AOH :: ISNQ5728.HTM

Secunia Weekly Summary - Issue: 2008-23




Secunia Weekly Summary - Issue: 2008-23
Secunia Weekly Summary - Issue: 2008-23



=======================================================================
                  The Secunia Weekly Advisory Summary                  
                        2008-05-29 - 2008-06-05                        

                       This week: 102 advisories                       

=======================================================================Table of Contents:

1.....................................................Word From Secunia
2....................................................This Week In Brief
3...............................This Weeks Top Ten Most Read Advisories
4.......................................Vulnerabilities Summary Listing
5.......................................Vulnerabilities Content Listing

=======================================================================1) Word From Secunia:

Try the Secunia Network Software Inspector (NSI) 2.0 for free! The
Secunia NSI 2.0 is available as a 7-day trial download and can be used
to scan up to 3 hosts within your network.

Download the Secunia NSI trial version from:
https://psi.secunia.com/NSISetup.exe

=======================================================================2) This Week in Brief:

A vulnerability has been reported in Skype, which can be exploited by
malicious people to compromise a user's system.

The vulnerability is caused due to an error in the handling of "file:"
URIs, which can be exploited to bypass the security warning for
blacklisted file extensions e.g. via a "file:" URI containing upper
case characters in the file extension.

Successful exploitation allows execution of arbitrary code, but
requires that a user is tricked into clicking on a specially crafted
"file:" URI.

For more information, refer to:
http://secunia.com/advisories/30547/ 

 --

Secunia Research has discovered two vulnerabilities in Evolution, which
can be exploited by malicious people to compromise a user's system.

1) A boundary error exists when parsing timezone strings contained
within iCalendar attachments. This can be exploited to overflow a
static buffer via an overly long timezone string.

Successful exploitation allows execution of arbitrary code, but
requires that the ITip Formatter plugin is disabled.

2) A boundary error exists when replying to an iCalendar request while
in calendar view. This can be exploited to cause a heap-based buffer
overflow via an overly long "DESCRIPTION" property included in an
iCalendar attachment.

For more information, refer to:
http://secunia.com/advisories/30298/ 

 --

VIRUS ALERTS:

During the past week Secunia collected 128 virus descriptions from the
Antivirus vendors. However, none were deemed MEDIUM risk or higher
according to the Secunia assessment scale.

=======================================================================3) This Weeks Top Ten Most Read Advisories:

1.  [SA30228] Samba "receive_smb_raw()" Buffer Overflow Vulnerability
2.  [SA30430] Apple Mac OS X Security Update Fixes Multiple
              Vulnerabilities
3.  [SA30428] FFFTP Directory Download Directory Traversal
              Vulnerability
4.  [SA28083] Adobe Flash Player Multiple Vulnerabilities
5.  [SA30482] Sun Solaris crontab Privilege Escalation Vulnerability
6.  [SA30432] Symantec Backup Exec System Recovery Manager Directory
              Traversal
7.  [SA30446] Gold Wave Editor NCTAudioFile2 ActiveX Control Buffer
              Overflow
8.  [SA30459] Color7 Technology Products NCTAudioFile2 ActiveX Control
              Buffer Overflow
9.  [SA30439] audiotoolsfactory.com Products NCTAudioFile2 ActiveX
              Control Buffer Overflow
10. [SA30455] DVBBS login.asp SQL Injection Vulnerability

=======================================================================4) Vulnerabilities Summary Listing

