AOH :: IS1363.HTM

Secunia Weekly Summary - Issue: 2008-46




Secunia Weekly Summary - Issue: 2008-46
Secunia Weekly Summary - Issue: 2008-46



=======================================================================
                  The Secunia Weekly Advisory Summary                  
                        2008-11-06 - 2008-11-13                        

                       This week: 113 advisories                       

=======================================================================Table of Contents:

1.....................................................Word From Secunia
2....................................................This Week In Brief
3...............................This Weeks Top Ten Most Read Advisories
4.......................................Vulnerabilities Summary Listing
5.......................................Vulnerabilities Content Listing

=======================================================================1) Word From Secunia:

Would you like to be notified when the vendor patch gets issued?

The Secunia Vulnerability Intelligence solutions allow you to be
notified via email & SMS as soon as any major update to the
vulnerability occurs. That could be a change in criticality rating,
exploit-code appeared in the wild, patch is issued by the vendor etc.
With the professional solutions you also get access to more detailed
information for work arounds, deep links and support from Secunia
Research.  This intelligence is not part of the mailing list or weekly
summary.

http://secunia.com/advisories/business_solutions/ 

=======================================================================2) This Week in Brief:

Various Mozilla products have been updated. For more details view the
Secunia Advisories below.

For more information, refer to:
http://secunia.com/advisories/32715/ 
http://secunia.com/advisories/32714/ 
http://secunia.com/advisories/32713/ 
http://secunia.com/advisories/32693/ 

 --

Microsoft has released their monthly security bulletins for November.

For more information, refer to:
http://secunia.com/advisories/32633/ 
http://secunia.com/advisories/23655/ 

=======================================================================3) This Weeks Top Ten Most Read Advisories:

1.  [SA29773] Adobe Acrobat/Reader Multiple Vulnerabilities
2.  [SA31010] Sun Java JDK / JRE Multiple Vulnerabilities
3.  [SA32270] Adobe Flash Player Multiple Security Issues and
              Vulnerabilities
4.  [SA32597] hMAilServer PHPWebAdmin File Inclusion Vulnerabilities
5.  [SA32633] Microsoft Windows SMB Authentication Credential Replay
              Vulnerability
6.  [SA32569] VLC Media Player CUE and RealText Processing Buffer
              Overflows
7.  [SA28713] Facebook Photo Uploader ActiveX Control Property Handling
              Buffer Overflow
8.  [SA32361] Snoopy "_httpsrequest()" Shell Command Execution
              Vulnerability
9.  [SA20153] Microsoft Word Malformed Object Pointer Vulnerability
10. [SA32682] SAP GUI MDrmSap ActiveX Control Code Execution
              Vulnerability

=======================================================================4) Vulnerabilities Summary Listing

Windows:
[SA32698] ooVoo URI Handler Buffer Overflow Vulnerability
[SA32682] SAP GUI MDrmSap ActiveX Control Code Execution Vulnerability
[SA32597] hMAilServer PHPWebAdmin File Inclusion Vulnerabilities
[SA32675] Dizi Film Portal "film" SQL Injection Vulnerability
[SA32590] Arab Portal "file" File Disclosure Vulnerability
[SA32633] Microsoft Windows SMB Authentication Credential Replay
Vulnerability
[SA32618] Trend Micro ServerProtect Multiple Vulnerabilities
[SA32683] IBM Metrica Products Cross-Site Scripting and Script
Insertion
[SA32592] Orb Networks Orb Directory Traversal Vulnerability
[SA32669] Anti-Trojan Elite Atepmon.sys IOCTL Handling Vulnerability
[SA32634] Anti-Keylogger Elite "AKEProtect.sys" IOCTL Handling
Vulnerabilities

UNIX/Linux:
[SA32714] Mozilla SeaMonkey Multiple Vulnerabilities
[SA32713] Mozilla Firefox 3 Multiple Vulnerabilities
[SA32708] Fedora update for optipng
[SA32700] Red Hat update for acroread
[SA32695] Red Hat update for firefox
[SA32694] Red Hat update for seamonkey
[SA32688] Apple iLife / Aperture Image Processing Vulnerabilities
[SA32629] SUSE update for yelp
[SA32702] Red Hat update for flash-plugin
[SA32687] Red Hat update for gnutls
[SA32681] Fedora update for gnutls
[SA32678] Debian update for libcdaudio
[SA32677] Ubuntu update for dovecot
[SA32661] Gentoo update for faad2
[SA32656] Gentoo update for graphviz
[SA32625] Sun Solaris IP Filter DNS Cache Poisoning
[SA32619] GnuTLS X.509 Certificate Chain Validation Vulnerability
[SA32614] Fedora update for ipsec-tools
[SA32608] Ubuntu update for tk
[SA32607] Ubuntu update for netpbm
[SA32606] Sun Java System Identity Manager Multiple Vulnerabilities
[SA32668] Sun Solaris DHCP Request Handling Vulnerabilities
[SA32685] Red Hat update for httpd
[SA32662] Gentoo update for gallery
[SA32630] op5 Monitor Cross-Site Request Forgery
[SA32620] Fedora update for php-Smarty 
[SA32615] Fedora update for drupal-cck
[SA32610] Nagios "cmd.cgi" Cross-Site Request Forgery
[SA32599] TestLink Multiple Script Insertion Vulnerabilities
[SA32711] rPath update for net-snmp
[SA32664] Debian update for net-snmp
[SA32709] rPath update for kernel
[SA32701] Fedora update for blender
[SA32679] smcFanControl "main()" Privilege Escalation Vulnerability
[SA32674] Sun Logical Domains Authentication Bypass Vulnerability
[SA32627] CDRW-Taper "amlabel-cdrw" Insecure Temporary Files
[SA32621] HP Tru64 UNIX AdvFS "showfile" Privilege Escalation
Vulnerability
[SA32616] Fedora update for cman, gfs2-utils, and rgmanager
[SA32605] Apertium Insecure Temporary Files
[SA32602] Cluster Project Unspecified Insecure Temporary Files
[SA32598] Scilab Insecure Temporary Files
[SA32589] DigitalDJ fest.pl Insecure Temporary Files
[SA32588] Rancid "getipacctg" Insecure Temporary Files
[SA32587] lmbench Insecure Temporary Files
[SA32707] Fedora update for libpng10
[SA32710] rPath update for initscripts
[SA32691] Ubuntu update for gnome-screensaver
[SA32671] WIMS "account.sh" Insecure Temporary Files
[SA32667] Sun Solstice X.25 Local Denial of Service
[SA32655] Linux Kernel Denial of Service Vulnerabilities

