AOH :: IS1143.HTM

Secunia Weekly Summary - Issue: 2008-38




Secunia Weekly Summary - Issue: 2008-38
Secunia Weekly Summary - Issue: 2008-38



=======================================================================
                  The Secunia Weekly Advisory Summary                  
                        2008-09-11 - 2008-09-18                        

                       This week: 63 advisories                        

=======================================================================Table of Contents:

1.....................................................Word From Secunia
2....................................................This Week In Brief
3...............................This Weeks Top Ten Most Read Advisories
4.......................................Vulnerabilities Summary Listing
5.......................................Vulnerabilities Content Listing

=======================================================================1) Word From Secunia:

BLOG: A new face - The same reliable intelligence

6 years ago the first user visited Secunia...

Now we have more than 5 million annual visitors and 70,000 daily users
of the Software Inspector solutions.

Read more:
http://secunia.com/blog/26/ 

Visit our new website:
http://secunia.com/ 

=======================================================================2) This Week in Brief:

Some vulnerabilities have been reported in Adobe Illustrator, which can
potentially be exploited by malicious people to compromise a vulnerable
system.

For more information, refer to:
http://secunia.com/advisories/31902/ 

 --

Apple has issued a security update for Mac OS X, which fixes multiple
vulnerabilities.

For more information, refer to:
http://secunia.com/advisories/31882/ 

=======================================================================3) This Weeks Top Ten Most Read Advisories:

1.  [SA31832] ZoneAlarm Internet Security Suite "multiscan.exe"
              Buffer Overflow
2.  [SA31342] Trend Micro OfficeScan Server "cgiRecvFile.exe" Buffer
              Overflow
3.  [SA14652] Subdreamer Light Global Variables SQL Injection
              Vulnerability
4.  [SA31737] WordPress Insecure Password Generation Vulnerability
5.  [SA31808] D-iscussion Board "topic" Local File Inclusion
              Vulnerability
6.  [SA31821] Apple QuickTime Multiple Vulnerabilities
7.  [SA31854] Unreal Engine Format String Vulnerabilities and Denial of
              Service
8.  [SA31675] Microsoft Products GDI+ Multiple Vulnerabilities
9.  [SA31893] DotNetNuke Multiple Vulnerabilities
10. [SA31865] Fedora update for tomcat6

=======================================================================4) Vulnerabilities Summary Listing

Windows:
[SA31888] LANDesk Multiple Products Buffer Overflow Vulnerability
[SA31852] Personal FTP Server "RETR" Denial of Service Vulnerability
[SA31883] Microsoft Windows "WRITE_ANDX" SMB Packet Handling Denial of
Service

UNIX/Linux:
[SA31939] SUSE update for gnutls
[SA31902] Adobe Illustrator Unspecified Code Execution Vulnerabilities
[SA31894] Data Dynamics ActiveReports ARViewer2 ActiveX Control
Insecure Methods
[SA31882] Apple Mac OS X Security Update Fixes Multiple
Vulnerabilities
[SA31906] Kolab Server ClamAV Denial of Service
[SA31891] Fedora update for tomcat5
[SA31890] NetBSD IPsec-Tools racoon Phase 1 Handler Denial of Service
[SA31886] rPath update for wireshark
[SA31885] Debian update for openssh
[SA31870] Fedora update for wordpress
[SA31868] Red Hat update for libxml2
[SA31865] Fedora update for tomcat6
[SA31864] Fedora update for wireshark
[SA31860] Red Hat update for libxml2
[SA31856] Ubuntu update for freetype
[SA31855] Ubuntu update for libxml2
[SA31847] pdnsd DNS Cache Poisoning and Denial of Service
[SA31878] Sun Solaris update for bzip2
[SA31869] Red Hat update for bzip2
[SA31866] Fedora update for httrack
[SA31863] cPanel Fantastico De Luxe "fantasticopath" Local File
Inclusion
[SA31913] Fedora Directory Server Denial of Service Vulnerabilities
[SA31867] Fedora update for fedora-ds-base
[SA31861] Fedora update for ipa
[SA31895] Sun Solaris Editors Tag File Handling Privilege Escalation
Vulnerability
[SA31881] Debian update for linux-2.6.24

Other:
[SA31900] Apple iPhone Multiple Vulnerabilities
[SA31848] Accellion File Transfer Appliance "api_error_email.html"
Security Bypass
[SA31905] Nortel Switched Firewall Products SNMPv3 HMAC Authentication
Bypass
[SA31857] Nokia E90 Communicator Denial of Service Vulnerability

