AOH :: IS1088.HTM

Secunia Weekly Summary - Issue: 2008-36




Secunia Weekly Summary - Issue: 2008-36
Secunia Weekly Summary - Issue: 2008-36



=======================================================================
                  The Secunia Weekly Advisory Summary                  
                        2008-08-28 - 2008-09-04                        

                       This week: 61 advisories                        

=======================================================================Table of Contents:

1.....................................................Word From Secunia
2....................................................This Week In Brief
3...............................This Weeks Top Ten Most Read Advisories
4.......................................Vulnerabilities Summary Listing
5.......................................Vulnerabilities Content Listing

=======================================================================1) Word From Secunia:

Try the Secunia Network Software Inspector (NSI) 2.0 for free! The
Secunia NSI 2.0 is available as a 7-day trial download and can be used
to scan up to 3 hosts within your network.

Download the Secunia NSI trial version from:
https://psi.secunia.com/NSISetup.exe

=======================================================================2) This Week in Brief:

VMware has acknowledged some vulnerabilities in VMware Workstation,
which can be exploited by malicious, local users to gain escalated
privileges and by malicious people to cause a DoS (Denial of Service)
and potentially compromise a user's system.

For more information, refer to:
http://secunia.com/advisories/31707/ 

 --

Secunia Research has discovered a vulnerability in Novell iPrint
Client, which can be exploited by malicious people to compromise a
user's system.

For more information, refer to:
http://secunia.com/advisories/31370/ 

 --

VIRUS ALERTS:

During the past week Secunia collected 232 virus descriptions from the
Antivirus vendors. However, none were deemed MEDIUM risk or higher
according to the Secunia assessment scale.

=======================================================================3) This Weeks Top Ten Most Read Advisories:

1.  [SA31549] Opera Multiple Vulnerabilities
2.  [SA31684] Novell eDirectory Multiple Vulnerabilities
3.  [SA31708] VMware Server Multiple Vulnerabilities
4.  [SA31707] VMware Workstation Multiple Vulnerabilities
5.  [SA31667] Sun Solaris Kernel Covert Channel Security Bypass
6.  [SA31587] HP TCP/IP Services for OpenVMS Finger Format String
              Vulnerability
7.  [SA31640] OpenOffice "rtl_allocateMemory()" Truncation
              Vulnerability
8.  [SA31681] dotProject SQL Injection and Cross-Site Scripting
9.  [SA14652] Subdreamer Light Global Variables SQL Injection
              Vulnerability
10. [SA31651] HP-UX update for Apache

=======================================================================4) Vulnerabilities Summary Listing

Windows:
[SA31710] VMware ACE Multiple Vulnerabilities
[SA31666] Acoustica MP3 CD Burner ASX Playlist Buffer Overflow
[SA31660] Acoustica Beatcraft Project File Buffer Overflow
Vulnerability
[SA31727] @Mail WebMail Multiple Cross-Site Scripting Vulnerabilities
[SA31715] Softalk Mail Server IMAP Denial of Service Vulnerability
[SA31693] PageR Enterprise Directory Traversal Vulnerability

UNIX/Linux:
[SA31736] SUSE update for IBMJava5-JRE and java-1_5_0-ibm 
[SA31711] VMware Fusion Multiple Vulnerabilities
[SA31687] SUSE Update for Multiple Packages
[SA31671] Najdi.si Toolbar Buffer Overflow Vulnerability
[SA31745] FreeBSD ICMPv6 "Packet Too Big" MTU Denial of Service
Vulnerability
[SA31742] Astaro Security Gateway DNS Cache Poisoning
[SA31738] Slackware update for php
[SA31728] Ubuntu update for libxml2
[SA31725] ClamAV CHM Processing Denial of Service
[SA31722] eliteCMS "page" SQL Injection Vulnerability
[SA31712] VMware ESX Server Multiple Vulnerabilities
[SA31702] HP-UX update for Netscape / Red Hat Directory Server
[SA31699] PHP Coupon Script "id" SQL Injection Vulnerability
[SA31698] Ubuntu update for tiff
[SA31697] rPath update for ruby
[SA31676] Newsbeuter URL Processing Shell Command Execution
[SA31670] Red Hat update for libtiff
[SA31668] Red Hat update for libtiff
[SA31720] @Mail Multiple Cross-Site Scripting Vulnerabilities
[SA31713] VMware ESX / ESXi Server Multiple Vulnerabilities
[SA31691] Debian update for slash
[SA31743] FreeBSD AMD64 General Protection Fault Privilege Escalation
[SA31685] Avaya Products Linux Kernel Multiple Vulnerabilities
[SA31663] Slackware update for amarok
[SA31739] IBM AIX "swcons" Command Privilege Escalation Vulnerability
[SA31716] Postfix epoll File Descriptor Leak Security Issue
[SA31694] GpsDrive "geo-code" Insecure Temporary Files
[SA31689] Avaya Products Linux Kernel Local Denial of Service
[SA31667] Sun Solaris Kernel Covert Channel Security Bypass

