AOH :: IS1568.HTM

Secunia Weekly Summary - Issue: 2009-2




Secunia Weekly Summary - Issue: 2009-2
Secunia Weekly Summary - Issue: 2009-2



=======================================================================
                  The Secunia Weekly Advisory Summary                  
                        2009-01-01 - 2009-01-08                        

                       This week: 52 advisories                        

=======================================================================Table of Contents:

1.....................................................Word From Secunia
2....................................................This Week In Brief
3...............................This Weeks Top Ten Most Read Advisories
4.......................................Vulnerabilities Summary Listing
5.......................................Vulnerabilities Content Listing

=======================================================================1) Word From Secunia:

Secunia PSI: Habla espaol!

The Secunia PSI 1.0 - now available in Spanish!

Remember; installing the latest security patches for your programs is
just as important as having an anti-virus program and being behind a
firewall.

Read more:
http://secunia.com/blog/39/ 

 --

Internet Explorer Data Binding 0-Day Clarifications

As everyone using Internet Explorer hopefully are aware of, then
there's a new 0-day circulating. There has been a lot of confusion as
to both the problem cause and the browser versions affected, but in
this blog, I should be able to sort it all out.

Basically, this vulnerability was initially reported by everyone
(including ourselves) as an XML processing vulnerability in Internet
Explorer 7. PoCs and working exploits were immediately made publicly
available by various sources and security vendors were quick to report
that their products were successfully detecting attacks. But were they
really?

Read more:
http://secunia.com/blog/38/ 

=======================================================================2) This Week in Brief:


Secunia Research has discovered a vulnerability in SAP GUI, which can
be exploited by malicious people to compromise a user's system.

For more information, refer to:
http://secunia.com/advisories/32672/ 

 --

A vulnerability has been discovered in Symantec Mail Security for SMTP,
which can be exploited by malicious people to cause a DoS (Denial of
Service).

For more information, refer to:
http://secunia.com/advisories/33202/ 

=======================================================================3) This Weeks Top Ten Most Read Advisories:

1.  [SA33089] Internet Explorer Data Binding Memory Corruption
              Vulnerability
2.  [SA32270] Adobe Flash Player Multiple Security Issues and
              Vulnerabilities
3.  [SA32991] Sun Java JDK / JRE Multiple Vulnerabilities
4.  [SA20153] Microsoft Word Malformed Object Pointer Vulnerability
5.  [SA33360] RealNetworks Helix Server Multiple Vulnerabilities
6.  [SA29773] Adobe Acrobat/Reader Multiple Vulnerabilities
7.  [SA31821] Apple QuickTime Multiple Vulnerabilities
8.  [SA13769] Zeroboard Multiple Vulnerabilities
9.  [SA33327] Hex Workshop Color Map Buffer Overflow Vulnerability
10. [SA33310] PGP Desktop PGPwded.sys Driver Denial of Service

=======================================================================4) Vulnerabilities Summary Listing

Windows:
[SA33425] Winamp gen_msn Plugin Buffer Overflow Vulnerability
[SA33385] Cain & Abel Cisco IOS Configuration File Buffer Overflow
[SA33430] CA Service Level Management / Service Metric Analysis Command
Execution

