AOH :: IS1002.HTM

Secunia Weekly Summary - Issue: 2008-33




Secunia Weekly Summary - Issue: 2008-33
Secunia Weekly Summary - Issue: 2008-33



=======================================================================
                  The Secunia Weekly Advisory Summary                  
                        2008-08-07 - 2008-08-14                        

                       This week: 165 advisories                       

=======================================================================Table of Contents:

1.....................................................Word From Secunia
2....................................................This Week In Brief
3...............................This Weeks Top Ten Most Read Advisories
4.......................................Vulnerabilities Summary Listing
5.......................................Vulnerabilities Content Listing

=======================================================================1) Word From Secunia:

Try the Secunia Network Software Inspector (NSI) 2.0 for free! The
Secunia NSI 2.0 is available as a 7-day trial download and can be used
to scan up to 3 hosts within your network.

Download the Secunia NSI trial version from:
https://psi.secunia.com/NSISetup.exe

=======================================================================2) This Week in Brief:

Microsoft has released their monthly security bulletins for August.
Please view the referenced Secunia Advisories for further details.

For more information, refer to:
http://secunia.com/advisories/31455/ 
http://secunia.com/advisories/31454/ 
http://secunia.com/advisories/31453/ 
http://secunia.com/advisories/31446/ 
http://secunia.com/advisories/31336/ 
http://secunia.com/advisories/31375/ 
http://secunia.com/advisories/31385/ 
http://secunia.com/advisories/31411/ 
http://secunia.com/advisories/31415/ 
http://secunia.com/advisories/31417/ 

 --

Some vulnerabilities have been reported in PHP, where some have an
unknown impact and others can potentially be exploited by malicious
people to disclose sensitive information, cause a DoS (Denial of
Service), or compromise a vulnerable system.

For more information, refer to:
http://secunia.com/advisories/31409/ 

 --

VIRUS ALERTS:

During the past week Secunia collected 212 virus descriptions from the
Antivirus vendors. However, none were deemed MEDIUM risk or higher
according to the Secunia assessment scale.

=======================================================================3) This Weeks Top Ten Most Read Advisories:

1.  [SA31441] uTorrent "created by" Buffer Overflow Vulnerability
2.  [SA31397] Webex Meeting Manager WebexUCFObject ActiveX Control
              Buffer Overflow
3.  [SA31412] Sun Solaris Trusted Extensions Labeled Networking
              Unauthorised Access
4.  [SA31445] BitTorrent "created by" Buffer Overflow Vulnerability
5.  [SA31394] e107 download.php "extract()" Vulnerability
6.  [SA31407] PowerDNS Malformed Queries Handling Weakness
7.  [SA31339] SUSE Update for Multiple Packages
8.  [SA31414] RTH File Disclosure and SQL Injection Vulnerabilities
9.  [SA31271] Cygwin Package Handling Security Issue
10. [SA30883] Microsoft Access Snapshot Viewer ActiveX Control
              Vulnerability

=======================================================================4) Vulnerabilities Summary Listing

Windows:
[SA31498] Microsoft Visual Studio Masked Edit Control "Mask" Buffer
Overflow
[SA31481] FlashGet FTP PWD Buffer Overflow Vulnerability
[SA31454] Microsoft Office Excel Multiple Vulnerabilities
[SA31453] Microsoft Office PowerPoint Multiple Vulnerabilities
[SA31445] BitTorrent "created by" Buffer Overflow Vulnerability
[SA31441] uTorrent "created by" Buffer Overflow Vulnerability
[SA31440] Trend Micro Products ObjRemoveCtrl Class Buffer Overflows
[SA31397] Webex Meeting Manager WebexUCFObject ActiveX Control Buffer
Overflow
[SA31385] Microsoft Windows Color Management System Buffer Overflow
[SA31375] Internet Explorer Multiple Vulnerabilities
[SA31336] Microsoft Office Filters Multiple Vulnerabilities
[SA31452] SOURCENEXT Virus Security / Virus Security ZERO Denial of
Service
[SA31446] Microsoft Windows Messenger ActiveX Control Vulnerability
[SA31442] WinGate IMAP Server Buffer Overflow Vulnerability
[SA31434] CA Products kmxfw.sys Privilege Escalation and Denial of
Service
[SA31415] Internet Explorer MHTML Protocol Handler Cross-Domain
Information Disclosure
[SA31376] HydraIRC "irc://" URI Handling Buffer Overflow Vulnerability
[SA31371] Winamp "NowPlaying" Unspecified Vulnerability
[SA31368] E.Z. Poll "Username" and "Password" SQL Injection
Vulnerabilities
[SA31319] CA ARCserve Backup for Laptops and Desktops LGServer Service
Integer Underflow
[SA31480] hMailServer IMAP Denial of Service Vulnerability
[SA31455] Microsoft Office SharePoint Server Privilege Escalation
Vulnerability
[SA31432] Adobe Presenter "viewer.swf" and "loadflash.js" Cross-Site
Scripting
[SA31411] Microsoft Windows IPsec Policy Processing Information
Disclosure
[SA31369] KAPhotoservice "page" Cross-Site Scripting Vulnerability
[SA31325] MailEnable IMAP Denial of Service Vulnerability
[SA31417] Microsoft Windows Event System Privilege Escalation
Vulnerabilities
[SA31361] Sun xVM VirtualBox "VBoxDrv.sys" IOCTL Privilege Escalation
Vulnerability
[SA31433] McAfee Encrypted USB Manager "Re-use Threshold" Security
Bypass

UNIX/Linux:
[SA31497] Red Hat Network Satellite Server Update for Sun Java / IBM
Java Runtime
[SA31492] Red Hat Network Satellite Server Update for Solaris Client
[SA31489] VMware ESXi OpenSSL Vulnerabilities
[SA31467] VMware updates for OpenSSL, net-snmp, and perl
[SA31465] Yelp Invalid URI Format String Vulnerability
[SA31428] Gentoo update for acroread
[SA31405] Fedora update for poppler
[SA31403] Fedora update for thunderbird
[SA31393] Ubuntu update for xine-lib
[SA31377] Gentoo update for Mozilla products
[SA31372] Gentoo update for xine-lib
[SA31352] Sun Solaris Adobe Reader Multiple Vulnerabilities
[SA31339] SUSE Update for Multiple Packages
[SA31326] Apple Mac OS X Security Update Fixes Multiple
Vulnerabilities
[SA31321] Red Hat Extras and Supplementary RealPlayer Vulnerability
[SA31320] Red Hat update for java-1.5.0-ibm
[SA31495] HP Tru64 UNIX BIND Query Port DNS Cache Poisoning
[SA31493] Red Hat update for Red Hat Network Satellite Server
[SA31478] IPsec-Tools racoon Phase 1 Handler Denial of Service
[SA31473] rPath update for idle and python
[SA31471] HP-UX ftpd Unspecified Privileged Access Vulnerability
[SA31457] Joomla "token" Password Change Vulnerability
[SA31437] Gentoo update for clamav
[SA31422] Red Hat update for dnsmasq
[SA31413] ZeeBuddy "adid" SQL Injection Vulnerability
[SA31409] PHP Multiple Vulnerabilities
[SA31399] Fedora update for libxslt
[SA31395] Gentoo update for libxslt
[SA31388] rPath update for cups
[SA31387] rPath update for gaim
[SA31386] Sun Solaris "snoop" Multiple Vulnerabilities
[SA31378] Gentoo update for wireshark
[SA31365] Ubuntu update for python
[SA31363] Ubuntu update for libxslt
[SA31358] Slackware update for python
[SA31347] GIT Pathname Processing Multiple Buffer Overflows
[SA31332] Gentoo update for python
[SA31331] Red Hat update for libxslt
[SA31328] Avaya Communication Manager Perl Regular Expressions
Vulnerability
[SA31324] Debian update for cupsys
[SA31459] Fedora update for condor
[SA31450] IPsec-Tools racoon Denial of Service
[SA31449] GooCMS "s" Cross-Site Scripting Vulnerability
[SA31444] Bugzilla importxml.pl Directory Traversal Vulnerability
[SA31438] Gentoo update for stunnel
[SA31426] Sun Solaris "sendfilev()" Denial of Service
[SA31425] Ovidentia "item" SQL Injection Vulnerability
[SA31423] Red Hat update for condor
[SA31416] Fedora update for httpd
[SA31412] Sun Solaris Trusted Extensions Labeled Networking
Unauthorised Access
[SA31404] Fedora update for httpd
[SA31402] Xoops Kshop Module "search" Cross-Site Scripting
[SA31400] HP-UX libc Denial of Service Vulnerability
[SA31390] Pidgin SSL Verification Security Issue
[SA31384] Apache mod_proxy_ftp Wildcard Characters Cross-Site
Scripting
[SA31380] Debian update for httracker
[SA31360] Debian update for opensc
[SA31359] csphonebook "letter" Cross-Site Scripting
[SA31346] Online Dating "mail_id" SQL Injection Vulnerability
[SA31490] Red Hat Network Proxy Server update for mod_perl
[SA31436] Gentoo update for openldap
[SA31364] Ubuntu update for OpenLDAP
[SA31351] Gentoo update for net-snmp
[SA31334] SUSE update for net-snmp
[SA31322] Red Hat update for nfs-utils
[SA31500] SUSE update for postfix
[SA31485] Postfix Symlink Handling and Destination Ownership Security
Issues
[SA31420] Gentoo update for uudeview and nzbget
[SA31418] Amarok "MagnatuneBrowser::listDownloadComplete()" Insecure
Temporary Files
[SA31398] CA Products Ingres Multiple Vulnerabilities
[SA31356] Sun Solaris namefs Kernel Module Privilege Escalation
[SA31341] Red Hat update for kernel
[SA31318] MaxDB "dbmsrv" Privilege Escalation Vulnerability
[SA31317] Gentoo update for vlc
[SA31448] Debian update for pdns
[SA31401] Fedora update for pdns
[SA31468] VMware VirtualCenter User Account Disclosure
[SA31396] Gentoo update for dhcp
[SA31499] Red Hat update for hplip
[SA31470] HPLIP hpssd Denial of Service
[SA31366] Linux Kernel Information Disclosure and Denial of Service
[SA31348] Sun Solaris "pthread_mutex_reltimedlock_np" Local Denial of
Service