Other:
[SA31730] Cisco ASA and PIX Security Appliances Multiple
Vulnerabilities
[SA31673] IBM WebSphere Application Server for z/OS HTTP Server
mod_proxy_ftp Vulnerability
[SA31680] Kyocera FS-118MFP Command Center Directory Traversal
Vulnerability
[SA31665] Belkin Wireless G Router Web Interface Authentication Bypass

Cross Platform:
[SA31709] VMware Player Multiple Vulnerabilities
[SA31708] VMware Server Multiple Vulnerabilities
[SA31707] VMware Workstation Multiple Vulnerabilities
[SA31723] Ruby on Rails REXML Denial of Service Vulnerability
[SA31703] Reciprocal Links Manager "site" SQL Injection Vulnerability
[SA31696] Living Local Website "r" SQL Injection Vulnerability
[SA31683] Invision Power Board Multiple Vulnerabilities
[SA31682] EasyClassifields "go" SQL Injection Vulnerability
[SA31678] Novell IDM Cross-Site Scripting and Script Insertion
[SA31674] Wireshark Denial of Service Vulnerabilities
[SA31669] CMSbright "id_rub_page" SQL Injection Vulnerability
[SA31664] Spice Classifieds "cat_path" SQL Injection Vulnerability
[SA31684] Novell eDirectory Multiple Vulnerabilities
[SA31735] Celerondude Uploader "username" Cross-Site Scripting
Vulnerability
[SA31729] Django Authentication Cross-Site Request Forgery
[SA31719] Open Media Collectors Database Cross-Site Scripting and
Request Forgery
[SA31681] dotProject SQL Injection and Cross-Site Scripting
[SA31679] vtiger CRM Multiple Cross-Site Scripting Vulnerabilities
[SA31662] Blogn Cross-Site Scripting and Cross-Site Request Forgery
[SA31661] Brim SQL Injection and Script Insertion Vulnerabilities
[SA31731] Cisco Secure ACS EAP Packet Denial of Service
[SA31688] HP OpenView Network Node Manager Denial of Service

=======================================================================5) Vulnerabilities Content Listing

Windows:--

[SA31710] VMware ACE Multiple Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      Privilege escalation, System access
Released:    2008-09-01

VMware has acknowledged some vulnerabilities in VMware ACE, which can
be exploited by malicious, local users to gain escalated privileges and
by malicious people to potentially compromise a user's system.

Full Advisory:
http://secunia.com/advisories/31710/ 

 --

[SA31666] Acoustica MP3 CD Burner ASX Playlist Buffer Overflow

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2008-09-01

n00b has discovered a vulnerability in Acoustica MP3 CD Burner, which
can be exploited by malicious people to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/31666/ 

 --

[SA31660] Acoustica Beatcraft Project File Buffer Overflow
Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2008-09-01

Koshi has discovered a vulnerability in Acoustica Beatcraft, which can
be exploited by malicious people to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/31660/ 

 --

[SA31727] @Mail WebMail Multiple Cross-Site Scripting Vulnerabilities

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2008-09-03

C1c4Tr1Z has discovered some vulnerabilities in @Mail WebMail, which
can be exploited by malicious people to conduct cross-site scripting
attacks.

Full Advisory:
http://secunia.com/advisories/31727/ 

 --

[SA31715] Softalk Mail Server IMAP Denial of Service Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      DoS
Released:    2008-09-03

Joo Antunes has discovered a vulnerability in Softalk Mail Server,
which can be exploited by malicious users to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/31715/ 

 --

[SA31693] PageR Enterprise Directory Traversal Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Exposure of system information, Exposure of sensitive
information
Released:    2008-09-04

A vulnerability has been reported in PageR Enterprise, which can be
exploited by malicious users to disclose potentially sensitive
information.

