AOH :: IS1505.HTM

Secunia Weekly Summary - Issue: 2008-51




Secunia Weekly Summary - Issue: 2008-51
Secunia Weekly Summary - Issue: 2008-51



=======================================================================
                  The Secunia Weekly Advisory Summary                  
                        2008-12-11 - 2008-12-18                        

                       This week: 85 advisories                        

=======================================================================Table of Contents:

1.....................................................Word From Secunia
2....................................................This Week In Brief
3...............................This Weeks Top Ten Most Read Advisories
4.......................................Vulnerabilities Summary Listing
5.......................................Vulnerabilities Content Listing

=======================================================================1) Word From Secunia:

Secunia PSI: Habla espaol!

The Secunia PSI 1.0 - now available in Spanish!

Remember; installing the latest security patches for your programs is
just as important as having an anti-virus program and being behind a
firewall.

Read more:
http://secunia.com/blog/39/ 

 --

Internet Explorer Data Binding 0-Day Clarifications

As everyone using Internet Explorer hopefully are aware of, then
there's a new 0-day circulating. There has been a lot of confusion as
to both the problem cause and the browser versions affected, but in
this blog, I should be able to sort it all out.

Basically, this vulnerability was initially reported by everyone
(including ourselves) as an XML processing vulnerability in Internet
Explorer 7. PoCs and working exploits were immediately made publicly
available by various sources and security vendors were quick to report
that their products were successfully detecting attacks. But were they
really?

Read more:
http://secunia.com/blog/38/ 

=======================================================================2) This Week in Brief:

A vulnerability has been discovered in Internet Explorer, which can be
exploited by malicious people to compromise a user's system.

Successful exploitation allows execution of arbitrary code.

NOTE: Reportedly, the vulnerability is currently being actively
exploited.

A patch has been released from the vendor.

For more information, refer to:
http://secunia.com/advisories/33089/ 

 --

Some vulnerabilities have been reported in Mozilla Firefox, which can
be exploited by malicious people to bypass certain security
restrictions, disclose sensitive information, conduct cross-site
scripting attacks, or potentially compromise a user's system.

For more information, refer to:
http://secunia.com/advisories/33203/ 

=======================================================================3) This Weeks Top Ten Most Read Advisories:

1.  [SA33089] Internet Explorer Data Binding Memory Corruption
              Vulnerability
2.  [SA33203] Mozilla Firefox 3 Multiple Vulnerabilities
3.  [SA32991] Sun Java JDK / JRE Multiple Vulnerabilities
4.  [SA32270] Adobe Flash Player Multiple Security Issues and
              Vulnerabilities
5.  [SA33035] Microsoft Internet Explorer Multiple Vulnerabilities
6.  [SA33132] IBM WebSphere Portal Unspecified Security Bypass
              Vulnerability
7.  [SA31593] Microsoft Excel Multiple Vulnerabilities
8.  [SA29773] Adobe Acrobat/Reader Multiple Vulnerabilities
9.  [SA33034] Microsoft SQL Server "sp_replwritetovarbin()" Buffer
              Overflow
10. [SA20153] Microsoft Word Malformed Object Pointer Vulnerability

=======================================================================4) Vulnerabilities Summary Listing

Windows:
[SA33183] Realtek Media Player Playlist Processing Buffer Overflow
[SA33233] betaparticle blog Database Disclosure
[SA33199] EvimGibi Pro Resim Galerisi "kat_id" SQL Injection
[SA33197] PreProjects Products Database Disclosure Security Issue
[SA33193] Hitachi JP1/Integrated Management Script Insertion
Vulnerability
[SA33172] HomeBuilder Multiple SQL Injection Vulnerabilities
[SA33167] RealtyListings Multiple SQL Injection Vulnerabilities
[SA33165] Nukedit "dbsite.mdb" Database Disclose Security Issue
[SA33155] ClickAndEmail SQL Injection and Cross-Site Scripting
[SA33154] Click&Rank Multiple SQL Injection Vulnerabilities
[SA33152] ASP-DEv XM Events Diary "cat" SQL Injection Vulnerabilities
[SA33134] ASPired2Blog SQL Injection and Database Disclosure
[SA33130] The Net Guys Multiple Products Database Disclosure
[SA33128] ASP-CMS "cha" SQL Injection Vulnerability
[SA33123] TmaxSoft JEUS Script Source Disclosure Vulnerability

