AOH :: IS1532.HTM

Secunia Weekly Summary - Issue: 2008-52




Secunia Weekly Summary - Issue: 2008-52
Secunia Weekly Summary - Issue: 2008-52



=======================================================================
                  The Secunia Weekly Advisory Summary                  
                        2008-12-18 - 2008-12-25                        

                       This week: 66 advisories                        

=======================================================================Table of Contents:

1.....................................................Word From Secunia
2....................................................This Week In Brief
3...............................This Weeks Top Ten Most Read Advisories
4.......................................Vulnerabilities Summary Listing
5.......................................Vulnerabilities Content Listing

=======================================================================1) Word From Secunia:

Secunia PSI: Habla espaol!

The Secunia PSI 1.0 - now available in Spanish!

Remember; installing the latest security patches for your programs is
just as important as having an anti-virus program and being behind a
firewall.

Read more:
http://secunia.com/blog/39/ 

 --

Internet Explorer Data Binding 0-Day Clarifications

As everyone using Internet Explorer hopefully are aware of, then
there's a new 0-day circulating. There has been a lot of confusion as
to both the problem cause and the browser versions affected, but in
this blog, I should be able to sort it all out.

Basically, this vulnerability was initially reported by everyone
(including ourselves) as an XML processing vulnerability in Internet
Explorer 7. PoCs and working exploits were immediately made publicly
available by various sources and security vendors were quick to report
that their products were successfully detecting attacks. But were they
really?

Read more:
http://secunia.com/blog/38/ 

=======================================================================2) This Week in Brief:

Secunia Research has discovered a vulnerability in Trend Micro
HouseCall, which can be exploited by malicious people to compromise a
user's system.

For more information, refer to:
http://secunia.com/advisories/31583/ 

 --

Secunia Research has discovered a vulnerability in Trend Micro
HouseCall, which can be exploited by malicious people to compromise a
user's system.

For more information, refer to:
http://secunia.com/advisories/31337/ 

=======================================================================3) This Weeks Top Ten Most Read Advisories:

1.  [SA33089] Internet Explorer Data Binding Memory Corruption
              Vulnerability
2.  [SA33203] Mozilla Firefox 3 Multiple Vulnerabilities
3.  [SA32991] Sun Java JDK / JRE Multiple Vulnerabilities
4.  [SA32270] Adobe Flash Player Multiple Security Issues and
              Vulnerabilities
5.  [SA31583] Trend Micro HouseCall ActiveX Control
              "notifyOnLoadNative()" Vulnerability
6.  [SA20153] Microsoft Word Malformed Object Pointer Vulnerability
7.  [SA33034] Microsoft SQL Server "sp_replwritetovarbin()" Buffer
              Overflow
8.  [SA31610] LibTIFF LZW Decoder Buffer Underflow Vulnerability
9.  [SA33240] BitDefender Antivirus Scanner for Unices PE File Parsing
              Integer Overflows
10. [SA29773] Adobe Acrobat/Reader Multiple Vulnerabilities

=======================================================================4) Vulnerabilities Summary Listing

Windows:
[SA33257] webcamXP Directory Traversal Vulnerability
[SA33245] Emefa Guestbook Database Disclosure
[SA33281] Hitachi GroupMax Workflow Development Kit Cross-Site
Scripting Vulnerability
[SA33249] PowerStrip "pstrip.sys" IOCTL Handling Privilege Escalation
[SA33310] PGP Desktop PGPwded.sys Driver Denial of Service

