AOH :: IS1200.HTM

Secunia Weekly Summary - Issue: 2008-40




Secunia Weekly Summary - Issue: 2008-40
Secunia Weekly Summary - Issue: 2008-40



=======================================================================
                  The Secunia Weekly Advisory Summary                  
                        2008-09-25 - 2008-10-02                        

                       This week: 58 advisories                        

=======================================================================Table of Contents:

1.....................................................Word From Secunia
2....................................................This Week In Brief
3...............................This Weeks Top Ten Most Read Advisories
4.......................................Vulnerabilities Summary Listing
5.......................................Vulnerabilities Content Listing

=======================================================================1) Word From Secunia:

BLOG: A new face - The same reliable intelligence

6 years ago the first user visited Secunia...

Now we have more than 5 million annual visitors and 70,000 daily users
of the Software Inspector solutions.

Read more:
http://secunia.com/blog/26/ 

Visit our new website:
http://secunia.com/ 

=======================================================================2) This Week in Brief:

Some vulnerabilities have been reported in MPlayer, which potentially
can be exploited by malicious people to compromise a user's system.

For more information, refer to:
http://secunia.com/advisories/32045/ 

 --

A vulnerability has been reported in Citrix Presentation Server, which
can be exploited by malicious, local users to gain escalated
privileges.

For more information, refer to:
http://secunia.com/advisories/32017/ 

=======================================================================3) This Weeks Top Ten Most Read Advisories:

1.  [SA32011] Mozilla Firefox 3 Multiple Vulnerabilities
2.  [SA31990] Cisco IOS Multiple Vulnerabilities
3.  [SA13769] Zeroboard Multiple Vulnerabilities
4.  [SA31997] CCProxy HTTP Proxy "CONNECT" Buffer Overflow
              Vulnerability
5.  [SA20153] Microsoft Word Malformed Object Pointer Vulnerability
6.  [SA31976] Vikingboard Local File Inclusion and Username Spoofing
7.  [SA32047] ABB PCU400 X87 Buffer Overflow Vulnerability
8.  [SA32036] Tivoli Netcool/Webtop Security Issue and Information
              Disclosure Vulnerability
9.  [SA31010] Sun Java JDK / JRE Multiple Vulnerabilities
10. [SA32001] Libra File Manager "isadmin" Security Bypass

=======================================================================4) Vulnerabilities Summary Listing

Windows:
[SA32097] Trend Micro OfficeScan Multiple Vulnerabilities
[SA32079] hyBook Guestbook Script "hyBook.mdb" Database Disclosure
Security Issue
[SA32056] ASPapp Knowledge Base "catid" SQL Injection Vulnerability
[SA32055] RealWin INFOTAG/SET_CONTROL Packet Processing Buffer
Overflow
[SA32047] ABB PCU400 X87 Buffer Overflow Vulnerability
[SA32062] MailMarshal SQM Component Script Insertion Vulnerability
[SA32061] HP Insight Diagnostics Unspecified File Disclosure
Vulnerability
[SA32040] Mozilla Firefox "keypress" User Interface Event Dispatching
Weakness

UNIX/Linux:
[SA32099] SUSE Update for Multiple Packages
[SA32096] Fedora update for firefox
[SA32095] Fedora update for firefox and xulrunner
[SA32092] Red Hat update for thunderbird
[SA32089] Fedora update for seamonkey
[SA32082] Slackware update for mozilla-thunderbird
[SA32044] Slackware update for seamonkey
[SA32042] Slackware update for mozilla-firefox
[SA32091] Red Hat update for wireshark
[SA32090] Fedora update for rubygems / rubygem packages
[SA32080] Ubuntu update for openssh-server
[SA32107] SUSE update for kernel
[SA32104] SUSE update for kernel
[SA32103] SUSE update for kernel
[SA32070] OpenBSD ftpd Long Command Processing Vulnerability
[SA32068] NetBSD ftpd Long Command Processing Vulnerability
[SA32059] Ubuntu update for nasm
[SA32112] FreeBSD IPv6 Neighbor Discovery Protocol Neighbor
Solicitation Vulnerability
[SA32088] Red Hat update for xen
[SA32063] Xen DomU HVM Disk Format Security Bypass
[SA32110] Ubuntu update for openssh-server
[SA32071] Fedora update for emacspeak
[SA32064] Xen XenStore Domain Backend Configuration Weakness

Other:
[SA32078] Juniper NetScreen ScreenOS Script Insertion Vulnerability
[SA32117] Force10 FTOS Routers IPv6 Neighbor Discovery Protocol
Vulnerability