UNIX/Linux:
[SA33434] Debian update for icedove
[SA33433] Debian update for iceape
[SA33421] Red Hat update for thunderbird
[SA33415] Ubuntu update for thunderbird
[SA33414] Fedora update for thunderbird
[SA33408] Ubuntu update for thunderbird
[SA33449] Lasso OpenSSL "DSA_verify()" Spoofing Vulnerability
[SA33445] FreeBSD update for openssl
[SA33443] Red Hat update for hanterm-xf
[SA33442] Red Hat update for openssl
[SA33441] Red Hat update for lcms
[SA33436] Ubuntu update for openssl
[SA33419] Fedora update for xterm
[SA33418] Red Hat update for xterm
[SA33417] Avaya Products Libxml2 Integer Overflow Vulnerabilities
[SA33410] Avaya Products Vim Multiple Vulnerabilities
[SA33407] Xdg-utils mailcap Command Execution Security Issue
[SA33399] Fedora update for p7zip
[SA33398] Debian update for ruby1.8 and ruby1.9 
[SA33397] Debian update for xterm
[SA33394] Red Hat update for openssl
[SA33390] Sun Solaris update for Flash Player Plugin
[SA33388] Ubuntu update for xterm
[SA33450] FreeBSD update for lukemftpd
[SA33437] tnftpd Long Command Processing Vulnerability
[SA33426] SmbFTPD Long Command Processing Vulnerability
[SA33413] Fedora update for proftpd
[SA33406] NTP OpenSSL "EVP_VerifyFinal()" Spoofing Vulnerability
[SA33404] ISC BIND "EVP_VerifyFinal()" and "DSA_do_verify()" Spoofing
Vulnerability
[SA33391] Links SSL Verification Security Issue
[SA33389] Red Hat update for gnome-vfs and gnome-vfs2
[SA33431] Fedora update for samba
[SA33392] Ubuntu update for samba
[SA33400] Fedora update for am-utils
[SA33422] Red Hat update for xen
[SA33396] Red Hat update for dbus

Other:
[SA33429] Cisco Global Site Selector DNS Request Denial of Service

Cross Platform:
[SA33386] playSMS Multiple File Inclusion Vulnerabilities
[SA33420] QuoteBook Multiple Vulnerabilities
[SA33395] RiotPix "username" and "forumid" SQL Injection
Vulnerabilities
[SA33393] Goople CMS "usename" and "password" SQL Injection
[SA33387] SolucionWeb "id_area" SQL Injection Vulnerability
[SA33384] BlogHelper "common_db.inc" Information Disclosure Security
Issue
[SA33439] Drupal Project Issue Tracking Module Multiple
Vulnerabilities
[SA33432] Movable Type Unspecified Cross-Site Scripting Vulnerability
[SA33424] PHP-Fusion Members CV Module "sortby" SQL Injection
Vulnerability
[SA33409] MyNETS Cross-Site Scripting Vulnerability
[SA33401] DotNetNuke Role Membership Security Bypass
[SA33383] SemanticScuttle Cross-Site Request Forgery Vulnerabilities

=======================================================================5) Vulnerabilities Content Listing

Windows:--

[SA33425] Winamp gen_msn Plugin Buffer Overflow Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2009-01-08

SkD has discovered a vulnerability in the gen_msn plugin for Winamp,
which can be exploited by malicious people to potentially compromise a
user's system.

Full Advisory:
http://secunia.com/advisories/33425/ 

 --

[SA33385] Cain & Abel Cisco IOS Configuration File Buffer Overflow

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2009-01-07

send9 has discovered a vulnerability in Cain & Abel, which can be
exploited by malicious people to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/33385/ 

 --

[SA33430] CA Service Level Management / Service Metric Analysis Command
Execution

Critical:    Moderately critical
Where:       From local network
Impact:      System access
Released:    2009-01-08

A vulnerability has been reported in CA Service Level Management (SLM)
and CA Service Metric Analysis (SMA), which can be exploited by
malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/33430/ 


UNIX/Linux:--

[SA33434] Debian update for icedove

Critical:    Highly critical
Where:       From remote
Impact:      Security Bypass, Cross Site Scripting, Exposure of system
information, Exposure of sensitive information, DoS, System access
Released:    2009-01-08

Debian has issued an update for icedove. This fixes some
vulnerabilities, which can be exploited by malicious people to bypass
certain security restrictions, to disclose sensitive information,
conduct cross-site scripting attacks, or to potentially compromise a
user's system.