Other:
[SA32631] 2Wire Routers Denial of Service Vulnerability
[SA32635] Siemens SpeedStream 5200 "Host" Header Authentication Bypass
[SA32623] Sweex RO002 Router Undocumented Account Security Issue

Cross Platform:
[SA32715] Mozilla Thunderbird Multiple Vulnerabilities
[SA32693] Mozilla Firefox 2 Multiple Vulnerabilities
[SA32666] AlstraSoft SendIt Pro File Upload Vulnerability
[SA32651] OptiPNG BMP Reader Buffer Overflow Vulnerability
[SA32643] Sanusart Simple PHP Guestbook Script PHP Code Execution
[SA32628] Enthusiast "path" File Inclusion Vulnerability
[SA32626] PHPStore Multiple Products File Upload Vulnerability
[SA32712] HP Service Manager Unspecified Security Bypass Vulnerability
[SA32703] ActiveCampaign TrioLive "department_id" SQL Injection
[SA32673] MyioSoft Products "rsargs" SQL Injection Vulnerability
[SA32665] AlstraSoft Article Manager Pro "username" SQL Injection
Vulnerability
[SA32663] ClamAV "get_unicode_name()" Off-By-One Vulnerability
[SA32660] AlstraSoft Web Host Directory "pwd" SQL Injection
Vulnerability
[SA32653] WOW Raid Manager "auth_phpbb3.php" Authentication Bypass
[SA32652] Trac Multiple Vulnerabilities
[SA32647] PozScripts Business Directory Script "cid" SQL Injection
Vulnerability
[SA32646] Mole Group Rental Script "username" SQL Injection
Vulnerability
[SA32645] OTManager CMS "Tipo" File Inclusion Vulnerability
[SA32644] TurnkeyForms Web Hosting Directory Multiple Vulnerabilities
[SA32641] E-topbiz Online Store 1 "user" and "cat_id" SQL Injection
Vulnerabilities
[SA32640] Mini Web Calendar Cross-Site Scripting and Local File
Disclosure
[SA32639] E-topbiz Number Links 1 "id" SQL Injection Vulnerability
[SA32638] TYPO3 eluna_pagecomments Extension Cross-Site Scripting and
SQL Injection
[SA32637] Domain Seller Pro "id" SQL Injection Vulnerability
[SA32636] MyioSoft EasyBookMarker "Parent" SQL Injection Vulnerability
[SA32632] MemHT Portal "title" SQL Injection Vulnerability
[SA32622] Joomla! Script Insertion Vulnerabilities
[SA32617] Zeeways Shaadi Clone Authentication Bypass Vulnerability
[SA32613] Mole Group Pizza Online Ordering Script "manufacturers_id"
SQL Injection
[SA32603] V3 Chat Products "admin" Cookie Security Bypass
Vulnerability
[SA32601] Zeeways PhotoVideoTube Authentication Bypass Vulnerability
[SA32600] AJSquare Free Polling Script Authentication Bypass
Vulnerability
[SA32596] DevelopItEasy Events Calendar Multiple SQL Injection
Vulnerabilities
[SA32595] DevelopItEasy News And Article System Multiple SQL Injection
Vulnerabilities
[SA32594] DevelopItEasy Membership System Multiple SQL Injection
Vulnerabilities
[SA32593] DevelopItEasy Photo Gallery Multiple SQL Injection
Vulnerabilities
[SA32591] TurnkeyForms Local Classifieds SQL Injection and Security
Bypass
[SA32586] PHP Classifieds "admin_username" SQL Injection Vulnerability
[SA32689] TYPO3 "file" Backend Module Cross-Site Scripting
Vulnerability
[SA32670] Sun Java System Messaging Server Cross-Site Scripting
Vulnerability
[SA32657] buymyscripts.net Lyrics Script "k" Cross-Site Scripting
Vulnerability
[SA32654] TYPO3 phpMyAdmin Extension "db" Cross-Site Scripting
Vulnerability
[SA32650] buymyscripts.net Clickbank Portal "keyword" Cross-Site
Scripting Vulnerability
[SA32649] buymyscripts.net Recipe Website Script "keyword" Cross-Site
Scripting
[SA32642] Fresh Email Script "Email" Cross-Site Scripting
Vulnerability
[SA32680] Blender Insecure Python Module Search Path Vulnerability
[SA32624] VMware ESX / ESXi Privilege Escalation and Directory
Traversal Vulnerability
[SA32612] VMware Products Privilege Escalation Vulnerability
[SA32686] MoinMoin Full Path Disclosure Weakness

=======================================================================5) Vulnerabilities Content Listing

Windows:--

[SA32698] ooVoo URI Handler Buffer Overflow Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2008-11-12

bruiser has discovered a vulnerability in ooVoo, which potentially can
be exploited by malicious people to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/32698/ 

 --

[SA32682] SAP GUI MDrmSap ActiveX Control Code Execution Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2008-11-11

A vulnerability has been reported in SAPgui, which can be exploited by
malicious people to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/32682/ 

 --

[SA32597] hMAilServer PHPWebAdmin File Inclusion Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      Exposure of sensitive information, System access
Released:    2008-11-07

Nine:Situations:Group::strawdog has discovered some vulnerabilities in
hMailServer PHPWebAdmin, which can be exploited by malicious people to
disclose potentially sensitive information and compromise a vulnerable
system.