UNIX/Linux:
[SA33323] Gentoo update for imlib2
[SA33315] Gentoo update for vlc
[SA33297] Fedora update for firefox and xulrunner
[SA33294] SUSE update for flash-player
[SA33291] Fedora update for moodle
[SA33285] Fedora update for firefox
[SA33284] Fedora update for seamonkey
[SA33267] Red Hat update for flash-plugin
[SA33241] Ubuntu update for imlib2
[SA33240] BitDefender Antivirus Scanner for Unices PE File Parsing
Integer Overflows
[SA33238] Red Hat update for java-1.6.0-bea
[SA33237] Red Hat update for java-1.5.0-bea
[SA33236] Red Hat update for java-1.4.2-bea
[SA33317] Gentoo update for clamav
[SA33314] Ubuntu update for perl
[SA33290] Fedora update for roundcubemail
[SA33287] Fedora update for rsyslog
[SA33286] Fedora update for phpPgAdmin
[SA33264] Gentoo update for pdns
[SA33259] Debian update for courier-authlib
[SA33258] Gentoo phpCollab Multiple Vulnerabilities
[SA33243] Ubuntu update for blender
[SA33235] Courier Authentication Library Postgres SQL Injection
Vulnerability
[SA33260] rPath update for cups
[SA33320] Ubuntu update for nagios2
[SA33299] rPath update for dovecot
[SA33275] UW-imapd c-client Library Off-by-one Vulnerability
[SA33261] Debian update for proftpd-dfsg
[SA33242] Avaya CMS / IR Java JRE Zip Archive Parsing Vulnerability
[SA33239] Debian update for moodle
[SA33234] Ubuntu update for nagios3
[SA33288] Fedora update for openvpn
[SA33279] Debian update for avahi
[SA33292] Fedora update for libvirt
[SA33282] Fedora update for git
[SA33278] PDFjam Insecure Temporary Files
[SA33270] GIT "gitweb" Privilege Escalation Security Issue
[SA33316] Gentoo update for ampache
[SA33303] KVM VNC "protocol_client_msg()" Denial of Service

Other:


Cross Platform:
[SA33272] Yourplace Security Issue and Multiple Vulnerabilities
[SA33247] ReVou Twitter Clone Multiple Vulnerabilities
[SA33302] TYPO3 WEBERkommunal Facilities Extension SQL Injection
[SA33301] TYPO3 Simple File Browser Extension Information Disclosure
[SA33277] KnowledgeTree Cross-Site Scripting and Privilege Escalation
[SA33276] Text Lines Rearrange Script "filename" File Disclosure
Vulnerability
[SA33274] Wordpress Page Flip Image Gallery Plugin "book_id" File
Disclosure
[SA33271] Joomla Volunteer Management System Component "job_id" SQL
Injection
[SA33269] SolarCMS Forum Component "cat" SQL Injection Vulnerability
[SA33266] MySQL Calendar "username" SQL Injection Vulnerability
[SA33255] Emetrix Multiple Products "filename" File Disclosure
[SA33254] TYPO3 WEC Discussion Forum Extension Multiple
Vulnerabilities
[SA33253] myPHPscripts Login Session Cross-Site Scripting and
Information Disclosure
[SA33252] FreeLyrics "p" File Disclosure Security Issue
[SA33250] Constructr CMS "show_page" SQL Injection Vulnerability
[SA33248] REDPEACH CMS "zv" SQL Injection Vulnerabilities
[SA33246] TYPO3 phpMyAdmin Extension Cross-Site Request Forgery
[SA33311] Psi File Transfer Service Packet Parsing Vulnerabilities
[SA33289] Fedora update for drupal-views
[SA33262] TYPO3 Vox populi Extension Cross-Site Scripting
[SA33256] TYPO3 DR Wiki Extension Cross-Site Scripting
[SA33293] QEMU VNC "protocol_client_msg()" Denial of Service

=======================================================================5) Vulnerabilities Content Listing

Windows:--

[SA33257] webcamXP Directory Traversal Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Exposure of system information, Exposure of sensitive
information
Released:    2008-12-22

nicx0 has discovered a vulnerability in webcamXP, which can be
exploited by malicious people to disclose sensitive information.

Full Advisory:
http://secunia.com/advisories/33257/ 

 --

[SA33245] Emefa Guestbook Database Disclosure

Critical:    Moderately critical
Where:       From remote
Impact:      Exposure of sensitive information
Released:    2008-12-22

Cyber.Zer0 has discovered a security issue in Emefa Guestbook, which
cab be exploited by malicious people to disclose sensitive
information.

Full Advisory:
http://secunia.com/advisories/33245/ 

 --

[SA33281] Hitachi GroupMax Workflow Development Kit Cross-Site
Scripting Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2008-12-22

A vulnerability has been reported in Groupmax Web Workflow SDK Set for
Active Server Pages and Groupmax Workflow Development Kit for Active
Server Pages, which can be exploited by malicious people to conduct
cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/33281/ 

 --

[SA33249] PowerStrip "pstrip.sys" IOCTL Handling Privilege Escalation

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2008-12-22

alex has discovered a vulnerability in PowerStrip, which can be
exploited by malicious, local users to gain escalated privileges.

