AOH :: IS1420.HTM

Secunia Weekly Summary - Issue: 2008-48




Secunia Weekly Summary - Issue: 2008-48
Secunia Weekly Summary - Issue: 2008-48



=======================================================================
                  The Secunia Weekly Advisory Summary                  
                        2008-11-20 - 2008-11-27                        

                       This week: 60 advisories                        

=======================================================================Table of Contents:

1.....................................................Word From Secunia
2....................................................This Week In Brief
3...............................This Weeks Top Ten Most Read Advisories
4.......................................Vulnerabilities Summary Listing
5.......................................Vulnerabilities Content Listing

=======================================================================1) Word From Secunia:

Secunia PSI 1.0 (Final) has been released 

The first official version of the Secunia PSI v1.0!

The PSI has been a long time in the making and it has been revamped
quite a bit compared to the first beta version released on a hot summer
day some 17 months ago.

Though the PSI so far has been in beta, it has received a huge amount
of praising words like these from ZDNet in a review of 10 essential
security tools: "Number one is the Secunia Personal Software Inspector,
quite possibly the most useful and important free application you can
have running on your Windows machine".

Click here to learn more:
http://secunia.com/blog/35/ 

=======================================================================2) This Week in Brief:

ProTeuS has discovered a vulnerability in BitDefender Antivirus, which
can be exploited by malicious people to cause a DoS (Denial of Service)
or to potentially compromise a vulnerable system.

For more information, refer to:
http://secunia.com/advisories/32789/ 

 --

Some weaknesses, security issues, and vulnerabilities have been
reported in Apple iPhone and iPod touch, which can be exploited by
malicious people to bypass certain security restrictions, disclose
potential sensitive information, conduct spoofing attacks, to cause a
DoS (Denial of Service), or potentially compromise a user's system.

For more information, refer to:
http://secunia.com/advisories/32756/ 


=======================================================================3) This Weeks Top Ten Most Read Advisories:

1.  [SA31010] Sun Java JDK / JRE Multiple Vulnerabilities
2.  [SA32270] Adobe Flash Player Multiple Security Issues and
              Vulnerabilities
3.  [SA32756] Apple iPhone / iPod touch Multiple Vulnerabilities
4.  [SA32713] Mozilla Firefox 3 Multiple Vulnerabilities
5.  [SA32772] Adobe AIR Multiple Vulnerabilities
6.  [SA29773] Adobe Acrobat/Reader Multiple Vulnerabilities
7.  [SA32789] BitDefender Antivirus PDF Processing Memory Corruption
              Vulnerability
8.  [SA31821] Apple QuickTime Multiple Vulnerabilities
9.  [SA32728] Checkpoint VPN-1 Information Disclosure Vulnerability
10. [SA32810] Symantec Backup Exec for Windows Servers Multiple
              Vulnerabilities

=======================================================================4) Vulnerabilities Summary Listing

Windows:
[SA32881] K-Lite Codec Pack ffdshow URL Processing Buffer Overflow
[SA32850] Nero ShowTime M3U Processing Buffer Overflow Vulnerability
[SA32846] ffdshow URL Processing Buffer Overflow Vulnerability
[SA32829] FlexCell Grid ActiveX Control "HttpDownloadFile()" Arbitrary
File Overwrite
[SA32823] Quicksilver Forums "lang" File Inclusion Vulnerability
[SA32852] iPhone Configuration Web Utility for Windows Directory
Traversal

UNIX/Linux:
[SA32878] Ubuntu update for thunderbird
[SA32876] SUSE Update for Mozilla Products
[SA32872] SUSE Update for Multiple Packages
[SA32860] Ubuntu update for webkit
[SA32856] Ubuntu update for openoffice.org
[SA32853] Debian update for iceweasel
[SA32845] Debian update for xulrunner
[SA32843] Fedora update for imlib2
[SA32835] Slackware update for mozilla-thunderbird
[SA32884] HP Secure Web Server/Internet Express for Tru64 UNIX PHP
Vulnerability
[SA32879] Ubuntu update for GnuTLS
[SA32864] Red Hat update for vim
[SA32863] Red Hat update for vim
[SA32861] Ubuntu update for gaim
[SA32859] Ubuntu update for pidgin
[SA32858] Red Hat update for vim
[SA32854] Debian update for enscript
[SA32839] rPath update for vim, vim-minimal, and gvim
[SA32834] SUSE update for phpMyAdmin and lighttpd
[SA32871] FreeBSD "arc4random()" Insufficient Entropy Sources Security
Issue
[SA32838] rPath update for httpd
[SA32862] Red Hat update for tog-pegasus
[SA32916] IBM AIX Multiple Privilege Escalation Vulnerabilities
[SA32855] Debian update for hf
[SA32832] SUSE update for yast2-backup
[SA32831] hf "hfkernel" Privilege Escalation Security Issue
[SA32875] Fedora update for geda-gnetlist
[SA32851] VirtualBox "AcquireDaemonLock()" Insecure Temporary Files