Windows:
[SA30469] Ourgame GLWorld GLIEDown2.dll ActiveX Control
Vulnerabilities
[SA30537] Akamai Download Manager Arbitrary File Download
Vulnerability
[SA30533] Magic Rm AVI Mpeg to MP3 Converter & Editor NCTSoft ActiveX
Controls Buffer Overflows
[SA30531] Code-it Software Products NCTAudioGrabber2 ActiveX Control
Buffer Overflows
[SA30530] Ease MP3 Recorder NCTAudioFile2 ActiveX Control Buffer
Overflow
[SA30529] Ease Jukebox NCTSoft ActiveX Controls Buffer Overflow
Vulnerabilities
[SA30528] MightSOFT Products NCTSoft ActiveX Controls Buffer Overflow
Vulnerabilities
[SA30525] Saga CD Ripper NCTAudioGrabber2 ActiveX Control Buffer
Overflows
[SA30518] CA Secure Content Manager Multiple Vulnerabilities
[SA30516] HP Instant Support HPISDataManager.dll ActiveX Control
Multiple Vulnerabilities
[SA30512] Icona SpA DownloaderActiveX ActiveX Control Module Code
Execution Vulnerability
[SA30511] goodvdsoft.com Products NCTAudioFile2 ActiveX Control Buffer
Overflow
[SA30510] Akram Software Products NCTAudioFile2 ActiveX Control Buffer
Overflow
[SA30509] ColorfulSoft Products NCTAudioFile2 ActiveX Control Buffer
Overflow
[SA30508] ALO Software Products NCTAudioFile2 ActiveX Control Buffer
Overflow
[SA30506] Cool Record Edit NCTAudioFile2 ActiveX Control Buffer
Overflow
[SA30501] QuickerSite Multiple Vulnerabilities
[SA30497] Alt-N SecurityGateway "username" Buffer Overflow
Vulnerability
[SA30489] rPath update for samba
[SA30467] Apple Safari on Windows Code Execution Vulnerability
[SA30459] Color7 Technology Products NCTAudioFile2 ActiveX Control
Buffer Overflow
[SA30458] Audio Editor Plus NCTSoft ActiveX Controls Buffer Overflow
Vulnerabilities
[SA30457] Powerful Audio Tool NCTAudioInformation2.dll ActiveX Control
Buffer Overflow
[SA30456] Crystal MP3 Recorder NCTAudioInformation2.dll ActiveX Control
Buffer Overflow
[SA30454] Easy Audio Redactor NCTSoft ActiveX Controls Buffer Overflow
Vulnerabilities
[SA30453] Total Audio Recorder and Editor NCTSoft ActiveX Controls
Buffer Overflow Vulnerabilities
[SA30452] My Phone Files Media Studio NCTSoft ActiveX Controls Buffer
Overflow Vulnerabilities
[SA30451] Total Audio Capture NCTSoft ActiveX Controls Buffer Overflow
Vulnerabilities
[SA30450] Digital Smart Software Products NCTAudioFile2 ActiveX Control
Buffer Overflow
[SA30447] HiFi Software Products NCTAudioFile2 ActiveX Control Buffer
Overflow
[SA30446] Gold Wave Editor NCTAudioFile2 ActiveX Control Buffer
Overflow
[SA30547] Skype File URI Code Execution Vulnerability
[SA30503] Battle Blog "entry" SQL Injection Vulnerability
[SA30498] freeSSHd SFTP Directory Buffer Overflow Vulnerability
[SA30487] Sleipnir Script Execution Vulnerability
[SA30474] MDaemon WorldClient Multiple Vulnerabilities
[SA30455] DVBBS login.asp SQL Injection Vulnerability
[SA30502] HP StorageWorks Storage Mirroring Software Buffer Overflow
[SA30532] BitKinex WebDAV and FTP Clients Directory Traversal
Vulnerability
[SA30481] DotNetNuke Cross-Site Scripting Vulnerability
[SA30534] Kaspersky Products kl1.sys Driver Buffer Overflow
Vulnerability

UNIX/Linux:
[SA30546] NASA BigView PPM File Processing Buffer Overflow
[SA30543] SUSE update for samba
[SA30536] Red Hat update for evolution
[SA30535] VMware ESX Server Multiple Security Updates
[SA30527] Red Hat update for evolution and evolution28
[SA30507] Sun Solaris update for Adobe Flash Player
[SA30491] rPath update for evolution
[SA30485] Fedora update for imlib2
[SA30478] Debian update for samba
[SA30449] Fedora update for samba
[SA30555] Asterisk Addons "ooh323" Denial of Service Vulnerability
[SA30538] Sun Solaris "inet_network()" Off-By-One Vulnerability
[SA30521] Gentoo update for libxslt
[SA30517] Asterisk "pedantic" SIP Processing Denial of Service
[SA30499] Linux Kernel Denial of Service Vulnerabilities
[SA30486] Fedora update for libpng
[SA30479] Debian update for libvorbis
[SA30460] Fedora update for openssl
[SA30553] Red Hat update for cups
[SA30484] Solaris Samba Multiple Vulnerabilities
[SA30473] Avaya CMS Solaris Print Service Unspecified Vulnerabilities
[SA30475] GreenSQL-Console Cross-Site Scripting and Information
Disclosure
[SA30522] Gentoo update for mtr
[SA30542] Avaya CMS Solaris crontab Privilege Escalation Vulnerability
[SA30515] Ubuntu update for linux
[SA30483] Sun Cluster Global File System Unspecified Vulnerability
[SA30482] Sun Solaris crontab Privilege Escalation Vulnerability

Other:
[SA30552] Cisco ASA and PIX Security Appliances Multiple
Vulnerabilities

Cross Platform:
[SA30523] Sun Java System Active Server Pages Multiple Vulnerabilities
[SA30472] LokiCMS admin.php Authentication Bypass Vulnerability
[SA30463] CMSimple File Upload and Local File Inclusion
[SA30462] Social Site Generator Multiple Vulnerabilities
[SA30541] Joomla JotLoader Component "cid" SQL Injection
[SA30540] PHP Address Book Cross-Site Scripting and SQL Injection
[SA30526] IBM WebSphere Application Server Web Services Unspecified
Vulnerability
[SA30520] 427BB SQL Injection and Cross-Site Scripting vulnerabilities
[SA30513] Joomla JoomRadio Component "id" SQL Injection
[SA30505] Joomla IDoBlog Component "userid" SQL Injection
[SA30504] OtomiGenX "userAccount" SQL Injection Vulnerability
[SA30496] PassWiki "site_id" Local File Inclusion Vulnerability
[SA30495] LimeSurvey Multiple Vulnerabilities
[SA30494] CMS Easyway "mid" SQL Injection Vulnerability
[SA30493] Joomla PrayerCenter Component "id" SQL Injection
Vulnerability
[SA30492] Joomla Bible Study Component "id" SQL Injection
[SA30490] Joomla MyContent Component "id" SQL Injection
[SA30480] TorrentTrader "info_hash" SQL Injection Vulnerability
[SA30477] SMEweb Multiple Vulnerabilities
[SA30468] ikiwiki Empty Passwords Security Issue
[SA30465] HiveMaker Professional "cid" SQL Injection Vulnerability
[SA30464] PsychoStats Multiple SQL Injection Vulnerabilities
[SA30461] Joomla Simple Shop Galore Component "catid" SQL Injection
[SA30448] CMS from Scratch Information Disclosure and File Upload
[SA30557] SamTodo "tid" and "completed" Cross-Site Scripting
Vulnerabilities
[SA30551] Slash Cross-Site Scripting and SQL Injection
[SA30524] phpInstantGallery Multiple Cross-Site Scripting
Vulnerabilities
[SA30500] Apache Tomcat Host Manager "name" Cross-Site Scripting
[SA30488] meBiblio Multiple Cross-Site Scripting Vulnerabilities
[SA30466] Kaya CGI Framework HTTP Header Injection Vulnerability
[SA30556] VMware Products Multiple Vulnerabilities
[SA30476] VMware Products Multiple Vulnerabilities
[SA30545] Sun Service Tag Registry Local Denial of Service Weakness

