AOH :: IS1113.HTM

Secunia Weekly Summary - Issue: 2008-37




Secunia Weekly Summary - Issue: 2008-37
Secunia Weekly Summary - Issue: 2008-37



=======================================================================
                  The Secunia Weekly Advisory Summary                  
                        2008-09-04 - 2008-09-11                        

                       This week: 73 advisories                        

=======================================================================Table of Contents:

1.....................................................Word From Secunia
2....................................................This Week In Brief
3...............................This Weeks Top Ten Most Read Advisories
4.......................................Vulnerabilities Summary Listing
5.......................................Vulnerabilities Content Listing

=======================================================================1) Word From Secunia:

BLOG: A new face - The same reliable intelligence

6 years ago the first user visited Secunia...

Now we have more than 5 million annual visitors and 70,000 daily users
of the Software Inspector solutions.

Read more:
http://secunia.com/blog/26/ 

Visit our new website:
http://secunia.com/ 

=======================================================================2) This Week in Brief:

Multiple vulnerabilities have been reported in QuickTime, which can be
exploited by malicious people to compromise a user's system.

For more information, refer to:
http://secunia.com/advisories/31821/ 

 --

The monthly security bulletins from Microsoft have been released.

For more information, refer to:
http://secunia.com/advisories/31744/ 
http://secunia.com/advisories/31726/ 
http://secunia.com/advisories/31724/ 
http://secunia.com/advisories/31675/ 

=======================================================================3) This Weeks Top Ten Most Read Advisories:

1.  [SA14652] Subdreamer Light Global Variables SQL Injection
              Vulnerability
2.  [SA31010] Sun Java JDK / JRE Multiple Vulnerabilities
3.  [SA31549] Opera Multiple Vulnerabilities
4.  [SA29321] Microsoft Office Two Code Execution Vulnerabilities
5.  [SA20153] Microsoft Word Malformed Object Pointer Vulnerability
6.  [SA31730] Cisco ASA and PIX Security Appliances Multiple
              Vulnerabilities
7.  [SA31675] Microsoft Products GDI+ Multiple Vulnerabilities
8.  [SA28083] Adobe Flash Player Multiple Vulnerabilities
9.  [SA29293] Apple QuickTime Multiple Vulnerabilities
10. [SA31745] FreeBSD ICMPv6 "Packet Too Big" MTU Denial of Service
              Vulnerability

=======================================================================4) Vulnerabilities Summary Listing

Windows:
[SA31821] Apple QuickTime Multiple Vulnerabilities
[SA31819] Creator CMS "sideid" SQL Injection Vulnerability
[SA31750] Simple Machines Forum Password Reset Vulnerability
[SA31822] Apple Bonjour for Windows mDNSResponder Vulnerabilities
[SA31765] X-Spam for SMTP Servers Insecure File Permissions
[SA31764] HP OpenView Select Identity Connectors Information
Disclosure

UNIX/Linux:
[SA31834] Fedora update for yelp
[SA31827] Fedora update for xine-lib
[SA31756] Gentoo update for realplayer
[SA31753] Gentoo update for yelp
[SA31838] Fedora update for libtiff
[SA31825] Fedora update for drupal
[SA31799] Debian update for freetype
[SA31797] Gentoo update for tiff
[SA31793] phpAdultSite CMS SQL Injection And Cross-Site Scripting
[SA31792] NetBSD Malformed ICMPv6 "MLD-QUERY" Denial of Service
[SA31790] Gentoo update for courier-authlib
[SA31785] Gentoo update for VLC
[SA31778] Fedora update for openoffice.org
[SA31766] Sun Solaris 10 GNU Tar PAX Extended Headers Handling Buffer
Overflow
[SA31763] rPath update for libtiff
[SA31754] Gentoo update for dnsmasq
[SA31836] SUSE update for kernel
[SA31833] Fedora update for bluez-utils and bluez-libs
[SA31777] Fedora update for adminutil
[SA31837] Fedora update for Django
[SA31806] Movable Type Multiple Vulnerabilities
[SA31759] Fedora update for awstats
[SA31791] Red Hat Enterprise IPA Information Disclosure and Denial of
Service
[SA31839] Fedora update for amarok
[SA31831] Fedora update for R and rpy
[SA31798] Gentoo update for Amarok
[SA31783] Linux Kernel "listxattr" Memory Corruption and CHRP Denial of
Service
[SA31771] Fedora update for xastir
[SA31755] Gentoo update for mysql
[SA31800] Ubuntu update for postfix

