AOH :: IS1262.HTM

Secunia Weekly Summary - Issue: 2008-42




Secunia Weekly Summary - Issue: 2008-42
Secunia Weekly Summary - Issue: 2008-42



=======================================================================
                  The Secunia Weekly Advisory Summary                  
                        2008-10-09 - 2008-10-16                        

                       This week: 77 advisories                        

=======================================================================Table of Contents:

1.....................................................Word From Secunia
2....................................................This Week In Brief
3...............................This Weeks Top Ten Most Read Advisories
4.......................................Vulnerabilities Summary Listing
5.......................................Vulnerabilities Content Listing

=======================================================================1) Word From Secunia:

Do you need accurate and reliable IDS / IPS / AV detection rules?

Get in-depth vulnerability details:
http://secunia.com/binary_analysis/sample_analysis/ 

=======================================================================2) This Week in Brief:

Microsoft has released various security bulletins for October.

For more information, refer to:
http://secunia.com/advisories/32242/ 
http://secunia.com/advisories/32249/ 
http://secunia.com/advisories/32211/ 
http://secunia.com/advisories/32138/ 
http://secunia.com/advisories/32260/ 
http://secunia.com/advisories/32261/ 
http://secunia.com/advisories/32248/ 
http://secunia.com/advisories/32247/ 
http://secunia.com/advisories/32233/ 
http://secunia.com/advisories/32251/ 

 --

Some security issues have been reported in Adobe Flash Player, which
can be exploited by malicious people to bypass certain security
restrictions or manipulate certain data.

For more information, refer to:
http://secunia.com/advisories/32270/ 

 --

A vulnerability has been reported by VLC Media Player, which
potentially can be exploited by malicious people to compromise a user's
system.

For more information, refer to:
http://secunia.com/advisories/32267/ 

=======================================================================3) This Weeks Top Ten Most Read Advisories:

1.  [SA32227] Sun Java System Web Proxy Server Two Vulnerabilities
2.  [SA32226] CUPS Multiple Vulnerabilities
3.  [SA32220] CA ARCserve Backup Multiple Vulnerabilities
4.  [SA32222] Apple Mac OS X Security Update Fixes Multiple
              Vulnerabilities
5.  [SA32248] Microsoft Windows IIS IPP Service Integer Overflow
              Vulnerability
6.  [SA20153] Microsoft Word Malformed Object Pointer Vulnerability
7.  [SA32163] Adobe Flash Player "Clickjacking" Security Bypass
              Vulnerability
8.  [SA32177] Opera Multiple Vulnerabilities
9.  [SA32234] FUJITSU Interstage Products Apache Tomcat Security
              Bypass
10. [SA32180] VMware ESX Server Sun Java JDK / JRE Multiple
              Vulnerabilities

=======================================================================4) Vulnerabilities Summary Listing

Windows:
[SA32248] Microsoft Windows IIS IPP Service Integer Overflow
Vulnerability
[SA32246] Adobe Flash CS3 SWF Processing Buffer Overflow
Vulnerabilities
[SA32236] System Requirements Lab ActiveX Control Code Execution
Vulnerability
[SA32211] Microsoft Excel Multiple Vulnerabilities
[SA32244] Ayco Okul "linkid" SQL Injection Vulnerability
[SA32238] MunzurSoft Wep Portal W3 "kat" SQL Injection Vulnerability
[SA32218] GuildFTPd "LIST" Processing Buffer Overflow Vulnerability
[SA32216] RaidenFTPD Directory Name Buffer Overflow Vulnerability
[SA32260] Microsoft Windows 2000 Message Queuing Service Vulnerability
[SA32249] Microsoft Windows SMB Buffer Underflow Vulnerability
[SA32242] Microsoft Windows Active Directory Buffer Overflow
Vulnerability
[SA32233] Microsoft Host Integration Server SNA RPC Vulnerability
[SA32220] CA ARCserve Backup Multiple Vulnerabilities
[SA32264] Websense SQL Password Disclosure Security Issue
[SA32261] Microsoft Windows Ancillary Function Driver Privilege
Escalation
[SA32252] Lenovo Rescue and Recovery "tvtumon.sys" Privilege
Escalation
[SA32251] Microsoft Windows Virtual Address Descriptor Privilege
Escalation
[SA32247] Microsoft Windows Privilege Escalation Vulnerabilities