Full Advisory:
http://secunia.com/advisories/31693/ 


UNIX/Linux:--

[SA31736] SUSE update for IBMJava5-JRE and java-1_5_0-ibm 

Critical:    Highly critical
Where:       From remote
Impact:      Security Bypass, Exposure of system information, Exposure
of sensitive information, DoS, System access
Released:    2008-09-04

SUSE has issued an update for IBMJava5-JRE and java-1_5_0-ibm. This
fixes some vulnerabilities, which can be exploited by malicious people
to bypass certain security restrictions, disclose system information or
potentially sensitive information, cause a DoS (Denial of Service), or
compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/31736/ 

 --

[SA31711] VMware Fusion Multiple Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2008-09-01

VMware has acknowledged some vulnerabilities in VMware Fusion, which
can be exploited by malicious people to cause a DoS (Denial of Service)
and potentially compromise a user's system.

Full Advisory:
http://secunia.com/advisories/31711/ 

 --

[SA31687] SUSE Update for Multiple Packages

Critical:    Highly critical
Where:       From remote
Impact:      Security Bypass, Cross Site Scripting, Spoofing, Exposure
of system information, Exposure of sensitive information, Privilege
escalation, DoS, System access
Released:    2008-09-01

SUSE has issued an update for multiple packages. This fixes some
vulnerabilities, which can be exploited by malicious, local users to
disclose potentially sensitive information, gain escalated privileges,
and bypass certain security restrictions, by malicious users to conduct
script insertion attacks and cause a DoS (Denial of Service), and by
malicious people to disclose potentially sensitive information, conduct
cross-site scripting attacks, cause a DoS, poison the DNS cache, and
potentially compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/31687/ 

 --

[SA31671] Najdi.si Toolbar Buffer Overflow Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2008-09-04

shinnai has discovered a vulnerability in Najdi.si Toolbar, which can
be exploited by malicious people to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/31671/ 

 --

[SA31745] FreeBSD ICMPv6 "Packet Too Big" MTU Denial of Service
Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2008-09-04

FreeBSD has acknowledged a vulnerability, which can be exploited by
malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/31745/ 

 --

[SA31742] Astaro Security Gateway DNS Cache Poisoning

Critical:    Moderately critical
Where:       From remote
Impact:      Spoofing
Released:    2008-09-04

Astaro has acknowledged a vulnerability in Astaro Security Gateway,
which can be exploited by malicious people to poison the DNS cache.

Full Advisory:
http://secunia.com/advisories/31742/ 

 --

[SA31738] Slackware update for php

Critical:    Moderately critical
Where:       From remote
Impact:      Unknown, Exposure of sensitive information, DoS, System
access
Released:    2008-09-04

Slackware has issued an update for php. This fixes some
vulnerabilities, where some have an unknown impact and others can
potentially be exploited by malicious people to disclose sensitive
information, cause a DoS (Denial of Service), or compromise a
vulnerable system.

Full Advisory:
http://secunia.com/advisories/31738/ 

 --

[SA31728] Ubuntu update for libxml2

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2008-09-04

Ubuntu has issued an update for libxml2. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/31728/ 

 --

[SA31725] ClamAV CHM Processing Denial of Service

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2008-09-03

A vulnerability has been reported in ClamAV, which can be exploited by
malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/31725/ 

 --

[SA31722] eliteCMS "page" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data, Exposure of sensitive information
Released:    2008-09-03

e.wiZz! has discovered a vulnerability in eliteCMS, which can be
exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/31722/ 

 --

[SA31712] VMware ESX Server Multiple Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2008-09-01

VMware has acknowledged some vulnerabilities in VMware ESX Server,
which can be exploited by malicious people to cause a DoS (Denial of
Service) and potentially compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/31712/ 

 --

[SA31702] HP-UX update for Netscape / Red Hat Directory Server

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting, DoS, System access
Released:    2008-09-02

HP has issued an update for Netscape / Red Hat Directory Server. This
fixes some vulnerabilities, which can be exploited by malicious people
to conduct cross-site scripting attacks, cause a DoS (Denial of
Service), and potentially compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/31702/ 

 --

[SA31699] PHP Coupon Script "id" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2008-09-03

Hussin X has reported a vulnerability in PHP Coupon Script, which can
be exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/31699/ 

 --

[SA31698] Ubuntu update for tiff

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2008-09-03

Ubuntu has issued an update for tiff. This fixes a vulnerability, which
can be exploited by malicious people to cause a DoS (Denial of Service)
or to potentially compromise a user's system.

