From: InfoSec News <alerts_at_private>
Date: Fri, 29 Aug 2008 05:07:57 -0500 (CDT)
========================================================================
The Secunia Weekly Advisory Summary
2008-08-21 - 2008-08-28
This week: 77 advisories
========================================================================
Table of Contents:
1.....................................................Word From Secunia
2....................................................This Week In Brief
3...............................This Weeks Top Ten Most Read Advisories
4.......................................Vulnerabilities Summary Listing
5.......................................Vulnerabilities Content Listing
========================================================================
1) Word From Secunia:
Try the Secunia Network Software Inspector (NSI) 2.0 for free! The
Secunia NSI 2.0 is available as a 7-day trial download and can be used
to scan up to 3 hosts within your network.
Download the Secunia NSI trial version from:
https://psi.secunia.com/NSISetup.exe
========================================================================
2) This Week in Brief:
Secunia Research has discovered multiple vulnerabilities in Novell
iPrint Client, which can be exploited by malicious people to gain
knowledge of potentially sensitive information or compromise a user's
system.
For more information, refer to:
http://secunia.com/advisories/30667/
--
Secunia Research has discovered a vulnerability in Trend Micro
OfficeScan, which can be exploited by malicious people to bypass
authentication.
For more information, refer to:
http://secunia.com/advisories/31373/
--
VIRUS ALERTS:
During the past week Secunia collected 215 virus descriptions from the
Antivirus vendors. However, none were deemed MEDIUM risk or higher
according to the Secunia assessment scale.
========================================================================
3) This Weeks Top Ten Most Read Advisories:
1. [SA31549] Opera Multiple Vulnerabilities
2. [SA31373] Trend Micro Products Web Management Authentication Bypass
3. [SA31575] Red Hat Update for Tampered OpenSSH Packages
4. [SA31579] Linux Kernel "rt6_fill_node()" Denial of Service
Vulnerability
5. [SA14652] Subdreamer Light Global Variables SQL Injection
Vulnerability
6. [SA31561] Xen "flask_op" Buffer Overflow Vulnerability
7. [SA31552] vBulletin Private Message Subject Script Insertion
8. [SA31559] Folder Lock Weak Password Encryption Security Issue
9. [SA30667] Novell iPrint Client ActiveX Control Multiple
Vulnerabilities
10. [SA31557] TimeTrex "interface/Login.php" Cross-Site Scripting
========================================================================
4) Vulnerabilities Summary Listing
Windows:
[SA31615] SoftArtisans XFile FileManager ActiveX Control Multiple
Buffer Overflows
[SA31616] HP Enterprise Discovery Unspecified Privilege Escalation
[SA31607] Pluck blog_include_react.php Local File Inclusion
[SA31631] KM Scanner File Utility Multiple Vulnerabilities
[SA31618] TIBCO Hawk Multiple Buffer Overflow Vulnerabilities
[SA31637] Smart Survey "sid" Cross-Site Scripting Vulnerability
UNIX/Linux:
[SA31620] Ubuntu update for yelp
[SA31600] SUSE update for Sun Java
[SA31586] SUSE update for IBM Java
[SA31580] SUSE update for IBMJava2-JRE and IBMJava2-SDK
[SA31576] Astaro update for ClamAV
[SA31567] xine-lib Multiple Vulnerabilities
[SA31646] Red Hat update for openoffice.org
[SA31639] Red Hat update for tomcat
[SA31638] Sharity Unspecified Vulnerability
[SA31628] Red Hat update for kernel
[SA31624] Red Hat update for ipsec-tools
[SA31623] Debian update for tiff
[SA31604] Avaya Products Perl Regular Expressions Unicode Data Buffer
Overflow
[SA31590] Debian update for libxml2
[SA31577] Avaya Communication Manager FreeType Multiple
Vulnerabilities
