AOH :: IS1308.HTM

Secunia Weekly Summary - Issue: 2008-44




Secunia Weekly Summary - Issue: 2008-44
Secunia Weekly Summary - Issue: 2008-44



=======================================================================
                  The Secunia Weekly Advisory Summary                  
                        2008-10-23 - 2008-10-30                        

                       This week: 64 advisories                        

=======================================================================Table of Contents:

1.....................................................Word From Secunia
2....................................................This Week In Brief
3...............................This Weeks Top Ten Most Read Advisories
4.......................................Vulnerabilities Summary Listing
5.......................................Vulnerabilities Content Listing

=======================================================================1) Word From Secunia:

Do you need accurate and reliable IDS / IPS / AV detection rules?

Get in-depth vulnerability details:
http://secunia.com/binary_analysis/sample_analysis/ 

=======================================================================2) This Week in Brief:

A vulnerability has been reported in Microsoft Windows, which can be
exploited by malicious people to compromise a vulnerable system.

For more information, refer to:
http://secunia.com/advisories/32326/ 

 --

Some vulnerabilities have been reported in OpenOffice, which
potentially can be exploited by malicious people to compromise a user's
system.

For more information, refer to:
http://secunia.com/advisories/32419/ 

 --

Multiple vulnerabilities have been discovered in Adobe PageMaker, which
can be exploited by malicious people to compromise a user's system.

For more information, refer to:
http://secunia.com/advisories/27200/ 

 --

Some vulnerabilities have been reported in Opera, which can be
exploited by malicious people to conduct cross-site scripting attacks
or potentially to compromise a user's system.

For more information, refer to:
http://secunia.com/advisories/32452/ 

=======================================================================3) This Weeks Top Ten Most Read Advisories:

1.  [SA32452] Opera Command Execution and Cross-Site Scripting
2.  [SA32470] Quassel IRC CTCP Command Injection Vulnerability
3.  [SA32465] IBM Tivoli Storage Manager Client Buffer Overflow
              Vulnerability
4.  [SA32466] IBM Lotus Connections Multiple Vulnerabilities
5.  [SA32272] Typo SQL Injection and Script Insertion Vulnerabilities
6.  [SA32468] Dorsa CMS "search" Cross-Site Scripting Vulnerability
7.  [SA28083] Adobe Flash Player Multiple Vulnerabilities
8.  [SA32467] Harlandscripts Pro Traffic One "trg" SQL Injection
              Vulnerability
9.  [SA32326] Microsoft Windows Path Canonicalisation Vulnerability
10. [SA31010] Sun Java JDK / JRE Multiple Vulnerabilities

=======================================================================4) Vulnerabilities Summary Listing

Windows:
[SA32455] Blaze Media Pro NMSDVDX ActiveX Control Insecure Methods
[SA32411] TUGzip .zip File Buffer Overflow Vulnerability
[SA32414] Persia BME E-Catalogue "q" SQL Injection
[SA32409] Ocean12 Products .mdb Database Disclosure Security Issues
[SA32395] Novell eDirectory NCP Unspecified Vulnerability
[SA32444] Citrix Web Interface Improper Session Termination Security
Issue

UNIX/Linux:
[SA32461] Debian update for openoffice.org 
[SA32436] Red Hat update for java-1.6.0-ibm
[SA32402] Ads Pro "page" Command Execution Vulnerability
[SA32400] Ubuntu update for moodle
[SA32394] SUSE Update for Multiple Packages
[SA32454] rPath update for pcre
[SA32453] rPath update for libxslt
[SA32448] Red Hat update for flash-plugin
[SA32447] KTorrent 2 Web Interface Torrent Upload and PHP Code
Injection
[SA32442] KTorrent Web Interface Torrent Upload and PHP Code Injection
[SA32437] Red Hat update for java-1.5.0-ibm
[SA32430] Venalsur Booking Centre SQL Injection and Cross-Site
Scripting
[SA32424] Debian update for clamav
[SA32401] NetBSD ICMPv6 "Packet Too Big" MTU Denial of Service
Vulnerability
[SA32396] Debian update for libspf2
[SA32471] Fedora update for dovecot
[SA32446] Ubuntu update for moodle
[SA32441] Fedora update for drupal
[SA32475] Fedora update for libtirpc
[SA32406] NetBSD IPv6 Neighbor Discovery Protocol Neighbor Solicitation
Vulnerability
[SA32403] libtirpc "__rpc_taddr2uaddr_af()" Denial of Service
Vulnerability
[SA32420] JHead "DoCommand()" Shell Command Injection Security Issue
[SA32393] Ubuntu update for linux
[SA32460] Fedora update for ed
[SA32416] Red Hat update for lynx
[SA32407] Lynx Insecure ".mailcap" and ".mime.types" Search Path
Weakness