Full Advisory:
http://secunia.com/advisories/31698/ 

 --

[SA31697] rPath update for ruby

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass, Spoofing, DoS
Released:    2008-09-01

rPath has issued an update for ruby. This fixes some vulnerabilities,
which can be exploited by malicious people to bypass certain security
restrictions, cause a DoS (Denial of Service), and conduct spoofing
attacks.

Full Advisory:
http://secunia.com/advisories/31697/ 

 --

[SA31676] Newsbeuter URL Processing Shell Command Execution

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2008-09-02

A vulnerability has been reported in Newsbeuter, which can be exploited
by malicious people to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/31676/ 

 --

[SA31670] Red Hat update for libtiff

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2008-08-29

Red Hat has issued an update for libtiff. This fixes some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service) and potentially compromise a user's system.

Full Advisory:
http://secunia.com/advisories/31670/ 

 --

[SA31668] Red Hat update for libtiff

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2008-08-29

Red Hat has issued an update for libtiff. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service) and potentially compromise a user's system.

Full Advisory:
http://secunia.com/advisories/31668/ 

 --

[SA31720] @Mail Multiple Cross-Site Scripting Vulnerabilities

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2008-09-03

C1c4Tr1Z has discovered some vulnerabilities in @Mail, which can be
exploited by malicious people to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/31720/ 

 --

[SA31713] VMware ESX / ESXi Server Multiple Vulnerabilities

Critical:    Less critical
Where:       From remote
Impact:      DoS
Released:    2008-09-01

VMware has acknowledged a weakness and a vulnerability in VMware ESX
Server, which can be exploited by malicious users to disclose
potentially sensitive information and by malicious people to cause a
DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/31713/ 

 --

[SA31691] Debian update for slash

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting, Manipulation of data
Released:    2008-09-02

Debian has issued an update for slash. This fixes some vulnerabilities,
which can be exploited by malicious users to conduct SQL injection
attacks and by malicious people to conduct cross-site scripting
attacks.

Full Advisory:
http://secunia.com/advisories/31691/ 

 --

[SA31743] FreeBSD AMD64 General Protection Fault Privilege Escalation

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2008-09-04

FreeBSD has acknowledged a vulnerability, which can be exploited by
malicious, local users to gain escalated privileges.

Full Advisory:
http://secunia.com/advisories/31743/ 

 --

[SA31685] Avaya Products Linux Kernel Multiple Vulnerabilities

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation, DoS
Released:    2008-09-01

Avaya has acknowledged some vulnerabilities in various Avaya products,
which can be exploited by malicious, local users to cause a DoS (Denial
of Service) and potentially gain escalated privileges.

Full Advisory:
http://secunia.com/advisories/31685/ 

 --

[SA31663] Slackware update for amarok

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2008-08-29

Slackware has issued an update for amarok. This fixes a security issue,
which can be exploited by malicious, local users to perform certain
actions with escalated privileges.

Full Advisory:
http://secunia.com/advisories/31663/ 

 --

[SA31739] IBM AIX "swcons" Command Privilege Escalation Vulnerability

Critical:    Not critical
Where:       Local system
Impact:      Privilege escalation
Released:    2008-09-04

A vulnerability has been reported in IBM AIX, which can be exploited by
malicious, local users to gain escalated privileges.

Full Advisory:
http://secunia.com/advisories/31739/ 

 --

[SA31716] Postfix epoll File Descriptor Leak Security Issue

Critical:    Not critical
Where:       Local system
Impact:      DoS
Released:    2008-09-03

A security issue has been reported in Postfix, which can be exploited
by malicious, local users to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/31716/ 

 --

[SA31694] GpsDrive "geo-code" Insecure Temporary Files

Critical:    Not critical
Where:       Local system
Impact:      Privilege escalation
Released:    2008-08-29

A security issue has been reported in GpsDrive, which can be exploited
by malicious, local users to perform certain actions with escalated
privileges.

Full Advisory:
http://secunia.com/advisories/31694/ 

 --

[SA31689] Avaya Products Linux Kernel Local Denial of Service

Critical:    Not critical
Where:       Local system
Impact:      DoS
Released:    2008-09-01

Avaya has acknowledged a vulnerability in various Avaya products, which
can be exploited by malicious, local users to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/31689/ 

 --

[SA31667] Sun Solaris Kernel Covert Channel Security Bypass

Critical:    Not critical
Where:       Local system
Impact:      Security Bypass
Released:    2008-08-29

A vulnerability has been reported in Sun Solaris, which can be
exploited by malicious, local users to bypass certain security
restrictions.

