AOH :: IS1709.HTM

Secunia Weekly Summary - Issue: 2009-7




Secunia Weekly Summary - Issue: 2009-7
Secunia Weekly Summary - Issue: 2009-7



=======================================================================
                  The Secunia Weekly Advisory Summary                  
                        2009-02-05 - 2009-02-12                        

                       This week: 60 advisories                        

=======================================================================Table of Contents:

1.....................................................Word From Secunia
2....................................................This Week In Brief
3...............................This Weeks Top Ten Most Read Advisories
4.......................................Vulnerabilities Summary Listing
5.......................................Vulnerabilities Content Listing

=======================================================================1) Word From Secunia:

Monthly Binary Analysis Update (January) 

The first month of 2009 is behind us and we started the year out nicely
by issuing 29 BAs.

Read more:
http://secunia.com/blog/42/ 

=======================================================================2) This Week in Brief:

Microsoft has released their security bulletins for February 2009.

For more information, refer to:
http://secunia.com/advisories/33838/ 
http://secunia.com/advisories/33845/ 
http://secunia.com/advisories/33833/ 

 --

A vulnerability has been reported in BlackBerry Application Web Loader,
which can be exploited by malicious people to compromise a user's
system.

For more information, refer to:
http://secunia.com/advisories/33847/ 

 --

A vulnerability has been reported in Google Chrome, which can be
exploited by malicious people to potentially compromise a user's
system.

For more information, refer to:
http://secunia.com/advisories/33800/ 

=======================================================================3) This Weeks Top Ten Most Read Advisories:

1.  [SA33799] Mozilla Firefox Multiple Vulnerabilities
2.  [SA33800] Google Chrome URI Handler Registration Vulnerability
3.  [SA32991] Sun Java JDK / JRE Multiple Vulnerabilities
4.  [SA33844] Cisco IOS Cross-Site Scripting and Cross-Site Request
              Forgery
5.  [SA33632] Apple QuickTime Multiple Vulnerabilities
6.  [SA33857] HP OpenView Network Node Manager Multiple Vulnerabilities
7.  [SA32270] Adobe Flash Player Multiple Security Issues and
              Vulnerabilities
8.  [SA13769] Zeroboard Multiple Vulnerabilities
9.  [SA33089] Internet Explorer Data Binding Memory Corruption
              Vulnerability
10. [SA33835] Drupal Link Module "description" Script Insertion
              Vulnerability

=======================================================================4) Vulnerabilities Summary Listing

Windows:
[SA33892] Becky! Internet Mail Read Receipt Request Vulnerability
[SA33924] GeoVision Digital Video Surveillance System Directory
Traversal Vulnerability
[SA33907] Craft Silicon Banking@Home "LoginName" SQL Injection
[SA33877] w3b|cms Multiple SQL Injection Vulnerabilities
[SA33874] A Better Member-Based ASP Photo Gallery "entry" SQL
Injection
[SA33873] Bahar Download Script "kid" SQL Injection Vulnerability
[SA33879] FotoWeb "s" Cross-Site Scripting Vulnerability
[SA33867] Trend Micro InterScan Web Security Suite Security Bypass

UNIX/Linux:
[SA33869] Ubuntu update for firefox-3.0 and xulrunner-1.9
[SA33910] Red Hat update for mod_auth_mysql
[SA33906] Avaya Products OpenSSL DSA / ECDSA "EVP_VerifyFinal()"
Spoofing
[SA33900] Ubuntu update for firefox
[SA33871] Debian update for typo3-src
[SA33864] Red Hat update for netpbm
[SA33859] Red Hat update for vnc
[SA33917] Debian update for libpam-krb5
[SA33912] Debian update for phpmyadmin
[SA33902] Ubuntu update for firefox
[SA33897] Debian update for boinc
[SA33890] Fail2ban "wuftpd.conf" Denial of Service Vulnerability
[SA33886] Novell Open Enterprise Server QuickFinder Cross-Site
Scripting Vulnerabilities
[SA33882] Avaya CMS BIND "EVP_VerifyFinal()" and "DSA_do_verify()"
Spoofing Vulnerability
[SA33858] Red Hat update for kernel
[SA33884] Net-snmp TCP Wrapper Information Disclosure Vulnerability
[SA33915] IBM AIX "at" Command Privilege Escalation Vulnerability
[SA33914] pam-krb5 File Overwrite and Privilege Escalation
[SA33905] Avaya CMS Solaris "autofs" Kernel Module Vulnerability
[SA33870] Wicd D-Bus Configuration Information Disclosure Security
Issue
[SA33868] libvirt "proxyReadClientSocket()" Buffer Overflow
Vulnerability
[SA33918] Debian update for libpam-heimdal
[SA33904] Avaya CMS Solaris IP Minor Numbers Denial of Service
Vulnerability
[SA33903] Avaya CMS Solaris IP-in-IP Processing Denial of Service
Vulnerability
[SA33885] Gentoo update for sudo
[SA33860] HP-UX NFS Denial of Service Vulnerability

