AOH :: IS1230.HTM

Secunia Weekly Summary - Issue: 2008-41




Secunia Weekly Summary - Issue: 2008-41
Secunia Weekly Summary - Issue: 2008-41



=======================================================================
                  The Secunia Weekly Advisory Summary                  
                        2008-10-02 - 2008-10-09                        

                       This week: 75 advisories                        

=======================================================================Table of Contents:

1.....................................................Word From Secunia
2....................................................This Week In Brief
3...............................This Weeks Top Ten Most Read Advisories
4.......................................Vulnerabilities Summary Listing
5.......................................Vulnerabilities Content Listing

=======================================================================1) Word From Secunia:

Do you need accurate and reliable IDS / IPS / AV detection rules?

Get in-depth vulnerability details:
http://secunia.com/binary_analysis/sample_analysis/ 

=======================================================================2) This Week in Brief:

Some vulnerabilities have been reported in Opera, which can be
exploited by malicious people to bypass certain security restrictions,
disclose potentially sensitive information, or potentially compromise a
user's system.

For more information, refer to:
http://secunia.com/advisories/32177/ 

 --

Some vulnerabilities and a security issue have been reported in Cisco
Unity, which can be exploited by malicious, local users to disclose
potentially sensitive information, and by malicious people to bypass
certain security restrictions and cause a DoS (Denial of Service).

For more information, refer to:
http://secunia.com/advisories/32187/ 

=======================================================================3) This Weeks Top Ten Most Read Advisories:

1.  [SA32124] Linux Kernel "vmi_write_ldt_entry()" Privilege Escalation
2.  [SA32163] Adobe Flash Player "Clickjacking" Security Bypass
              Vulnerability
3.  [SA17295] phpBB Avatar Script Insertion Vulnerability
4.  [SA32177] Opera Multiple Vulnerabilities
5.  [SA14362] phpBB Avatar Functions Information Disclosure and
              Deletion
6.  [SA32111] Novell eDirectory Multiple Vulnerabilities
7.  [SA13769] Zeroboard Multiple Vulnerabilities
8.  [SA20153] Microsoft Word Malformed Object Pointer Vulnerability
9.  [SA32097] Trend Micro OfficeScan Multiple Vulnerabilities
10. [SA32180] VMware ESX Server Sun Java JDK / JRE Multiple
              Vulnerabilities

=======================================================================4) Vulnerabilities Summary Listing

Windows:
[SA32140] iseemedia LPViewer ActiveX Control Multiple Buffer Overflow
Vulnerabilities
[SA32206] Avaya IP Softphone H.323 Denial of Service Vulnerability
[SA32205] Avaya one-X Desktop Edition SIP Denial of Service
Vulnerability
[SA32154] WinZip GDI+ Multiple Vulnerabilities
[SA32150] Serv-U File Renaming Vulnerabilities and STOU Denial of
Service
[SA32156] Kontiki Delivery Management System "action" Cross-Site
Scripting
[SA32187] Cisco Unity Multiple Vulnerabilities
[SA32207] Cisco Unity Script Insertion Vulnerability