UNIX/Linux:
[SA32282] Ubuntu update for lcms
[SA32280] Debian update for libxml2
[SA32275] Fedora update for drupal
[SA32274] Ubuntu update for libexif
[SA32273] Ubuntu update for exiv2
[SA32266] Avaya AES / MX Apache Tomcat Multiple Vulnerabilities
[SA32265] Avaya Products libxml2 XML Entity Name Buffer Overflow
Vulnerability
[SA32263] Avaya Products vsftpd PAM Memory Leak Vulnerability
[SA32256] Debian update for ruby1.8
[SA32255] Debian update for ruby1.9
[SA32241] Avaya Products Red Hat Tampered OpenSSH Packages
[SA32232] Fedora update for condor
[SA32222] Apple Mac OS X Security Update Fixes Multiple
Vulnerabilities
[SA32219] Ubuntu update for ruby1.8
[SA32217] GForge Multiple SQL Injection Vulnerabilities
[SA32292] Ubuntu update for cups
[SA32284] Fedora update for cups
[SA32283] Sun Solaris "sadmind" Buffer Overflow Vulnerability
[SA32279] Fedora update for bluez-utils and bluez-libs
[SA32226] CUPS Multiple Vulnerabilities
[SA32286] Fedora update for neon
[SA32254] Debian update for openldap
[SA32281] Ubuntu update for dbus
[SA32237] Debian update for linux-2.6
[SA32231] Fedora update for postfix
[SA32257] chm2pdf Insecure Temporary Directories
[SA32230] Fedora update for dbus
[SA32228] Gentoo Portage Insecure Python Module Search Path Security
Issue

Other:
[SA32259] Linksys WAP4400N Denial of Service and SNMPv3 Vulnerability
[SA32258] Telecom Italia Alice Routers Magic Packet Security Bypass

Cross Platform:
[SA32301] BEA WebLogic Server Multiple Vulnerabilities
[SA32267] VLC Media Player XSPF Processing Memory Corruption
Vulnerability
[SA32227] Sun Java System Web Proxy Server Two Vulnerabilities
[SA32304] BEA WebLogic Server Multiple Authorizers Security Bypass
[SA32303] BEA WebLogic Workshop NetUI Pageflow Information Disclosure
Vulnerability
[SA32302] BEA WebLogic Workshop NetUI Tags Information Disclosure
Vulnerability
[SA32291] Oracle Products Multiple Vulnerabilities
[SA32290] AstroSPACES "id" SQL Injection Vulnerability
[SA32289] myWebland myStats SQL Injection and Security Bypass
[SA32288] Webscene eCommerce "level" SQL Injection Vulnerability
[SA32287] HP Systems Insight Manager Unspecified Unauthorised Access
[SA32285] Drupal Shindig-Integrator Module Multiple Vulnerabilities
[SA32277] SweetCMS "page" SQL Injection Vulnerability
[SA32268] MyPHPDating "id" SQL Injection Vulnerability
[SA32253] WordPress WP Comment Remix Plugin Multiple Vulnerabilities
[SA32240] Joomla Ignite Gallery Component "gallery" SQL Injection
[SA32239] Joomla Mad4Joomla Mailforms Component "jid" SQL Injection
[SA32235] Joomla OwnBiblio Component "catid" SQL Injection
[SA32225] Phorum BBcode Nested "img" Tags Script Insertion
[SA32223] Real Estates Classifieds "cat" SQL Injection Vulnerability
[SA32215] My PHP Indexer "d" File Disclosure Vulnerability
[SA32214] NewLife Blogger "nlb3" SQL Injection Vulnerability
[SA32278] Elxis mod_language.php Cross-Site Scripting Vulnerability
[SA32276] Drupal Node Vote Module Vote Again SQL Injection
[SA32270] Adobe Flash Player Multiple Security Issues
[SA32243] Mantis Referenced Reports Information Disclosure Security
Issue
[SA32212] ScriptsEz Mini Hosting Panel "dir" File Disclosure
[SA32234] FUJITSU Interstage Products Apache Tomcat Security Bypass
[SA32213] Apache Tomcat "RemoteFilterValve" Security Bypass Security
Issue

=======================================================================5) Vulnerabilities Content Listing

Windows:--

[SA32248] Microsoft Windows IIS IPP Service Integer Overflow
Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2008-10-14

A vulnerability has been reported in Microsoft Windows, which can be
exploited by malicious users to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/32248/ 

 --

[SA32246] Adobe Flash CS3 SWF Processing Buffer Overflow
Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2008-10-16

Some vulnerabilities have been reported in Adobe Flash CS3, which
potentially can be exploited by malicious people to compromise a user's
system.