[SA31575] Red Hat Update for Tampered OpenSSH Packages
[SA31566] Red Hat update for libxml2
[SA31565] Red Hat Directory Server Multiple Vulnerabilities
[SA31651] HP-UX update for Apache
[SA31633] BitlBee Account Recreation Security Issue
[SA31625] Xoops PopnupBlog Module "index.php" Cross-Site Scripting
[SA31612] Red Hat update for adminutil
[SA31589] Photo Cart "qtitle" Cross-Site Scripting Vulnerability
[SA31627] Red Hat Directory Server Denial of Service Vulnerabilities
[SA31597] NetBSD PPPoE Packet Processing Tag Length Vulnerability
[SA31568] Avaya Products Net-snmp Multiple Vulnerabilities
[SA31658] Honeyd "test.sh" Insecure Temporary Files
[SA31648] Citadel "migrate_aliases.sh" Insecure Temporary Files
[SA31647] R "javareconf" Insecure Temporary Files
[SA31614] Ubuntu update for kernel
[SA31605] DriveCrypt Plus Pack Password Disclosure Security Issue
[SA31581] OpenVMS SMGSHR.EXE Buffer Overflow Vulnerability
[SA31561] Xen "flask_op" Buffer Overflow Vulnerability
[SA31592] Vim Shell Command Injection Weaknesses
[SA31659] Tiger "genmsgidx" Insecure Temporary Files
[SA31657] Ampache "gather-messages.sh" Insecure Temporary Files
[SA31622] Sun Solaris NFS RPC Zones Denial of Service
[SA31601] Samba "group_mapping.tdb" Insecure Permissions Security
Issue
[SA31598] Sun Solaris NFS Kernel Module Denial of Service
[SA31579] Linux Kernel "rt6_fill_node()" Denial of Service
Vulnerability
Other:
[SA31572] Accellion File Transfer Appliance "forgot_password.html"
Cross-Site Scripting
Cross Platform:
[SA31603] JustSystems Ichitaro Products Unspecified Code Execution
Vulnerability
[SA31630] AWStats Totals Cross-site Scripting and PHP Code Execution
[SA31641] Quick Poll "id" SQL Injection Vulnerability
[SA31640] OpenOffice "rtl_allocateMemory()" Truncation Vulnerability
[SA31635] IBM DB2 CLR Stored Procedures Unspecified Vulnerability
[SA31626] Million Pixel Ad Script "id_cat" SQL Injection
[SA31621] Kolifa.net Download Script "id" SQL Injection Vulnerability
[SA31610] LibTIFF LZW Decoder Buffer Underflow Vulnerability
[SA31602] Ruby REXML Denial of Service Vulnerability
[SA31599] CMME Multiple Vulnerabilities
[SA31585] Five Star Review Script SQL Injection and Cross-Site
Scripting
[SA31584] MiaCMS "id" SQL Injection Vulnerabilities
[SA31582] LacoodaST Multiple Vulnerabilities
[SA31574] La!cooda WIZ Multiple Vulnerabilities
[SA31573] Crafty Syntax Live Help "department" SQL Injection
Vulnerabilities
[SA31571] Pars4u Videosharing V1 "cat_id" SQL Injection
[SA31570] Easy Site Local File Inclusion and Directory Listing
Vulnerabilities
[SA31569] TinyCMS "config[template]" Local File Inclusion
Vulnerability
[SA31564] Matterdaddy Market "index.php" SQL Injection
[SA31563] FAR-PHP "c" Local File Inclusion Vulnerability
[SA31562] CCMS Gaming "id" SQL Injection Vulnerability
[SA31560] webEdition CMS "we_objectID" SQL Injection Vulnerability
[SA31643] Mono Sys.Web HTTP Header Injection Vulnerability
[SA31634] IBM Lotus Quickr Multiple Cross-Site Scripting
Vulnerabilities
[SA31611] mysql-lists Unspecified Cross-Site Scripting Vulnerability
[SA31609] Civic Website Manager Calendar Control Cross-Site Scripting
[SA31608] AN Guestbook Cross-Site Scripting Vulnerabilities
[SA31606] ezContents Multiple Local File Inclusion Vulnerabilities
[SA31596] GBrowse Cross-Site Scripting Vulnerability
[SA31591] ACG-PTP Multiple Script Insertion Vulnerabilities
========================================================================
5) Vulnerabilities Content Listing
Windows:--
[SA31615] SoftArtisans XFile FileManager ActiveX Control Multiple
Buffer Overflows
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2008-08-26
Will Dormann has reported some vulnerabilities in SoftArtisans XFile,
which can be exploited by malicious people to compromise a user's
system.
