[ISN] Secunia Weekly Summary - Issue: 2005-51

InfoSec News isn at c4i.org
Tue Dec 27 08:17:45 UTC 2005


========================================================================

                  The Secunia Weekly Advisory Summary                  
                        2005-12-15 - 2005-12-22                        

                      This week : 112 advisories                       

========================================================================
Table of Contents:

1.....................................................Word From Secunia
2....................................................This Week In Brief
3...............................This Weeks Top Ten Most Read Advisories
4.......................................Vulnerabilities Summary Listing
5.......................................Vulnerabilities Content Listing

========================================================================
1) Word From Secunia:

The Secunia staff is spending hours every day to assure you the best
and most reliable source for vulnerability information. Every single 
vulnerability report is being validated and verified before a Secunia
advisory is written.

Secunia validates and verifies vulnerability reports in many different
ways e.g. by downloading the software and performing comprehensive
tests, by reviewing source code, or by validating the credibility of
the source from which the vulnerability report was issued.

As a result, Secunia's database is the most correct and complete source
for recent vulnerability information available on the Internet.

Secunia Online Vulnerability Database:
http://secunia.com/

========================================================================
2) This Week in Brief:

A vulnerability has been reported in McAfee SecurityCenter, which
potentially can be exploited by malicious people to compromise a
vulnerable system.

Successful exploitation requires that the user is e.g. tricked into
visiting a malicious website.

For additional information please refer to the referenced Secunia
advisory below.

Reference:
http://secunia.com/SA18169

--

Alex Wheeler has reported a vulnerability in Symantec AntiVirus, which
potentially can be exploited by malicious people to compromise a
vulnerable system.

The vulnerability is caused due to a boundary error in Dec2Rar.dll
when copying data based on the length field in the sub-block headers of
a RAR archive. This can be exploited to cause a heap-based buffer
overflow and may allow arbitrary code execution when a malicious RAR
archive is scanned.

Many Symantec products are vulnerable to this issue. All users of
Symantec products are therefore advised to see the referenced Secunia
advisory for complete details about vulnerable products.

Reference:
http://secunia.com/SA18131


VIRUS ALERTS:

Secunia has not issued any virus alerts during the week.

========================================================================
3) This Weeks Top Ten Most Read Advisories:

1.  [SA18131] Symantec AntiVirus RAR Archive Decompression Buffer
              Overflow
2.  [SA15546] Microsoft Internet Explorer "window()" Arbitrary Code
              Execution Vulnerability
3.  [SA15368] Microsoft Internet Explorer Multiple Vulnerabilities
4.  [SA11762] Opera Browser Favicon Displaying Address Bar Spoofing
              Vulnerability
5.  [SA18149] Apple QuickTime / iTunes Memory Corruption Vulnerability
6.  [SA18162] VMware NAT Networking Buffer Overflow Vulnerability
7.  [SA18106] Microsoft IIS Malformed URL Potential Denial of Service
              Vulnerability
8.  [SA18078] Macromedia ColdFusion Multiple Vulnerabilities
9.  [SA17934] Mozilla Firefox History Information Denial of Service
              Weakness
10. [SA18092] IBM Java SDK JRE Sandbox Security Bypass Vulnerabilities

========================================================================
4) Vulnerabilities Summary Listing

Windows:
[SA18169] McAfee SecurityCenter "mcinsctl.dll" ActiveX File Overwrite
Vulnerability
[SA18197] Interaction SIP Proxy Buffer Overflow Vulnerability
[SA18159] Information Call Center "CallCenterData.mdb" Exposure of User
Credentials
[SA18134] MailEnable Multiple IMAP Command Vulnerabilities
[SA18133] pTools "docID" SQL Injection Vulnerability
[SA18127] Honeycomb Archive SQL Injection and Cross-Site Scripting
[SA18106] Microsoft IIS Malformed URL Potential Denial of Service
Vulnerability
[SA18097] Acidcat CMS SQL Injection Vulnerability
[SA18089] iHTML Merchant Pro SQL Injection Vulnerabilities
[SA18085] iCMS Cross-Site Scripting and SQL Injection Vulnerabilities
[SA18079] Media2 CMS Shop "item" SQL Injection Vulnerability
[SA18073] iHTML Merchant Mall SQL Injection Vulnerabilities
[SA18201] SiteEnable / PortalApp "ret_page" Cross-Site Scripting
Vulnerability
[SA18200] IntranetApp Cross-Site Scripting Vulnerabilities
[SA18199] ProjectApp Cross-Site Scripting Vulnerabilities
[SA18174] UltraApps Issue Manager Privilege Escalation Vulnerability
[SA18164] Dev Hound Script Insertion and Full Path Disclosure
[SA18129] FarCry Search Feature Cross Site Scripting Vulnerability
[SA18119] lemoon "q" Cross-Site Scripting Vulnerability
[SA18118] damoon "q" Cross-Site Scripting Vulnerability
[SA18070] Acuity CMS "strSearchKeywords" Cross-Site Scripting
Vulnerability