Other:
[SA33896] Netgear SSL312 Web Interface Denial of Service Vulnerability

Cross Platform:
[SA33866] AdaptCMS Lite File Inclusion and Cross-Site Scripting
[SA33865] SnippetMaster File Inclusion and Cross-Site Scripting
Vulnerabilities
[SA33922] Graugon Gallery Security Bypass and SQL Injection
[SA33920] Den Dating Website Script "txtlookgender" SQL Injection
[SA33911] Papoo CMS "pfadhier" Local File Inclusion Vulnerability
[SA33908] Auth PHP "username" SQL Injection Vulnerability
[SA33899] PHP-Calendar Two Information Disclosure Security Issues
[SA33893] ilchClan "X-Forwarded-For" SQL Injection Vulnerability
[SA33883] If-CMS "id" SQL Injection Vulnerability
[SA33880] Tor Multiple Vulnerabilities
[SA33878] glFusion "username" Script Insertion Vulnerability
[SA33876] Calendarix Basic "login" SQL Injection Vulnerabilities
[SA33875] BusinessSpace "id" SQL Injection Vulnerability
[SA33872] Wireshark NetScreen Snoop Capture File Buffer Overflow
Vulnerability
[SA33863] Zeroboard XE "content" Script Insertion Vulnerability
[SA33862] Yet Another NOCC "lang" Local File Inclusion Vulnerability
[SA33857] HP OpenView Network Node Manager Multiple Vulnerabilities
[SA33919] Drupal Advertisement Module Script Insertion Vulnerability
[SA33894] Sajax "sajax_get_common_js()" Cross-Site Scripting
Vulnerability
[SA33891] Trend Micro InterScan Web Security "Proxy-Authorization"
Information Disclosure
[SA33888] Pebble Cross-Site Scripting Vulnerability
[SA33887] SilverNews "section" Local File Inclusion Vulnerability
[SA33856] Thyme "phpinfo.php" Information Disclosure
[SA33898] Drupal "Administer Content Types" Permission Security Issue
[SA33881] MediaWiki Installer Cross-Site Scripting Vulnerabilities

=======================================================================5) Vulnerabilities Content Listing

Windows:--

[SA33892] Becky! Internet Mail Read Receipt Request Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2009-02-12

A vulnerability has been reported in Becky! Internet Mail, which can be
exploited by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/33892/ 

 --

[SA33924] GeoVision Digital Video Surveillance System Directory
Traversal Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Exposure of system information, Exposure of sensitive
information
Released:    2009-02-12

Dejan Levaja has reported a vulnerability in GeoVision Digital Video
Surveillance System, which can be exploited by malicious people to
disclose sensitive information.

Full Advisory:
http://secunia.com/advisories/33924/ 

 --

[SA33907] Craft Silicon Banking@Home "LoginName" SQL Injection

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2009-02-11

Francesco Bianchino has reported a vulnerability in Craft Silicon
Banking@Home, which can be exploited by malicious people to conduct SQL
injection attacks.

Full Advisory:
http://secunia.com/advisories/33907/ 

 --

[SA33877] w3b|cms Multiple SQL Injection Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass, Manipulation of data
Released:    2009-02-11

DNX has reported some vulnerabilities in w3b|cms, which can be
exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/33877/ 

 --

[SA33874] A Better Member-Based ASP Photo Gallery "entry" SQL
Injection

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2009-02-10

BackDoor has discovered a vulnerability in A Better Member-Based ASP
Photo Gallery, which can be exploited by malicious people to conduct
SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/33874/ 

 --

[SA33873] Bahar Download Script "kid" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2009-02-12

CyberGrup Lojistik has reported a vulnerability in Bahar Download
Script, which can be exploited by malicious people to conduct SQL
injection attacks.