Full Advisory:
http://secunia.com/advisories/33434/ 

 --

[SA33433] Debian update for iceape

Critical:    Highly critical
Where:       From remote
Impact:      Security Bypass, Cross Site Scripting, Spoofing, Exposure
of system information, Exposure of sensitive information, DoS, System
access
Released:    2009-01-08

Debian has issued an update for iceape. This fixes some
vulnerabilities, which can be exploited by malicious people to conduct
cross-site scripting and spoofing attacks, bypass certain security
restrictions, disclose sensitive information, conduct cross-site
scripting attacks, or potentially compromise a user's system.

Full Advisory:
http://secunia.com/advisories/33433/ 

 --

[SA33421] Red Hat update for thunderbird

Critical:    Highly critical
Where:       From remote
Impact:      Security Bypass, Cross Site Scripting, Exposure of
sensitive information, System access
Released:    2009-01-07

Red Hat has issued an update for thunderbird. This fixes some
vulnerabilities, which can be exploited by malicious people to bypass
certain security restrictions, disclose sensitive information, conduct
cross-site scripting attacks, or potentially compromise a user's
system.

Full Advisory:
http://secunia.com/advisories/33421/ 

 --

[SA33415] Ubuntu update for thunderbird

Critical:    Highly critical
Where:       From remote
Impact:      Security Bypass, Cross Site Scripting, Exposure of
sensitive information, System access
Released:    2009-01-07

Ubuntu has issued an update for thunderbird. This fixes some
vulnerabilities, which can be exploited by malicious people to bypass
certain security restrictions, disclose sensitive information, conduct
cross-site scripting attacks, or potentially compromise a user's
system.

Full Advisory:
http://secunia.com/advisories/33415/ 

 --

[SA33414] Fedora update for thunderbird

Critical:    Highly critical
Where:       From remote
Impact:      Security Bypass, Cross Site Scripting, Exposure of
sensitive information, System access
Released:    2009-01-07

Fedora has issued an update for thunderbird. This fixes some
vulnerabilities, which can be exploited by malicious people to bypass
certain security restrictions, disclose sensitive information, conduct
cross-site scripting attacks, or potentially compromise a user's
system.

Full Advisory:
http://secunia.com/advisories/33414/ 

 --

[SA33408] Ubuntu update for thunderbird

Critical:    Highly critical
Where:       From remote
Impact:      Security Bypass, Cross Site Scripting, Exposure of
sensitive information, System access
Released:    2009-01-07

Ubuntu has issued an update for thunderbird. This fixes some
vulnerabilities, which can be exploited by malicious people to bypass
certain security restrictions, disclose sensitive information, conduct
cross-site scripting attacks, or potentially compromise a user's
system.

Full Advisory:
http://secunia.com/advisories/33408/ 

 --

[SA33449] Lasso OpenSSL "DSA_verify()" Spoofing Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Spoofing
Released:    2009-01-08

A vulnerability has been reported in Lasso, which can be exploited by
malicious people to conduct spoofing attacks.

Full Advisory:
http://secunia.com/advisories/33449/ 

 --

[SA33445] FreeBSD update for openssl

Critical:    Moderately critical
Where:       From remote
Impact:      Spoofing
Released:    2009-01-08

FreeBSD has issued an update for openssl. This fixes a vulnerability,
which can be exploited by malicious people to conduct spoofing
attacks.

Full Advisory:
http://secunia.com/advisories/33445/ 

 --

[SA33443] Red Hat update for hanterm-xf

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2009-01-08

Red Hat has issued an update for hanterm-xf. This fixes a
vulnerability, which can be exploited by malicious people to compromise
a user's system.

Full Advisory:
http://secunia.com/advisories/33443/ 

 --

[SA33442] Red Hat update for openssl

Critical:    Moderately critical
Where:       From remote
Impact:      Spoofing
Released:    2009-01-08

Red Hat has issued an update for openssl. This fixes a vulnerability,
which can be exploited by malicious people to conduct spoofing
attacks.

Full Advisory:
http://secunia.com/advisories/33442/ 

 --

[SA33441] Red Hat update for lcms

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2009-01-08

Red Hat has issued an update for lcms. This fixes some vulnerabilities,
which can be exploited by malicious people to compromise a vulnerable
system.