UNIX/Linux:
[SA18111] Gentoo update for opera
[SA18204] Avaya Modular Messaging POP3 Denial of Service Vulnerability
[SA18192] Red Hat update for gpdf
[SA18191] Red Hat update for cups
[SA18189] Red Hat update for kdegraphics
[SA18186] Red Hat update for netpbm
[SA18180] HP-UX Software Distributor Unauthorised Access Vulnerability
[SA18170] SCO OpenServer update for xloadimage
[SA18161] Mandriva update for apache2
[SA18160] HP-UX WBEM Services Unspecified Denial of Service
Vulnerability
[SA18157] LiveJournal "cleanhtml.pl" Two Script Insertion
Vulnerabilities
[SA18124] ELOG Long Parameter Value Denial of Service Vulnerability
[SA18115] SUSE update for ipsec-tools / freeswan / openswan
[SA18109] Debian update for dropbear
[SA18108] Dropbear SSH Server Buffer Overflow Vulnerability
[SA18107] Ubuntu update for xine-lib
[SA18101] SUSE Updates for Multiple Packages
[SA18087] xine-lib FFmpeg libavcodec Buffer Overflow Vulnerability
[SA18082] HP-UX TCP/IP "Rose Attack" Denial of Service Vulnerability
[SA18165] IBM HMC OpenSSL Vulnerabilities
[SA18151] Caravel CMS Cross-Site Scripting Vulnerabilities
[SA18148] PlaySMS "err" Cross-Site Scripting Vulnerability
[SA18146] UnixWare update for tcpdump
[SA18100] UnixWare update for gzip
[SA18076] Webglimpse "ID" Cross-Site Scripting Vulnerability
[SA18075] Red Hat update perl
[SA18071] ProjectForum Cross-Site Scripting Vulnerabilities
[SA18193] Red Hat update for udev
[SA18188] Red Hat update for curl
[SA18156] Mandriva update for sudo
[SA18139] Fedora update for kdebase
[SA18105] Gentoo update for curl
[SA18102] Fedora update for sudo
[SA18088] AIX Multiple Privilege Escalation Vulnerabilities
[SA18187] Red Hat update for perl
[SA18183] SUSE update for perl
[SA18172] Fedora update for fetchmail
[SA18081] Gentoo update for centericq

Other:
[SA18179] ADTRAN NetVanta Products ISAKMP IKE Message Processing
Vulnerabilities
[SA18166] NEC UNIVERGE ISAKMP IKE Message Processing Denial of Service
[SA18138] Ingate Firewall and SIParator Denial of Service
Vulnerability
[SA18103] Cisco Clean Access Manager Obsolete JSP Files Vulnerability