Other:
[SA32827] Siemens C450IP / C475IP Denial of Service Vulnerability
[SA32836] I-O DATA HDL-F Series Cross-Site Request Forgery

Cross Platform:
[SA32848] Amaya Two Buffer Overflow Vulnerabilities
[SA32825] LoveCMS Download Manager Module File Upload Vulnerability
[SA32824] MODx CMS "reflect_base" File Inclusion Vulnerability
[SA32887] Star Articles "subcatid" and "artid" SQL Injection
Vulnerabilities
[SA32874] WebStudio eHotel "pageid" SQL Injection Vulnerability
[SA32873] WebStudio eCatalogue "pageid" SQL Injection Vulnerability
[SA32868] FAQ Manager SQL Injection and File Inclusion Vulnerabilities
[SA32866] Clean CMS "id" Cross-Site Scripting and SQL Injection
[SA32865] fuzzylime (cms) "p" File Inclusion Vulnerability
[SA32844] Cars Portal "id" SQL Injection Vulnerability
[SA32841] PG Multiple Products "login_lg" SQL Injection Vulnerability
[SA32840] Wireshark SMTP Processing Denial of Service Vulnerability
[SA32837] PG Job Site Pro "poll_view_id" SQL Injection Vulnerability
[SA32830] xt:Commerce SQL Injection Vulnerability
[SA32826] Red Hat update for java-1.4.2-ibm
[SA32822] Easyedit CMS Multiple SQL Injection Vulnerabilities
[SA32905] Drupal Comment Mail Module Cross-Site Request Forgery
[SA32904] Drupal User Karma Module Cross-Site Scripting and SQL
Injection
[SA32898] Post Affiliate Pro "umprof_status" SQL Injection
Vulnerability
[SA32882] WordPress "Host" Header RSS Feed Script Insertion
Vulnerability
[SA32880] MyBB "Referer" Header "my_post_key" Token Disclosure
[SA32867] COMS "q" Cross-Site Scripting Vulnerability
[SA32828] Softbiz Classifieds Script "msg" Cross-Site Scripting
Vulnerability
[SA32833] Attachmate Products SSH CBC Mode Plaintext Recovery
Vulnerability

=======================================================================5) Vulnerabilities Content Listing

Windows:--

[SA32881] K-Lite Codec Pack ffdshow URL Processing Buffer Overflow

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2008-11-26

A vulnerability has been reported in K-Lite Codec Pack, which
potentially can be exploited by malicious people to compromise a user's
system.

Full Advisory:
http://secunia.com/advisories/32881/ 

 --

[SA32850] Nero ShowTime M3U Processing Buffer Overflow Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2008-11-27

Gjoko 'LiquidWorm' Krstic has reported a vulnerability in Nero
ShowTime, which potentially can be exploited by malicious people to
compromise a user's system.

Full Advisory:
http://secunia.com/advisories/32850/ 

 --

[SA32846] ffdshow URL Processing Buffer Overflow Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2008-11-24

A vulnerability has been reported in ffdshow, which potentially can be
exploited by malicious people to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/32846/ 

 --

[SA32829] FlexCell Grid ActiveX Control "HttpDownloadFile()" Arbitrary
File Overwrite

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2008-11-24

Alfons Luja has discovered a vulnerability in the FlexCell Grid ActiveX
control, which can be exploited by malicious people to compromise a
user's system.

Full Advisory:
http://secunia.com/advisories/32829/ 

 --

[SA32823] Quicksilver Forums "lang" File Inclusion Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Exposure of sensitive information, Exposure of system
information
Released:    2008-11-25

__GiReX__ has reported a vulnerability in Quicksilver Forums, which can
be exploited by malicious people to disclose sensitive information.

Full Advisory:
http://secunia.com/advisories/32823/ 

 --

[SA32852] iPhone Configuration Web Utility for Windows Directory
Traversal

Critical:    Less critical
Where:       From local network
Impact:      Exposure of system information, Exposure of sensitive
information
Released:    2008-11-24

A vulnerability has been discovered in iPhone Configuration Web Utility
for Windows, which can be exploited by malicious people to disclose
sensitive information.