Other:
[SA31482] HP TCP/IP Services for OpenVMS BIND DNS Cache Poisoning
[SA31451] Yamaha RT Series Routers DNS Cache Poisoning
[SA31354] Astaro Security Gateway DNS Cache Poisoning
[SA31435] Alcatel-Lucent OmniSwitch Series Buffer Overflow
Vulnerability
[SA31391] 8e6 R3000 "Host" URL Filter Bypass Vulnerability
[SA31329] Xerox Phaser 8400 Denial of Service Vulnerability

Cross Platform:
[SA31475] Freeway File Inclusion and Cross-Site Scripting
Vulnerabilities
[SA31424] pPIM Multiple Vulnerabilities
[SA31394] e107 download.php "extract()" Vulnerability
[SA31389] LoveCMS Multiple Vulnerabilities
[SA31374] Contenido Unspecified File Inclusion Vulnerabilities
[SA31484] PHP Realty "docID" SQL Injection Vulnerability
[SA31476] Sun Java System Web Proxy Server FTP Subsystem Denial of
Service
[SA31466] Ventrilo Server Denial of Service Vulnerability
[SA31463] NavBoard Local File Inclusion and Cross-Site Scripting
[SA31462] Drupal Multiple Vulnerabilities
[SA31456] Gelato "img" File Disclosure Vulnerability
[SA31447] VitalQIP DNS Cache Poisoning Vulnerability
[SA31431] Kayako SupportSuite Multiple Vulnerabilities
[SA31430] Ruby Multiple Vulnerabilities
[SA31427] Skulltag NULL Pointer Dereference Denial of Service
[SA31421] Vacation Rental Script "id" SQL Injection Vulnerability
[SA31419] Quicksilver Forums "forums[]" SQL Injection Vulnerability
[SA31414] RTH File Disclosure and SQL Injection Vulnerabilities
[SA31408] OpenImpro "id" SQL Injection Vulnerability
[SA31406] Harmoni "Username" Script Insertion Vulnerability
[SA31392] WSN Products "TID" Local File Inclusion
[SA31383] Free Hosting Manager Insecure Cookie Handling Vulnerability
[SA31382] PowerGap Shopsystem "ag" SQL Injection Vulnerability
[SA31381] Apache Tomcat 6 Multiple Vulnerabilities
[SA31379] Apache Tomcat Multiple Vulnerabilities
[SA31367] Gallery Multiple Vulnerabilities
[SA31362] Chupix Contact Module "mods" Local File Inclusion
[SA31353] America's Army Special Forces UDP Processing Denial of
Service
[SA31350] OpenTTD "TruncateString()" Buffer Overflow Vulnerability
[SA31345] Scripts24 iTGP "id" SQL Injection Vulnerability
[SA31344] Scripts24 iPost "id" SQL Injection Vulnerability
[SA31327] moziloCMS "cat" File Disclosure Vulnerability
[SA31488] Datafeed Studio search.php Cross-Site Scripting
Vulnerability
[SA31487] PhpLinkExchange "catid" Cross-Site Scripting Vulnerability
[SA31483] Openfire "url" Cross-Site Scripting Vulnerability
[SA31464] Vim Netrw FTP Credentials Disclosure Security Issue
[SA31460] Drupal Cross-Site Request Forgery and Security Bypass
[SA31439] IceBB "skin" SQL Injection Vulnerability
[SA31355] MRBS "area" Cross-Site Scripting Vulnerabilities
[SA31349] freeForum Cross-Site Scripting Vulnerability
[SA31340] Crafty Syntax Live Help "department" Cross-Site Scripting
Vulnerability
[SA31333] Novell iManager Property Book Security Bypass
[SA31330] OpenSC CardOS Improper Initialization Security Issue
[SA31323] HTTrack Long URLs Buffer Overflow Vulnerability
[SA31357] Ingres Multiple Vulnerabilities
[SA31407] PowerDNS Malformed Queries Handling Weakness
[SA31338] Mono ASP.net Cross-Site Scripting
[SA31335] Sun Netra T5220 Server Local Denial of Service

=======================================================================5) Vulnerabilities Content Listing

Windows:--

[SA31498] Microsoft Visual Studio Masked Edit Control "Mask" Buffer
Overflow

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2008-08-14

A vulnerability has been reported in Microsoft Visual Studio, which can
potentially be exploited by malicious people to compromise a user's
system.

Full Advisory:
http://secunia.com/advisories/31498/ 

 --

[SA31481] FlashGet FTP PWD Buffer Overflow Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2008-08-14

Krystian Kloskowski has discovered a vulnerability in FlashGet, which
can be exploited by malicious people to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/31481/ 

 --

[SA31454] Microsoft Office Excel Multiple Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      Exposure of sensitive information, System access
Released:    2008-08-12

Multiple vulnerabilities have been reported in Microsoft Excel, which
can be exploited by malicious people to gain knowledge of sensitive
information or compromise a user's system.

Full Advisory:
http://secunia.com/advisories/31454/ 

 --

[SA31453] Microsoft Office PowerPoint Multiple Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2008-08-12

Some vulnerabilities have been reported in Microsoft PowerPoint, which
can be exploited by malicious people to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/31453/ 

 --

[SA31445] BitTorrent "created by" Buffer Overflow Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2008-08-12

A vulnerability has been discovered in BitTorrent, which potentially
can be exploited by malicious people to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/31445/ 

 --

[SA31441] uTorrent "created by" Buffer Overflow Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2008-08-12

A vulnerability has been discovered in uTorrent, which potentially can
be exploited by malicious people to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/31441/ 

 --

[SA31440] Trend Micro Products ObjRemoveCtrl Class Buffer Overflows

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2008-08-11

Some vulnerabilities have been reported in multiple Trend Micro
products, which can be exploited by malicious people to compromise a
user's system.

Full Advisory:
http://secunia.com/advisories/31440/ 

 --

[SA31397] Webex Meeting Manager WebexUCFObject ActiveX Control Buffer
Overflow

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2008-08-07

Elazar Broad has discovered a vulnerability in Webex Meeting Manager,
which can be exploited by malicious people to compromise a user's
system.

