AOH :: ISNQ5938.HTM

Secunia Weekly Summary - Issue: 2008-30




Secunia Weekly Summary - Issue: 2008-30
Secunia Weekly Summary - Issue: 2008-30



=======================================================================
                  The Secunia Weekly Advisory Summary                  
                        2008-07-17 - 2008-07-24                        

                       This week: 54 advisories                        

=======================================================================Table of Contents:

1.....................................................Word From Secunia
2....................................................This Week In Brief
3...............................This Weeks Top Ten Most Read Advisories
4.......................................Vulnerabilities Summary Listing
5.......................................Vulnerabilities Content Listing

=======================================================================1) Word From Secunia:

Try the Secunia Network Software Inspector (NSI) 2.0 for free! The
Secunia NSI 2.0 is available as a 7-day trial download and can be used
to scan up to 3 hosts within your network.

Download the Secunia NSI trial version from:
https://psi.secunia.com/NSISetup.exe

=======================================================================2) This Week in Brief:

A vulnerability has been discovered in Apple Safari, which can be
exploited by malicious people to bypass certain security restrictions.

The problem is that websites are allowed to set cookies for certain
country-specific secondary top-level domains. This can e.g. be
exploited to fix a session by setting a known session ID in a cookie,
which the browser sends to all web sites operating under an affected
domain (e.g. co.uk, com.au).

The vulnerability is confirmed in Apple Safari for Windows 3.1.2. Other
versions may also be affected.

For more information, refer to:
http://secunia.com/advisories/31128/ 

 --

VIRUS ALERTS:

During the past week Secunia collected 164 virus descriptions from the
Antivirus vendors. However, none were deemed MEDIUM risk or higher
according to the Secunia assessment scale.

=======================================================================3) This Weeks Top Ten Most Read Advisories:

1.  [SA31092] BlackBerry Enterprise Server PDF Processing Vulnerability
2.  [SA30975] Microsoft Word Unspecified Code Execution Vulnerability
3.  [SA31155] Sun Solaris System Management Agent SNMP Daemon Buffer
              Overflow
4.  [SA31149] IBM WebSphere Application Server Unspecified
              Vulnerability
5.  [SA31143] HP-UX update for bind
6.  [SA31159] Vim configure.in Insecure Temporary Files
7.  [SA31087] Oracle Products Multiple Vulnerabilities
8.  [SA31157] Fedora update for firefox
9.  [SA31134] AlstraSoft Video Share Enterprise "UID" SQL Injection
10. [SA31146] Bea Weblogic Apache Connector Buffer Overflow
              Vulnerability

=======================================================================4) Vulnerabilities Summary Listing

Windows:
[SA31187] Pre Survey Poll "catid" SQL Injection Vulnerability
[SA31170] HRS Multi "key" SQL Injection Vulnerability
[SA31158] SWAT 4 Denial of Service Vulnerabilities

UNIX/Linux:
[SA31195] Red Hat update for thunderbird
[SA31183] Debian update for xulrunner
[SA31182] Gentoo update for peercast
[SA31181] Debian update for ruby1.8
[SA31180] Gentoo BitchX Multiple Vulnerabilities
[SA31176] Debian update for iceweasel
[SA31167] SUSE Update for Multiple Packages
[SA31157] Fedora update for firefox
[SA31154] Fedora update for seamonkey
[SA31212] OpenBSD BIND Query Port DNS Cache Poisoning
[SA31209] Slackware update for dnsmasq
[SA31208] IPCop update for perl
[SA31206] Debian update for clamav
[SA31204] IPCop update for various packages
[SA31200] Ubuntu update for php
[SA31199] Ubuntu update for dnsmasq
[SA31197] dnsmasq Denial of Service and DNS Cache Poisoning
[SA31171] Fedora update for mantis
[SA31169] rPath update for bind
[SA31168] Debian update for libgd2
[SA31163] Fedora update for python-formencode
[SA31155] Sun Solaris System Management Agent SNMP Daemon Buffer
Overflow
[SA31202] SUSE update for kernel
[SA31175] Filesys::SmbClientParser Shell Command Injection
Vulnerability
[SA31194] Fedora update for asterisk
[SA31172] Linux Kernel LDT Buffer Size Handling Vulnerability
[SA31159] Vim configure.in Insecure Temporary Files
[SA31198] Red Hat update for kernel
[SA31184] Gentoo Bacula MySQL Director Password Disclosure Weakness
[SA31179] OpenSSH "X11UseLocalhost" X11 Forwarding Security Issue

