AOH :: ISNQ5852.HTM

Secunia Weekly Summary - Issue: 2008-27




Secunia Weekly Summary - Issue: 2008-27
Secunia Weekly Summary - Issue: 2008-27



=======================================================================
                  The Secunia Weekly Advisory Summary                  
                        2008-06-26 - 2008-07-03                        

                       This week: 69 advisories                        

=======================================================================Table of Contents:

1.....................................................Word From Secunia
2....................................................This Week In Brief
3...............................This Weeks Top Ten Most Read Advisories
4.......................................Vulnerabilities Summary Listing
5.......................................Vulnerabilities Content Listing

=======================================================================1) Word From Secunia:

Try the Secunia Network Software Inspector (NSI) 2.0 for free! The
Secunia NSI 2.0 is available as a 7-day trial download and can be used
to scan up to 3 hosts within your network.

Download the Secunia NSI trial version from:
https://psi.secunia.com/NSISetup.exe

=======================================================================2) This Week in Brief:

sirdarckcat has discovered a vulnerability in Internet Explorer, which
can be exploited by malicious people to conduct spoofing attacks.

The problem is that it is possible for a website to modify the location
of another frame in another window by setting the location to an object
instead of a string. This can be exploited to load malicious content
into a frame of a trusted website.

For more information, refer to:
http://secunia.com/advisories/30851/ 

 --

Ph4nt0m Security Team has discovered a vulnerability in Internet
Explorer 6, which can be exploited by malicious people to conduct
cross-domain scripting attacks.

The vulnerability is caused due to an input validation error when
handling the "location" or "location.href" property of a window object.
This can be exploited by a malicious website to e.g. open a trusted site
and execute arbitrary script code in a user's browser session in context
of the trusted site.

For more information, refer to:
http://secunia.com/advisories/30857/ 

 --

VIRUS ALERTS:

During the past week Secunia collected 180 virus descriptions from the
Antivirus vendors. However, none were deemed MEDIUM risk or higher
according to the Secunia assessment scale.

=======================================================================3) This Weeks Top Ten Most Read Advisories:

1.  [SA30851] Internet Explorer 7 Frame Location Handling Vulnerability
2.  [SA30911] Mozilla Firefox Multiple Vulnerabilities
3.  [SA30857] Internet Explorer 6 Window "location" Handling
              Vulnerability
4.  [SA30832] Adobe Reader/Acrobat JavaScript Method Handling
              Vulnerability
5.  [SA30891] S.T.A.L.K.E.R.: Shadow of Chernobyl Multiple
              Vulnerabilities
6.  [SA29953] Realtek HD Audio Codec Driver Vulnerabilities
7.  [SA30881] Pidgin MSN File Transfer Filename Processing 
              Vulnerability
8.  [SA30761] Mozilla Firefox Unspecified Code Execution Vulnerability
9.  [SA30863] Sun Solaris snmpXdmid Denial of Service
10. [SA30802] Apple Mac OS X Security Update Fixes Multiple
              Vulnerabilities

=======================================================================4) Vulnerabilities Summary Listing

Windows:
[SA30937] Opera for Windows Unspecified Code Execution
[SA30891] S.T.A.L.K.E.R.: Shadow of Chernobyl Multiple Vulnerabilities
[SA30896] EfesTECH Shop "cat_id" SQL Injection Vulnerability
[SA30880] Soldner Secret Wars Denial of Service
[SA30874] Philboard Cross-Site Scripting and SQL Injection
Vulnerabilities
[SA30882] Cybozu Products Cross-Site Request Forgery Vulnerability
[SA30876] Commtouch Enterprise Anti-Spam Gateway "PARAMS" Cross-Site
Scripting
[SA30871] Cybozu Garoon Session Fixation and Script Insertion
[SA30904] Novell Client NWFS.SYS Unspecified Vulnerability