Other:
[SA31823] Apple iPod Touch Multiple Vulnerabilities
[SA31840] Ingate Firewall and SIParator DNS Cache Poisoning
[SA31802] Linksys WRT350N Denial of Service Vulnerability
[SA31770] Netgear WN802T Wireless Access Point Two Vulnerabilities
[SA31767] D-Link DIR-100 Ethernet Broadband Router URL Filtering
Bypass
[SA31752] Samsung DVR SHR2040 Denial of Service Vulnerability

Cross Platform:
[SA31776] DevalCMS Cross-Site Scripting and Code Execution
Vulnerabilities
[SA31842] Horde Products MIME Library and HTML Message Script Insertion
Vulnerabilities
[SA31818] Stash Multiple SQL Injection Vulnerabilities
[SA31817] CMS Buzz "id" SQL Injection Vulnerability
[SA31816] AvailScript Article Script "aIDS" Cross-Site Scripting and
SQL Injection
[SA31814] AvailScript Photo Album "sid" and "a" SQL Injection
Vulnerabilities
[SA31813] AvailScript Classmate Script "p" SQL Injection
[SA31811] Libera CMS Multiple SQL Injection Vulnerabilities
[SA31810] AvailScript Jobs Portal Script "jid" SQL Injection
Vulnerability
[SA31795] E-Php B2B Trading Marketplace Script "cid" SQL Injection
[SA31789] Joomla! Multiple Vulnerabilities
[SA31787] IBM DB2 Multiple Vulnerabilities
[SA31782] Thyme "uname_search" SQL Injection Vulnerability
[SA31772] Live TV Script "mid" SQL Injection Vulnerability
[SA31760] MyBB Multiple Vulnerabilities
[SA31758] Zen Cart Two SQL Injection Vulnerabilities
[SA31751] MemHT Portal "stats_res" SQL Injection Vulnerability
[SA31846] DeluxeBB Cross-Site Scripting Vulnerability
[SA31845] phpMyFAQ Cross-Site Scripting Vulnerability
[SA31843] LedgerSMB Denial of Service and SQL Injection
Vulnerabilities
[SA31835] Tor World CGI Scripts Cross-Site Scripting Vulnerabilities
[SA31807] Movable Type Multiple Vulnerabilities
[SA31805] High Norm Sound Master 2nd Cross-Site Scripting
Vulnerability
[SA31804] UBB.threads "Forum[]" SQL Injection Vulnerability
[SA31803] phpAuction "phpinfo.php" Information Disclosure
[SA31801] Silentum LoginSys Multiple Cross-site Scripting
Vulnerabilities
[SA31781] libpng "png_push_read_zTXt()" Off-By-One Vulnerability
[SA31768] Avactis Shopping Cart "checkout.php" Cross-Site Scripting
[SA31757] Drupal Content Construction Kit Script Insertion
Vulnerabilities
[SA31769] MySQL Empty Bit-String Literal Denial of Service
[SA31824] Apple iTunes Privilege Escalation Vulnerability

=======================================================================5) Vulnerabilities Content Listing

Windows:--

[SA31821] Apple QuickTime Multiple Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2008-09-10

Multiple vulnerabilities have been reported in QuickTime, which can be
exploited by malicious people to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/31821/ 

 --

[SA31819] Creator CMS "sideid" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data, Exposure of sensitive information
Released:    2008-09-11

ThE X-HaCkEr has reported a vulnerability in Creator CMS, which can be
exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/31819/ 

 --

[SA31750] Simple Machines Forum Password Reset Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass
Released:    2008-09-08

A vulnerability has been reported in Simple Machines Forum, which can
be exploited by malicious people to bypass certain security
restrictions.

Full Advisory:
http://secunia.com/advisories/31750/ 

 --

[SA31822] Apple Bonjour for Windows mDNSResponder Vulnerabilities

Critical:    Less critical
Where:       From remote
Impact:      Spoofing, DoS
Released:    2008-09-10

Two vulnerabilities have been reported in Apple Bonjour for Windows,
which can be exploited by malicious people to cause a DoS (Denial of
Service) or spoof DNS responses.