Cross Platform:
[SA32083] A4Desk PHP Event Calendar Multiple Vulnerabilities
[SA32057] The Gemini Portal File Inclusion and Security Bypass
[SA32045] MPlayer "demux_real_fill_buffer()" Buffer Overflow
Vulnerabilities
[SA32077] Link Trader Script "linkid" SQL Injection Vulnerability
[SA32076] phpscripts Ranking Script "admin" Cookie Security Bypass
[SA32069] lighttpd Duplicate Request Headers Memory Leak Vulnerability
[SA32067] Adult Banner Exchange Website "targetid" SQL Injection
Vulnerability
[SA32065] EC-CUBE Multiple Vulnerabilities
[SA32058] Crux Gallery Security Bypass and File Inclusion
Vulnerabilities
[SA32054] vBulletin VBGooglemap Module "mapid" SQL Injection
Vulnerability
[SA32052] FAQ Management Script "catid" SQL Injection Vulnerability
[SA32050] CoAST "sections_file" File Inclusion Vulnerability
[SA32049] Real Estate Manager "cat_id" SQL Injection
[SA32041] EasyRealtorPRO Multiple SQL Injection Vulnerabilities
[SA32108] Xerces-C++ "maxOccurs" Denial of Service Vulnerability
[SA32106] Drupal Brilliant Gallery Module SQL Injection and Script
Insertion
[SA32101] OpenNMS "viewName" Cross-Site Scripting Vulnerability
[SA32087] WikyBlog Multiple Cross-Site Scripting Vulnerabilities
[SA32085] WhoDomLite "dom" Cross-Site Scripting Vulnerability
[SA32081] Celoxis "ni.smessage" Cross-Site Scripting Vulnerability
[SA32074] Blosxom "flav" Cross-Site Scripting Vulnerability
[SA32060] WordPress MU "s" and "ip_address" Cross-Site Scripting
Vulnerabilities
[SA32043] FlatPress Multiple Cross-Site Scripting Vulnerabilities
[SA32039] MyCard "id" SQL Injection Vulnerability
[SA32072] MySQL HTML Output Script Insertion Security Issue

=======================================================================5) Vulnerabilities Content Listing

Windows:--

[SA32097] Trend Micro OfficeScan Multiple Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Exposure of sensitive information, DoS, System access
Released:    2008-10-02

Some vulnerabilities have been reported in Trend Micro OfficeScan,
which can be exploited by malicious people to disclose sensitive
information, cause a DoS (Denial of Service), or compromise a
vulnerable system.

Full Advisory:
http://secunia.com/advisories/32097/ 

 --

[SA32079] hyBook Guestbook Script "hyBook.mdb" Database Disclosure
Security Issue

Critical:    Moderately critical
Where:       From remote
Impact:      Exposure of sensitive information
Released:    2008-09-30

Ghost Hacker has discovered a security issue in hyBook Guestbook
Script, which can be exploited by malicious people to disclose
potentially sensitive information.

Full Advisory:
http://secunia.com/advisories/32079/ 

 --

[SA32056] ASPapp Knowledge Base "catid" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2008-10-01

Crackers_Child has reported a vulnerability in ASPapp Knowledge Base,
which can be exploited by malicious people to conduct SQL injection
attacks.

Full Advisory:
http://secunia.com/advisories/32056/ 

 --

[SA32055] RealWin INFOTAG/SET_CONTROL Packet Processing Buffer
Overflow

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2008-09-29

Ruben Santamarta has discovered a vulnerability in RealWin, which can
be exploited by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/32055/ 

 --

[SA32047] ABB PCU400 X87 Buffer Overflow Vulnerability

Critical:    Moderately critical
Where:       From local network
Impact:      DoS, System access
Released:    2008-09-26

A vulnerability has been reported in ABB PCU400, which can potentially
be exploited by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/32047/ 

 --

[SA32062] MailMarshal SQM Component Script Insertion Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2008-09-30

A vulnerability has been reported in MailMarshal SMTP, which can be
exploited by malicious users to conduct script insertion attacks.

Full Advisory:
http://secunia.com/advisories/32062/ 

 --

[SA32061] HP Insight Diagnostics Unspecified File Disclosure
Vulnerability

Critical:    Less critical
Where:       From local network
Impact:      Exposure of system information, Exposure of sensitive
information
Released:    2008-09-30

A vulnerability has been reported in HP Insight Diagnostics, which can
be exploited by malicious people to disclose sensitive information.