Cross Platform:
[SA31916] TECHNOTE "shop_this_skin_path" File Inclusion Vulnerability
[SA31874] phpRealty "INC" File Inclusion Vulnerability
[SA31923] E-Php Content Management System "es_id" SQL Injection
[SA31918] TYPO3 phpMyAdmin Extension PHP Code Execution Vulnerability
[SA31910] Ruby on Rails ":offset" and ":limit" SQL Injection
Vulnerabilities
[SA31909] Ruby on Rails ":offset" and ":limit" SQL Injection
Vulnerabilities
[SA31893] DotNetNuke Multiple Vulnerabilities
[SA31892] WebSphere Application Server Unspecified Vulnerability
[SA31884] phpMyAdmin "sort_by" PHP Code Execution
[SA31879] TalkBack "language" Local File Inclusion
[SA31876] OSADS Unspecified Security Issue
[SA31875] Ruby on Rails ":offset" and ":limit" SQL Injection
Vulnerabilities
[SA31873] Pre Real Estate Listings "c" SQL Injection Vulnerability
[SA31872] PSCRIPT Forum "showprofil.php" SQL Injection
[SA31871] iBoutique "cat" SQL Injection Vulnerability
[SA31854] Unreal Engine Format String Vulnerabilities and Denial of
Service
[SA31853] Link Bid Two SQL Injection Vulnerabilities
[SA31851] YourOwnBux Security Bypass Vulnerability
[SA31850] Free PHP VX Guestbook Security Bypass Vulnerabilities
[SA31938] Quick.Cart "admin.php" Cross-Site Scripting
[SA31914] Drupal Link To Us Module "Link page header" Script Insertion
[SA31912] Gallery Symlink ZIP Archive Information Disclosure
[SA31908] Drupal Talk Module Script Insertion and Security Bypass
[SA31904] IBM HTTP Server mod_proxy Interim Responses Denial of
Service
[SA31896] FlexNET Connect Insecure Script Execution Vulnerability
[SA31889] Drupal Mailsave Module MIME Type Script Insertion
[SA31877] Drupal Mailhandler Module Unspecified SQL Injection
[SA31859] NooMS Two Cross-Site Scripting Vulnerabilities
[SA31858] Gallery Flash Animation Script Insertion Vulnerability
[SA31899] FFmpeg libavformat gifdec.c GIF Processing Denial of Service

=======================================================================5) Vulnerabilities Content Listing

Windows:--

[SA31888] LANDesk Multiple Products Buffer Overflow Vulnerability

Critical:    Moderately critical
Where:       From local network
Impact:      System access
Released:    2008-09-16

A vulnerability has been reported in multiple LANDesk products, which
can be exploited by malicious  people to compromise a vulnerable
system.

Full Advisory:
http://secunia.com/advisories/31888/ 

 --

[SA31852] Personal FTP Server "RETR" Denial of Service Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      DoS
Released:    2008-09-17

Shinnok raydenxy has discovered a vulnerability in Personal FTP Server,
which can be exploited by malicious users to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/31852/ 

 --

[SA31883] Microsoft Windows "WRITE_ANDX" SMB Packet Handling Denial of
Service

Critical:    Less critical
Where:       From local network
Impact:      DoS
Released:    2008-09-16

A vulnerability has been reported in Microsoft Windows Vista, which can
be exploited by malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/31883/ 


UNIX/Linux:--

[SA31939] SUSE update for gnutls

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2008-09-18

SuSE has issued an update for gnutls. This fixes some vulnerabilities,
which can be exploited by malicious people to cause a DoS (Denial of
Service) or to potentially compromise an application using the
library.

Full Advisory:
http://secunia.com/advisories/31939/ 

 --

[SA31902] Adobe Illustrator Unspecified Code Execution Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2008-09-17

Some vulnerabilities have been reported in Adobe Illustrator, which can
potentially be exploited by malicious people to compromise a vulnerable
system.

Full Advisory:
http://secunia.com/advisories/31902/ 

 --

[SA31894] Data Dynamics ActiveReports ARViewer2 ActiveX Control
Insecure Methods

Critical:    Highly critical
Where:       From remote
Impact:      Manipulation of data, System access
Released:    2008-09-18

Tan Chew Keong has reported some vulnerabilities in Data Dynamics
ActiveReports, which can be exploited by malicious people to overwrite
arbitrary files and compromise a user's system.