Full Advisory:
http://secunia.com/advisories/32597/ 

 --

[SA32675] Dizi Film Portal "film" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data, Exposure of sensitive information
Released:    2008-11-11

Kaan KAMIS has discovered a vulnerability in Dizi Film Portal, which
can be exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/32675/ 

 --

[SA32590] Arab Portal "file" File Disclosure Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Exposure of sensitive information
Released:    2008-11-10

IRCRASH has reported a vulnerability in Arab Portal, which can be
exploited by malicious people to disclose sensitive information.

Full Advisory:
http://secunia.com/advisories/32590/ 

 --

[SA32633] Microsoft Windows SMB Authentication Credential Replay
Vulnerability

Critical:    Moderately critical
Where:       From local network
Impact:      Security Bypass, Spoofing
Released:    2008-11-11

A vulnerability has been reported in Microsoft Windows, which can be
exploited by malicious people to bypass certain security features.

Full Advisory:
http://secunia.com/advisories/32633/ 

 --

[SA32618] Trend Micro ServerProtect Multiple Vulnerabilities

Critical:    Moderately critical
Where:       From local network
Impact:      DoS, System access
Released:    2008-11-12

Some vulnerabilities have been reported in Trend Micro ServerProtect,
which potentially can be exploited by malicious people to compromise a
vulnerable system.

Full Advisory:
http://secunia.com/advisories/32618/ 

 --

[SA32683] IBM Metrica Products Cross-Site Scripting and Script
Insertion

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2008-11-13

Francesco Bianchino has reported a vulnerability in Metrica products,
which can be exploited by malicious users to conduct script insertion
attacks and by malicious people to conduct cross-site scripting
attacks.

Full Advisory:
http://secunia.com/advisories/32683/ 

 --

[SA32592] Orb Networks Orb Directory Traversal Vulnerability

Critical:    Less critical
Where:       From local network
Impact:      Exposure of system information, Exposure of sensitive
information
Released:    2008-11-10

A vulnerability has been reported in Orb, which can be exploited by
malicious people to disclose sensitive information.

Full Advisory:
http://secunia.com/advisories/32592/ 

 --

[SA32669] Anti-Trojan Elite Atepmon.sys IOCTL Handling Vulnerability

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation, DoS
Released:    2008-11-10

alex has discovered a vulnerability in Anti-Trojan Elite, which can be
exploited by malicious, local users to cause a DoS (Denial of Service)
or potentially gain escalated privileges.

Full Advisory:
http://secunia.com/advisories/32669/ 

 --

[SA32634] Anti-Keylogger Elite "AKEProtect.sys" IOCTL Handling
Vulnerabilities

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation, DoS
Released:    2008-11-10

alex has discovered some vulnerabilities in Anti-Keylogger Elite, which
can be exploited by malicious, local users to cause a DoS (Denial of
Service) or to potentially gain escalated privileges.

Full Advisory:
http://secunia.com/advisories/32634/ 


UNIX/Linux:--

[SA32714] Mozilla SeaMonkey Multiple Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      Security Bypass, Exposure of system information, Exposure
of sensitive information, System access
Released:    2008-11-13

Some vulnerabilities have been reported in Mozilla SeaMonkey, which can
be exploited by malicious people to disclose sensitive information,
bypass certain security restrictions, or compromise a user's system.

Full Advisory:
http://secunia.com/advisories/32714/ 

 --

[SA32713] Mozilla Firefox 3 Multiple Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      Security Bypass, Exposure of system information, Exposure
of sensitive information, System access
Released:    2008-11-13

Some vulnerabilities have been reported in Mozilla Firefox, which can
be exploited by malicious people to disclose sensitive information,
bypass certain security restrictions, or compromise a user's system.

Full Advisory:
http://secunia.com/advisories/32713/ 

 --

[SA32708] Fedora update for optipng

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2008-11-13

Fedora has issued an update for optipng. This fixes a vulnerability,
which can be exploited by malicious people to compromise a user's
system.

Full Advisory:
http://secunia.com/advisories/32708/ 

 --

[SA32700] Red Hat update for acroread

Critical:    Highly critical
Where:       From remote
Impact:      Privilege escalation, System access
Released:    2008-11-13

Red Hat has issued an update for acroread. This fixes some
vulnerabilities, which can be exploited by malicious, local users to
gain escalated privileges or by malicious people to compromise a user's
system.

Full Advisory:
http://secunia.com/advisories/32700/ 

 --

[SA32695] Red Hat update for firefox

Critical:    Highly critical
Where:       From remote
Impact:      Security Bypass, Exposure of system information, Exposure
of sensitive information, System access
Released:    2008-11-13

Red Hat has issued an update for firefox. This fixes some
vulnerabilities, which can be exploited by malicious people to disclose
sensitive information, bypass certain security restrictions, or
compromise a user's system.

Full Advisory:
http://secunia.com/advisories/32695/ 

 --

[SA32694] Red Hat update for seamonkey

Critical:    Highly critical
Where:       From remote
Impact:      Security Bypass, Exposure of system information, Exposure
of sensitive information, System access
Released:    2008-11-13

Red Hat has issued an update for seamonkey. This fixes some
vulnerabilities, which can be exploited by malicious people to disclose
sensitive information, bypass certain security restrictions, or
compromise a user's system.

Full Advisory:
http://secunia.com/advisories/32694/ 

 --

[SA32688] Apple iLife / Aperture Image Processing Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2008-11-12

Apple has acknowledged some vulnerabilities in Apple iLife and
Aperture, which can potentially be exploited by malicious people to
compromise a user's system.

