AOH :: IS1170.HTM

Secunia Weekly Summary - Issue: 2008-39




Secunia Weekly Summary - Issue: 2008-39
Secunia Weekly Summary - Issue: 2008-39



=======================================================================
                  The Secunia Weekly Advisory Summary                  
                        2008-09-18 - 2008-09-25                        

                       This week: 65 advisories                        

=======================================================================Table of Contents:

1.....................................................Word From Secunia
2....................................................This Week In Brief
3...............................This Weeks Top Ten Most Read Advisories
4.......................................Vulnerabilities Summary Listing
5.......................................Vulnerabilities Content Listing

=======================================================================1) Word From Secunia:

BLOG: A new face - The same reliable intelligence

6 years ago the first user visited Secunia...

Now we have more than 5 million annual visitors and 70,000 daily users
of the Software Inspector solutions.

Read more:
http://secunia.com/blog/26/ 

Visit our new website:
http://secunia.com/ 

=======================================================================2) This Week in Brief:

Some vulnerabilities have been reported in Mozilla Firefox, which can
be exploited by malicious people to bypass certain security
restrictions, to disclose sensitive information, or to potentially
compromise a user's system.

For more information, refer to:
http://secunia.com/advisories/32011/ 

 --

Some vulnerabilities have been reported in Cisco IOS, which can be
exploited by malicious people to disclose sensitive information, cause
a DoS (Denial of Service), or to compromise a vulnerable system.

For more information, refer to:
http://secunia.com/advisories/31990/ 

 --

Some vulnerabilities have been reported in Symantec Veritas NetBackup,
which can be exploited by malicious users to bypass certain security
restrictions and by malicious people to overwrite arbitrary files or
compromise a vulnerable system.

For more information, refer to:
http://secunia.com/advisories/32026/ 

=======================================================================3) This Weeks Top Ten Most Read Advisories:

1.  [SA32011] Mozilla Firefox 3 Multiple Vulnerabilities
2.  [SA31010] Sun Java JDK / JRE Multiple Vulnerabilities
3.  [SA31924] ISC BIND for Windows UDP Client Handler Denial of Service
4.  [SA31919] Sun Solaris ACL for UFS File Systems Local Denial of
              Service
5.  [SA20153] Microsoft Word Malformed Object Pointer Vulnerability
6.  [SA31911] Xerox ESS/Network Controller Samba Vulnerability
7.  [SA31941] G DATA Products GDTdiIcpt.sys Privilege Escalation
              Vulnerability
8.  [SA31794] Attachmax Multiple Vulnerabilities
9.  [SA31929] Astaro update for ClamAV
10. [SA31830] H-Sphere webshell4 "login.php" Cross-Site Scripting

=======================================================================4) Vulnerabilities Summary Listing

Windows:
[SA31950] BurnAware NMSDVDX ActiveX Control Insecure Methods
[SA31949] CDBurnerXP Pro NMSDVDX ActiveX Control Insecure Methods
[SA32026] Symantec Veritas NetBackup Multiple Vulnerabilities
[SA31999] Dataspade Multiple Cross-Site Scripting Vulnerabilities
[SA31983] Vignette VCM Unspecified Security Bypass Vulnerability
[SA31941] G DATA Products GDTdiIcpt.sys Privilege Escalation
Vulnerability

UNIX/Linux:
[SA32018] Mac OS X Java Multiple Vulnerabilities
[SA32012] Ubuntu update for firefox and xulrunner
[SA31987] Red Hat update for firefox
[SA31985] Red Hat update for seamonkey
[SA31982] SUSE Update for Multiple Packages
[SA32034] Fedora update for phpMyAdmin
[SA32006] Faad2 "decodeMP4file()" Buffer Overflow Vulnerability
[SA31995] Gentoo update for newsbeuter
[SA31994] MailWatch for MailScanner "doc" File Inclusion Vulnerability
[SA31972] Gentoo update for mantisbt
[SA31971] Gentoo update for havp
[SA31963] strongSwan IKEv2 Daemon Denial of Service Vulnerability
[SA31960] Debian update for phpmyadmin
[SA31959] Debian update for horde3
[SA31942] VMware ESX / ESXi openwsman HTTP Basic Authentication Buffer
Overflow
[SA31991] Gentoo update for bitlbee
[SA31964] Debian update for twiki
[SA31961] Debian update for python-django
[SA32002] HP-UX rpcbind Denial of Service Vulnerability
[SA31996] Gentoo update for R
[SA31970] Aegis "aegis.cgi" Insecure Temporary Files
[SA32037] Fedora update for initscripts
[SA32023] Red Hat update for kernel
[SA31986] Gentoo update for postfix