Full Advisory:
http://secunia.com/advisories/31894/ 

 --

[SA31882] Apple Mac OS X Security Update Fixes Multiple
Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      Security Bypass, Cross Site Scripting, Spoofing,
Manipulation of data, Exposure of system information, Exposure of
sensitive information, DoS, System access
Released:    2008-09-16

Apple has issued a security update for Mac OS X, which fixes multiple
vulnerabilities.

Full Advisory:
http://secunia.com/advisories/31882/ 

 --

[SA31906] Kolab Server ClamAV Denial of Service

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2008-09-15

A vulnerability has been reported in Kolab Server, which can be
exploited by malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/31906/ 

 --

[SA31891] Fedora update for tomcat5

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass, Cross Site Scripting, Exposure of system
information, Exposure of sensitive information
Released:    2008-09-17

Fedora has issued an update for tomcat5. This fixes some
vulnerabilities, which can be exploited by malicious people to conduct
cross-site scripting attacks, bypass certain security restrictions, or
disclose sensitive information.

Full Advisory:
http://secunia.com/advisories/31891/ 

 --

[SA31890] NetBSD IPsec-Tools racoon Phase 1 Handler Denial of Service

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2008-09-16

A vulnerability has been reported in NetBSD, which can be exploited by
malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/31890/ 

 --

[SA31886] rPath update for wireshark

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2008-09-18

rPath has issued an update for wireshark. This fixes some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/31886/ 

 --

[SA31885] Debian update for openssh

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2008-09-17

Debian has issued an update for openssh. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/31885/ 

 --

[SA31870] Fedora update for wordpress

Critical:    Moderately critical
Where:       From remote
Impact:      Brute force
Released:    2008-09-12

Fedora has issued an update for wordpress. This fixes a vulnerability,
which can be exploited by malicious people to guess automatically
generated passwords.

Full Advisory:
http://secunia.com/advisories/31870/ 

 --

[SA31868] Red Hat update for libxml2

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2008-09-12

Red Hat has issued an update for libxml2. This fixes some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service) or potentially to compromise an application
using the library.

Full Advisory:
http://secunia.com/advisories/31868/ 

 --

[SA31865] Fedora update for tomcat6

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass, Cross Site Scripting, Exposure of system
information, Exposure of sensitive information
Released:    2008-09-12

Fedora has issued an update for tomcat6. This fixes some
vulnerabilities, which can be exploited by malicious people to conduct
cross-site scripting attacks, bypass certain security restrictions, or
disclose sensitive information.

Full Advisory:
http://secunia.com/advisories/31865/ 

 --

[SA31864] Fedora update for wireshark

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2008-09-12

Fedora has issued an update for wireshark. This fixes some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/31864/ 

 --

[SA31860] Red Hat update for libxml2

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2008-09-12

Red Hat has issued an update for libxml2. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service) or potentially compromise an application using the library.

Full Advisory:
http://secunia.com/advisories/31860/ 

 --

[SA31856] Ubuntu update for freetype

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2008-09-12

Ubuntu has issued an update for freetype. This fixes some
vulnerabilities, which potentially can be exploited by malicious people
to compromise an application using the library.

Full Advisory:
http://secunia.com/advisories/31856/ 

 --

[SA31855] Ubuntu update for libxml2

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2008-09-12

Ubuntu has issued an update for libxml2. This fixes some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service) or potentially compromise an application using
the library.

Full Advisory:
http://secunia.com/advisories/31855/ 

 --

[SA31847] pdnsd DNS Cache Poisoning and Denial of Service

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2008-09-16

Some vulnerabilities have been reported in pdnsd, which can be
exploited by malicious people to poison the DNS cache and cause a DoS
(Denial of Service).

Full Advisory:
http://secunia.com/advisories/31847/ 

 --

[SA31878] Sun Solaris update for bzip2

Critical:    Less critical
Where:       From remote
Impact:      DoS
Released:    2008-09-15

Sun has issued an update for bzip2. This fixes a vulnerability, which
can be exploited by malicious people to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/31878/ 

 --

[SA31869] Red Hat update for bzip2

Critical:    Less critical
Where:       From remote
Impact:      DoS
Released:    2008-09-16

Red Hat has issued an update for bzip2. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/31869/ 

 --

[SA31866] Fedora update for httrack

Critical:    Less critical
Where:       From remote
Impact:      System access
Released:    2008-09-12

Fedora has issued an update for httrack. This fixes a vulnerability,
which potentially can be exploited by malicious people to compromise a
vulnerable system.

