[ISN] Secunia Weekly Summary - Issue: 2005-31

InfoSec News isn at c4i.org
Thu Aug 4 06:00:47 EDT 2005


========================================================================

                  The Secunia Weekly Advisory Summary                  
                        2005-07-28 - 2005-08-04                        

                       This week : 55 advisories                       

========================================================================
Table of Contents:

1.....................................................Word From Secunia
2....................................................This Week In Brief
3...............................This Weeks Top Ten Most Read Advisories
4.......................................Vulnerabilities Summary Listing
5.......................................Vulnerabilities Content Listing

========================================================================
1) Word From Secunia:

The Secunia staff is spending hours every day to assure you the best
and most reliable source for vulnerability information. Every single 
vulnerability report is being validated and verified before a Secunia
advisory is written.

Secunia validates and verifies vulnerability reports in many different
ways e.g. by downloading the software and performing comprehensive
tests, by reviewing source code, or by validating the credibility of
the source from which the vulnerability report was issued.

As a result, Secunia's database is the most correct and complete source
for recent vulnerability information available on the Internet.

Secunia Online Vulnerability Database:
http://secunia.com/

========================================================================
2) This Week in Brief:

Opera Software has released a new version of their popular browser,
which corrects several vulnerabilities.

Additional details can be found in the referenced Secunia advisories
below.

Reference:
http://secunia.com/SA15756
http://secunia.com/SA15870


VIRUS ALERTS:

Secunia has not issued any virus alerts during the week.

========================================================================
3) This Weeks Top Ten Most Read Advisories:

1.  [SA15870] Opera Download Dialog Spoofing Vulnerability
2.  [SA15756] Opera Image Dragging Vulnerability
3.  [SA16272] Cisco IOS IPv6 Packet Handling Vulnerability
4.  [SA16256] Microsoft Office Insecure Shared Section Permissions
5.  [SA16245] Sophos Anti-Virus Unspecified Buffer Overflow
              Vulnerability
6.  [SA15601] Mozilla / Mozilla Firefox Frame Injection Vulnerability
7.  [SA16271] Linksys WRT54G Router Common SSL Private Key Disclosure
8.  [SA12758] Microsoft Word Document Parsing Buffer Overflow
              Vulnerabilities
9.  [SA16267] Novell eDirectory NMAS Password Challenge Bypass
10. [SA16255] MySQL Eventum PEAR XML_RPC PHP Code Execution
              Vulnerability

========================================================================
4) Vulnerabilities Summary Listing

Windows:
[SA16314] Naxtor e-directory Cross-Site Scripting and SQL Injection
[SA16308] Sacrifice Format String and Buffer Overflow Vulnerabilities
[SA16306] BusinessMail SMTP Denial of Service Vulnerability
[SA16282] Business Objects Enterprise / Crystal Reports Denial of
Service
[SA16268] Thomson Web Skill Vantage Manager SQL Injection
[SA16258] nProtect Personal OnlineScan Arbitrary File Download
[SA16264] Easy PX 41 CMS Cross-Site Scripting and Information
Disclosure
[SA16283] Microsoft ActiveSync Denial of Service and Equipment ID
Enumeration
[SA16289] Trillian Exposure of User Credentials

UNIX/Linux:
[SA16327] Debian apt-cacher Unspecified Arbitrary Command Execution
[SA16326] Mandriva update for mozilla
[SA16307] Gentoo update for Compress-Zlib
[SA16302] Ubuntu update for
mozilla-thunderbird/mozilla-thunderbird-enigmail
[SA16296] Conectiva update for clamav
[SA16290] Trustix update for multiple packages
[SA16284] Gentoo update for emul-linux-x86-baselibs
[SA16276] Fedora update for ethereal
[SA16257] SUSE Updates for Multiple Packages
[SA16324] Gentoo update for nbsmtp
[SA16305] Gentoo update for pstotext
[SA16304] MySQL Eventum Cross-Site Scripting and SQL Injection
[SA16303] Debian update for pdns
[SA16293] Slackware update for telnet
[SA16291] jabberd "jid.c" Buffer Overflow Vulnerabilities
[SA16288] Gentoo update for ProFTPD
[SA16279] no-brainer SMTP Client "log_msg" Format String Vulnerability
[SA16261] Mandriva update for fetchmail
[SA16299] Fedora update for httpd
[SA16266] Ubuntu update for libtiff4
[SA16259] HP NonStop Server DCE Core Services Denial of Service
[SA16278] Avaya CMS / IR Solaris Runtime Linker Vulnerability
[SA16277] Debian update for gopher
[SA16275] UMN Gopher Insecure Temporary File Creation
[SA16269] Debian update for gaim
[SA16265] Gaim libgadu Memory Alignment Weakness
[SA16309] UnZip File Permissions Change Vulnerability