Other:
[SA32013] Cisco Unified Communications Manager SIP Denial of Service
Vulnerabilities
[SA31990] Cisco IOS Multiple Vulnerabilities

Cross Platform:
[SA32011] Mozilla Firefox 3 Multiple Vulnerabilities
[SA32010] Mozilla SeaMonkey Multiple Vulnerabilities
[SA32007] Mozilla Thunderbird Multiple Vulnerabilities
[SA31984] Mozilla Firefox 2 Multiple Vulnerabilities
[SA31978] Advanced Electron Forum PHP Code Execution Vulnerabilities
[SA31951] Chilkat XML ActiveX Component Insecure Methods
[SA31947] Basebuilder "mj_config[src_path]" File Inclusion
Vulnerability
[SA32000] InterTech WCMS "id" SQL Injection Vulnerability
[SA31993] PHPcounter "l" Local File Inclusion Vulnerability
[SA31981] PHP Pro Bid Multiple SQL Injection Vulnerabilities
[SA31979] web-cp "filelocation" File Disclosure Vulnerability
[SA31975] Arcadem "articlecat" SQL Injection Vulnerability
[SA31967] BlueCUBE "id" SQL Injection Vulnerability
[SA31965] ClanSphere Unspecified Information Disclosure
Vulnerabilities
[SA31957] easyLink "cat" SQL Injection Vulnerability
[SA31956] Barcode Generator "code" File Inclusion Vulnerability
[SA31954] MyFWB "page" SQL Injection Vulnerability
[SA31953] OpenElec "obj" File Inclusion Vulnerability
[SA31952] Plaincart "p" SQL Injection Vulnerability
[SA31945] 6rbScript SQL Injection and Local File Disclosure
[SA31940] NetArt Media Real Estate Portal "ad" SQL Injection
Vulnerability
[SA32022] Drupal Simplenews Module Newsletter Categories Script
Insertion
[SA32015] Drupal Brilliant Gallery Module "bgchecklist/save" SQL
Injection
[SA32014] bitweaver Multiple Cross-Site Scripting Vulnerabilities
[SA32009] Drupal Ajax Checklist Module SQL Injection and Script
Insertion
[SA31998] DataLife Engine "admin.php" Cross-Site Scripting
Vulnerability
[SA31992] TYPO3 phpMyAdmin Extension Cross-Site Scripting
Vulnerability
[SA31980] fuzzylime (cms) "user" Cross-Site Scripting Vulnerability
[SA31974] phpMyAdmin Cross-Site Scripting Vulnerability
[SA31973] Achievo "atkaction" Cross-Site Scripting Vulnerability
[SA31968] BluePage CMS Multiple Cross-Site Scripting Vulnerabilities
[SA31948] phpShop Session Fixation Vulnerability
[SA31946] TYPO3 sr_freecap Extension Unspecified Cross-Site Scripting
Vulnerability

=======================================================================5) Vulnerabilities Content Listing

Windows:--

[SA31950] BurnAware NMSDVDX ActiveX Control Insecure Methods

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2008-09-24

A vulnerability has been reported in BurnAware, which can be exploited
by malicious people to potentially compromise a user's system.

Full Advisory:
http://secunia.com/advisories/31950/ 

 --

[SA31949] CDBurnerXP Pro NMSDVDX ActiveX Control Insecure Methods

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2008-09-23

bruiser has reported a vulnerability in CDBurnerXP, which can be
exploited by malicious people to potentially compromise a user's
system.