Full Advisory:
http://secunia.com/advisories/33873/ 

 --

[SA33879] FotoWeb "s" Cross-Site Scripting Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2009-02-09

A vulnerability has been reported in FotoWeb, which can be exploited by
malicious people to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/33879/ 

 --

[SA33867] Trend Micro InterScan Web Security Suite Security Bypass

Critical:    Less critical
Where:       From local network
Impact:      Security Bypass
Released:    2009-02-09

Julien Cayssol has reported a vulnerability in Trend Micro InterScan
Web Security Suite, which can be exploited by malicious users to bypass
certain security restrictions.

Full Advisory:
http://secunia.com/advisories/33867/ 


UNIX/Linux:--

[SA33869] Ubuntu update for firefox-3.0 and xulrunner-1.9

Critical:    Highly critical
Where:       From remote
Impact:      Security Bypass, Cross Site Scripting, Exposure of system
information, Exposure of sensitive information, DoS, System access
Released:    2009-02-11

Ubuntu has issued an update for firefox-3.0 and xulrunner-1.9. This
fixes some vulnerabilities, which can be exploited by malicious, local
users to potentially disclose sensitive information, and by malicious
people to conduct cross-site scripting attacks, bypass certain security
restrictions, disclose sensitive information, or potentially to
compromise a user's system.

Full Advisory:
http://secunia.com/advisories/33869/ 

 --

[SA33910] Red Hat update for mod_auth_mysql

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2009-02-12

Red Hat has issued an update for mod_auth_mysql. This fixes a
vulnerability, which can be exploited by malicious people to conduct
SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/33910/ 

 --

[SA33906] Avaya Products OpenSSL DSA / ECDSA "EVP_VerifyFinal()"
Spoofing

Critical:    Moderately critical
Where:       From remote
Impact:      Spoofing
Released:    2009-02-09

Avaya has acknowledged a vulnerability in various Avaya products, which
can be exploited by malicious people to conduct spoofing attacks.

Full Advisory:
http://secunia.com/advisories/33906/ 

 --

[SA33900] Ubuntu update for firefox

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass, Exposure of sensitive information
Released:    2009-02-11

Ubuntu has issued an update for firefox. This fixes some
vulnerabilities, which can be exploited by malicious people to bypass
certain security restrictions and disclose sensitive information.

Full Advisory:
http://secunia.com/advisories/33900/ 

 --

[SA33871] Debian update for typo3-src

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting, Exposure of system information,
Exposure of sensitive information
Released:    2009-02-11

Debian has issued an update for typo3-src. This fixes some
vulnerabilities, which can be exploited by malicious people to conduct
cross-site scripting attacks and disclose sensitive information.

Full Advisory:
http://secunia.com/advisories/33871/ 

 --

[SA33864] Red Hat update for netpbm

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2009-02-12

Red Hat has issued an update for netpbm. This fixes some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service) and potentially compromise an application using
the library.

Full Advisory:
http://secunia.com/advisories/33864/ 

 --

[SA33859] Red Hat update for vnc

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2009-02-12

Red Hat has issued an update for vnc. This fixes a vulnerability, which
can potentially be exploited by malicious people to compromise a user's
system.

Full Advisory:
http://secunia.com/advisories/33859/ 

 --

[SA33917] Debian update for libpam-krb5

Critical:    Less critical
Where:       From remote
Impact:      Manipulation of data, Privilege escalation
Released:    2009-02-12

Debian has issued an update for libpam-krb5. This fixes some
vulnerabilities, which can be exploited by malicious, local users to
overwrite files and to gain escalated privileges.

Full Advisory:
http://secunia.com/advisories/33917/ 

 --

[SA33912] Debian update for phpmyadmin

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2009-02-12

Debian has issued an update for phpmyadmin. This fixes a vulnerability,
which can be exploited by malicious people to conduct cross-site request
forgery attacks.

Full Advisory:
http://secunia.com/advisories/33912/ 

 --

[SA33902] Ubuntu update for firefox

Critical:    Less critical
Where:       From remote
Impact:      Security Bypass
Released:    2009-02-11

Ubuntu has issued an update for firefox. This fixes some
vulnerabilities, which can be exploited by malicious people to bypass
certain security restrictions.

Full Advisory:
http://secunia.com/advisories/33902/ 

 --

[SA33897] Debian update for boinc

Critical:    Less critical
Where:       From remote
Impact:      Spoofing
Released:    2009-02-09

Debian has issued an update for boinc. This fixes a vulnerability,
which can potentially be exploited by malicious people to conduct
spoofing attacks.