Cross Platform:
[SA18177] PhpGedView File Inclusion and PHP Code Injection
Vulnerabilities
[SA18131] Symantec AntiVirus RAR Archive Decompression Buffer Overflow
[SA18092] IBM Java SDK JRE Sandbox Security Bypass Vulnerabilities
[SA18077] Macromedia JRun Server Two Vulnerabilities
[SA18184] phpBB Chatspot Module Two Vulnerabilities
[SA18176] Blender "get_bhead()" Integer Overflow Vulnerability
[SA18173] Portfolio NetPublish "template" Disclosure of Sensitive
Information
[SA18154] Beehive Forum Script Insertion Vulnerabilities
[SA18152] Papoo SQL Injection Vulnerabilities
[SA18150] phpSlash "story_id" SQL Injection Vulnerability
[SA18149] Apple QuickTime / iTunes Memory Corruption Vulnerability
[SA18145] Community Enterprise Cross-Site Scripting and SQL Injection
[SA18121] ODFaq SQL Injection Vulnerabilities
[SA18120] Komodo CMS Cross-Site Scripting and SQL Injection
Vulnerabilities
[SA18110] Miraserver SQL Injection Vulnerabilities
[SA18099] Marwel "show" Potential SQL Injection Vulnerability
[SA18094] AlmondSoft Products "id" SQL Injection Vulnerability
[SA18078] Macromedia ColdFusion Multiple Vulnerabilities
[SA18069] Envolution Cross-Site Scripting and SQL Injection
Vulnerabilities
[SA18162] VMware NAT Networking Buffer Overflow Vulnerability
[SA18196] RAMSite R|1 CMS "searchfield" Cross-Site Scripting
Vulnerability
[SA18195] Redakto WCMS Cross-Site Scripting Vulnerabilities
[SA18182] Scoop Cross-Site Scripting Vulnerabilities
[SA18168] OpenEdit Cross-Site Scripting Vulnerabilities
[SA18144] contenite "id" Cross-Site Scripting Vulnerability
[SA18143] CONTENS "near" Cross-Site Scripting Vulnerability
[SA18137] Metadot Portal Server "Group.pm" Privilege Escalation
Vulnerability
[SA18132] ASPBite "strSearch" Cross-Site Scripting Vulnerability
[SA18130] Esselbach Storyteller CMS System "query" Cross-Site
Scripting
[SA18128] FLIP "name" Cross-Site Scripting Vulnerability
[SA18126] Hot Banana Web Content Management Suite Cross-Site Scripting
[SA18125] phpBB "Allow HTML" Script Insertion Security Issue
[SA18122] AbleDesign ReSearch Cross-Site Scripting Vulnerability
[SA18117] Libertas ECMS "page_search" Cross-Site Scripting
Vulnerability
[SA18116] Liferay Portal Enterprise Cross-Site Scripting
Vulnerabilities
[SA18114] Lutece "query" Cross-Site Scripting Vulnerability
[SA18113] phpMyAdmin Cross-Site Request Forgery Vulnerability
[SA18112] Cerberus Helpdesk Cross-Site Scripting and SQL Injection
Vulnerabilities
[SA18104] Magnolia Search Feature "query" Cross-Site Scripting
Vulnerability
[SA18096] AtlantForum Cross-Site Scripting Vulnerabilities
[SA18095] Atlant Pro Cross-Site Scripting Vulnerabilities
[SA18093] DCForum+ Cross-Site Scripting Vulnerabilities
[SA18091] bbBoard "keys" Cross-Site Scripting Vulnerability
[SA18090] SiteNet BBS Cross-Site Scripting Vulnerabilities
[SA18086] myEZshop Shopping Cart Cross-Site Scripting and SQL
Injection
[SA18084] ScareCrow Cross-Site Scripting Vulnerabilities
[SA18080] phpXplorer "address bar" Cross-Site Scripting Vulnerability
[SA18074] AbleDesign D-Man "title" Cross-Site Scripting Vulnerability
[SA18072] Red Queen Full Path Disclosure Weakness

========================================================================
5) Vulnerabilities Content Listing

Windows:--

[SA18169] McAfee SecurityCenter "mcinsctl.dll" ActiveX File Overwrite
Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      Manipulation of data, System access
Released:    2005-12-21

Peter Vreugdenhil has reported a vulnerability in McAfee
SecurityCenter, which potentially can be exploited by malicious people
to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/18169/

 --

[SA18197] Interaction SIP Proxy Buffer Overflow Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2005-12-21

Behrang Fouladi has reported a vulnerability in Interaction SIP Proxy,
which can be exploited by malicious people to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/18197/

 --

[SA18159] Information Call Center "CallCenterData.mdb" Exposure of User
Credentials

Critical:    Moderately critical
Where:       From remote
Impact:      Exposure of sensitive information
Released:    2005-12-20

BiPi_HaCk has discovered a security issue in Information Call Center,
which can be exploited by malicious people to disclose sensitive
information.

Full Advisory:
http://secunia.com/advisories/18159/

 --

[SA18134] MailEnable Multiple IMAP Command Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2005-12-21

Tim Shelton has reported some vulnerabilities in MailEnable, which can
be exploited by malicious users to cause a DoS (Denial of Service) and
to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/18134/

 --

[SA18133] pTools "docID" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2005-12-20

Preddy has reported a vulnerability in pTools, which can be exploited
by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/18133/

 --

[SA18127] Honeycomb Archive SQL Injection and Cross-Site Scripting

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting, Manipulation of data
Released:    2005-12-20

r0t has reported two vulnerabilities in Honeycomb Archive, which can be
exploited by malicious people to conduct cross-site scripting and SQL
injection attacks.