UNIX/Linux:
[SA32196] SUSE update for MozillaFirefox, MozillaThunderbird,
seamonkey, and mozilla
[SA32185] Debian update for iceweasel
[SA32180] VMware ESX Server Sun Java JDK / JRE Multiple
Vulnerabilities
[SA32153] Debian update for mplayer
[SA32144] SUSE update for MozillaFirefox
[SA32204] Avaya Communication Manager Arbitrary Command Execution
Vulnerabilities
[SA32193] Red Hat update for condor
[SA32190] Red Hat update for kernel
[SA32189] Condor Multiple Vulnerabilities
[SA32188] Avaya Products Wireshark Multiple Denial of Service
Vulnerabilities
[SA32184] Gentoo update for wordnet
[SA32181] SUSE update for openssh
[SA32175] Fedora update for libxml2
[SA32151] SUSE update for dovecot and graphicsmagic
[SA32148] Debian update for php5
[SA32136] Avaya AES LibTIFF LZW Decoder Buffer Underflow Vulnerability
[SA32132] Debian update for lighttpd
[SA32130] Libxml2 Predefined Entities Denial of Service Vulnerability
[SA32120] Red Hat update for tomcat
[SA32182] SUSE update for mercurial
[SA32168] AmpJuke "special" SQL Injection Vulnerability
[SA32164] Dovecot ACL Plugin Security Bypass Security Issues
[SA32128] Fedora update for mediawiki
[SA32161] HP-UX NFS/ONCplus Denial of Service Vulnerability
[SA32133] OpenBSD IPv6 Neighbor Discovery Protocol Neighbor
Solicitation Vulnerability
[SA32174] Fedora update for pam_krb5
[SA32170] FreeRADIUS "dialup_admin" Insecure Temporary Files
[SA32155] Debian update for feta
[SA32135] Red Hat update for pam_krb5
[SA32124] Linux Kernel "vmi_write_ldt_entry()" Privilege Escalation
[SA32119] pam_krb5 Credential Cache "exisiting_ticket" Security Bypass
[SA32127] D-Bus "_dbus_validate_signature_with_reason()" Denial of
Service
[SA32125] Avaya CMS Solaris ACL for UFS File Systems Local Denial of
Service

Other:
[SA32121] Apple TV Multiple Vulnerabilities
[SA32122] Blue Coat SGOS ICAP Patience Page Cross-Site Scripting
Vulnerability
[SA32203] Nortel Multimedia Communication Server 5100 Multiple
Vulnerabilities

Cross Platform:
[SA32179] VMware VirtualCenter Multiple Vulnerabilities
[SA32177] Opera Multiple Vulnerabilities
[SA32198] Drupal Attach File Security Bypass Vulnerability
[SA32195] Drupal Multiple Modules Security Bypass Vulnerability
[SA32194] Drupal EveryBlog Module Multiple Vulnerabilities
[SA32191] Drupal SIOC Module Security Bypass Vulnerability
[SA32186] Graphviz "push_subg" Buffer Overflow Vulnerability
[SA32171] AdaptCMS "user_name" SQL Injection Vulnerability
[SA32169] CMME Information Disclosure Security Issues
[SA32162] Hispah Text Links Ads "idcat" / "idtl" SQL Injection
Vulnerabilities
[SA32160] AdMan "campaignId" SQL Injection Vulnerability
[SA32159] YaCy Unspecified Vulnerabilities
[SA32158] WebBiscuits FAQ Support "download" File Disclosure
Vulnerability
[SA32149] PHP Realtor "v_cat" SQL Injection Vulnerability
[SA32147] PHP Auto Dealer "v_cat" SQL Injection Vulnerability
[SA32145] Kwalbum "UploaditemsPage.php" File Upload Vulnerability
[SA32141] JMweb MP3 Script "src" File Inclusion Vulnerabilities
[SA32139] PHP Autos "catid" SQL Injection Vulnerability
[SA32126] Fastpublish CMS Multiple Vulnerabilities
[SA32201] Drupal User and BlogAPI Security Bypass Vulnerabilities
[SA32200] Drupal Upload and Node Module API Security Bypass
[SA32199] HP System Management Homepage Unspecified Cross Site
Scripting Vulnerability
[SA32176] Website Directory "keyword" Cross-Site Scripting
Vulnerability
[SA32172] WOW Raid Manager Unspecified Cross-Site Scripting
Vulnerability
[SA32167] vbDrupal Multiple Security Bypass Vulnerabilities
[SA32163] Adobe Flash Player "Clickjacking" Security Bypass
Vulnerability
[SA32146] ModSecurity "SecCacheTransformations" Vulnerability
[SA32134] XAMPP adodb.php Cross-Site Scripting Vulnerabilities
[SA32131] MediaWiki "useskin" Cross-Site Scripting Vulnerability
[SA32123] Nucleus EUC-JP Cross-Site Scripting Vulnerability
[SA32157] VMware ESX / ESXi "JMP" Privilege Escalation Vulnerability

=======================================================================5) Vulnerabilities Content Listing

Windows:--

[SA32140] iseemedia LPViewer ActiveX Control Multiple Buffer Overflow
Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2008-10-07

Will Dormann has reported some vulnerabilities in the iseemedia
LPViewer ActiveX control, which can be exploited by malicious people to
compromise a user's system.