=======================================================================5) Vulnerabilities Content Listing

Windows:--

[SA30469] Ourgame GLWorld GLIEDown2.dll ActiveX Control
Vulnerabilities

Critical:    Extremely critical
Where:       From remote
Impact:      System access
Released:    2008-06-02

Multiple vulnerabilities have been discovered in the GLIEDown2.dll
ActiveX control bundled with Ourgame GLWorld, which can be exploited by
malicious people to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/30469/ 

 --

[SA30537] Akamai Download Manager Arbitrary File Download
Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2008-06-05

A vulnerability has been reported in Akamai Download Manager, which can
be exploited by malicious people to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/30537/ 

 --

[SA30533] Magic Rm AVI Mpeg to MP3 Converter & Editor NCTSoft ActiveX
Controls Buffer Overflows

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2008-06-04

Some vulnerabilities have been discovered in Magic Rm AVI Mpeg to MP3
Converter & Editor, which can be exploited by malicious people to
compromise a user's system.

Full Advisory:
http://secunia.com/advisories/30533/ 

 --

[SA30531] Code-it Software Products NCTAudioGrabber2 ActiveX Control
Buffer Overflows

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2008-06-04

Some vulnerabilities have been discovered in various Code-it Software
products, which can be exploited by malicious people to compromise a
user's system.

Full Advisory:
http://secunia.com/advisories/30531/ 

 --

[SA30530] Ease MP3 Recorder NCTAudioFile2 ActiveX Control Buffer
Overflow

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2008-06-04

A vulnerability has been discovered in Ease MP3 Recorder, which can be
exploited by malicious people to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/30530/ 

 --

[SA30529] Ease Jukebox NCTSoft ActiveX Controls Buffer Overflow
Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2008-06-04

Some vulnerabilities have been discovered in Ease Jukebox, which can be
exploited by malicious people to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/30529/ 

 --

[SA30528] MightSOFT Products NCTSoft ActiveX Controls Buffer Overflow
Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2008-06-04

Some vulnerabilities have been discovered in various MightSOFT
products, which can be exploited by malicious people to compromise a
user's system.

Full Advisory:
http://secunia.com/advisories/30528/ 

 --

[SA30525] Saga CD Ripper NCTAudioGrabber2 ActiveX Control Buffer
Overflows

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2008-06-04

Some vulnerabilities have been discovered in Saga CD Ripper, which can
be exploited by malicious people to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/30525/ 

 --

[SA30518] CA Secure Content Manager Multiple Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2008-06-04

Some vulnerabilities have been reported in CA eTrust Content Manager,
which can be exploited by malicious people to cause a DoS (Denial of
Service) or compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/30518/ 

 --

[SA30516] HP Instant Support HPISDataManager.dll ActiveX Control
Multiple Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2008-06-04

Some vulnerabilities have been reported in HP Instant Support, which
potentially can be exploited by malicious people to bypass certain
security restrictions and compromise a user's system.

Full Advisory:
http://secunia.com/advisories/30516/ 

 --

[SA30512] Icona SpA DownloaderActiveX ActiveX Control Module Code
Execution Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2008-06-04

Nine:Situations:Group::SnoopyAssault has discovered a vulnerability in
Icona SpA DownloaderActiveX ActiveX Control Module, which can be
exploited by malicious people to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/30512/ 

 --

[SA30511] goodvdsoft.com Products NCTAudioFile2 ActiveX Control Buffer
Overflow

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2008-06-03

A vulnerability has been discovered in various goodvdsoft.com products,
which can be exploited by malicious people to compromise a user's
system.

Full Advisory:
http://secunia.com/advisories/30511/ 

 --

[SA30510] Akram Software Products NCTAudioFile2 ActiveX Control Buffer
Overflow

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2008-06-03

A vulnerability has been discovered in various Akram Software products,
which can be exploited by malicious people to compromise a user's
system.

Full Advisory:
http://secunia.com/advisories/30510/ 

 --

[SA30509] ColorfulSoft Products NCTAudioFile2 ActiveX Control Buffer
Overflow

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2008-06-03

A vulnerability has been discovered in various ColorfulSoft products,
which can be exploited by malicious people to compromise a user's
system.