Full Advisory:
http://secunia.com/advisories/31949/ 

 --

[SA32026] Symantec Veritas NetBackup Multiple Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass, Manipulation of data, System access
Released:    2008-09-25

Some vulnerabilities have been reported in Symantec Veritas NetBackup,
which can be exploited by malicious users to bypass certain security
restrictions and by malicious people to overwrite arbitrary files or
compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/32026/ 

 --

[SA31999] Dataspade Multiple Cross-Site Scripting Vulnerabilities

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2008-09-23

r0t has reported some vulnerabilities in Dataspade, which can be
exploited by malicious people to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/31999/ 

 --

[SA31983] Vignette VCM Unspecified Security Bypass Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Security Bypass
Released:    2008-09-23

A vulnerability has been reported in Vignette, which can be exploited
by malicious users to bypass certain security restrictions.

Full Advisory:
http://secunia.com/advisories/31983/ 

 --

[SA31941] G DATA Products GDTdiIcpt.sys Privilege Escalation
Vulnerability

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2008-09-19

Tobias Klein has reported a vulnerability in various G DATA products,
which can be exploited by malicious, local users to gain escalated
privileges.

Full Advisory:
http://secunia.com/advisories/31941/ 


UNIX/Linux:--

[SA32018] Mac OS X Java Multiple Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      Security Bypass, Exposure of system information, Exposure
of sensitive information, DoS, System access
Released:    2008-09-25

Some vulnerabilities have been reported and acknowledged in Java for
Mac OS X, which can be exploited by malicious people to cause a DoS
(Denial of Service), to bypass certain security restrictions, disclose
system information or potentially sensitive information, or to
compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/32018/ 

 --

[SA32012] Ubuntu update for firefox and xulrunner

Critical:    Highly critical
Where:       From remote
Impact:      Security Bypass, Exposure of system information, Exposure
of sensitive information, DoS, System access
Released:    2008-09-24

Ubuntu has issued an update for firefox, firefox-3.0, and
xulrunner-1.9. This fixes some vulnerabilities, which can be exploited
by malicious people to bypass certain security restrictions, to
disclose sensitive information, or to potentially compromise a user's
system.

Full Advisory:
http://secunia.com/advisories/32012/ 

 --

[SA31987] Red Hat update for firefox

Critical:    Highly critical
Where:       From remote
Impact:      Security Bypass, Exposure of system information, Exposure
of sensitive information, DoS, System access
Released:    2008-09-24

Red Hat has issued an update for firefox. This fixes some
vulnerabilities, which can be exploited by malicious people to bypass
certain security restrictions, to disclose sensitive information, or to
potentially compromise a user's system.

Full Advisory:
http://secunia.com/advisories/31987/ 

 --

[SA31985] Red Hat update for seamonkey

Critical:    Highly critical
Where:       From remote
Impact:      Security Bypass, Exposure of system information, Exposure
of sensitive information, DoS, System access
Released:    2008-09-24

Red Hat has issued an update for seamonkey. This fixes some
vulnerabilities, which can be exploited by malicious people to bypass
certain security restrictions, to disclose sensitive information, or to
potentially compromise a user's system.

Full Advisory:
http://secunia.com/advisories/31985/ 

 --

[SA31982] SUSE Update for Multiple Packages

Critical:    Highly critical
Where:       From remote
Impact:      Security Bypass, Cross Site Scripting, Exposure of system
information, Exposure of sensitive information, DoS, System access
Released:    2008-09-22

SUSE has issued an update for multiple packages. This fixes some
vulnerabilities, which can be exploited by malicious, local users to
cause a DoS (Denial of Service), and by malicious people to cause a DoS
(Denial of Service), conduct cross-site scripting attacks, bypass
certain security restrictions, disclose sensitive information, or to
potentially compromise a user's system.

Full Advisory:
http://secunia.com/advisories/31982/ 

 --

[SA32034] Fedora update for phpMyAdmin

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting, System access
Released:    2008-09-25

Fedora has issued an update for phpMyAdmin. This fixes some
vulnerabilities, which can be exploited by malicious people to conduct
cross-site scripting attacks and by malicious users to compromise a
vulnerable system.