Other:


Cross Platform:
[SA32452] Opera Command Execution and Cross-Site Scripting
[SA32433] H2O-CMS Cookie Security Bypass and Code Execution
Vulnerabilities
[SA32419] OpenOffice WMF and EMF Processing Buffer Overflows
[SA32412] NEPT Image Uploader uploadp.php File Upload Vulnerability
[SA32467] Harlandscripts Pro Traffic One "trg" SQL Injection
Vulnerability
[SA32466] IBM Lotus Connections Multiple Vulnerabilities
[SA32451] MyBB Multiple Vulnerabilities
[SA32443] SUSE update for kernel
[SA32439] phplist "connector.php" File Extension Validation
Vulnerability
[SA32438] WebGUI "loadModule()" Arbitrary Perl Code Execution
Vulnerability
[SA32431] All In One Control Panel (AIOCP) "poll_id" SQL Injection
[SA32427] tlAds "tlAds_login" Cookie Security Bypass
[SA32422] H&H WebSoccer "id" SQL Injection Vulnerability
[SA32413] Aj Square RSS Reader "url" SQL Injection Vulnerability
[SA32410] KVIrc "irc://" URI Handling Format String Vulnerability
[SA32408] PHP-Daily File Disclosure and SQL Injection Vulnerabilities
[SA32405] tlNews "tlNews_login" Cookie Security Bypass
[SA32404] SiteEngine SQL Injection and Information Disclosure
Vulnerabilities
[SA32397] SFS Ez Forum  "forum" SQL Injection Vulnerability
[SA32465] IBM Tivoli Storage Manager Client Buffer Overflow
Vulnerability
[SA32456] Eaton MGE Network Shutdown Module Arbitrary Command Execution
Vulnerability
[SA32470] Quassel IRC CTCP Command Injection Vulnerability
[SA32469] Saba "username" Cross-Site Scripting Vulnerability
[SA32468] Dorsa CMS "search" Cross-Site Scripting Vulnerability
[SA32457] Kmita Catalogue "q" Cross-Site Scripting Vulnerability
[SA32449] phpMyAdmin "db" Cross-Site Scripting Vulnerability
[SA32445] Kmita Gallery "begin" and "searchtext" Cross-Site Scripting
Vulnerabilities
[SA32432] MyKtools "langage" Local File Inclusion
[SA32429] iPei Guestbook "pg" Cross-Site Scripting Vulnerability
[SA32417] Smarty "regex_replace" Modifier Template Security Bypass
[SA32399] ClipShare "title" Cross-Site Scripting Vulnerability
[SA32418] libpng "png_handle_tEXt()" Memory Leak Vulnerability

=======================================================================5) Vulnerabilities Content Listing

Windows:--

[SA32455] Blaze Media Pro NMSDVDX ActiveX Control Insecure Methods

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2008-10-28

A vulnerability has been reported in Blaze Media Pro, which can be
exploited by malicious people to potentially compromise a user's
system.