Full Advisory:
http://secunia.com/advisories/32061/ 

 --

[SA32040] Mozilla Firefox "keypress" User Interface Event Dispatching
Weakness

Critical:    Not critical
Where:       From remote
Impact:      DoS
Released:    2008-10-01

Aditya K Sood has discovered a weakness in Mozilla Firefox, which can
be exploited by malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/32040/ 


UNIX/Linux:--

[SA32099] SUSE Update for Multiple Packages

Critical:    Highly critical
Where:       From remote
Impact:      Security Bypass, Exposure of sensitive information,
Privilege escalation, DoS, System access
Released:    2008-09-29

SUSE has issued an update for multiple packages. This fixes some
vulnerabilities, which can be exploited by malicious, local users to
cause a DoS (Denial of Service), disclose potentially sensitive
information, or to gain escalated privileges, and by malicious people
to bypass certain security restrictions, cause a DoS, or to compromise
a user's system.

Full Advisory:
http://secunia.com/advisories/32099/ 

 --

[SA32096] Fedora update for firefox

Critical:    Highly critical
Where:       From remote
Impact:      Security Bypass, Exposure of system information, Exposure
of sensitive information, DoS, System access
Released:    2008-09-29

Fedora has issued an update for firefox. This fixes some
vulnerabilities, which can be exploited by malicious people to bypass
certain security restrictions, to disclose sensitive information, or to
potentially compromise a user's system.

Full Advisory:
http://secunia.com/advisories/32096/ 

 --

[SA32095] Fedora update for firefox and xulrunner

Critical:    Highly critical
Where:       From remote
Impact:      Security Bypass, Exposure of system information, Exposure
of sensitive information, DoS, System access
Released:    2008-09-29

Fedora has issued an update for firefox and xulrunner. This fixes some
vulnerabilities, which can be exploited by malicious people to bypass
certain security restrictions, to disclose sensitive information, or to
potentially compromise a user's system.

Full Advisory:
http://secunia.com/advisories/32095/ 

 --

[SA32092] Red Hat update for thunderbird

Critical:    Highly critical
Where:       From remote
Impact:      Security Bypass, Exposure of system information, Exposure
of sensitive information, DoS, System access
Released:    2008-10-02

Red Hat has issued an update for thunderbird. This fixes some
vulnerabilities, which can be exploited by malicious people to bypass
certain security restrictions, to disclose sensitive information, or to
potentially compromise a user's system.

Full Advisory:
http://secunia.com/advisories/32092/ 

 --

[SA32089] Fedora update for seamonkey

Critical:    Highly critical
Where:       From remote
Impact:      Security Bypass, Exposure of system information, Exposure
of sensitive information, DoS, System access
Released:    2008-09-29

Fedora has issued an update for seamonkey. This fixes some
vulnerabilities, which can be exploited by malicious people to bypass
certain security restrictions, to disclose sensitive information, or to
potentially compromise a user's system.

Full Advisory:
http://secunia.com/advisories/32089/ 

 --

[SA32082] Slackware update for mozilla-thunderbird

Critical:    Highly critical
Where:       From remote
Impact:      Security Bypass, Exposure of system information, Exposure
of sensitive information, DoS, System access
Released:    2008-09-29

Slackware has issued an update for mozilla-thunderbird. This fixes some
vulnerabilities, which can be exploited by malicious people to bypass
certain security restrictions, to disclose sensitive information, or to
potentially compromise a user's system.

Full Advisory:
http://secunia.com/advisories/32082/ 

 --

[SA32044] Slackware update for seamonkey

Critical:    Highly critical
Where:       From remote
Impact:      Security Bypass, Exposure of system information, Exposure
of sensitive information, DoS, System access
Released:    2008-09-26

Slackware has issued an update for seamonkey. This fixes some
vulnerabilities, which can be exploited by malicious people to bypass
certain security restrictions, to disclose sensitive information, or to
potentially compromise a user's system.

Full Advisory:
http://secunia.com/advisories/32044/ 

 --

[SA32042] Slackware update for mozilla-firefox

Critical:    Highly critical
Where:       From remote
Impact:      Security Bypass, Exposure of system information, Exposure
of sensitive information, DoS, System access
Released:    2008-09-26

Slackware has issued an update for mozilla-firefox. This fixes some
vulnerabilities, which can be exploited by malicious people to bypass
certain security restrictions, to disclose sensitive information, or to
potentially compromise a user's system.