Full Advisory:
http://secunia.com/advisories/31615/
--
[SA31616] HP Enterprise Discovery Unspecified Privilege Escalation
Critical: Moderately critical
Where: From remote
Impact: Privilege escalation
Released: 2008-08-27
A vulnerability has been reported in HP Enterprise Discovery, which can
be exploited by malicious users to gain escalated privileges.
Full Advisory:
http://secunia.com/advisories/31616/
--
[SA31607] Pluck blog_include_react.php Local File Inclusion
Critical: Moderately critical
Where: From remote
Impact: Exposure of system information, Exposure of sensitive
information
Released: 2008-08-26
Digital Security Research Group have reported two vulnerabilities in
Pluck, which can be exploited by malicious people to disclose sensitive
information.
Full Advisory:
http://secunia.com/advisories/31607/
--
[SA31631] KM Scanner File Utility Multiple Vulnerabilities
Critical: Moderately critical
Where: From local network
Impact: DoS, System access, Security Bypass
Released: 2008-08-27
Seth Fogie has reported some vulnerabilities in KM Scanner File
Utility, which can be exploited by malicious people to cause a DoS
(Denial of Service), bypass certain security restrictions, and
compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/31631/
--
[SA31618] TIBCO Hawk Multiple Buffer Overflow Vulnerabilities
Critical: Moderately critical
Where: From local network
Impact: Exposure of sensitive information, DoS, System access
Released: 2008-08-26
Some vulnerabilities have been reported in multiple TIBCO products,
which can be exploited by malicious people to disclose sensitive
information, cause a DoS (Denial of Service), or to compromise a
vulnerable system.
Full Advisory:
http://secunia.com/advisories/31618/
--
[SA31637] Smart Survey "sid" Cross-Site Scripting Vulnerability
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2008-08-27
Bug Researchers Group has reported a vulnerability in Smart Survey,
which can be exploited by malicious people to conduct cross-site
scripting attacks.
Full Advisory:
http://secunia.com/advisories/31637/
UNIX/Linux:--
[SA31620] Ubuntu update for yelp
Critical: Highly critical
Where: From remote
Impact: DoS, System access
Released: 2008-08-28
Ubuntu has issued an update for yelp. This fixes a vulnerability, which
can be exploited by malicious people to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/31620/
--
[SA31600] SUSE update for Sun Java
Critical: Highly critical
Where: From remote
Impact: Security Bypass, Exposure of system information, Exposure
of sensitive information, DoS, System access
Released: 2008-08-25
SUSE has issued an update for Sun Java. This fixes some
vulnerabilities, which can be exploited by malicious people to bypass
certain security restrictions, disclose system information or
potentially sensitive information, cause a DoS (Denial of Service), or
compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/31600/
--
[SA31586] SUSE update for IBM Java
Critical: Highly critical
Where: From remote
Impact: Security Bypass, DoS, System access
Released: 2008-08-25
SUSE has issued an update for IBM Java. This fixes some
vulnerabilities, which can be exploited by malicious people to bypass
certain security restrictions, cause a DoS (Denial of Service), and
compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/31586/
--
[SA31580] SUSE update for IBMJava2-JRE and IBMJava2-SDK
Critical: Highly critical
Where: From remote
Impact: Security Bypass, DoS, System access
Released: 2008-08-25
SUSE has issued an update for IBMJava2-JRE and IBMJava2-SDK. This fixes
some vulnerabilities, which can be exploited by malicious people to
bypass certain security restrictions, cause a DoS (Denial of Service),
and compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/31580/
--
[SA31576] Astaro update for ClamAV
Critical: Highly critical
Where: From remote
Impact: Security Bypass, DoS, System access
Released: 2008-08-22
Astaro has issued an update for ClamAV. This fixes some
vulnerabilities, which potentially can be exploited by malicious people
to bypass certain security restrictions, cause a DoS (Denial of
Service), or compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/31576/
--
[SA31567] xine-lib Multiple Vulnerabilities
Critical: Highly critical
Where: From remote
Impact: DoS, System access
Released: 2008-08-25
Some vulnerabilities have been reported in xine-lib, which potentially
can be exploited by malicious people to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/31567/
--
[SA31646] Red Hat update for openoffice.org
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2008-08-28
Red Hat has issued an update for openoffice.org. This fixes a
vulnerability, which potentially can be exploited by malicious people
to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/31646/
--
[SA31639] Red Hat update for tomcat
Critical: Moderately critical
Where: From remote
Impact: Security Bypass, Cross Site Scripting, Exposure of system
information, Exposure of sensitive information
Released: 2008-08-28
Red Hat has issued an update for tomcat. This fixes some
vulnerabilities, which can be exploited by malicious people to conduct
cross-site scripting attacks, bypass certain security restrictions, or
disclose sensitive information.