Full Advisory:
http://secunia.com/advisories/32246/ 

 --

[SA32236] System Requirements Lab ActiveX Control Code Execution
Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2008-10-16

A vulnerability has been reported in the System Requirements Lab
ActiveX control, which can be exploited by malicious people to
compromise a user's system.

Full Advisory:
http://secunia.com/advisories/32236/ 

 --

[SA32211] Microsoft Excel Multiple Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2008-10-14

Some vulnerabilities have been reported in Microsoft Excel, which can
be exploited by malicious people to potentially compromise a user's
system.

Full Advisory:
http://secunia.com/advisories/32211/ 

 --

[SA32244] Ayco Okul "linkid" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data, Exposure of sensitive information
Released:    2008-10-13

Crackers_Child has reported a vulnerability in Ayco Okul, which can be
exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/32244/ 

 --

[SA32238] MunzurSoft Wep Portal W3 "kat" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data, Exposure of sensitive information
Released:    2008-10-13

LUPUS has reported a vulnerability in MunzurSoft Wep Portal W3, which
can be exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/32238/ 

 --

[SA32218] GuildFTPd "LIST" Processing Buffer Overflow Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2008-10-13

dmnt has discovered a vulnerability in GuildFTPd, which can be
exploited by malicious users to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/32218/ 

 --

[SA32216] RaidenFTPD Directory Name Buffer Overflow Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2008-10-14

dmnt has discovered a vulnerability in RaidenFTPD, which can be
exploited by malicious users to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/32216/ 

 --

[SA32260] Microsoft Windows 2000 Message Queuing Service Vulnerability

Critical:    Moderately critical
Where:       From local network
Impact:      System access
Released:    2008-10-14

A vulnerability has been reported in Microsoft Windows 2000, which can
be exploited by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/32260/ 

 --

[SA32249] Microsoft Windows SMB Buffer Underflow Vulnerability

Critical:    Moderately critical
Where:       From local network
Impact:      System access
Released:    2008-10-14

A vulnerability has been reported in Microsoft Windows, which can be
exploited by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/32249/ 

 --

[SA32242] Microsoft Windows Active Directory Buffer Overflow
Vulnerability

Critical:    Moderately critical
Where:       From local network
Impact:      System access
Released:    2008-10-14

A vulnerability has been reported in Microsoft Windows, which can be
exploited by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/32242/ 

 --

[SA32233] Microsoft Host Integration Server SNA RPC Vulnerability

Critical:    Moderately critical
Where:       From local network
Impact:      Security Bypass, System access
Released:    2008-10-14

A vulnerability has been reported in Microsoft Host Integration Server,
which can be exploited by malicious people to bypass certain security
restrictions.

Full Advisory:
http://secunia.com/advisories/32233/ 

 --

[SA32220] CA ARCserve Backup Multiple Vulnerabilities

Critical:    Moderately critical
Where:       From local network
Impact:      DoS, System access
Released:    2008-10-10

Some vulnerabilities have been reported in CA ARCserve Backup, which
can be exploited by malicious people to cause a DoS (Denial of Service)
or to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/32220/ 

 --

[SA32264] Websense SQL Password Disclosure Security Issue

Critical:    Less critical
Where:       Local system
Impact:      Exposure of sensitive information
Released:    2008-10-14

Eric Beaulieu has reported a security issue in Websense, which can be
exploited by malicious, local users to disclose sensitive information.

Full Advisory:
http://secunia.com/advisories/32264/ 

 --

[SA32261] Microsoft Windows Ancillary Function Driver Privilege
Escalation

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2008-10-14

A vulnerability has been reported in Microsoft Windows, which can be
exploited by malicious, local users to gain escalated privileges.