Full Advisory:
http://secunia.com/advisories/31397/ 

 --

[SA31385] Microsoft Windows Color Management System Buffer Overflow

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2008-08-12

A vulnerability has been reported in Microsoft Windows, which can be
exploited by malicious people to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/31385/ 

 --

[SA31375] Internet Explorer Multiple Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2008-08-12

Multiple vulnerabilities have been reported in Internet Explorer, which
can be exploited by malicious people to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/31375/ 

 --

[SA31336] Microsoft Office Filters Multiple Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2008-08-12

Multiple vulnerabilities have been reported in Microsoft Office, which
can be exploited by malicious people to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/31336/ 

 --

[SA31452] SOURCENEXT Virus Security / Virus Security ZERO Denial of
Service

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2008-08-12

A vulnerability has been reported in SOURCENEXT Virus Security and
Virus Security ZERO, which can be exploited by malicious people to
cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/31452/ 

 --

[SA31446] Microsoft Windows Messenger ActiveX Control Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data, Exposure of sensitive information
Released:    2008-08-12

A vulnerability has been reported in Microsoft Windows Messenger, which
can be exploited by malicious people to gain knowledge of sensitive
information.

Full Advisory:
http://secunia.com/advisories/31446/ 

 --

[SA31442] WinGate IMAP Server Buffer Overflow Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2008-08-11

Joo Antunes has discovered a vulnerability in WinGate, which can be
exploited by malicious users to cause a DoS (Denial of Service) or to
potentially compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/31442/ 

 --

[SA31434] CA Products kmxfw.sys Privilege Escalation and Denial of
Service

Critical:    Moderately critical
Where:       From remote
Impact:      Privilege escalation, DoS
Released:    2008-08-12

Some vulnerabilities have been reported in multiple CA products, which
can be exploited by malicious, local users to cause a DoS (Denial of
Service) or to potentially gain escalated privileges, and by malicious
people to cause a DoS.

Full Advisory:
http://secunia.com/advisories/31434/ 

 --

[SA31415] Internet Explorer MHTML Protocol Handler Cross-Domain
Information Disclosure

Critical:    Moderately critical
Where:       From remote
Impact:      Exposure of sensitive information
Released:    2008-08-12

A vulnerability has been reported in Internet Explorer, which can be
exploited by malicious people to gain knowledge of sensitive
information.

Full Advisory:
http://secunia.com/advisories/31415/ 

 --

[SA31376] HydraIRC "irc://" URI Handling Buffer Overflow Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2008-08-05

securfrog has discovered a vulnerability in HydraIRC, which can be
exploited by malicious people to potentially compromise a user's
system.

Full Advisory:
http://secunia.com/advisories/31376/ 

 --

[SA31371] Winamp "NowPlaying" Unspecified Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Unknown
Released:    2008-08-05

A vulnerability with an unknown impact has been reported in Winamp.

Full Advisory:
http://secunia.com/advisories/31371/ 

 --

[SA31368] E.Z. Poll "Username" and "Password" SQL Injection
Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2008-08-04

t0fx has discovered some vulnerabilities in E. Z. Poll, which can be
exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/31368/ 

 --

[SA31319] CA ARCserve Backup for Laptops and Desktops LGServer Service
Integer Underflow

Critical:    Moderately critical
Where:       From local network
Impact:      DoS, System access
Released:    2008-08-01

A vulnerability has been reported in CA ARCserve Backup for Laptops and
Desktops, which can be exploited by malicious people to cause a DoS
(Denial of Service) or compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/31319/ 

 --

[SA31480] hMailServer IMAP Denial of Service Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      DoS
Released:    2008-08-13

Joo Antunes has reported a vulnerability in hMailServer, which can be
exploited by malicious users to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/31480/ 

 --

[SA31455] Microsoft Office SharePoint Server Privilege Escalation
Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Privilege escalation
Released:    2008-08-12

A vulnerability has been reported in Microsoft Office SharePoint
Server, which can be exploited by malicious users to gain escalated
privileges.

Full Advisory:
http://secunia.com/advisories/31455/ 

 --

[SA31432] Adobe Presenter "viewer.swf" and "loadflash.js" Cross-Site
Scripting

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2008-08-11

Some vulnerabilities have been reported in Adobe Presenter, which can
be exploited by malicious people to conduct cross-site scripting
attacks.

Full Advisory:
http://secunia.com/advisories/31432/ 

 --

[SA31411] Microsoft Windows IPsec Policy Processing Information
Disclosure

Critical:    Less critical
Where:       From remote
Impact:      Exposure of sensitive information
Released:    2008-08-12

A security issue has been reported in Microsoft Windows, which may
expose sensitive information to malicious people

Full Advisory:
http://secunia.com/advisories/31411/ 

 --

[SA31369] KAPhotoservice "page" Cross-Site Scripting Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2008-08-08

by_casper41 has reported a vulnerability in KAPhotoservice, which can
be exploited by malicious people to conduct cross-site scripting
attacks.

Full Advisory:
http://secunia.com/advisories/31369/ 

 --

[SA31325] MailEnable IMAP Denial of Service Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      DoS
Released:    2008-08-01

A vulnerability has been reported in MailEnable, which can be exploited
by malicious users to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/31325/ 

 --

[SA31417] Microsoft Windows Event System Privilege Escalation
Vulnerabilities

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2008-08-12

Two vulnerabilities have been reported in Microsoft Windows, which can
be exploited by malicious, local users to gain escalated privileges.

Full Advisory:
http://secunia.com/advisories/31417/ 

 --

[SA31361] Sun xVM VirtualBox "VBoxDrv.sys" IOCTL Privilege Escalation
Vulnerability

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2008-08-05

Core Security Technologies has reported a vulnerability in Sun xVM
VirtualBox, which can be exploited by malicious, local users to gain
escalated privileges.

Full Advisory:
http://secunia.com/advisories/31361/ 

 --

[SA31433] McAfee Encrypted USB Manager "Re-use Threshold" Security
Bypass

Critical:    Not critical
Where:       From remote
Impact:      Security Bypass
Released:    2008-08-11

McAfee has acknowledged a security issue in McAfee Encrypted USB
Manager, which can be exploited by malicious people to bypass certain
security restrictions.

Full Advisory:
http://secunia.com/advisories/31433/ 


UNIX/Linux:--

[SA31497] Red Hat Network Satellite Server Update for Sun Java / IBM
Java Runtime

Critical:    Highly critical
Where:       From remote
Impact:      Security Bypass, Manipulation of data, Exposure of system
information, Exposure of sensitive information, DoS, System access
Released:    2008-08-14

Red Hat has issued an update for the Red Hat Network Satellite Server
Sun Java and IBM Java runtimes. This fixes some vulnerabilities, which
can be exploited by malicious people to bypass certain security
restrictions, disclose system information or potentially sensitive
information, cause a DoS (Denial of Service), or compromise a
vulnerable system.

Full Advisory:
http://secunia.com/advisories/31497/ 

 --

[SA31492] Red Hat Network Satellite Server Update for Solaris Client

Critical:    Highly critical
Where:       From remote
Impact:      Security Bypass, Exposure of sensitive information, DoS,
System access
Released:    2008-08-14

Red Hat has issued an update for the Red Hat Network Satellite Server
Solaris client. This fixes some vulnerabilities, which can be exploited
by malicious people to expose sensitive information, bypass certain
security restrictions, cause a DoS (Denial of Service), and potentially
compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/31492/ 

 --

[SA31489] VMware ESXi OpenSSL Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2008-08-13

VMware has acknowledged some vulnerabilities in VMware ESXi, which can
be exploited by malicious people to cause a DoS (Denial of Service) and
potentially compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/31489/ 

 --

[SA31467] VMware updates for OpenSSL, net-snmp, and perl

Critical:    Highly critical
Where:       From remote
Impact:      Spoofing, DoS, System access
Released:    2008-08-13

VMware has issued updated OpenSSL, net-snmp, and perl packages. This
fixes some vulnerabilities, which can be exploited by malicious people
to spoof authenticated SNMPv3 packets, cause a DoS (Denial of Service),
and compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/31467/ 

 --

[SA31465] Yelp Invalid URI Format String Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2008-08-14

A vulnerability has been reported in Yelp, which potentially can be
exploited by malicious people to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/31465/ 

 --

[SA31428] Gentoo update for acroread

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2008-08-11

Gentoo has issued an update for acroread. This fixes a vulnerability,
which potentially can be exploited by malicious people to compromise a
user's system.