UNIX/Linux:
[SA33232] Ubuntu update for firefox
[SA33231] Ubuntu update for firefox
[SA33221] Adobe Flash Player for Linux SWF Processing Vulnerability
[SA33216] Ubuntu update for firefox-3.0 and xulrunner-1.9
[SA33189] Red Hat update for seamonkey
[SA33188] Red Hat update for firefox
[SA33179] Apple Mac OS X Security Update Fixes Multiple
Vulnerabilities
[SA33178] Gentoo update for ruby
[SA33170] Fedora update for roundcubemail
[SA33140] Gentoo update for openoffice and openoffice-bin
[SA33136] MPlayer TwinVQ Processing Buffer Overflow Vulnerability
[SA33219] Ubuntu update for lcms
[SA33201] Red Hat update for kernel
[SA33195] SUSE update for clamav
[SA33194] SUSE update for IBM Java
[SA33187] Avaya CMS Sun Java JDK / JRE Multiple Vulnerabilities
[SA33181] Red Hat update for enscript
[SA33173] Gentoo update for jasper
[SA33149] Gentoo update for dovecot
[SA33148] Sun Solaris IPv4 Forwarding Denial of Service
[SA33147] Fedora update for drupal
[SA33142] Debian update for uw-imap
[SA33137] Gentoo update for povray
[SA33132] IBM WebSphere Portal Unspecified Security Bypass
Vulnerability
[SA33122] Joomla Live Chat Component "last" SQL Injection
Vulnerabilities
[SA33185] Ubuntu update for ruby1.9
[SA33180] Debian update for linux-2.6
[SA33156] Sun Solaris Apache "mod_proxy_http" and "mod_proxy_ftp"
Vulnerabilities
[SA33146] Fedora update for phpMyAdmin
[SA33144] Fedora update for gallery2
[SA33138] Debian update for no-ip
[SA33157] Sun Solaris "libICE" Denial of Service Vulnerability
[SA33153] Avahi Multicast DNS Processing Denial of Service
Vulnerability
[SA33217] Ubuntu update for libvirt
[SA33198] libvirt Security Bypass Issue
[SA33182] Red Hat update for kernel
[SA33160] Sun Solaris IP Tunnel SIOCGTUNPARAM IOCTL Vulnerability
[SA33151] SUSE update for freeradius
[SA33141] Gentoo update for honeyd
[SA33139] Gentoo update for aview

Other:
[SA33158] Sun Netra / Fire Servers IP Spoofing Vulnerability

Cross Platform:
[SA33205] Mozilla Thunderbird Multiple Vulnerabilities
[SA33204] Mozilla SeaMonkey Multiple Vulnerabilities
[SA33203] Mozilla Firefox 3 Multiple Vulnerabilities
[SA33184] Mozilla Firefox 2 Multiple Vulnerabilities
[SA33169] RoundCube Webmail "bin/html2text.php" PHP Code Execution
[SA33163] WorkSimple File Inclusion and Information Disclosure
[SA33224] ADbNewsSender Multiple Vulnerabilities
[SA33208] Rematic CMS "id" SQL Injection Vulnerabilities
[SA33192] Irrlicht B3D Loader Buffer Overflow Vulnerability
[SA33186] phplist Unspecified Local File Inclusion Vulnerability
[SA33176] Mediatheka Local File Inclusion and SQL Injection
[SA33162] GeekiGeeki Arbitrary File Disclosure Vulnerabilities
[SA33161] Injader SQL Injection and Script Insertion
[SA33150] RSMScript Security Bypass and Script Insertion
Vulnerabilities
[SA33145] chuggnutt.com "HTML to Plain Text Conversion" PHP Class Code
Execution
[SA33133] MediaWiki Multiple Vulnerabilities
[SA33126] Xpoze "menu" SQL Injection Vulnerability
[SA33125] Social Groupie "id" SQL Injection Vulnerability
[SA33124] phpAddEdit "addedit" Cookie Security Bypass Vulnerability
[SA33225] Drupal Views Module Unspecified SQL Injection
Vulnerabilities
[SA33206] TangoCMS Unspecified Cross-Site Request Forgery
Vulnerabilities
[SA33200] Interstage HTTP Server Cross-Site Scripting Vulnerability
[SA33175] FlatnuX CMS Multiple Cross-Site Scripting Vulnerabilities
[SA33174] BabbleBoard Cross-Site Request Forgery Vulnerability
[SA33166] phpBB Account Re-activation Security Bypass
[SA33164] Barracuda Products Cross-Site Scripting Vulnerabilities
[SA33159] Sun Java Wireless Toolkit for CLDC Buffer Overflow
Vulnerabilities
[SA33143] IBM Tivoli Provisioning Manager SOAP Authentication Security
Issue
[SA33127] Citrix Application Gateway Broadcast Server SQL Injection
Vulnerability

=======================================================================5) Vulnerabilities Content Listing

Windows:--

[SA33183] Realtek Media Player Playlist Processing Buffer Overflow

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2008-12-16

shinnai has discovered a vulnerability in Realtek Media Player
(RtlRack), which can be exploited by malicious people to compromise a
user's system.

