services Denial of Service Vulnerability
[SA27754] I Hear U Multiple Denial of Service Vulnerabilities
[SA27745] Fedora update for cacti
[SA27743] Mandriva update for tetex
[SA27741] Gentoo update for pcre
[SA27728] Fedora update for emacs
[SA27724] Mandriva update for cups
[SA27721] Mandriva update for pdftohtml
[SA27718] Fedora update for tetex
[SA27703] rPath update for kernel
[SA27692] ngIRCd "JOIN" Denial of Service Vulnerability
[SA27742] Gentoo update for samba
[SA27731] Slackware update for samba
[SA27720] Mandriva update for samba
[SA27712] Debian update for cupsys
[SA27701] rPath update for samba
[SA27694] Ubuntu update for vmware
[SA27691] Red Hat update for samba
[SA27715] Gentoo update for bochs
[SA27753] Fedora update for phpmyadmin
[SA27746] Slackware update for libpng
[SA27732] SUSE update for apache2
[SA27727] Fedora update for tomcat5
[SA27695] Apple Mac OS X Application Firewall Weaknesses and Security
Issue
[SA27747] Avaya Products Kernel Multiple Vulnerabilities
[SA27740] Gentoo update for net-snmp
[SA27733] Fedora update for net-snmp
[SA27690] nss-mdns Denial of Service Vulnerability
[SA27689] Red Hat update for net-snmp
[SA27739] Gentoo update for feynmf
[SA27737] feynmf Insecure Temporary File Creation
[SA27710] OmniPCX Enterprise Communications Server IP Touch Phone Audio
Unavailability Weakness
[SA27771] Liferea Insecure LD_LIBRARY_PATH Privilege Escalation

Other:
[SA27696] HP-UX update for BIND 8
[SA27738] Linksys WAG54GS Cross-Site Scripting and Cross-Site Request
Forgery Vulnerabilities

Cross Platform:
[SA27767] TalkBack Multiple File Inclusion Vulnerabilities
[SA27723] datecomm "pg" File Inclusion Vulnerability
[SA27722] meBiblio "action" File Inclusion Vulnerability
[SA27708] Sciurus Hosting Panel Security Bypass and PHP Code Execution
[SA27698] phpBBViet "phpbb_root_path" File Inclusion Vulnerability
[SA27777] Wireshark Multiple Denial of Service Vulnerabilities
[SA27765] DevMass Shopping Cart "kfm_base_path" File Inclusion
[SA27762] IBM WebSphere Application Server Two Vulnerabilities
[SA27735] JP1/File Transmission Server/FTP Authentication Bypass and
DoS
[SA27730] ProfileCMS "id" SQL Injection Vulnerability
[SA27729] Rigs Of Rods Denial of Service Vulnerability
[SA27719] Cacti Unspecified SQL Injection Vulnerability
[SA27713] JiRo's Banner System "Email"/"Password" SQL Injection
[SA27711] LIVE555 Media Server "parseRTSPRequestString()" Denial of
Service
[SA27709] IceBB "X-Forwarded-For" SQL Injection
[SA27750] FileMaker Pro/Server Instant Web Publishing Cross-Site
Scripting
[SA27749] Feed2JS Feed URL Cross-Site Scripting
[SA27748] phpMyAdmin "convcharset" Cross-Site Scripting
[SA27752] IBM Director CIM Server Denial of Service Vulnerability
[SA27714] WordPress Cookies Security Bypass Weakness

=======================================================================5) Vulnerabilities Content Listing

Windows:--

[SA27717] BitDefender Online Scanner ActiveX Control Buffer Overflow

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2007-11-21

Greg Linares has reported a vulnerability in BitDefender Online
Scanner, which can be exploited by malicious people to compromise a
user's system.

Full Advisory:
http://secunia.com/advisories/27717/ 

 --

[SA27779] VU Case Manager "default.asp" SQL Injection Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2007-11-22

Aria-Security.Net has reported some vulnerabilities in VU Case Manager,
which can be exploited by malicious people to conduct SQL injection
attacks.

Full Advisory:
http://secunia.com/advisories/27779/ 

 --

[SA27774] GWExtranet Information Disclosure and Script Insertion
Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting, Exposure of system information,
Exposure of sensitive information
Released:    2007-11-22

Joseph.giron13 has reported some vulnerabilities in GWExtranet, which
can be exploited by malicious people to disclose sensitive information,
and by malicious users to conduct script insertion attacks.