Full Advisory:
http://secunia.com/advisories/32455/ 

 --

[SA32411] TUGzip .zip File Buffer Overflow Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2008-10-28

Stefan Marin has discovered a vulnerability in TUGzip, which can be
exploited by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/32411/ 

 --

[SA32414] Persia BME E-Catalogue "q" SQL Injection

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data, Exposure of sensitive information
Released:    2008-10-29

AmnPardaz Security Research Team have reported a vulnerability in
Persia BME E-Catalogue, which can be exploited by malicious people to
conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/32414/ 

 --

[SA32409] Ocean12 Products .mdb Database Disclosure Security Issues

Critical:    Moderately critical
Where:       From remote
Impact:      Exposure of sensitive information
Released:    2008-10-28

Pouya_Server has reported some security issues in multiple Ocean12
products, which can be exploited by malicious people to disclose
potentially sensitive information.

Full Advisory:
http://secunia.com/advisories/32409/ 

 --

[SA32395] Novell eDirectory NCP Unspecified Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Unknown
Released:    2008-10-28

A vulnerability with an unknown impact has been reported in Novell
eDirectory.

Full Advisory:
http://secunia.com/advisories/32395/ 

 --

[SA32444] Citrix Web Interface Improper Session Termination Security
Issue

Critical:    Less critical
Where:       Local system
Impact:      Security Bypass
Released:    2008-10-28

A security issue has been reported in Citrix Web Interface, which can
be exploited by malicious, local users to bypass certain security
restrictions.

Full Advisory:
http://secunia.com/advisories/32444/ 


UNIX/Linux:--

[SA32461] Debian update for openoffice.org 

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2008-10-30

Debian has issued an update for openoffice.org. This fixes some
vulnerabilities, which potentially can be exploited by malicious people
to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/32461/ 

 --

[SA32436] Red Hat update for java-1.6.0-ibm

Critical:    Highly critical
Where:       From remote
Impact:      Security Bypass, Exposure of system information, Exposure
of sensitive information, DoS, System access
Released:    2008-10-27

Red Hat has issued an update for java-1.6.0-ibm. This fixes some
vulnerabilities, which can be exploited by malicious people to bypass
certain security restrictions, disclose system information or
potentially sensitive information, cause a DoS (Denial of Service), or
compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/32436/ 

 --

[SA32402] Ads Pro "page" Command Execution Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2008-10-28

S0l1D has reported a vulnerability in Ads Pro, which can be exploited
by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/32402/ 

 --

[SA32400] Ubuntu update for moodle

Critical:    Highly critical
Where:       From remote
Impact:      Security Bypass, System access
Released:    2008-10-24

Ubuntu has issued an update for moodle. This fixes a vulnerability,
which can be exploited by malicious people to bypass certain security
restrictions.

Full Advisory:
http://secunia.com/advisories/32400/ 

 --

[SA32394] SUSE Update for Multiple Packages

Critical:    Highly critical
Where:       From remote
Impact:      Security Bypass, Cross Site Scripting, Exposure of system
information, Exposure of sensitive information, DoS, System access
Released:    2008-10-24

SUSE has issued an update for multiple packages. This fixes some
vulnerabilities, which can be exploited by malicious people to conduct
script insertion attacks, bypass certain security restrictions,
disclose system and potentially sensitive information, or potentially
to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/32394/ 

 --

[SA32454] rPath update for pcre

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2008-10-28

rPath has issued an update for pcre. This fixes a vulnerability, which
can be exploited by malicious people to cause a DoS (Denial of Service)
and potentially compromise an application using the library.

Full Advisory:
http://secunia.com/advisories/32454/ 

 --

[SA32453] rPath update for libxslt

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2008-10-28

rPath has issued an update for libxslt. This fixes some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service) and potentially compromise an application using
the library.

Full Advisory:
http://secunia.com/advisories/32453/ 

 --

[SA32448] Red Hat update for flash-plugin

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass, Manipulation of data, Exposure of
sensitive information
Released:    2008-10-29

Red Hat has issued an update for flash-plugin. This fixes some
vulnerabilities, which can be exploited by malicious people to bypass
certain security restrictions, disclose potentially sensitive
information, and manipulate certain data.