Other:
[SA16272] Cisco IOS IPv6 Packet Handling Vulnerability
[SA16271] Linksys WRT54G Router Common SSL Private Key Disclosure

Cross Platform:
[SA16319] Karrigell Python Namespace Exposure Vulnerability
[SA16273] Simplicity oF Upload "language" File Inclusion Vulnerability
[SA16260] PHPmyGallery "confdir" File Inclusion Vulnerability
[SA16323] nCipher CHIL Random Cache Inheritance Security Issue
[SA16318] Metasploit Framework "defanged" Mode Bypass Vulnerability
[SA16312] PHPFreeNews Unspecified Vulnerabilities
[SA16300] FlexPHPNews Multiple Vulnerabilities
[SA16287] Ragnarok Online Control Panel Authentication Bypass
Vulnerability
[SA16286] Kayako LiveResponse Multiple Vulnerabilities
[SA16262] Naxtor Shopping Cart Cross-Site Scripting and SQL Injection
[SA16316] BrightStor ARCserve Backup Agents Buffer Overflow
Vulnerability
[SA16267] Novell eDirectory NMAS Password Challenge Bypass
[SA16311] AderSoftware CFBB "page" Cross-Site Scripting
[SA16292] ChurchInfo SQL Injection Vulnerabilities
[SA16270] UNG "name" and "email" Mail Header Injection
[SA16263] Website Baker Cross-Site Scripting and File Upload
Vulnerabilities
[SA16274] phplist "id" SQL Injection Vulnerability

========================================================================
5) Vulnerabilities Content Listing

Windows:--

[SA16314] Naxtor e-directory Cross-Site Scripting and SQL Injection

Critical:    Highly critical
Where:       From remote
Impact:      Security Bypass, Cross Site Scripting, Manipulation of
data, System access
Released:    2005-08-03

basher13 has reported some vulnerabilities in Naxtor e-directory, which
can be exploited by malicious people to conduct cross-site scripting and
SQL injection attacks and potentially compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/16314/

 --

[SA16308] Sacrifice Format String and Buffer Overflow Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2005-08-02

Luigi Auriemma has reported two vulnerabilities in Sacrifice, which
potentially can be exploited by malicious people to compromise a
vulnerable system.

Full Advisory:
http://secunia.com/advisories/16308/

 --

[SA16306] BusinessMail SMTP Denial of Service Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2005-08-01

Reed Arvin has discovered a vulnerability in BusinessMail, which can be
exploited by malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/16306/

 --

[SA16282] Business Objects Enterprise / Crystal Reports Denial of
Service

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2005-08-01

A vulnerability has been reported in Business Objects Enterprise and
Crystal Reports Server, which can be exploited by malicious people to
cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/16282/

 --

[SA16268] Thomson Web Skill Vantage Manager SQL Injection

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass, Manipulation of data
Released:    2005-07-29

Walter Sobchak has reported a vulnerability in Thomson Web Skill
Vantage Manager, which can be exploited by malicious people to conduct
SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/16268/

 --

[SA16258] nProtect Personal OnlineScan Arbitrary File Download

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data, System access
Released:    2005-08-01

Park Gyu Tae and Neo have reported in a vulnerability in nProtect
Personal OnlineScan, which potentially can be exploited by malicious
people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/16258/

 --

[SA16264] Easy PX 41 CMS Cross-Site Scripting and Information
Disclosure

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting, Exposure of system information,
Exposure of sensitive information
Released:    2005-07-29

FalconDeOro has reported some vulnerabilities in Easy PX 41 CMS, which
can be exploited by malicious people to conduct cross-site scripting
attacks and disclose various information.