Full Advisory:
http://secunia.com/advisories/33897/ 

 --

[SA33890] Fail2ban "wuftpd.conf" Denial of Service Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      DoS
Released:    2009-02-11

A vulnerability has been reported in Fail2ban, which can be exploited
by malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/33890/ 

 --

[SA33886] Novell Open Enterprise Server QuickFinder Cross-Site
Scripting Vulnerabilities

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2009-02-12

Ivan Sanchez has reported some vulnerabilities in Novell QuickFinder
Server, which can be exploited by malicious people to conduct
cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/33886/ 

 --

[SA33882] Avaya CMS BIND "EVP_VerifyFinal()" and "DSA_do_verify()"
Spoofing Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Spoofing
Released:    2009-02-09

Avaya has acknowledged a vulnerability in Avaya CMS, which can be
exploited by malicious people to conduct spoofing attacks.

Full Advisory:
http://secunia.com/advisories/33882/ 

 --

[SA33858] Red Hat update for kernel

Critical:    Less critical
Where:       From remote
Impact:      DoS, System access
Released:    2009-02-11

Red Hat has issued an update for the kernel. This fixes some
vulnerabilities, which can be exploited by malicious, local users to
cause a DoS (Denial of Service), and by malicious people to cause a DoS
or to potentially compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/33858/ 

 --

[SA33884] Net-snmp TCP Wrapper Information Disclosure Vulnerability

Critical:    Less critical
Where:       From local network
Impact:      Exposure of system information, Exposure of sensitive
information
Released:    2009-02-12

A vulnerability has been reported in Net-snmp, which can be exploited
by malicious people to disclose sensitive information.

Full Advisory:
http://secunia.com/advisories/33884/ 

 --

[SA33915] IBM AIX "at" Command Privilege Escalation Vulnerability

Critical:    Less critical
Where:       Local system
Impact:      Exposure of sensitive information, Privilege escalation
Released:    2009-02-11

A vulnerability has been reported in AIX, which can be exploited by
malicious, local users to perform certain actions with escalated
privileges.

Full Advisory:
http://secunia.com/advisories/33915/ 

 --

[SA33914] pam-krb5 File Overwrite and Privilege Escalation

Critical:    Less critical
Where:       Local system
Impact:      Manipulation of data, Privilege escalation
Released:    2009-02-12

Some vulnerabilities have been reported in pam-krb5, which can be
exploited by malicious, local users to overwrite files and to gain
escalated privileges.

Full Advisory:
http://secunia.com/advisories/33914/ 

 --

[SA33905] Avaya CMS Solaris "autofs" Kernel Module Vulnerability

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation, DoS
Released:    2009-02-09

Avaya has acknowledged a vulnerability in Avaya CMS, which can be
exploited by malicious, local users to cause a DoS (Denial of Service)
and potentially to gain escalated privileges.

Full Advisory:
http://secunia.com/advisories/33905/ 

 --

[SA33870] Wicd D-Bus Configuration Information Disclosure Security
Issue

Critical:    Less critical
Where:       Local system
Impact:      Exposure of sensitive information
Released:    2009-02-09

A security issue has been reported in Wicd, which can be exploited by
malicious, local users to disclose sensitive information.

Full Advisory:
http://secunia.com/advisories/33870/ 

 --

[SA33868] libvirt "proxyReadClientSocket()" Buffer Overflow
Vulnerability

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2009-02-11

A vulnerability has been reported in libvirt, which can be exploited by
malicious, local users to potentially gain escalated privileges.

Full Advisory:
http://secunia.com/advisories/33868/ 

 --

[SA33918] Debian update for libpam-heimdal

Critical:    Not critical
Where:       From remote
Impact:      Manipulation of data, Privilege escalation
Released:    2009-02-12

Debian has issued an update for libpam-heimdal. This fixes a
vulnerability, which can be exploited by malicious, local users to
overwrite files and potentially to gain escalated privileges.

Full Advisory:
http://secunia.com/advisories/33918/ 

 --

[SA33904] Avaya CMS Solaris IP Minor Numbers Denial of Service
Vulnerability

Critical:    Not critical
Where:       Local system
Impact:      DoS
Released:    2009-02-09

Avaya has acknowledged a vulnerability in Avaya CMS, which can be
exploited by malicious, local users to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/33904/ 

 --

[SA33903] Avaya CMS Solaris IP-in-IP Processing Denial of Service
Vulnerability

Critical:    Not critical
Where:       Local system
Impact:      DoS
Released:    2009-02-09

Avaya has acknowledged a vulnerability in Avaya CMS, which can be
exploited by malicious, local users to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/33903/ 

 --

[SA33885] Gentoo update for sudo

Critical:    Not critical
Where:       Local system
Impact:      Privilege escalation
Released:    2009-02-09

Gentoo has issued an update for sudo. This fixes a security issue,
which can be exploited by malicious, local users to gain escalated
privileges.