Full Advisory:
http://secunia.com/advisories/27774/ 

 --

[SA27758] VU Mass Mailer "redir.asp" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2007-11-22

Aria-Security.Net has reported a vulnerability in VU Mass Mailer, which
can be exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/27758/ 

 --

[SA27734] Lhaplus LZH Archive Processing Unspecified Buffer Overflow

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2007-11-22

A vulnerability has been reported in Lhaplus, which can be exploited by
malicious people to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/27734/ 

 --

[SA27700] Click&BaneX Two SQL Injection Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass, Manipulation of data
Released:    2007-11-20

Aria-Security Team have reported two vulnerabilities in Click&BaneX,
which can be exploited by malicious people to conduct SQL injection
attacks.

Full Advisory:
http://secunia.com/advisories/27700/ 

 --

[SA27736] Ability Mail Server Unspecified IMAP4 Command Processing
Denial of Service

Critical:    Less critical
Where:       From remote
Impact:      DoS
Released:    2007-11-21

A vulnerability has been reported in Ability Mail Server, which
potentially can be exploited by malicious users to cause a DoS (Denial
of Service).

Full Advisory:
http://secunia.com/advisories/27736/ 

 --

[SA27751] Invensys Wonderware InTouch Insecure NetDDE Share Permissions
Security Issue

Critical:    Less critical
Where:       From local network
Impact:      System access
Released:    2007-11-21

A security issue has been reported in Invensys Wonderware InTouch,
which potentially can be exploited by malicious users to compromise a
vulnerable system.

Full Advisory:
http://secunia.com/advisories/27751/ 


UNIX/Linux:--

[SA27785] Apple Mail Command Execution Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2007-11-22

A vulnerability has been reported in Apple Mail, which can be exploited
by malicious people to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/27785/ 

 --

[SA27772] Debian update for kdegraphics

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2007-11-22

Debian has issued an update for kdegraphics. This fixes a
vulnerability, which can be exploited by malicious people to compromise
a user's system.

Full Advisory:
http://secunia.com/advisories/27772/ 

 --

[SA27744] Slackware update for mozilla-thunderbird

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2007-11-21

Slackware has issued an update for mozilla-thunderbird. This fixes some
vulnerabilities, which potentially can be exploited by malicious people
to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/27744/ 

 --

[SA27716] SUSE update for java-1_5_0-ibm

Critical:    Highly critical
Where:       From remote
Impact:      Security Bypass, Manipulation of data, Exposure of system
information, Exposure of sensitive information, DoS, System access
Released:    2007-11-19

SUSE has issued an update for java-1_5_0-ibm. This fixes some
vulnerabilities, which can be exploited by malicious people to bypass
certain security restrictions, manipulate data, disclose
sensitive/system information, cause a DoS (Denial of Service), or
potentially compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/27716/ 

 --

[SA27706] Gentoo update for vmware

Critical:    Highly critical
Where:       From remote
Impact:      Security Bypass, Privilege escalation, DoS, System access
Released:    2007-11-19

Gentoo has issued an update for vmware. This fixes some
vulnerabilities, which can be exploited by malicious, local users to
bypass certain security restrictions, perform certain actions with
escalated privileges, or to cause a DoS (Denial of Service), by
malicious users to bypass certain security restrictions, and by
malicious people to cause a DoS (Denial of Service) or compromise a
vulnerable system.

Full Advisory:
http://secunia.com/advisories/27706/ 

 --

[SA27705] Gentoo update for poppler, koffice, kword, kdegraphics, and
kpdf

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2007-11-19

Gentoo has issued an update for poppler, koffice, kword, kdegraphics,
and kpdf. These fix some vulnerabilities, which can be exploited by
malicious people to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/27705/ 

 --

[SA27704] Gentoo update for mozilla-thunderbird

Critical:    Highly critical
Where:       From remote
Impact:      System access, DoS
Released:    2007-11-19

Gentoo has issued an update for mozilla-thunderbird. This fixes some
vulnerabilities, which potentially can be exploited by malicious people
to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/27704/ 

 --

[SA27702] Gentoo update for link-grammar

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2007-11-19

Gentoo has issued an update for link-grammar. This fixes a
vulnerability, which can be exploited by malicious people to compromise
an application using the library.