Full Advisory:
http://secunia.com/advisories/33249/ 

 --

[SA33310] PGP Desktop PGPwded.sys Driver Denial of Service

Critical:    Not critical
Where:       Local system
Impact:      DoS
Released:    2008-12-24

A vulnerability has been discovered in PGP Desktop, which can be
exploited by malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/33310/ 


UNIX/Linux:--

[SA33323] Gentoo update for imlib2

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2008-12-24

Gentoo has issued an update for imlib2. This fixes a vulnerability,
which can be exploited by malicious people to potentially compromise an
application using the library.

Full Advisory:
http://secunia.com/advisories/33323/ 

 --

[SA33315] Gentoo update for vlc

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2008-12-24

Gentoo has issued an update for vlc. This fixes some vulnerabilities,
which potentially can be exploited by malicious people to compromise a
user's system.

Full Advisory:
http://secunia.com/advisories/33315/ 

 --

[SA33297] Fedora update for firefox and xulrunner

Critical:    Highly critical
Where:       From remote
Impact:      Security Bypass, Cross Site Scripting, Exposure of
sensitive information, System access
Released:    2008-12-22

Fedora has issued an update for firefox and xulrunner. This fixes some
vulnerabilities, which can be exploited by malicious people to bypass
certain security restrictions, disclose sensitive information, conduct
cross-site scripting attacks, or potentially compromise a user's
system.

Full Advisory:
http://secunia.com/advisories/33297/ 

 --

[SA33294] SUSE update for flash-player

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2008-12-22

SUSE has issued an update for flash-player. This fixes a vulnerability,
which potentially can be exploited by malicious people to compromise a
user's system.

Full Advisory:
http://secunia.com/advisories/33294/ 

 --

[SA33291] Fedora update for moodle

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2008-12-22

Fedora has issued an update for moodle. This fixes a vulnerability,
which can be exploited by malicious people to compromise a vulnerable
system.

Full Advisory:
http://secunia.com/advisories/33291/ 

 --

[SA33285] Fedora update for firefox

Critical:    Highly critical
Where:       From remote
Impact:      Security Bypass, Cross Site Scripting, Exposure of
sensitive information, System access
Released:    2008-12-22

Fedora has issued an update for firefox. This fixes some
vulnerabilities, which can be exploited by malicious people to bypass
certain security restrictions, disclose sensitive information, conduct
cross-site scripting attacks, or potentially compromise a user's
system.

Full Advisory:
http://secunia.com/advisories/33285/ 

 --

[SA33284] Fedora update for seamonkey

Critical:    Highly critical
Where:       From remote
Impact:      Security Bypass, Cross Site Scripting, Exposure of
sensitive information, System access
Released:    2008-12-22

Fedora has issued an update for seamonkey. This fixes some
vulnerabilities, which can be exploited by malicious people to bypass
certain security restrictions, disclose sensitive information, conduct
cross-site scripting attacks, or potentially compromise a user's
system.

Full Advisory:
http://secunia.com/advisories/33284/ 

 --

[SA33267] Red Hat update for flash-plugin

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2008-12-22

Red Hat has issued an update for flash-plugin. This fixes a
vulnerability, which potentially can be exploited by malicious people
to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/33267/ 

 --

[SA33241] Ubuntu update for imlib2

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2008-12-22

Ubuntu has issued an update for imlib2. This fixes some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service) or compromise an application using the
library.

Full Advisory:
http://secunia.com/advisories/33241/ 

 --

[SA33240] BitDefender Antivirus Scanner for Unices PE File Parsing
Integer Overflows

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2008-12-19

Some vulnerabilities have been reported in BitDefender, which
potentially can be exploited by malicious people to compromise a
vulnerable system.