Full Advisory:
http://secunia.com/advisories/32852/ 


UNIX/Linux:--

[SA32878] Ubuntu update for thunderbird

Critical:    Highly critical
Where:       From remote
Impact:      Security Bypass, Exposure of system information, Exposure
of sensitive information, System access
Released:    2008-11-26

Ubuntu has issued an update for mozilla-thunderbird and thunderbird.
This fixes some vulnerabilities, which can be exploited by malicious
people to to disclose sensitive information, bypass certain security
restrictions, or compromise a user's system.

Full Advisory:
http://secunia.com/advisories/32878/ 

 --

[SA32876] SUSE Update for Mozilla Products

Critical:    Highly critical
Where:       From remote
Impact:      Security Bypass, Exposure of system information, Exposure
of sensitive information, System access
Released:    2008-11-26

SUSE has issued an update for MozillaFirefox, MozillaThunderbird, and
seamonkey. This fixes some vulnerabilities, which can be exploited by
malicious people to disclose sensitive information, bypass certain
security restrictions, or compromise a user's system.

Full Advisory:
http://secunia.com/advisories/32876/ 

 --

[SA32872] SUSE Update for Multiple Packages

Critical:    Highly critical
Where:       From remote
Impact:      Privilege escalation, DoS, System access
Released:    2008-11-25

SUSE has issued an update for multiple packages. This fixes some
vulnerabilities, which can be exploited by malicious, local users to
gain escalated privileges or by malicious people to cause a DoS (Denial
of Service) and compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/32872/ 

 --

[SA32860] Ubuntu update for webkit

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2008-11-25

Ubuntu has issued an update for webkit. This fixes a vulnerability,
which potentially can be exploited by malicious people to compromise a
user's system.

Full Advisory:
http://secunia.com/advisories/32860/ 

 --

[SA32856] Ubuntu update for openoffice.org

Critical:    Highly critical
Where:       From remote
Impact:      Privilege escalation, System access
Released:    2008-11-25

Ubuntu has issued an update for openoffice.org and
openoffice.org-amd64. This fixes some vulnerabilities and a security
issue, which potentially can be exploited by malicious people to
compromise a user's system, and by malicious, local users to perform
certain actions with escalated privileges.

Full Advisory:
http://secunia.com/advisories/32856/ 

 --

[SA32853] Debian update for iceweasel

Critical:    Highly critical
Where:       From remote
Impact:      Security Bypass, Exposure of system information, Exposure
of sensitive information, System access
Released:    2008-11-25

Debian has issued an update for iceweasel. This fixes some
vulnerabilities, which can be exploited by malicious people to disclose
sensitive information, bypass certain security restrictions, or
compromise a user's system.

Full Advisory:
http://secunia.com/advisories/32853/ 

 --

[SA32845] Debian update for xulrunner

Critical:    Highly critical
Where:       From remote
Impact:      Security Bypass, Exposure of system information, Exposure
of sensitive information, DoS, System access
Released:    2008-11-24

Debian has issued an update for xulrunner. This fixes some
vulnerabilities, which can be exploited by malicious people to bypass
certain security restrictions, to disclose sensitive information, or to
potentially compromise a user's system.

Full Advisory:
http://secunia.com/advisories/32845/ 

 --

[SA32843] Fedora update for imlib2

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2008-11-26

Fedora has issued an update for imlib2. This fixes a vulnerability,
which can be exploited by malicious people to potentially compromise an
application using the library.

Full Advisory:
http://secunia.com/advisories/32843/ 

 --

[SA32835] Slackware update for mozilla-thunderbird

Critical:    Highly critical
Where:       From remote
Impact:      Security Bypass, Exposure of system information, Exposure
of sensitive information, System access
Released:    2008-11-24

Slackware has issued an update for mozilla-thunderbird. This fixes some
vulnerabilities, which can be exploited by malicious people to disclose
sensitive information, bypass certain security restrictions, or
compromise a user's system.

Full Advisory:
http://secunia.com/advisories/32835/ 

 --

[SA32884] HP Secure Web Server/Internet Express for Tru64 UNIX PHP
Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2008-11-26

HP has acknowledged a vulnerability in Secure Web Server for Tru64 UNIX
and Internet Express for Tru64 UNIX, which can be exploited by malicious
people to cause a DoS (Denial of Service) or to potentially compromise a
vulnerable system.