Full Advisory:
http://secunia.com/advisories/33885/ 

 --

[SA33860] HP-UX NFS Denial of Service Vulnerability

Critical:    Not critical
Where:       Local system
Impact:      DoS
Released:    2009-02-06

A vulnerability has been reported in HP-UX, which can be exploited by
malicious, local users to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/33860/ 


Other:--

[SA33896] Netgear SSL312 Web Interface Denial of Service Vulnerability

Critical:    Less critical
Where:       From local network
Impact:      DoS
Released:    2009-02-11

Rembrandt has reported a vulnerability in Netgear SSL312, which can be
exploited by malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/33896/ 


Cross Platform:--

[SA33866] AdaptCMS Lite File Inclusion and Cross-Site Scripting

Critical:    Highly critical
Where:       From remote
Impact:      Cross Site Scripting, Exposure of system information,
Exposure of sensitive information, System access
Released:    2009-02-10

RoMaNcYxHaCkEr has discovered some vulnerabilities in AdaptCMS Lite,
which can be exploited by malicious people to conduct cross-site
scripting attacks and compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/33866/ 

 --

[SA33865] SnippetMaster File Inclusion and Cross-Site Scripting
Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      Cross Site Scripting, Exposure of system information,
Exposure of sensitive information, System access
Released:    2009-02-10

RoMaNcYxHaCkEr has discovered some vulnerabilities in SnippetMaster,
which can be exploited by malicious people to conduct cross-site
scripting attacks and compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/33865/ 

 --

[SA33922] Graugon Gallery Security Bypass and SQL Injection

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass, Manipulation of data
Released:    2009-02-12

x0r has discovered some vulnerabilities in Graugon Gallery, which can
be exploited by malicious people to bypass certain security
restrictions and conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/33922/ 

 --

[SA33920] Den Dating Website Script "txtlookgender" SQL Injection

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2009-02-12

nuclear has reported a vulnerability in Den Dating Website Script,
which can be exploited by malicious people to conduct SQL injection
attacks.

Full Advisory:
http://secunia.com/advisories/33920/ 

 --

[SA33911] Papoo CMS "pfadhier" Local File Inclusion Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Exposure of system information, Exposure of sensitive
information
Released:    2009-02-11

SirGod has discovered a vulnerability in Papoo CMS, which can be
exploited by malicious people to disclose sensitive information.

Full Advisory:
http://secunia.com/advisories/33911/ 

 --

[SA33908] Auth PHP "username" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2009-02-11

x0r has discovered a vulnerability in Auth PHP, which can be exploited
by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/33908/ 

 --

[SA33899] PHP-Calendar Two Information Disclosure Security Issues

Critical:    Moderately critical
Where:       From remote
Impact:      Exposure of system information, Exposure of sensitive
information
Released:    2009-02-09

Two security issues have been reported in PHP-Calendar, which can be
exploited by malicious people to disclose sensitive information.

Full Advisory:
http://secunia.com/advisories/33899/ 

 --

[SA33893] ilchClan "X-Forwarded-For" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2009-02-09

Gizmore has discovered a vulnerability in ilchClan, which can be
exploited by malicious people to conduct SQL Injection attacks.

Full Advisory:
http://secunia.com/advisories/33893/ 

 --

[SA33883] If-CMS "id" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2009-02-10

darkjoker has discovered a vulnerability in If-CMS, which can be
exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/33883/ 

 --

[SA33880] Tor Multiple Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Unknown, DoS
Released:    2009-02-10

Some vulnerabilities have been reported in Tor, where one has an
unknown impact and others can be exploited by malicious people to cause
a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/33880/ 

 --

[SA33878] glFusion "username" Script Insertion Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2009-02-09

A vulnerability has been reported in glFusion, which can be exploited
by malicious people to conduct script insertion attacks.