Full Advisory:
http://secunia.com/advisories/31822/ 

 --

[SA31765] X-Spam for SMTP Servers Insecure File Permissions

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2008-09-08

Edi Strosar has reported a security issue in X-Spam for SMTP Servers,
which can be exploited by malicious, local users to gain escalated
privileges.

Full Advisory:
http://secunia.com/advisories/31765/ 

 --

[SA31764] HP OpenView Select Identity Connectors Information
Disclosure

Critical:    Less critical
Where:       Local system
Impact:      Exposure of system information, Exposure of sensitive
information
Released:    2008-09-05

A vulnerability has been reported in various HP OpenView Select
Identity Connectors, which can be exploited by malicious, local users
to disclose potentially sensitive information.

Full Advisory:
http://secunia.com/advisories/31764/ 


UNIX/Linux:--

[SA31834] Fedora update for yelp

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2008-09-10

Fedora has issued an update for yelp. This fixes a vulnerability, which
potentially can be exploited by malicious people to compromise a user's
system.

Full Advisory:
http://secunia.com/advisories/31834/ 

 --

[SA31827] Fedora update for xine-lib

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2008-09-10

Fedora has issued an update for xine-lib. This fixes some
vulnerabilities, which potentially can be exploited by malicious people
to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/31827/ 

 --

[SA31756] Gentoo update for realplayer

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2008-09-05

Gentoo has issued an update for realplayer. This fixes a vulnerability,
which can be exploited by malicious people to compromise a user's
system.

Full Advisory:
http://secunia.com/advisories/31756/ 

 --

[SA31753] Gentoo update for yelp

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2008-09-05

Gentoo has issued an update for yelp. This fixes a vulnerability, which
can be exploited by malicious people to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/31753/ 

 --

[SA31838] Fedora update for libtiff

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2008-09-10

Fedora has issued an update for libtiff. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service) or to potentially compromise a user's system.

Full Advisory:
http://secunia.com/advisories/31838/ 

 --

[SA31825] Fedora update for drupal

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting, Manipulation of data, System access
Released:    2008-09-10

Fedora has issued an update for drupal. This fixes some
vulnerabilities, which can be exploited by malicious users to conduct
script insertion attacks and compromise a vulnerable system, and by
malicious people to conduct cross-site scripting and cross-site request
forgery attacks.

Full Advisory:
http://secunia.com/advisories/31825/ 

 --

[SA31799] Debian update for freetype

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2008-09-11

Debian has issued an update for freetype. This fixes some
vulnerabilities, which potentially can be exploited by malicious people
to compromise an application using the library.

Full Advisory:
http://secunia.com/advisories/31799/ 

 --

[SA31797] Gentoo update for tiff

Critical:    Moderately critical
Where:       From remote
Impact:      System access, DoS
Released:    2008-09-09

Gentoo has issued an update for tiff. This fixes some vulnerabilities,
which can be exploited by malicious people to cause a DoS (Denial of
Service) or to potentially compromise a user's system.

Full Advisory:
http://secunia.com/advisories/31797/ 

 --

[SA31793] phpAdultSite CMS SQL Injection And Cross-Site Scripting

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting, Manipulation of data
Released:    2008-09-08

David Sopas has reported a vulnerability in phpAdultSite CMS, which can
be exploited by malicious people to conduct cross-site scripting and SQL
injection attacks.

Full Advisory:
http://secunia.com/advisories/31793/ 

 --

[SA31792] NetBSD Malformed ICMPv6 "MLD-QUERY" Denial of Service

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2008-09-08

A vulnerability has been reported in NetBSD, which can be exploited by
malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/31792/ 

 --

[SA31790] Gentoo update for courier-authlib

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2008-09-08

Gentoo has issued an update for courier-authlib. This fixes a
vulnerability, which can be exploited by malicious people to conduct
SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/31790/ 

 --

[SA31785] Gentoo update for VLC

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2008-09-08

Gentoo has issued an update for VLC. This fixes some vulnerabilities,
which potentially can be exploited by malicious people to compromise a
user's system.