Full Advisory:
http://secunia.com/advisories/33183/ 

 --

[SA33233] betaparticle blog Database Disclosure

Critical:    Moderately critical
Where:       From remote
Impact:      Exposure of sensitive information
Released:    2008-12-18

A security issue has been reported in betaparticle blog, which can be
exploited by malicious people to disclose sensitive information.

Full Advisory:
http://secunia.com/advisories/33233/ 

 --

[SA33199] EvimGibi Pro Resim Galerisi "kat_id" SQL Injection

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2008-12-17

ZoRLu has discovered a vulnerability in EvimGibi Pro Resim Galerisi,
which can be exploited by malicious people to conduct SQL injection
attacks.

Full Advisory:
http://secunia.com/advisories/33199/ 

 --

[SA33197] PreProjects Products Database Disclosure Security Issue

Critical:    Moderately critical
Where:       From remote
Impact:      Exposure of sensitive information
Released:    2008-12-18

Pouya_Server has reported a security issue in multiple PreProjects
products, which can be exploited by malicious people to disclose
sensitive information.

Full Advisory:
http://secunia.com/advisories/33197/ 

 --

[SA33193] Hitachi JP1/Integrated Management Script Insertion
Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2008-12-16

A vulnerability has been reported in Hitachi JP1/Integrated Management,
which can be exploited by malicious people to conduct script insertion
attacks.

Full Advisory:
http://secunia.com/advisories/33193/ 

 --

[SA33172] HomeBuilder Multiple SQL Injection Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2008-12-15

AlpHaNiX has reported some vulnerabilities in HomeBuilder, which can be
exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/33172/ 

 --

[SA33167] RealtyListings Multiple SQL Injection Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2008-12-15

AlpHaNiX has reported some vulnerabilities in RealtyListings, which can
be exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/33167/ 

 --

[SA33165] Nukedit "dbsite.mdb" Database Disclose Security Issue

Critical:    Moderately critical
Where:       From remote
Impact:      Exposure of sensitive information
Released:    2008-12-17

Cyber.Zer0 has discovered a security issue in Nukedit, which can be
exploited by malicious people to disclose sensitive information.

Full Advisory:
http://secunia.com/advisories/33165/ 

 --

[SA33155] ClickAndEmail SQL Injection and Cross-Site Scripting

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass, Cross Site Scripting, Manipulation of
data
Released:    2008-12-16

AlpHaNiX has reported some vulnerabilities in ClickAndEmail, which can
be exploited by malicious people to conduct SQL injection and
cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/33155/ 

 --

[SA33154] Click&Rank Multiple SQL Injection Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass, Manipulation of data
Released:    2008-12-16

AlpHaNiX has reported some vulnerabilities in Click&Rank, which can be
exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/33154/ 

 --

[SA33152] ASP-DEv XM Events Diary "cat" SQL Injection Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2008-12-15

Some vulnerabilities have been discovered in ASP-DEv XM Events Diary,
which can be exploited by malicious people to conduct SQL injection
attacks.

Full Advisory:
http://secunia.com/advisories/33152/ 

 --

[SA33134] ASPired2Blog SQL Injection and Database Disclosure

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data, Exposure of sensitive information
Released:    2008-12-15

Pouya_Server has reported a vulnerability and a security issue in
ASPired2Blog, which can be exploited by malicious people to conduct SQL
injection attacks and disclose sensitive information.

Full Advisory:
http://secunia.com/advisories/33134/ 

 --

[SA33130] The Net Guys Multiple Products Database Disclosure

Critical:    Moderately critical
Where:       From remote
Impact:      Exposure of sensitive information
Released:    2008-12-12

Some security issues have been reported in multiple The Net Guys
products, which can be exploited by malicious people to disclose
sensitive information.

Full Advisory:
http://secunia.com/advisories/33130/ 

 --

[SA33128] ASP-CMS "cha" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2008-12-12

Sina Yazdanmehr has discovered a vulnerability in ASP-CMS, which can be
exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/33128/ 

 --

[SA33123] TmaxSoft JEUS Script Source Disclosure Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Exposure of sensitive information
Released:    2008-12-17

Simon Ryeo has reported a vulnerability in TmaxSoft JEUS, which can be
exploited by malicious people to disclose sensitive information.

Full Advisory:
http://secunia.com/advisories/33123/ 


UNIX/Linux:--

[SA33232] Ubuntu update for firefox

Critical:    Highly critical
Where:       From remote
Impact:      Security Bypass, Cross Site Scripting, Exposure of
sensitive information, System access
Released:    2008-12-18

Ubuntu has issued an update for firefox. This fixes some
vulnerabilities, which can be exploited by malicious people to bypass
certain security restrictions, disclose sensitive information, conduct
cross-site scripting attacks, or potentially compromise a user's
system.