Full Advisory:
http://secunia.com/advisories/32884/ 

 --

[SA32879] Ubuntu update for GnuTLS

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass, Spoofing
Released:    2008-11-26

Ubuntu has issued an update for gnutls12, gnutls13, and gnutls26. This
fixes a vulnerability, which can be exploited by malicious people to
bypass certain security restrictions.

Full Advisory:
http://secunia.com/advisories/32879/ 

 --

[SA32864] Red Hat update for vim

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2008-11-25

Red Hat has issued an update for vim. This fixes some vulnerabilities,
which can be exploited by malicious people to compromise a user's
system.

Full Advisory:
http://secunia.com/advisories/32864/ 

 --

[SA32863] Red Hat update for vim

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2008-11-25

Red Hat has issued an update for vim. This fixes some vulnerabilities,
which can be exploited by malicious people to compromise a vulnerable
system.

Full Advisory:
http://secunia.com/advisories/32863/ 

 --

[SA32861] Ubuntu update for gaim

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2008-11-25

Ubuntu has issued an update for gaim. This fixes some vulnerabilities,
which can be exploited by malicious people to potentially compromise a
user's system.

Full Advisory:
http://secunia.com/advisories/32861/ 

 --

[SA32859] Ubuntu update for pidgin

Critical:    Moderately critical
Where:       From remote
Impact:      Spoofing, DoS, System access
Released:    2008-11-25

Ubuntu has issued an update for pidgin. This fixes some
vulnerabilities, which can be exploited by malicious people to conduct
spoofing attacks and potentially compromise a user's system.

Full Advisory:
http://secunia.com/advisories/32859/ 

 --

[SA32858] Red Hat update for vim

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2008-11-25

Red Hat has issued an update for vim. This fixes some vulnerabilities,
which can be exploited by malicious people to compromise a user's
system.

Full Advisory:
http://secunia.com/advisories/32858/ 

 --

[SA32854] Debian update for enscript

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2008-11-25

Debian has issued an update for enscript. This fixes a vulnerability,
which can be exploited by malicious people to compromise a vulnerable
system.

Full Advisory:
http://secunia.com/advisories/32854/ 

 --

[SA32839] rPath update for vim, vim-minimal, and gvim

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2008-11-25

rPath has issued an update for vim, vim-minimal, and gvim. This fixes
some vulnerabilities, which can be exploited by malicious people to
compromise a user's system.

Full Advisory:
http://secunia.com/advisories/32839/ 

 --

[SA32834] SUSE update for phpMyAdmin and lighttpd

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting, Spoofing, Manipulation of data,
Exposure of system information, Exposure of sensitive information, DoS
Released:    2008-11-25

SUSE has issued an update for phpMyAdmin and lighttpd. This fixes some
vulnerabilities, which can be exploited by malicious, local users to
conduct cross-site scripting attacks, and by malicious users to
disclose system and potentially sensitive information, and by malicious
people to conduct spoofing attacks, conduct SQL injection attacks,
disclose system and potentially sensitive information, and cause a DoS
(Denial of Service).

Full Advisory:
http://secunia.com/advisories/32834/ 

 --

[SA32871] FreeBSD "arc4random()" Insufficient Entropy Sources Security
Issue

Critical:    Less critical
Where:       From remote
Impact:      Brute force
Released:    2008-11-25

FreeBSD has acknowledged a security issue, which can be exploited by
malicious people to conduct brute force attacks.

Full Advisory:
http://secunia.com/advisories/32871/ 

 --

[SA32838] rPath update for httpd

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting, DoS
Released:    2008-11-24

rPath has issued an update for httpd. This fixes some vulnerabilities,
which potentially can be exploited by malicious people to cause a DoS
(Denial of Service) or conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/32838/ 

 --

[SA32862] Red Hat update for tog-pegasus

Critical:    Less critical
Where:       From local network
Impact:      Security Bypass, Brute force
Released:    2008-11-25

Red Hat has issued an update for tog-pegasus. This fixes a security
issues and a weakness, which can be exploited by people to conduct
brute force attacks and malicious users to bypass certain security
restrictions.

Full Advisory:
http://secunia.com/advisories/32862/ 

 --

[SA32916] IBM AIX Multiple Privilege Escalation Vulnerabilities

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2008-11-27

Some vulnerabilities have been reported in IBM AIX, which can be
exploited by malicious, local users to gain escalated privileges.