Full Advisory:
http://secunia.com/advisories/31785/ 

 --

[SA31778] Fedora update for openoffice.org

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2008-09-10

Fedora has issued an update for openoffice.org. This fixes a
vulnerability, which potentially can be exploited by malicious people
to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/31778/ 

 --

[SA31766] Sun Solaris 10 GNU Tar PAX Extended Headers Handling Buffer
Overflow

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2008-09-09

Sun has acknowledged a vulnerability in GNU Tar in Solaris, which
potentially can be exploited by malicious people to cause a DoS (Denial
of Service) and to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/31766/ 

 --

[SA31763] rPath update for libtiff

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2008-09-05

rPath has issued an update for libtiff. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service) or compromise a user's system.

Full Advisory:
http://secunia.com/advisories/31763/ 

 --

[SA31754] Gentoo update for dnsmasq

Critical:    Moderately critical
Where:       From remote
Impact:      Spoofing, DoS
Released:    2008-09-05

Gentoo has issued an update for dnsmasq. This fixes some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service) and poison the DNS cache.

Full Advisory:
http://secunia.com/advisories/31754/ 

 --

[SA31836] SUSE update for kernel

Critical:    Moderately critical
Where:       From local network
Impact:      Exposure of sensitive information, DoS, System access
Released:    2008-09-11

SUSE has issued an update for the kernel. This fixes some
vulnerabilities, which can be exploited by malicious, local users to
cause a DoS (Denial of Service) and disclose potentially sensitive
information, and by malicious people to cause a DoS and potentially
compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/31836/ 

 --

[SA31833] Fedora update for bluez-utils and bluez-libs

Critical:    Moderately critical
Where:       From local network
Impact:      DoS, System access
Released:    2008-09-10

Fedora has issued an update for bluez-utils and bluez-libs. This fixes
a vulnerability, which can be exploited by malicious people to cause a
DoS (Denial of Service) or to potentially compromise a user's system.

Full Advisory:
http://secunia.com/advisories/31833/ 

 --

[SA31777] Fedora update for adminutil

Critical:    Moderately critical
Where:       From local network
Impact:      Cross Site Scripting, DoS, System access
Released:    2008-09-10

Fedora has issued an update for adminutil. This fixes some
vulnerabilities, which can be exploited by malicious people to conduct
cross-site scripting attacks, cause a DoS (Denial of Service), and
potentially compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/31777/ 

 --

[SA31837] Fedora update for Django

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting, Manipulation of data
Released:    2008-09-10

Fedora has issued an update for Django. This fixes a vulnerability,
which can be exploited by malicious people to conduct cross-site
request forgery attacks.

Full Advisory:
http://secunia.com/advisories/31837/ 

 --

[SA31806] Movable Type Multiple Vulnerabilities

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2008-09-09

Some vulnerabilities have been reported in Movable Type, which can be
exploited by malicious people to conduct cross-site scripting and
cross-site request forgery attacks.

Full Advisory:
http://secunia.com/advisories/31806/ 

 --

[SA31759] Fedora update for awstats

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2008-09-10

Fedora has issued an update for awstats. This fixes a vulnerability,
which can be exploited by malicious people to conduct cross-site
scripting attacks.

Full Advisory:
http://secunia.com/advisories/31759/ 

 --

[SA31791] Red Hat Enterprise IPA Information Disclosure and Denial of
Service

Critical:    Less critical
Where:       From local network
Impact:      Exposure of sensitive information, DoS
Released:    2008-09-11

Some vulnerabilities have been reported in Red Hat Enterprise IPA,
which can be exploited by malicious people to disclose potentially
sensitive information and cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/31791/ 

 --

[SA31839] Fedora update for amarok

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2008-09-10

Fedora has released an update for amarok.This fixes a security issue,
which can be exploited by malicious, local users to perform certain
actions with escalated privileges.

Full Advisory:
http://secunia.com/advisories/31839/ 

 --

[SA31831] Fedora update for R and rpy

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2008-09-10

Fedora has issued an update for R and rpy. This fixes a security issue,
which can be exploited by malicious, local users to perform certain
actions with escalated privileges.

Full Advisory:
http://secunia.com/advisories/31831/ 

 --

[SA31798] Gentoo update for Amarok

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2008-09-09

Gentoo has issued an update for Amarok. This fixes a vulnerability,
which can be exploited by malicious, local users to perform certain
actions with escalated privileges.