UNIX/Linux:
[SA30903] Red Hat update for firefox
[SA30898] Ubuntu update for firefox
[SA30894] Slackware update for ruby
[SA30878] Red Hat update for seamonkey
[SA30875] rPath update for ruby
[SA30867] Ubuntu update for ruby1.8
[SA30932] rPath update for tshark and wireshark
[SA30929] Red Hat update for rhpki-common
[SA30910] Debian update for sympa
[SA30887] BareNuked CMS "password" SQL Injection Vulnerability
[SA30868] Ubuntu update for openssl
[SA30864] Gentoo update for motion
[SA30927] Fedora update for ruby
[SA30908] Sun Solaris 10 Tomcat Multiple Vulnerabilities
[SA30899] Sun Solaris 9 Tomcat Multiple Vulnerabilities
[SA30895] Fedora update for fetchmail
[SA30872] Gentoo update for python
[SA30920] Fedora update for kernel
[SA30917] Fedora update for openldap
[SA30914] Fedora update for squid
[SA30901] rPath update for kernel
[SA30890] SUSE update for kernel
[SA30863] Sun Solaris snmpXdmid Denial of Service
[SA30873] CheckInstall Insecure Temporary Files
[SA30869] Debian update for dbus
[SA30918] Linux DC++ NULL Pointer Dereference and Incomplete Message
Denial of Service
[SA30907] Fedora update for linuxdcpp

Other:


Cross Platform:
[SA30915] Mozilla Thunderbird Multiple Vulnerabilities
[SA30911] Mozilla Firefox Multiple Vulnerabilities
[SA30905] TYPO3 WEC Discussion Forum Multiple Vulnerabilities
[SA30900] HIOX Banner Rotator "hm" File Inclusion Vulnerability
[SA30902] AShop Deluxe "cat" SQL Injection Vulnerability
[SA30897] plx Ad Trader "adid" SQL Injection Vulnerability
[SA30893] Sun Java System Access Manager XSLT Stylesheet Processing
Vulnerability
[SA30892] myBloggie SQL Injection Vulnerabilities
[SA30889] Pivot "t" Directory Traversal Vulnerability
[SA30886] Wireshark Multiple Vulnerabilities
[SA30885] Various TYPO3 Extensions Multiple Vulnerabilities
[SA30881] Pidgin MSN File Transfer Filename Processing Vulnerability
[SA30877] eTicket "pri" SQL Injection Vulnerability
[SA30870] testMaker PHP Code Execution Vulnerability
[SA30866] CAT2 "spaw_root" Local File Inclusion
[SA30865] SePortal SQL Injection Vulnerabilities
[SA30862] Riddles Website "riddleid" SQL Injection Vulnerability
[SA30861] Tips Website "tipid" SQL Injection Vulnerability
[SA30860] Jokes Website "jokeid" SQL Injection Vulnerability
[SA30859] Drinks Website "drinkid" SQL Injection Vulnerability
[SA30936] Drupal Outline Designer Security Bypass
[SA30935] Opera Canvas Functions Information Disclosure
[SA30934] Drupal Tinytax taxonomy block Script Insertion
Vulnerabilities
[SA30933] Drupal Taxonomy Autotagger SQL Injection and Script
Insertion
[SA30928] Drupal Organic groups Information Disclosure and Script
Insertion
[SA30924] Ruby "rb_ary_fill()" Denial of Service Vulnerability
[SA30923] FreeStyle Wiki Cross-Site Scripting Vulnerability
[SA30919] XchangeBoard "boardID" SQL Injection Vulnerability
[SA30912] HP System Management Homepage Unspecified Cross-Site
Scripting Vulnerability
[SA30909] PHP Agenda "page" Local File Inclusion
[SA30906] TYPO3 Send-A-Card Extension Cross-Site Scripting
Vulnerabilities
[SA30884] TYPO3 phpMyAdmin Extension Unspecified Cross-Site Scripting
[SA30879] GraphicsMagick Multiple Denial of Service Vulnerabilities

=======================================================================5) Vulnerabilities Content Listing

Windows:--

[SA30937] Opera for Windows Unspecified Code Execution

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2008-07-03

A vulnerability has been reported in Opera, which can be exploited by
malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/30937/ 

 --

[SA30891] S.T.A.L.K.E.R.: Shadow of Chernobyl Multiple Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2008-06-30

Luigi Auriemma has reported some vulnerabilities in S.T.A.L.K.E.R.:
Shadow of Chernobyl, which can be exploited by malicious people to
cause a DoS (Denial of Service) or compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/30891/ 

 --

[SA30896] EfesTECH Shop "cat_id" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2008-07-02

Dr.Kacak has reported a vulnerability in EfesTECH Shop, which can be
exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/30896/ 

 --

[SA30880] Soldner Secret Wars Denial of Service

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2008-07-01

Luigi Auriemma has reported a vulnerability in Soldner Secret Wars,
which can be exploited by malicious people to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/30880/ 

 --

[SA30874] Philboard Cross-Site Scripting and SQL Injection
Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting, Manipulation of data
Released:    2008-06-30

Bl@ckbe@rD has reported some vulnerabilities in Philboard, which can be
exploited by malicious people to conduct cross-site scripting and SQL
injection attacks.