Full Advisory:
http://secunia.com/advisories/16264/

 --

[SA16283] Microsoft ActiveSync Denial of Service and Equipment ID
Enumeration

Critical:    Less critical
Where:       From local network
Impact:      Exposure of system information, Exposure of sensitive
information, DoS
Released:    2005-08-02

Seth Fogie has reported two vulnerabilities in Microsoft ActiveSync,
which can be exploited by malicious people to cause a DoS (Denial of
Service) and enumerate valid equipment IDs.

Full Advisory:
http://secunia.com/advisories/16283/

 --

[SA16289] Trillian Exposure of User Credentials

Critical:    Less critical
Where:       Local system
Impact:      Exposure of sensitive information
Released:    2005-08-01

Suramya Tomar has discovered a security issue in Trillian, which can be
exploited by malicious, local users to gain knowledge of sensitive
information.

Full Advisory:
http://secunia.com/advisories/16289/


UNIX/Linux:--

[SA16327] Debian apt-cacher Unspecified Arbitrary Command Execution

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2005-08-03

Eduard Bloch has reported a vulnerability in apt-cacher, which
potentially can be exploited by malicious people to compromise a
vulnerable system.

Full Advisory:
http://secunia.com/advisories/16327/

 --

[SA16326] Mandriva update for mozilla

Critical:    Highly critical
Where:       From remote
Impact:      System access, Spoofing, Cross Site Scripting, Security
Bypass
Released:    2005-08-03

Mandriva has issued an update for mozilla. This fixes some
vulnerabilities, which can be exploited by malicious people to bypass
certain security restrictions, conduct cross-site scripting and
spoofing attacks, and compromise a user's system.

Full Advisory:
http://secunia.com/advisories/16326/

 --

[SA16307] Gentoo update for Compress-Zlib

Critical:    Highly critical
Where:       From remote
Impact:      System access, DoS
Released:    2005-08-01

Gentoo has issued an update for Compress-Zlib. This fixes some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service) or potentially compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/16307/

 --

[SA16302] Ubuntu update for
mozilla-thunderbird/mozilla-thunderbird-enigmail

Critical:    Highly critical
Where:       From remote
Impact:      Security Bypass, Cross Site Scripting, Exposure of system
information, Exposure of sensitive information, System access
Released:    2005-08-01

Ubuntu has issued updates for mozilla-thunderbird and
mozilla-thunderbird-enigmail. These fix some vulnerabilities, which can
be exploited by malicious people to bypass certain security
restrictions, gain knowledge of potentially sensitive information,
conduct cross-site scripting attacks and compromise a user's system.

Full Advisory:
http://secunia.com/advisories/16302/

 --

[SA16296] Conectiva update for clamav

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2005-08-01

Conectiva has issued an update for clamav. This fixes some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service) or compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/16296/

 --

[SA16290] Trustix update for multiple packages

Critical:    Highly critical
Where:       From remote
Impact:      Security Bypass, Cross Site Scripting, Manipulation of
data, Exposure of sensitive information, Privilege escalation, DoS,
System access
Released:    2005-08-02

Trustix has issued various updated packages. These fix some
vulnerabilities, which can be exploited by malicious, local users to
gain escalated privileges, by malicious users to cause a DoS (Denial of
Service), or by malicious people to gain knowledge of sensitive
information, conduct HTTP request smuggling attacks, or compromise a
vulnerable system,

Full Advisory:
http://secunia.com/advisories/16290/

 --

[SA16284] Gentoo update for emul-linux-x86-baselibs

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2005-08-01

Gentoo has issued an update for emul-linux-x86-baselibs. This fixes
some vulnerabilities, which can be exploited by malicious people to
cause a DoS (Denial of Service) or potentially compromise a vulnerable
system.