Full Advisory:
http://secunia.com/advisories/31798/ 

 --

[SA31783] Linux Kernel "listxattr" Memory Corruption and CHRP Denial of
Service

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation, DoS
Released:    2008-09-08

A security issue and a vulnerability have been reported in the Linux
Kernel, which potentially can be exploited by malicious, local users to
cause a DoS (Denial of Service) or potentially gain escalated
privileges.

Full Advisory:
http://secunia.com/advisories/31783/ 

 --

[SA31771] Fedora update for xastir

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2008-09-05

Fedora has issued an update for xastir. This fixes some security
issues, which can be exploited by malicious, local users to perform
certain actions with escalated privileges.

Full Advisory:
http://secunia.com/advisories/31771/ 

 --

[SA31755] Gentoo update for mysql

Critical:    Less critical
Where:       Local system
Impact:      Security Bypass
Released:    2008-09-05

Gentoo has issued an update for mysql. This fixes a security issue,
which can be exploited by malicious, local users to bypass certain
security restrictions.

Full Advisory:
http://secunia.com/advisories/31755/ 

 --

[SA31800] Ubuntu update for postfix

Critical:    Not critical
Where:       Local system
Impact:      DoS
Released:    2008-09-11

Ubuntu has issued an update for postfix. This fixes a security issue,
which can be exploited by malicious, local users to cause a DoS (Denial
of Service).

Full Advisory:
http://secunia.com/advisories/31800/ 


Other:--

[SA31823] Apple iPod Touch Multiple Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      Hijacking, Security Bypass, Spoofing, Exposure of
sensitive information, System access
Released:    2008-09-10

Multiple vulnerabilities have been reported in Apple iPod touch, which
can be exploited by malicious applications to bypass certain security
features and by malicious people to poison the DNS cache, spoof TCP
connections, or potentially compromise a user's device.

Full Advisory:
http://secunia.com/advisories/31823/ 

 --

[SA31840] Ingate Firewall and SIParator DNS Cache Poisoning

Critical:    Moderately critical
Where:       From remote
Impact:      Spoofing
Released:    2008-09-10

Ingate has acknowledged a security issue in Ingate Firewall and
SIParator, which can potentially be exploited by malicious people to
poison the DNS cache.

Full Advisory:
http://secunia.com/advisories/31840/ 

 --

[SA31802] Linksys WRT350N Denial of Service Vulnerability

Critical:    Less critical
Where:       From local network
Impact:      DoS
Released:    2008-09-09

A vulnerability has been reported in Linksys WRT350N, which can be
exploited by malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/31802/ 

 --

[SA31770] Netgear WN802T Wireless Access Point Two Vulnerabilities

Critical:    Less critical
Where:       From local network
Impact:      DoS
Released:    2008-09-05

Laurent Butti and Julien Tinnes have reported some vulnerabilities in
Netgear WN802T Wireless Access Point, which can be exploited by
malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/31770/ 

 --

[SA31767] D-Link DIR-100 Ethernet Broadband Router URL Filtering
Bypass

Critical:    Less critical
Where:       From local network
Impact:      Security Bypass
Released:    2008-09-09

Marc Ruef has reported a vulnerability in D-Link DIR-100 Ethernet
Broadband Router, which can be exploited by malicious people to bypass
the URL filtering functionality.

Full Advisory:
http://secunia.com/advisories/31767/ 

 --

[SA31752] Samsung DVR SHR2040 Denial of Service Vulnerability

Critical:    Not critical
Where:       From local network
Impact:      DoS
Released:    2008-09-10

Alex Hernandez has reported a vulnerability in Samsung DVR SHR2040,
which can be exploited by malicious people to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/31752/ 


Cross Platform:--

[SA31776] DevalCMS Cross-Site Scripting and Code Execution
Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      Cross Site Scripting, System access
Released:    2008-09-10

IRCRASH has discovered some vulnerabilities in DevalCMS, which can be
exploited to conduct cross-site scripting attacks and compromise a
vulnerable user's system.

Full Advisory:
http://secunia.com/advisories/31776/ 

 --

[SA31842] Horde Products MIME Library and HTML Message Script Insertion
Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2008-09-10

Some vulnerabilities have been reported in various Horde products,
which can be exploited by malicious people to conduct script insertion
attacks.