Full Advisory:
http://secunia.com/advisories/32688/ 

 --

[SA32629] SUSE update for yelp

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2008-11-07

SUSE has issued an update for yelp. This fixes a vulnerability, which
potentially can be exploited by malicious people to compromise a user's
system.

Full Advisory:
http://secunia.com/advisories/32629/ 

 --

[SA32702] Red Hat update for flash-plugin

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass, Cross Site Scripting, Manipulation of
data, Exposure of sensitive information
Released:    2008-11-13

Red Hat has issued an update for flash-plugin. This fixes some
vulnerabilities, which can be exploited by malicious people to bypass
certain security restrictions, manipulate certain data, conduct
cross-site scripting attacks, or disclose sensitive information.

Full Advisory:
http://secunia.com/advisories/32702/ 

 --

[SA32687] Red Hat update for gnutls

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass, Spoofing
Released:    2008-11-12

Red Hat has issued an update for gnutls. This fixes a vulnerability,
which can be exploited by malicious people to bypass certain security
restrictions.

Full Advisory:
http://secunia.com/advisories/32687/ 

 --

[SA32681] Fedora update for gnutls

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass, Spoofing
Released:    2008-11-12

Fedora has issued an update for gnutls. This fixes a vulnerability,
which can be exploited by malicious people to bypass certain security
restrictions.

Full Advisory:
http://secunia.com/advisories/32681/ 

 --

[SA32678] Debian update for libcdaudio

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2008-11-13

Debian has issued an update for libcdaudio. This fixes a vulnerability,
which can be exploited by malicious people to compromise an application
using the library.

Full Advisory:
http://secunia.com/advisories/32678/ 

 --

[SA32677] Ubuntu update for dovecot

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2008-11-10

Ubuntu has issued an update for dovecot. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/32677/ 

 --

[SA32661] Gentoo update for faad2

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2008-11-10

Gentoo has issued an update for faad2. This fixes a vulnerability,
which potentially can be exploited by malicious people to compromise a
user's system.

Full Advisory:
http://secunia.com/advisories/32661/ 

 --

[SA32656] Gentoo update for graphviz

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2008-11-10

Gentoo has issued an update for graphviz. This fixes a vulnerability,
which can be exploited by malicious people to compromise a user's
system.

Full Advisory:
http://secunia.com/advisories/32656/ 

 --

[SA32625] Sun Solaris IP Filter DNS Cache Poisoning

Critical:    Moderately critical
Where:       From remote
Impact:      Spoofing
Released:    2008-11-12

A vulnerability has been reported in Sun Solaris, which can be
exploited by malicious people to poison the DNS cache.

Full Advisory:
http://secunia.com/advisories/32625/ 

 --

[SA32619] GnuTLS X.509 Certificate Chain Validation Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass, Spoofing
Released:    2008-11-10

A vulnerability has been reported in GnuTLS, which can be exploited by
malicious people to bypass certain security restrictions.

Full Advisory:
http://secunia.com/advisories/32619/ 

 --

[SA32614] Fedora update for ipsec-tools

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2008-11-07

Fedora has issued an update for ipsec-tools. This fixes some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/32614/ 

 --

[SA32608] Ubuntu update for tk

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2008-11-07

Ubuntu has issued an update for tk. This fixes a vulnerability, which
can be exploited by malicious people to compromise an application using
the library.

Full Advisory:
http://secunia.com/advisories/32608/ 

 --

[SA32607] Ubuntu update for netpbm

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2008-11-07

Ubuntu has issued an update for netpbm. This fixes a vulnerability,
which can be exploited by malicious people to potentially compromise a
vulnerable system.

Full Advisory:
http://secunia.com/advisories/32607/ 

 --

[SA32606] Sun Java System Identity Manager Multiple Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass, Cross Site Scripting
Released:    2008-11-12

Some vulnerabilities have been reported in Sun Java System Identity
Manager, which can be exploited by malicious people to conduct
cross-site scripting attacks and to bypass certain security
restrictions.

Full Advisory:
http://secunia.com/advisories/32606/ 

 --

[SA32668] Sun Solaris DHCP Request Handling Vulnerabilities

Critical:    Moderately critical
Where:       From local network
Impact:      DoS, System access
Released:    2008-11-10

Some vulnerabilities have been reported in Sun Solaris, which can be
exploited by malicious people to cause a DoS (Denial of Service) or
potentially compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/32668/ 

 --

[SA32685] Red Hat update for httpd

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting, DoS
Released:    2008-11-12

Red Hat has issued an update for httpd. This fixes some
vulnerabilities, which can be exploited by malicious people to conduct
cross-site scripting attacks or potentially cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/32685/ 

 --

[SA32662] Gentoo update for gallery

Critical:    Less critical
Where:       From remote
Impact:      Exposure of system information, Exposure of sensitive
information, Cross Site Scripting
Released:    2008-11-10

Gentoo has issued an update for gallery. This fixes some
vulnerabilities, which can be exploited by malicious users to conduct
script insertion attacks and disclose potentially sensitive
information.

Full Advisory:
http://secunia.com/advisories/32662/ 

 --

[SA32630] op5 Monitor Cross-Site Request Forgery

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2008-11-11

A vulnerability has been reported in op5 Monitor, which can be
exploited by malicious people to conduct cross-site request forgery
attacks.

Full Advisory:
http://secunia.com/advisories/32630/ 

 --

[SA32620] Fedora update for php-Smarty 

Critical:    Less critical
Where:       From remote
Impact:      Security Bypass
Released:    2008-11-07

Fedora has issued an update for php-Smarty. This fixes a vulnerability,
which can be exploited by malicious people to bypass certain security
restrictions.