Full Advisory:
http://secunia.com/advisories/32916/ 

 --

[SA32855] Debian update for hf

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2008-11-24

Debian has issued an update for hf. This fixes a security issue, which
can be exploited by malicious, local users to gain escalated
privileges.

Full Advisory:
http://secunia.com/advisories/32855/ 

 --

[SA32832] SUSE update for yast2-backup

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2008-11-25

SUSE has issued an update for yast2-backup. This fixes a security
issue, which can be exploited by malicious, local users to gain
escalated privileges.

Full Advisory:
http://secunia.com/advisories/32832/ 

 --

[SA32831] hf "hfkernel" Privilege Escalation Security Issue

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2008-11-24

Steve Kemp has reported a security issue in hf, which can be exploited
by malicious, local users to gain escalated privileges.

Full Advisory:
http://secunia.com/advisories/32831/ 

 --

[SA32875] Fedora update for geda-gnetlist

Critical:    Not critical
Where:       Local system
Impact:      Privilege escalation
Released:    2008-11-25

Fedora has issued an update for geda-gnetlist. This fixes a security
issue, which can be exploited by malicious, local users to perform
certain actions with escalated privileges.

Full Advisory:
http://secunia.com/advisories/32875/ 

 --

[SA32851] VirtualBox "AcquireDaemonLock()" Insecure Temporary Files

Critical:    Not critical
Where:       Local system
Impact:      Privilege escalation
Released:    2008-11-25

A security issue has been reported in VirtualBox, which can be
exploited by malicious, local users to perform certain actions with
escalated privileges.

Full Advisory:
http://secunia.com/advisories/32851/ 


Other:--

[SA32827] Siemens C450IP / C475IP Denial of Service Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2008-11-27

A vulnerability has been reported in Siemens C450IP / C475IP, which can
be exploited by malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/32827/ 

 --

[SA32836] I-O DATA HDL-F Series Cross-Site Request Forgery

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2008-11-26

A vulnerability has been reported in I-O DATA HDL-F series, which can
be exploited by malicious people to conduct cross-site request forgery
attacks.

Full Advisory:
http://secunia.com/advisories/32836/ 


Cross Platform:--

[SA32848] Amaya Two Buffer Overflow Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2008-11-25

r0ut3r has discovered two vulnerabilities in Amaya, which can be
exploited by malicious people to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/32848/ 

 --

[SA32825] LoveCMS Download Manager Module File Upload Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2008-11-26

cOndemned has discovered a vulnerability in the Download Manager module
for LoveCMS, which can be exploited by malicious people to compromise a
vulnerable system.

Full Advisory:
http://secunia.com/advisories/32825/ 

 --

[SA32824] MODx CMS "reflect_base" File Inclusion Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2008-11-24

RoMaNcYxHaCkEr has discovered a vulnerability in MODx CMS, which can be
exploited by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/32824/ 

 --

[SA32887] Star Articles "subcatid" and "artid" SQL Injection
Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2008-11-27

b3hz4d has reported some vulnerabilities in Star Articles, which can be
exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/32887/ 

 --

[SA32874] WebStudio eHotel "pageid" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2008-11-26

Hussin X has reported a vulnerability in WebStudio eHotel, which can be
exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/32874/ 

 --

[SA32873] WebStudio eCatalogue "pageid" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2008-11-26

Hussin X has reported a vulnerability in WebStudio eCatalogue, which
can be exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/32873/ 

 --

[SA32868] FAQ Manager SQL Injection and File Inclusion Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data, Exposure of system information,
Exposure of sensitive information
Released:    2008-11-26

Some vulnerabilities have been discovered in FAQ Manager, which can be
exploited by malicious people to disclose sensitive information and
conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/32868/ 

 --

[SA32866] Clean CMS "id" Cross-Site Scripting and SQL Injection

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting, Manipulation of data
Released:    2008-11-26

ZoRLu has discovered a vulnerability in Clean CMS, which can be
exploited by malicious people to conduct cross-site scripting and SQL
injection attacks.

Full Advisory:
http://secunia.com/advisories/32866/ 

 --

[SA32865] fuzzylime (cms) "p" File Inclusion Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Exposure of system information, Exposure of sensitive
information
Released:    2008-11-26

Alfons Luja has discovered a vulnerability in Fuzzylime CMS, which can
be exploited by malicious people to disclose sensitive information.