Full Advisory:
http://secunia.com/advisories/31842/ 

 --

[SA31818] Stash Multiple SQL Injection Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass, Manipulation of data, Exposure of
sensitive information
Released:    2008-09-11

IRCRASH has discovered multiple vulnerabilities in Stash, which can be
exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/31818/ 

 --

[SA31817] CMS Buzz "id" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2008-09-10

security fears team has reported a vulnerability in CMS Buzz, which can
be exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/31817/ 

 --

[SA31816] AvailScript Article Script "aIDS" Cross-Site Scripting and
SQL Injection

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting, Manipulation of data
Released:    2008-09-11

sl4x.xuz has reported some vulnerabilities in AvailScript Article
Script, which can be exploited by malicious people to conduct
cross-site scripting and SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/31816/ 

 --

[SA31814] AvailScript Photo Album "sid" and "a" SQL Injection
Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2008-09-11

sl4x.xuz has reported some vulnerabilities in AvailScript Photo Album,
which can be exploited by malicious people to conduct SQL injection
attacks.

Full Advisory:
http://secunia.com/advisories/31814/ 

 --

[SA31813] AvailScript Classmate Script "p" SQL Injection

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data, Exposure of sensitive information
Released:    2008-09-11

Stack has reported a vulnerability in AvailScript Classmate Script,
which can be exploited by malicious users to conduct SQL injection
attacks.

Full Advisory:
http://secunia.com/advisories/31813/ 

 --

[SA31811] Libera CMS Multiple SQL Injection Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass, Manipulation of data
Released:    2008-09-10

Some vulnerabilities have been discovered in Libera CMS, which can be
exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/31811/ 

 --

[SA31810] AvailScript Jobs Portal Script "jid" SQL Injection
Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data, Exposure of sensitive information
Released:    2008-09-11

Cyb3r-1sT has reported a vulnerability in AvailScript Jobs Portal
Script, which can be exploited by malicious users to conduct SQL
injection attacks.

Full Advisory:
http://secunia.com/advisories/31810/ 

 --

[SA31795] E-Php B2B Trading Marketplace Script "cid" SQL Injection

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2008-09-09

r45c4l has reported a vulnerability in E-Php B2B Trading Marketplace
Script, which can be exploited by malicious people to conduct SQL
injection attacks.

Full Advisory:
http://secunia.com/advisories/31795/ 

 --

[SA31789] Joomla! Multiple Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Unknown, Brute force
Released:    2008-09-10

Some vulnerabilities and a security issue have been reported in
Joomla!, where some have an unknown impact and others can potentially
be exploited by malicious people to conduct brute force attacks.

Full Advisory:
http://secunia.com/advisories/31789/ 

 --

[SA31787] IBM DB2 Multiple Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Unknown, Privilege escalation, DoS, System access
Released:    2008-09-08

Some vulnerabilities have been reported in DB2, where some have an
unknown impact and others can be exploited by malicious users to
perform certain actions with escalated privileges, and by malicious
people to cause a DoS or potentially compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/31787/ 

 --

[SA31782] Thyme "uname_search" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2008-09-09

Omer Singer has reported a vulnerability in Thyme, which can be
exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/31782/ 

 --

[SA31772] Live TV Script "mid" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data, Exposure of sensitive information
Released:    2008-09-11

Cyb3r-1sT has reported a vulnerability in Live TV Script, which can be
exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/31772/ 

 --

[SA31760] MyBB Multiple Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Unknown
Released:    2008-09-10

Some vulnerabilities with unknown impacts have been reported in MyBB.

Full Advisory:
http://secunia.com/advisories/31760/ 

 --

[SA31758] Zen Cart Two SQL Injection Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2008-09-08

James Bercegay has reported two vulnerabilities in Zen Cart, which can
be exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/31758/ 

 --

[SA31751] MemHT Portal "stats_res" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2008-09-08

Ams has reported a vulnerability in MemHT Portal, which can be
exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/31751/ 

 --

[SA31846] DeluxeBB Cross-Site Scripting Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2008-09-11

A vulnerability has been reported in DeluxeBB, which can be exploited
by malicious people to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/31846/ 

 --

[SA31845] phpMyFAQ Cross-Site Scripting Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2008-09-11

A vulnerability has been reported in phpMyFAQ, which can be exploited
by malicious people to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/31845/ 