Full Advisory:
http://secunia.com/advisories/32140/ 

 --

[SA32206] Avaya IP Softphone H.323 Denial of Service Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2008-10-09

A vulnerability has been reported in Avaya IP Softphone, which can be
exploited by malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/32206/ 

 --

[SA32205] Avaya one-X Desktop Edition SIP Denial of Service
Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2008-10-09

A vulnerability has been reported in Avaya one-X Desktop Edition, which
can be exploited by malicious people to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/32205/ 

 --

[SA32154] WinZip GDI+ Multiple Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2008-10-09

Some vulnerabilities have been reported in WinZip, which can be
exploited by malicious people to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/32154/ 

 --

[SA32150] Serv-U File Renaming Vulnerabilities and STOU Denial of
Service

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2008-10-06

Some vulnerabilities have been reported in Serv-U, which can be
exploited by malicious users to cause a DoS (Denial of Service) or
compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/32150/ 

 --

[SA32156] Kontiki Delivery Management System "action" Cross-Site
Scripting

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2008-10-06

A vulnerability has been reported in Kontiki Delivery Management
System, which can be exploited by malicious people to conduct
cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/32156/ 

 --

[SA32187] Cisco Unity Multiple Vulnerabilities

Critical:    Less critical
Where:       From local network
Impact:      Security Bypass, Exposure of sensitive information, DoS
Released:    2008-10-09

Some vulnerabilities and a security issue have been reported in Cisco
Unity, which can be exploited by malicious, local users to disclose
potentially sensitive information, and by malicious people to bypass
certain security restrictions and cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/32187/ 

 --

[SA32207] Cisco Unity Script Insertion Vulnerability

Critical:    Not critical
Where:       From local network
Impact:      Cross Site Scripting
Released:    2008-10-09

A vulnerability has been reported in Cisco Unity, which can be
exploited by malicious users to conduct script insertion attacks.

Full Advisory:
http://secunia.com/advisories/32207/ 


UNIX/Linux:--

[SA32196] SUSE update for MozillaFirefox, MozillaThunderbird,
seamonkey, and mozilla

Critical:    Highly critical
Where:       From remote
Impact:      Security Bypass, Exposure of system information, Exposure
of sensitive information, DoS, System access
Released:    2008-10-09

SUSE has issued an update for MozillaFirefox, MozillaThunderbird,
seamonkey, and mozilla. This fixes some vulnerabilities, which can be
exploited by malicious people to bypass certain security restrictions,
to disclose sensitive information, or to potentially compromise a
user's system.

Full Advisory:
http://secunia.com/advisories/32196/ 

 --

[SA32185] Debian update for iceweasel

Critical:    Highly critical
Where:       From remote
Impact:      Security Bypass, Exposure of system information, Exposure
of sensitive information, DoS, System access
Released:    2008-10-09

Debian has issued an update for iceweasel. This fixes some
vulnerabilities, which can be exploited by malicious people to bypass
certain security restrictions, to disclose sensitive information, or to
potentially compromise a user's system.

Full Advisory:
http://secunia.com/advisories/32185/ 

 --

[SA32180] VMware ESX Server Sun Java JDK / JRE Multiple
Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      Security Bypass, Exposure of system information, Exposure
of sensitive information, DoS, System access
Released:    2008-10-06

VMware has acknowledged some vulnerabilities in VMware ESX Server,
which can be exploited by malicious people to bypass certain security
restrictions, disclose system information or potentially sensitive
information, cause a DoS (Denial of Service), or compromise a
vulnerable system.

Full Advisory:
http://secunia.com/advisories/32180/ 

 --

[SA32153] Debian update for mplayer

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2008-10-06

Debian has issued an update for mplayer. This fixes some
vulnerabilities, which potentially can be exploited by malicious people
to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/32153/ 

 --

[SA32144] SUSE update for MozillaFirefox

Critical:    Highly critical
Where:       From remote
Impact:      Security Bypass, Exposure of system information, Exposure
of sensitive information, DoS, System access
Released:    2008-10-07

SUSE has issued an update for MozillaFirefox. This fixes some
vulnerabilities, which can be exploited by malicious people to bypass
certain security restrictions, to disclose sensitive information, or to
potentially compromise a user's system.