Full Advisory:
http://secunia.com/advisories/32034/ 

 --

[SA32006] Faad2 "decodeMP4file()" Buffer Overflow Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2008-09-24

A vulnerability has been reported in Faad2, which potentially can be
exploited by malicious people to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/32006/ 

 --

[SA31995] Gentoo update for newsbeuter

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2008-09-23

Gentoo has issued an update for newsbeuter. This fixes a vulnerability,
which can be exploited by malicious people to compromise a user's
system.

Full Advisory:
http://secunia.com/advisories/31995/ 

 --

[SA31994] MailWatch for MailScanner "doc" File Inclusion Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Exposure of system information, Exposure of sensitive
information
Released:    2008-09-25

dun has discovered a vulnerability in MailWatch for MailScanner, which
can be exploited by malicious people to disclose sensitive
information.

Full Advisory:
http://secunia.com/advisories/31994/ 

 --

[SA31972] Gentoo update for mantisbt

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting, System access
Released:    2008-09-22

Gentoo has issued an update for mantisbt. This fixes some
vulnerabilities, which can be exploited by malicious users to
compromise a vulnerable system and malicious people to conduct
cross-site scripting and cross-site request forgery attacks.

Full Advisory:
http://secunia.com/advisories/31972/ 

 --

[SA31971] Gentoo update for havp

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2008-09-22

Gentoo has issued an update for havp. This fixes a vulnerability, which
can be exploited by malicious people to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/31971/ 

 --

[SA31963] strongSwan IKEv2 Daemon Denial of Service Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2008-09-22

A vulnerability has been reported in strongSwan, which can be exploited
by malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/31963/ 

 --

[SA31960] Debian update for phpmyadmin

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting, Spoofing, System access
Released:    2008-09-22

Debian has issued an update for phpmyadmin. This fixes some
vulnerabilities, which can be exploited by malicious, local users to
conduct cross-site scripting attacks, by malicious users to compromise
a vulnerable system, and by malicious people to conduct spoofing and
cross-site request forgery attacks.

Full Advisory:
http://secunia.com/advisories/31960/ 

 --

[SA31959] Debian update for horde3

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2008-09-22

Debian has issued an update for horde3. This fixes a vulnerability,
which can be exploited by malicious people to conduct script insertion
attacks.

Full Advisory:
http://secunia.com/advisories/31959/ 

 --

[SA31942] VMware ESX / ESXi openwsman HTTP Basic Authentication Buffer
Overflow

Critical:    Moderately critical
Where:       From local network
Impact:      DoS, System access
Released:    2008-09-19

VMware has issued an update for openwsman. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service) or potentially to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/31942/ 

 --

[SA31991] Gentoo update for bitlbee

Critical:    Less critical
Where:       From remote
Impact:      Hijacking, Security Bypass
Released:    2008-09-24

Gentoo has issued an update for bitlbee. This fixes some security
issues, which can be exploited by malicious people to bypass certain
security restrictions and hijack accounts.

Full Advisory:
http://secunia.com/advisories/31991/ 

 --

[SA31964] Debian update for twiki

Critical:    Less critical
Where:       From remote
Impact:      Exposure of system information, Exposure of sensitive
information, System access
Released:    2008-09-22

Debian has issued an update for twiki. This fixes a security issue,
which can be exploited by malicious people to disclose sensitive
information or to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/31964/ 

 --

[SA31961] Debian update for python-django

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting, Manipulation of data, DoS
Released:    2008-09-22

Debian has issued an update for python-django. This fixes some
vulnerabilities, which can be exploited by malicious people to conduct
cross-site request forgery attacks or to potentially cause a DoS
(Denial of Service).

Full Advisory:
http://secunia.com/advisories/31961/ 

 --

[SA32002] HP-UX rpcbind Denial of Service Vulnerability

Critical:    Less critical
Where:       From local network
Impact:      DoS
Released:    2008-09-23

A vulnerability has been reported in HP-UX, which can be exploited by
malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/32002/ 

 --

[SA31996] Gentoo update for R

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2008-09-23

Gentoo has issued an update for R. This fixes a vulnerability, which
can be exploited by malicious, local users to perform certain actions
with escalated privileges.