Full Advisory:
http://secunia.com/advisories/32448/ 

 --

[SA32447] KTorrent 2 Web Interface Torrent Upload and PHP Code
Injection

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass, System access
Released:    2008-10-29

Some vulnerabilities have been reported in KTorrent, which can be
exploited by malicious users to compromise a vulnerable system and
malicious people to bypass certain security restrictions.

Full Advisory:
http://secunia.com/advisories/32447/ 

 --

[SA32442] KTorrent Web Interface Torrent Upload and PHP Code Injection

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass, System access
Released:    2008-10-27

Some vulnerabilities have been discovered in KTorrent, which can be
exploited by malicious users to compromise a vulnerable system and
malicious people to bypass certain security restrictions.

Full Advisory:
http://secunia.com/advisories/32442/ 

 --

[SA32437] Red Hat update for java-1.5.0-ibm

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass
Released:    2008-10-27

Red Hat has issued an update for java-1.5.0-ibm. This fixes a
vulnerability, which can be exploited by malicious people to bypass
certain security restrictions.

Full Advisory:
http://secunia.com/advisories/32437/ 

 --

[SA32430] Venalsur Booking Centre SQL Injection and Cross-Site
Scripting

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting, Manipulation of data, Exposure of
sensitive information
Released:    2008-10-30

d3b4g has reported two vulnerabilities in Venalsur Booking Centre,
which can be exploited by malicious people to conduct cross-site
scripting and SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/32430/ 

 --

[SA32424] Debian update for clamav

Critical:    Moderately critical
Where:       From remote
Impact:      Unknown, DoS
Released:    2008-10-27

Debian has issued an update for clamav. This fixes some
vulnerabilities, where some have an unknown impact and others can
potentially be exploited by malicious people to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/32424/ 

 --

[SA32401] NetBSD ICMPv6 "Packet Too Big" MTU Denial of Service
Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2008-10-28

NetBSD has acknowledged a vulnerability, which can be exploited by
malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/32401/ 

 --

[SA32396] Debian update for libspf2

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2008-10-24

Debian has issued an update for libspf2. This fixes a vulnerability,
which can be exploited by malicious people to potentially compromise an
application using the library.

Full Advisory:
http://secunia.com/advisories/32396/ 

 --

[SA32471] Fedora update for dovecot

Critical:    Less critical
Where:       From remote
Impact:      Security Bypass
Released:    2008-10-30

Fedora has issued an update for dovecot. This fixes a security issue,
which can be exploited by malicious users to bypass certain security
restrictions.

Full Advisory:
http://secunia.com/advisories/32471/ 

 --

[SA32446] Ubuntu update for moodle

Critical:    Less critical
Where:       From remote
Impact:      Security Bypass
Released:    2008-10-27

Ubuntu has issued an update for moodle. This fixes a vulnerability,
which can be exploited by malicious people to bypass certain security
restrictions.

Full Advisory:
http://secunia.com/advisories/32446/ 

 --

[SA32441] Fedora update for drupal

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting, Privilege escalation
Released:    2008-10-27

Fedora has issued an update for drupal. This fixes some
vulnerabilities, which can be exploited by malicious, local users to
gain escalated privileges and by malicious users to conduct script
insertion attacks.

Full Advisory:
http://secunia.com/advisories/32441/ 

 --

[SA32475] Fedora update for libtirpc

Critical:    Less critical
Where:       From local network
Impact:      DoS
Released:    2008-10-30

Fedora has issued an update for libtirpc. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/32475/ 

 --

[SA32406] NetBSD IPv6 Neighbor Discovery Protocol Neighbor Solicitation
Vulnerability

Critical:    Less critical
Where:       From local network
Impact:      Spoofing, Exposure of sensitive information, DoS
Released:    2008-10-28

A vulnerability has been reported in NetBSD, which can be exploited by
malicious people to conduct spoofing attacks, disclose potentially
sensitive information, or to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/32406/ 

 --

[SA32403] libtirpc "__rpc_taddr2uaddr_af()" Denial of Service
Vulnerability

Critical:    Less critical
Where:       From local network
Impact:      DoS
Released:    2008-10-28

A vulnerability has been reported in libtirpc, which can be exploited
by malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/32403/ 

 --

[SA32420] JHead "DoCommand()" Shell Command Injection Security Issue

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2008-10-27

A security issue has been reported in JHead, which can be exploited by
malicious, local users to gain escalated privileges.