Full Advisory:
http://secunia.com/advisories/31428/ 

 --

[SA31405] Fedora update for poppler

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2008-08-08

Fedora has issued an update for poppler. This fixes a vulnerability,
which can be exploited by malicious people to compromise an application
using the library.

Full Advisory:
http://secunia.com/advisories/31405/ 

 --

[SA31403] Fedora update for thunderbird

Critical:    Highly critical
Where:       From remote
Impact:      Spoofing, Exposure of sensitive information, DoS, System
access
Released:    2008-08-08

Fedora has issued an update for thunderbird. This fixes some
vulnerabilities, which can be exploited by malicious people to conduct
spoofing attacks, disclose sensitive information, and to compromise a
user's system.

Full Advisory:
http://secunia.com/advisories/31403/ 

 --

[SA31393] Ubuntu update for xine-lib

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2008-08-11

Ubuntu has issued an update for xine-lib. This fixes some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service) and compromise a user's system.

Full Advisory:
http://secunia.com/advisories/31393/ 

 --

[SA31377] Gentoo update for Mozilla products

Critical:    Highly critical
Where:       From remote
Impact:      System access, DoS, Exposure of sensitive information,
Exposure of system information, Spoofing, Cross Site Scripting,
Security Bypass
Released:    2008-08-06

Gentoo has issued an update for various Mozilla products. This fixes
some vulnerabilities, which can be exploited by malicious people to
conduct cross-site scripting and spoofing attacks, bypass certain
security restrictions, disclose sensitive information, or potentially
compromise a user's system.

Full Advisory:
http://secunia.com/advisories/31377/ 

 --

[SA31372] Gentoo update for xine-lib

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2008-08-06

Gentoo has issued an update for xine-lib. This fixes some
vulnerabilities, which can be exploited by malicious people to
compromise a user's system.

Full Advisory:
http://secunia.com/advisories/31372/ 

 --

[SA31352] Sun Solaris Adobe Reader Multiple Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      Privilege escalation, DoS, System access
Released:    2008-08-04

Sun has acknowledged a vulnerability and a security issue in Adobe
Reader in Sun Solaris, which can be exploited by malicious, local users
to perform certain actions with escalated privileges and potentially by
malicious people to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/31352/ 

 --

[SA31339] SUSE Update for Multiple Packages

Critical:    Highly critical
Where:       From remote
Impact:      System access, DoS, Exposure of sensitive information,
Cross Site Scripting
Released:    2008-08-08

SUSE has issued an update for multiple packages. This fixes some
vulnerabilities, which can be exploited by malicious users to conduct
script insertion attacks, and by malicious people to disclose
potentially sensitive information, conduct cross-site request forgery
attacks, and compromise a user's system.

Full Advisory:
http://secunia.com/advisories/31339/ 

 --

[SA31326] Apple Mac OS X Security Update Fixes Multiple
Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      Security Bypass, Spoofing, Privilege escalation, DoS,
System access
Released:    2008-08-01

Apple has issued a security update for Mac OS X, which fixes multiple
vulnerabilities.

Full Advisory:
http://secunia.com/advisories/31326/ 

 --

[SA31321] Red Hat Extras and Supplementary RealPlayer Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2008-08-01

Red Hat has acknowledged a vulnerability in RealPlayer, which can be
exploited by malicious people to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/31321/ 

 --

[SA31320] Red Hat update for java-1.5.0-ibm

Critical:    Highly critical
Where:       From remote
Impact:      Exposure of sensitive information, DoS, System access,
Security Bypass
Released:    2008-08-01

Red Hat has issued an update for java-1.5.0-ibm. This fixes some
vulnerabilities, which can be exploited by malicious people to bypass
certain security restrictions, disclose sensitive information, or
compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/31320/ 

 --

[SA31495] HP Tru64 UNIX BIND Query Port DNS Cache Poisoning

Critical:    Moderately critical
Where:       From remote
Impact:      Spoofing
Released:    2008-08-14

HP has acknowledged a vulnerability in HP Tru64 UNIX, which can be
exploited by malicious people to poison the DNS cache.

Full Advisory:
http://secunia.com/advisories/31495/ 

 --

[SA31493] Red Hat update for Red Hat Network Satellite Server

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass, Cross Site Scripting, Exposure of
sensitive information, DoS
Released:    2008-08-14

Red Hat has issued an update for Red Hat Network Satellite Server. This
fixes some vulnerabilities, which can be exploited by malicious users to
disclose potentially sensitive information, and malicious people to
bypass certain security restrictions, disclose sensitive information,
conduct cross-site scripting attacks, and cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/31493/ 

 --

[SA31478] IPsec-Tools racoon Phase 1 Handler Denial of Service

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2008-08-13

A vulnerability has been reported in IPsec-Tools, which can be
exploited by malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/31478/ 

 --

[SA31473] rPath update for idle and python

Critical:    Moderately critical
Where:       From remote
Impact:      Unknown, DoS, System access
Released:    2008-08-14

rPath has issued an update for idle and python. This fixes some
vulnerabilities, where some have unknown impact and others can
potentially be exploited by malicious people to cause a DoS (Denial of
Service) or to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/31473/ 

 --

[SA31471] HP-UX ftpd Unspecified Privileged Access Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass, DoS
Released:    2008-08-13

A vulnerability has been reported in HP-UX, which can be exploited by
malicious people to bypass certain security restrictions and to cause a
DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/31471/ 

 --

[SA31457] Joomla "token" Password Change Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass, Manipulation of data
Released:    2008-08-13

d3m0n has reported a vulnerability in Joomla!, which can be exploited
by malicious people to bypass certain security restrictions and
manipulate data.

Full Advisory:
http://secunia.com/advisories/31457/ 

 --

[SA31437] Gentoo update for clamav

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2008-08-11

Gentoo has issued an update for clamav. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/31437/ 

 --

[SA31422] Red Hat update for dnsmasq

Critical:    Moderately critical
Where:       From remote
Impact:      Spoofing
Released:    2008-08-12

Red Hat has issued an update for dnsmasq. This fixes a vulnerability,
which can be exploited by malicious people to poison the DNS cache.

Full Advisory:
http://secunia.com/advisories/31422/ 

 --

[SA31413] ZeeBuddy "adid" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data, Exposure of sensitive information
Released:    2008-08-11

Hussin X has reported a vulnerability in ZeeBuddy, which can be
exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/31413/ 

 --

[SA31409] PHP Multiple Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Unknown, Exposure of sensitive information, DoS, System
access
Released:    2008-08-12

Some vulnerabilities have been reported in PHP, where some have an
unknown impact and others can potentially be exploited by malicious
people to disclose sensitive information, cause a DoS (Denial of
Service), or compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/31409/ 

 --

[SA31399] Fedora update for libxslt

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2008-08-08

Fedora has issued an update for libxslt. This fixes some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service) and potentially compromise an application using
the library.

Full Advisory:
http://secunia.com/advisories/31399/ 

 --

[SA31395] Gentoo update for libxslt

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2008-08-07

Gentoo has issued an update for libxslt. This fixes some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service) or potentially compromise an application using
the library.

Full Advisory:
http://secunia.com/advisories/31395/ 

 --

[SA31388] rPath update for cups

Critical:    Moderately critical
Where:       From remote
Impact:      System access, DoS
Released:    2008-08-06

rPath has issued an update for cups. This fixes a vulnerability, which
can be exploited by malicious people to cause a DoS (Denial of Service)
and potentially compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/31388/ 

 --

[SA31387] rPath update for gaim

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2008-08-06

rPath has issued an update for gaim. This fixes some vulnerabilities,
which potentially can be exploited by malicious people to compromise a
user's system.