Full Advisory:
http://secunia.com/advisories/32042/ 

 --

[SA32091] Red Hat update for wireshark

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2008-10-02

Red Hat has issued an update for wireshark. This fixes some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/32091/ 

 --

[SA32090] Fedora update for rubygems / rubygem packages

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2008-09-29

Fedora has issued an update for rubygems, rubygem-activerecord,
rubygem-activesupport, rubygem-activeresource, rubygem-rails,
rubygem-actionpack, and rubygem-actionmailer. This fixes some
vulnerabilities, which can be exploited by malicious people to conduct
SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/32090/ 

 --

[SA32080] Ubuntu update for openssh-server

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass, DoS
Released:    2008-10-02

Ubuntu has issued an update for openssh-server. This fixes a weakness
and a vulnerability, which can be exploited by malicious local users to
bypass certain security restrictions and by malicious people to cause a
DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/32080/ 

 --

[SA32107] SUSE update for kernel

Critical:    Moderately critical
Where:       From local network
Impact:      Security Bypass, Exposure of sensitive information, DoS
Released:    2008-10-02

SUSE has issued an update for the kernel. This fixes some
vulnerabilities, which can be exploited by malicious, local users to
disclose potentially sensitive information and cause a DoS (Denial of
Service), and by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/32107/ 

 --

[SA32104] SUSE update for kernel

Critical:    Moderately critical
Where:       From local network
Impact:      Exposure of sensitive information, DoS, System access
Released:    2008-10-02

SUSE has issued an update for the kernel. This fixes some
vulnerabilities, which can be exploited by malicious, local users to
disclose potentially sensitive information and cause a DoS (Denial of
Service), and by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/32104/ 

 --

[SA32103] SUSE update for kernel

Critical:    Moderately critical
Where:       From local network
Impact:      DoS
Released:    2008-10-02

SUSE has issued an update for the kernel. This fixes some
vulnerabilities, which can be exploited by malicious, local users to
disclose potentially sensitive information and cause a DoS (Denial of
Service), and malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/32103/ 

 --

[SA32070] OpenBSD ftpd Long Command Processing Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2008-09-29

Maksymilian Arciemowicz has reported a vulnerability in OpenBSD ftpd,
which can be exploited by malicious people to conduct cross-site
request forgery attacks.

Full Advisory:
http://secunia.com/advisories/32070/ 

 --

[SA32068] NetBSD ftpd Long Command Processing Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2008-09-29

Maksymilian Arciemowicz has reported a vulnerability in NetBSD ftpd,
which can be exploited by malicious people to conduct cross-site
request forgery attacks.

Full Advisory:
http://secunia.com/advisories/32068/ 

 --

[SA32059] Ubuntu update for nasm

Critical:    Less critical
Where:       From remote
Impact:      System access
Released:    2008-10-01

Ubuntu has issued an update for nasm. This fixes a vulnerability, which
can be exploited by malicious people to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/32059/ 

 --

[SA32112] FreeBSD IPv6 Neighbor Discovery Protocol Neighbor
Solicitation Vulnerability

Critical:    Less critical
Where:       From local network
Impact:      Spoofing, Exposure of sensitive information, DoS
Released:    2008-10-02

A vulnerability has been reported in FreeBSD, which can be exploited by
malicious people to conduct spoofing attacks, disclose potentially
sensitive information, or to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/32112/ 

 --

[SA32088] Red Hat update for xen

Critical:    Less critical
Where:       Local system
Impact:      Security Bypass, DoS
Released:    2008-10-02

Red Hat has issued an update for xen. This fixes some vulnerabilities,
which can be exploited by malicious, local users to cause a DoS (Denial
of Service) or bypass certain security restrictions.

Full Advisory:
http://secunia.com/advisories/32088/ 

 --

[SA32063] Xen DomU HVM Disk Format Security Bypass

Critical:    Less critical
Where:       Local system
Impact:      Security Bypass
Released:    2008-10-02

A vulnerability has been reported in Xen, which can be exploited by
malicious, local users in a DomU domain to bypass certain security
restrictions.

Full Advisory:
http://secunia.com/advisories/32063/ 

 --

[SA32110] Ubuntu update for openssh-server

Critical:    Not critical
Where:       Local system
Impact:      Security Bypass
Released:    2008-10-02

Ubuntu has issued an update for openssh-server. This fixes a weakness,
which can be exploited by malicious, local users to bypass certain
security restrictions.