Full Advisory:
http://secunia.com/advisories/32144/ 

 --

[SA32204] Avaya Communication Manager Arbitrary Command Execution
Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2008-10-09

Two vulnerabilities have been reported in Avaya Communication Manager,
which can be exploited by malicious users to compromise a vulnerable
system.

Full Advisory:
http://secunia.com/advisories/32204/ 

 --

[SA32193] Red Hat update for condor

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass, DoS, System access
Released:    2008-10-08

Red Hat has issued an update for condor. This fixes some
vulnerabilities, which can be exploited by malicious users to bypass
certain security restrictions, cause a DoS (Denial of Service), and
potentially compromise a vulnerable system, and by malicious people to
bypass certain security restrictions.

Full Advisory:
http://secunia.com/advisories/32193/ 

 --

[SA32190] Red Hat update for kernel

Critical:    Moderately critical
Where:       From remote
Impact:      Exposure of sensitive information, DoS
Released:    2008-10-08

Red Hat has issued an update for the kernel. This fixes some
vulnerabilities, which can be exploited by malicious, local users to
disclose potentially sensitive information and cause a DoS (Denial of
Service) and malicious people to cause a DoS..

Full Advisory:
http://secunia.com/advisories/32190/ 

 --

[SA32189] Condor Multiple Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass, DoS, System access
Released:    2008-10-08

Some vulnerabilities have been reported Condor, which can be exploited
by malicious users to bypass certain security restrictions, cause a DoS
(Denial of Service), and potentially compromise a vulnerable system, and
by malicious people to bypass certain security restrictions.

Full Advisory:
http://secunia.com/advisories/32189/ 

 --

[SA32188] Avaya Products Wireshark Multiple Denial of Service
Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2008-10-09

Avaya has acknowledged some vulnerabilities in various Avaya products,
which can be exploited by malicious people to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/32188/ 

 --

[SA32184] Gentoo update for wordnet

Critical:    Moderately critical
Where:       From remote
Impact:      Privilege escalation, DoS, System access
Released:    2008-10-08

Gentoo has issued an update for wordnet. This fixes some
vulnerabilities, which can potentially be exploited by malicious, local
users to gain escalated privileges, and by malicious people to
compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/32184/ 

 --

[SA32181] SUSE update for openssh

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2008-10-07

SUSE has issued an update for openssh. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/32181/ 

 --

[SA32175] Fedora update for libxml2

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2008-10-06

Fedora has issued an update for libxml2. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/32175/ 

 --

[SA32151] SUSE update for dovecot and graphicsmagic

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass, DoS
Released:    2008-10-07

SUSE has issued an update for dovecot and graphicsmagic. This fixes a
security issue and some vulnerabilities, which can be exploited by
malicious users to bypass certain security restrictions and by
malicious people to bypass certain security restrictions and cause a
DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/32151/ 

 --

[SA32148] Debian update for php5

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2008-10-07

Debian has issued an update for php5. This fixes some vulnerabilities,
which can potentially be exploited by malicious people to cause a DoS
(Denial of Service) or compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/32148/ 

 --

[SA32136] Avaya AES LibTIFF LZW Decoder Buffer Underflow Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2008-10-09

Avaya has acknowledged a vulnerability in Avaya Application Enablement
Services (AES), which can be exploited by malicious people to cause a
DoS (Denial of Service) and potentially compromise a user's system.

