AOH :: IS1278.HTM

Secunia Weekly Summary - Issue: 2008-43




Secunia Weekly Summary - Issue: 2008-43
Secunia Weekly Summary - Issue: 2008-43



=======================================================================
                  The Secunia Weekly Advisory Summary                  
                        2008-10-16 - 2008-10-23                        

                       This week: 72 advisories                        

=======================================================================Table of Contents:

1.....................................................Word From Secunia
2....................................................This Week In Brief
3...............................This Weeks Top Ten Most Read Advisories
4.......................................Vulnerabilities Summary Listing
5.......................................Vulnerabilities Content Listing

=======================================================================1) Word From Secunia:

Do you need accurate and reliable IDS / IPS / AV detection rules?

Get in-depth vulnerability details:
http://secunia.com/binary_analysis/sample_analysis/ 

=======================================================================2) This Week in Brief:

Some vulnerabilities have been reported in Opera, which can be
exploited by malicious people to conduct script insertion attacks, to
bypass certain security restrictions, disclose potentially sensitive
information, or potentially to compromise a vulnerable system.

For more information, refer to:
http://secunia.com/advisories/32299/ 

 --

Some vulnerabilities and a weakness have been reported in Wireshark,
which can be exploited by malicious people to cause a DoS (Denial of
Service).

For more information, refer to:
http://secunia.com/advisories/32355/ 

 --

A vulnerability has been reported in VLC Media Player, which
potentially can be exploited by malicious people to compromise a user's
system.

For more information, refer to:
http://secunia.com/advisories/32339/ 

=======================================================================3) This Weeks Top Ten Most Read Advisories:

1.  [SA32270] Adobe Flash Player Multiple Security Issues
2.  [SA20153] Microsoft Word Malformed Object Pointer Vulnerability
3.  [SA32314] Mantis "sort" PHP Code Execution Vulnerability
4.  [SA32319] Hummingbird Xweb ActiveX Control "PlainTextPassword"
              Property Buffer Overflow
5.  [SA32316] SUSE Update for Multiple Packages
6.  [SA32299] Opera Multiple Vulnerabilities
7.  [SA31010] Sun Java JDK / JRE Multiple Vulnerabilities
8.  [SA32221] PhpWebGallery PHP Code Execution and SQL Injection
9.  [SA32311] Habari "habari_username" Cross-Site Scripting
              Vulnerability
10. [SA32248] Microsoft Windows IIS IPP Service Integer Overflow
              Vulnerability

=======================================================================4) Vulnerabilities Summary Listing

Windows:
[SA32337] Hummingbird Deployment Wizard ActiveX Control Insecure
Methods
[SA32319] Hummingbird Xweb ActiveX Control "PlainTextPassword" Property
Buffer Overflow
[SA32375] GoodTech SSH Server SFTP Processing Buffer Overflow
Vulnerability
[SA32364] Dorsa CMS "PageIDF" SQL Injection Vulnerability
[SA32366] freeSSHd Two Denial of Service Vulnerabilities
[SA32383] EMC NetWorker Products "nsrexecd.exe" Denial of Service

UNIX/Linux:
[SA32372] Red Hat update for ruby
[SA32371] Red Hat update for ruby
[SA32354] imlib2 Multiple Unspecified Vulnerabilities
[SA32351] Red Hat update for ruby
[SA32345] LightBlog Two Local File Inclusion Vulnerabilities
[SA32316] SUSE Update for Multiple Packages
[SA32306] Avaya Products libxml2 Denial of Service
[SA32370] SUSE update for kernel
[SA32331] Debian update for cupsys
[SA32362] Fedora update for php-Smarty 
[SA32330] Fedora update for mantis
[SA32313] Avaya Products bzip2 Denial of Service
[SA32346] nfs-utils TCP Wrappers NFS Netgroups Security Bypass
[SA32363] Fedora update for jhead
[SA32357] Ubuntu update for amarok
[SA32340] JHead "DoCommand()" Buffer Overflow Security Issue
[SA32335] Debian update for qemu
[SA32332] Veritas File System Information Disclosure Security Issues
[SA32320] Linux Kernel "splice()" O_APPEND Bypass and I915 Privilege
Escalation
[SA32315] Debian update for linux-2.6
[SA32349] Red Hat update for ed
[SA32385] Debian update for dbus
[SA32356] SUSE update for kernel
[SA32344] Linux Kernel Denial of Service and Privilege Escalation