Full Advisory:
http://secunia.com/advisories/30874/ 

 --

[SA30882] Cybozu Products Cross-Site Request Forgery Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2008-06-27

A vulnerability has been reported in Cybozu products, which can be
exploited by malicious people to conduct cross-site request forgery
attacks.

Full Advisory:
http://secunia.com/advisories/30882/ 

 --

[SA30876] Commtouch Enterprise Anti-Spam Gateway "PARAMS" Cross-Site
Scripting

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2008-06-27

Erez Metula has reported a vulnerability in Commtouch Enterprise
Anti-Spam Gateway, which can be exploited by malicious people to
conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/30876/ 

 --

[SA30871] Cybozu Garoon Session Fixation and Script Insertion

Critical:    Less critical
Where:       From remote
Impact:      Hijacking, Cross Site Scripting
Released:    2008-06-27

Some vulnerabilities have been reported in Cybozu Garoon, which can be
exploited by malicious people to conduct session fixation and script
insertion attacks.

Full Advisory:
http://secunia.com/advisories/30871/ 

 --

[SA30904] Novell Client NWFS.SYS Unspecified Vulnerability

Critical:    Less critical
Where:       Local system
Impact:      Unknown
Released:    2008-06-30

A vulnerability with an unknown impact has been reported in Novell
Client.

Full Advisory:
http://secunia.com/advisories/30904/ 


UNIX/Linux:--

[SA30903] Red Hat update for firefox

Critical:    Highly critical
Where:       From remote
Impact:      Security Bypass, Cross Site Scripting, Spoofing, DoS,
System access
Released:    2008-07-02

Red Hat has issued an update for firefox. This fixes some
vulnerabilities, which can be exploited by malicious people to conduct
cross-site scripting and spoofing attacks, to bypass certain security
restrictions, or to potentially compromise a user's system.

Full Advisory:
http://secunia.com/advisories/30903/ 

 --

[SA30898] Ubuntu update for firefox

Critical:    Highly critical
Where:       From remote
Impact:      Security Bypass, Cross Site Scripting, Spoofing, DoS,
System access
Released:    2008-07-02

Ubuntu has issued an update for firefox. This fixes some
vulnerabilities, which can be exploited by malicious people to conduct
cross-site scripting and spoofing attacks, to bypass certain security
restrictions, or to potentially compromise a user's system.

Full Advisory:
http://secunia.com/advisories/30898/ 

 --

[SA30894] Slackware update for ruby

Critical:    Highly critical
Where:       From remote
Impact:      Exposure of system information, Exposure of sensitive
information, DoS, System access
Released:    2008-06-30

Slackware has issued an update for ruby. This fixes some
vulnerabilities, which can be exploited by malicious people to disclose
sensitive information, cause a DoS (Denial of Service), or potentially
compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/30894/ 

 --

[SA30878] Red Hat update for seamonkey

Critical:    Highly critical
Where:       From remote
Impact:      System access, DoS, Exposure of sensitive information,
Spoofing, Cross Site Scripting, Security Bypass
Released:    2008-07-03

Red Hat has issued an update for seamonkey. This fixes some
vulnerabilities, which can be exploited by malicious people to conduct
cross-site scripting and spoofing attacks, bypass certain security
restrictions, disclose sensitive information, or potentially compromise
a user's system.

Full Advisory:
http://secunia.com/advisories/30878/ 

 --

[SA30875] rPath update for ruby

Critical:    Highly critical
Where:       From remote
Impact:      Exposure of system information, Exposure of sensitive
information, DoS, System access
Released:    2008-06-27

rPath has issued an update for ruby. This fixes some vulnerabilities,
which can be exploited by malicious people to disclose sensitive
information, cause a DoS (Denial of Service), or potentially compromise
a vulnerable system.