Full Advisory:
http://secunia.com/advisories/33240/ 

 --

[SA33238] Red Hat update for java-1.6.0-bea

Critical:    Highly critical
Where:       From remote
Impact:      System access, DoS, Exposure of sensitive information,
Exposure of system information, Security Bypass
Released:    2008-12-19

Red Hat has issued an update for java-1.6.0-bea. This fixes some
vulnerabilities, which can be exploited by malicious people to bypass
certain security restrictions, disclose system information or
potentially sensitive information, cause a DoS (Denial of Service), or
compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/33238/ 

 --

[SA33237] Red Hat update for java-1.5.0-bea

Critical:    Highly critical
Where:       From remote
Impact:      Security Bypass, DoS, System access
Released:    2008-12-19

Red Hat has issued an update for java-1.5.0-bea. This fixes some
vulnerabilities, which can be exploited by malicious people to bypass
certain security restrictions, cause a DoS (Denial of Service), and
compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/33237/ 

 --

[SA33236] Red Hat update for java-1.4.2-bea

Critical:    Highly critical
Where:       From remote
Impact:      Security Bypass, System access
Released:    2008-12-19

Red Hat has issued an update for java-1.4.2-bea. This fixes some
vulnerabilities, which can be exploited by malicious people to bypass
certain security restrictions and compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/33236/ 

 --

[SA33317] Gentoo update for clamav

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2008-12-24

Gentoo has issued an update for clamav. This fixes some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service) or potentially compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/33317/ 

 --

[SA33314] Ubuntu update for perl

Critical:    Moderately critical
Where:       From remote
Impact:      Privilege escalation, DoS, System access
Released:    2008-12-24

Ubuntu has issued an update for perl. This fixes some vulnerabilities,
which can be exploited by malicious, local users to gain escalated
privileges and by malicious people to cause a DoS (Denial of Service)
and compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/33314/ 

 --

[SA33290] Fedora update for roundcubemail

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2008-12-22

Fedora has issued an update for roundcubemail. This fixes a
vulnerability, which can be exploited by malicious people to cause a
DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/33290/ 

 --

[SA33287] Fedora update for rsyslog

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass
Released:    2008-12-22

Fedora has issued an update for rsyslog. This fixes a vulnerability,
which can be exploited by malicious people to bypass certain security
restrictions.

Full Advisory:
http://secunia.com/advisories/33287/ 

 --

[SA33286] Fedora update for phpPgAdmin

Critical:    Moderately critical
Where:       From remote
Impact:      Exposure of system information, Exposure of sensitive
information
Released:    2008-12-22

Fedora has issued an update for phpPgAdmin. This fixes a vulnerability,
which can be exploited by malicious people to disclose sensitive
information.

Full Advisory:
http://secunia.com/advisories/33286/ 

 --

[SA33264] Gentoo update for pdns

Critical:    Moderately critical
Where:       From remote
Impact:      Spoofing, DoS
Released:    2008-12-22

Gentoo has issued an update for pdns. This fixes a weakness and a
vulnerability, which can be exploited by malicious people to conduct
spoofing attacks or cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/33264/ 

 --

[SA33259] Debian update for courier-authlib

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2008-12-22

Debian has issued an update for courier-authlib. This fixes some
vulnerabilities, which can be exploited by malicious people to conduct
SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/33259/ 

 --

[SA33258] Gentoo phpCollab Multiple Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2008-12-22

Gentoo has acknowledged some vulnerabilities in phpCollab, which can be
exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/33258/ 

 --

[SA33243] Ubuntu update for blender

Critical:    Moderately critical
Where:       From remote
Impact:      Privilege escalation, System access
Released:    2008-12-22

Ubuntu has issued an update for blender. This fixes some
vulnerabilities, which can be exploited by malicious, local users to
gain escalated privileges and by malicious people to compromise a
vulnerable system.

Full Advisory:
http://secunia.com/advisories/33243/ 

 --

[SA33235] Courier Authentication Library Postgres SQL Injection
Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2008-12-19

A vulnerability has been reported in the Courier Authentication
Library, which can be exploited by malicious people to conduct SQL
injection attacks.

Full Advisory:
http://secunia.com/advisories/33235/ 

 --

[SA33260] rPath update for cups

Critical:    Moderately critical
Where:       From local network
Impact:      DoS, System access
Released:    2008-12-22

rPath has issued an update for cups. This fixes some vulnerabilities,
which can potentially be exploited by malicious people to compromise a
vulnerable system.