Full Advisory:
http://secunia.com/advisories/32620/ 

 --

[SA32615] Fedora update for drupal-cck

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2008-11-07

Fedora has issued an update for drupal-cck. This fixes some
vulnerabilities, which can be exploited by malicious users to conduct
script insertion attacks.

Full Advisory:
http://secunia.com/advisories/32615/ 

 --

[SA32610] Nagios "cmd.cgi" Cross-Site Request Forgery

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2008-11-07

Andreas Ericsson has discovered a vulnerability in Nagios, which can be
exploited by malicious people to conduct cross-site request forgery
attacks.

Full Advisory:
http://secunia.com/advisories/32610/ 

 --

[SA32599] TestLink Multiple Script Insertion Vulnerabilities

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2008-11-07

Some vulnerabilities have been reported in TestLink, which can be
exploited by malicious users to conduct script insertion attacks.

Full Advisory:
http://secunia.com/advisories/32599/ 

 --

[SA32711] rPath update for net-snmp

Critical:    Less critical
Where:       From local network
Impact:      DoS
Released:    2008-11-13

rPath has issued an update for net-snmp. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/32711/ 

 --

[SA32664] Debian update for net-snmp

Critical:    Less critical
Where:       From local network
Impact:      Spoofing, DoS, System access
Released:    2008-11-10

Debian has issued an update for net-snmp. This fixes some
vulnerabilities, which can be exploited by malicious people to spoof
authenticated SNMPv3 packets, cause a DoS (Denial of Service), and
compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/32664/ 

 --

[SA32709] rPath update for kernel

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2008-11-13

rPath has issued an update for the kernel. This fixes a vulnerability,
which can be exploited by malicious, local users to gain escalated
privileges.

Full Advisory:
http://secunia.com/advisories/32709/ 

 --

[SA32701] Fedora update for blender

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2008-11-12

Fedora has issued an update for blender. This fixes a vulnerability,
which can be exploited by malicious, local users to gain escalated
privileges.

Full Advisory:
http://secunia.com/advisories/32701/ 

 --

[SA32679] smcFanControl "main()" Privilege Escalation Vulnerability

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2008-11-12

KaiJern Lau has reported a vulnerability in smcFanControl, which can be
exploited by malicious, local users to gain escalated privileges.

Full Advisory:
http://secunia.com/advisories/32679/ 

 --

[SA32674] Sun Logical Domains Authentication Bypass Vulnerability

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2008-11-13

A vulnerability has been reported in Sun Logical Domains (LDoms), which
can be exploited by malicious, local users to bypass certain security
restrictions.

Full Advisory:
http://secunia.com/advisories/32674/ 

 --

[SA32627] CDRW-Taper "amlabel-cdrw" Insecure Temporary Files

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2008-11-07

A security issue has been reported in CDRW-Taper, which can be
exploited by malicious, local users to perform certain actions with
escalated privileges.

Full Advisory:
http://secunia.com/advisories/32627/ 

 --

[SA32621] HP Tru64 UNIX AdvFS "showfile" Privilege Escalation
Vulnerability

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2008-11-07

A vulnerability has been reported in HP Tru64 UNIX, which can be
exploited by malicious, local users to gain escalated privileges.

Full Advisory:
http://secunia.com/advisories/32621/ 

 --

[SA32616] Fedora update for cman, gfs2-utils, and rgmanager

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2008-11-07

Fedora has issued an update for cman, gfs2-utils, and rgmanager. This
fixes some security issues, which can be exploited by malicious, local
users to perform certain actions with escalated privileges.

Full Advisory:
http://secunia.com/advisories/32616/ 

 --

[SA32605] Apertium Insecure Temporary Files

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2008-11-11

Some security issues have been reported in Apertium, which can be
exploited by malicious, local users to perform certain actions with
escalated privileges.

Full Advisory:
http://secunia.com/advisories/32605/ 

 --

[SA32602] Cluster Project Unspecified Insecure Temporary Files

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2008-11-07

Some security issues have been reported in Cluster Project, which can
be exploited by malicious, local users to perform certain actions with
escalated privileges.

Full Advisory:
http://secunia.com/advisories/32602/ 

 --

[SA32598] Scilab Insecure Temporary Files

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2008-11-10

Some security issues have been reported in Scilab, which can be
exploited by malicious, local users to perform certain actions with
escalated privileges.

Full Advisory:
http://secunia.com/advisories/32598/ 

 --

[SA32589] DigitalDJ fest.pl Insecure Temporary Files

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2008-11-07

A security issue has been reported in DigitalDJ, which can be exploited
by malicious, local users to perform certain actions with escalated
privileges.

Full Advisory:
http://secunia.com/advisories/32589/ 

 --

[SA32588] Rancid "getipacctg" Insecure Temporary Files

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2008-11-07

A security issue has been reported in Rancid, which can be exploited by
malicious, local users to perform certain actions with escalated
privileges.

Full Advisory:
http://secunia.com/advisories/32588/ 

 --

[SA32587] lmbench Insecure Temporary Files

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2008-11-07

Some security issue have been reported in lmbench, which can be
exploited by malicious, local users to perform certain actions with
escalated privileges.

Full Advisory:
http://secunia.com/advisories/32587/ 

 --

[SA32707] Fedora update for libpng10

Critical:    Not critical
Where:       From remote
Impact:      DoS
Released:    2008-11-13

Fedora has issued an update for libpng10. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/32707/ 

 --

[SA32710] rPath update for initscripts

Critical:    Not critical
Where:       Local system
Impact:      Privilege escalation
Released:    2008-11-13

rPath has issued an update for initscripts. This fixes a security
issue, which can be exploited by malicious, local users to perform
certain actions with escalated privileges.

Full Advisory:
http://secunia.com/advisories/32710/ 

 --

[SA32691] Ubuntu update for gnome-screensaver

Critical:    Not critical
Where:       Local system
Impact:      Security Bypass, Exposure of sensitive information
Released:    2008-11-12

Ubuntu has issued an update for gnome-screensaver. This fixes a
weakness and a security issue, which can be exploited by malicious
people with physical access to disclose potentially sensitive
information or bypass certain security restrictions.