Full Advisory:
http://secunia.com/advisories/32136/ 

 --

[SA32132] Debian update for lighttpd

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass, Exposure of sensitive information, DoS
Released:    2008-10-07

Debian has issued an update for lighttpd. This fixes a weakness and
some vulnerabilities, which can be exploited by malicious people to
disclose potentially sensitive information, bypass certain security
restrictions, and cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/32132/ 

 --

[SA32130] Libxml2 Predefined Entities Denial of Service Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2008-10-03

A vulnerability has been reported in Libxml2, which can be exploited by
malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/32130/ 

 --

[SA32120] Red Hat update for tomcat

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass, Cross Site Scripting, Exposure of system
information, Exposure of sensitive information
Released:    2008-10-03

Red Hat has issued an update for tomcat. This fixes some
vulnerabilities, which can be exploited by malicious, local users to
bypass certain security restrictions, malicious users to disclose
potentially sensitive information, and by malicious people to conduct
cross-site scripting attacks, bypass certain security restrictions, or
disclose sensitive information.

Full Advisory:
http://secunia.com/advisories/32120/ 

 --

[SA32182] SUSE update for mercurial

Critical:    Less critical
Where:       From remote
Impact:      Security Bypass
Released:    2008-10-07

SUSE has issued an update for mercurial. This fixes a vulnerability,
which can be exploited by malicious people to bypass certain security
restrictions.

Full Advisory:
http://secunia.com/advisories/32182/ 

 --

[SA32168] AmpJuke "special" SQL Injection Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Manipulation of data
Released:    2008-10-06

S_DLA_S has discovered a vulnerability in AmpJuke, which can be
exploited by malicious users to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/32168/ 

 --

[SA32164] Dovecot ACL Plugin Security Bypass Security Issues

Critical:    Less critical
Where:       From remote
Impact:      Security Bypass
Released:    2008-10-06

Two security issues have been reported in Dovecot, which can be
exploited by malicious users to bypass certain security restrictions.

Full Advisory:
http://secunia.com/advisories/32164/ 

 --

[SA32128] Fedora update for mediawiki

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2008-10-07

Fedora has issued an update for mediawiki. This fixes a vulnerability,
which can be exploited by malicious people to conduct cross-site
scripting attacks.

Full Advisory:
http://secunia.com/advisories/32128/ 

 --

[SA32161] HP-UX NFS/ONCplus Denial of Service Vulnerability

Critical:    Less critical
Where:       From local network
Impact:      DoS
Released:    2008-10-07

A vulnerability has been reported in HP-UX, which can be exploited by
malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/32161/ 

 --

[SA32133] OpenBSD IPv6 Neighbor Discovery Protocol Neighbor
Solicitation Vulnerability

Critical:    Less critical
Where:       From local network
Impact:      Spoofing, Exposure of sensitive information, DoS
Released:    2008-10-03

A vulnerability has been reported in OpenBSD, which can be exploited by
malicious people to conduct spoofing attacks, disclose potentially
sensitive information, or to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/32133/ 

 --

[SA32174] Fedora update for pam_krb5

Critical:    Less critical
Where:       Local system
Impact:      Security Bypass
Released:    2008-10-06

Fedora has issued an update for pam_krb5. This fixes a security issue,
which can be exploited by malicious, local users to bypass certain
security restrictions.

Full Advisory:
http://secunia.com/advisories/32174/ 

 --

[SA32170] FreeRADIUS "dialup_admin" Insecure Temporary Files

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2008-10-08

Some vulnerabilities have been reported in FreeRADIUS, which can be
exploited by malicious, local users to perform certain actions with
escalated privileges.

Full Advisory:
http://secunia.com/advisories/32170/ 

 --

[SA32155] Debian update for feta

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2008-10-06

Debian has issued an update for feta. This fixes a security issue,
which can be exploited by malicious, local users to perform certain
actions with escalated privileges.

Full Advisory:
http://secunia.com/advisories/32155/ 

 --

[SA32135] Red Hat update for pam_krb5

Critical:    Less critical
Where:       Local system
Impact:      Security Bypass
Released:    2008-10-03

Red Hat has issued an update for pam_krb5. This fixes a security issue,
which can be exploited by malicious, local users to bypass certain
security restrictions.

Full Advisory:
http://secunia.com/advisories/32135/ 

 --

[SA32124] Linux Kernel "vmi_write_ldt_entry()" Privilege Escalation

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation, DoS
Released:    2008-10-03

Eugene Teo has reported a vulnerability in the Linux Kernel, which can
be exploited by malicious, local users in a VMI guest to cause a DoS
(Denial of Service) and potentially gain escalated privileges.