Full Advisory:
http://secunia.com/advisories/27702/ 

 --

[SA27693] HP-UX update for JRE/JDK

Critical:    Highly critical
Where:       From remote
Impact:      Security Bypass, Manipulation of data, Exposure of system
information, Exposure of sensitive information, System access
Released:    2007-11-16

HP has issued an update for JRE/JDK. This fixes some vulnerabilities,
which can be exploited by malicious people to bypass certain security
restrictions, manipulate data, disclose sensitive/system information,
or potentially compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/27693/ 

 --

[SA27780] rPath update for flac

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2007-11-22

rPath has issued an update for flac. This fixes some vulnerabilities,
which can be exploited by malicious people to compromise a user's
system.

Full Advisory:
http://secunia.com/advisories/27780/ 

 --

[SA27761] IRC Services Denial of Service Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2007-11-21

A vulnerability has been reported in IRC Services, which can be
exploited by malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/27761/ 

 --

[SA27754] I Hear U Multiple Denial of Service Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2007-11-21

Luigi Auriemma has reported some vulnerabilities in I Hear U, which can
be exploited by malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/27754/ 

 --

[SA27745] Fedora update for cacti

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2007-11-22

Fedora has issued an update for cacti. This fixes a vulnerability,
which can be exploited by malicious people to conduct SQL injection
attacks.

Full Advisory:
http://secunia.com/advisories/27745/ 

 --

[SA27743] Mandriva update for tetex

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data, Exposure of sensitive information,
DoS, System access
Released:    2007-11-21

Mandriva has issued an update for tetex. This fixes some
vulnerabilities, which can be exploited by malicious, local users to
disclose and manipulate sensitive information, and by malicious people
to potentially compromise a user's system.

Full Advisory:
http://secunia.com/advisories/27743/ 

 --

[SA27741] Gentoo update for pcre

Critical:    Moderately critical
Where:       From remote
Impact:      Exposure of sensitive information, DoS, System access
Released:    2007-11-21

Gentoo has issued an update for pcre. This fixes some vulnerabilities,
which can be exploited by malicious people to cause a DoS (Denial of
Service), disclose sensitive information, or potentially compromise an
application using the library.

Full Advisory:
http://secunia.com/advisories/27741/ 

 --

[SA27728] Fedora update for emacs

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2007-11-19

Fedora has issued an update for emacs. This fixes a vulnerability,
which can be exploited by malicious people to compromise a user's
system.

Full Advisory:
http://secunia.com/advisories/27728/ 

 --

[SA27724] Mandriva update for cups

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2007-11-20

Mandriva has issued an update for cups. This fixes some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service) and potentially to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/27724/ 

 --

[SA27721] Mandriva update for pdftohtml

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2007-11-19

Mandriva has issued an update for pdftohtml. This fixes some
vulnerabilities, which potentially can be exploited by malicious people
to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/27721/ 

 --

[SA27718] Fedora update for tetex

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data, Exposure of sensitive information,
DoS, System access
Released:    2007-11-21

Fedora has issued an update for tetex. This fixes some vulnerabilities,
which can be exploited by malicious, local users to disclose and
manipulate sensitive information and by malicious people to potentially
compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/27718/ 

 --

[SA27703] rPath update for kernel

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2007-11-22

rPath has issued an update for the kernel. This fixes some
vulnerabilities, which can be exploited by malicious, local users and
by malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/27703/ 

 --

[SA27692] ngIRCd "JOIN" Denial of Service Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2007-11-19

A vulnerability has been reported in ngIRCd, which can be exploited by
malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/27692/ 

 --

[SA27742] Gentoo update for samba

Critical:    Moderately critical
Where:       From local network
Impact:      System access
Released:    2007-11-21

Gentoo has issued an update for samba. This fixes a vulnerability,
which can be exploited by malicious people to compromise a vulnerable
system.