Full Advisory:
http://secunia.com/advisories/32691/ 

 --

[SA32671] WIMS "account.sh" Insecure Temporary Files

Critical:    Not critical
Where:       Local system
Impact:      Privilege escalation
Released:    2008-11-11

A security issue has been reported in WIMS, which can be exploited by
malicious, local users to perform certain actions with escalated
privileges.

Full Advisory:
http://secunia.com/advisories/32671/ 

 --

[SA32667] Sun Solstice X.25 Local Denial of Service

Critical:    Not critical
Where:       Local system
Impact:      DoS
Released:    2008-11-10

A vulnerability has been reported in Solstice X.25, which can be
exploited by malicious, local users to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/32667/ 

 --

[SA32655] Linux Kernel Denial of Service Vulnerabilities

Critical:    Not critical
Where:       Local system
Impact:      DoS
Released:    2008-11-11

Some vulnerabilities have been reported in the Linux Kernel, which can
be exploited by malicious, local users to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/32655/ 


Other:--

[SA32631] 2Wire Routers Denial of Service Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      DoS
Released:    2008-11-12

hkm has reported a vulnerability in various 2Wire Routers, which can be
exploited by malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/32631/ 

 --

[SA32635] Siemens SpeedStream 5200 "Host" Header Authentication Bypass

Critical:    Less critical
Where:       From local network
Impact:      Security Bypass
Released:    2008-11-12

hkm has reported a vulnerability in Siemens SpeedStream 5200, which can
be exploited by malicious people to bypass certain security
restrictions.

Full Advisory:
http://secunia.com/advisories/32635/ 

 --

[SA32623] Sweex RO002 Router Undocumented Account Security Issue

Critical:    Less critical
Where:       From local network
Impact:      Security Bypass
Released:    2008-11-11

Rob Stout has reported a security issue in the Sweex RO002 Router,
which can be exploited by malicious people to bypass certain security
restrictions.

Full Advisory:
http://secunia.com/advisories/32623/ 


Cross Platform:--

[SA32715] Mozilla Thunderbird Multiple Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      System access, Exposure of sensitive information, Exposure
of system information, Security Bypass
Released:    2008-11-13

Some vulnerabilities have been reported in Mozilla Thunderbird, which
can be exploited by malicious people to disclose sensitive information,
bypass certain security restrictions, or compromise a user's system.

Full Advisory:
http://secunia.com/advisories/32715/ 

 --

[SA32693] Mozilla Firefox 2 Multiple Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      Security Bypass, Exposure of system information, Exposure
of sensitive information, System access
Released:    2008-11-13

Some vulnerabilities have been reported in Mozilla Firefox, which can
be exploited by malicious people to disclose sensitive information,
bypass certain security restrictions, or compromise a user's system.

Full Advisory:
http://secunia.com/advisories/32693/ 

 --

[SA32666] AlstraSoft SendIt Pro File Upload Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2008-11-13

ZoRLu has reported a vulnerability in AlstraSoft SendIt Pro, which can
be exploited by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/32666/ 

 --

[SA32651] OptiPNG BMP Reader Buffer Overflow Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2008-11-11

A vulnerability has been reported in OptiPNG, which potentially can be
exploited by malicious people to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/32651/ 

 --

[SA32643] Sanusart Simple PHP Guestbook Script PHP Code Execution

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2008-11-11

GoLd_M has reported a vulnerability in Sanusart Simple PHP Guestbook
Script, which can be exploited by malicious people to compromise a
vulnerable system.

Full Advisory:
http://secunia.com/advisories/32643/ 

 --

[SA32628] Enthusiast "path" File Inclusion Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2008-11-10

AmnPardaz Security Research Team has discovered a vulnerability in
Enthusiast, which can be exploited by malicious people to compromise a
vulnerable system.

Full Advisory:
http://secunia.com/advisories/32628/ 

 --

[SA32626] PHPStore Multiple Products File Upload Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2008-11-12

ZoRLu has reported a vulnerability in multiple PHPStore products, which
can be exploited by malicious users to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/32626/ 

 --

[SA32712] HP Service Manager Unspecified Security Bypass Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass
Released:    2008-11-13

A vulnerability has been reported in HP Service Manager, which can be
exploited by malicious users to bypass certain security restrictions.

Full Advisory:
http://secunia.com/advisories/32712/ 

 --

[SA32703] ActiveCampaign TrioLive "department_id" SQL Injection

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting, Manipulation of data
Released:    2008-11-12

Russ McRee has reported a vulnerability in ActiveCampaign TrioLive,
which can be exploited by malicious people to conduct SQL injection
attacks.

Full Advisory:
http://secunia.com/advisories/32703/ 

 --

[SA32673] MyioSoft Products "rsargs" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data, Exposure of sensitive information
Released:    2008-11-10

ZoRLu has discovered a vulnerability in multiple MyioSoft products,
which can be exploited by malicious people to conduct SQL injection
attacks.

Full Advisory:
http://secunia.com/advisories/32673/ 

 --

[SA32665] AlstraSoft Article Manager Pro "username" SQL Injection
Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass, Manipulation of data
Released:    2008-11-13

ZoRLu has reported a vulnerability in AlstraSoft Article Manager Pro,
which can be exploited by malicious people to conduct SQL injection
attacks.

Full Advisory:
http://secunia.com/advisories/32665/ 

 --

[SA32663] ClamAV "get_unicode_name()" Off-By-One Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2008-11-10

Moritz Jodeit has reported a vulnerability in ClamAV, which can be
exploited by malicious people to cause a DoS (Denial of Service) or
potentially compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/32663/ 

 --

[SA32660] AlstraSoft Web Host Directory "pwd" SQL Injection
Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data, Exposure of sensitive information
Released:    2008-11-13

ZoRLu has reported a vulnerability in AlstraSoft Web Host Directory,
which can be exploited by malicious people to conduct SQL injection
attacks.