Full Advisory:
http://secunia.com/advisories/32420/ 

 --

[SA32393] Ubuntu update for linux

Critical:    Less critical
Where:       Local system
Impact:      Security Bypass, Privilege escalation, DoS
Released:    2008-10-28

Ubuntu has issued an update for linux, linux-source-2.6.15, and
linux-source-2.6.22. This fixes some vulnerabilities, which can be
exploited by malicious, local users to cause a DoS (Denial of Service),
bypass certain security restrictions, and potentially gain escalated
privileges.

Full Advisory:
http://secunia.com/advisories/32393/ 

 --

[SA32460] Fedora update for ed

Critical:    Not critical
Where:       From remote
Impact:      System access
Released:    2008-10-30

Fedora has issued an update for ed. This fixes a security issue, which
can be exploited by malicious people to compromise a vulnerable
system.

Full Advisory:
http://secunia.com/advisories/32460/ 

 --

[SA32416] Red Hat update for lynx

Critical:    Not critical
Where:       Local system
Impact:      Privilege escalation
Released:    2008-10-28

Red Hat has issued an update for lynx. This fixes a weakness, which can
be exploited by malicious, local users to gain escalated privileges.

Full Advisory:
http://secunia.com/advisories/32416/ 

 --

[SA32407] Lynx Insecure ".mailcap" and ".mime.types" Search Path
Weakness

Critical:    Not critical
Where:       Local system
Impact:      Privilege escalation
Released:    2008-10-28

A weakness has been reported in Lynx, which can be exploited by
malicious, local users to potentially gain escalated privileges.

Full Advisory:
http://secunia.com/advisories/32407/ 


Other:


Cross Platform:--

[SA32452] Opera Command Execution and Cross-Site Scripting

Critical:    Highly critical
Where:       From remote
Impact:      Cross Site Scripting, System access
Released:    2008-10-30

Some vulnerabilities have been reported in Opera, which can be
exploited by malicious people to conduct cross-site scripting attacks
or potentially to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/32452/ 

 --

[SA32433] H2O-CMS Cookie Security Bypass and Code Execution
Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      Security Bypass, System access
Released:    2008-10-29

Some vulnerabilities have been discovered in H2O-CMS, which can be
exploited by malicious people to bypass certain security restrictions
or by malicious users to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/32433/ 

 --

[SA32419] OpenOffice WMF and EMF Processing Buffer Overflows

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2008-10-29

Some vulnerabilities have been reported in OpenOffice, which
potentially can be exploited by malicious people to compromise a user's
system.

Full Advisory:
http://secunia.com/advisories/32419/ 

 --

[SA32412] NEPT Image Uploader uploadp.php File Upload Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2008-10-27

Dentrasi has discovered a vulnerability in NEPT Image Uploader, which
can be exploited by malicious people to compromise a vulnerable
system.

Full Advisory:
http://secunia.com/advisories/32412/ 

 --

[SA32467] Harlandscripts Pro Traffic One "trg" SQL Injection
Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data, Exposure of sensitive information
Released:    2008-10-30

Beenu Arora has reported a vulnerability in Harlandscripts Pro Traffic
One, which can be exploited by malicious people to conduct SQL
injection attacks.