Full Advisory:
http://secunia.com/advisories/32261/ 

 --

[SA32252] Lenovo Rescue and Recovery "tvtumon.sys" Privilege
Escalation

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2008-10-14

A vulnerability has been reported in Lenovo Rescue and Recovery, which
potentially can be exploited by malicious, local users to gain
escalated privileges.

Full Advisory:
http://secunia.com/advisories/32252/ 

 --

[SA32251] Microsoft Windows Virtual Address Descriptor Privilege
Escalation

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2008-10-14

A vulnerability has been reported in Microsoft Windows, which can be
exploited by malicious, local users to gain escalated privileges.

Full Advisory:
http://secunia.com/advisories/32251/ 

 --

[SA32247] Microsoft Windows Privilege Escalation Vulnerabilities

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation, DoS
Released:    2008-10-14

Some vulnerabilities have been reported in Microsoft Windows, which can
be exploited by malicious, local users to cause a DoS (Denial of
Service) or gain escalated privileges.

Full Advisory:
http://secunia.com/advisories/32247/ 


UNIX/Linux:--

[SA32282] Ubuntu update for lcms

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2008-10-15

Ubuntu has issued an update for lcms. This fixes a vulnerability, which
can be exploited by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/32282/ 

 --

[SA32280] Debian update for libxml2

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2008-10-15

Debian has issued an update for libxml2. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service) or potentially compromise an application using the library.

Full Advisory:
http://secunia.com/advisories/32280/ 

 --

[SA32275] Fedora update for drupal

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass, Manipulation of data, Exposure of
sensitive information
Released:    2008-10-16

Fedora has issued an update for drupal. This fixes some
vulnerabilities, which can be exploited by malicious users and
malicious people to bypass certain security restrictions.

Full Advisory:
http://secunia.com/advisories/32275/ 

 --

[SA32274] Ubuntu update for libexif

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2008-10-15

Ubuntu has issued an update for libexif. This fixes some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service) or compromise an application using the
library.

Full Advisory:
http://secunia.com/advisories/32274/ 

 --

[SA32273] Ubuntu update for exiv2

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2008-10-15

Ubuntu has issued an update for exiv2. This fixes some vulnerabilities,
which can be exploited by malicious people to cause a DoS (Denial of
Service) or potentially compromise an application using the library.

Full Advisory:
http://secunia.com/advisories/32273/ 

 --

[SA32266] Avaya AES / MX Apache Tomcat Multiple Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass, Cross Site Scripting, Exposure of system
information, Exposure of sensitive information
Released:    2008-10-14

Avaya has acknowledged some vulnerabilities in Avaya AES / MX, which
can be exploited by malicious, local users to bypass certain security
restrictions, by malicious users to disclose potentially sensitive
information, and by malicious people to conduct cross-site scripting
attacks, bypass certain security restrictions, or disclose sensitive
information.

Full Advisory:
http://secunia.com/advisories/32266/ 

 --

[SA32265] Avaya Products libxml2 XML Entity Name Buffer Overflow
Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2008-10-14

Avaya has acknowledged a vulnerability in various Avaya products, which
can be exploited by malicious people to cause a DoS (Denial of Service)
or potentially compromise an application using the library.

Full Advisory:
http://secunia.com/advisories/32265/ 

 --

[SA32263] Avaya Products vsftpd PAM Memory Leak Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2008-10-14

Avaya has acknowledged a vulnerability in various Avaya products, which
can be exploited by malicious people to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/32263/ 

 --

[SA32256] Debian update for ruby1.8

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass, DoS
Released:    2008-10-13

Debian has issued an update for ruby1.8. This fixes some
vulnerabilities, which can be exploited by malicious people to bypass
certain security restrictions or cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/32256/ 

 --

[SA32255] Debian update for ruby1.9

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass, DoS
Released:    2008-10-13

Debian has issued an update for ruby1.9. This fixes some
vulnerabilities, which can be exploited by malicious people to bypass
certain security restrictions or cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/32255/ 

 --

[SA32241] Avaya Products Red Hat Tampered OpenSSH Packages

Critical:    Moderately critical
Where:       From remote
Impact:      Unknown
Released:    2008-10-14

Avaya has acknowledged that a small number of OpenSSH packages have
been tampered with.