Full Advisory:
http://secunia.com/advisories/31639/
--
[SA31638] Sharity Unspecified Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Unknown
Released: 2008-08-27
A vulnerability with an unknown impact has been reported in Sharity.
Full Advisory:
http://secunia.com/advisories/31638/
--
[SA31628] Red Hat update for kernel
Critical: Moderately critical
Where: From remote
Impact: Security Bypass, Exposure of sensitive information,
Privilege escalation, DoS
Released: 2008-08-27
Red Hat has issued an update for the kernel. This fixes some
vulnerabilities, which can be exploited by malicious, local users to
bypass certain security restrictions, disclose potentially sensitive
information, cause a DoS (Denial of Service), and potentially gain
escalated privileges, and by malicious people to cause a DoS.
Full Advisory:
http://secunia.com/advisories/31628/
--
[SA31624] Red Hat update for ipsec-tools
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2008-08-27
Red Hat has issued an update for ipsec-tools. This fixes two
vulnerabilities, which can be exploited by malicious users and
malicious people to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/31624/
--
[SA31623] Debian update for tiff
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2008-08-27
Debian has issued an update for tiff. This fixes a vulnerability, which
can be exploited by malicious people to cause a DoS (Denial of Service)
or to potentially compromise a user's system.
Full Advisory:
http://secunia.com/advisories/31623/
--
[SA31604] Avaya Products Perl Regular Expressions Unicode Data Buffer
Overflow
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2008-08-25
Avaya has acknowledged a vulnerability in various Avaya products, which
can potentially be exploited by malicious people to compromise a
vulnerable system.
Full Advisory:
http://secunia.com/advisories/31604/
--
[SA31590] Debian update for libxml2
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2008-08-25
Debian has issued an update for libxml2. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service).
Full Advisory:
http://secunia.com/advisories/31590/
--
[SA31577] Avaya Communication Manager FreeType Multiple
Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2008-08-22
Avaya has acknowledged some vulnerabilities in Avaya Communication
Manager, which potentially can be exploited by malicious people to
compromise an application using the FreeType library.
Full Advisory:
http://secunia.com/advisories/31577/
--
[SA31575] Red Hat Update for Tampered OpenSSH Packages
Critical: Moderately critical
Where: From remote
Impact: Unknown
Released: 2008-08-22
Red Hat has issued an update for openssh, which corrects a small
number of OpenSSH packages that have been tampered with.
Full Advisory:
http://secunia.com/advisories/31575/
--
[SA31566] Red Hat update for libxml2
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2008-08-22
Red Hat has issued an update for libxml2. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service).
Full Advisory:
http://secunia.com/advisories/31566/
--
[SA31565] Red Hat Directory Server Multiple Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting, DoS, System access
Released: 2008-08-28
Some vulnerabilities have been reported in Red Hat Directory Server,
which can be exploited by malicious people to conduct cross-site
scripting attacks, cause a DoS (Denial of Service), and potentially
compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/31565/
--
[SA31651] HP-UX update for Apache
Critical: Less critical
Where: From remote
Impact: DoS
Released: 2008-08-28
HP has issued an update for Apache. This fixes a vulnerability, which
potentially can be exploited by malicious people to cause a DoS (Denial
of Service).