Full Advisory:
http://secunia.com/advisories/32467/ 

 --

[SA32466] IBM Lotus Connections Multiple Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Unknown, Cross Site Scripting, Manipulation of data,
Exposure of sensitive information
Released:    2008-10-30

Multiple vulnerabilities and security issues have been reported in IBM
Lotus Connections. Some have an unknown impact and others can be
exploited by malicious, local users to disclose sensitive information
and by malicious people to disclosure sensitive information, conduct
cross-site scripting, script insertion, and SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/32466/ 

 --

[SA32451] MyBB Multiple Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Unknown, Cross Site Scripting, Brute force, Exposure of
sensitive information
Released:    2008-10-30

Some vulnerabilities and a weakness have been reported in MyBB, where
some have an unknown impact, and others can be exploited by malicious
people to conduct brute force or cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/32451/ 

 --

[SA32443] SUSE update for kernel

Critical:    Moderately critical
Where:       From remote
Impact:      Privilege escalation, DoS
Released:    2008-10-29

SUSE has issued an update for the kernel. This fixes some
vulnerabilities, which can be exploited by malicious, local users to
cause a DoS (Denial of Service) and potentially gain escalated
privileges, and by malicious people to cause a DoS.

Full Advisory:
http://secunia.com/advisories/32443/ 

 --

[SA32439] phplist "connector.php" File Extension Validation
Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2008-10-28

A vulnerability has been reported in phplist, which potentially can be
exploited by malicious users to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/32439/ 

 --

[SA32438] WebGUI "loadModule()" Arbitrary Perl Code Execution
Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2008-10-28

A vulnerability has been reported in WebGUI, which can be exploited by
malicious users to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/32438/ 

 --

[SA32431] All In One Control Panel (AIOCP) "poll_id" SQL Injection

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2008-10-28

ExSploiters has discovered a vulnerability in All In One Control Panel
(AIOCP), which can be exploited by malicious people to conduct SQL
injection attacks.

Full Advisory:
http://secunia.com/advisories/32431/ 

 --

[SA32427] tlAds "tlAds_login" Cookie Security Bypass

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass
Released:    2008-10-28

X0r has discovered a vulnerability in tlAds, which can be exploited by
malicious people to bypass certain security restrictions.

Full Advisory:
http://secunia.com/advisories/32427/ 

 --

[SA32422] H&H WebSoccer "id" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data, Exposure of sensitive information
Released:    2008-10-29

d3v1l has reported a vulnerability in H&H WebSoccer, which can be
exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/32422/ 

 --

[SA32413] Aj Square RSS Reader "url" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2008-10-29

yassine_enp has reported a vulnerability in Aj Square RSS Reader, which
can be exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/32413/ 

 --

[SA32410] KVIrc "irc://" URI Handling Format String Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2008-10-27

Gjoko 'LiquidWorm' Krstic has discovered a vulnerability in KVIrc,
which potentially can be exploited by malicious people to compromise a
user's system.

Full Advisory:
http://secunia.com/advisories/32410/ 

 --

[SA32408] PHP-Daily File Disclosure and SQL Injection Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data, Exposure of system information,
Exposure of sensitive information
Released:    2008-10-29

0xFFFFFF has discovered some vulnerabilities in PHP-Daily, which can be
exploited by malicious people to disclose sensitive information and
conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/32408/ 

 --

[SA32405] tlNews "tlNews_login" Cookie Security Bypass

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass
Released:    2008-10-27

X0r has discovered a vulnerability in tlNews, which can be exploited by
malicious people to bypass certain security restrictions.

Full Advisory:
http://secunia.com/advisories/32405/ 

 --

[SA32404] SiteEngine SQL Injection and Information Disclosure
Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data, Exposure of system information
Released:    2008-10-29

Some vulnerabilities have been reported in SiteEngine, which can be
exploited by malicious people to disclose system information and
conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/32404/ 

 --

[SA32397] SFS Ez Forum  "forum" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Exposure of sensitive information, Manipulation of data
Released:    2008-10-27

Hurley has reported a vulnerability in SFS Ez Forum, which can be
exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/32397/ 

 --

[SA32465] IBM Tivoli Storage Manager Client Buffer Overflow
Vulnerability

Critical:    Moderately critical
Where:       From local network
Impact:      DoS, System access
Released:    2008-10-30

A vulnerability has been reported in IBM Tivoli Storage Manager (TSM)
Client, which can be exploited by malicious people to cause a DoS
(Denial of Service) or potentially compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/32465/ 

 --

[SA32456] Eaton MGE Network Shutdown Module Arbitrary Command Execution
Vulnerability

Critical:    Moderately critical
Where:       From local network
Impact:      System access
Released:    2008-10-28

n.runs AG has reported a vulnerability in Eaton MGE Network Shutdown
Module, which can be exploited by malicious people to compromise a
vulnerable system.