Full Advisory:
http://secunia.com/advisories/32241/ 

 --

[SA32232] Fedora update for condor

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass, DoS, System access
Released:    2008-10-10

Fedora has issued an update for condor. This fixes some
vulnerabilities, which can be exploited by malicious users to bypass
certain security restrictions, cause a DoS (Denial of Service), and
potentially compromise a vulnerable system, and by malicious people to
bypass certain security restrictions.

Full Advisory:
http://secunia.com/advisories/32232/ 

 --

[SA32222] Apple Mac OS X Security Update Fixes Multiple
Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass, Cross Site Scripting, Manipulation of
data, Exposure of system information, Exposure of sensitive
information, Privilege escalation, DoS, System access
Released:    2008-10-10

Apple has issued a security update for Mac OS X, which fixes multiple
vulnerabilities.

Full Advisory:
http://secunia.com/advisories/32222/ 

 --

[SA32219] Ubuntu update for ruby1.8

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass, Spoofing, DoS
Released:    2008-10-10

Ubuntu has issued an update for ruby1.8. This fixes some
vulnerabilities, which can be exploited by malicious people to bypass
certain security restrictions, cause a DoS (Denial of Service), and
conduct spoofing attacks.

Full Advisory:
http://secunia.com/advisories/32219/ 

 --

[SA32217] GForge Multiple SQL Injection Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data, Exposure of sensitive information
Released:    2008-10-13

Some vulnerabilities have been reported in Gforge, which can be
exploited by malicious people and users to conduct SQL injection
attacks.

Full Advisory:
http://secunia.com/advisories/32217/ 

 --

[SA32292] Ubuntu update for cups

Critical:    Moderately critical
Where:       From local network
Impact:      DoS, System access
Released:    2008-10-16

Ubuntu has issued an update for cups. This fixes some vulnerabilities,
which potentially can be exploited by malicious people to compromise a
vulnerable system.

Full Advisory:
http://secunia.com/advisories/32292/ 

 --

[SA32284] Fedora update for cups

Critical:    Moderately critical
Where:       From local network
Impact:      DoS, System access
Released:    2008-10-16

Fedora has issued an update for cups. This fixes some vulnerabilities,
which can be exploited by malicious people to compromise a vulnerable
system.

Full Advisory:
http://secunia.com/advisories/32284/ 

 --

[SA32283] Sun Solaris "sadmind" Buffer Overflow Vulnerability

Critical:    Moderately critical
Where:       From local network
Impact:      System access
Released:    2008-10-15

Adriano Lima has reported a vulnerability in Sun Solaris, which can be
exploited by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/32283/ 

 --

[SA32279] Fedora update for bluez-utils and bluez-libs

Critical:    Moderately critical
Where:       From local network
Impact:      DoS, System access
Released:    2008-10-16

Fedora has issued an update for bluez-utils and bluez-libs. This fixes
a vulnerability, which can be exploited by malicious people to cause a
DoS (Denial of Service) or to potentially compromise a user's system.

Full Advisory:
http://secunia.com/advisories/32279/ 

 --

[SA32226] CUPS Multiple Vulnerabilities

Critical:    Moderately critical
Where:       From local network
Impact:      DoS, System access
Released:    2008-10-10

Some vulnerabilities have been reported in CUPS, which potentially can
be exploited by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/32226/ 

 --

[SA32286] Fedora update for neon

Critical:    Less critical
Where:       From remote
Impact:      DoS
Released:    2008-10-16

Fedora has issued an update for neon. This fixes a vulnerability, which
can be exploited by malicious people to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/32286/ 

 --

[SA32254] Debian update for openldap

Critical:    Less critical
Where:       From local network
Impact:      DoS
Released:    2008-10-13

Debian has issued an update for openldap. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/32254/ 

 --

[SA32281] Ubuntu update for dbus

Critical:    Less critical
Where:       Local system
Impact:      Security Bypass, DoS
Released:    2008-10-15

Ubuntu has issued an update for dbus. This fixes a weakness and a
security issue, which can be exploited by malicious, local users to
cause a DoS (Denial of Service) and bypass certain security
restrictions.