Full Advisory:
http://secunia.com/advisories/30875/ 

 --

[SA30867] Ubuntu update for ruby1.8

Critical:    Highly critical
Where:       From remote
Impact:      Exposure of system information, Exposure of sensitive
information, DoS, System access
Released:    2008-06-27

Ubuntu has issued an update for ruby1.8. This fixes some
vulnerabilities, which can be exploited by malicious people to disclose
sensitive information, cause a DoS (Denial of Service), or potentially
compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/30867/ 

 --

[SA30932] rPath update for tshark and wireshark

Critical:    Moderately critical
Where:       From remote
Impact:      Exposure of sensitive information, DoS
Released:    2008-07-03

rPath has issued an update for tshark and wireshark. This fixes some
vulnerabilities, which can be exploited by malicious people to disclose
potentially sensitive information or cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/30932/ 

 --

[SA30929] Red Hat update for rhpki-common

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass
Released:    2008-07-03

Red Hat has issued an update for rhpki-common. This fixes a security
issue, which can be exploited by malicious people to bypass certain
security restrictions.

Full Advisory:
http://secunia.com/advisories/30929/ 

 --

[SA30910] Debian update for sympa

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2008-07-02

Debian has issued an update for sympa. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/30910/ 

 --

[SA30887] BareNuked CMS "password" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass, Manipulation of data
Released:    2008-07-01

CWH Underground has discovered a vulnerability in BareNuked CMS, which
can be exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/30887/ 

 --

[SA30868] Ubuntu update for openssl

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2008-06-27

Ubuntu has issued an update for openssl. This fixes some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/30868/ 

 --

[SA30864] Gentoo update for motion

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2008-07-01

Gentoo has issued an update for motion. This fixes some
vulnerabilities, which can be exploited by malicious people to
compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/30864/ 

 --

[SA30927] Fedora update for ruby

Critical:    Less critical
Where:       From remote
Impact:      DoS
Released:    2008-07-03

Fedora has issued an update for ruby. This fixes a vulnerability, which
can be exploited by malicious people to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/30927/ 

 --

[SA30908] Sun Solaris 10 Tomcat Multiple Vulnerabilities

Critical:    Less critical
Where:       From remote
Impact:      Security Bypass, Cross Site Scripting, Exposure of
sensitive information, DoS
Released:    2008-07-01

Sun has acknowledged some vulnerabilities in Tomcat included in Sun
Solaris 10, which can be exploited by malicious people to bypass
certain security restrictions, disclose potentially sensitive
information, conduct cross-site scripting attacks, or to cause a DoS
(Denial of Service).

Full Advisory:
http://secunia.com/advisories/30908/ 

 --

[SA30899] Sun Solaris 9 Tomcat Multiple Vulnerabilities

Critical:    Less critical
Where:       From remote
Impact:      Security Bypass, Cross Site Scripting, Exposure of
sensitive information, DoS
Released:    2008-07-01

Sun has acknowledged some vulnerabilities in Tomcat included in Sun
Solaris 9, which can be exploited by malicious people to bypass certain
security restrictions, disclose potentially sensitive information,
conduct cross-site scripting attacks, or to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/30899/ 

 --

[SA30895] Fedora update for fetchmail

Critical:    Less critical
Where:       From remote
Impact:      DoS
Released:    2008-06-30

Fedora has issued an update for fetchmail. This fixes some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/30895/ 

 --

[SA30872] Gentoo update for python

Critical:    Less critical
Where:       From remote
Impact:      Exposure of sensitive information, DoS, System access
Released:    2008-07-01

Gentoo has issued an update for python. This fixes some security
issues, which can potentially be exploited by malicious people to
disclose sensitive information, cause a DoS (Denial of Service), or to
compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/30872/ 

 --

[SA30920] Fedora update for kernel

Critical:    Less critical
Where:       From local network
Impact:      Privilege escalation, DoS
Released:    2008-07-02

Fedora has issued an update for the kernel. This fixes some
vulnerabilities, which can be exploited by malicious, local users to
gain escalated privileges and by malicious people to cause a DoS
(Denial of Service).