Other:
[SA32392] Cisco ASA Crypto Accelerator Memory Leak
[SA32391] Cisco ASA and PIX IPv6 Denial of Service
[SA32360] Cisco ASA and PIX VPN Authentication Bypass

Cross Platform:
[SA32380] Iamma Simple Gallery File Upload Vulnerability
[SA32361] Snoopy "_httpsrequest()" Shell Command Execution
Vulnerability
[SA32352] F-Secure Products RPM Parsing Integer Overflow Vulnerability
[SA32339] VLC Media Player TY Processing Buffer Overflow Vulnerability
[SA32328] Fast Click SQL Lite "CFG[CDIR]" File Inclusion Vulnerability
[SA32379] phpcrs "importFunction" Local File Inclusion Vulnerability
[SA32378] LoudBlog "colpick" SQL Injection Vulnerability
[SA32377] Joomla ionFiles Component "file" Information Disclosure
[SA32369] TYPO3 simplesurvey Extension SQL Injection Vulnerability
[SA32368] IBM DB2 Multiple Vulnerabilities
[SA32355] Wireshark Multiple Denial of Service Vulnerabilities
[SA32347] XOOPS Makale Module "id" SQL Injection Vulnerability
[SA32342] TYPO3 dmmjobcontrol Extension SQL Injection Vulnerability
[SA32341] TikiWiki CMS/Groupware Two Unspecified Vulnerabilities
[SA32338] WebSVN File Overwrite and Cross-Site Scripting
[SA32336] WordPress Newsletter Plugin "newsletter" SQL Injection
[SA32334] phpFastNews "fn-loggedin" Cookie Security Bypass
[SA32333] Zeeproperty "adid" SQL Injection Vulnerability
[SA32325] yappa-ng "album" Local File Inclusion Vulnerability
[SA32323] Woltlab Burning Board rGallery "itemID" SQL Injection
Vulnerability
[SA32321] Joomla DS-Syndicate Component "feed_id" SQL Injection
[SA32318] MUSCLE "Message::AddToString()" Buffer Overflow
Vulnerability
[SA32317] RealVNC VNC Viewer "CMsgReader::readRect()" Encoding Type
Vulnerability
[SA32314] Mantis "sort" PHP Code Execution Vulnerability
[SA32312] PokerMax Pro Poker League "ValidUserAdmin" Cookie Security
Bypass
[SA32310] Mic_Blog Multiple SQL Injection Vulnerabilities
[SA32309] Mosaic Commerce "cid" SQL Injection Vulnerability
[SA32308] CafeEngine "id" Two SQL Injection Vulnerabilities
[SA32307] EasyCafeEngine "itemid" SQL Injection Vulnerability
[SA32388] Drupal Localization client Module Cross-Site Request Forgery
[SA32353] cpCommerce Multiple Cross-Site Scripting Vulnerabilities
[SA32350] FlashChat "s" Security Bypass
[SA32348] MyNETS Cross-Site Scripting Vulnerability
[SA32329] Smarty "_expand_quoted_text()" Security Bypass Vulnerability
[SA32324] Vivvo CMS Unspecified Cross-Site Request Forgery
Vulnerability
[SA32322] e107 "ue[]" SQL Injection Vulnerability
[SA32311] Habari "habari_username" Cross-Site Scripting Vulnerability
[SA32305] Movable Type Unspecified Cross-Site Scripting Vulnerability
[SA32389] Drupal Virtual Hosts Local File Inclusion

=======================================================================5) Vulnerabilities Content Listing

Windows:--

[SA32337] Hummingbird Deployment Wizard ActiveX Control Insecure
Methods

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2008-10-20

shinnai has discovered some vulnerabilities in Hummingbird Deployment
Wizard, which can be exploited by malicious people to compromise a
user's system.

Full Advisory:
http://secunia.com/advisories/32337/ 

 --

[SA32319] Hummingbird Xweb ActiveX Control "PlainTextPassword" Property
Buffer Overflow

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2008-10-17

Thomas Pollet has reported a vulnerability in Hummingbird Xweb ActiveX
Control, which potentially can be exploited by malicious people to
compromise a user's system.