Full Advisory:
http://secunia.com/advisories/32110/ 

 --

[SA32071] Fedora update for emacspeak

Critical:    Not critical
Where:       Local system
Impact:      Privilege escalation
Released:    2008-10-01

Fedora has issued an update for emacspeak. This fixes some security
issues, which can be exploited by malicious, local users to perform
certain actions with escalated privileges.

Full Advisory:
http://secunia.com/advisories/32071/ 

 --

[SA32064] Xen XenStore Domain Backend Configuration Weakness

Critical:    Not critical
Where:       Local system
Impact:      Security Bypass
Released:    2008-10-01

A weakness has been reported in Xen, which can be exploited by
malicious, local users in a Xen DomU to bypass certain security
restrictions.

Full Advisory:
http://secunia.com/advisories/32064/ 


Other:--

[SA32078] Juniper NetScreen ScreenOS Script Insertion Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2008-10-02

A vulnerability has been reported in Juniper NetScreen ScreenOS, which
can be exploited by malicious people to conduct script insertion
attacks.

Full Advisory:
http://secunia.com/advisories/32078/ 

 --

[SA32117] Force10 FTOS Routers IPv6 Neighbor Discovery Protocol
Vulnerability

Critical:    Less critical
Where:       From local network
Impact:      Spoofing, Exposure of sensitive information, DoS
Released:    2008-10-02

A vulnerability has been reported in Force10 FTOS Routers, which can be
exploited by malicious people to conduct spoofing attacks, disclose
potentially sensitive information, or to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/32117/ 


Cross Platform:--

[SA32083] A4Desk PHP Event Calendar Multiple Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2008-10-01

Some vulnerabilities have been reported in A4Desk PHP Event Calendar,
which can be exploited by malicious people to conduct SQL injection
attacks or compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/32083/ 

 --

[SA32057] The Gemini Portal File Inclusion and Security Bypass

Critical:    Highly critical
Where:       From remote
Impact:      Security Bypass, Exposure of system information, Exposure
of sensitive information, System access
Released:    2008-09-30

Two vulnerabilities have been discovered in The Gemini Portal, which
can be exploited by malicious people to disclose sensitive information,
bypass certain security restrictions, and compromise a vulnerable
system.

Full Advisory:
http://secunia.com/advisories/32057/ 

 --

[SA32045] MPlayer "demux_real_fill_buffer()" Buffer Overflow
Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2008-09-30

Some vulnerabilities have been reported in MPlayer, which potentially
can be exploited by malicious people to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/32045/ 

 --

[SA32077] Link Trader Script "linkid" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data, Exposure of sensitive information
Released:    2008-10-02

Hussin X has reported a vulnerability in Link Trader Script, which can
be exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/32077/ 

 --

[SA32076] phpscripts Ranking Script "admin" Cookie Security Bypass

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass
Released:    2008-10-02

Crackers_Child has reported a vulnerability in phpscripts Ranking
Script, which can be exploited by malicious people to bypass certain
security restrictions.

Full Advisory:
http://secunia.com/advisories/32076/ 

 --

[SA32069] lighttpd Duplicate Request Headers Memory Leak Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2008-09-29

A vulnerability has been reported in lighttpd, which can be exploited
by malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/32069/ 

 --

[SA32067] Adult Banner Exchange Website "targetid" SQL Injection
Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2008-10-01

Hussin X has reported a vulnerability in Adult Banner Exchange Website,
which can be exploited by malicious people to conduct SQL injection
attacks.

Full Advisory:
http://secunia.com/advisories/32067/ 

 --

[SA32065] EC-CUBE Multiple Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting, Manipulation of data, Exposure of
sensitive information
Released:    2008-10-01

Multiple vulnerabilities have been reported in EC-CUBE, which can be
exploited by malicious people to conduct cross-site scripting and SQL
injection attacks.

Full Advisory:
http://secunia.com/advisories/32065/ 

 --

[SA32058] Crux Gallery Security Bypass and File Inclusion
Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass, Exposure of sensitive information
Released:    2008-09-30

Pepelux has discovered some vulnerabilities in Crux Gallery, which can
be exploited by malicious people to bypass certain security
restrictions and disclose sensitive information.

Full Advisory:
http://secunia.com/advisories/32058/ 

 --

[SA32054] vBulletin VBGooglemap Module "mapid" SQL Injection
Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2008-09-29

elusiven has reported a vulnerability in the VBGooglemap module for
vBulletin, which can be exploited by malicious people to conduct SQL
injection attacks.