Full Advisory:
http://secunia.com/advisories/16284/

 --

[SA16276] Fedora update for ethereal

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2005-07-29

Fedora has issued an update for ethereal. This fixes multiple
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service) or compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/16276/

 --

[SA16257] SUSE Updates for Multiple Packages

Critical:    Highly critical
Where:       From remote
Impact:      Security Bypass, Cross Site Scripting, Spoofing,
Manipulation of data, Exposure of sensitive information, DoS, System
access
Released:    2005-07-29

SUSE has issued updates for multiple packages. These fix various
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service), conduct HTTP request smuggling, spoofing and
cross-site scripting attacks, bypass certain security restrictions,
disclose and manipulate sensitive information, and compromise a
vulnerable system.

Full Advisory:
http://secunia.com/advisories/16257/

 --

[SA16324] Gentoo update for nbsmtp

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2005-08-03

Gentoo has issued an update for nbsmtp. This fixes a vulnerability,
which potentially can be exploited by malicious people to compromise a
vulnerable system.

Full Advisory:
http://secunia.com/advisories/16324/

 --

[SA16305] Gentoo update for pstotext

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2005-08-01

Gentoo has issued an update for pstotext. This fixes a vulnerability,
which can be exploited by malicious people to compromise a vulnerable
system.

Full Advisory:
http://secunia.com/advisories/16305/

 --

[SA16304] MySQL Eventum Cross-Site Scripting and SQL Injection

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting, Manipulation of data
Released:    2005-08-01

James Bercegay has reported some vulnerabilities in MySQL Eventum,
which can be exploited by malicious people to conduct cross-site
scripting and SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/16304/

 --

[SA16303] Debian update for pdns

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2005-08-01

Debian has issued an update for pdns. This fixes two vulnerabilities,
which can be exploited by malicious people to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/16303/

 --

[SA16293] Slackware update for telnet

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2005-08-01

Slackware has issued an update for telnet. This fixes two
vulnerabilities, which can be exploited by malicious people to
compromise a user's system.

Full Advisory:
http://secunia.com/advisories/16293/

 --

[SA16291] jabberd "jid.c" Buffer Overflow Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2005-08-01

Michael has reported some vulnerabilities in jabberd, which potentially
can be exploited by malicious users to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/16291/

 --

[SA16288] Gentoo update for ProFTPD

Critical:    Moderately critical
Where:       From remote
Impact:      Exposure of sensitive information, DoS, System access
Released:    2005-08-02

Gentoo has issued an update for ProFTPD. This fixes two
vulnerabilities, which can be exploited by malicious users to disclose
certain sensitive information, cause a DoS (Denial of Service), or
potentially compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/16288/

 --

[SA16279] no-brainer SMTP Client "log_msg" Format String Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2005-08-01

A vulnerability has been reported in no-brainer SMTP client, which
potentially can be exploited by malicious people to compromise a
vulnerable system.

Full Advisory:
http://secunia.com/advisories/16279/

 --

[SA16261] Mandriva update for fetchmail

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2005-07-29

Mandriva has issued an update for fetchmail. This fixes a
vulnerability, which can be exploited by malicious people to compromise
a vulnerable system.

Full Advisory:
http://secunia.com/advisories/16261/

 --

[SA16299] Fedora update for httpd

Critical:    Less critical
Where:       From remote
Impact:      Security Bypass, Cross Site Scripting, Manipulation of
data, DoS
Released:    2005-08-03

Fedora has issued an update for httpd. This fixes two vulnerabilities,
which can be exploited by malicious people to potentially cause a DoS
(Denial of Service) and conduct HTTP request smuggling attacks.

Full Advisory:
http://secunia.com/advisories/16299/

 --

[SA16266] Ubuntu update for libtiff4

Critical:    Less critical
Where:       From remote
Impact:      DoS
Released:    2005-07-29

Ubuntu has issued an update for libtiff4. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/16266/

 --

[SA16259] HP NonStop Server DCE Core Services Denial of Service

Critical:    Less critical
Where:       From local network
Impact:      DoS
Released:    2005-08-01

A vulnerability has been reported in HP NonStop Server, which can be
exploited by malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/16259/

 --

[SA16278] Avaya CMS / IR Solaris Runtime Linker Vulnerability

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2005-08-02

Avaya has acknowledged a vulnerability in CMS and IR, which can be
exploited by malicious, local users to gain escalated privileges.