Full Advisory:
http://secunia.com/advisories/32281/ 

 --

[SA32237] Debian update for linux-2.6

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation, DoS
Released:    2008-10-14

Debian has issued an update for linux-2.6. This fixes some
vulnerabilities, which can be exploited by malicious, local users to
cause a DoS (Denial of Service) and gain escalated privileges.

Full Advisory:
http://secunia.com/advisories/32237/ 

 --

[SA32231] Fedora update for postfix

Critical:    Less critical
Where:       Local system
Impact:      Exposure of sensitive information, Privilege escalation,
DoS
Released:    2008-10-10

Fedora has issued an update for postfix. This fixes some security
issues, which can be exploited by malicious, local users to disclose
potentially sensitive information, cause a DoS (Denial of Service), and
perform certain actions with escalated privileges.

Full Advisory:
http://secunia.com/advisories/32231/ 

 --

[SA32257] chm2pdf Insecure Temporary Directories

Critical:    Not critical
Where:       Local system
Impact:      Privilege escalation, DoS
Released:    2008-10-13

A security issue has been reported in chm2pdf, which can be exploited
by malicious, local users to perform certain actions with escalated
privileges or to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/32257/ 

 --

[SA32230] Fedora update for dbus

Critical:    Not critical
Where:       Local system
Impact:      DoS
Released:    2008-10-10

Fedora has issued an update for dbus. This fixes a weakness, which can
be exploited by malicious, local users to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/32230/ 

 --

[SA32228] Gentoo Portage Insecure Python Module Search Path Security
Issue

Critical:    Not critical
Where:       Local system
Impact:      Privilege escalation
Released:    2008-10-10

Gentoo has acknowledged a security issue in portage, which can be
exploited by malicious, local users to gain escalated privileges.

Full Advisory:
http://secunia.com/advisories/32228/ 


Other:--

[SA32259] Linksys WAP4400N Denial of Service and SNMPv3 Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Unknown, DoS
Released:    2008-10-14

Some vulnerabilities have been reported in Linksys WAP4400N, where one
has unknown impacts and the other can be exploited by malicious people
to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/32259/ 

 --

[SA32258] Telecom Italia Alice Routers Magic Packet Security Bypass

Critical:    Less critical
Where:       From local network
Impact:      Security Bypass
Released:    2008-10-16

saxdax and drpepperONE have reported a vulnerability in various Telecom
Italia Alice routers, which can be exploited by malicious people to
bypass certain security restrictions.

Full Advisory:
http://secunia.com/advisories/32258/ 


Cross Platform:--

[SA32301] BEA WebLogic Server Multiple Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      Security Bypass, DoS, System access
Released:    2008-10-15

Some vulnerabilities have been reported in BEA WebLogic Server, which
can be exploited by malicious users to bypass certain security
restrictions, and by malicious people to bypass certain security
restrictions and compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/32301/ 

 --

[SA32267] VLC Media Player XSPF Processing Memory Corruption
Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2008-10-15

A vulnerability has been reported by VLC Media Player, which
potentially can be exploited by malicious people to compromise a user's
system.

Full Advisory:
http://secunia.com/advisories/32267/ 

 --

[SA32227] Sun Java System Web Proxy Server Two Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2008-10-10

Two vulnerabilities have been reported in Sun Java System Web Proxy
Server, which can be exploited by malicious people to compromise a
vulnerable system.

Full Advisory:
http://secunia.com/advisories/32227/ 

 --

[SA32304] BEA WebLogic Server Multiple Authorizers Security Bypass

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass
Released:    2008-10-15

A vulnerability has been reported in BEA WebLogic Server, which can be
exploited by malicious people to bypass certain security restrictions.

Full Advisory:
http://secunia.com/advisories/32304/ 

 --

[SA32303] BEA WebLogic Workshop NetUI Pageflow Information Disclosure
Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Exposure of sensitive information
Released:    2008-10-15

A vulnerability has been reported in BEA WebLogic Workshop, which can
be exploited by malicious people to disclose potentially sensitive
information.