Full Advisory:
http://secunia.com/advisories/30509/ 

 --

[SA30508] ALO Software Products NCTAudioFile2 ActiveX Control Buffer
Overflow

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2008-06-03

A vulnerability has been discovered in various ALO Software products,
which can be exploited by malicious people to compromise a user's
system.

Full Advisory:
http://secunia.com/advisories/30508/ 

 --

[SA30506] Cool Record Edit NCTAudioFile2 ActiveX Control Buffer
Overflow

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2008-06-03

A vulnerability has been discovered in Cool Record Edit, which can be
exploited by malicious people to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/30506/ 

 --

[SA30501] QuickerSite Multiple Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      Security Bypass, Cross Site Scripting, Manipulation of
data, Exposure of system information, System access
Released:    2008-06-04

AmnPardaz Security Research Team has reported multiple vulnerabilities
in QuickerSite, which can be exploited by malicious people to bypass
certain security restrictions, conduct cross-site scripting attacks,
script insertion attacks, SQL injection attacks, and potentially
compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/30501/ 

 --

[SA30497] Alt-N SecurityGateway "username" Buffer Overflow
Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2008-06-02

securfrog has discovered a vulnerability in Alt-N SecurityGateway,
which can be exploited by malicious people to compromise a vulnerable
system.

Full Advisory:
http://secunia.com/advisories/30497/ 

 --

[SA30489] rPath update for samba

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2008-06-03

rPath has issued an update for samba. This fixes a vulnerability, which
can be exploited by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/30489/ 

 --

[SA30467] Apple Safari on Windows Code Execution Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2008-06-02

A vulnerability has been reported in Apple Safari in combination with
Microsoft Windows, which can be exploited by malicious people to
compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/30467/ 

 --

[SA30459] Color7 Technology Products NCTAudioFile2 ActiveX Control
Buffer Overflow

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2008-05-30

A vulnerability has been discovered in various Color7 Technology
products, which can be exploited by malicious people to compromise a
user's system.

Full Advisory:
http://secunia.com/advisories/30459/ 

 --

[SA30458] Audio Editor Plus NCTSoft ActiveX Controls Buffer Overflow
Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2008-05-30

Some vulnerabilities have been discovered in Audio Editor Plus, which
can be exploited by malicious people to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/30458/ 

 --

[SA30457] Powerful Audio Tool NCTAudioInformation2.dll ActiveX Control
Buffer Overflow

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2008-05-30

A vulnerability has been discovered in Powerful Audio Tool, which can
be exploited by malicious people to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/30457/ 

 --

[SA30456] Crystal MP3 Recorder NCTAudioInformation2.dll ActiveX Control
Buffer Overflow

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2008-05-30

A vulnerability has been discovered in Crystal MP3 Recorder, which can
be exploited by malicious people to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/30456/ 

 --

[SA30454] Easy Audio Redactor NCTSoft ActiveX Controls Buffer Overflow
Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2008-05-30

Some vulnerabilities have been discovered in Easy Audio Redactor, which
can be exploited by malicious people to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/30454/ 

 --

[SA30453] Total Audio Recorder and Editor NCTSoft ActiveX Controls
Buffer Overflow Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2008-05-30

Some vulnerabilities have been discovered in Total Audio Recorder and
Editor, which can be exploited by malicious people to compromise a
user's system.

Full Advisory:
http://secunia.com/advisories/30453/ 

 --

[SA30452] My Phone Files Media Studio NCTSoft ActiveX Controls Buffer
Overflow Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2008-05-30

Some vulnerabilities have been discovered in My Phone Files Media
Studio, which can be exploited by malicious people to compromise a
user's system.

Full Advisory:
http://secunia.com/advisories/30452/ 

 --

[SA30451] Total Audio Capture NCTSoft ActiveX Controls Buffer Overflow
Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2008-05-30

Some vulnerabilities have been discovered in Total Audio Capture, which
can be exploited by malicious people to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/30451/ 

 --

[SA30450] Digital Smart Software Products NCTAudioFile2 ActiveX Control
Buffer Overflow

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2008-05-30

A vulnerability has been discovered in Digital Smart Software products,
which can be exploited by malicious people to compromise a user's
system.

Full Advisory:
http://secunia.com/advisories/30450/ 

 --

[SA30447] HiFi Software Products NCTAudioFile2 ActiveX Control Buffer
Overflow

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2008-05-30

A vulnerability has been discovered in various HiFi products, which can
be exploited by malicious people to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/30447/ 

 --

[SA30446] Gold Wave Editor NCTAudioFile2 ActiveX Control Buffer
Overflow

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2008-05-30

A vulnerability has been discovered in Gold Wave Editor, which can be
exploited by malicious people to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/30446/ 

 --

[SA30547] Skype File URI Code Execution Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2008-06-05

A vulnerability has been reported in Skype, which can be exploited by
malicious people to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/30547/ 

 --

[SA30503] Battle Blog "entry" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2008-06-04

Bl@ckbe@rD has reported a vulnerability in Battle Blog, which can be
exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/30503/ 

 --

[SA30498] freeSSHd SFTP Directory Buffer Overflow Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2008-06-02

securfrog has discovered a vulnerability in freeSSHd, which can be
exploited by malicious users to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/30498/ 

 --

[SA30487] Sleipnir Script Execution Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass
Released:    2008-06-04

A vulnerability has been reported in Sleipnir, which can be exploited
by malicious people to execute arbitrary script code.