Full Advisory:
http://secunia.com/advisories/33441/ 

 --

[SA33436] Ubuntu update for openssl

Critical:    Moderately critical
Where:       From remote
Impact:      Spoofing
Released:    2009-01-08

Ubuntu has issued an update for openssl. This fixes a vulnerability,
which can be exploited by malicious people to conduct spoofing
attacks.

Full Advisory:
http://secunia.com/advisories/33436/ 

 --

[SA33419] Fedora update for xterm

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2009-01-07

Fedora has issued an update for xterm. This fixes a vulnerability,
which can be exploited by malicious people to compromise a user's
system.

Full Advisory:
http://secunia.com/advisories/33419/ 

 --

[SA33418] Red Hat update for xterm

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2009-01-07

Red Hat has issued an update for xterm. This fixes a vulnerability,
which can be exploited by malicious people to compromise a user's
system.

Full Advisory:
http://secunia.com/advisories/33418/ 

 --

[SA33417] Avaya Products Libxml2 Integer Overflow Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2009-01-07

Avaya has acknowledged some vulnerabilities in various Avaya products,
which can be exploited by malicious people to cause a DoS (Denial of
Service) or to potentially compromise an application using the Libxml2
library.

Full Advisory:
http://secunia.com/advisories/33417/ 

 --

[SA33410] Avaya Products Vim Multiple Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2009-01-07

Avaya has acknowledged some vulnerabilities in various Avaya products,
which can be exploited by malicious people to compromise a user's
system.

Full Advisory:
http://secunia.com/advisories/33410/ 

 --

[SA33407] Xdg-utils mailcap Command Execution Security Issue

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2009-01-08

A security issue in Xdg-utils has been reported, which can be exploited
by malicious people to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/33407/ 

 --

[SA33399] Fedora update for p7zip

Critical:    Moderately critical
Where:       From remote
Impact:      Unknown
Released:    2009-01-07

Fedora has issued an update for p7zip. This fixes a vulnerability,
which has unknown impacts.

Full Advisory:
http://secunia.com/advisories/33399/ 

 --

[SA33398] Debian update for ruby1.8 and ruby1.9 

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2009-01-05

Debian has issued an update for ruby1.8 and ruby1.9. This fixes a
vulnerability, which can be exploited by malicious people to cause a
DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/33398/ 

 --

[SA33397] Debian update for xterm

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2009-01-05

Debian has issued an update for xterm. This fixes a vulnerability,
which can be exploited by malicious people to compromise a user's
system.

Full Advisory:
http://secunia.com/advisories/33397/ 

 --

[SA33394] Red Hat update for openssl

Critical:    Moderately critical
Where:       From remote
Impact:      Spoofing
Released:    2009-01-07

Red Hat has issued an update for openssl. This fixes a vulnerability,
which can be exploited by malicious people to conduct spoofing
attacks.

Full Advisory:
http://secunia.com/advisories/33394/ 

 --

[SA33390] Sun Solaris update for Flash Player Plugin

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass, Cross Site Scripting, Manipulation of
data, Exposure of sensitive information
Released:    2009-01-07

Sun has issued an update for the Flash Player plugin. This fixes some
vulnerabilities, which can be exploited by malicious people to bypass
certain security restrictions, manipulate certain data, conduct
cross-site scripting attacks, or disclose sensitive information.

Full Advisory:
http://secunia.com/advisories/33390/ 

 --

[SA33388] Ubuntu update for xterm

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2009-01-06

Ubuntu has issued an update for xterm. This fixes some vulnerabilities,
which can be exploited by malicious people to compromise a user's
system.

Full Advisory:
http://secunia.com/advisories/33388/ 

 --

[SA33450] FreeBSD update for lukemftpd

Critical:    Less critical
Where:       From remote
Impact:      Security Bypass, Cross Site Scripting
Released:    2009-01-08

FreeBSD has issued an update for lukemftpd. This fixes a vulnerability,
which can be exploited by malicious people to conduct cross-site request
forgery attacks.