Full Advisory:
http://secunia.com/advisories/32124/ 

 --

[SA32119] pam_krb5 Credential Cache "exisiting_ticket" Security Bypass

Critical:    Less critical
Where:       Local system
Impact:      Security Bypass
Released:    2008-10-03

A security issue has been reported in pam_krb5, which can be exploited
by malicious, local users to bypass certain security restrictions.

Full Advisory:
http://secunia.com/advisories/32119/ 

 --

[SA32127] D-Bus "_dbus_validate_signature_with_reason()" Denial of
Service

Critical:    Not critical
Where:       Local system
Impact:      DoS
Released:    2008-10-07

A weakness has been reported in D-Bus, which can be exploited by
malicious, local users to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/32127/ 

 --

[SA32125] Avaya CMS Solaris ACL for UFS File Systems Local Denial of
Service

Critical:    Not critical
Where:       Local system
Impact:      DoS
Released:    2008-10-03

Avaya has acknowledged a vulnerability in Avaya CMS, which can be
exploited by malicious, local users to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/32125/ 


Other:--

[SA32121] Apple TV Multiple Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2008-10-03

Some vulnerabilities have been reported in Apple TV, which can be
exploited by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/32121/ 

 --

[SA32122] Blue Coat SGOS ICAP Patience Page Cross-Site Scripting
Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2008-10-03

Juan Pablo Lopez Yacubian has reported a vulnerability in Blue Coat
Security Gateway OS (SGOS), which can be exploited by malicious people
to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/32122/ 

 --

[SA32203] Nortel Multimedia Communication Server 5100 Multiple
Vulnerabilities

Critical:    Less critical
Where:       From local network
Impact:      Security Bypass, Spoofing, DoS
Released:    2008-10-09

Some vulnerabilities have been reported in Nortel Multimedia
Communication Server 5100, which can be exploited by malicious people
to bypass certain security restrictions, conduct spoofing attacks, or
cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/32203/ 


Cross Platform:--

[SA32179] VMware VirtualCenter Multiple Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      Security Bypass, Exposure of system information, Exposure
of sensitive information, DoS, System access
Released:    2008-10-06

VMware has acknowledged a weakness and some vulnerabilities in VMware
VirtualCenter, which can be exploited by malicious, local users to
disclose sensitive information, and by malicious people to bypass
certain security restrictions, disclose system information or
potentially sensitive information, cause a DoS (Denial of Service), or
compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/32179/ 

 --

[SA32177] Opera Multiple Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      Security Bypass, Exposure of system information, Exposure
of sensitive information, DoS, System access
Released:    2008-10-08

Some vulnerabilities have been reported in Opera, which can be
exploited by malicious people to bypass certain security restrictions,
disclose potentially sensitive information, or potentially compromise a
user's system.

Full Advisory:
http://secunia.com/advisories/32177/ 

 --

[SA32198] Drupal Attach File Security Bypass Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass, Manipulation of data
Released:    2008-10-09

A vulnerability has been reported in Drupal, which can be exploited by
malicious people to bypass certain security restrictions.

Full Advisory:
http://secunia.com/advisories/32198/ 

 --

[SA32195] Drupal Multiple Modules Security Bypass Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass, Exposure of sensitive information
Released:    2008-10-09

A vulnerability has been reported in various modules for Drupal, which
can be exploited by malicious people to bypass certain security
restrictions or disclose sensitive information.

Full Advisory:
http://secunia.com/advisories/32195/ 

 --

[SA32194] Drupal EveryBlog Module Multiple Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass, Cross Site Scripting, Manipulation of
data, Privilege escalation
Released:    2008-10-09

Some vulnerabilities have been reported in the EveryBlog module for
Drupal, which can be exploited by malicious people to conduct
cross-site scripting and SQL injection attacks, bypass certain security
restrictions, and gain escalated privileges.