Full Advisory:
http://secunia.com/advisories/30487/ 

 --

[SA30474] MDaemon WorldClient Multiple Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2008-06-03

securfrog has discovered some vulnerabilities in MDaemon, which can be
exploited by malicious people to cause a DoS (Denial of Service) and by
malicious users to potentially compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/30474/ 

 --

[SA30455] DVBBS login.asp SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2008-05-30

hackerb has reported a vulnerability in DVBBS, which can be exploited
by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/30455/ 

 --

[SA30502] HP StorageWorks Storage Mirroring Software Buffer Overflow

Critical:    Moderately critical
Where:       From local network
Impact:      System access
Released:    2008-06-03

A vulnerability has been reported in HP StorageWorks Storage Mirroring
Software, which can be exploited by malicious people to compromise a
vulnerable system.

Full Advisory:
http://secunia.com/advisories/30502/ 

 --

[SA30532] BitKinex WebDAV and FTP Clients Directory Traversal
Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      System access
Released:    2008-06-04

Tan Chew Keong has reported two vulnerabilities in BitKinex, which can
be exploited by malicious people to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/30532/ 

 --

[SA30481] DotNetNuke Cross-Site Scripting Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2008-06-02

AmnPardaz Security Research Team have reported a vulnerability in
DotNetNuke, which can be exploited by malicious people to conduct
cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/30481/ 

 --

[SA30534] Kaspersky Products kl1.sys Driver Buffer Overflow
Vulnerability

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2008-06-04

A vulnerability has been reported in some Kaspersky products, which can
be exploited by malicious, local users to gain escalated privileges.

Full Advisory:
http://secunia.com/advisories/30534/ 


UNIX/Linux:--

[SA30546] NASA BigView PPM File Processing Buffer Overflow

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2008-06-05

Core Security Technologies has reported a vulnerability in NASA
BigView, which can be exploited by malicious people to compromise a
user's system.

Full Advisory:
http://secunia.com/advisories/30546/ 

 --

[SA30543] SUSE update for samba

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2008-06-05

SUSE has issued an update for samba. This fixes a vulnerability, which
can be exploited by malicious people to compromise a vulnerable
system.

Full Advisory:
http://secunia.com/advisories/30543/ 

 --

[SA30536] Red Hat update for evolution

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2008-06-04

Red Hat has issued an update for evolution. This fixes a vulnerability,
which can be exploited by malicious people to compromise a user's
system.

Full Advisory:
http://secunia.com/advisories/30536/ 

 --

[SA30535] VMware ESX Server Multiple Security Updates

Critical:    Highly critical
Where:       From remote
Impact:      Exposure of sensitive information, DoS, System access
Released:    2008-06-05

VMware has issued an update for VMware ESX Server. This fixes some
vulnerabilities, which can be exploited by malicious people to disclose
potentially sensitive information, cause a DoS (Denial of Service), or
potentially compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/30535/ 

 --

[SA30527] Red Hat update for evolution and evolution28

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2008-06-04

Red Hat has issued an update for evolution and evolution28. This fixes
two vulnerabilities, which can be exploited by malicious people to
compromise a user's system.

Full Advisory:
http://secunia.com/advisories/30527/ 

 --

[SA30507] Sun Solaris update for Adobe Flash Player

Critical:    Highly critical
Where:       From remote
Impact:      Security Bypass, Cross Site Scripting, Manipulation of
data, Exposure of sensitive information, Privilege escalation, DoS,
System access
Released:    2008-06-03

Sun has issued an update for Adobe Flash Player. This fixes some
vulnerabilities where one has an unknown impact and others can be
exploited by malicious, local users to gain escalated privileges, and
by malicious people to bypass certain security restrictions, conduct
cross-site scripting and HTTP request splitting attacks, disclose
sensitive information, cause a Denial of Service (DoS), or to
potentially compromise a user's system.

Full Advisory:
http://secunia.com/advisories/30507/ 

 --

[SA30491] rPath update for evolution

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2008-06-03

rPath has issued an update for evolution. This fixes a vulnerability,
which can be exploited by malicious people to compromise a user's
system.

Full Advisory:
http://secunia.com/advisories/30491/ 

 --

[SA30485] Fedora update for imlib2

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2008-06-03

Fedora has issued an update for imlib2. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service) or compromise an application using the library.

Full Advisory:
http://secunia.com/advisories/30485/ 

 --

[SA30478] Debian update for samba

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2008-06-02

Debian has issued an update for samba. This fixes a vulnerability,
which can be exploited by malicious people to compromise a vulnerable
system.

Full Advisory:
http://secunia.com/advisories/30478/ 

 --

[SA30449] Fedora update for samba

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2008-06-02

Fedora has issued an update for samba. This fixes a vulnerability,
which can be exploited by malicious people to compromise a vulnerable
system.