Other:
[SA31173] Century Systems Routers Cross-Site Request Forgery

Cross Platform:
[SA31203] SocialEngine SQL Injection and Code Execution
[SA31161] YouTube Blog Multiple Vulnerabilities
[SA31193] EasyPublish SQL Injection and Cross-Site Scripting
[SA31192] EasyE-Cards SQL Injection and Cross-Site Scripting
[SA31190] MyReview Disclosure of Sensitive Information
[SA31189] EasyDynamicPages SQL Injection and Cross-Site Scripting
[SA31185] ZDaemon Denial of Service Vulnerability
[SA31174] Def-Blog "article" SQL Injection Vulnerabilities
[SA31166] MojoClassifieds "cat_a" SQL Injection Vulnerability
[SA31165] MojoPersonals "cat" SQL Injection Vulnerability
[SA31164] MojoJobs "cat_a" SQL Injection Vulnerability
[SA31162] MojoAuto "cat_a" SQL Injection Vulnerability
[SA31156] ShopCartDx "pid" SQL Injection Vulnerability
[SA31211] Drupal Session Fixation Vulnerability
[SA31201] Claroline Multiple Cross-Site Scripting Vulnerabilities
[SA31196] Moodle Script Insertion and Cross-Site Request Forgery
[SA31191] EasyBookMarker "rs" Cross-Site Scripting
[SA31188] Geeklog Forum Plugin Search Cross-Site Scripting
Vulnerability
[SA31186] EMC Retrospect Multiple Vulnerabilities
[SA31178] Asterisk Two Denial of Service Vulnerabilities

=======================================================================5) Vulnerabilities Content Listing

Windows:--

[SA31187] Pre Survey Poll "catid" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2008-07-23

DreamTurk has reported a vulnerability in Pre Survey Poll, which can be
exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/31187/ 

 --

[SA31170] HRS Multi "key" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2008-07-22

Mr.SQL has reported a vulnerability in HRS Multi, which can be
exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/31170/ 

 --

[SA31158] SWAT 4 Denial of Service Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2008-07-21

Luigi Auriemma has reported some vulnerabilities in SWAT 4, which can
be exploited by malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/31158/ 


UNIX/Linux:--

[SA31195] Red Hat update for thunderbird

Critical:    Highly critical
Where:       From remote
Impact:      Spoofing, Exposure of system information, Exposure of
sensitive information, System access
Released:    2008-07-24

Red Hat has issued an update for thunderbird. This fixes some
vulnerabilities, which can be exploited by malicious people to conduct
spoofing attacks, disclose sensitive information, or compromise a
vulnerable system.

Full Advisory:
http://secunia.com/advisories/31195/ 

 --

[SA31183] Debian update for xulrunner

Critical:    Highly critical
Where:       From remote
Impact:      Security Bypass, Cross Site Scripting, Spoofing, Exposure
of system information, Exposure of sensitive information, DoS, System
access
Released:    2008-07-24

Debian has issued an update for xulrunner. This fixes some
vulnerabilities, which can be exploited by malicious people to conduct
cross-site scripting and spoofing attacks, bypass certain security
restrictions, disclose sensitive information, or potentially compromise
a user's system.

Full Advisory:
http://secunia.com/advisories/31183/ 

 --

[SA31182] Gentoo update for peercast

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2008-07-22

Gentoo has issued an update for peercast. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service) and potentially compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/31182/ 

 --

[SA31181] Debian update for ruby1.8

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2008-07-22

Debian has issued an update for ruby1.8. This fixes some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service) and potentially compromise a vulnerable
system.