Full Advisory:
http://secunia.com/advisories/31996/ 

 --

[SA31970] Aegis "aegis.cgi" Insecure Temporary Files

Critical:    Not critical
Where:       From remote
Impact:      Privilege escalation
Released:    2008-09-25

A security issue has been reported in Aegis, which can be exploited by
malicious, local users to perform certain actions with escalated
privileges.

Full Advisory:
http://secunia.com/advisories/31970/ 

 --

[SA32037] Fedora update for initscripts

Critical:    Not critical
Where:       Local system
Impact:      Privilege escalation
Released:    2008-09-25

Fedora has issued an update for initscripts. This fixes a security
issue, which can be exploited by malicious, local users to perform
certain actions with escalated privileges.

Full Advisory:
http://secunia.com/advisories/32037/ 

 --

[SA32023] Red Hat update for kernel

Critical:    Not critical
Where:       Local system
Impact:      Security Bypass, Exposure of sensitive information, DoS
Released:    2008-09-25

Red Hat has issued an update for the kernel. This fixes some
vulnerabilities, which can be exploited by malicious, local users to
bypass certain security restrictions, to disclose potentially sensitive
information, or to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/32023/ 

 --

[SA31986] Gentoo update for postfix

Critical:    Not critical
Where:       Local system
Impact:      DoS
Released:    2008-09-22

Gentoo has issued an update for postfix. This fixes a vulnerability,
which can be exploited by malicious, local users to cause a DoS (Denial
of Service).

Full Advisory:
http://secunia.com/advisories/31986/ 


Other:--

[SA32013] Cisco Unified Communications Manager SIP Denial of Service
Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2008-09-25

Some vulnerabilities have been reported in Cisco Unified Communications
Manager, which can be exploited by malicious people to cause a DoS
(Denial of Service).

Full Advisory:
http://secunia.com/advisories/32013/ 

 --

[SA31990] Cisco IOS Multiple Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Exposure of sensitive information, DoS, System access
Released:    2008-09-25

Some vulnerabilities have been reported in Cisco IOS, which can be
exploited by malicious people to disclose sensitive information, cause
a DoS (Denial of Service), or to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/31990/ 


Cross Platform:--

[SA32011] Mozilla Firefox 3 Multiple Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      Security Bypass, Exposure of system information, Exposure
of sensitive information, DoS, System access
Released:    2008-09-24

Some vulnerabilities have been reported in Mozilla Firefox, which can
be exploited by malicious people to bypass certain security
restrictions, to disclose sensitive information, or to potentially
compromise a user's system.

Full Advisory:
http://secunia.com/advisories/32011/ 

 --

[SA32010] Mozilla SeaMonkey Multiple Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      Security Bypass, Exposure of system information, Exposure
of sensitive information, DoS, System access
Released:    2008-09-24

Some vulnerabilities have been reported in Mozilla SeaMonkey, which can
be exploited by malicious people to bypass certain security
restrictions, to disclose sensitive information, or to potentially
compromise a user's system.

Full Advisory:
http://secunia.com/advisories/32010/ 

 --

[SA32007] Mozilla Thunderbird Multiple Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      Security Bypass, Exposure of system information, Exposure
of sensitive information, DoS, System access
Released:    2008-09-24

Some vulnerabilities have been reported in Mozilla Thunderbird, which
can be exploited by malicious people to bypass certain security
restrictions, to disclose sensitive information, or to potentially
compromise a user's system.

Full Advisory:
http://secunia.com/advisories/32007/ 

 --

[SA31984] Mozilla Firefox 2 Multiple Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      Security Bypass, Exposure of system information, Exposure
of sensitive information, DoS, System access
Released:    2008-09-24

Some vulnerabilities have been reported in Mozilla Firefox, which can
be exploited by malicious people to bypass certain security
restrictions, to disclose sensitive information, or to potentially
compromise a user's system.

Full Advisory:
http://secunia.com/advisories/31984/ 

 --

[SA31978] Advanced Electron Forum PHP Code Execution Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2008-09-22

James Bercegay has discovered some vulnerabilities in Advanced Electron
Forum (AEF), which can be exploited by malicious people to compromise a
vulnerable system.

Full Advisory:
http://secunia.com/advisories/31978/ 

 --

[SA31951] Chilkat XML ActiveX Component Insecure Methods

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2008-09-23

shinnai has discovered some vulnerabilities in Chilkat XML ActiveX
Component, which can be exploited by malicious people to compromise a
user's system.