Full Advisory:
http://secunia.com/advisories/31651/
--
[SA31633] BitlBee Account Recreation Security Issue
Critical: Less critical
Where: From remote
Impact: Hijacking, Security Bypass
Released: 2008-08-27
A security issue has been reported in BitlBee, which can be exploited
by malicious people to bypass certain security restrictions and hijack
accounts.
Full Advisory:
http://secunia.com/advisories/31633/
--
[SA31625] Xoops PopnupBlog Module "index.php" Cross-Site Scripting
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2008-08-27
Lostmon has discovered two vulnerabilities in the PopnupBlog module for
Xoops, which can be exploited by malicious people to conduct cross-site
scripting attacks.
Full Advisory:
http://secunia.com/advisories/31625/
--
[SA31612] Red Hat update for adminutil
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2008-08-28
Red Hat has issued an update for adminutil. This fixes some
vulnerabilities, which can be exploited by malicious people to conduct
cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/31612/
--
[SA31589] Photo Cart "qtitle" Cross-Site Scripting Vulnerability
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2008-08-25
Tyler Trioxide has reported a vulnerability in Photo Cart, which can be
exploited by malicious people to conduct cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/31589/
--
[SA31627] Red Hat Directory Server Denial of Service Vulnerabilities
Critical: Less critical
Where: From local network
Impact: DoS
Released: 2008-08-28
Some vulnerabilities have been reported in Red Hat Directory Server,
which can be exploited by malicious people to cause a DoS (Denial of
Service).
Full Advisory:
http://secunia.com/advisories/31627/
--
[SA31597] NetBSD PPPoE Packet Processing Tag Length Vulnerability
Critical: Less critical
Where: From local network
Impact: DoS, System access
Released: 2008-08-26
A vulnerability has been reported in NetBSD, which can be exploited by
malicious people to cause a DoS (Denial of Service) and potentially
compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/31597/
--
[SA31568] Avaya Products Net-snmp Multiple Vulnerabilities
Critical: Less critical
Where: From local network
Impact: Spoofing, DoS, System access
Released: 2008-08-22
Avaya has acknowledged some vulnerabilities in various Avaya products,
which can be exploited by malicious people to spoof authenticated
SNMPv3 packets or to potentially compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/31568/
--
[SA31658] Honeyd "test.sh" Insecure Temporary Files
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2008-08-28
A security issue has been reported in Honeyd, which can be exploited by
malicious, local users to perform certain actions with escalated
privileges.
Full Advisory:
http://secunia.com/advisories/31658/
--
[SA31648] Citadel "migrate_aliases.sh" Insecure Temporary Files
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2008-08-28
A security issue has been discovered in Citadel, which can be exploited
by malicious, local users to perform certain actions with escalated
privileges.
Full Advisory:
http://secunia.com/advisories/31648/
--
[SA31647] R "javareconf" Insecure Temporary Files
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2008-08-28
A security issue has been reported in R, which can be exploited by
malicious, local users to perform certain actions with escalated
privileges.
Full Advisory:
http://secunia.com/advisories/31647/
--
[SA31614] Ubuntu update for kernel
Critical: Less critical
Where: Local system
Impact: Security Bypass, Privilege escalation, DoS
Released: 2008-08-26
Ubuntu has issued an update for the kernel. This fixes some
vulnerabilities, which can be exploited by malicious, local users to
bypass certain security restrictions, cause a DoS (Denial of Service),
and potentially gain escalated privileges.
Full Advisory:
http://secunia.com/advisories/31614/
--
[SA31605] DriveCrypt Plus Pack Password Disclosure Security Issue
Critical: Less critical
Where: Local system
Impact: Exposure of sensitive information
Released: 2008-08-27
A security issue has been discovered in DriveCrypt Plus Pack, which can
be exploited by malicious, local users to disclose sensitive
information.
Full Advisory:
http://secunia.com/advisories/31605/
--
[SA31581] OpenVMS SMGSHR.EXE Buffer Overflow Vulnerability
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2008-08-26
A vulnerability has been reported in OpenVMS, which can be exploited by
malicious, local users to gain escalated privileges.