Full Advisory:
http://secunia.com/advisories/18127/

 --

[SA18106] Microsoft IIS Malformed URL Potential Denial of Service
Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2005-12-19

Inge Henriksen has discovered a vulnerability in Microsoft Internet
Information Services (IIS), which potentially can be exploited by
malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/18106/

 --

[SA18097] Acidcat CMS SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data, Exposure of sensitive information
Released:    2005-12-19

Hamid Ebadi has discovered a vulnerability in Acidcat CMS, which can be
exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/18097/

 --

[SA18089] iHTML Merchant Pro SQL Injection Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2005-12-19

r0t has reported some vulnerabilities in iHTML Merchant Pro, which can
be exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/18089/

 --

[SA18085] iCMS Cross-Site Scripting and SQL Injection Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting, Manipulation of data
Released:    2005-12-19

$um$id has reported some vulnerabilities in iCMS, which can be
exploited by malicious people to conduct cross-site scripting and SQL
injection attacks.

Full Advisory:
http://secunia.com/advisories/18085/

 --

[SA18079] Media2 CMS Shop "item" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2005-12-19

$um$id has reported a vulnerability in Media2 CMS Shop, which can be
exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/18079/

 --

[SA18073] iHTML Merchant Mall SQL Injection Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2005-12-19

r0t has reported some vulnerabilities in iHTML Merchant Mall, which can
be exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/18073/

 --

[SA18201] SiteEnable / PortalApp "ret_page" Cross-Site Scripting
Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2005-12-22

r0t has reported a vulnerability in SiteEnable and PortalApp, which can
be exploited by malicious people to conduct cross-site scripting
attacks.

Full Advisory:
http://secunia.com/advisories/18201/

 --

[SA18200] IntranetApp Cross-Site Scripting Vulnerabilities

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2005-12-22

r0t has reported some vulnerabilities in IntranetApp, which can be
exploited by malicious people to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/18200/

 --

[SA18199] ProjectApp Cross-Site Scripting Vulnerabilities

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2005-12-22

r0t has reported some vulnerabilities in ProjectApp, which can be
exploited by malicious people to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/18199/

 --

[SA18174] UltraApps Issue Manager Privilege Escalation Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Privilege escalation
Released:    2005-12-21

Information Risk Management Plc. has reported a vulnerability in
UltraApps Issue Manager, which can be exploited by malicious users to
gain escalated privileges.

Full Advisory:
http://secunia.com/advisories/18174/

 --

[SA18164] Dev Hound Script Insertion and Full Path Disclosure

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting, Exposure of system information
Released:    2005-12-22

Donnie Werner has reported a weakness and a vulnerability in Dev Hound,
which can be exploited by malicious users to disclose system information
and conduct script insertion attacks.

Full Advisory:
http://secunia.com/advisories/18164/

 --

[SA18129] FarCry Search Feature Cross Site Scripting Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2005-12-20

r0t has reported a vulnerability in FarCry, which can be exploited by
malicious people to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/18129/

 --

[SA18119] lemoon "q" Cross-Site Scripting Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2005-12-19

r0t has reported a vulnerability in lemoon, which can be exploited by
malicious people to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/18119/

 --

[SA18118] damoon "q" Cross-Site Scripting Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2005-12-19

r0t has reported a vulnerability in damoon, which can be exploited by
malicious people to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/18118/

 --

[SA18070] Acuity CMS "strSearchKeywords" Cross-Site Scripting
Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2005-12-19

r0t has reported a vulnerability in Acuity CMS, which can be exploited
by malicious people to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/18070/


UNIX/Linux:--

[SA18111] Gentoo update for opera

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2005-12-19

Gentoo has issued an update for opera. This fixes a vulnerability,
which can be exploited by malicious people to compromise a user's
system.

Full Advisory:
http://secunia.com/advisories/18111/

 --

[SA18204] Avaya Modular Messaging POP3 Denial of Service Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2005-12-21

A vulnerability has been reported in Avaya Modular Messaging, which can
be exploited by malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/18204/

 --

[SA18192] Red Hat update for gpdf

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2005-12-21

Red Hat has issued an update for gpdf. This fixes some vulnerabilities,
which can be exploited by malicious people to cause a DoS (Denial of
Service) and potentially to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/18192/

 --

[SA18191] Red Hat update for cups

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2005-12-21

Red Hat has issued an update for cups. This fixes some vulnerabilities,
which can be exploited by malicious people to cause a DoS (Denial of
Service) and potentially to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/18191/

 --

[SA18189] Red Hat update for kdegraphics

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2005-12-21

Red Hat has issued an update for kdegraphics. This fixes some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service) and potentially to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/18189/

 --

[SA18186] Red Hat update for netpbm

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2005-12-21

Red Hat has issued an update for netpbm. This fixes two
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service) and potentially to compromise a vulnerable
system.