Full Advisory:
http://secunia.com/advisories/30920/ 

 --

[SA30917] Fedora update for openldap

Critical:    Less critical
Where:       From local network
Impact:      DoS
Released:    2008-07-03

Fedora has issued an update for openldap. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/30917/ 

 --

[SA30914] Fedora update for squid

Critical:    Less critical
Where:       From local network
Impact:      DoS
Released:    2008-07-03

Fedora has issued an update for squid. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/30914/ 

 --

[SA30901] rPath update for kernel

Critical:    Less critical
Where:       From local network
Impact:      DoS
Released:    2008-07-01

rPath has issued an update for the kernel. This fixes some
vulnerabilities, which potentially can be exploited by malicious people
to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/30901/ 

 --

[SA30890] SUSE update for kernel

Critical:    Less critical
Where:       From local network
Impact:      Privilege escalation, DoS
Released:    2008-07-02

SUSE has issued an update for the kernel. This fixes some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service), and by malicious, local users to cause a DoS
or to potentially gain escalated privileges.

Full Advisory:
http://secunia.com/advisories/30890/ 

 --

[SA30863] Sun Solaris snmpXdmid Denial of Service

Critical:    Less critical
Where:       From local network
Impact:      DoS
Released:    2008-06-27

A vulnerability has been reported in Sun Solaris, which can be
exploited by malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/30863/ 

 --

[SA30873] CheckInstall Insecure Temporary Files

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2008-06-27

Two security issues have been reported in CheckInstall, which can be
exploited by malicious, local users to perform certain actions with
escalated privileges.

Full Advisory:
http://secunia.com/advisories/30873/ 

 --

[SA30869] Debian update for dbus

Critical:    Less critical
Where:       Local system
Impact:      Security Bypass
Released:    2008-06-27

Debian has issued an update for dbus. This fixes a security issue,
which can be exploited by malicious, local users to bypass certain
security restrictions.

Full Advisory:
http://secunia.com/advisories/30869/ 

 --

[SA30918] Linux DC++ NULL Pointer Dereference and Incomplete Message
Denial of Service

Critical:    Not critical
Where:       From remote
Impact:      DoS
Released:    2008-07-02

Two weaknesses have been reported in Linux DC++, which can be exploited
by malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/30918/ 

 --

[SA30907] Fedora update for linuxdcpp

Critical:    Not critical
Where:       From remote
Impact:      DoS
Released:    2008-07-03

Fedora has issued an update for linuxdccp. This fixes two weaknesses,
which can be exploited by malicious people to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/30907/ 


Other:


Cross Platform:--

[SA30915] Mozilla Thunderbird Multiple Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2008-07-02

Some vulnerabilities have been reported in Mozilla Thunderbird, which
potentially can be exploited by malicious people to compromise a user's
system.

Full Advisory:
http://secunia.com/advisories/30915/ 

 --

[SA30911] Mozilla Firefox Multiple Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      Security Bypass, Cross Site Scripting, Spoofing, Exposure
of system information, Exposure of sensitive information, DoS, System
access
Released:    2008-07-02

Some vulnerabilities have been reported in Mozilla Firefox, which can
be exploited by malicious people to conduct cross-site scripting and
spoofing attacks, bypass certain security restrictions, disclose
sensitive information, or potentially compromise a user's system.

Full Advisory:
http://secunia.com/advisories/30911/ 

 --

[SA30905] TYPO3 WEC Discussion Forum Multiple Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      Cross Site Scripting, System access
Released:    2008-07-01

Some vulnerabilities have been reported in the WEC Discussion Forum
(wec_discussion) extension for TYPO3, which can be exploited by
malicious people to conduct cross-site scripting attacks or compromise
a vulnerable system.

Full Advisory:
http://secunia.com/advisories/30905/ 

 --

[SA30900] HIOX Banner Rotator "hm" File Inclusion Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2008-07-01

Ghost Hacker has discovered a vulnerability in HIOX Banner Rotator
(HBR), which can be exploited by malicious people to compromise a
vulnerable system.