Full Advisory:
http://secunia.com/advisories/32319/ 

 --

[SA32375] GoodTech SSH Server SFTP Processing Buffer Overflow
Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2008-10-23

r0ut3r has discovered a vulnerability in GoodTech SSH Server, which can
be exploited by malicious users to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/32375/ 

 --

[SA32364] Dorsa CMS "PageIDF" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data, Exposure of sensitive information
Released:    2008-10-23

syst3m_f4ult has reported a vulnerability in Dorsa CMS, which can be
exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/32364/ 

 --

[SA32366] freeSSHd Two Denial of Service Vulnerabilities

Critical:    Less critical
Where:       From remote
Impact:      DoS
Released:    2008-10-23

Jeremy Brown has discovered two vulnerabilities in freeSSHd, which can
be exploited by malicious users to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/32366/ 

 --

[SA32383] EMC NetWorker Products "nsrexecd.exe" Denial of Service

Critical:    Less critical
Where:       From local network
Impact:      DoS
Released:    2008-10-23

A vulnerability has been reported in several EMC NetWorker Products,
which can be exploited by malicious people to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/32383/ 


UNIX/Linux:--

[SA32372] Red Hat update for ruby

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass, DoS
Released:    2008-10-22

Red Hat has issued an update for ruby. This fixes some vulnerabilities,
which can be exploited by malicious people to bypass certain security
restrictions or cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/32372/ 

 --

[SA32371] Red Hat update for ruby

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass, Spoofing, DoS
Released:    2008-10-22

Red Hat has issued an update for ruby. This fixes some vulnerabilities,
which can be exploited by malicious people to bypass certain security
restrictions, cause a DoS (Denial of Service), and conduct spoofing
attacks.

Full Advisory:
http://secunia.com/advisories/32371/ 

 --

[SA32354] imlib2 Multiple Unspecified Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Unknown
Released:    2008-10-23

Some vulnerabilities with unknown impact have been reported in imlib2.

Full Advisory:
http://secunia.com/advisories/32354/ 

 --

[SA32351] Red Hat update for ruby

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass, Spoofing, DoS
Released:    2008-10-22

Red Hat has issued an update for ruby. This fixes some vulnerabilities,
which can be exploited by malicious people to bypass certain security
restrictions, cause a DoS (Denial of Service), and conduct spoofing
attacks.

Full Advisory:
http://secunia.com/advisories/32351/ 

 --

[SA32345] LightBlog Two Local File Inclusion Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Exposure of system information, Exposure of sensitive
information
Released:    2008-10-22

JosS has discovered two vulnerabilities in LightBlog, which can be
exploited by malicious people to disclose sensitive information.

Full Advisory:
http://secunia.com/advisories/32345/ 

 --

[SA32316] SUSE Update for Multiple Packages

Critical:    Moderately critical
Where:       From remote
Impact:      Exposure of sensitive information, Privilege escalation,
DoS, System access
Released:    2008-10-17

SUSE has issued an update for multiple packages. This fixes some
vulnerabilities, which can be exploited by malicious people to disclose
sensitive information, cause a DoS (Denial of Service) or compromise a
vulnerable system or by malicious, local users to cause a DoS (Denial
of Service) or gain escalated privileges.

Full Advisory:
http://secunia.com/advisories/32316/ 

 --

[SA32306] Avaya Products libxml2 Denial of Service

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2008-10-17

Avaya has acknowledged a vulnerability in various Avaya products, which
can be exploited by malicious people to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/32306/ 

 --

[SA32370] SUSE update for kernel

Critical:    Moderately critical
Where:       From local network
Impact:      Exposure of sensitive information, Privilege escalation,
DoS
Released:    2008-10-22

SUSE has issued an update for the kernel. This fixes some
vulnerabilities, which can be exploited by malicious, local users to
cause a DoS (Denial of Service), disclose potentially sensitive
information, and gain escalated privileges, and by malicious people to
cause a DoS.

Full Advisory:
http://secunia.com/advisories/32370/ 

 --

[SA32331] Debian update for cupsys

Critical:    Moderately critical
Where:       From local network
Impact:      DoS, System access
Released:    2008-10-21

Debian has issued an update for cupsys. This fixes some
vulnerabilities, which potentially can be exploited by malicious people
to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/32331/ 

 --

[SA32362] Fedora update for php-Smarty 

Critical:    Less critical
Where:       From remote
Impact:      Security Bypass
Released:    2008-10-22

Fedora has issued an update for php-smarty. This fixes a vulnerability,
which can be exploited by malicious people to bypass certain security
restrictions.