Full Advisory:
http://secunia.com/advisories/32303/ 

 --

[SA32302] BEA WebLogic Workshop NetUI Tags Information Disclosure
Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Exposure of sensitive information
Released:    2008-10-15

A vulnerability has been reported in BEA WebLogic Workshop, which can
be exploited by malicious people to disclose potentially sensitive
information.

Full Advisory:
http://secunia.com/advisories/32302/ 

 --

[SA32291] Oracle Products Multiple Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Unknown
Released:    2008-10-15

Some vulnerabilities with unknown impacts have been reported in various
Oracle products.

Full Advisory:
http://secunia.com/advisories/32291/ 

 --

[SA32290] AstroSPACES "id" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data, Exposure of sensitive information
Released:    2008-10-16

TurkishWarriorr has discovered a vulnerability in AstroSPACES, which
can be exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/32290/ 

 --

[SA32289] myWebland myStats SQL Injection and Security Bypass

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass, Manipulation of data
Released:    2008-10-16

JosS has discovered two vulnerabilities in myWebland myStats, which can
be exploited by malicious people to bypass certain security restrictions
and conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/32289/ 

 --

[SA32288] Webscene eCommerce "level" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data, Exposure of sensitive information
Released:    2008-10-15

Angela Chang has reported a vulnerability in Webscene eCommerce, which
can be exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/32288/ 

 --

[SA32287] HP Systems Insight Manager Unspecified Unauthorised Access

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass, Exposure of system information, Exposure
of sensitive information
Released:    2008-10-16

A vulnerability has been reported in HP Systems Insight Manager (SIM),
which can be exploited by malicious people to bypass certain security
restrictions.

Full Advisory:
http://secunia.com/advisories/32287/ 

 --

[SA32285] Drupal Shindig-Integrator Module Multiple Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Unknown, Security Bypass, Cross Site Scripting
Released:    2008-10-16

Some vulnerabilities have been reported in the Shindig-Integrator
module for Drupal, where some have an unknown impact, and others can be
exploited by malicious users to conduct script insertion attacks, and by
malicious people to bypass certain security restrictions.

Full Advisory:
http://secunia.com/advisories/32285/ 

 --

[SA32277] SweetCMS "page" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2008-10-16

Dapirates & underc have reported a vulnerability in SweetCMS, which can
be exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/32277/ 

 --

[SA32268] MyPHPDating "id" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data, Exposure of sensitive information
Released:    2008-10-15

Hakxer has reported a vulnerability in MyPHPDating (My PHP Dating),
which can be exploited by malicious people to conduct SQL injection
attacks.

Full Advisory:
http://secunia.com/advisories/32268/ 

 --

[SA32253] WordPress WP Comment Remix Plugin Multiple Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting, Manipulation of data
Released:    2008-10-15

g30rg3_x has reported some vulnerabilities in the WP Comment Remix
plugin for WordPress, which can be exploited by malicious people to
conduct cross-site request forgery, script insertion, and SQL injection
attacks.

Full Advisory:
http://secunia.com/advisories/32253/ 

 --

[SA32240] Joomla Ignite Gallery Component "gallery" SQL Injection

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data, Exposure of sensitive information
Released:    2008-10-13

H!tm@N has reported a vulnerability in the Ignite Gallery component for
Joomla!, which can be exploited by malicious people to conduct SQL
injection attacks.

Full Advisory:
http://secunia.com/advisories/32240/ 

 --

[SA32239] Joomla Mad4Joomla Mailforms Component "jid" SQL Injection

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data, Exposure of sensitive information
Released:    2008-10-13

H!tm@N has reported a vulnerability in the Mad4Joomla Mailforms
component for Joomla!, which can be exploited by malicious people to
conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/32239/ 

 --

[SA32235] Joomla OwnBiblio Component "catid" SQL Injection

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data, Exposure of sensitive information
Released:    2008-10-13

H!tm@N has discovered a vulnerability in the OwnBiblio component for
Joomla!, which can be exploited by malicious people to conduct SQL
injection attacks.

Full Advisory:
http://secunia.com/advisories/32235/ 

 --

[SA32225] Phorum BBcode Nested "img" Tags Script Insertion

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2008-10-14

Julian A. Rodriguez has reported a vulnerability in Phorum, which can
be exploited by malicious people to conduct script insertion attacks.