 --

[SA31843] LedgerSMB Denial of Service and SQL Injection
Vulnerabilities

Critical:    Less critical
Where:       From remote
Impact:      Manipulation of data, DoS
Released:    2008-09-11

Some vulnerabilities have been reported in LedgerSMB, which can be
exploited by malicious users to conduct SQL injection attacks and
malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/31843/ 

 --

[SA31835] Tor World CGI Scripts Cross-Site Scripting Vulnerabilities

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2008-09-11

Some vulnerabilities have been reported in various Tor World CGI
Scripts, which can be exploited by malicious people to conduct
cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/31835/ 

 --

[SA31807] Movable Type Multiple Vulnerabilities

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2008-09-09

Some vulnerabilities have been reported in Movable Type, which can be
exploited by malicious people to conduct cross-site scripting and
cross-site request forgery attacks.

Full Advisory:
http://secunia.com/advisories/31807/ 

 --

[SA31805] High Norm Sound Master 2nd Cross-Site Scripting
Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2008-09-09

A vulnerability has been reported in High Norm Sound Master 2nd, which
can be exploited by malicious people to conduct cross-site scripting
attacks.

Full Advisory:
http://secunia.com/advisories/31805/ 

 --

[SA31804] UBB.threads "Forum[]" SQL Injection Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Exposure of sensitive information, Manipulation of data
Released:    2008-09-09

James Bercegay has reported a vulnerability in UBB.threads, which can
be exploited by malicious users to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/31804/ 

 --

[SA31803] phpAuction "phpinfo.php" Information Disclosure

Critical:    Less critical
Where:       From remote
Impact:      Exposure of system information
Released:    2008-09-08

Beenu Arora has discovered a vulnerability in phpAuction, which can be
exploited by malicious people to disclose sensitive information.

Full Advisory:
http://secunia.com/advisories/31803/ 

 --

[SA31801] Silentum LoginSys Multiple Cross-site Scripting
Vulnerabilities

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2008-09-08

Multiple vulnerabilities have been discovered in Silentum LoginSys,
which can be exploited by malicious people to conduct cross-site
scripting attacks.

Full Advisory:
http://secunia.com/advisories/31801/ 

 --

[SA31781] libpng "png_push_read_zTXt()" Off-By-One Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      DoS
Released:    2008-09-08

A vulnerability has been reported in libpng, which can be exploited by
malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/31781/ 

 --

[SA31768] Avactis Shopping Cart "checkout.php" Cross-Site Scripting

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2008-09-08

Russ McRee has discovered two vulnerabilities in Avactis Shopping Cart,
which can be exploited by malicious people to conduct cross-site
scripting attacks.

Full Advisory:
http://secunia.com/advisories/31768/ 

 --

[SA31757] Drupal Content Construction Kit Script Insertion
Vulnerabilities

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2008-09-05

Some vulnerabilities have been reported in the Drupal Content
Construction Kit (CCK), which can be exploited by malicious users to
conduct script insertion attacks.

Full Advisory:
http://secunia.com/advisories/31757/ 

 --

[SA31769] MySQL Empty Bit-String Literal Denial of Service

Critical:    Less critical
Where:       From local network
Impact:      DoS
Released:    2008-09-11

A vulnerability has been reported in MySQL, which can be exploited by
malicious users to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/31769/ 

 --

[SA31824] Apple iTunes Privilege Escalation Vulnerability

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2008-09-10

A vulnerability has been reported in Apple iTunes, which can be
exploited by malicious, local users to gain escalated privileges.

Full Advisory:
http://secunia.com/advisories/31824/ 



=======================================================================
Secunia recommends that you verify all advisories you receive,
by clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only use
those supplied by the vendor.

Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/ 

Subscribe:
http://secunia.com/advisories/weekly_summary/ 

Contact details:
Web	: http://secunia.com/ 
E-mail	: support@secunia.com 
Tel	: +45 70 20 51 44
Fax	: +45 70 20 51 45


__________________________________________________      
Register now for HITBSecConf2008 - Malaysia! With 
a new triple-track conference featuring 4 keynote 
speakers and over 35 international experts, this 
is the largest network security event in Asia and 
the Middle East! 
http://conference.hackinthebox.org/hitbsecconf2008kl/ 

Site design & layout copyright © 1986-2014 CodeGods