Full Advisory:
http://secunia.com/advisories/31387/ 

 --

[SA31386] Sun Solaris "snoop" Multiple Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2008-08-06

Some vulnerabilities have been reported in Sun Solaris, which can be
exploited by malicious people to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/31386/ 

 --

[SA31378] Gentoo update for wireshark

Critical:    Moderately critical
Where:       From remote
Impact:      Exposure of sensitive information, DoS
Released:    2008-08-06

Gentoo has issued an update for wireshark. This fixes some
vulnerabilities, which can be exploited by malicious people to disclose
potentially sensitive information or cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/31378/ 

 --

[SA31365] Ubuntu update for python

Critical:    Moderately critical
Where:       From remote
Impact:      Unknown, DoS, System access
Released:    2008-08-04

Ubuntu has issued an update for python. This fixes some
vulnerabilities, where some have unknown impact and others can
potentially be exploited by malicious people to cause a DoS (Denial of
Service) or to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/31365/ 

 --

[SA31363] Ubuntu update for libxslt

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2008-08-04

Ubuntu has issued an update for libxslt. This fixes a some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service) and potentially compromise an application using
the library.

Full Advisory:
http://secunia.com/advisories/31363/ 

 --

[SA31358] Slackware update for python

Critical:    Moderately critical
Where:       From remote
Impact:      Unknown, DoS, System access
Released:    2008-08-05

Slackware has issued an update for python. This fixes some
vulnerabilities, where some have unknown impact and others can
potentially be exploited by malicious people to cause a DoS (Denial of
Service) or to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/31358/ 

 --

[SA31347] GIT Pathname Processing Multiple Buffer Overflows

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2008-08-05

Some vulnerabilities have been reported in GIT, which can potentially
be exploited by malicious people to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/31347/ 

 --

[SA31332] Gentoo update for python

Critical:    Moderately critical
Where:       From remote
Impact:      Unknown, DoS, System access
Released:    2008-08-04

Gentoo has issued an update for python. This fixes some
vulnerabilities, where some have unknown impact and others can
potentially be exploited by malicious people to cause a DoS (Denial of
Service) or to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/31332/ 

 --

[SA31331] Red Hat update for libxslt

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2008-08-01

Red Hat has issued an update for libxslt. This fixes some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service) and potentially compromise an application using
the library.

Full Advisory:
http://secunia.com/advisories/31331/ 

 --

[SA31328] Avaya Communication Manager Perl Regular Expressions
Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2008-08-01

Avaya has acknowledged a vulnerability in Perl in Avaya Communication
Manager, which can potentially be exploited by malicious people to
compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/31328/ 

 --

[SA31324] Debian update for cupsys

Critical:    Moderately critical
Where:       From local network
Impact:      DoS, System access
Released:    2008-08-01

Debian has issued an update for cupsys. This fixes some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service) and compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/31324/ 

 --

[SA31459] Fedora update for condor

Critical:    Less critical
Where:       From remote
Impact:      Security Bypass
Released:    2008-08-13

Fedora has issued an update for condor. This fixes a security issue,
which can be exploited by malicious users to bypass certain security
restrictions.

Full Advisory:
http://secunia.com/advisories/31459/ 

 --

[SA31450] IPsec-Tools racoon Denial of Service

Critical:    Less critical
Where:       From remote
Impact:      DoS
Released:    2008-08-12

A vulnerability has been reported in IPsec-Tools, which can be
exploited by malicious users to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/31450/ 

 --

[SA31449] GooCMS "s" Cross-Site Scripting Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2008-08-12

ahmadbaby has discovered a vulnerability in GooCMS, which can be
exploited by malicious people to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/31449/ 

 --

[SA31444] Bugzilla importxml.pl Directory Traversal Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Exposure of system information, Exposure of sensitive
information
Released:    2008-08-12

A vulnerability has been reported in Bugzilla, which can be exploited
by malicious users to disclose sensitive information.

Full Advisory:
http://secunia.com/advisories/31444/ 

 --

[SA31438] Gentoo update for stunnel

Critical:    Less critical
Where:       From remote
Impact:      Security Bypass
Released:    2008-08-11

Gentoo has issued an update for stunnel. This fixes a vulnerability,
which can be exploited by malicious people to bypass certain security
restrictions.

Full Advisory:
http://secunia.com/advisories/31438/ 

 --

[SA31426] Sun Solaris "sendfilev()" Denial of Service

Critical:    Less critical
Where:       From remote
Impact:      DoS
Released:    2008-08-12

A vulnerability has been reported in Sun Solaris, which can be
exploited by malicious users to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/31426/ 

 --

[SA31425] Ovidentia "item" SQL Injection Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Manipulation of data
Released:    2008-08-12

IRCRASH has discovered a vulnerability in Ovidentia, which can be
exploited by malicious users to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/31425/ 

 --

[SA31423] Red Hat update for condor

Critical:    Less critical
Where:       From remote
Impact:      Security Bypass
Released:    2008-08-12

Red Hat has issued an update for condor. This fixes a security issue,
which can be exploited by malicious users to bypass certain security
restrictions.

Full Advisory:
http://secunia.com/advisories/31423/ 

 --

[SA31416] Fedora update for httpd

Critical:    Less critical
Where:       From remote
Impact:      DoS
Released:    2008-08-08

Fedora has issued an update for httpd. This fixes two vulnerabilities,
which can be exploited by malicious people to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/31416/ 

 --

[SA31412] Sun Solaris Trusted Extensions Labeled Networking
Unauthorised Access

Critical:    Less critical
Where:       From remote
Impact:      Security Bypass
Released:    2008-08-08

A vulnerability has been reported in Sun Solaris, which can be
exploited by malicious people to bypass certain security restrictions.

Full Advisory:
http://secunia.com/advisories/31412/ 

 --

[SA31404] Fedora update for httpd

Critical:    Less critical
Where:       From remote
Impact:      DoS
Released:    2008-08-08

Fedora has issued an update for httpd. This fixes a vulnerability,
which potentially can be exploited by malicious people to cause a DoS
(Denial of Service).

Full Advisory:
http://secunia.com/advisories/31404/ 

 --

[SA31402] Xoops Kshop Module "search" Cross-Site Scripting

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2008-08-07

Lostmon has discovered a vulnerability in the Kshop module for Xoops,
which can be exploited by malicious people to conduct cross-site
scripting attacks.

Full Advisory:
http://secunia.com/advisories/31402/ 

 --

[SA31400] HP-UX libc Denial of Service Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      DoS
Released:    2008-08-07

HP has acknowledged a vulnerability in libc, which can be exploited by
malicious users to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/31400/ 

 --

[SA31390] Pidgin SSL Verification Security Issue

Critical:    Less critical
Where:       From remote
Impact:      Spoofing
Released:    2008-08-06

A security issue has been reported in Pidgin, which can be exploited by
malicious people to conduct spoofing attacks.

Full Advisory:
http://secunia.com/advisories/31390/ 

 --

[SA31384] Apache mod_proxy_ftp Wildcard Characters Cross-Site
Scripting

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2008-08-06

A vulnerability has been reported in Apache, which can be exploited by
malicious people to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/31384/ 

 --

[SA31380] Debian update for httracker

Critical:    Less critical
Where:       From remote
Impact:      System access
Released:    2008-08-04

Debian has issued an update for httracker. This fixes a security issue,
which can be exploited by malicious people to potentially compromise a
vulnerable system.

Full Advisory:
http://secunia.com/advisories/31380/ 

 --

[SA31360] Debian update for opensc

Critical:    Less critical
Where:       From remote
Impact:      Security Bypass
Released:    2008-08-04

Debian has issued an update for opensc. This fixes a security issue,
which can be exploited by malicious people to bypass certain security
restrictions.

Full Advisory:
http://secunia.com/advisories/31360/ 

 --

[SA31359] csphonebook "letter" Cross-Site Scripting

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2008-08-07

Ghost Hacker has discovered a vulnerability in csphonebook, which can
be exploited by malicious people to conduct cross-site scripting
attacks.