Full Advisory:
http://secunia.com/advisories/31181/ 

 --

[SA31180] Gentoo BitchX Multiple Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      Privilege escalation, System access
Released:    2008-07-22

Gentoo has acknowledged a security issue and a vulnerability in bitchx,
which can be exploited by malicious, local users to perform certain
actions with escalated privileges and by malicious people to
potentially compromise a user's system.

Full Advisory:
http://secunia.com/advisories/31180/ 

 --

[SA31176] Debian update for iceweasel

Critical:    Highly critical
Where:       From remote
Impact:      Security Bypass, Exposure of sensitive information, System
access
Released:    2008-07-24

Debian has issued an update for iceweasel. This fixes some
vulnerabilities, which can be exploited by malicious people to bypass
certain security restrictions, disclose sensitive information, and
compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/31176/ 

 --

[SA31167] SUSE Update for Multiple Packages

Critical:    Highly critical
Where:       From remote
Impact:      Security Bypass, Manipulation of data, DoS, System access
Released:    2008-07-21

SUSE has issued an update for multiple packages. This fixes some
security issues and some vulnerabilities, which can be exploited by
malicious people to manipulate certain data, bypass certain security
restrictions, cause a DoS (Denial of Service), and potentially
compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/31167/ 

 --

[SA31157] Fedora update for firefox

Critical:    Highly critical
Where:       From remote
Impact:      Security Bypass, Exposure of sensitive information, System
access
Released:    2008-07-18

Fedora has issued an update for firefox. This fixes some
vulnerabilities, which can be exploited by malicious people to bypass
certain security restrictions, disclose sensitive information, and
compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/31157/ 

 --

[SA31154] Fedora update for seamonkey

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2008-07-18

Fedora has issued an update for seamonkey. This fixes a vulnerability,
which can be exploited by malicious people to compromise a vulnerable
system.

Full Advisory:
http://secunia.com/advisories/31154/ 

 --

[SA31212] OpenBSD BIND Query Port DNS Cache Poisoning

Critical:    Moderately critical
Where:       From remote
Impact:      Spoofing
Released:    2008-07-24

OpenBSD has acknowledged a vulnerability in BIND, which can be
exploited by malicious people to poison the DNS cache.

Full Advisory:
http://secunia.com/advisories/31212/ 

 --

[SA31209] Slackware update for dnsmasq

Critical:    Moderately critical
Where:       From remote
Impact:      Spoofing
Released:    2008-07-24

Slackware has issued an update for dnsmasq. This fixes a vulnerability,
which can be exploited by malicious people to poison the DNS cache.

Full Advisory:
http://secunia.com/advisories/31209/ 

 --

[SA31208] IPCop update for perl

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2008-07-24

An updated version of IPCop has been released, which fixes some
vulnerabilities in perl, which can potentially be exploited by
malicious people to cause a Denial of Service or to compromise a
vulnerable perl application.

Full Advisory:
http://secunia.com/advisories/31208/ 

 --

[SA31206] Debian update for clamav

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2008-07-24

Debian has issued an update for clamav. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/31206/ 

 --

[SA31204] IPCop update for various packages

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass, Spoofing, DoS
Released:    2008-07-23

An updated version of IPCop has been released, which fixes some
vulnerabilities in bzip2, dnsmasq, and snort, which can be exploited by
malicious people to bypass certain security restrictions, cause a DoS
(Denial of Service), and poison the DNS cache.

Full Advisory:
http://secunia.com/advisories/31204/ 

 --

[SA31200] Ubuntu update for php

Critical:    Moderately critical
Where:       From remote
Impact:      Unknown, Security Bypass, DoS, System access
Released:    2008-07-24

Ubuntu has issued an update for php. This fixes some vulnerabilities,
where some have unknown impacts and others can be exploited by
malicious users to bypass certain security restrictions, and
potentially by malicious people to cause a DoS (Denial of Service) or
to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/31200/ 

 --

[SA31199] Ubuntu update for dnsmasq

Critical:    Moderately critical
Where:       From remote
Impact:      Spoofing
Released:    2008-07-23

Ubuntu has issued an update for dnsmasq. This fixes a vulnerability,
which can be exploited by malicious people to poison the DNS cache.