Full Advisory:
http://secunia.com/advisories/32054/ 

 --

[SA32052] FAQ Management Script "catid" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data, Exposure of sensitive information
Released:    2008-10-01

Hussin X has reported a vulnerability in FAQ Management Script, which
can be exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/32052/ 

 --

[SA32050] CoAST "sections_file" File Inclusion Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2008-09-29

DaRkLiFe has reported a vulnerability in CoAST, which can be exploited
by malicious users to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/32050/ 

 --

[SA32049] Real Estate Manager "cat_id" SQL Injection

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data, Exposure of sensitive information
Released:    2008-09-30

CraCkEr has reported a vulnerability in Real Estate Manager, which can
be exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/32049/ 

 --

[SA32041] EasyRealtorPRO Multiple SQL Injection Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data, Exposure of sensitive information
Released:    2008-09-26

David Sopas has reported some vulnerabilities in EasyRealtorPRO, which
can be exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/32041/ 

 --

[SA32108] Xerces-C++ "maxOccurs" Denial of Service Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      DoS
Released:    2008-10-02

A vulnerability has been reported in Xerces-C++, which can be exploited
by malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/32108/ 

 --

[SA32106] Drupal Brilliant Gallery Module SQL Injection and Script
Insertion

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting, Manipulation of data, Privilege
escalation
Released:    2008-10-02

Two vulnerabilities have been reported in the Brilliant Gallery module
for Drupal, which can be exploited by malicious users to conduct script
insertion and SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/32106/ 

 --

[SA32101] OpenNMS "viewName" Cross-Site Scripting Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2008-10-02

A vulnerability has been reported in OpenNMS, which can be exploited by
malicious people to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/32101/ 

 --

[SA32087] WikyBlog Multiple Cross-Site Scripting Vulnerabilities

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2008-10-02

Omer Singer has discovered multiple vulnerabilities in WikyBlog, which
can be exploited by  malicious people to conduct cross-site scripting
attacks.

Full Advisory:
http://secunia.com/advisories/32087/ 

 --

[SA32085] WhoDomLite "dom" Cross-Site Scripting Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2008-09-29

Ghost Hacker has discovered a vulnerability in WhoDomLite, which can be
exploited by malicious people to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/32085/ 

 --

[SA32081] Celoxis "ni.smessage" Cross-Site Scripting Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2008-10-02

teuquooch1seero at hushmail dot com has reported a vulnerability in
Celoxis, which can be exploited by malicious people to conduct
cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/32081/ 

 --

[SA32074] Blosxom "flav" Cross-Site Scripting Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2008-10-02

A vulnerability has been reported in Blosxom, which can be exploited by
malicious people to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/32074/ 

 --

[SA32060] WordPress MU "s" and "ip_address" Cross-Site Scripting
Vulnerabilities

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2008-09-30

Juan Galiana Lara has reported a vulnerability in Wordpress MU, which
can be exploited by malicious people to conduct cross-site scripting
attacks.

Full Advisory:
http://secunia.com/advisories/32060/ 

 --

[SA32043] FlatPress Multiple Cross-Site Scripting Vulnerabilities

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2008-09-26

Fabian Fingerle has discovered some vulnerabilities in FlatPress, which
can be exploited by malicious people to conduct cross-site scripting
attacks.

Full Advisory:
http://secunia.com/advisories/32043/ 

 --

[SA32039] MyCard "id" SQL Injection Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Manipulation of data
Released:    2008-09-29

r45c4l has reported a vulnerability in MyCard, which can be exploited
by malicious users to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/32039/ 

 --

[SA32072] MySQL HTML Output Script Insertion Security Issue

Critical:    Not critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2008-10-02

Thomas Henlich has reported a security issue in MySQL, which can be
exploited by malicious people to conduct script insertion attacks.

Full Advisory:
http://secunia.com/advisories/32072/ 



=======================================================================
Secunia recommends that you verify all advisories you receive,
by clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only use
those supplied by the vendor.

Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/ 

Subscribe:
http://secunia.com/advisories/weekly_summary/ 

Contact details:
Web	: http://secunia.com/ 
E-mail	: support@secunia.com 
Tel	: +45 70 20 51 44
Fax	: +45 70 20 51 45


__________________________________________________      
Register now for HITBSecConf2008 - Malaysia! With 
a new triple-track conference featuring 4 keynote 
speakers and over 35 international experts, this 
is the largest network security event in Asia and 
the Middle East! 
http://conference.hackinthebox.org/hitbsecconf2008kl/ 

Site design & layout copyright © 1986-2014 CodeGods