Full Advisory:
http://secunia.com/advisories/33232/ 

 --

[SA33231] Ubuntu update for firefox

Critical:    Highly critical
Where:       From remote
Impact:      Security Bypass, Cross Site Scripting, Exposure of
sensitive information, System access
Released:    2008-12-18

Ubuntu has issued an update for firefox. This fixes some
vulnerabilities, which can be exploited by malicious people to bypass
certain security restrictions, disclose sensitive information, conduct
cross-site scripting attacks, or potentially compromise a user's
system.

Full Advisory:
http://secunia.com/advisories/33231/ 

 --

[SA33221] Adobe Flash Player for Linux SWF Processing Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2008-12-18

A vulnerability has been reported in Adobe Flash Player, which
potentially can be exploited by malicious people to compromise a user's
system.

Full Advisory:
http://secunia.com/advisories/33221/ 

 --

[SA33216] Ubuntu update for firefox-3.0 and xulrunner-1.9

Critical:    Highly critical
Where:       From remote
Impact:      Security Bypass, Cross Site Scripting, Exposure of
sensitive information, System access
Released:    2008-12-18

Ubuntu has issued an update for firefox-3.0 and xulrunner-1.9. This
fixes some vulnerabilities, which can be exploited by malicious people
to bypass certain security restrictions, disclose sensitive
information, conduct cross-site scripting attacks, or potentially
compromise a user's system.

Full Advisory:
http://secunia.com/advisories/33216/ 

 --

[SA33189] Red Hat update for seamonkey

Critical:    Highly critical
Where:       From remote
Impact:      Security Bypass, Cross Site Scripting, Exposure of
sensitive information, System access
Released:    2008-12-17

Red Hat has issued an update for seamonkey. This fixes some
vulnerabilities, which can be exploited by malicious people to bypass
certain security restrictions, disclose sensitive information, conduct
cross-site scripting attacks, or potentially compromise a user's
system.

Full Advisory:
http://secunia.com/advisories/33189/ 

 --

[SA33188] Red Hat update for firefox

Critical:    Highly critical
Where:       From remote
Impact:      Security Bypass, Cross Site Scripting, Exposure of
sensitive information, System access
Released:    2008-12-17

Red Hat has issued an update for firefox. This fixes some
vulnerabilities, which can be exploited by malicious people to bypass
certain security restrictions, disclose sensitive information, conduct
cross-site scripting attacks, or potentially compromise a user's
system.

Full Advisory:
http://secunia.com/advisories/33188/ 

 --

[SA33179] Apple Mac OS X Security Update Fixes Multiple
Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      Security Bypass, Cross Site Scripting, Manipulation of
data, Exposure of sensitive information, Privilege escalation, DoS,
System access
Released:    2008-12-16

Apple has issued a security update for Mac OS X, which fixes multiple
vulnerabilities.

Full Advisory:
http://secunia.com/advisories/33179/ 

 --

[SA33178] Gentoo update for ruby

Critical:    Highly critical
Where:       From remote
Impact:      Security Bypass, Spoofing, DoS, System access
Released:    2008-12-17

Gentoo has issued an update for ruby. This fixes some vulnerabilities,
which can be exploited by malicious people to bypass certain security
restrictions, cause a DoS (Denial of Service), conduct spoofing
attacks, and potentially compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/33178/ 

 --

[SA33170] Fedora update for roundcubemail

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2008-12-15

Fedora has issued an update for roundcubemail. This fixes a
vulnerability, which can be exploited by malicious people to compromise
a vulnerable system.

Full Advisory:
http://secunia.com/advisories/33170/ 

 --

[SA33140] Gentoo update for openoffice and openoffice-bin

Critical:    Highly critical
Where:       From remote
Impact:      Privilege escalation, System access
Released:    2008-12-15

Gentoo has issued an update for openoffice and openoffice-bin. This
fixes some vulnerabilities and a security issue, which potentially can
be exploited by malicious people to compromise a user's system, and by
malicious, local users to perform certain actions with escalated
privileges.

Full Advisory:
http://secunia.com/advisories/33140/ 

 --

[SA33136] MPlayer TwinVQ Processing Buffer Overflow Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2008-12-15

Tobias Klein has reported a vulnerability in MPlayer, which potentially
can be exploited by malicious people to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/33136/ 

 --

[SA33219] Ubuntu update for lcms

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2008-12-18

Ubuntu has issued an update for lcms. This fixes a vulnerability, which
can be exploited by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/33219/ 

 --

[SA33201] Red Hat update for kernel

Critical:    Moderately critical
Where:       From remote
Impact:      Privilege escalation, DoS
Released:    2008-12-17

Red Hat has issued an update for the kernel. This fixes a security
issue and some vulnerabilities, which can be exploited by malicious,
local users to cause a DoS (Denial of Service) and gain escalated
privileges, and by malicious people to cause a DoS.