Full Advisory:
http://secunia.com/advisories/27742/ 

 --

[SA27731] Slackware update for samba

Critical:    Moderately critical
Where:       From local network
Impact:      System access
Released:    2007-11-19

Slackware has issued an update for samba. This fixes some
vulnerabilities, which can be exploited by malicious people to
compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/27731/ 

 --

[SA27720] Mandriva update for samba

Critical:    Moderately critical
Where:       From local network
Impact:      System access
Released:    2007-11-19

Mandriva has issued an update for samba. This fixes some
vulnerabilities, which can be exploited by malicious people to
compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/27720/ 

 --

[SA27712] Debian update for cupsys

Critical:    Moderately critical
Where:       From local network
Impact:      System access
Released:    2007-11-19

Debian has issued an update for cupsys. This fixes a vulnerability,
which can be exploited by malicious people to compromise a vulnerable
system.

Full Advisory:
http://secunia.com/advisories/27712/ 

 --

[SA27701] rPath update for samba

Critical:    Moderately critical
Where:       From local network
Impact:      System access
Released:    2007-11-19

rPath has issued an update for samba. This fixes some vulnerabilities,
which can be exploited by malicious people to compromise a vulnerable
system.

Full Advisory:
http://secunia.com/advisories/27701/ 

 --

[SA27694] Ubuntu update for vmware

Critical:    Moderately critical
Where:       From local network
Impact:      DoS, System access
Released:    2007-11-16

Ubuntu has issued an update for vmware. This fixes some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service) or compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/27694/ 

 --

[SA27691] Red Hat update for samba

Critical:    Moderately critical
Where:       From local network
Impact:      System access
Released:    2007-11-16

Red Hat has issued an update for samba. This fixes some
vulnerabilities, which can be exploited by malicious people to
compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/27691/ 

 --

[SA27715] Gentoo update for bochs

Critical:    Moderately critical
Where:       Local system
Impact:      System access, DoS
Released:    2007-11-19

Gentoo has issued an update for bochs. This fixes some vulnerabilities,
which can be exploited by malicious people to cause a DoS (Denial of
Service) or compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/27715/ 

 --

[SA27753] Fedora update for phpmyadmin

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting, Manipulation of data
Released:    2007-11-22

Fedora has issued an update for phpmyadmin. This fixes some
vulnerabilities, which can be exploited by malicious users to conduct
script insertion and SQL injection attacks and by malicious people to
conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/27753/ 

 --

[SA27746] Slackware update for libpng

Critical:    Less critical
Where:       From remote
Impact:      DoS
Released:    2007-11-21

Slackware has issued an update for libpng. This fixes some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/27746/ 

 --

[SA27732] SUSE update for apache2

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting, DoS
Released:    2007-11-20

SUSE has issued an update for apache2. This fixes some vulnerabilities,
which can be exploited by malicious, local users to cause a DoS (Denial
of Service), and by malicious people to conduct cross-site scripting
attacks or to cause a DoS.

Full Advisory:
http://secunia.com/advisories/27732/ 

 --

[SA27727] Fedora update for tomcat5

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting, Exposure of sensitive information
Released:    2007-11-19

Fedora has issued an update for tomcat5. This fixes some
vulnerabilities, which can be exploited by malicious people to conduct
cross-site scripting attacks or to disclose potentially sensitive
information.

Full Advisory:
http://secunia.com/advisories/27727/ 

 --

[SA27695] Apple Mac OS X Application Firewall Weaknesses and Security
Issue

Critical:    Less critical
Where:       From remote
Impact:      Security Bypass
Released:    2007-11-16

Some weaknesses and a security issue have been reported in Apple Mac OS
X, which can lead to exposure of certain services.

Full Advisory:
http://secunia.com/advisories/27695/ 

 --

[SA27747] Avaya Products Kernel Multiple Vulnerabilities

Critical:    Less critical
Where:       From local network
Impact:      Security Bypass, Exposure of sensitive information, DoS
Released:    2007-11-21

Avaya has acknowledged some vulnerabilities, security issues, and a
weakness in various Avaya products, which can be exploited by
malicious, local users to cause a DoS (Denial of Service) and disclose
potentially sensitive information, and by malicious users and malicious
people to bypass certain security restrictions.