Full Advisory:
http://secunia.com/advisories/16278/

 --

[SA16277] Debian update for gopher

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2005-08-01

Debian has issued an update for gopher. This fixes a vulnerability,
which can be exploited by malicious, local users to perform certain
actions on a vulnerable system with escalated privileges.

Full Advisory:
http://secunia.com/advisories/16277/

 --

[SA16275] UMN Gopher Insecure Temporary File Creation

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2005-08-01

John Goerzen has reported a vulnerability in gopher, which can be
exploited by malicious, local users to perform certain actions on a
vulnerable system with escalated privileges.

Full Advisory:
http://secunia.com/advisories/16275/

 --

[SA16269] Debian update for gaim

Critical:    Not critical
Where:       From remote
Impact:      DoS
Released:    2005-07-29

Debian has issued an update for gaim. This fixes a weakness, which
potentially can be exploited by malicious people to cause a DoS (Denial
of Service).

Full Advisory:
http://secunia.com/advisories/16269/

 --

[SA16265] Gaim libgadu Memory Alignment Weakness

Critical:    Not critical
Where:       From remote
Impact:      DoS
Released:    2005-07-29

A weakness has been reported in Gaim, which potentially can be
exploited by malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/16265/

 --

[SA16309] UnZip File Permissions Change Vulnerability

Critical:    Not critical
Where:       Local system
Impact:      Privilege escalation
Released:    2005-08-03

Imran Ghory has reported a vulnerability in unzip, which can be
exploited by malicious, local users to perform certain actions on a
vulnerable system with escalated privileges.

Full Advisory:
http://secunia.com/advisories/16309/


Other:--

[SA16272] Cisco IOS IPv6 Packet Handling Vulnerability

Critical:    Moderately critical
Where:       From local network
Impact:      DoS, System access
Released:    2005-07-29

A vulnerability has been reported in Ciso IOS, which can be exploited
by malicious people to cause a DoS (Denial of Service) or potentially
compromise a vulnerable network device.

Full Advisory:
http://secunia.com/advisories/16272/

 --

[SA16271] Linksys WRT54G Router Common SSL Private Key Disclosure

Critical:    Less critical
Where:       From local network
Impact:      Exposure of sensitive information
Released:    2005-07-29

Nick Simicich has reported a security issue in WRT54G, which
potentially can be exploited by malicious people to gain knowledge of
certain sensitive information.

Full Advisory:
http://secunia.com/advisories/16271/


Cross Platform:--

[SA16319] Karrigell Python Namespace Exposure Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2005-08-03

Radovan Garabik has reported a vulnerability in Karrigell, which can be
exploited by malicious people to cause a DoS (Denial of Service) or
potentially compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/16319/

 --

[SA16273] Simplicity oF Upload "language" File Inclusion Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2005-07-29

rgod has reported a vulnerability in Simplicity oF Upload, which can be
exploited by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/16273/

 --

[SA16260] PHPmyGallery "confdir" File Inclusion Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2005-07-29

Securitysos Inc. has reported a vulnerability in PHPmyGallery, which
can be exploited by malicious people to compromise a vulnerable
system.

Full Advisory:
http://secunia.com/advisories/16260/

 --

[SA16323] nCipher CHIL Random Cache Inheritance Security Issue

Critical:    Moderately critical
Where:       From remote
Impact:      Unknown
Released:    2005-08-03

A security issue has been reported in nCipher CHIL (Cryptographic
Hardware Interface Library), which may result in a program generating
the same random bytes in all child processes for a certain period of
time.

Full Advisory:
http://secunia.com/advisories/16323/

 --

[SA16318] Metasploit Framework "defanged" Mode Bypass Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass
Released:    2005-08-03

Dino Dai Zovi has reported a vulnerability in Metasploit Framework,
which can be exploited by malicious people to bypass certain security
restrictions.

Full Advisory:
http://secunia.com/advisories/16318/

 --

[SA16312] PHPFreeNews Unspecified Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Unknown
Released:    2005-08-02

Some unspecified vulnerabilities with unknown impacts have been
reported in PHPFreeNews.