Full Advisory:
http://secunia.com/advisories/31359/ 

 --

[SA31346] Online Dating "mail_id" SQL Injection Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Manipulation of data, Exposure of sensitive information
Released:    2008-08-04

Corwin has reported a vulnerability in Online Dating, which can be
exploited by malicious users to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/31346/ 

 --

[SA31490] Red Hat Network Proxy Server update for mod_perl

Critical:    Less critical
Where:       From local network
Impact:      DoS
Released:    2008-08-14

Red Hat has issued an update for the Red Hat Network Proxy Server
mod_perl package. This fixes a vulnerability, which potentially can be
exploited by malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/31490/ 

 --

[SA31436] Gentoo update for openldap

Critical:    Less critical
Where:       From local network
Impact:      DoS
Released:    2008-08-11

Gentoo has issued an update for openldap. This fixes a vulnerability,
which potentially can be exploited by malicious people to cause a DoS
(Denial of Service).

Full Advisory:
http://secunia.com/advisories/31436/ 

 --

[SA31364] Ubuntu update for OpenLDAP

Critical:    Less critical
Where:       From local network
Impact:      DoS
Released:    2008-08-04

Ubuntu has issued an update for OpenLDAP. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/31364/ 

 --

[SA31351] Gentoo update for net-snmp

Critical:    Less critical
Where:       From local network
Impact:      Spoofing, DoS, System access
Released:    2008-08-06

Gentoo has issued an update for net-snmp. This fixes some
vulnerabilities, which can be exploited by malicious people to spoof
authenticated SNMPv3 packets or potentially to compromise a vulnerable
system.

Full Advisory:
http://secunia.com/advisories/31351/ 

 --

[SA31334] SUSE update for net-snmp

Critical:    Less critical
Where:       From local network
Impact:      Spoofing, DoS, System access
Released:    2008-08-01

SUSE has issued an update for net-snmp. This fixes some
vulnerabilities, which can be exploited by malicious people to spoof
authenticated SNMPv3 packets and potentially compromise a vulnerable
system.

Full Advisory:
http://secunia.com/advisories/31334/ 

 --

[SA31322] Red Hat update for nfs-utils

Critical:    Less critical
Where:       From local network
Impact:      Security Bypass
Released:    2008-08-01

Red Hat has issued an update for nfs-utils. This fixes a security
issue, which can be exploited by malicious people to potentially bypass
certain security restrictions.

Full Advisory:
http://secunia.com/advisories/31322/ 

 --

[SA31500] SUSE update for postfix

Critical:    Less critical
Where:       Local system
Impact:      Exposure of sensitive information, Privilege escalation
Released:    2008-08-14

SUSE has issued an update for postfix. This fixes some security issues,
which can be exploited by malicious, local users to disclose potentially
sensitive information and perform certain actions with escalated
privileges.

Full Advisory:
http://secunia.com/advisories/31500/ 

 --

[SA31485] Postfix Symlink Handling and Destination Ownership Security
Issues

Critical:    Less critical
Where:       Local system
Impact:      Exposure of sensitive information, Privilege escalation
Released:    2008-08-14

Sebastian Krahmer has reported some security issues in Postfix, which
can be exploited by malicious, local users to disclose potentially
sensitive information and perform certain actions with escalated
privileges.

Full Advisory:
http://secunia.com/advisories/31485/ 

 --

[SA31420] Gentoo update for uudeview and nzbget

Critical:    Less critical
Where:       Local system
Impact:      Manipulation of data
Released:    2008-08-12

Gentoo has issued an update for uudeview and nzbget. This fixes a
vulnerability, which can be exploited by malicious, local users to
perform certain actions with escalated privileges.

Full Advisory:
http://secunia.com/advisories/31420/ 

 --

[SA31418] Amarok "MagnatuneBrowser::listDownloadComplete()" Insecure
Temporary Files

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2008-08-12

A security issue has been reported in Amarok, which can be exploited by
malicious, local users to perform certain actions with escalated
privileges.

Full Advisory:
http://secunia.com/advisories/31418/ 

 --

[SA31398] CA Products Ingres Multiple Vulnerabilities

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2008-08-07

Some vulnerabilities have been reported in CA products, which can be
exploited by malicious, local users to gain escalated privileges.

Full Advisory:
http://secunia.com/advisories/31398/ 

 --

[SA31356] Sun Solaris namefs Kernel Module Privilege Escalation

Critical:    Less critical
Where:       Local system
Impact:      DoS, System access
Released:    2008-08-04

A vulnerability has been reported in Sun Solaris, which can be
exploited by malicious, local users to cause a DoS (Denial of Service)
or to gain escalated privileges.

Full Advisory:
http://secunia.com/advisories/31356/ 

 --

[SA31341] Red Hat update for kernel

Critical:    Less critical
Where:       Local system
Impact:      Security Bypass, Privilege escalation, DoS
Released:    2008-08-05

Red Hat has issued an update for the kernel. This fixes two
vulnerabilities and a security issue, which can be exploited by
malicious, local users to cause a DoS (Denial of Service), bypass
certain security restrictions, or to potentially gain escalated
privileges.

Full Advisory:
http://secunia.com/advisories/31341/ 

 --

[SA31318] MaxDB "dbmsrv" Privilege Escalation Vulnerability

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2008-08-01

A vulnerability has been reported in MaxDB, which can be exploited by
malicious, local users to gain escalated privileges.

Full Advisory:
http://secunia.com/advisories/31318/ 

 --

[SA31317] Gentoo update for vlc

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2008-08-01

Gentoo has issued an update for vlc. This fixes a vulnerability, which
can be exploited by malicious, local users to gain escalated
privileges.

Full Advisory:
http://secunia.com/advisories/31317/ 

 --

[SA31448] Debian update for pdns

Critical:    Not critical
Where:       From remote
Impact:      Spoofing
Released:    2008-08-12

Debian has issued an update for pdns. This fixes a weakness, which can
be exploited by malicious people to conduct spoofing attacks.

Full Advisory:
http://secunia.com/advisories/31448/ 

 --

[SA31401] Fedora update for pdns

Critical:    Not critical
Where:       From remote
Impact:      Spoofing
Released:    2008-08-08

Fedora has issued an update for pdns. This fixes a weakness, which can
be exploited by malicious people to conduct spoofing attacks.

Full Advisory:
http://secunia.com/advisories/31401/ 

 --

[SA31468] VMware VirtualCenter User Account Disclosure

Critical:    Not critical
Where:       From local network
Impact:      Exposure of system information
Released:    2008-08-13

A security issue has been reported in VMware VirtualCenter, which can
be exploited by malicious users to disclose certain system
information.

Full Advisory:
http://secunia.com/advisories/31468/ 

 --

[SA31396] Gentoo update for dhcp

Critical:    Not critical
Where:       From local network
Impact:      DoS
Released:    2008-08-07

Gentoo has issued an update for dhcp. This fixes a weakness, which can
be exploited by malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/31396/ 

 --

[SA31499] Red Hat update for hplip

Critical:    Not critical
Where:       Local system
Impact:      DoS
Released:    2008-08-14

Red Hat has issued an update for hplip. This fixes a security issue,
which can be exploited by malicious, local users to cause a DoS (Denial
of Service).

Full Advisory:
http://secunia.com/advisories/31499/ 

 --

[SA31470] HPLIP hpssd Denial of Service

Critical:    Not critical
Where:       Local system
Impact:      DoS
Released:    2008-08-14

A security issue has been reported in hplip, which can be exploited by
malicious, local users to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/31470/ 

 --

[SA31366] Linux Kernel Information Disclosure and Denial of Service

Critical:    Not critical
Where:       Local system
Impact:      Exposure of sensitive information, DoS
Released:    2008-08-06

Some vulnerabilities have been reported in the Linux Kernel, which can
be exploited by malicious, local users to disclose potentially
sensitive information or to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/31366/ 

 --

[SA31348] Sun Solaris "pthread_mutex_reltimedlock_np" Local Denial of
Service

Critical:    Not critical
Where:       Local system
Impact:      DoS
Released:    2008-08-06

A vulnerability has been reported in Sun Solaris, which can be
exploited by malicious, local users to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/31348/ 


Other:--

[SA31482] HP TCP/IP Services for OpenVMS BIND DNS Cache Poisoning

Critical:    Moderately critical
Where:       From remote
Impact:      Spoofing
Released:    2008-08-14

HP has acknowledged a vulnerability in HP OpenVMS TCP/IP Services,
which can be exploited by malicious people to poison the DNS cache.