Full Advisory:
http://secunia.com/advisories/33260/ 

 --

[SA33320] Ubuntu update for nagios2

Critical:    Less critical
Where:       From remote
Impact:      Security Bypass, Cross Site Scripting
Released:    2008-12-24

Ubuntu has issued an update for nagios2. This fixes some
vulnerabilities, which can be exploited by malicious users to bypass
certain security restrictions or by malicious people to conduct
cross-site request forgery attacks.

Full Advisory:
http://secunia.com/advisories/33320/ 

 --

[SA33299] rPath update for dovecot

Critical:    Less critical
Where:       From remote
Impact:      Security Bypass
Released:    2008-12-23

rPath has issued an update for dovecot. This fixes a security issue,
which can be exploited by malicious users to bypass certain security
restrictions.

Full Advisory:
http://secunia.com/advisories/33299/ 

 --

[SA33275] UW-imapd c-client Library Off-by-one Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      DoS
Released:    2008-12-22

A vulnerability has been reported in UW-imapd, which can be exploited
by malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/33275/ 

 --

[SA33261] Debian update for proftpd-dfsg

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2008-12-22

Debian has issued an update for proftpd-dfsg. This fixes a
vulnerability, which can be exploited by malicious people to conduct
cross-site request forgery attacks.

Full Advisory:
http://secunia.com/advisories/33261/ 

 --

[SA33242] Avaya CMS / IR Java JRE Zip Archive Parsing Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Exposure of sensitive information
Released:    2008-12-22

Avaya has acknowledged a vulnerability in various Avaya products, which
can be exploited by malicious people to disclose sensitive information.

Full Advisory:
http://secunia.com/advisories/33242/ 

 --

[SA33239] Debian update for moodle

Critical:    Less critical
Where:       From remote
Impact:      Security Bypass, Cross Site Scripting
Released:    2008-12-22

Debian has issued an update for moodle. This fixes some
vulnerabilities, which can be exploited by malicious users to conduct
script insertion attacks, and by malicious people to bypass certain
security restrictions or conduct cross-site request forgery and
cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/33239/ 

 --

[SA33234] Ubuntu update for nagios3

Critical:    Less critical
Where:       From remote
Impact:      Security Bypass, Cross Site Scripting
Released:    2008-12-23

Ubuntu has issued an update for nagios3. This fixes some
vulnerabilities, which can be exploited by malicious users to bypass
certain security restrictions or by malicious people to conduct
cross-site request forgery attacks.

Full Advisory:
http://secunia.com/advisories/33234/ 

 --

[SA33288] Fedora update for openvpn

Critical:    Less critical
Where:       From local network
Impact:      System access
Released:    2008-12-22

Fedora has issued an update for openvpn. This fixes a vulnerability,
which can be exploited by malicious people to compromise a vulnerable
system.

Full Advisory:
http://secunia.com/advisories/33288/ 

 --

[SA33279] Debian update for avahi

Critical:    Less critical
Where:       From local network
Impact:      DoS
Released:    2008-12-22

Debian has issued an update for avahi. This fixes a security issue and
a vulnerability, which can be exploited by malicious, local users and
by malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/33279/ 

 --

[SA33292] Fedora update for libvirt

Critical:    Less critical
Where:       Local system
Impact:      Security Bypass
Released:    2008-12-22

Fedora has issued an update for libvirt. This fixes a security issue,
which can be exploited by malicious, local users to bypass certain
security restrictions.

Full Advisory:
http://secunia.com/advisories/33292/ 

 --

[SA33282] Fedora update for git

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2008-12-22

Fedora has issued an update for git. This fixes a security issue, which
can be exploited by malicious, local users to gain escalated
privileges.

Full Advisory:
http://secunia.com/advisories/33282/ 

 --

[SA33278] PDFjam Insecure Temporary Files

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2008-12-22

Some security issues have been reported in PDFjam, which can be
exploited by malicious, local users to perform certain actions with
escalated privileges.

Full Advisory:
http://secunia.com/advisories/33278/ 

 --

[SA33270] GIT "gitweb" Privilege Escalation Security Issue

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2008-12-22

A security issue has been reported in GIT, which can be exploited by
malicious, local users to gain escalated privileges.