Full Advisory:
http://secunia.com/advisories/30900/ 

 --

[SA30902] AShop Deluxe "cat" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data, Exposure of sensitive information
Released:    2008-07-02

n0c0py has reported a vulnerability in AShop Deluxe, which can be
exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/30902/ 

 --

[SA30897] plx Ad Trader "adid" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data, Exposure of sensitive information
Released:    2008-07-02

Hussin X has reported a vulnerability in plx Ad Trader, which can be
exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/30897/ 

 --

[SA30893] Sun Java System Access Manager XSLT Stylesheet Processing
Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2008-06-30

A vulnerability has been reported in Sun Java Access Manager, which can
be exploited by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/30893/ 

 --

[SA30892] myBloggie SQL Injection Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2008-07-01

Jesper Jurcenoks has reported some vulnerabilities in myBloggie, which
can be exploited by malicious users or people to conduct SQL injection
attacks.

Full Advisory:
http://secunia.com/advisories/30892/ 

 --

[SA30889] Pivot "t" Directory Traversal Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Exposure of system information, Exposure of sensitive
information
Released:    2008-07-01

Nine:Situations:Group::bookoo has reported a vulnerability in Pivot,
which can be exploited by malicious people to disclose sensitive
information.

Full Advisory:
http://secunia.com/advisories/30889/ 

 --

[SA30886] Wireshark Multiple Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Exposure of sensitive information, DoS
Released:    2008-07-01

Some vulnerabilities have been reported in Wireshark, which can be
exploited by malicious people to disclose potentially sensitive
information or cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/30886/ 

 --

[SA30885] Various TYPO3 Extensions Multiple Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass, Manipulation of data, DoS
Released:    2008-07-01

Multiple vulnerabilities have been reported in various TYPO3
extensions, which can be exploited by malicious users or people to
bypass certain security restrictions, conduct SQL injection attacks or
cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/30885/ 

 --

[SA30881] Pidgin MSN File Transfer Filename Processing Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2008-06-27

Juan Pablo Lopez Yacubian has discovered a vulnerability in Pidgin,
which potentially can be exploited by malicious people to compromise a
user's system.

Full Advisory:
http://secunia.com/advisories/30881/ 

 --

[SA30877] eTicket "pri" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2008-06-27

Omer Singer has reported a vulnerability in eTicket, which can be
exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/30877/ 

 --

[SA30870] testMaker PHP Code Execution Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2008-06-27

A vulnerability has been reported in testMaker, which can be exploited
by malicious users to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/30870/ 

 --

[SA30866] CAT2 "spaw_root" Local File Inclusion

Critical:    Moderately critical
Where:       From remote
Impact:      Exposure of system information, Exposure of sensitive
information
Released:    2008-07-02

StAkeR has discovered a vulnerability in CAT2, which can be exploited
by malicious people to disclose sensitive information.

Full Advisory:
http://secunia.com/advisories/30866/ 

 --

[SA30865] SePortal SQL Injection Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2008-06-30

Mr.SQL has reported some vulnerabilities in SePortal, which can be
exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/30865/ 

 --

[SA30862] Riddles Website "riddleid" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data, Exposure of sensitive information
Released:    2008-06-27

Cyb3r-1sT has discovered a vulnerability in Riddles Website, which can
be exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/30862/ 

 --

[SA30861] Tips Website "tipid" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data, Exposure of sensitive information
Released:    2008-06-27

Cyb3r-1sT has discovered a vulnerability in Tips Website, which can be
exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/30861/ 

 --

[SA30860] Jokes Website "jokeid" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data, Exposure of sensitive information
Released:    2008-06-27

Cyb3r-1sT has discovered a vulnerability in Jokes Website, which can be
exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/30860/ 

 --

[SA30859] Drinks Website "drinkid" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data, Exposure of sensitive information
Released:    2008-06-27

Cyb3r-1sT has discovered a vulnerability in Drinks Website, which can
be exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/30859/ 

 --

[SA30936] Drupal Outline Designer Security Bypass

Critical:    Less critical
Where:       From remote
Impact:      Security Bypass
Released:    2008-07-03

A vulnerability has been reported in the Outline Designer module for
Drupal, which can be exploited by malicious users to bypass certain
security restrictions.

Full Advisory:
http://secunia.com/advisories/30936/ 

 --

[SA30935] Opera Canvas Functions Information Disclosure

Critical:    Less critical
Where:       From remote
Impact:      Exposure of sensitive information
Released:    2008-07-03

A vulnerability has been reported in Opera, which can be exploited by
malicious people to potentially disclose sensitive information.