Full Advisory:
http://secunia.com/advisories/32362/ 

 --

[SA32330] Fedora update for mantis

Critical:    Less critical
Where:       From remote
Impact:      Exposure of sensitive information
Released:    2008-10-21

Fedora has issued an update for mantis. This fixes a vulnerability,
which can be exploited by malicious users to disclose potentially
sensitive information.

Full Advisory:
http://secunia.com/advisories/32330/ 

 --

[SA32313] Avaya Products bzip2 Denial of Service

Critical:    Less critical
Where:       From remote
Impact:      DoS
Released:    2008-10-17

Avaya has acknowledged a vulnerability in various Avaya products, which
can be exploited by malicious people to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/32313/ 

 --

[SA32346] nfs-utils TCP Wrappers NFS Netgroups Security Bypass

Critical:    Less critical
Where:       From local network
Impact:      Security Bypass
Released:    2008-10-20

A security issue has been reported in nfs-utils, which can be exploited
by malicious people to bypass certain security restrictions.

Full Advisory:
http://secunia.com/advisories/32346/ 

 --

[SA32363] Fedora update for jhead

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2008-10-21

Fedora has issued an update for jhead. This fixes a security issue,
which potentially can be exploited by malicious, local users to gain
escalated privileges.

Full Advisory:
http://secunia.com/advisories/32363/ 

 --

[SA32357] Ubuntu update for amarok

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2008-10-22

Ubuntu has issued an update for amarok. This fixes a vulnerability,
which can be exploited by malicious, local users to perform certain
actions with escalated privileges.

Full Advisory:
http://secunia.com/advisories/32357/ 

 --

[SA32340] JHead "DoCommand()" Buffer Overflow Security Issue

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2008-10-21

A security issue has been reported in JHead, which potentially can be
exploited by malicious, local users to gain escalated privileges.

Full Advisory:
http://secunia.com/advisories/32340/ 

 --

[SA32335] Debian update for qemu

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2008-10-22

Debian has issued an update for qemu. This fixes a vulnerability, which
can be exploited by malicious, local users to perform certain actions
with escalated privileges.

Full Advisory:
http://secunia.com/advisories/32335/ 

 --

[SA32332] Veritas File System Information Disclosure Security Issues

Critical:    Less critical
Where:       Local system
Impact:      Exposure of system information, Exposure of sensitive
information
Released:    2008-10-21

Two security issues have been reported in Veritas File System, which
can be exploited by malicious, local users to disclose sensitive
information.

Full Advisory:
http://secunia.com/advisories/32332/ 

 --

[SA32320] Linux Kernel "splice()" O_APPEND Bypass and I915 Privilege
Escalation

Critical:    Less critical
Where:       Local system
Impact:      Security Bypass, Privilege escalation
Released:    2008-10-20

A weakness and a vulnerability have been reported in the Linux kernel,
which can be exploited by malicious, local users to bypass certain
security restrictions and potentially gain escalated privileges.

Full Advisory:
http://secunia.com/advisories/32320/ 

 --

[SA32315] Debian update for linux-2.6

Critical:    Less critical
Where:       Local system
Impact:      Exposure of sensitive information, Privilege escalation,
DoS
Released:    2008-10-20

Debian has issued an update for linux 2.6. This fixes some
vulnerabilities, which can be exploited by malicious, local users to
gain escalated privileges, cause a DoS (Denial of Service) or disclose
sensitive information.

Full Advisory:
http://secunia.com/advisories/32315/ 

 --

[SA32349] Red Hat update for ed

Critical:    Not critical
Where:       From remote
Impact:      System access
Released:    2008-10-22

Red Hat has issued an update for ed. This fixes a security issue, which
can be exploited by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/32349/ 

 --

[SA32385] Debian update for dbus

Critical:    Not critical
Where:       Local system
Impact:      DoS
Released:    2008-10-23

Debian has issued an update for dbus. This fixes a weakness, which can
be exploited by malicious, local users to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/32385/ 

 --

[SA32356] SUSE update for kernel

Critical:    Not critical
Where:       Local system
Impact:      Privilege escalation, DoS
Released:    2008-10-21

SUSE has issued an update for the kernel. This fixes a security issue
and a vulnerability, which can be exploited by malicious, local users
to cause a DoS (Denial of Service) and gain escalated privileges.