Full Advisory:
http://secunia.com/advisories/32660/ 

 --

[SA32653] WOW Raid Manager "auth_phpbb3.php" Authentication Bypass

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass
Released:    2008-11-11

A vulnerability has been reported in WOW Raid Manager, which can be
exploited by malicious people to bypass certain security restrictions.

Full Advisory:
http://secunia.com/advisories/32653/ 

 --

[SA32652] Trac Multiple Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Spoofing, DoS
Released:    2008-11-10

Some vulnerabilities have been reported in Trac, which can be exploited
by malicious people to cause a DoS (Denial of Service) or to conduct
phishing attacks.

Full Advisory:
http://secunia.com/advisories/32652/ 

 --

[SA32647] PozScripts Business Directory Script "cid" SQL Injection
Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2008-11-12

Hussin X has reported a vulnerability in PozScripts Business Directory
Script, which can be exploited by malicious people to conduct SQL
injection attacks.

Full Advisory:
http://secunia.com/advisories/32647/ 

 --

[SA32646] Mole Group Rental Script "username" SQL Injection
Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2008-11-10

Cyber-Zone has reported a vulnerability in Mole Group Rental Script,
which can be exploited by malicious people to conduct SQL injection
attacks.

Full Advisory:
http://secunia.com/advisories/32646/ 

 --

[SA32645] OTManager CMS "Tipo" File Inclusion Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2008-11-13

colt7r has discovered a vulnerability in OTManager CMS, which can be
exploited by malicious users to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/32645/ 

 --

[SA32644] TurnkeyForms Web Hosting Directory Multiple Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass, Exposure of sensitive information
Released:    2008-11-13

G4N0K has reported some vulnerabilities in TurnkeyForms Web Hosting
Directory, which can be exploited by malicious people to bypass certain
security restrictions and disclose sensitive information.

Full Advisory:
http://secunia.com/advisories/32644/ 

 --

[SA32641] E-topbiz Online Store 1 "user" and "cat_id" SQL Injection
Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data, Exposure of sensitive information
Released:    2008-11-10

Some vulnerabilities have been reported in E-topbiz Online Store 1,
which can be exploited by malicious people to conduct SQL injection
attacks.

Full Advisory:
http://secunia.com/advisories/32641/ 

 --

[SA32640] Mini Web Calendar Cross-Site Scripting and Local File
Disclosure

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting, Exposure of system information,
Exposure of sensitive information
Released:    2008-11-10

ahmadbady has discovered two vulnerabilities in Mini Web Calendar,
which can be exploited by malicious people to conduct cross-site
scripting attacks or to disclose sensitive information.

Full Advisory:
http://secunia.com/advisories/32640/ 

 --

[SA32639] E-topbiz Number Links 1 "id" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data, Exposure of sensitive information
Released:    2008-11-10

Hussin X has reported a vulnerability in E-topbiz Number Links 1, which
can be exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/32639/ 

 --

[SA32638] TYPO3 eluna_pagecomments Extension Cross-Site Scripting and
SQL Injection

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting, Manipulation of data
Released:    2008-11-10

Some vulnerabilities have been reported in the eluna_pagecomments
extension for TYPO3, which can be exploited by malicious people to
conduct cross-site scripting and SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/32638/ 

 --

[SA32637] Domain Seller Pro "id" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2008-11-10

TR-ShaRk has reported a vulnerability in Domain Seller Pro, which can
be exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/32637/ 

 --

[SA32636] MyioSoft EasyBookMarker "Parent" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data, Exposure of sensitive information
Released:    2008-11-10

G4N0K has discovered a vulnerability in MyioSoft EasyBookMarker, which
can be exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/32636/ 

 --

[SA32632] MemHT Portal "title" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data, Exposure of sensitive information
Released:    2008-11-12

Ams has discovered a vulnerability in MemHT Portal, which can be
exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/32632/ 

 --

[SA32622] Joomla! Script Insertion Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2008-11-11

Some vulnerabilities have been reported in Joomla!, which can be
exploited by malicious users and potentially malicious people to
conduct script insertion attacks.

Full Advisory:
http://secunia.com/advisories/32622/ 

 --

[SA32617] Zeeways Shaadi Clone Authentication Bypass Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass
Released:    2008-11-11

G4N0K has reported a vulnerability in Zeeways Shaadi Clone, which can
be exploited by malicious people to bypass certain security
restrictions.

Full Advisory:
http://secunia.com/advisories/32617/ 

 --

[SA32613] Mole Group Pizza Online Ordering Script "manufacturers_id"
SQL Injection

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2008-11-07

Cyb3r-1sT has reported a vulnerability in Mole Group Pizza Online
Ordering Script, which can be exploited by malicious people to conduct
SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/32613/ 

 --

[SA32603] V3 Chat Products "admin" Cookie Security Bypass
Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass
Released:    2008-11-10

Cyber-Zone has reported a vulnerability in multiple V3 Chat products,
which can be exploited by malicious people to bypass certain security
restrictions.

Full Advisory:
http://secunia.com/advisories/32603/ 

 --

[SA32601] Zeeways PhotoVideoTube Authentication Bypass Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2008-11-11

Mountassif Moad has reported a vulnerability in Zeeways PhotoVideoTube,
which can be exploited by malicious people to bypass certain security
restrictions.

Full Advisory:
http://secunia.com/advisories/32601/ 

 --

[SA32600] AJSquare Free Polling Script Authentication Bypass
Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass
Released:    2008-11-12

G4N0K has discovered a vulnerability in AJ Square Free Polling Script,
which can be exploited by malicious people to bypass certain security
restrictions.