Full Advisory:
http://secunia.com/advisories/31199/ 

 --

[SA31197] dnsmasq Denial of Service and DNS Cache Poisoning

Critical:    Moderately critical
Where:       From remote
Impact:      Spoofing, DoS
Released:    2008-07-23

Some vulnerabilities have been reported in dnsmasq, which can be
exploited by malicious people to cause a DoS (Denial of Service) and
poison the DNS cache.

Full Advisory:
http://secunia.com/advisories/31197/ 

 --

[SA31171] Fedora update for mantis

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting, System access
Released:    2008-07-23

Fedora has issued an update for mantis. This fixes some
vulnerabilities, which can be exploited by malicious users to
compromise a vulnerable system and malicious people to conduct
cross-site scripting and request forgery attacks.

Full Advisory:
http://secunia.com/advisories/31171/ 

 --

[SA31169] rPath update for bind

Critical:    Moderately critical
Where:       From remote
Impact:      Spoofing
Released:    2008-07-21

rPath has issued an update for bind. This fixes a vulnerability, which
can be exploited by malicious people to poison the DNS cache.

Full Advisory:
http://secunia.com/advisories/31169/ 

 --

[SA31168] Debian update for libgd2

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2008-07-22

Debian has issued an update for libgd2. This fixes some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service) or potentially compromise an application using
the library.

Full Advisory:
http://secunia.com/advisories/31168/ 

 --

[SA31163] Fedora update for python-formencode

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass
Released:    2008-07-18

Fedora has issued an update for python-formencode. This fixes a
vulnerability, which can be exploited by malicious people to bypass
certain security restrictions.

Full Advisory:
http://secunia.com/advisories/31163/ 

 --

[SA31155] Sun Solaris System Management Agent SNMP Daemon Buffer
Overflow

Critical:    Moderately critical
Where:       From local network
Impact:      DoS, System access
Released:    2008-07-18

A vulnerability has been reported in Sun Solaris, which can be
exploited by malicious people to cause a DoS (Denial of Service) or
compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/31155/ 

 --

[SA31202] SUSE update for kernel

Critical:    Less critical
Where:       From remote
Impact:      Privilege escalation, DoS
Released:    2008-07-23

SUSE has issued an update for the kernel. This fixes some
vulnerabilities, which can be exploited by malicious, local users to
cause a DoS (Denial of Service) and potentially gain escalated
privileges, and malicious  people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/31202/ 

 --

[SA31175] Filesys::SmbClientParser Shell Command Injection
Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      System access
Released:    2008-07-21

Jesus Olmos Gonzalez has discovered a vulnerability in
Filesys::SmbClientParser, which can be exploited by malicious people to
compromise an application using the module.

Full Advisory:
http://secunia.com/advisories/31175/ 

 --

[SA31194] Fedora update for asterisk

Critical:    Less critical
Where:       From local network
Impact:      DoS
Released:    2008-07-24

Fedora has issued an update for asterisk. This fixes some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service) or to conduct DoS attacks.

Full Advisory:
http://secunia.com/advisories/31194/ 

 --

[SA31172] Linux Kernel LDT Buffer Size Handling Vulnerability

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation, DoS
Released:    2008-07-24

A vulnerability has been reported in the Linux Kernel, which can be
exploited by malicious, local users to cause a DoS (Denial of Service)
and potentially gain escalated privileges.

Full Advisory:
http://secunia.com/advisories/31172/ 

 --

[SA31159] Vim configure.in Insecure Temporary Files

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2008-07-18

A security issue has been reported in Vim, which can be exploited by
malicious, local users to gain escalated privileges.