Full Advisory:
http://secunia.com/advisories/32194/ 

 --

[SA32191] Drupal SIOC Module Security Bypass Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass, Exposure of sensitive information
Released:    2008-10-09

A vulnerability has been reported in the SIOC
(Semantically-Interconnected Online Communities) module for Drupal,
which can be exploited by malicious people to bypass certain security
restrictions and disclose sensitive information.

Full Advisory:
http://secunia.com/advisories/32191/ 

 --

[SA32186] Graphviz "push_subg" Buffer Overflow Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2008-10-09

Roee Hay has discovered a vulnerability in Graphviz, which can be
exploited by malicious people to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/32186/ 

 --

[SA32171] AdaptCMS "user_name" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2008-10-06

A vulnerability has been reported in AdaptCMS, which can be exploited
by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/32171/ 

 --

[SA32169] CMME Information Disclosure Security Issues

Critical:    Moderately critical
Where:       From remote
Impact:      Exposure of sensitive information
Released:    2008-10-07

AmnPardaz Security Research & Penetration Testing Group has discovered
some security issues in CMME, which can be exploited by malicious
people to disclose sensitive information.

Full Advisory:
http://secunia.com/advisories/32169/ 

 --

[SA32162] Hispah Text Links Ads "idcat" / "idtl" SQL Injection
Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data, Exposure of sensitive information
Released:    2008-10-09

Some vulnerabilities have been reported in Hispah Text Links Ads, which
can be exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/32162/ 

 --

[SA32160] AdMan "campaignId" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data, Exposure of sensitive information
Released:    2008-10-09

SuB-ZeRo has reported a vulnerability in AdMan, which can be exploited
by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/32160/ 

 --

[SA32159] YaCy Unspecified Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Unknown
Released:    2008-10-09

Some vulnerabilities with unknown impacts have been reported in YaCy.

Full Advisory:
http://secunia.com/advisories/32159/ 

 --

[SA32158] WebBiscuits FAQ Support "download" File Disclosure
Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Exposure of sensitive information
Released:    2008-10-09

Gold_M has discovered a vulnerability in WebBiscuits FAQ Support, which
can be exploited by malicious people to disclose sensitive information.

Full Advisory:
http://secunia.com/advisories/32158/ 

 --

[SA32149] PHP Realtor "v_cat" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data, Exposure of sensitive information
Released:    2008-10-08

Mr.SQL has discovered a vulnerability in PHP Realtor, which can be
exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/32149/ 

 --

[SA32147] PHP Auto Dealer "v_cat" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data, Exposure of sensitive information
Released:    2008-10-08

Mr.SQL has reported a vulnerability in PHP Auto Dealer, which can be
exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/32147/ 

 --

[SA32145] Kwalbum "UploaditemsPage.php" File Upload Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2008-10-07

A vulnerability has been discovered in Kwalbum, which can be exploited
by malicious users to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/32145/ 

 --

[SA32141] JMweb MP3 Script "src" File Inclusion Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Exposure of sensitive information
Released:    2008-10-06

SirGod has discovered some vulnerabilities in JMweb MP3 Music Audio
Search and Download Script, which can be exploited by malicious people
to disclose sensitive information.

Full Advisory:
http://secunia.com/advisories/32141/ 

 --

[SA32139] PHP Autos "catid" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data, Exposure of sensitive information
Released:    2008-10-08

Mr.SQL has reported a vulnerability in PHP Autos, which can be
exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/32139/ 

 --

[SA32126] Fastpublish CMS Multiple Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data, Exposure of sensitive information
Released:    2008-10-06

Multiple vulnerabilities have been discovered in Fastpublish CMS, which
can be exploited by malicious people to conduct SQL injection attacks
and gain knowledge of sensitive information.

Full Advisory:
http://secunia.com/advisories/32126/ 

 --

[SA32201] Drupal User and BlogAPI Security Bypass Vulnerabilities

Critical:    Less critical
Where:       From remote
Impact:      Security Bypass, Manipulation of data
Released:    2008-10-09

Two vulnerabilities have been reported in Drupal, which can be
exploited by malicious users to bypass certain security restrictions.