Full Advisory:
http://secunia.com/advisories/32600/ 

 --

[SA32596] DevelopItEasy Events Calendar Multiple SQL Injection
Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data, Exposure of sensitive information
Released:    2008-11-07

Cyb3r-1sT has reported some vulnerabilities in DevelopItEasy Events
Calendar, which can be exploited by malicious people to conduct SQL
injection attacks.

Full Advisory:
http://secunia.com/advisories/32596/ 

 --

[SA32595] DevelopItEasy News And Article System Multiple SQL Injection
Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data, Exposure of sensitive information
Released:    2008-11-07

Cyb3r-1sT has reported some vulnerabilities in DevelopItEasy News And
Article System, which can be exploited by malicious people to conduct
SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/32595/ 

 --

[SA32594] DevelopItEasy Membership System Multiple SQL Injection
Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data, Exposure of sensitive information
Released:    2008-11-07

Cyb3r-1sT has reported some vulnerabilities in DevelopItEasy Membership
System, which can be exploited by malicious people to conduct SQL
injection attacks.

Full Advisory:
http://secunia.com/advisories/32594/ 

 --

[SA32593] DevelopItEasy Photo Gallery Multiple SQL Injection
Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data, Exposure of sensitive information
Released:    2008-11-07

Cyb3r-1sT has reported some vulnerabilities in DevelopItEasy Photo
Gallery, which can be exploited by malicious people to conduct SQL
injection attacks.

Full Advisory:
http://secunia.com/advisories/32593/ 

 --

[SA32591] TurnkeyForms Local Classifieds SQL Injection and Security
Bypass

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass, Manipulation of data, Exposure of
sensitive information
Released:    2008-11-07

A vulnerability and a security issue have been reported in TurnkeyForms
Local Classifieds, which can be exploited by malicious people to conduct
SQL injection attacks and bypass certain security restrictions

Full Advisory:
http://secunia.com/advisories/32591/ 

 --

[SA32586] PHP Classifieds "admin_username" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data, Exposure of sensitive information
Released:    2008-11-07

ZoRLu has reported a vulnerability in PHP Classifieds, which can be
exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/32586/ 

 --

[SA32689] TYPO3 "file" Backend Module Cross-Site Scripting
Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2008-11-13

A vulnerability has been reported in TYPO3, which can be exploited by
malicious people to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/32689/ 

 --

[SA32670] Sun Java System Messaging Server Cross-Site Scripting
Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2008-11-13

A vulnerability has been reported in Sun Java System Messaging Server,
which can be exploited by malicious people to conduct cross-site
scripting attacks.

Full Advisory:
http://secunia.com/advisories/32670/ 

 --

[SA32657] buymyscripts.net Lyrics Script "k" Cross-Site Scripting
Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2008-11-12

A vulnerability has been reported in buymyscripts.net Lyrics Script,
which can be exploited by malicious people to conduct cross-site
scripting attacks.

Full Advisory:
http://secunia.com/advisories/32657/ 

 --

[SA32654] TYPO3 phpMyAdmin Extension "db" Cross-Site Scripting
Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2008-11-10

A vulnerability has been reported in the phpMyAdmin extension for
TYPO3, which can be exploited by malicious people to conduct cross-site
scripting attacks.

Full Advisory:
http://secunia.com/advisories/32654/ 

 --

[SA32650] buymyscripts.net Clickbank Portal "keyword" Cross-Site
Scripting Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2008-11-12

A vulnerability has been reported in buymyscripts.net Clickbank Portal,
which can be exploited by malicious people to conduct cross-site
scripting attacks.

Full Advisory:
http://secunia.com/advisories/32650/ 

 --

[SA32649] buymyscripts.net Recipe Website Script "keyword" Cross-Site
Scripting

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2008-11-12

A vulnerability has been reported in buymyscripts.net Recipe Website
Script,  which can be exploited by malicious people to conduct
cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/32649/ 

 --

[SA32642] Fresh Email Script "Email" Cross-Site Scripting
Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2008-11-13

Don has reported a vulnerability in Fresh Email Script, which can be
exploited by malicious people to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/32642/ 

 --

[SA32680] Blender Insecure Python Module Search Path Vulnerability

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2008-11-12

A vulnerability has been reported in Blender, which can be exploited by
malicious, local users to gain escalated privileges.

Full Advisory:
http://secunia.com/advisories/32680/ 

 --

[SA32624] VMware ESX / ESXi Privilege Escalation and Directory
Traversal Vulnerability

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2008-11-07

Some vulnerabilities have been reported in VMware ESX and ESXi, which
can be exploited by malicious, local users to gain escalated
privileges.

Full Advisory:
http://secunia.com/advisories/32624/ 

 --

[SA32612] VMware Products Privilege Escalation Vulnerability

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2008-11-07

A vulnerability has been reported in various VMware products, which can
be exploited by malicious, local users to gain escalated privileges.

Full Advisory:
http://secunia.com/advisories/32612/ 

 --

[SA32686] MoinMoin Full Path Disclosure Weakness

Critical:    Not critical
Where:       From remote
Impact:      Exposure of system information
Released:    2008-11-10

Xia Shing Zee has discovered a weakness in MoinMoin, which can be
exploited by malicious people to disclose system information.

Full Advisory:
http://secunia.com/advisories/32686/ 



=======================================================================
Secunia recommends that you verify all advisories you receive,
by clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only use
those supplied by the vendor.

Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/ 

Subscribe:
http://secunia.com/advisories/weekly_summary/ 

Contact details:
Web	: http://secunia.com/ 
E-mail	: support@secunia.com 
Tel	: +45 70 20 51 44
Fax	: +45 70 20 51 45


______________________________________________      
Visit the InfoSec News Security Bookstore
Best Selling Security Books and More!
http://www.shopinfosecnews.org 

Site design & layout copyright © 1986-2014 CodeGods