Full Advisory:
http://secunia.com/advisories/32456/ 

 --

[SA32470] Quassel IRC CTCP Command Injection Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Hijacking
Released:    2008-10-30

Wouter Coekaerts has reported a vulnerability in Quassel IRC, which can
be exploited by malicious people to hijack IRC connections.

Full Advisory:
http://secunia.com/advisories/32470/ 

 --

[SA32469] Saba "username" Cross-Site Scripting Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2008-10-30

The-0utl4w has reported a vulnerability in Saba, which can be exploited
by malicious people to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/32469/ 

 --

[SA32468] Dorsa CMS "search" Cross-Site Scripting Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2008-10-30

Pouya_Server has reported a vulnerability in Dorsa CMS, which can be
exploited by malicious people to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/32468/ 

 --

[SA32457] Kmita Catalogue "q" Cross-Site Scripting Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2008-10-29

cize0f has reported a vulnerability in Kmita Catalogue, which can be
exploited by malicious people to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/32457/ 

 --

[SA32449] phpMyAdmin "db" Cross-Site Scripting Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2008-10-28

Hadi Kiamarsi has discovered a vulnerability in phpMyAdmin, which can
be exploited by malicious people to conduct cross-site scripting
attacks.

Full Advisory:
http://secunia.com/advisories/32449/ 

 --

[SA32445] Kmita Gallery "begin" and "searchtext" Cross-Site Scripting
Vulnerabilities

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2008-10-29

cize0f has reported some vulnerabilities in Kmita Gallery, which can be
exploited by malicious people to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/32445/ 

 --

[SA32432] MyKtools "langage" Local File Inclusion

Critical:    Less critical
Where:       From remote
Impact:      Exposure of system information, Exposure of sensitive
information
Released:    2008-10-28

A vulnerability has been discovered in MyKtools, which can be exploited
by malicious users to disclose sensitive information.

Full Advisory:
http://secunia.com/advisories/32432/ 

 --

[SA32429] iPei Guestbook "pg" Cross-Site Scripting Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2008-10-27

Ghost Hacker has discovered a vulnerability in iPei Guestbook, which
can be exploited by malicious people to conduct cross-site scripting
attacks.

Full Advisory:
http://secunia.com/advisories/32429/ 

 --

[SA32417] Smarty "regex_replace" Modifier Template Security Bypass

Critical:    Less critical
Where:       From remote
Impact:      Security Bypass
Released:    2008-10-27

A vulnerability has been reported in Smarty, which can potentially be
exploited by malicious people to bypass certain security restrictions.

Full Advisory:
http://secunia.com/advisories/32417/ 

 --

[SA32399] ClipShare "title" Cross-Site Scripting Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2008-10-24

ShockShadow has reported a vulnerability is ClipShare, which can be
exploited by malicious people to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/32399/ 

 --

[SA32418] libpng "png_handle_tEXt()" Memory Leak Vulnerability

Critical:    Not critical
Where:       From remote
Impact:      DoS
Released:    2008-10-27

A vulnerability has been reported in libpng, which can be exploited by
malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/32418/ 



=======================================================================
Secunia recommends that you verify all advisories you receive,
by clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only use
those supplied by the vendor.

Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/ 

Subscribe:
http://secunia.com/advisories/weekly_summary/ 

Contact details:
Web	: http://secunia.com/ 
E-mail	: support@secunia.com 
Tel	: +45 70 20 51 44
Fax	: +45 70 20 51 45


______________________________________________      
Visit the InfoSec News Security Bookstore
Best Selling Security Books and More!
http://www.shopinfosecnews.org 

Site design & layout copyright © 1986-2014 CodeGods