Full Advisory:
http://secunia.com/advisories/30935/ 

 --

[SA30934] Drupal Tinytax taxonomy block Script Insertion
Vulnerabilities

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2008-07-03

Some vulnerabilities have been reported in the Tinytax taxonomy block
module for Drupal, which can be exploited by malicious users to conduct
script insertion attacks.

Full Advisory:
http://secunia.com/advisories/30934/ 

 --

[SA30933] Drupal Taxonomy Autotagger SQL Injection and Script
Insertion

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting, Manipulation of data
Released:    2008-07-03

Some vulnerabilities have been reported in the Taxonomy Autotagger
module for Drupal, which can be exploited by malicious users to conduct
SQL injection and script insertion attacks.

Full Advisory:
http://secunia.com/advisories/30933/ 

 --

[SA30928] Drupal Organic groups Information Disclosure and Script
Insertion

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting, Exposure of sensitive information
Released:    2008-07-03

Some vulnerabilities have been reported in the Organic groups module
for Drupal, which can be exploited by malicious users to disclose
potentially sensitive information or conduct script insertion attacks.

Full Advisory:
http://secunia.com/advisories/30928/ 

 --

[SA30924] Ruby "rb_ary_fill()" Denial of Service Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      DoS
Released:    2008-07-02

Vincenzo "snagg" Iozzo has reported a vulnerability in Ruby, which can
be exploited by malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/30924/ 

 --

[SA30923] FreeStyle Wiki Cross-Site Scripting Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2008-07-03

A vulnerability has been reported in FreeStyle Wiki, which can be
exploited by malicious people to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/30923/ 

 --

[SA30919] XchangeBoard "boardID" SQL Injection Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Manipulation of data, Exposure of sensitive information
Released:    2008-07-03

haZl0oh has discovered a vulnerability in XchangeBoard, which can be
exploited by malicious users to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/30919/ 

 --

[SA30912] HP System Management Homepage Unspecified Cross-Site
Scripting Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2008-07-02

A vulnerability has been reported in HP System Management Homepage
(SMH), which can be exploited by malicious people to conduct cross-site
scripting attacks.

Full Advisory:
http://secunia.com/advisories/30912/ 

 --

[SA30909] PHP Agenda "page" Local File Inclusion

Critical:    Less critical
Where:       From remote
Impact:      Exposure of system information, Exposure of sensitive
information
Released:    2008-07-02

StAkeR has discovered a vulnerability in PHP Agenda, which can be
exploited by malicious users to disclose sensitive information.

Full Advisory:
http://secunia.com/advisories/30909/ 

 --

[SA30906] TYPO3 Send-A-Card Extension Cross-Site Scripting
Vulnerabilities

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2008-07-01

Some vulnerabilities have been reported in the Send-A-Card
(sr_sendcard) extension for TYPO3, which can be exploited by malicious
people to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/30906/ 

 --

[SA30884] TYPO3 phpMyAdmin Extension Unspecified Cross-Site Scripting

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2008-07-01

A vulnerability has been reported in the phpMyAdmin (phpmyadmin)
extension for TYPO3, which can be exploited by malicious people to
conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/30884/ 

 --

[SA30879] GraphicsMagick Multiple Denial of Service Vulnerabilities

Critical:    Less critical
Where:       From remote
Impact:      DoS
Released:    2008-07-01

Some vulnerabilities have been reported in GraphicsMagick, which can be
exploited by malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/30879/ 



=======================================================================
Secunia recommends that you verify all advisories you receive,
by clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only use
those supplied by the vendor.

Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/ 

Subscribe:
http://secunia.com/secunia_weekly_summary/ 

Contact details:
Web	: http://secunia.com/ 
E-mail	: support@secunia.com 
Tel	: +45 70 20 51 44
Fax	: +45 70 20 51 45


_______________________________________________      
Attend Black Hat USA, August 2-7 in Las Vegas, 
the world's premier technical event for ICT security experts.
Featuring 40 hands-on training courses and 80 Briefings 
presentations with lots of new content and new tools.
Network with 4,000 delegates from 50 nations.  
Visit product displays by 30 top sponsors in 
a relaxed setting. http://www.blackhat.com 

Site design & layout copyright © 1986-2014 CodeGods