Full Advisory:
http://secunia.com/advisories/30449/ 

 --

[SA30555] Asterisk Addons "ooh323" Denial of Service Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2008-06-05

A vulnerability has been reported in Asterisk Addons, which can be
exploited by malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/30555/ 

 --

[SA30538] Sun Solaris "inet_network()" Off-By-One Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2008-06-05

Sun has acknowledged a vulnerability in Solaris, which can be exploited
by malicious people to cause a DoS (Denial of Service) or to potentially
compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/30538/ 

 --

[SA30521] Gentoo update for libxslt

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2008-06-04

Gentoo has issued an update for libxslt. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service) and potentially to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/30521/ 

 --

[SA30517] Asterisk "pedantic" SIP Processing Denial of Service

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2008-06-04

A vulnerability has been reported in Asterisk, which can be exploited
by malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/30517/ 

 --

[SA30499] Linux Kernel Denial of Service Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2008-06-02

Some vulnerabilities have been reported in the Linux Kernel, which can
be exploited by malicious, local users and malicious people to cause a
DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/30499/ 

 --

[SA30486] Fedora update for libpng

Critical:    Moderately critical
Where:       From remote
Impact:      Exposure of sensitive information, DoS, System access
Released:    2008-06-03

Fedora has issued an update for libpng. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service), disclose potentially sensitive information, or potentially
compromise an application using the library.

Full Advisory:
http://secunia.com/advisories/30486/ 

 --

[SA30479] Debian update for libvorbis

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2008-06-03

Debian has issued an update for libvorbis. This fixes some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service) and potentially to compromise an application
using the library.

Full Advisory:
http://secunia.com/advisories/30479/ 

 --

[SA30460] Fedora update for openssl

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2008-06-02

Fedora has issued an update for openssl. This fixes some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/30460/ 

 --

[SA30553] Red Hat update for cups

Critical:    Moderately critical
Where:       From local network
Impact:      System access
Released:    2008-06-05

Red Hat has issued an update for cups. This fixes a vulnerability,
which can be exploited by malicious people to compromise a vulnerable
system.

Full Advisory:
http://secunia.com/advisories/30553/ 

 --

[SA30484] Solaris Samba Multiple Vulnerabilities

Critical:    Moderately critical
Where:       From local network
Impact:      System access
Released:    2008-06-02

Sun has acknowledged some vulnerabilities in Solaris, which can be
exploited by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/30484/ 

 --

[SA30473] Avaya CMS Solaris Print Service Unspecified Vulnerabilities

Critical:    Moderately critical
Where:       From local network
Impact:      System access
Released:    2008-06-02

Avaya has acknowledged some vulnerabilities in Avaya CMS, which can be
exploited by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/30473/ 

 --

[SA30475] GreenSQL-Console Cross-Site Scripting and Information
Disclosure

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting, Exposure of system information
Released:    2008-06-02

Some vulnerabilities and a weakness have been reported in
GreenSQL-Console, which can be exploited by malicious people to
disclose system information or conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/30475/ 

 --

[SA30522] Gentoo update for mtr

Critical:    Less critical
Where:       From local network
Impact:      System access
Released:    2008-06-04

Gentoo has issued an update for mtr. This fixes a vulnerability, which
can be exploited by malicious people to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/30522/ 

 --

[SA30542] Avaya CMS Solaris crontab Privilege Escalation Vulnerability

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2008-06-05

Avaya has acknowledged a vulnerability in Avaya CMS, which can be
exploited by malicious, local users to gain escalated privileges.

Full Advisory:
http://secunia.com/advisories/30542/ 

 --

[SA30515] Ubuntu update for linux

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation, DoS
Released:    2008-06-04

Ubuntu has issued an update for the kernel. This fixes a security issue
and some vulnerabilities, which can be exploited by malicious, local
users to cause a DoS (Denial of Service) or gain escalated privileges.

Full Advisory:
http://secunia.com/advisories/30515/ 

 --

[SA30483] Sun Cluster Global File System Unspecified Vulnerability

Critical:    Less critical
Where:       Local system
Impact:      Manipulation of data, Exposure of system information,
Exposure of sensitive information
Released:    2008-06-02

A vulnerability has been reported in Sun Cluster, which can be
exploited by malicious, local users to disclose sensitive information
or potentially manipulate certain data.

Full Advisory:
http://secunia.com/advisories/30483/ 

 --

[SA30482] Sun Solaris crontab Privilege Escalation Vulnerability

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2008-06-02

A vulnerability has been reported in Sun Solaris, which can be
exploited by malicious, local users to gain escalated privileges.

Full Advisory:
http://secunia.com/advisories/30482/ 


Other:--

[SA30552] Cisco ASA and PIX Security Appliances Multiple
Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass, DoS
Released:    2008-06-05

Some vulnerabilities have been reported in Cisco ASA and PIX
appliances, which can be exploited by malicious people to bypass
certain security restrictions or to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/30552/ 


Cross Platform:--

[SA30523] Sun Java System Active Server Pages Multiple Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      Security Bypass, Manipulation of data, Exposure of system
information, Exposure of sensitive information, System access
Released:    2008-06-04

Some vulnerabilities and a security issue have been reported in Sun
Java System Active Server Pages, which can be exploited by malicious
users to compromise a vulnerable system, and by malicious people to
disclose sensitive information, manipulate certain data, bypass certain
security restrictions, or to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/30523/ 