Full Advisory:
http://secunia.com/advisories/33450/ 

 --

[SA33437] tnftpd Long Command Processing Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2009-01-08

A vulnerability has been reported in tnftpd, which can be exploited by
malicious people to conduct cross-site request forgery attacks.

Full Advisory:
http://secunia.com/advisories/33437/ 

 --

[SA33426] SmbFTPD Long Command Processing Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2009-01-08

A vulnerability has been reported in SmbFTPD, which can be exploited by
malicious people to conduct cross-site request forgery attacks.

Full Advisory:
http://secunia.com/advisories/33426/ 

 --

[SA33413] Fedora update for proftpd

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2009-01-07

Fedora has issued an update for proftpd. This fixes a vulnerabilities,
which can be exploited by malicious people to conduct cross-site
request forgery attacks.

Full Advisory:
http://secunia.com/advisories/33413/ 

 --

[SA33406] NTP OpenSSL "EVP_VerifyFinal()" Spoofing Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Spoofing
Released:    2009-01-08

A vulnerability has been reported in NTP, which can be exploited by
malicious people to conduct spoofing attacks.

Full Advisory:
http://secunia.com/advisories/33406/ 

 --

[SA33404] ISC BIND "EVP_VerifyFinal()" and "DSA_do_verify()" Spoofing
Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Spoofing
Released:    2009-01-08

A vulnerability has been reported in ISC BIND, which potentially can be
exploited by malicious people to conduct spoofing attacks.

Full Advisory:
http://secunia.com/advisories/33404/ 

 --

[SA33391] Links SSL Verification Security Issue

Critical:    Less critical
Where:       From remote
Impact:      Spoofing
Released:    2009-01-05

A security issue has been discovered in Links, which can be exploited
by malicious people to conduct spoofing attacks.

Full Advisory:
http://secunia.com/advisories/33391/ 

 --

[SA33389] Red Hat update for gnome-vfs and gnome-vfs2

Critical:    Less critical
Where:       From remote
Impact:      System access
Released:    2009-01-07

Red Hat has issued an update for gnome-vfs and gnome-vfs2. This fixes a
vulnerability, which can be exploited by malicious people to compromise
a user's system.

Full Advisory:
http://secunia.com/advisories/33389/ 

 --

[SA33431] Fedora update for samba

Critical:    Less critical
Where:       From local network
Impact:      Security Bypass
Released:    2009-01-08

Fedora has issued an update for samba. This fixes a security issue,
which can be exploited by malicious users to bypass certain security
restrictions.

Full Advisory:
http://secunia.com/advisories/33431/ 

 --

[SA33392] Ubuntu update for samba

Critical:    Less critical
Where:       From local network
Impact:      Security Bypass
Released:    2009-01-06

Ubuntu has issued an update for samba. This fixes a security issue,
which can be exploited by malicious users to bypass certain security
restrictions.

Full Advisory:
http://secunia.com/advisories/33392/ 

 --

[SA33400] Fedora update for am-utils

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2009-01-07

Fedora has issued an update for am-utils. This fixes a security issue,
which can be exploited by malicious, local users to perform certain
actions with escalated privileges.

Full Advisory:
http://secunia.com/advisories/33400/ 

 --

[SA33422] Red Hat update for xen

Critical:    Not critical
Where:       Local system
Impact:      Security Bypass
Released:    2009-01-07

Red Hat has issued an update for xen. This fixes a weakness, which can
be exploited by malicious, local users in a Xen DomU to bypass certain
security restrictions.

Full Advisory:
http://secunia.com/advisories/33422/ 

 --

[SA33396] Red Hat update for dbus

Critical:    Not critical
Where:       Local system
Impact:      DoS
Released:    2009-01-07

Red Hat has issued an update for dbus. This fixes a vulnerability,
which can be exploited by malicious, local users to cause a DoS (Denial
of Service).