Full Advisory:
http://secunia.com/advisories/31159/ 

 --

[SA31198] Red Hat update for kernel

Critical:    Not critical
Where:       Local system
Impact:      DoS
Released:    2008-07-24

Red Hat has issued an update for the kernel. This fixes a
vulnerability, which can be exploited by malicious, local users to
cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/31198/ 

 --

[SA31184] Gentoo Bacula MySQL Director Password Disclosure Weakness

Critical:    Not critical
Where:       Local system
Impact:      Exposure of sensitive information
Released:    2008-07-22

Gentoo has acknowledged a weakness in bacula, which can be exploited by
malicious, local users to disclose potentially sensitive information.

Full Advisory:
http://secunia.com/advisories/31184/ 

 --

[SA31179] OpenSSH "X11UseLocalhost" X11 Forwarding Security Issue

Critical:    Not critical
Where:       Local system
Impact:      Exposure of sensitive information
Released:    2008-07-22

A security issue has been reported in OpenSSH, which can be exploited
by malicious, local users to disclose sensitive information.

Full Advisory:
http://secunia.com/advisories/31179/ 


Other:--

[SA31173] Century Systems Routers Cross-Site Request Forgery

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2008-07-22

A vulnerability has been reported in various Century Systems routers,
which can be exploited by malicious people to conduct cross-site
request forgery attacks.

Full Advisory:
http://secunia.com/advisories/31173/ 


Cross Platform:--

[SA31203] SocialEngine SQL Injection and Code Execution

Critical:    Highly critical
Where:       From remote
Impact:      Security Bypass, Manipulation of data, System access
Released:    2008-07-23

Tim Loshak has reported some vulnerabilities in SocialEngine, which can
be exploited by malicious users to compromise a vulnerable system, and
by malicious people to conduct SQL injection attacks and bypass certain
security restrictions.

Full Advisory:
http://secunia.com/advisories/31203/ 

 --

[SA31161] YouTube Blog Multiple Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      Cross Site Scripting, Manipulation of data, Exposure of
system information, Exposure of sensitive information, System access
Released:    2008-07-23

Some vulnerabilities have been discovered in YouTube Blog, which can be
exploited by malicious people to conduct cross-site scripting and SQL
injection attacks, disclose sensitive information, and compromise a
vulnerable system.

Full Advisory:
http://secunia.com/advisories/31161/ 

 --

[SA31193] EasyPublish SQL Injection and Cross-Site Scripting

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting, Manipulation of data, Exposure of
sensitive information
Released:    2008-07-22

Khashayar Fereidani has discovered two vulnerabilities in EasyPublish,
which can be exploited by malicious people to conduct cross-site
scripting and SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/31193/ 

 --

[SA31192] EasyE-Cards SQL Injection and Cross-Site Scripting

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting, Manipulation of data
Released:    2008-07-22

Khashayar Fereidani has discovered some vulnerabilities in EasyE-Cards,
which can be exploited by malicious people to conduct cross-site
scripting and SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/31192/ 

 --

[SA31190] MyReview Disclosure of Sensitive Information

Critical:    Moderately critical
Where:       From remote
Impact:      Exposure of sensitive information
Released:    2008-07-22

Julien Thomas has reported a security issue in MyReview, which can be
exploited by malicious people to disclose potentially sensitive
information.

Full Advisory:
http://secunia.com/advisories/31190/ 

 --

[SA31189] EasyDynamicPages SQL Injection and Cross-Site Scripting

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting, Manipulation of data
Released:    2008-07-22

Khashayar Fereidani has discovered two vulnerabilities in
EasyDynamicPages, which can be exploited by malicious people to conduct
cross-site scripting and SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/31189/ 

 --

[SA31185] ZDaemon Denial of Service Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2008-07-22

Luigi Auriemma has reported a vulnerability in ZDaemon, which can be
exploited by malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/31185/ 

 --

[SA31174] Def-Blog "article" SQL Injection Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2008-07-21