 --

[SA30472] LokiCMS admin.php Authentication Bypass Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      Security Bypass, System access
Released:    2008-06-02

trueend5 has discovered a vulnerability in LokiCMS, which can be
exploited by malicious people to bypass certain security restrictions
and compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/30472/ 

 --

[SA30463] CMSimple File Upload and Local File Inclusion

Critical:    Highly critical
Where:       From remote
Impact:      Security Bypass, Exposure of system information, Exposure
of sensitive information, System access
Released:    2008-06-02

irk4z has reported two vulnerabilities in CMSimple, which can be
exploited by malicious people to disclose sensitive information and
compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/30463/ 

 --

[SA30462] Social Site Generator Multiple Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      Manipulation of data, Exposure of system information,
Exposure of sensitive information, System access
Released:    2008-06-02

Some vulnerabilities have been reported in Social Site Generator, which
can be exploited by malicious people to disclose sensitive information,
conduct SQL injection attacks, and compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/30462/ 

 --

[SA30541] Joomla JotLoader Component "cid" SQL Injection

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data, Exposure of sensitive information
Released:    2008-06-05

His0k4 has discovered a vulnerability in the JotLoader component for
Joomla!, which can be exploited by malicious people to conduct SQL
injection attacks.

Full Advisory:
http://secunia.com/advisories/30541/ 

 --

[SA30540] PHP Address Book Cross-Site Scripting and SQL Injection

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting, Manipulation of data
Released:    2008-06-05

CWH Underground has reported some vulnerabilities in PHP Address Book,
which can be exploited by malicious people to conduct cross-site
scripting and SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/30540/ 

 --

[SA30526] IBM WebSphere Application Server Web Services Unspecified
Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Unknown
Released:    2008-06-04

A vulnerability with an unknown impact has been reported in IBM
WebSphere Application Server.

Full Advisory:
http://secunia.com/advisories/30526/ 

 --

[SA30520] 427BB SQL Injection and Cross-Site Scripting vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting, Manipulation of data
Released:    2008-06-05

CWH Underground has discovered some vulnerabilities in 427BB, which can
be exploited by malicious people to conduct cross-site scripting and SQL
injection attacks.

Full Advisory:
http://secunia.com/advisories/30520/ 

 --

[SA30513] Joomla JoomRadio Component "id" SQL Injection

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data, Exposure of sensitive information
Released:    2008-06-04

His0k4 has discovered two vulnerabilities in the JoomRadio component
for Joomla!, which can be exploited by malicious people to conduct SQL
injection attacks.

Full Advisory:
http://secunia.com/advisories/30513/ 

 --

[SA30505] Joomla IDoBlog Component "userid" SQL Injection

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2008-06-04

His0k4 has discovered a vulnerability in the IDoBlog component for
Joomla!, which can be exploited by malicious people to conduct SQL
injection attacks.

Full Advisory:
http://secunia.com/advisories/30505/ 

 --

[SA30504] OtomiGenX "userAccount" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2008-06-03

virangar security team (hadihadi) has discovered a vulnerability in
OtomiGenX, which can be exploited by malicious people to conduct SQL
injection attacks.

Full Advisory:
http://secunia.com/advisories/30504/ 

 --

[SA30496] PassWiki "site_id" Local File Inclusion Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Exposure of sensitive information
Released:    2008-06-02

A vulnerability has been reported in PassWiki, which can be exploited
by malicious people to disclose sensitive information.

Full Advisory:
http://secunia.com/advisories/30496/ 

 --

[SA30495] LimeSurvey Multiple Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Unknown, Cross Site Scripting
Released:    2008-06-03

Some vulnerabilities have been reported in LimeSurvey, where some have
unknown impacts and others can be exploited by malicious people to
conduct cross-site request forgery attacks.

Full Advisory:
http://secunia.com/advisories/30495/ 

 --

[SA30494] CMS Easyway "mid" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data, Exposure of sensitive information
Released:    2008-06-04

Lidloses_Auge has reported a vulnerability in CMS Easyway, which can be
exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/30494/ 

 --

[SA30493] Joomla PrayerCenter Component "id" SQL Injection
Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2008-06-02

His0k4 has discovered a vulnerability in the PrayerCenter component for
Joomla, which can be exploited by malicious people to conduct SQL
injection attacks.

Full Advisory:
http://secunia.com/advisories/30493/ 

 --

[SA30492] Joomla Bible Study Component "id" SQL Injection

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data, Exposure of sensitive information
Released:    2008-06-03

Stack & Jadi have reported a vulnerability in the Bible Study component
for Joomla!, which can be exploited by malicious people to conduct SQL
injection attacks.

Full Advisory:
http://secunia.com/advisories/30492/ 

 --

[SA30490] Joomla MyContent Component "id" SQL Injection

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data, Exposure of sensitive information
Released:    2008-06-02

His0k4 has discovered a vulnerability in the MyContent component for
Joomla!, which can be exploited by malicious people to conduct SQL
injection attacks.