Full Advisory:
http://secunia.com/advisories/31482/ 

 --

[SA31451] Yamaha RT Series Routers DNS Cache Poisoning

Critical:    Moderately critical
Where:       From remote
Impact:      Spoofing
Released:    2008-08-12

A vulnerability has been reported in Yamaha RT Series Routers, which
can be exploited by malicious people to poison the DNS cache.

Full Advisory:
http://secunia.com/advisories/31451/ 

 --

[SA31354] Astaro Security Gateway DNS Cache Poisoning

Critical:    Moderately critical
Where:       From remote
Impact:      Spoofing
Released:    2008-08-05

Astaro has acknowledged a vulnerability in Astaro Security Gateway,
which can be exploited by malicious people to poison the DNS cache.

Full Advisory:
http://secunia.com/advisories/31354/ 

 --

[SA31435] Alcatel-Lucent OmniSwitch Series Buffer Overflow
Vulnerability

Critical:    Moderately critical
Where:       From local network
Impact:      DoS, System access
Released:    2008-08-12

Deral Heiland has reported a vulnerability in various OmniSwitch
products, which can be exploited by malicious people to cause a DoS
(Denial of Service) or to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/31435/ 

 --

[SA31391] 8e6 R3000 "Host" URL Filter Bypass Vulnerability

Critical:    Less critical
Where:       From local network
Impact:      Security Bypass
Released:    2008-08-07

nnposter has reported a vulnerability in 8e6 R3000 Internet Filter,
which can be exploited by malicious people to bypass certain security
restrictions.

Full Advisory:
http://secunia.com/advisories/31391/ 

 --

[SA31329] Xerox Phaser 8400 Denial of Service Vulnerability

Critical:    Less critical
Where:       From local network
Impact:      DoS
Released:    2008-08-06

crit3rion has reported a vulnerability in Xerox Phaser 8400, which can
be exploited by malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/31329/ 


Cross Platform:--

[SA31475] Freeway File Inclusion and Cross-Site Scripting
Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      Cross Site Scripting, System access
Released:    2008-08-13

Some vulnerabilities have been reported in Freeway, which can be
exploited by malicious people to conduct cross-site scripting attacks
and compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/31475/ 

 --

[SA31424] pPIM Multiple Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      Security Bypass, Cross Site Scripting, Manipulation of
data, System access
Released:    2008-08-12

Some vulnerabilities have been discovered in pPIM (Phlatline's Personal
Information Manager), which can be exploited by malicious people or
users to manipulate data and compromise a vulnerable system, and by
malicious people to conduct cross-site scripting attacks and bypass
certain security restrictions.

Full Advisory:
http://secunia.com/advisories/31424/ 

 --

[SA31394] e107 download.php "extract()" Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      Manipulation of data, System access
Released:    2008-08-08

James Bercegay has discovered a vulnerability in e107, which can be
exploited by malicious people to conduct SQL injection attacks and
compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/31394/ 

 --

[SA31389] LoveCMS Multiple Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      Security Bypass, System access
Released:    2008-08-06

PoMdaPiMp has reported some vulnerabilities in LoveCMS, which can be
exploited by malicious people to bypass certain security restrictions
and compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/31389/ 

 --

[SA31374] Contenido Unspecified File Inclusion Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2008-08-07

Some vulnerabilities have been reported in Contenido, which can be
exploited by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/31374/ 

 --

[SA31484] PHP Realty "docID" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data, Exposure of sensitive information
Released:    2008-08-13

CraCkEr has reported a vulnerability in PHP Realty, which can be
exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/31484/ 

 --

[SA31476] Sun Java System Web Proxy Server FTP Subsystem Denial of
Service

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2008-08-13

A vulnerability has been reported in Sun Java System Web Proxy Server,
which can be exploited by malicious, local users and malicious people
to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/31476/ 

 --

[SA31466] Ventrilo Server Denial of Service Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2008-08-13

Luigi Auriemma and Andre Malm have reported a vulnerability in Ventrilo
Server, which can be exploited by malicious people to cause a DoS
(Denial of Service).

Full Advisory:
http://secunia.com/advisories/31466/ 

 --

[SA31463] NavBoard Local File Inclusion and Cross-Site Scripting

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting, Exposure of system information,
Exposure of sensitive information
Released:    2008-08-14

CraCkEr has discovered some vulnerabilities in NavBoard, which can be
exploited by malicious people to conduct cross-site scripting attacks
and disclose sensitive information.

Full Advisory:
http://secunia.com/advisories/31463/ 

 --

[SA31462] Drupal Multiple Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting, Manipulation of data, System access
Released:    2008-08-14

Some vulnerabilities have been reported in Drupal, which can be
exploited by malicious users to conduct script insertion attacks and
compromise a vulnerable system, and by malicious people to conduct
cross-site scripting and cross-site request forgery attacks.

Full Advisory:
http://secunia.com/advisories/31462/ 

 --

[SA31456] Gelato "img" File Disclosure Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Exposure of system information, Exposure of sensitive
information
Released:    2008-08-13

jiko has discovered a vulnerability in Gelato, which can be exploited
by malicious people to disclose sensitive information.

Full Advisory:
http://secunia.com/advisories/31456/ 

 --

[SA31447] VitalQIP DNS Cache Poisoning Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Spoofing
Released:    2008-08-14

Alcatel-Lucent has acknowledged a vulnerability in VitalQIP, which can
be exploited by malicious people to poison the DNS cache.

Full Advisory:
http://secunia.com/advisories/31447/ 

 --

[SA31431] Kayako SupportSuite Multiple Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting, Manipulation of data
Released:    2008-08-12

James Bercegay has reported some vulnerabilities in Kayako
SupportSuite, which can be exploited by malicious users to conduct SQL
injection attacks, and by malicious people to conduct cross-site
scripting and script insertion attacks.

Full Advisory:
http://secunia.com/advisories/31431/ 

 --

[SA31430] Ruby Multiple Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass, Spoofing, DoS
Released:    2008-08-11

Some vulnerabilities have been reported in Ruby, which can be exploited
by malicious people to bypass certain security restrictions, cause a DoS
(Denial of Service), and conduct spoofing attacks.

Full Advisory:
http://secunia.com/advisories/31430/ 

 --

[SA31427] Skulltag NULL Pointer Dereference Denial of Service

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2008-08-11

Luigi Auriemma has reported a vulnerability in Skulltag, which can be
exploited by malicious people to a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/31427/ 

 --

[SA31421] Vacation Rental Script "id" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2008-08-12

CraCkEr has discovered a vulnerability in Vacation Rental Script, which
can be exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/31421/ 

 --

[SA31419] Quicksilver Forums "forums[]" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2008-08-11

irk4z has discovered a vulnerability in Quicksilver Forums, which can
be exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/31419/ 

 --

[SA31414] RTH File Disclosure and SQL Injection Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data, Exposure of system information,
Exposure of sensitive information
Released:    2008-08-08

Some vulnerabilities have been reported in RTH, which can be exploited
by malicious people to conduct SQL injection attacks or to disclose
sensitive information.

Full Advisory:
http://secunia.com/advisories/31414/ 

 --

[SA31408] OpenImpro "id" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data, Exposure of sensitive information
Released:    2008-08-11

nuclear has discovered a vulnerability in OpenImpro, which can be
exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/31408/ 

 --

[SA31406] Harmoni "Username" Script Insertion Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2008-08-11

A vulnerability has been reported in Harmoni, which can be exploited by
malicious people to conduct script insertion attacks.

Full Advisory:
http://secunia.com/advisories/31406/ 

 --

[SA31392] WSN Products "TID" Local File Inclusion

Critical:    Moderately critical
Where:       From remote
Impact:      Exposure of system information, Exposure of sensitive
information, System access
Released:    2008-08-08

otmorozok428 has reported a vulnerability in various WSN products,
which can be exploited by malicious users to disclose sensitive
information and compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/31392/ 

 --

[SA31383] Free Hosting Manager Insecure Cookie Handling Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass
Released:    2008-08-07

lvlr-Erfan has discovered a vulnerability in Free Hosting Manager,
which can be exploited by malicious people to bypass certain security
restrictions.