Full Advisory:
http://secunia.com/advisories/33878/ 

 --

[SA33876] Calendarix Basic "login" SQL Injection Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2009-02-12

Two vulnerabilities have been reported in Calendarix Basic, which can
be exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/33876/ 

 --

[SA33875] BusinessSpace "id" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data, Exposure of sensitive information
Released:    2009-02-10

M.Hasran Addahroni has reported a vulnerability in BusinessSpace, which
can be exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/33875/ 

 --

[SA33872] Wireshark NetScreen Snoop Capture File Buffer Overflow
Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2009-02-09

A vulnerability has been reported in Wireshark, which can be exploited
by malicious people to potentially compromise a user's system.

Full Advisory:
http://secunia.com/advisories/33872/ 

 --

[SA33863] Zeroboard XE "content" Script Insertion Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2009-02-11

make0day has discovered a vulnerability in Zeroboard XE, which can be
exploited by malicious people to conduct script insertion attacks.

Full Advisory:
http://secunia.com/advisories/33863/ 

 --

[SA33862] Yet Another NOCC "lang" Local File Inclusion Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Exposure of system information, Exposure of sensitive
information
Released:    2009-02-10

Kacper has discovered a vulnerability in Yet Another NOCC, which can be
exploited by malicious people to disclose sensitive information.

Full Advisory:
http://secunia.com/advisories/33862/ 

 --

[SA33857] HP OpenView Network Node Manager Multiple Vulnerabilities

Critical:    Moderately critical
Where:       From local network
Impact:      Exposure of system information, Exposure of sensitive
information, System access
Released:    2009-02-06

Some vulnerabilities have been reported in HP OpenView Network Node
Manager, which can be exploited by malicious people to disclose
sensitive information or compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/33857/ 

 --

[SA33919] Drupal Advertisement Module Script Insertion Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2009-02-12

Justin C. Klein Keane has reported a vulnerability in the Advertisement
module for Drupal, which can be exploited by malicious users to conduct
script insertion attacks.

Full Advisory:
http://secunia.com/advisories/33919/ 

 --

[SA33894] Sajax "sajax_get_common_js()" Cross-Site Scripting
Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2009-02-10

Daniel Toma has discovered a vulnerability in Sajax, which can be
exploited by malicious people to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/33894/ 

 --

[SA33891] Trend Micro InterScan Web Security "Proxy-Authorization"
Information Disclosure

Critical:    Less critical
Where:       From remote
Impact:      Exposure of sensitive information
Released:    2009-02-12

david.vorel has reported a vulnerability in Trend Micro InterScan Web
Security Suite and Trend Micro InterScan Web Security Virtual
Appliance, which can be exploited by malicious people to disclose
sensitive information.

Full Advisory:
http://secunia.com/advisories/33891/ 

 --

[SA33888] Pebble Cross-Site Scripting Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2009-02-11

A vulnerability has been reported in Pebble, which can be exploited by
malicious people to conduct cross-site scripting attacks

Full Advisory:
http://secunia.com/advisories/33888/ 

 --

[SA33887] SilverNews "section" Local File Inclusion Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Exposure of sensitive information
Released:    2009-02-09

x0r has discovered a vulnerability in SilverNews, which can be
exploited by malicious users to disclose sensitive information.

Full Advisory:
http://secunia.com/advisories/33887/ 

 --

[SA33856] Thyme "phpinfo.php" Information Disclosure

Critical:    Less critical
Where:       From remote
Impact:      Exposure of system information
Released:    2009-02-11

cheverok has discovered a security issue in Thyme, which can be
exploited by malicious people to disclose sensitive information.

Full Advisory:
http://secunia.com/advisories/33856/ 

 --

[SA33898] Drupal "Administer Content Types" Permission Security Issue

Critical:    Not critical
Where:       From remote
Impact:      Privilege escalation
Released:    2009-02-12

A security issue has been reported in Drupal, which can lead to
unauthorised users performing actions with escalated privileges.

Full Advisory:
http://secunia.com/advisories/33898/ 

 --

[SA33881] MediaWiki Installer Cross-Site Scripting Vulnerabilities

Critical:    Not critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2009-02-09

Some vulnerabilities have been reported in MediaWiki, which can be
exploited by malicious people to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/33881/ 



=======================================================================
Secunia recommends that you verify all advisories you receive,
by clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only use
those supplied by the vendor.

Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/ 

Subscribe:
http://secunia.com/advisories/weekly_summary/ 

Contact details:
Web	: http://secunia.com/ 
E-mail	: support@secunia.com 
Tel	: +45 70 20 51 44
Fax	: +45 70 20 51 45


_______________________________________________      
Best Selling Security Books & More!
http://www.shopinfosecnews.org/ 

Site design & layout copyright © 1986-2014 CodeGods