CWH Underground has discovered some vulnerabilities in Def-Blog, which
can be exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/31174/ 

 --

[SA31166] MojoClassifieds "cat_a" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2008-07-22

Mr.SQL has reported a vulnerability in MojoClassifieds, which can be
exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/31166/ 

 --

[SA31165] MojoPersonals "cat" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2008-07-22

Mr.SQL has reported a vulnerability in MojoPersonals, which can be
exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/31165/ 

 --

[SA31164] MojoJobs "cat_a" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2008-07-22

Mr.SQL has reported a vulnerability in MojoJobs, which can be exploited
by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/31164/ 

 --

[SA31162] MojoAuto "cat_a" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2008-07-22

Mr.SQL has reported a vulnerability in MojoAuto, which can be exploited
by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/31162/ 

 --

[SA31156] ShopCartDx "pid" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2008-07-22

Cr@zy_King has reported a vulnerability in ShopCartDX, which can be
exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/31156/ 

 --

[SA31211] Drupal Session Fixation Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Hijacking
Released:    2008-07-24

A vulnerability has been reported in Drupal, which can be exploited by
malicious people to conduct session fixation attacks.

Full Advisory:
http://secunia.com/advisories/31211/ 

 --

[SA31201] Claroline Multiple Cross-Site Scripting Vulnerabilities

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2008-07-23

Digital Security Research Group have reported some vulnerabilities in
Claroline, which can be exploited by malicious people to conduct
cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/31201/ 

 --

[SA31196] Moodle Script Insertion and Cross-Site Request Forgery

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2008-07-23

ProCheckUp Ltd have reported two vulnerabilities in Moodle, which can
be exploited by malicious users to conduct script insertion attacks,
and by malicious people to conduct cross-site request forgery attacks.

Full Advisory:
http://secunia.com/advisories/31196/ 

 --

[SA31191] EasyBookMarker "rs" Cross-Site Scripting

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2008-07-22

Khashayar Fereidani has discovered a vulnerability in EasyBookMarker,
which can be exploited by malicious people to conduct cross-site
scripting attacks.

Full Advisory:
http://secunia.com/advisories/31191/ 

 --

[SA31188] Geeklog Forum Plugin Search Cross-Site Scripting
Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2008-07-23

A vulnerability has been reported in the Forum plugin for Geeklog,
which can be exploited by malicious people to conduct cross-site
scripting attacks.

Full Advisory:
http://secunia.com/advisories/31188/ 

 --

[SA31186] EMC Retrospect Multiple Vulnerabilities

Critical:    Less critical
Where:       From local network
Impact:      Brute force, Exposure of sensitive information, DoS
Released:    2008-07-22

Some vulnerabilities and a security issue has been reported in EMC
Retrospect, which can be exploited by malicious people to disclose
sensitive information or cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/31186/ 

 --

[SA31178] Asterisk Two Denial of Service Vulnerabilities

Critical:    Less critical
Where:       From local network
Impact:      DoS
Released:    2008-07-23

Two vulnerabilities have been reported in Asterisk, which can be
exploited by malicious people to cause a DoS (Denial of Service) or to
conduct DoS attacks.

Full Advisory:
http://secunia.com/advisories/31178/ 



=======================================================================
Secunia recommends that you verify all advisories you receive,
by clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only use
those supplied by the vendor.

Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/ 

Subscribe:
http://secunia.com/secunia_weekly_summary/ 

Contact details:
Web	: http://secunia.com/ 
E-mail	: support@secunia.com 
Tel	: +45 70 20 51 44
Fax	: +45 70 20 51 45


_______________________________________________      
Attend Black Hat USA, August 2-7 in Las Vegas, 
the world's premier technical event for ICT security experts.
Featuring 40 hands-on training courses and 80 Briefings 
presentations with lots of new content and new tools.
Network with 4,000 delegates from 50 nations.  
Visit product displays by 30 top sponsors in 
a relaxed setting. http://www.blackhat.com 

Site design & layout copyright © 1986-2014 CodeGods