Full Advisory:
http://secunia.com/advisories/31667/ 


Other:--

[SA31730] Cisco ASA and PIX Security Appliances Multiple
Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Exposure of sensitive information, DoS
Released:    2008-09-04

Some vulnerabilities have been reported in Cisco ASA and PIX
appliances, which can be exploited by malicious people to disclose
sensitive information, and by malicious users and malicious people to
cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/31730/ 

 --

[SA31673] IBM WebSphere Application Server for z/OS HTTP Server
mod_proxy_ftp Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2008-08-29

IBM has acknowledged a vulnerability in IBM WebSphere Application
Server for z/OS, which can be exploited by malicious people to conduct
cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/31673/ 

 --

[SA31680] Kyocera FS-118MFP Command Center Directory Traversal
Vulnerability

Critical:    Less critical
Where:       From local network
Impact:      Exposure of sensitive information
Released:    2008-09-02

Francesco Tornieri has reported a vulnerability in Kyocera FS-118MFP,
which can be exploited by malicious people to disclose potentially
sensitive information.

Full Advisory:
http://secunia.com/advisories/31680/ 

 --

[SA31665] Belkin Wireless G Router Web Interface Authentication Bypass

Critical:    Less critical
Where:       From local network
Impact:      Security Bypass
Released:    2008-09-03

noensr has reported a vulnerability in Belkin Wireless G F5D7632-4V6,
which can be exploited by malicious people to bypass certain security
restrictions.

Full Advisory:
http://secunia.com/advisories/31665/ 


Cross Platform:--

[SA31709] VMware Player Multiple Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2008-09-01

VMware has acknowledged some vulnerabilities in VMware Player, which
can be exploited by malicious, local users to gain escalated privileges
and by malicious people to cause a DoS (Denial of Service) and
potentially compromise a user's system.

Full Advisory:
http://secunia.com/advisories/31709/ 

 --

[SA31708] VMware Server Multiple Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      Privilege escalation, DoS, System access
Released:    2008-09-01

VMware has acknowledged some vulnerabilities in VMware Server, which
can be exploited by malicious, local users to gain escalated privileges
and by malicious people to cause a DoS (Denial of Service) and
potentially compromise a user's system.

Full Advisory:
http://secunia.com/advisories/31708/ 

 --

[SA31707] VMware Workstation Multiple Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      Privilege escalation, DoS, System access
Released:    2008-09-01

VMware has acknowledged some vulnerabilities in VMware Workstation,
which can be exploited by malicious, local users to gain escalated
privileges and by malicious people to cause a DoS (Denial of Service)
and potentially compromise a user's system.

Full Advisory:
http://secunia.com/advisories/31707/ 

 --

[SA31723] Ruby on Rails REXML Denial of Service Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2008-09-03

A vulnerability has been reported in Ruby on Rails, which can be
exploited by malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/31723/ 

 --

[SA31703] Reciprocal Links Manager "site" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2008-09-02

Hussin X has discovered a vulnerability in Reciprocal Links Manager,
which can be exploited by malicious people to conduct SQL injection
attacks.

Full Advisory:
http://secunia.com/advisories/31703/ 

 --

[SA31696] Living Local Website "r" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2008-09-04

Hussin X has reported a vulnerability in Living Local Website, which
can be exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/31696/ 

 --

[SA31683] Invision Power Board Multiple Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Hijacking, Manipulation of data, Exposure of sensitive
information, System access
Released:    2008-09-03

DarkFig has reported some vulnerabilities in Invision Power Board
(IP.Board), which can be exploited by malicious users to disclose
sensitive information and compromise a vulnerable system, and by
malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/31683/ 

 --

[SA31682] EasyClassifields "go" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2008-09-01

e.wiZz! has discovered a vulnerability in EasyClassifields, which can
be exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/31682/ 

 --

[SA31678] Novell IDM Cross-Site Scripting and Script Insertion

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2008-09-01

Some vulnerabilities have been reported in Novell User Application and
Novell Identity Manager Roles Based Provisioning Module, which can be
exploited by malicious people to conduct script insertion and
cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/31678/ 

 --

[SA31674] Wireshark Denial of Service Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2008-09-04

Some vulnerabilities have been reported in Wireshark, which can be
exploited by malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/31674/ 

 --

[SA31669] CMSbright "id_rub_page" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2008-09-04

BorN To K!LL has reported a vulnerability in CMSbright, which can be
exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/31669/ 