Full Advisory:
http://secunia.com/advisories/31383/ 

 --

[SA31382] PowerGap Shopsystem "ag" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2008-08-08

Rohit Bansal has reported a vulnerability in PowerGap Shopsystem, which
can be exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/31382/ 

 --

[SA31381] Apache Tomcat 6 Multiple Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass, Cross Site Scripting, Exposure of system
information, Exposure of sensitive information
Released:    2008-08-04

Some vulnerabilities have been reported in Apache Tomcat, which can be
exploited by malicious people to conduct cross-site scripting attacks,
bypass certain security restrictions, or disclose sensitive
information.

Full Advisory:
http://secunia.com/advisories/31381/ 

 --

[SA31379] Apache Tomcat Multiple Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass, Cross Site Scripting, Exposure of system
information, Exposure of sensitive information
Released:    2008-08-04

Some vulnerabilities have been reported in Apache Tomcat, which can be
exploited by malicious people to conduct cross-site scripting attacks,
bypass certain security restrictions, or disclose sensitive
information.

Full Advisory:
http://secunia.com/advisories/31379/ 

 --

[SA31367] Gallery Multiple Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass, Cross Site Scripting, Manipulation of
data, Exposure of system information, Exposure of sensitive
information
Released:    2008-08-06

Some vulnerabilities have been reported in Gallery, which can be
exploited by malicious users to disclose sensitive information, bypass
certain security restrictions, and manipulate data, and by malicious
people to conduct cross-site scripting attacks and disclose sensitive
information.

Full Advisory:
http://secunia.com/advisories/31367/ 

 --

[SA31362] Chupix Contact Module "mods" Local File Inclusion

Critical:    Moderately critical
Where:       From remote
Impact:      Exposure of system information, Exposure of sensitive
information
Released:    2008-08-08

A vulnerability has been discovered in the Contact module for Chupix,
which can be exploited by malicious people to disclose sensitive
information.

Full Advisory:
http://secunia.com/advisories/31362/ 

 --

[SA31353] America's Army Special Forces UDP Processing Denial of
Service

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2008-08-04

Luigi Auriemma has reported a vulnerability in America's Army Special
Forces, which can be exploited by malicious people to cause a DoS
(Denial of Service).

Full Advisory:
http://secunia.com/advisories/31353/ 

 --

[SA31350] OpenTTD "TruncateString()" Buffer Overflow Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2008-08-04

A vulnerability has been reported in OpenTTD, which potentially can be
exploited by malicious people to cause a DoS (Denial of Service) or to
compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/31350/ 

 --

[SA31345] Scripts24 iTGP "id" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2008-08-05

Mr.SQL has reported a vulnerability in Scripts24 iTGP, which can be
exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/31345/ 

 --

[SA31344] Scripts24 iPost "id" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2008-08-05

Mr.SQL has reported a vulnerability in Scripts24 iPost, which can be
exploited by malicious people to conduct SQL injections attacks.

Full Advisory:
http://secunia.com/advisories/31344/ 

 --

[SA31327] moziloCMS "cat" File Disclosure Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Exposure of system information, Exposure of sensitive
information
Released:    2008-08-04

Ams has discovered a vulnerability in moziloCMS, which can be exploited
by malicious people to disclose sensitive information.

Full Advisory:
http://secunia.com/advisories/31327/ 

 --

[SA31488] Datafeed Studio search.php Cross-Site Scripting
Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2008-08-13

A vulnerability has been reported in Datafeed Studio, which can be
exploited by malicious people to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/31488/ 

 --

[SA31487] PhpLinkExchange "catid" Cross-Site Scripting Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2008-08-14

A vulnerability has been reported in PhpLinkExchange, which can be
exploited by malicious people to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/31487/ 

 --

[SA31483] Openfire "url" Cross-Site Scripting Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2008-08-14

Matt Tucker has discovered a vulnerability in Openfire, which can be
exploited by malicious people to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/31483/ 

 --

[SA31464] Vim Netrw FTP Credentials Disclosure Security Issue

Critical:    Less critical
Where:       From remote
Impact:      Exposure of sensitive information
Released:    2008-08-13

Jan Minar has discovered a security issue in Vim, which can be
exploited by malicious people to disclose sensitive information.

Full Advisory:
http://secunia.com/advisories/31464/ 

 --

[SA31460] Drupal Cross-Site Request Forgery and Security Bypass

Critical:    Less critical
Where:       From remote
Impact:      Security Bypass, Cross Site Scripting, Manipulation of
data, Exposure of sensitive information
Released:    2008-08-14

Two vulnerabilities have been reported in Drupal, which can be
exploited by malicious users to bypass certain security restrictions,
and by malicious people to conduct cross-site request forgeries.

Full Advisory:
http://secunia.com/advisories/31460/ 

 --

[SA31439] IceBB "skin" SQL Injection Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Manipulation of data, Privilege escalation
Released:    2008-08-12

matt & zach have discovered a vulnerability in IceBB, which can be
exploited by malicious users to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/31439/ 

 --

[SA31355] MRBS "area" Cross-Site Scripting Vulnerabilities

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2008-08-05

Some vulnerabilities have been discovered in MRBS (Meeting Room Booking
System), which can be exploited by malicious people to conduct
cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/31355/ 

 --

[SA31349] freeForum Cross-Site Scripting Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2008-08-05

ahmadbady has discovered a vulnerability in freeForum, which can be
exploited by malicious people to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/31349/ 

 --

[SA31340] Crafty Syntax Live Help "department" Cross-Site Scripting
Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2008-08-06

modernape has reported a vulnerability in Crafty Syntax Live Help,
which can be exploited by malicious people to conduct cross-site
scripting attacks.

Full Advisory:
http://secunia.com/advisories/31340/ 

 --

[SA31333] Novell iManager Property Book Security Bypass

Critical:    Less critical
Where:       From remote
Impact:      Security Bypass
Released:    2008-08-01

A security issue has been reported in Novell iManager, which can be
exploited by malicious users to bypass certain security restrictions.

Full Advisory:
http://secunia.com/advisories/31333/ 

 --

[SA31330] OpenSC CardOS Improper Initialization Security Issue

Critical:    Less critical
Where:       From remote
Impact:      Security Bypass
Released:    2008-08-01

A security issue has been reported in OpenSC, which can be exploited by
malicious people to bypass certain security restrictions.

Full Advisory:
http://secunia.com/advisories/31330/ 

 --

[SA31323] HTTrack Long URLs Buffer Overflow Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      System access
Released:    2008-08-04

A security issue has been reported in HTTrack, which potentially can be
exploited by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/31323/ 

 --

[SA31357] Ingres Multiple Vulnerabilities

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2008-08-04

Some vulnerabilities have been reported in Ingres, which can be
exploited by malicious, local users to gain escalated privileges.

Full Advisory:
http://secunia.com/advisories/31357/ 

 --

[SA31407] PowerDNS Malformed Queries Handling Weakness

Critical:    Not critical
Where:       From remote
Impact:      Spoofing
Released:    2008-08-07

A weakness has been reported in PowerDNS, which can be exploited by
malicious people to conduct spoofing attacks.

Full Advisory:
http://secunia.com/advisories/31407/ 

 --

[SA31338] Mono ASP.net Cross-Site Scripting

Critical:    Not critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2008-08-06

Dean Brettle has reported some security issues in Mono, which can be
exploited by malicious people to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/31338/ 

 --

[SA31335] Sun Netra T5220 Server Local Denial of Service

Critical:    Not critical
Where:       Local system
Impact:      DoS
Released:    2008-08-06

A vulnerability has been reported in Sun Netra T5220 Server, which can
be exploited by malicious, local users to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/31335/ 



=======================================================================
Secunia recommends that you verify all advisories you receive,
by clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only use
those supplied by the vendor.

Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/ 

Subscribe:
http://secunia.com/secunia_weekly_summary/ 

Contact details:
Web	: http://secunia.com/ 
E-mail	: support@secunia.com 
Tel	: +45 70 20 51 44
Fax	: +45 70 20 51 45


__________________________________________________      
Visit Defcon Pics - Defcon Memory Repository 
http://www.defconpics.org 

Site design & layout copyright © 1986-2014 CodeGods