Full Advisory:
http://secunia.com/advisories/31866/ 

 --

[SA31863] cPanel Fantastico De Luxe "fantasticopath" Local File
Inclusion

Critical:    Less critical
Where:       From remote
Impact:      Exposure of system information, Exposure of sensitive
information
Released:    2008-09-16

joker_1 has reported a vulnerability in the Fantastico De Luxe module
for cPanel, which can be exploited by malicious users to disclose
sensitive information.

Full Advisory:
http://secunia.com/advisories/31863/ 

 --

[SA31913] Fedora Directory Server Denial of Service Vulnerabilities

Critical:    Less critical
Where:       From local network
Impact:      DoS
Released:    2008-09-18

Some vulnerabilities have been reported in Fedora Directory Server,
which potentially can be exploited by malicious people to cause a DoS
(Denial of Service).

Full Advisory:
http://secunia.com/advisories/31913/ 

 --

[SA31867] Fedora update for fedora-ds-base

Critical:    Less critical
Where:       From local network
Impact:      DoS
Released:    2008-09-12

Fedora has issued an update for fedora-ds-base. This fixes some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/31867/ 

 --

[SA31861] Fedora update for ipa

Critical:    Less critical
Where:       From local network
Impact:      Exposure of sensitive information
Released:    2008-09-12

Fedora has issued an update for ipa. This fixes a vulnerability, which
can be exploited by malicious people to disclose sensitive
information.

Full Advisory:
http://secunia.com/advisories/31861/ 

 --

[SA31895] Sun Solaris Editors Tag File Handling Privilege Escalation
Vulnerability

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2008-09-18

A vulnerability has been reported in Sun Solaris, which can be
exploited by malicious, local users to gain escalated privileges.

Full Advisory:
http://secunia.com/advisories/31895/ 

 --

[SA31881] Debian update for linux-2.6.24

Critical:    Not critical
Where:       Local system
Impact:      DoS
Released:    2008-09-12

Debian has issued an update for linux-2.6.24. This fixes some
vulnerabilities, which can be exploited by malicious, local users to
cause a DoS (Denial of Service) and disclose potentially sensitive
information.

Full Advisory:
http://secunia.com/advisories/31881/ 


Other:--

[SA31900] Apple iPhone Multiple Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      Hijacking, Security Bypass, Spoofing, Exposure of
sensitive information, System access
Released:    2008-09-15

Multiple vulnerabilities have been reported in Apple iPhone, which can
be exploited by malicious applications to bypass certain security
features, and by malicious people to poison the DNS cache, spoof TCP
connections, or potentially compromise a user's device.

Full Advisory:
http://secunia.com/advisories/31900/ 

 --

[SA31848] Accellion File Transfer Appliance "api_error_email.html"
Security Bypass

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass
Released:    2008-09-18

Eric BEAULIEU has reported a vulnerability in Accellion File Transfer
Appliance, which can be exploited by malicious people to bypass certain
security restrictions.

Full Advisory:
http://secunia.com/advisories/31848/ 

 --

[SA31905] Nortel Switched Firewall Products SNMPv3 HMAC Authentication
Bypass

Critical:    Less critical
Where:       From local network
Impact:      Spoofing
Released:    2008-09-15

Nortel has acknowledged a vulnerability in Nortel Switched Firewall
products, which can be exploited by malicious people to spoof
authenticated SNMPv3 packets.

Full Advisory:
http://secunia.com/advisories/31905/ 

 --

[SA31857] Nokia E90 Communicator Denial of Service Vulnerability

Critical:    Less critical
Where:       From local network
Impact:      DoS
Released:    2008-09-16

wins.mallow has reported a vulnerability in Nokia E90 Communicator,
which can be exploited by malicious people to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/31857/ 


Cross Platform:--

[SA31916] TECHNOTE "shop_this_skin_path" File Inclusion Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2008-09-18

webDEViL has reported a vulnerability in TECHNOTE, which can be
exploited by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/31916/ 

 --

[SA31874] phpRealty "INC" File Inclusion Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2008-09-17

ka0x has discovered a vulnerability in phpRealty, which can be
exploited by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/31874/ 

 --

[SA31923] E-Php Content Management System "es_id" SQL Injection

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2008-09-18

HaCker_Egy has reported a vulnerability in E-Php Content Management
System, which can be exploited by malicious people to conduct SQL
injection attacks.