Full Advisory:
http://secunia.com/advisories/33396/ 


Other:--

[SA33429] Cisco Global Site Selector DNS Request Denial of Service

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2009-01-08

A vulnerability has been reported in Cisco Global Site Selector, which
can be exploited by malicious people to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/33429/ 


Cross Platform:--

[SA33386] playSMS Multiple File Inclusion Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      Exposure of system information, Exposure of sensitive
information, System access
Released:    2009-01-07

ahmadbady has discovered some vulnerabilities in playSMS, which can be
exploited by malicious people to disclose sensitive information and
compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/33386/ 

 --

[SA33420] QuoteBook Multiple Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting, Manipulation of data
Released:    2009-01-08

A security issue and some vulnerabilities have been discovered in
QuoteBook, which can be exploited by malicious people to conduct SQL
injection and script insertion attacks, and disclose sensitive
information.

Full Advisory:
http://secunia.com/advisories/33420/ 

 --

[SA33395] RiotPix "username" and "forumid" SQL Injection
Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2009-01-07

Some vulnerabilities have been discovered in RiotPix, which can be
exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/33395/ 

 --

[SA33393] Goople CMS "usename" and "password" SQL Injection

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2009-01-07

Some vulnerabilities have been discovered in Goople CMS, which can be
exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/33393/ 

 --

[SA33387] SolucionWeb "id_area" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2009-01-06

Ehsan_Hp200 has reported a vulnerability in SolucionWeb, which can be
exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/33387/ 

 --

[SA33384] BlogHelper "common_db.inc" Information Disclosure Security
Issue

Critical:    Moderately critical
Where:       From remote
Impact:      Exposure of sensitive information
Released:    2009-01-07

ahmadbady has discovered a security issue in BlogHelper, which can be
exploited by malicious people to disclose sensitive information.

Full Advisory:
http://secunia.com/advisories/33384/ 

 --

[SA33439] Drupal Project Issue Tracking Module Multiple
Vulnerabilities

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting, Exposure of sensitive information
Released:    2009-01-08

A security issue and a vulnerability have been reported in the Project
Issue Tracking module for Drupal, which can be exploited by malicious
users to disclose sensitive information or conduct script insertion
attacks.

Full Advisory:
http://secunia.com/advisories/33439/ 

 --

[SA33432] Movable Type Unspecified Cross-Site Scripting Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2009-01-08

A vulnerability has been reported in Movable Type, which can be
exploited by malicious people to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/33432/ 

 --

[SA33424] PHP-Fusion Members CV Module "sortby" SQL Injection
Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Manipulation of data
Released:    2009-01-08

Sina Yazdanmehr has reported a vulnerability in the Members CV module
for PHP-Fusion, which can be exploited by malicious users to conduct
SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/33424/ 

 --

[SA33409] MyNETS Cross-Site Scripting Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2009-01-07

A vulnerability has been reported in MyNETS, which can be exploited by
malicious people to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/33409/ 

 --

[SA33401] DotNetNuke Role Membership Security Bypass

Critical:    Less critical
Where:       From remote
Impact:      Security Bypass
Released:    2009-01-05

A vulnerability has been reported in DotNetNuke, which can be exploited
by malicious users to bypass certain security restrictions.

Full Advisory:
http://secunia.com/advisories/33401/ 

 --

[SA33383] SemanticScuttle Cross-Site Request Forgery Vulnerabilities

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2009-01-06

Some vulnerabilities have been reported in SemanticScuttle, which can
be exploited by malicious people to conduct cross-site request forgery
attacks.

Full Advisory:
http://secunia.com/advisories/33383/ 



=======================================================================
Secunia recommends that you verify all advisories you receive,
by clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only use
those supplied by the vendor.

Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/ 

Subscribe:
http://secunia.com/advisories/weekly_summary/ 

Contact details:
Web	: http://secunia.com/ 
E-mail	: support@secunia.com 
Tel	: +45 70 20 51 44
Fax	: +45 70 20 51 45


_______________________________________________      
Please help InfoSecNews.org with a donation!
http://www.infosecnews.org/donate.html 

Site design & layout copyright © 1986-2014 CodeGods