Full Advisory:
http://secunia.com/advisories/27747/ 

 --

[SA27740] Gentoo update for net-snmp

Critical:    Less critical
Where:       From local network
Impact:      DoS
Released:    2007-11-21

Gentoo has issued an update for net-snmp. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/27740/ 

 --

[SA27733] Fedora update for net-snmp

Critical:    Less critical
Where:       From local network
Impact:      DoS
Released:    2007-11-21

Fedora has issued an update for net-snmp. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/27733/ 

 --

[SA27690] nss-mdns Denial of Service Vulnerability

Critical:    Less critical
Where:       From local network
Impact:      DoS
Released:    2007-11-22

A vulnerability has been reported in nss-mdns, which can be exploited
by malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/27690/ 

 --

[SA27689] Red Hat update for net-snmp

Critical:    Less critical
Where:       From local network
Impact:      DoS
Released:    2007-11-16

Red Hat has issued an update for net-snmp. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/27689/ 

 --

[SA27739] Gentoo update for feynmf

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2007-11-21

Gentoo has issued an update for feynmf. This fixes a vulnerability,
which can be exploited by malicious, local users to perform certain
actions with escalated privileges.

Full Advisory:
http://secunia.com/advisories/27739/ 

 --

[SA27737] feynmf Insecure Temporary File Creation

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2007-11-21

A vulnerability has been reported in feynmf, which can be exploited by
malicious, local users to perform certain actions with escalated
privileges.

Full Advisory:
http://secunia.com/advisories/27737/ 

 --

[SA27710] OmniPCX Enterprise Communications Server IP Touch Phone Audio
Unavailability Weakness

Critical:    Not critical
Where:       From local network
Impact:      DoS
Released:    2007-11-20

A weakness has been reported in OmniPCX Enterprise Communications
Server, which can be exploited by malicious people to cause a DoS
(Denial of Service).

Full Advisory:
http://secunia.com/advisories/27710/ 

 --

[SA27771] Liferea Insecure LD_LIBRARY_PATH Privilege Escalation

Critical:    Not critical
Where:       Local system
Impact:      Privilege escalation
Released:    2007-11-22

A security issue has been reported in Liferea, which can be exploited
by malicious, local users to gain escalated privileges.

Full Advisory:
http://secunia.com/advisories/27771/ 


Other:--

[SA27696] HP-UX update for BIND 8

Critical:    Moderately critical
Where:       From remote
Impact:      Spoofing
Released:    2007-11-21

HP-UX has issued an update for BIND 8. This fixes a vulnerability,
which can be exploited by malicious people to poison the DNS cache.

Full Advisory:
http://secunia.com/advisories/27696/ 

 --

[SA27738] Linksys WAG54GS Cross-Site Scripting and Cross-Site Request
Forgery Vulnerabilities

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2007-11-21

Adrian Pastor has reported some vulnerabilities in Linksys WAG54GS,
which can be exploited by malicious people to conduct cross-site
scripting and cross-site request forgery attacks.

Full Advisory:
http://secunia.com/advisories/27738/ 


Cross Platform:--

[SA27767] TalkBack Multiple File Inclusion Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      Exposure of system information, Exposure of sensitive
information, System access
Released:    2007-11-22

NoGe has discovered some vulnerabilities in TalkBack, which can be
exploited by malicious people to disclose sensitive information or to
compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/27767/ 

 --

[SA27723] datecomm "pg" File Inclusion Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      Exposure of system information, Exposure of sensitive
information, System access
Released:    2007-11-19

VerY-SecReT has reported a vulnerability in datecomm, which can be
exploited by malicious people to disclose sensitive information or to
compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/27723/ 

 --

[SA27722] meBiblio "action" File Inclusion Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      Exposure of system information, Exposure of sensitive
information, System access
Released:    2007-11-19

ShAy6oOoN has discovered a vulnerability in meBiblio, which can be
exploited by malicious people to disclose sensitive information or to
compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/27722/ 

 --

[SA27708] Sciurus Hosting Panel Security Bypass and PHP Code Execution

Critical:    Highly critical
Where:       From remote
Impact:      Security Bypass, System access
Released:    2007-11-19

Liz0ziM has discovered two vulnerabilities in Sciurus Hosting Panel,
which can be exploited by malicious people to bypass certain security
restrictions and to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/27708/ 

 --

[SA27698] phpBBViet "phpbb_root_path" File Inclusion Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      Exposure of system information, Exposure of sensitive
information, System access
Released:    2007-11-19

xoron has discovered a vulnerability in phpBBViet, which can be
exploited by malicious people to disclose sensitive information or to
compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/27698/ 