Full Advisory:
http://secunia.com/advisories/31923/ 

 --

[SA31918] TYPO3 phpMyAdmin Extension PHP Code Execution Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2008-09-18

A vulnerability has been reported in the phpMyAdmin extension for
TYPO3, which can be exploited by malicious users to compromise a
vulnerable system.

Full Advisory:
http://secunia.com/advisories/31918/ 

 --

[SA31910] Ruby on Rails ":offset" and ":limit" SQL Injection
Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2008-09-15

Some vulnerabilities have been reported in Ruby on Rails, which can be
exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/31910/ 

 --

[SA31909] Ruby on Rails ":offset" and ":limit" SQL Injection
Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2008-09-15

Some vulnerabilities have been reported in Ruby on Rails, which can be
exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/31909/ 

 --

[SA31893] DotNetNuke Multiple Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass, Privilege escalation, System access
Released:    2008-09-12

Some vulnerabilities have been reported in DotNetNuke, which can be
exploited by malicious users to gain escalated privileges and by
malicious people to bypass certain security restrictions and
potentially compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/31893/ 

 --

[SA31892] WebSphere Application Server Unspecified Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Unknown
Released:    2008-09-15

A vulnerability with an unknown impact has been reported in WebSphere
Application Server.

Full Advisory:
http://secunia.com/advisories/31892/ 

 --

[SA31884] phpMyAdmin "sort_by" PHP Code Execution

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2008-09-16

Norman Hippert has reported a vulnerability in phpMyAdmin, which can be
exploited by malicious users to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/31884/ 

 --

[SA31879] TalkBack "language" Local File Inclusion

Critical:    Moderately critical
Where:       From remote
Impact:      Exposure of sensitive information
Released:    2008-09-15

SirGod has discovered a vulnerability in TalkBack, which can be
exploited by malicious people to disclose sensitive information.

Full Advisory:
http://secunia.com/advisories/31879/ 

 --

[SA31876] OSADS Unspecified Security Issue

Critical:    Moderately critical
Where:       From remote
Impact:      Unknown
Released:    2008-09-16

A security issue with an unknown impact has been reported in OSADS.

Full Advisory:
http://secunia.com/advisories/31876/ 

 --

[SA31875] Ruby on Rails ":offset" and ":limit" SQL Injection
Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2008-09-15

Some vulnerabilities have been reported in Ruby on Rails, which can be
exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/31875/ 

 --

[SA31873] Pre Real Estate Listings "c" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data, Exposure of sensitive information
Released:    2008-09-16

JosS has reported a vulnerability in Pre Real Estate Listings, which
can be exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/31873/ 

 --

[SA31872] PSCRIPT Forum "showprofil.php" SQL Injection

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data, Exposure of sensitive information
Released:    2008-09-15

-tmh- has reported a vulnerability in Powies PSCRIPT Forum (pForum),
which can be exploited by malicious people to conduct SQL injection
attacks.

Full Advisory:
http://secunia.com/advisories/31872/ 

 --

[SA31871] iBoutique "cat" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data, Exposure of sensitive information
Released:    2008-09-16

r45c4l and h4x0r have reported a vulnerability in iBoutique, which can
be exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/31871/ 

 --

[SA31854] Unreal Engine Format String Vulnerabilities and Denial of
Service

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2008-09-12

Luigi Auriemma has reported some vulnerabilities in the Unreal Engine,
which can potentially be exploited by malicious people to cause a DoS
(Denial of Service) or compromise a user's system.

Full Advisory:
http://secunia.com/advisories/31854/ 

 --

[SA31853] Link Bid Two SQL Injection Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2008-09-16

SirGod has discovered two vulnerabilities in Link Bid, which can be
exploited by malicious people or users to conduct SQL injection
attacks.

Full Advisory:
http://secunia.com/advisories/31853/ 

 --

[SA31851] YourOwnBux Security Bypass Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass
Released:    2008-09-15

Tec-n0x has reported a vulnerability in YourOwnBux, which can be
exploited by malicious people to bypass certain security restrictions.

Full Advisory:
http://secunia.com/advisories/31851/ 

 --

[SA31850] Free PHP VX Guestbook Security Bypass Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass, Exposure of sensitive information
Released:    2008-09-16

Two vulnerabilities have been reported in Free PHP VX Guestbook, which
can be exploited by malicious people to bypass certain security
restrictions.