Full Advisory:
http://secunia.com/advisories/30490/ 

 --

[SA30480] TorrentTrader "info_hash" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data, Exposure of sensitive information
Released:    2008-06-02

Charles Vaughn has reported a vulnerability in TorrentTrader, which can
be exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/30480/ 

 --

[SA30477] SMEweb Multiple Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting, Manipulation of data
Released:    2008-06-03

CWH Underground has discovered some vulnerabilities in SMEweb, which
can be exploited by malicious people to conduct cross-site scripting
and SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/30477/ 

 --

[SA30468] ikiwiki Empty Passwords Security Issue

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass
Released:    2008-06-02

A security issue has been reported in ikiwiki, which can be exploited
by malicious people to bypass certain security restrictions.

Full Advisory:
http://secunia.com/advisories/30468/ 

 --

[SA30465] HiveMaker Professional "cid" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2008-06-03

M.Hasran Addahroni has reported a vulnerability in HiveMaker
Professional, which can be exploited by malicious people to conduct SQL
injection attacks.

Full Advisory:
http://secunia.com/advisories/30465/ 

 --

[SA30464] PsychoStats Multiple SQL Injection Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2008-06-02

Mr.SQL has reported some vulnerabilities in PsychoStats, which can be
exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/30464/ 

 --

[SA30461] Joomla Simple Shop Galore Component "catid" SQL Injection

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data, Exposure of sensitive information
Released:    2008-06-05

His0k4 has discovered a vulnerability in the Simple Shop Galore
component for Joomla!, which can be exploited by malicious people to
conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/30461/ 

 --

[SA30448] CMS from Scratch Information Disclosure and File Upload

Critical:    Moderately critical
Where:       From remote
Impact:      Exposure of system information, Exposure of sensitive
information, System access
Released:    2008-05-30

Stack has discovered some vulnerabilities in CMS from Scratch, which
can be exploited by malicious users to disclose sensitive information
and to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/30448/ 

 --

[SA30557] SamTodo "tid" and "completed" Cross-Site Scripting
Vulnerabilities

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2008-06-05

David Sopas Ferreira has discovered some vulnerabilities in SamTodo,
which can be exploited by malicious people to conduct cross-site
scripting attacks.

Full Advisory:
http://secunia.com/advisories/30557/ 

 --

[SA30551] Slash Cross-Site Scripting and SQL Injection

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting, Manipulation of data
Released:    2008-06-05

Some vulnerabilities have been reported in Slash, which can be
exploited by malicious users to conduct SQL injection attacks and by
malicious people to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/30551/ 

 --

[SA30524] phpInstantGallery Multiple Cross-Site Scripting
Vulnerabilities

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2008-06-05

Some vulnerabilities have been discovered in phpInstantGallery, which
can be exploited by malicious people to conduct cross-site scripting
attacks.

Full Advisory:
http://secunia.com/advisories/30524/ 

 --

[SA30500] Apache Tomcat Host Manager "name" Cross-Site Scripting

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2008-06-03

A vulnerability has been reported in Tomcat, which can be exploited by
malicious people to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/30500/ 

 --

[SA30488] meBiblio Multiple Cross-Site Scripting Vulnerabilities

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2008-06-03

CWH Underground has discovered some vulnerabilities in meBiblio, which
can be exploited by malicious people to conduct cross-site scripting
attacks.

Full Advisory:
http://secunia.com/advisories/30488/ 

 --

[SA30466] Kaya CGI Framework HTTP Header Injection Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2008-06-02

A vulnerability has been reported in Kaya, which can be exploited by
malicious people to conduct HTTP header injection attacks.

Full Advisory:
http://secunia.com/advisories/30466/ 

 --

[SA30556] VMware Products Multiple Vulnerabilities

Critical:    Less critical
Where:       Local system
Impact:      Security Bypass, Privilege escalation
Released:    2008-06-05

Some vulnerabilities have been reported in multiple VMware Products,
which can be exploited by malicious, local users to bypass certain
security restrictions or to gain escalated privileges.

Full Advisory:
http://secunia.com/advisories/30556/ 

 --

[SA30476] VMware Products Multiple Vulnerabilities

Critical:    Less critical
Where:       Local system
Impact:      Security Bypass, Privilege escalation
Released:    2008-06-02

Some vulnerabilities have been reported in multiple VMware products,
which can be exploited by malicious, local users to bypass certain
security restrictions or to gain escalated privileges.

Full Advisory:
http://secunia.com/advisories/30476/ 

 --

[SA30545] Sun Service Tag Registry Local Denial of Service Weakness

Critical:    Not critical
Where:       Local system
Impact:      DoS
Released:    2008-06-05

A weakness has been reported in Sun Service Tag, which can be exploited
by malicious, local users to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/30545/ 



=======================================================================
Secunia recommends that you verify all advisories you receive,
by clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only use
those supplied by the vendor.

Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/ 

Subscribe:
http://secunia.com/secunia_weekly_summary/ 

Contact details:
Web	: http://secunia.com/ 
E-mail	: support@secunia.com 
Tel	: +45 70 20 51 44
Fax	: +45 70 20 51 45


_______________________________________________      
Attend Black Hat USA, August 2-7 in Las Vegas, 
the world's premier technical event for ICT security experts.
Featuring 40 hands-on training courses and 80 Briefings 
presentations with lots of new content and new tools.
Network with 4,000 delegates from 50 nations.  
Visit product displays by 30 top sponsors in 
a relaxed setting. http://www.blackhat.com 

Site design & layout copyright © 1986-2014 CodeGods