Full Advisory:
http://secunia.com/advisories/32356/ 

 --

[SA32344] Linux Kernel Denial of Service and Privilege Escalation

Critical:    Not critical
Where:       Local system
Impact:      Privilege escalation, DoS
Released:    2008-10-20

Some vulnerabilities have been reported in the Linux kernel, which can
be exploited by malicious, local users to cause a DoS (Denial of
Service) and gain escalated privileges.

Full Advisory:
http://secunia.com/advisories/32344/ 


Other:--

[SA32392] Cisco ASA Crypto Accelerator Memory Leak

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2008-10-23

A vulnerability has been reported in Cisco ASA appliances, which can be
exploited by malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/32392/ 

 --

[SA32391] Cisco ASA and PIX IPv6 Denial of Service

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2008-10-23

A vulnerability has been reported in Cisco ASA and PIX appliances,
which can be exploited by malicious people to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/32391/ 

 --

[SA32360] Cisco ASA and PIX VPN Authentication Bypass

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass
Released:    2008-10-23

A vulnerability has been reported in Cisco ASA and PIX appliances,
which can be exploited by malicious people to bypass certain security
restrictions.

Full Advisory:
http://secunia.com/advisories/32360/ 


Cross Platform:--

[SA32380] Iamma Simple Gallery File Upload Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2008-10-23

X0r has discovered a vulnerability in Iamma Simple Gallery, which can
be exploited by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/32380/ 

 --

[SA32361] Snoopy "_httpsrequest()" Shell Command Execution
Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2008-10-23

A vulnerability has been discovered in Snoopy, which can be exploited
by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/32361/ 

 --

[SA32352] F-Secure Products RPM Parsing Integer Overflow Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2008-10-21

A vulnerability has been reported in various F-Secure products, which
potentially can be exploited by malicious people to compromise a
vulnerable system.

Full Advisory:
http://secunia.com/advisories/32352/ 

 --

[SA32339] VLC Media Player TY Processing Buffer Overflow Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2008-10-20

A vulnerability has been reported in VLC Media Player, which
potentially can be exploited by malicious people to compromise a user's
system.

Full Advisory:
http://secunia.com/advisories/32339/ 

 --

[SA32328] Fast Click SQL Lite "CFG[CDIR]" File Inclusion Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2008-10-20

NoGe has discovered a vulnerability in Fast Click SQL Lite, which can 
be exploited by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/32328/ 

 --

[SA32379] phpcrs "importFunction" Local File Inclusion Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Exposure of system information, Exposure of sensitive
information
Released:    2008-10-23

Pepelux has discovered a vulnerability in phpcrs, which can be
exploited by malicious people to disclose sensitive information.

Full Advisory:
http://secunia.com/advisories/32379/ 

 --

[SA32378] LoudBlog "colpick" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data, Exposure of sensitive information
Released:    2008-10-23

Xianur0 has discovered a vulnerability in LoudBlog, which can be
exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/32378/ 

 --

[SA32377] Joomla ionFiles Component "file" Information Disclosure

Critical:    Moderately critical
Where:       From remote
Impact:      Exposure of system information, Exposure of sensitive
information
Released:    2008-10-23

Vrs-hCk has discovered a vulnerability in the ionFiles component for
Joomla!, which can be exploited by malicious people to disclose
sensitive information.

Full Advisory:
http://secunia.com/advisories/32377/ 

 --

[SA32369] TYPO3 simplesurvey Extension SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2008-10-21

A vulnerability has been reported in the Simple survey (simplesurvey)
extension for TYPO3, which can be exploited by malicious people to
conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/32369/ 

 --

[SA32368] IBM DB2 Multiple Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Unknown, Exposure of sensitive information, DoS
Released:    2008-10-22

Some vulnerabilities have been reported in IBM DB2, where some have an
unknown impact and others can be exploited by malicious people to cause
a DoS (Denial of Service) and disclose potentially sensitive
information.