Full Advisory:
http://secunia.com/advisories/33270/ 

 --

[SA33316] Gentoo update for ampache

Critical:    Not critical
Where:       Local system
Impact:      Privilege escalation
Released:    2008-12-24

Gentoo has issued an update for ampache. This fixes a security issue,
which can be exploited by malicious local users to perform certain
actions with escalated privileges.

Full Advisory:
http://secunia.com/advisories/33316/ 

 --

[SA33303] KVM VNC "protocol_client_msg()" Denial of Service

Critical:    Not critical
Where:       Local system
Impact:      DoS
Released:    2008-12-23

A security issue has been reported in KVM, which can be exploited by
malicious users to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/33303/ 


Other:


Cross Platform:--

[SA33272] Yourplace Security Issue and Multiple Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      Security Bypass, Exposure of sensitive information, DoS,
System access
Released:    2008-12-23

Some vulnerabilities and a security issue have been discovered in
Yourplace, which can be exploited by malicious people to disclose
potentially sensitive information, bypass certain security
restrictions, cause a DoS (Denial of Service), and compromise a
vulnerable system.

Full Advisory:
http://secunia.com/advisories/33272/ 

 --

[SA33247] ReVou Twitter Clone Multiple Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      Security Bypass, System access
Released:    2008-12-22

Some vulnerabilities have been reported in ReVou Twitter Clone, which
can be exploited by malicious people to bypass certain security
restrictions and by malicious users to potentially compromise a
vulnerable system.

Full Advisory:
http://secunia.com/advisories/33247/ 

 --

[SA33302] TYPO3 WEBERkommunal Facilities Extension SQL Injection

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2008-12-23

A vulnerability has been reported in the WEBERkommunal Facilities
(wes_facilities) extension for TYPO3, which can be exploited by
malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/33302/ 

 --

[SA33301] TYPO3 Simple File Browser Extension Information Disclosure

Critical:    Moderately critical
Where:       From remote
Impact:      Exposure of sensitive information
Released:    2008-12-23

A vulnerability has been reported in the Simple File Browser
(simplefilebrowser) extension for TYPO3, which can be exploited by
malicious people to disclose sensitive information.

Full Advisory:
http://secunia.com/advisories/33301/ 

 --

[SA33277] KnowledgeTree Cross-Site Scripting and Privilege Escalation

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting, Privilege escalation
Released:    2008-12-22

Some vulnerabilities have been reported in KnowledgeTree, which can be
exploited by malicious users to gain escalated privileges and by
malicious people to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/33277/ 

 --

[SA33276] Text Lines Rearrange Script "filename" File Disclosure
Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Exposure of system information, Exposure of sensitive
information
Released:    2008-12-23

SirGod has discovered a vulnerability in Text Lines Rearrange Script,
which can be exploited by malicious people to disclose sensitive
information.

Full Advisory:
http://secunia.com/advisories/33276/ 

 --

[SA33274] Wordpress Page Flip Image Gallery Plugin "book_id" File
Disclosure

Critical:    Moderately critical
Where:       From remote
Impact:      Exposure of system information, Exposure of sensitive
information
Released:    2008-12-23

GoLd_M has discovered a vulnerability in the Page Flip Image Gallery
plugin for Wordpress, which can be exploited by malicious people to
disclose sensitive information.

Full Advisory:
http://secunia.com/advisories/33274/ 

 --

[SA33271] Joomla Volunteer Management System Component "job_id" SQL
Injection

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2008-12-23

boom3rang has reported a vulnerability in the Volunteer Management
System component for Joomla, which can be exploited by malicious people
to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/33271/ 

 --

[SA33269] SolarCMS Forum Component "cat" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2008-12-23

athos has discovered a vulnerability in the Forum component for
SolarCMS, which can be exploited by malicious people to conduct SQL
injection attacks.

Full Advisory:
http://secunia.com/advisories/33269/ 

 --

[SA33266] MySQL Calendar "username" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass, Manipulation of data
Released:    2008-12-23

StAkeR has discovered a vulnerability in MySQL Calendar, which can be
exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/33266/ 

 --

[SA33255] Emetrix Multiple Products "filename" File Disclosure

Critical:    Moderately critical
Where:       From remote
Impact:      Exposure of system information, Exposure of sensitive
information
Released:    2008-12-22

Cold z3ro has reported a vulnerability in multiple Emetrix products,
which can be exploited by malicious people to disclose sensitive
information.