 --

[SA31664] Spice Classifieds "cat_path" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2008-09-03

Cyb3r-1sT has reported a vulnerability in Spice Classifieds, which can
be exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/31664/ 

 --

[SA31684] Novell eDirectory Multiple Vulnerabilities

Critical:    Moderately critical
Where:       From local network
Impact:      Unknown, Cross Site Scripting, DoS, System access
Released:    2008-08-29

Multiple vulnerabilities have been reported in Novell eDirectory, where
some have an unknown impact and others can be exploited by malicious
people to conduct cross-site scripting attacks or to potentially
compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/31684/ 

 --

[SA31735] Celerondude Uploader "username" Cross-Site Scripting
Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2008-09-04

A vulnerability has been discovered in Celerondude Uploader, which can
be exploited by malicious people to conduct cross-site scripting
attacks.

Full Advisory:
http://secunia.com/advisories/31735/ 

 --

[SA31729] Django Authentication Cross-Site Request Forgery

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting, Manipulation of data
Released:    2008-09-04

A vulnerability has been reported in Django, which can be exploited by
malicious people to conduct cross-site request forgery attacks.

Full Advisory:
http://secunia.com/advisories/31729/ 

 --

[SA31719] Open Media Collectors Database Cross-Site Scripting and
Request Forgery

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2008-09-03

Some vulnerabilities have been discovered in Open Media Collectors
Database (OpenDb), which can be exploited by malicious people to
conduct cross-site scripting and cross-site request forgery attacks.

Full Advisory:
http://secunia.com/advisories/31719/ 

 --

[SA31681] dotProject SQL Injection and Cross-Site Scripting

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting, Manipulation of data, Exposure of
sensitive information
Released:    2008-08-29

C1c4Tr1Z has discovered some vulnerabilities in dotProject, which can
be exploited by malicious users to conduct SQL injection attacks, and
by malicious people to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/31681/ 

 --

[SA31679] vtiger CRM Multiple Cross-Site Scripting Vulnerabilities

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2008-09-02

Fabian Fingerle has discovered some vulnerabilities in vtiger CRM,
which can be exploited by malicious people to conduct cross-site
scripting attacks.

Full Advisory:
http://secunia.com/advisories/31679/ 

 --

[SA31662] Blogn Cross-Site Scripting and Cross-Site Request Forgery

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2008-08-29

Two vulnerabilities have been reported in Blogn, which can be exploited
by malicious people to conduct cross-site scripting and cross-site
request forgery attacks.

Full Advisory:
http://secunia.com/advisories/31662/ 

 --

[SA31661] Brim SQL Injection and Script Insertion Vulnerabilities

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting, Manipulation of data, Exposure of
sensitive information
Released:    2008-09-01

Fisher762 has discovered two vulnerabilities in Brim, which can be
exploited by malicious users to conduct script insertion and SQL
injection attacks.

Full Advisory:
http://secunia.com/advisories/31661/ 

 --

[SA31731] Cisco Secure ACS EAP Packet Denial of Service

Critical:    Less critical
Where:       From local network
Impact:      DoS
Released:    2008-09-04

A vulnerability has been reported in Cisco Secure Access Control Server
(ACS), which can be exploited by malicious people to cause a DoS (Denial
of Service).

Full Advisory:
http://secunia.com/advisories/31731/ 

 --

[SA31688] HP OpenView Network Node Manager Denial of Service

Critical:    Less critical
Where:       From local network
Impact:      DoS
Released:    2008-09-03

Some vulnerabilities have been reported in HP OpenView Network Node
Manager, which can be exploited by malicious people to cause a DoS
(Denial of Service).

Full Advisory:
http://secunia.com/advisories/31688/ 



=======================================================================
Secunia recommends that you verify all advisories you receive,
by clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only use
those supplied by the vendor.

Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/ 

Subscribe:
http://secunia.com/secunia_weekly_summary/ 

Contact details:
Web	: http://secunia.com/ 
E-mail	: support@secunia.com 
Tel	: +45 70 20 51 44
Fax	: +45 70 20 51 45


__________________________________________________      
Register now for HITBSecConf2008 - Malaysia! With 
a new triple-track conference featuring 4 keynote 
speakers and over 35 international experts, this 
is the largest network security event in Asia and 
the Middle East! 
http://conference.hackinthebox.org/hitbsecconf2008kl/ 

Site design & layout copyright © 1986-2014 CodeGods