Full Advisory:
http://secunia.com/advisories/33201/ 

 --

[SA33195] SUSE update for clamav

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2008-12-16

SUSE has issued an update for clamav. This fixes a vulnerability, which
can be exploited by malicious people to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/33195/ 

 --

[SA33194] SUSE update for IBM Java

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass, Exposure of system information, Exposure
of sensitive information
Released:    2008-12-16

SUSE has issued an update for IBM Java. This fixes some
vulnerabilities, which can be exploited by malicious people to disclose
system and potentially sensitive information and bypass certain security
restrictions.

Full Advisory:
http://secunia.com/advisories/33194/ 

 --

[SA33187] Avaya CMS Sun Java JDK / JRE Multiple Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass, System access
Released:    2008-12-16

Avaya has acknowledged some vulnerabilities in Avaya CMS, which can be
exploited by malicious people to bypass certain security restrictions
or compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/33187/ 

 --

[SA33181] Red Hat update for enscript

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2008-12-16

Red Hat has issued an update for enscript. This fixes some
vulnerabilities, which can be exploited by malicious people to
compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/33181/ 

 --

[SA33173] Gentoo update for jasper

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2008-12-17

Gentoo has issued an update for jasper. This fixes some
vulnerabilities, which can be exploited by malicious people to
compromise an application using the library.

Full Advisory:
http://secunia.com/advisories/33173/ 

 --

[SA33149] Gentoo update for dovecot

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass, DoS
Released:    2008-12-15

Gentoo has issued an update for dovecot. This fixes two security issues
and a vulnerability, which can be exploited by malicious users to bypass
certain security restrictions and malicious people to cause a DoS
(Denial of Service).

Full Advisory:
http://secunia.com/advisories/33149/ 

 --

[SA33148] Sun Solaris IPv4 Forwarding Denial of Service

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2008-12-16

A vulnerability has been reported in Sun Solaris, which can be
exploited by malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/33148/ 

 --

[SA33147] Fedora update for drupal

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2008-12-15

Fedora has issued an update for drupal. This fixes some
vulnerabilities, which can be exploited by malicious people to conduct
cross-site request forgery and cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/33147/ 

 --

[SA33142] Debian update for uw-imap

Critical:    Moderately critical
Where:       From remote
Impact:      Privilege escalation, System access
Released:    2008-12-15

Debian has issued an update for uw-imap. This fixes some
vulnerabilities, which can be exploited by malicious, local users to
potentially gain escalated privileges, and by malicious people to
potentially compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/33142/ 

 --

[SA33137] Gentoo update for povray

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2008-12-15

Gentoo has issued an update for povray. This fixes a some
vulnerabilities, which potentially can be exploited by malicious people
to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/33137/ 

 --

[SA33132] IBM WebSphere Portal Unspecified Security Bypass
Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass
Released:    2008-12-12

IBM has acknowledged a vulnerability in WebSphere Portal, which can be
exploited by malicious people to bypass certain security restrictions.

Full Advisory:
http://secunia.com/advisories/33132/ 

 --

[SA33122] Joomla Live Chat Component "last" SQL Injection
Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2008-12-15

Some vulnerabilities have been discovered in the Live Chat component
for Joomla, which can be exploited by malicious people to conduct SQL
injection attacks.

Full Advisory:
http://secunia.com/advisories/33122/ 

 --

[SA33185] Ubuntu update for ruby1.9

Critical:    Less critical
Where:       From remote
Impact:      DoS
Released:    2008-12-17

Ubuntu has issued an update for ruby1.9. This fixes a vulnerability,
which can potentially be exploited by malicious people to cause a DoS
(Denial of Service).

Full Advisory:
http://secunia.com/advisories/33185/ 

 --

[SA33180] Debian update for linux-2.6

Critical:    Less critical
Where:       From remote
Impact:      Security Bypass, DoS
Released:    2008-12-16

Debian has issued an update for linux-2.6. This fixes a weakness and
some vulnerabilities, which can be exploited by malicious, local users
to bypass certain security restrictions and cause a DoS (Denial of
Service), and by malicious people to cause a DoS.

Full Advisory:
http://secunia.com/advisories/33180/ 

 --

[SA33156] Sun Solaris Apache "mod_proxy_http" and "mod_proxy_ftp"
Vulnerabilities

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting, DoS
Released:    2008-12-16

Sun has acknowledged two vulnerabilities in Apache 2.0 included in Sun
Solaris, which potentially can be exploited by malicious people to
cause a DoS (Denial of Service) or to conduct cross-site scripting
attacks.