Full Advisory:
http://secunia.com/advisories/31581/
--
[SA31561] Xen "flask_op" Buffer Overflow Vulnerability
Critical: Less critical
Where: Local system
Impact: Security Bypass, DoS
Released: 2008-08-22
A vulnerability has been reported in Xen, which can be exploited by
malicious, local users to cause a DoS (Denial of Service) or
potentially bypass certain security restrictions.
Full Advisory:
http://secunia.com/advisories/31561/
--
[SA31592] Vim Shell Command Injection Weaknesses
Critical: Not critical
Where: From remote
Impact: System access
Released: 2008-08-25
Some weaknesses have been reported in Vim, which can be exploited by
malicious people to potentially compromise a user's system.
Full Advisory:
http://secunia.com/advisories/31592/
--
[SA31659] Tiger "genmsgidx" Insecure Temporary Files
Critical: Not critical
Where: Local system
Impact: Privilege escalation
Released: 2008-08-28
A security issue has been reported in Tiger, which can be exploited by
malicious, local users to perform certain actions with escalated
privileges.
Full Advisory:
http://secunia.com/advisories/31659/
--
[SA31657] Ampache "gather-messages.sh" Insecure Temporary Files
Critical: Not critical
Where: Local system
Impact: Privilege escalation
Released: 2008-08-28
A security issue has been reported in Ampache, which can be exploited
by malicious, local users to perform certain actions with escalated
privileges.
Full Advisory:
http://secunia.com/advisories/31657/
--
[SA31622] Sun Solaris NFS RPC Zones Denial of Service
Critical: Not critical
Where: Local system
Impact: DoS
Released: 2008-08-27
A vulnerability has been reported in Sun Solaris, which can be
exploited by malicious, local users to cause a DoS (Denial of
Service).
Full Advisory:
http://secunia.com/advisories/31622/
--
[SA31601] Samba "group_mapping.tdb" Insecure Permissions Security
Issue
Critical: Not critical
Where: Local system
Impact: Security Bypass
Released: 2008-08-26
A security issue has been reported in Samba, which can be exploited by
malicious, local users to bypass certain security restrictions.
Full Advisory:
http://secunia.com/advisories/31601/
--
[SA31598] Sun Solaris NFS Kernel Module Denial of Service
Critical: Not critical
Where: Local system
Impact: DoS
Released: 2008-08-25
A vulnerability has been reported in Sun Solaris, which can be
exploited by malicious, local users to cause a DoS (Denial of
Service).
Full Advisory:
http://secunia.com/advisories/31598/
--
[SA31579] Linux Kernel "rt6_fill_node()" Denial of Service
Vulnerability
Critical: Not critical
Where: Local system
Impact: DoS
Released: 2008-08-22
A vulnerability has been reported in the Linux kernel, which can be
exploited by malicious, local users to cause a DoS (Denial of
Service).
Full Advisory:
http://secunia.com/advisories/31579/
Other:--
[SA31572] Accellion File Transfer Appliance "forgot_password.html"
Cross-Site Scripting
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2008-08-26
Eric BEAULIEU has reported a vulnerability in Accellion File Transfer
Appliance, which can be exploited by malicious people to conduct
cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/31572/
Cross Platform:--
[SA31603] JustSystems Ichitaro Products Unspecified Code Execution
Vulnerability
Critical: Extremely critical
Where: From remote
Impact: System access
Released: 2008-08-28
A vulnerability has been reported in JustSystems Ichitaro products,
which can be exploited by malicious people to compromise a user's
system.
Full Advisory:
http://secunia.com/advisories/31603/
--
[SA31630] AWStats Totals Cross-site Scripting and PHP Code Execution
Critical: Highly critical
Where: From remote
Impact: Cross Site Scripting, System access
Released: 2008-08-27
Emory University has reported some vulnerabilities in AWStats Totals,
which can be exploited by malicious people to conduct cross-site
scripting attacks or to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/31630/
--
[SA31641] Quick Poll "id" SQL Injection Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2008-08-28
Hussin X has reported a vulnerability in Quick Poll, which can be
exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/31641/
--
[SA31640] OpenOffice "rtl_allocateMemory()" Truncation Vulnerability
...
Comments