Full Advisory:
http://secunia.com/advisories/32368/ 

 --

[SA32355] Wireshark Multiple Denial of Service Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2008-10-21

Some vulnerabilities and a weakness have been reported in Wireshark,
which can be exploited by malicious people to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/32355/ 

 --

[SA32347] XOOPS Makale Module "id" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data, Exposure of sensitive information
Released:    2008-10-21

EcHoLL has discovered a vulnerability in the Makale module for XOOPS,
which can be exploited by malicious people to conduct SQL injection
attacks.

Full Advisory:
http://secunia.com/advisories/32347/ 

 --

[SA32342] TYPO3 dmmjobcontrol Extension SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2008-10-21

A vulnerability has been reported in the JobControl (dmmjobcontrol)
extension for TYPO3, which can be exploited by malicious people to
conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/32342/ 

 --

[SA32341] TikiWiki CMS/Groupware Two Unspecified Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Unknown
Released:    2008-10-22

Two vulnerabilities with unknown impact have been reported in TikiWiki
CMS/Groupware.

Full Advisory:
http://secunia.com/advisories/32341/ 

 --

[SA32338] WebSVN File Overwrite and Cross-Site Scripting

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting, Manipulation of data
Released:    2008-10-23

James Bercegay has reported two vulnerabilities in WebSVN, which can be
exploited by malicious people to conduct cross-site scripting attacks
and manipulate data.

Full Advisory:
http://secunia.com/advisories/32338/ 

 --

[SA32336] WordPress Newsletter Plugin "newsletter" SQL Injection

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data, Exposure of sensitive information
Released:    2008-10-22

r45c4l has reported a vulnerability in the Newsletter plugin for
WordPress, which can be exploited by malicious people to conduct SQL
injection attacks.

Full Advisory:
http://secunia.com/advisories/32336/ 

 --

[SA32334] phpFastNews "fn-loggedin" Cookie Security Bypass

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass
Released:    2008-10-20

Qabandi has discovered a vulnerability in phpFastNews, which can be
exploited by malicious people to bypass certain security restrictions.

Full Advisory:
http://secunia.com/advisories/32334/ 

 --

[SA32333] Zeeproperty "adid" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data, Exposure of sensitive information
Released:    2008-10-20

Hussin X has reported a vulnerability in Zeeproperty, which can be
exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/32333/ 

 --

[SA32325] yappa-ng "album" Local File Inclusion Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Exposure of system information, Exposure of sensitive
information
Released:    2008-10-20

Vrs-hCk has discovered a vulnerability in yappa-ng, which can be
exploited by malicious people to disclose sensitive information.

Full Advisory:
http://secunia.com/advisories/32325/ 

 --

[SA32323] Woltlab Burning Board rGallery "itemID" SQL Injection
Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data, Exposure of sensitive information
Released:    2008-10-20

Five-Three-Nine has reported a vulnerability in the rGallery plugin for
WoltLab Burning Board, which can be exploited by malicious people to
conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/32323/ 

 --

[SA32321] Joomla DS-Syndicate Component "feed_id" SQL Injection

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2008-10-20

boom3rang has discovered a vulnerability in the DS-Syndicate component
for Joomla!, which can be exploited by malicious people to conduct SQL
injection attacks.

Full Advisory:
http://secunia.com/advisories/32321/ 

 --

[SA32318] MUSCLE "Message::AddToString()" Buffer Overflow
Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2008-10-20

A vulnerability has been discovered in MUSCLE, which can be exploited
by malicious people to cause a DoS (Denial of Service) or compromise an
application using the library.

Full Advisory:
http://secunia.com/advisories/32318/ 

 --

[SA32317] RealVNC VNC Viewer "CMsgReader::readRect()" Encoding Type
Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2008-10-20

A vulnerability has been discovered in RealVNC VNC Viewer, which can
potentially be exploited by malicious people to compromise a user's
system.

Full Advisory:
http://secunia.com/advisories/32317/ 

 --

[SA32314] Mantis "sort" PHP Code Execution Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2008-10-17

EgiX has discovered a vulnerability in Mantis, which can be exploited
by malicious users to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/32314/ 

 --

[SA32312] PokerMax Pro Poker League "ValidUserAdmin" Cookie Security
Bypass

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass
Released:    2008-10-17

DaRkLiFe has discovered a vulnerability in PokerMax Pro Poker League,
which can be exploited by malicious people to bypass certain security
restrictions.