Full Advisory:
http://secunia.com/advisories/33156/ 

 --

[SA33146] Fedora update for phpMyAdmin

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2008-12-15

Fedora has issued an update for phpMyAdmin. This fixes a vulnerability,
which can be exploited by malicious people to conduct cross-site request
forgery attacks.

Full Advisory:
http://secunia.com/advisories/33146/ 

 --

[SA33144] Fedora update for gallery2

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting, Exposure of system information,
Exposure of sensitive information
Released:    2008-12-15

Fedora has issued an update for gallery2. This fixes some
vulnerabilities, can be exploited by malicious users to disclose
sensitive information and conduct script insertion attacks.

Full Advisory:
http://secunia.com/advisories/33144/ 

 --

[SA33138] Debian update for no-ip

Critical:    Less critical
Where:       From remote
Impact:      System access
Released:    2008-12-15

Debian has issued an update for no-ip. This fixes a vulnerability,
which potentially can be exploited by malicious people to compromise a
vulnerable system.

Full Advisory:
http://secunia.com/advisories/33138/ 

 --

[SA33157] Sun Solaris "libICE" Denial of Service Vulnerability

Critical:    Less critical
Where:       From local network
Impact:      DoS
Released:    2008-12-15

Sun has acknowledged a vulnerability in Solaris, which can be exploited
by malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/33157/ 

 --

[SA33153] Avahi Multicast DNS Processing Denial of Service
Vulnerability

Critical:    Less critical
Where:       From local network
Impact:      DoS
Released:    2008-12-15

A vulnerability has been reported in Avahi, which can be exploited by
malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/33153/ 

 --

[SA33217] Ubuntu update for libvirt

Critical:    Less critical
Where:       Local system
Impact:      Security Bypass
Released:    2008-12-18

Ubuntu has issued an update for libvirt. This fixes a security issue,
which can be exploited by malicious, local users to bypass certain
security restrictions.

Full Advisory:
http://secunia.com/advisories/33217/ 

 --

[SA33198] libvirt Security Bypass Issue

Critical:    Less critical
Where:       Local system
Impact:      Security Bypass
Released:    2008-12-18

A security issue has been reported in libvirt, which can be exploited
by malicious, local users to bypass certain security restrictions.

Full Advisory:
http://secunia.com/advisories/33198/ 

 --

[SA33182] Red Hat update for kernel

Critical:    Less critical
Where:       Local system
Impact:      Security Bypass, Privilege escalation
Released:    2008-12-16

Red Hat has issued an update for the kernel. This fixes a weakness and
a vulnerability, which can be exploited by malicious, local users to
bypass certain security restrictions and potentially gain escalated
privileges.

Full Advisory:
http://secunia.com/advisories/33182/ 

 --

[SA33160] Sun Solaris IP Tunnel SIOCGTUNPARAM IOCTL Vulnerability

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation, DoS
Released:    2008-12-18

A vulnerability has been reported in Sun Solaris, which can be
exploited by malicious, local users to cause a DoS (Denial of Service)
or to potentially gain escalated privileges.

Full Advisory:
http://secunia.com/advisories/33160/ 

 --

[SA33151] SUSE update for freeradius

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2008-12-16

SUSE has issued an update for freeradius. This fixes some
vulnerabilities, which can be exploited by malicious, local users to
perform certain actions with escalated privileges.

Full Advisory:
http://secunia.com/advisories/33151/ 

 --

[SA33141] Gentoo update for honeyd

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2008-12-15

Gentoo has issued an update for honeyd. This fixes a security issue,
which can be exploited by malicious, local users to perform certain
actions with escalated privileges.

Full Advisory:
http://secunia.com/advisories/33141/ 

 --

[SA33139] Gentoo update for aview

Critical:    Not critical
Where:       Local system
Impact:      Privilege escalation
Released:    2008-12-15

Gentoo has issued an update for aview. This fixes a security issue,
which can be exploited by malicious, local users to perform certain
actions with escalated privileges.

Full Advisory:
http://secunia.com/advisories/33139/ 


Other:--

[SA33158] Sun Netra / Fire Servers IP Spoofing Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Spoofing
Released:    2008-12-16

Sun has acknowledged a vulnerability in several Netra and Fire
products, which can be exploited by malicious people to conduct
spoofing attacks.

Full Advisory:
http://secunia.com/advisories/33158/ 


Cross Platform:--

[SA33205] Mozilla Thunderbird Multiple Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      Security Bypass, Cross Site Scripting, Exposure of
sensitive information, System access
Released:    2008-12-17

Some vulnerabilities have been reported in Mozilla Thunderbird, which
can be exploited by malicious people to bypass certain security
restrictions, disclose sensitive information, conduct cross-site
scripting attacks, or potentially compromise a user's system.