Full Advisory:
http://secunia.com/advisories/32201/ 

 --

[SA32200] Drupal Upload and Node Module API Security Bypass

Critical:    Less critical
Where:       From remote
Impact:      Security Bypass, Exposure of sensitive information
Released:    2008-10-09

Two vulnerabilities have been reported in Drupal, which can be
exploited by malicious people and users to bypass certain security
restrictions.

Full Advisory:
http://secunia.com/advisories/32200/ 

 --

[SA32199] HP System Management Homepage Unspecified Cross Site
Scripting Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2008-10-09

A vulnerability has been reported in HP System Management Homepage
(SMH), which can be exploited by malicious people to conduct cross-site
scripting attacks.

Full Advisory:
http://secunia.com/advisories/32199/ 

 --

[SA32176] Website Directory "keyword" Cross-Site Scripting
Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2008-10-06

Ghost Hacker has reported a vulnerability in Website Directory, which
can be exploited by malicious people to conduct cross-site scripting
attacks.

Full Advisory:
http://secunia.com/advisories/32176/ 

 --

[SA32172] WOW Raid Manager Unspecified Cross-Site Scripting
Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2008-10-09

A vulnerability has been reported in WOW Raid Manager, which can be
exploited by malicious people to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/32172/ 

 --

[SA32167] vbDrupal Multiple Security Bypass Vulnerabilities

Critical:    Less critical
Where:       From remote
Impact:      Security Bypass, Manipulation of data, Exposure of
sensitive information
Released:    2008-10-09

Some vulnerabilities have been reported in vbDrupal, which can be
exploited by malicious people and users to bypass certain security
restrictions.

Full Advisory:
http://secunia.com/advisories/32167/ 

 --

[SA32163] Adobe Flash Player "Clickjacking" Security Bypass
Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Security Bypass, Exposure of sensitive information
Released:    2008-10-08

A vulnerability has been reported in Adobe Flash Player, which can be
exploited by malicious people to bypass certain security restrictions
and disclose potentially sensitive information.

Full Advisory:
http://secunia.com/advisories/32163/ 

 --

[SA32146] ModSecurity "SecCacheTransformations" Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Security Bypass
Released:    2008-10-09

A vulnerability has been reported in ModSecurity, which potentially can
be exploited by malicious people to bypass certain security
restrictions.

Full Advisory:
http://secunia.com/advisories/32146/ 

 --

[SA32134] XAMPP adodb.php Cross-Site Scripting Vulnerabilities

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2008-10-03

Jaykishan Nirmal has discovered some vulnerabilities in XAMPP, which
can be exploited by malicious people to conduct cross-site scripting
attacks.

Full Advisory:
http://secunia.com/advisories/32134/ 

 --

[SA32131] MediaWiki "useskin" Cross-Site Scripting Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2008-10-03

A vulnerability has been reported in MediaWiki, which can be exploited
by malicious people to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/32131/ 

 --

[SA32123] Nucleus EUC-JP Cross-Site Scripting Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2008-10-06

A vulnerability has been reported in Nucleus EUC-JP, which can be
exploited by malicious people to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/32123/ 

 --

[SA32157] VMware ESX / ESXi "JMP" Privilege Escalation Vulnerability

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2008-10-06

A vulnerability has been reported in VMware ESX / ESXi, which can be
exploited by malicious, local users to gain escalated privileges.

Full Advisory:
http://secunia.com/advisories/32157/ 



=======================================================================
Secunia recommends that you verify all advisories you receive,
by clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only use
those supplied by the vendor.

Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/ 

Subscribe:
http://secunia.com/advisories/weekly_summary/ 

Contact details:
Web	: http://secunia.com/ 
E-mail	: support@secunia.com 
Tel	: +45 70 20 51 44
Fax	: +45 70 20 51 45


__________________________________________________      
Register now for HITBSecConf2008 - Malaysia! With 
a new triple-track conference featuring 4 keynote 
speakers and over 35 international experts, this 
is the largest network security event in Asia and 
the Middle East! 
http://conference.hackinthebox.org/hitbsecconf2008kl/ 

Site design & layout copyright © 1986-2014 CodeGods