 --

[SA27777] Wireshark Multiple Denial of Service Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2007-11-22

Some vulnerabilities have been reported in Wireshark, which can be
exploited by malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/27777/ 

 --

[SA27765] DevMass Shopping Cart "kfm_base_path" File Inclusion

Critical:    Moderately critical
Where:       From remote
Impact:      Exposure of system information, Exposure of sensitive
information, System access
Released:    2007-11-22

S.W.A.T. has reported a vulnerability in DevMass Shopping Cart, which
can be exploited by malicious people to disclose sensitive information
or to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/27765/ 

 --

[SA27762] IBM WebSphere Application Server Two Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Unknown, DoS
Released:    2007-11-22

Some vulnerabilities have been reported in IBM WebSphere Application
Server, one of which has an unknown impact, while the other can be
exploited by malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/27762/ 

 --

[SA27735] JP1/File Transmission Server/FTP Authentication Bypass and
DoS

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass, DoS
Released:    2007-11-22

Two vulnerabilities have been reported in JP1/File Transmission
Server/FTP, which can be exploited by malicious users to cause a DoS
(Denial of Service) and by malicious people to bypass certain security
restrictions.

Full Advisory:
http://secunia.com/advisories/27735/ 

 --

[SA27730] ProfileCMS "id" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2007-11-22

M.Hasran Addahroni has reported a vulnerability in ProfileCMS, which
can be exploited by malicious users to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/27730/ 

 --

[SA27729] Rigs Of Rods Denial of Service Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2007-11-20

Luigi Auriemma has reported a vulnerability in Rigs of Rods, which can
be exploited by malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/27729/ 

 --

[SA27719] Cacti Unspecified SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2007-11-19

A vulnerability has been reported in Cacti, which potentially can be
exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/27719/ 

 --

[SA27713] JiRo's Banner System "Email"/"Password" SQL Injection

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2007-11-19

Some vulnerabilities have been reported in JiRo's Banner System, which
can be exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/27713/ 

 --

[SA27711] LIVE555 Media Server "parseRTSPRequestString()" Denial of
Service

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2007-11-19

Luigi Auriemma has reported a vulnerability in LIVE555 Media Server,
which can be exploited by malicious people to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/27711/ 

 --

[SA27709] IceBB "X-Forwarded-For" SQL Injection

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2007-11-19

Gu1ll4um3r0m41n has discovered a vulnerability in IceBB, which can be
exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/27709/ 

 --

[SA27750] FileMaker Pro/Server Instant Web Publishing Cross-Site
Scripting

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2007-11-21

A vulnerability has been reported in FileMaker Pro/Server, which can be
exploited by malicious people to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/27750/ 

 --

[SA27749] Feed2JS Feed URL Cross-Site Scripting

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2007-11-21

A vulnerability has been reported in Feed2JS, which can be exploited by
malicious people to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/27749/ 

 --

[SA27748] phpMyAdmin "convcharset" Cross-Site Scripting

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2007-11-21

Tim Brown has discovered a vulnerability in phpMyAdmin, which can be
exploited by malicious people to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/27748/ 

 --

[SA27752] IBM Director CIM Server Denial of Service Vulnerability

Critical:    Less critical
Where:       From local network
Impact:      DoS
Released:    2007-11-21

A vulnerability has been reported in IBM Director, which can be
exploited by malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/27752/ 

 --

[SA27714] WordPress Cookies Security Bypass Weakness

Critical:    Not critical
Where:       From remote
Impact:      Security Bypass
Released:    2007-11-21

Steven J. Murdoch has discovered a weakness in WordPress, which can be
exploited by malicious people to bypass certain security restrictions.

Full Advisory:
http://secunia.com/advisories/27714/ 



=======================================================================
Secunia recommends that you verify all advisories you receive,
by clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only use
those supplied by the vendor.

Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/ 

Subscribe:
http://secunia.com/secunia_weekly_summary/ 

Contact details:
Web	: http://secunia.com/ 
E-mail	: support@secunia.com 
Tel	: +45 70 20 51 44
Fax	: +45 70 20 51 45


__________________________________________________________________      
Visit InfoSec News
http://www.infosecnews.org/ 

Site design & layout copyright © 1986-2014 CodeGods