Full Advisory:
http://secunia.com/advisories/32312/ 

 --

[SA32310] Mic_Blog Multiple SQL Injection Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data, Exposure of sensitive information
Released:    2008-10-21

StAkeR has reported some vulnerabilities in Mic_Blog (mic blog), which
can be exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/32310/ 

 --

[SA32309] Mosaic Commerce "cid" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data, Exposure of sensitive information
Released:    2008-10-21

Ali Abbasi has reported a vulnerability in Mosaic Commerce, which can
be exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/32309/ 

 --

[SA32308] CafeEngine "id" Two SQL Injection Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2008-10-17

0xFFFFFF has reported two vulnerabilities in CafeEngine, which can be
exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/32308/ 

 --

[SA32307] EasyCafeEngine "itemid" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2008-10-17

0xFFFFFF has reported a vulnerability in EasyCafeEngine (Easy Cafe
Engine), which can be exploited by malicious people to conduct SQL
injection attacks.

Full Advisory:
http://secunia.com/advisories/32307/ 

 --

[SA32388] Drupal Localization client Module Cross-Site Request Forgery

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting, Manipulation of data
Released:    2008-10-23

A vulnerability has been reported in the Localization client module for
Drupal, which can be exploited by malicious people to conduct cross-site
request forgery attacks.

Full Advisory:
http://secunia.com/advisories/32388/ 

 --

[SA32353] cpCommerce Multiple Cross-Site Scripting Vulnerabilities

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2008-10-20

Some vulnerabilities have been reported in cpCommerce, which can be
exploited by malicious people to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/32353/ 

 --

[SA32350] FlashChat "s" Security Bypass

Critical:    Less critical
Where:       From remote
Impact:      Security Bypass
Released:    2008-10-22

eLiSiA has discovered a vulnerability in FlashChat, which can be
exploited by malicious users to bypass certain security restrictions.

Full Advisory:
http://secunia.com/advisories/32350/ 

 --

[SA32348] MyNETS Cross-Site Scripting Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2008-10-20

A vulnerability has been reported in MyNETS, which can be exploited by
malicious people to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/32348/ 

 --

[SA32329] Smarty "_expand_quoted_text()" Security Bypass Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Security Bypass
Released:    2008-10-22

A vulnerability has been reported in Smarty, which can be exploited by
malicious people to bypass certain security restrictions.

Full Advisory:
http://secunia.com/advisories/32329/ 

 --

[SA32324] Vivvo CMS Unspecified Cross-Site Request Forgery
Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Hijacking
Released:    2008-10-20

A vulnerability has been reported in Vivvo CMS, which can be exploited
by malicious people to conduct cross-site request forgery attacks.

Full Advisory:
http://secunia.com/advisories/32324/ 

 --

[SA32322] e107 "ue[]" SQL Injection Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Manipulation of data, Exposure of sensitive information
Released:    2008-10-20

__GiReX__ has discovered a vulnerability in e107, which can be
exploited by malicious users to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/32322/ 

 --

[SA32311] Habari "habari_username" Cross-Site Scripting Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2008-10-17

swappie has discovered a vulnerability in Habari, which can be
exploited by malicious people to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/32311/ 

 --

[SA32305] Movable Type Unspecified Cross-Site Scripting Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2008-10-20

A vulnerability has been reported in Movable Type, which can be
exploited by malicious people to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/32305/ 

 --

[SA32389] Drupal Virtual Hosts Local File Inclusion

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2008-10-23

A vulnerability has been reported in Drupal, which can potentially be
exploited by malicious, local users to gain escalated privileges.

Full Advisory:
http://secunia.com/advisories/32389/ 



=======================================================================
Secunia recommends that you verify all advisories you receive,
by clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only use
those supplied by the vendor.

Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/ 

Subscribe:
http://secunia.com/advisories/weekly_summary/ 

Contact details:
Web	: http://secunia.com/ 
E-mail	: support@secunia.com 
Tel	: +45 70 20 51 44
Fax	: +45 70 20 51 45


__________________________________________________      
Register now for HITBSecConf2008 - Malaysia! With 
a new triple-track conference featuring 4 keynote 
speakers and over 35 international experts, this 
is the largest network security event in Asia and 
the Middle East! 
http://conference.hackinthebox.org/hitbsecconf2008kl/ 

Site design & layout copyright © 1986-2014 CodeGods