Full Advisory:
http://secunia.com/advisories/16312/

 --

[SA16300] FlexPHPNews Multiple Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass, Cross Site Scripting, Manipulation of
data, Exposure of system information, DoS
Released:    2005-08-02

rgod has reported some vulnerabilities in FlexPHPNews, which can be
exploited by malicious people to cause a DoS (Denial of Service), or
conduct cross-site scripting and SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/16300/

 --

[SA16287] Ragnarok Online Control Panel Authentication Bypass
Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass
Released:    2005-08-01

VaLiuS has reported a vulnerability in Ragnarok Online Control Panel,
which can be exploited by malicious people to bypass certain security
restrictions.

Full Advisory:
http://secunia.com/advisories/16287/

 --

[SA16286] Kayako LiveResponse Multiple Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting, Manipulation of data, Exposure of
system information
Released:    2005-08-01

James Bercegay has reported some vulnerabilities in Kayako
LiveResponse, which can be exploited by malicious people to conduct
cross-site scripting, script insertion, and SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/16286/

 --

[SA16262] Naxtor Shopping Cart Cross-Site Scripting and SQL Injection

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting, Manipulation of data
Released:    2005-08-03

John Cobb has reported some vulnerabilities in Naxtor Shopping Cart,
which can be exploited by malicious people to conduct cross-site
scripting and SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/16262/

 --

[SA16316] BrightStor ARCserve Backup Agents Buffer Overflow
Vulnerability

Critical:    Moderately critical
Where:       From local network
Impact:      System access
Released:    2005-08-03

A vulnerability has been reported in BrightStor ARCserve Backup, which
can be exploited by malicious people to compromise a vulnerable
system.

Full Advisory:
http://secunia.com/advisories/16316/

 --

[SA16267] Novell eDirectory NMAS Password Challenge Bypass

Critical:    Moderately critical
Where:       From local network
Impact:      Security Bypass
Released:    2005-07-29

A security issue has been reported in Novell eDirectory, which can be
exploited by malicious people to bypass certain security restrictions.

Full Advisory:
http://secunia.com/advisories/16267/

 --

[SA16311] AderSoftware CFBB "page" Cross-Site Scripting

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2005-08-02

rUnViRuS has reported a vulnerability in AderSoftware CFBB, which can
be exploited by malicious people to conduct cross-site scripting
attacks.

Full Advisory:
http://secunia.com/advisories/16311/

 --

[SA16292] ChurchInfo SQL Injection Vulnerabilities

Critical:    Less critical
Where:       From remote
Impact:      Manipulation of data, Exposure of system information
Released:    2005-08-02

thegreatone2176 has discovered some vulnerabilities in ChurchInfo,
which can be exploited by malicious users to conduct SQL injection
attacks.

Full Advisory:
http://secunia.com/advisories/16292/

 --

[SA16270] UNG "name" and "email" Mail Header Injection

Critical:    Less critical
Where:       From remote
Impact:      Manipulation of data
Released:    2005-07-29

A vulnerability has been reported in UNG, which can be exploited by
malicious people to inject arbitrary mail headers.

Full Advisory:
http://secunia.com/advisories/16270/

 --

[SA16263] Website Baker Cross-Site Scripting and File Upload
Vulnerabilities

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting, Exposure of system information,
System access
Released:    2005-07-29

thegreatone2176 has discovered some vulnerabilities in Website Baker,
which can be exploited by malicious people to conduct cross-site
scripting attacks and by malicious users to compromise a vulnerable
system.

Full Advisory:
http://secunia.com/advisories/16263/

 --

[SA16274] phplist "id" SQL Injection Vulnerability

Critical:    Not critical
Where:       From remote
Impact:      Manipulation of data
Released:    2005-07-29

thegreatone2176 has discovered a vulnerability in phplist, which can be
exploited by malicious users to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/16274/



========================================================================

Secunia recommends that you verify all advisories you receive,
by clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only use
those supplied by the vendor.

Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/

Subscribe:
http://secunia.com/secunia_weekly_summary/

Contact details:
Web	: http://secunia.com/
E-mail	: support at secunia.com
Tel	: +45 70 20 51 44
Fax	: +45 70 20 51 45






More information about the ISN mailing list