Full Advisory:
http://secunia.com/advisories/32225/ 

 --

[SA32223] Real Estates Classifieds "cat" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data, Exposure of sensitive information
Released:    2008-10-13

Hakxer has reported a vulnerability in Real Estates Classifieds, which
can be exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/32223/ 

 --

[SA32215] My PHP Indexer "d" File Disclosure Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Exposure of system information, Exposure of sensitive
information
Released:    2008-10-13

JosS has discovered a vulnerability in My PHP Indexer, which can be
exploited by malicious people to disclose sensitive information.

Full Advisory:
http://secunia.com/advisories/32215/ 

 --

[SA32214] NewLife Blogger "nlb3" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2008-10-13

Pepelux has reported a vulnerability in NewLife Blogger, which can be
exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/32214/ 

 --

[SA32278] Elxis mod_language.php Cross-Site Scripting Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2008-10-15

swappie aka faithlove has discovered a vulnerability in Elxis, which
can be exploited by malicious people to conduct cross-site scripting
attacks.

Full Advisory:
http://secunia.com/advisories/32278/ 

 --

[SA32276] Drupal Node Vote Module Vote Again SQL Injection

Critical:    Less critical
Where:       From remote
Impact:      Manipulation of data, Privilege escalation
Released:    2008-10-16

A vulnerability has been reported in the Node Vote module for Drupal,
which can be exploited by malicious users to conduct SQL injection
attacks.

Full Advisory:
http://secunia.com/advisories/32276/ 

 --

[SA32270] Adobe Flash Player Multiple Security Issues

Critical:    Less critical
Where:       From remote
Impact:      Security Bypass, Manipulation of data
Released:    2008-10-16

Some security issues have been reported in Adobe Flash Player, which
can be exploited by malicious people to bypass certain security
restrictions or manipulate certain data.

Full Advisory:
http://secunia.com/advisories/32270/ 

 --

[SA32243] Mantis Referenced Reports Information Disclosure Security
Issue

Critical:    Less critical
Where:       From remote
Impact:      Exposure of sensitive information
Released:    2008-10-14

A security issue has been reported in Mantis, which can be exploited by
malicious users to disclose potentially sensitive information.

Full Advisory:
http://secunia.com/advisories/32243/ 

 --

[SA32212] ScriptsEz Mini Hosting Panel "dir" File Disclosure

Critical:    Less critical
Where:       From remote
Impact:      Exposure of system information, Exposure of sensitive
information
Released:    2008-10-13

JosS has reported a vulnerability in ScriptsEz Mini Hosting Panel,
which can be exploited by malicious users to disclose sensitive
information.

Full Advisory:
http://secunia.com/advisories/32212/ 

 --

[SA32234] FUJITSU Interstage Products Apache Tomcat Security Bypass

Critical:    Not critical
Where:       From remote
Impact:      Security Bypass
Released:    2008-10-10

A security issue has been reported in various FUJITSU Interstage
products, which potentially can be exploited by malicious people to
bypass certain security restrictions.

Full Advisory:
http://secunia.com/advisories/32234/ 

 --

[SA32213] Apache Tomcat "RemoteFilterValve" Security Bypass Security
Issue

Critical:    Not critical
Where:       From remote
Impact:      Security Bypass
Released:    2008-10-13

A security issue has been reported in Apache Tomcat, which potentially
can be exploited by malicious people to bypass certain security
restrictions.

Full Advisory:
http://secunia.com/advisories/32213/ 



=======================================================================
Secunia recommends that you verify all advisories you receive,
by clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only use
those supplied by the vendor.

Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/ 

Subscribe:
http://secunia.com/advisories/weekly_summary/ 

Contact details:
Web	: http://secunia.com/ 
E-mail	: support@secunia.com 
Tel	: +45 70 20 51 44
Fax	: +45 70 20 51 45


__________________________________________________      
Register now for HITBSecConf2008 - Malaysia! With 
a new triple-track conference featuring 4 keynote 
speakers and over 35 international experts, this 
is the largest network security event in Asia and 
the Middle East! 
http://conference.hackinthebox.org/hitbsecconf2008kl/ 

Site design & layout copyright © 1986-2014 CodeGods