Full Advisory:
http://secunia.com/advisories/33255/ 

 --

[SA33254] TYPO3 WEC Discussion Forum Extension Multiple
Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting, Manipulation of data
Released:    2008-12-23

Some vulnerabilities have been reported in the WEC Discussion Forum
(wec_discussion) extension for TYPO3, which can be exploited by
malicious people to conduct SQL injection and cross-site scripting
attacks.

Full Advisory:
http://secunia.com/advisories/33254/ 

 --

[SA33253] myPHPscripts Login Session Cross-Site Scripting and
Information Disclosure

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting, Exposure of sensitive information
Released:    2008-12-22

Osirys has discovered a security issue and some vulnerabilities in
myPHPscripts Login Session, which can be exploited by malicious people
to conduct cross-site scripting attacks or disclose sensitive
information.

Full Advisory:
http://secunia.com/advisories/33253/ 

 --

[SA33252] FreeLyrics "p" File Disclosure Security Issue

Critical:    Moderately critical
Where:       From remote
Impact:      Exposure of system information, Exposure of sensitive
information
Released:    2008-12-22

Piker has discovered a security issue in FreeLyrics, which can be
exploited by malicious people to disclose sensitive information.

Full Advisory:
http://secunia.com/advisories/33252/ 

 --

[SA33250] Constructr CMS "show_page" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2008-12-22

A vulnerability has been discovered in Constructr CMS, which can be
exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/33250/ 

 --

[SA33248] REDPEACH CMS "zv" SQL Injection Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2008-12-23

Lidloses_Auge has reported some vulnerabilities in REDPEACH CMS, which
can be exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/33248/ 

 --

[SA33246] TYPO3 phpMyAdmin Extension Cross-Site Request Forgery

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2008-12-23

A vulnerability has been reported in the phpMyAdmin (phpmyadmin)
extension for TYPO3, which can be exploited by malicious people to
conduct cross-site request forgery attacks.

Full Advisory:
http://secunia.com/advisories/33246/ 

 --

[SA33311] Psi File Transfer Service Packet Parsing Vulnerabilities

Critical:    Less critical
Where:       From remote
Impact:      DoS
Released:    2008-12-24

sha0 has discovered some vulnerabilities in Psi, which can be exploited
by malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/33311/ 

 --

[SA33289] Fedora update for drupal-views

Critical:    Less critical
Where:       From remote
Impact:      Manipulation of data
Released:    2008-12-22

Fedora has issued an update for drupal-views. This fixes some
vulnerabilities, which can be exploited by malicious users to conduct
SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/33289/ 

 --

[SA33262] TYPO3 Vox populi Extension Cross-Site Scripting

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2008-12-23

A vulnerability has been reported in the Vox populi (mv_vox_populi)
extension for TYPO3, which can be exploited by malicious people to
conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/33262/ 

 --

[SA33256] TYPO3 DR Wiki Extension Cross-Site Scripting

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2008-12-23

A vulnerability has been reported in the DR Wiki (dr_wiki) extension
for TYPO3, which can be exploited by malicious people to conduct
cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/33256/ 

 --

[SA33293] QEMU VNC "protocol_client_msg()" Denial of Service

Critical:    Not critical
Where:       From local network
Impact:      DoS
Released:    2008-12-23

A security issue has been reported in QEMU, which can be exploited by
malicious users to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/33293/ 



=======================================================================
Secunia recommends that you verify all advisories you receive,
by clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only use
those supplied by the vendor.

Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/ 

Subscribe:
http://secunia.com/advisories/weekly_summary/ 

Contact details:
Web	: http://secunia.com/ 
E-mail	: support@secunia.com 
Tel	: +45 70 20 51 44
Fax	: +45 70 20 51 45


_______________________________________________      
Please help InfoSecNews.org with a donation!
http://www.infosecnews.org/donate.html 

Site design & layout copyright © 1986-2014 CodeGods