Full Advisory:
http://secunia.com/advisories/31850/ 

 --

[SA31938] Quick.Cart "admin.php" Cross-Site Scripting

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2008-09-18

John Cobb has discovered a vulnerability in Quick.Cart, which can be
exploited by malicious people to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/31938/ 

 --

[SA31914] Drupal Link To Us Module "Link page header" Script Insertion

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2008-09-18

Justin C. Klein Keane has reported a vulnerability in the Link To Us
module for Drupal, which can be exploited by malicious users to conduct
script insertion attacks.

Full Advisory:
http://secunia.com/advisories/31914/ 

 --

[SA31912] Gallery Symlink ZIP Archive Information Disclosure

Critical:    Less critical
Where:       From remote
Impact:      Exposure of system information, Exposure of sensitive
information
Released:    2008-09-18

A vulnerability has been reported in Gallery, which can be exploited by
malicious users to disclose sensitive information.

Full Advisory:
http://secunia.com/advisories/31912/ 

 --

[SA31908] Drupal Talk Module Script Insertion and Security Bypass

Critical:    Less critical
Where:       From remote
Impact:      Security Bypass, Cross Site Scripting, Exposure of
sensitive information
Released:    2008-09-18

Two vulnerabilities have been reported in the Talk module for Drupal,
which can be exploited by malicious users to conduct script insertion
attacks, and by malicious people to bypass certain security
restrictions.

Full Advisory:
http://secunia.com/advisories/31908/ 

 --

[SA31904] IBM HTTP Server mod_proxy Interim Responses Denial of
Service

Critical:    Less critical
Where:       From remote
Impact:      DoS
Released:    2008-09-17

IBM has acknowledged a vulnerability in IBM HTTP Server, which can
potentially be exploited by malicious people to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/31904/ 

 --

[SA31896] FlexNET Connect Insecure Script Execution Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      System access
Released:    2008-09-18

Brian Dowling has reported a vulnerability in FlexNET Connect, which
can be exploited by malicious people to compromise a vulnerable
system.

Full Advisory:
http://secunia.com/advisories/31896/ 

 --

[SA31889] Drupal Mailsave Module MIME Type Script Insertion

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2008-09-18

A vulnerability has been reported in the Mailsave module for Drupal,
which can be exploited by malicious users to conduct script insertion
attacks.

Full Advisory:
http://secunia.com/advisories/31889/ 

 --

[SA31877] Drupal Mailhandler Module Unspecified SQL Injection

Critical:    Less critical
Where:       From remote
Impact:      Manipulation of data, Privilege escalation
Released:    2008-09-18

A vulnerability has been reported in the Mailhandler module for Drupal,
which can be exploited by malicious users to conduct SQL injection
attacks.

Full Advisory:
http://secunia.com/advisories/31877/ 

 --

[SA31859] NooMS Two Cross-Site Scripting Vulnerabilities

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2008-09-16

Khashayar Fereidani has discovered two vulnerabilities in NooMS, which
can be exploited by malicious people to conduct cross-site scripting
attacks.

Full Advisory:
http://secunia.com/advisories/31859/ 

 --

[SA31858] Gallery Flash Animation Script Insertion Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2008-09-18

A vulnerability has been reported in Gallery, which can be exploited by
malicious users to conduct script insertion attacks.

Full Advisory:
http://secunia.com/advisories/31858/ 

 --

[SA31899] FFmpeg libavformat gifdec.c GIF Processing Denial of Service

Critical:    Not critical
Where:       From remote
Impact:      DoS
Released:    2008-09-18

A vulnerability has been reported in FFmpeg, which potentially can be
exploited by malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/31899/ 



=======================================================================
Secunia recommends that you verify all advisories you receive,
by clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only use
those supplied by the vendor.

Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/ 

Subscribe:
http://secunia.com/advisories/weekly_summary/ 

Contact details:
Web	: http://secunia.com/ 
E-mail	: support@secunia.com 
Tel	: +45 70 20 51 44
Fax	: +45 70 20 51 45


__________________________________________________      
Register now for HITBSecConf2008 - Malaysia! With 
a new triple-track conference featuring 4 keynote 
speakers and over 35 international experts, this 
is the largest network security event in Asia and 
the Middle East! 
http://conference.hackinthebox.org/hitbsecconf2008kl/ 

Site design & layout copyright © 1986-2014 CodeGods