Full Advisory:
http://secunia.com/advisories/33205/ 

 --

[SA33204] Mozilla SeaMonkey Multiple Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      Security Bypass, Cross Site Scripting, Exposure of
sensitive information, System access
Released:    2008-12-17

Some vulnerabilities have been reported in Mozilla SeaMonkey, which can
be exploited by malicious people to bypass certain security
restrictions, disclose sensitive information, conduct cross-site
scripting attacks, or potentially compromise a user's system.

Full Advisory:
http://secunia.com/advisories/33204/ 

 --

[SA33203] Mozilla Firefox 3 Multiple Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      Security Bypass, Cross Site Scripting, Exposure of
sensitive information, System access
Released:    2008-12-17

Some vulnerabilities have been reported in Mozilla Firefox, which can
be exploited by malicious people to bypass certain security
restrictions, disclose sensitive information, conduct cross-site
scripting attacks, or potentially compromise a user's system.

Full Advisory:
http://secunia.com/advisories/33203/ 

 --

[SA33184] Mozilla Firefox 2 Multiple Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      Security Bypass, Cross Site Scripting, Exposure of
sensitive information, System access
Released:    2008-12-17

Some vulnerabilities have been reported in Mozilla Firefox, which can
be exploited by malicious people to bypass certain security
restrictions, disclose sensitive information, conduct cross-site
scripting attacks, or potentially compromise a user's system.

Full Advisory:
http://secunia.com/advisories/33184/ 

 --

[SA33169] RoundCube Webmail "bin/html2text.php" PHP Code Execution

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2008-12-15

A vulnerability has been discovered in RoundCube Webmail, which can be
exploited by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/33169/ 

 --

[SA33163] WorkSimple File Inclusion and Information Disclosure

Critical:    Highly critical
Where:       From remote
Impact:      Exposure of sensitive information, System access
Released:    2008-12-16

Osirys has discovered some vulnerabilities in WorkSimple, which can be
exploited by malicious people to disclose sensitive information and
compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/33163/ 

 --

[SA33224] ADbNewsSender Multiple Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting, Manipulation of data
Released:    2008-12-18

Some vulnerabilities have been reported in ADbNewsSender, which can be
exploited by malicious people to conduct cross-site scripting and SQL
injection attacks.

Full Advisory:
http://secunia.com/advisories/33224/ 

 --

[SA33208] Rematic CMS "id" SQL Injection Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2008-12-18

Lidloses_Auge has reported some vulnerabilities in Rematic CMS, which
can be exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/33208/ 

 --

[SA33192] Irrlicht B3D Loader Buffer Overflow Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2008-12-18

A vulnerability has been reported in Irrlicht, which can be exploited
by malicious people to potentially compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/33192/ 

 --

[SA33186] phplist Unspecified Local File Inclusion Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Exposure of system information, Exposure of sensitive
information
Released:    2008-12-16

A vulnerability has been reported in phplist, which can be exploited by
malicious people to disclose sensitive information.

Full Advisory:
http://secunia.com/advisories/33186/ 

 --

[SA33176] Mediatheka Local File Inclusion and SQL Injection

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data, Exposure of sensitive information
Released:    2008-12-15

Some vulnerabilities have been discovered in Mediatheka, which can be
exploited by malicious people to disclose sensitive information and
conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/33176/ 

 --

[SA33162] GeekiGeeki Arbitrary File Disclosure Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Exposure of system information, Exposure of sensitive
information
Released:    2008-12-15

Two vulnerabilities have been reported in GeekiGeeki, which can be
exploited by malicious people to disclose sensitive information.

Full Advisory:
http://secunia.com/advisories/33162/ 

 --

[SA33161] Injader SQL Injection and Script Insertion

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting, Manipulation of data
Released:    2008-12-15

Some vulnerabilities have been reported in Injader, which can be
exploited by malicious users to conduct script insertion attacks and by
malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/33161/ 

 --

[SA33150] RSMScript Security Bypass and Script Insertion
Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass, Cross Site Scripting
Released:    2008-12-17

Cyber.Zer0 has discovered some vulnerabilities in RSMScript, which can
be exploited by malicious people to bypass certain security
restrictions and by malicious users to perform script insertion
attacks.

Full Advisory:
http://secunia.com/advisories/33150/ 

 --

[SA33145] chuggnutt.com "HTML to Plain Text Conversion" PHP Class Code
Execution

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2008-12-15

A vulnerability has been discovered in the chuggnutt.com "HTML to Plain
Text Conversion" PHP class, which can be exploited by malicious people
to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/33145/ 

 --

[SA33133] MediaWiki Multiple Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2008-12-15

Some vulnerabilities have been reported in MediaWiki, which can be
exploited by malicious users to conduct script insertion attacks and by
malicious people to conduct cross-site scripting and request forgery
attacks.