Full Advisory:
http://secunia.com/advisories/31951/ 

 --

[SA31947] Basebuilder "mj_config[src_path]" File Inclusion
Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      Exposure of system information, Exposure of sensitive
information, System access
Released:    2008-09-24

dun has discovered a vulnerability in Basebuilder, which can be
exploited by malicious people to disclose sensitive information or to
compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/31947/ 

 --

[SA32000] InterTech WCMS "id" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2008-09-24

GeNiUs IrAQI has reported a vulnerability in InterTech WCMS, which can
be exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/32000/ 

 --

[SA31993] PHPcounter "l" Local File Inclusion Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Exposure of system information, Exposure of sensitive
information
Released:    2008-09-25

dun has discovered a vulnerability in PHPcounter, which can be
exploited by malicious people to disclose sensitive information.

Full Advisory:
http://secunia.com/advisories/31993/ 

 --

[SA31981] PHP Pro Bid Multiple SQL Injection Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data, Exposure of sensitive information
Released:    2008-09-23

Jan van Niekerk has reported some vulnerabilities in PHP Pro Bid, which
can be exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/31981/ 

 --

[SA31979] web-cp "filelocation" File Disclosure Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Exposure of system information, Exposure of sensitive
information
Released:    2008-09-25

GoLd_M has discovered a vulnerability in web-cp, which can be exploited
by malicious people to disclose sensitive information.

Full Advisory:
http://secunia.com/advisories/31979/ 

 --

[SA31975] Arcadem "articlecat" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2008-09-23

A vulnerability has been reported in Arcadem, which can be exploited by
malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/31975/ 

 --

[SA31967] BlueCUBE "id" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data, Exposure of sensitive information
Released:    2008-09-23

r45c4l has reported a vulnerability is BlueCUBE CMS, which can be
exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/31967/ 

 --

[SA31965] ClanSphere Unspecified Information Disclosure
Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Exposure of sensitive information
Released:    2008-09-22

Some vulnerabilities have been reported in ClanSphere, which can be
exploited by malicious people to disclose sensitive information.

Full Advisory:
http://secunia.com/advisories/31965/ 

 --

[SA31957] easyLink "cat" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2008-09-22

Egypt Coder has reported a vulnerability in easyLink, which can be
exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/31957/ 

 --

[SA31956] Barcode Generator "code" File Inclusion Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Exposure of system information, Exposure of sensitive
information
Released:    2008-09-25

dun has discovered a vulnerability in Barcode Generator, which can be
exploited by malicious people to disclose sensitive information.

Full Advisory:
http://secunia.com/advisories/31956/ 

 --

[SA31954] MyFWB "page" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data, Exposure of sensitive information
Released:    2008-09-22

0x90 has reported a vulnerability in MyFWB, which can be exploited by
malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/31954/ 

 --

[SA31953] OpenElec "obj" File Inclusion Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Exposure of system information, Exposure of sensitive
information
Released:    2008-09-25

dun has reported a vulnerability in OpenElec, which can be exploited by
malicious people to disclose sensitive information.

Full Advisory:
http://secunia.com/advisories/31953/ 

 --

[SA31952] Plaincart "p" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data, Exposure of sensitive information
Released:    2008-09-23

r45c4l has discovered a vulnerability in Plaincart, which can be
exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/31952/ 

 --

[SA31945] 6rbScript SQL Injection and Local File Disclosure

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data, Exposure of system information,
Exposure of sensitive information
Released:    2008-09-24

Two vulnerabilities have been reported in 6rbScript, which can be
exploited by malicious people to disclose sensitive information or to
conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/31945/ 

 --

[SA31940] NetArt Media Real Estate Portal "ad" SQL Injection
Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data, Exposure of sensitive information
Released:    2008-09-22

!R4Q!4N H4CK3R has reported a vulnerability in NetArt Media Real Estate
Portal, which can be exploited by malicious people to conduct SQL
injection attacks.