Full Advisory:
http://secunia.com/advisories/32865/ 

 --

[SA32844] Cars Portal "id" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2008-11-26

Snakespc has reported a vulnerability in Cars Portal, which can be
exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/32844/ 

 --

[SA32841] PG Multiple Products "login_lg" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass, Manipulation of data
Released:    2008-11-24

ZoRLu has reported a vulnerability in multiple PG products, which can
be exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/32841/ 

 --

[SA32840] Wireshark SMTP Processing Denial of Service Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2008-11-24

A vulnerability has been reported in Wireshark, which can be exploited
by malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/32840/ 

 --

[SA32837] PG Job Site Pro "poll_view_id" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2008-11-24

ZoRLu has reported a vulnerability in PG Job Site Pro, which can be
exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/32837/ 

 --

[SA32830] xt:Commerce SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2008-11-21

A vulnerability has been reported in xt:Commerce, which can be
exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/32830/ 

 --

[SA32826] Red Hat update for java-1.4.2-ibm

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass, Exposure of system information, Exposure
of sensitive information
Released:    2008-11-25

Red Hat has issued an update for java-1.4.2-ibm. This fixes some
vulnerabilities, which can be exploited by malicious people to disclose
system and potentially sensitive information and bypass certain security
restrictions.

Full Advisory:
http://secunia.com/advisories/32826/ 

 --

[SA32822] Easyedit CMS Multiple SQL Injection Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2008-11-21

d3v1l has reported some vulnerabilities in Easyedit CMS, which can be
exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/32822/ 

 --

[SA32905] Drupal Comment Mail Module Cross-Site Request Forgery

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2008-11-27

A vulnerability has been reported in the Comment Mail module for
Drupal, which can be exploited by malicious people to conduct
cross-site request forgery attacks.

Full Advisory:
http://secunia.com/advisories/32905/ 

 --

[SA32904] Drupal User Karma Module Cross-Site Scripting and SQL
Injection

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting, Manipulation of data
Released:    2008-11-27

Some vulnerabilities have been reported in the User Karma module for
Drupal, which can be exploited by malicious users to conduct SQL
injection attacks and by malicious people to conduct cross-site
scripting attacks.

Full Advisory:
http://secunia.com/advisories/32904/ 

 --

[SA32898] Post Affiliate Pro "umprof_status" SQL Injection
Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Manipulation of data
Released:    2008-11-27

XaDoS has reported a vulnerability in Post Affiliate Pro, which can be
exploited by malicious users to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/32898/ 

 --

[SA32882] WordPress "Host" Header RSS Feed Script Insertion
Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2008-11-26

Jeremias Reith has reported a vulnerability in WordPress, which can be
exploited by malicious people to conduct script insertion attacks.

Full Advisory:
http://secunia.com/advisories/32882/ 

 --

[SA32880] MyBB "Referer" Header "my_post_key" Token Disclosure

Critical:    Less critical
Where:       From remote
Impact:      Hijacking, Cross Site Scripting, Exposure of sensitive
information
Released:    2008-11-26

NBBN has discovered some vulnerabilities in MyBB, which can be
exploited can be exploited by malicious people to disclose sensitive
information.

Full Advisory:
http://secunia.com/advisories/32880/ 

 --

[SA32867] COMS "q" Cross-Site Scripting Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2008-11-25

Pouya_Server has reported a vulnerability in COMS, which can be
exploited by malicious people to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/32867/ 

 --

[SA32828] Softbiz Classifieds Script "msg" Cross-Site Scripting
Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2008-11-21

Vahid Ezraeil has reported a vulnerability in Softbiz Classifieds
Script, which can be exploited by malicious people to conduct
cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/32828/ 

 --

[SA32833] Attachmate Products SSH CBC Mode Plaintext Recovery
Vulnerability

Critical:    Less critical
Where:       From local network
Impact:      Exposure of sensitive information
Released:    2008-11-24

A vulnerability has been reported in various Attachmate products, which
potentially can be exploited by malicious people to disclose sensitive
information.

Full Advisory:
http://secunia.com/advisories/32833/ 



=======================================================================
Secunia recommends that you verify all advisories you receive,
by clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only use
those supplied by the vendor.

Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/ 

Subscribe:
http://secunia.com/advisories/weekly_summary/ 

Contact details:
Web	: http://secunia.com/ 
E-mail	: support@secunia.com 
Tel	: +45 70 20 51 44
Fax	: +45 70 20 51 45


_______________________________________________      
Help InfoSecNews.org with a donation!
http://www.infosecnews.org/donate.html 

Site design & layout copyright © 1986-2014 CodeGods