Full Advisory:
http://secunia.com/advisories/33133/ 

 --

[SA33126] Xpoze "menu" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2008-12-12

XaDoS has reported a vulnerability in Xpoze, which can be exploited by
malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/33126/ 

 --

[SA33125] Social Groupie "id" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2008-12-12

Cyb3r-1sT has reported a vulnerability in Social Groupie, which can be
exploited by malicious users to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/33125/ 

 --

[SA33124] phpAddEdit "addedit" Cookie Security Bypass Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass
Released:    2008-12-12

x0r has discovered a vulnerability in phpAddEdit, which can be
exploited by malicious people to bypass certain security restrictions.

Full Advisory:
http://secunia.com/advisories/33124/ 

 --

[SA33225] Drupal Views Module Unspecified SQL Injection
Vulnerabilities

Critical:    Less critical
Where:       From remote
Impact:      Manipulation of data
Released:    2008-12-18

Some vulnerabilities have been reported in the Views module for Drupal,
which can be exploited by malicious users to conduct SQL injection
attacks.

Full Advisory:
http://secunia.com/advisories/33225/ 

 --

[SA33206] TangoCMS Unspecified Cross-Site Request Forgery
Vulnerabilities

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2008-12-17

Some vulnerabilities have been reported in TangoCMS, which can be
exploited by malicious people to conduct cross-site request forgery
attacks.

Full Advisory:
http://secunia.com/advisories/33206/ 

 --

[SA33200] Interstage HTTP Server Cross-Site Scripting Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2008-12-17

Fujitsu has acknowledged some vulnerabilities in Interstage HTTP
Server, which can be exploited by malicious people to conduct
cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/33200/ 

 --

[SA33175] FlatnuX CMS Multiple Cross-Site Scripting Vulnerabilities

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2008-12-16

gmda has discovered some vulnerabilities in FlatnuX CMS, which can be
exploited by malicious people to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/33175/ 

 --

[SA33174] BabbleBoard Cross-Site Request Forgery Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2008-12-16

SirGod has discovered a vulnerability in BabbleBoard, which can be
exploited by malicious people to conduct cross-site request forgery
attacks.

Full Advisory:
http://secunia.com/advisories/33174/ 

 --

[SA33166] phpBB Account Re-activation Security Bypass

Critical:    Less critical
Where:       From remote
Impact:      Security Bypass
Released:    2008-12-15

A security issue has been reported in phpBB, which can be exploited by
malicious users to bypass certain security restrictions.

Full Advisory:
http://secunia.com/advisories/33166/ 

 --

[SA33164] Barracuda Products Cross-Site Scripting Vulnerabilities

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2008-12-16

Dr. Marian Ventuneac has reported some vulnerabilities in various
Barracuda products, which can be exploited by malicious people to
conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/33164/ 

 --

[SA33159] Sun Java Wireless Toolkit for CLDC Buffer Overflow
Vulnerabilities

Critical:    Less critical
Where:       From remote
Impact:      Security Bypass
Released:    2008-12-16

Some vulnerabilities have been reported in Sun Java Wireless Toolkit
for CLDC, which can be exploited by malicious people to bypass certain
security restrictions.

Full Advisory:
http://secunia.com/advisories/33159/ 

 --

[SA33143] IBM Tivoli Provisioning Manager SOAP Authentication Security
Issue

Critical:    Less critical
Where:       From local network
Impact:      Security Bypass
Released:    2008-12-15

A security issue has been reported in IBM Tivoli Provisioning Manager,
which potentially can be exploited by malicious users to bypass certain
security restrictions.

Full Advisory:
http://secunia.com/advisories/33143/ 

 --

[SA33127] Citrix Application Gateway Broadcast Server SQL Injection
Vulnerability

Critical:    Less critical
Where:       From local network
Impact:      Manipulation of data
Released:    2008-12-15

A vulnerability has been reported in Citrix Application Gateway for
Cisco, which can be exploited by malicious people to conduct SQL
injection attacks.

Full Advisory:
http://secunia.com/advisories/33127/ 



=======================================================================
Secunia recommends that you verify all advisories you receive,
by clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only use
those supplied by the vendor.

Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/ 

Subscribe:
http://secunia.com/advisories/weekly_summary/ 

Contact details:
Web	: http://secunia.com/ 
E-mail	: support@secunia.com 
Tel	: +45 70 20 51 44
Fax	: +45 70 20 51 45


_______________________________________________      
Help InfoSecNews.org with a donation!
http://www.infosecnews.org/donate.html 

Site design & layout copyright © 1986-2014 CodeGods