Full Advisory:
http://secunia.com/advisories/31940/ 

 --

[SA32022] Drupal Simplenews Module Newsletter Categories Script
Insertion

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2008-09-25

A vulnerability has been reported in the Simplenews module for Drupal,
which can be exploited by malicious users to conduct script insertion
attacks.

Full Advisory:
http://secunia.com/advisories/32022/ 

 --

[SA32015] Drupal Brilliant Gallery Module "bgchecklist/save" SQL
Injection

Critical:    Less critical
Where:       From remote
Impact:      Manipulation of data, Exposure of sensitive information
Released:    2008-09-25

Justin C. Klein Keane has reported a vulnerability in the Brilliant
Gallery module for Drupal, which can be exploited by malicious users to
conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/32015/ 

 --

[SA32014] bitweaver Multiple Cross-Site Scripting Vulnerabilities

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2008-09-25

Michael Schratt has discovered some vulnerabilities in bitweaver, which
can be exploited by malicious people to conduct cross-site scripting
attacks.

Full Advisory:
http://secunia.com/advisories/32014/ 

 --

[SA32009] Drupal Ajax Checklist Module SQL Injection and Script
Insertion

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting, Manipulation of data, Exposure of
sensitive information
Released:    2008-09-25

Two vulnerabilities have been reported in the Ajax Checklist module for
Drupal, which can be exploited by malicious users to conduct script
insertion and SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/32009/ 

 --

[SA31998] DataLife Engine "admin.php" Cross-Site Scripting
Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2008-09-24

A vulnerability has been reported in DataLife Engine, which can be
exploited by malicious people to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/31998/ 

 --

[SA31992] TYPO3 phpMyAdmin Extension Cross-Site Scripting
Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2008-09-24

A vulnerability has been reported in the phpMyAdmin extension for
TYPO3, which can be exploited by malicious people to conduct cross-site
scripting attacks.

Full Advisory:
http://secunia.com/advisories/31992/ 

 --

[SA31980] fuzzylime (cms) "user" Cross-Site Scripting Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2008-09-23

Fabian Fingerle has reported a vulnerability in Fuzzylime CMS, which
can be exploited by malicious people to conduct cross-site scripting
attacks.

Full Advisory:
http://secunia.com/advisories/31980/ 

 --

[SA31974] phpMyAdmin Cross-Site Scripting Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2008-09-23

A vulnerability has been reported in phpMyAdmin, which can be exploited
by malicious people to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/31974/ 

 --

[SA31973] Achievo "atkaction" Cross-Site Scripting Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2008-09-23

A vulnerability has been discovered in Achievo, which can be exploited
by malicious people to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/31973/ 

 --

[SA31968] BluePage CMS Multiple Cross-Site Scripting Vulnerabilities

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2008-09-25

David Vieira-Kurz has reported some vulnerabilities in BluePage CMS,
which can be exploited by malicious people to conduct cross-site
scripting attacks.

Full Advisory:
http://secunia.com/advisories/31968/ 

 --

[SA31948] phpShop Session Fixation Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Hijacking
Released:    2008-09-19

Michael Schratt has discovered a vulnerability in phpShop, which can be
exploited by malicious people to conduct session fixation attacks.

Full Advisory:
http://secunia.com/advisories/31948/ 

 --

[SA31946] TYPO3 sr_freecap Extension Unspecified Cross-Site Scripting
Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2008-09-24

A vulnerability has been reported in the freeCap CAPTCHA (sr_freecap)
extension for TYPO3, which can be exploited by malicious people to
conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/31946/ 



=======================================================================
Secunia recommends that you verify all advisories you receive,
by clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only use
those supplied by the vendor.

Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/ 

Subscribe:
http://secunia.com/advisories/weekly_summary/ 

Contact details:
Web	: http://secunia.com/ 
E-mail	: support@secunia.com 
Tel	: +45 70 20 51 44
Fax	: +45 70 20 51 45


__________________________________________________      
Register now for HITBSecConf2008 - Malaysia! With 
a new triple-track conference featuring 4 keynote 
speakers and over 35 international experts, this 
is the largest network security event in Asia and 
the Middle East! 
http://conference.hackinthebox.org/hitbsecconf2008kl/ 

Site design & layout copyright © 1986-2014 CodeGods