Full Advisory:
http://secunia.com/advisories/18186/

 --

[SA18180] HP-UX Software Distributor Unauthorised Access Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2005-12-21

A vulnerability has been reported in HP-UX, which potentially can be
exploited by malicious users to bypass certain security restrictions.

Full Advisory:
http://secunia.com/advisories/18180/

 --

[SA18170] SCO OpenServer update for xloadimage

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2005-12-21

SCO has issued an update for xloadimage. This fixes a vulnerability,
which potentially can be exploited by malicious people to compromise a
user's system.

Full Advisory:
http://secunia.com/advisories/18170/

 --

[SA18161] Mandriva update for apache2

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2005-12-20

Mandriva has issued an update for apache2. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/18161/

 --

[SA18160] HP-UX WBEM Services Unspecified Denial of Service
Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2005-12-20

A vulnerability has been reported in HP-UX, which can be exploited by
malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/18160/

 --

[SA18157] LiveJournal "cleanhtml.pl" Two Script Insertion
Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2005-12-20

Two vulnerabilities have been reported in LiveJournal, which can be
exploited by malicious people to conduct script insertion attacks.

Full Advisory:
http://secunia.com/advisories/18157/

 --

[SA18124] ELOG Long Parameter Value Denial of Service Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2005-12-20

sk has discovered a vulnerability in ELOG, which can be exploited by
malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/18124/

 --

[SA18115] SUSE update for ipsec-tools / freeswan / openswan

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2005-12-20

SUSE has issued updates for ipsec-tools / freeswan / openswan. This
fixes some vulnerabilities, which can be exploited by malicious people
to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/18115/

 --

[SA18109] Debian update for dropbear

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2005-12-19

Debian has issued an update for dropbear. This fixes a vulnerability,
which potentially can be exploited by malicious users to compromise a
vulnerable system.

Full Advisory:
http://secunia.com/advisories/18109/

 --

[SA18108] Dropbear SSH Server Buffer Overflow Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2005-12-19

A vulnerability has been reported in Dropbear SSH Server, which
potentially can be exploited by malicious users to compromise a
vulnerable system.

Full Advisory:
http://secunia.com/advisories/18108/

 --

[SA18107] Ubuntu update for xine-lib

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2005-12-19

Ubuntu has issued an update for xine-lib. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service) and potentially to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/18107/

 --

[SA18101] SUSE Updates for Multiple Packages

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting, Manipulation of data, DoS
Released:    2005-12-19

SUSE has issued updates for multiple packages. These fix various
vulnerabilities,  which can be exploited by malicious people to conduct
SQL injection, script insertion, and cross-site scripting attacks, and
to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/18101/

 --

[SA18087] xine-lib FFmpeg libavcodec Buffer Overflow Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2005-12-19

A vulnerability has been reported in xine-lib, which can be exploited
by malicious people to cause a DoS (Denial of Service) and potentially
to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/18087/

 --

[SA18082] HP-UX TCP/IP "Rose Attack" Denial of Service Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2005-12-16

A vulnerability has been reported in HP-UX, which can be exploited by
malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/18082/

 --

[SA18165] IBM HMC OpenSSL Vulnerabilities

Critical:    Less critical
Where:       From remote
Impact:      Security Bypass, Exposure of sensitive information
Released:    2005-12-20

IBM has acknowledged some vulnerabilities in IBM HMC, which can be
exploited by malicious, local users to gain knowledge of sensitive
information, and potentially by malicious people to bypass certain
security restrictions.

Full Advisory:
http://secunia.com/advisories/18165/

 --

[SA18151] Caravel CMS Cross-Site Scripting Vulnerabilities

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2005-12-20

r0t has reported some vulnerabilities in Caravel CMS, which can be
exploited by malicious people to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/18151/

 --

[SA18148] PlaySMS "err" Cross-Site Scripting Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2005-12-20

M.o.H.a.J.a.L.i has discovered a vulnerability in PlaySMS, which can be
exploited by malicious people to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/18148/

 --

[SA18146] UnixWare update for tcpdump

Critical:    Less critical
Where:       From remote
Impact:      DoS
Released:    2005-12-19

SCO has issued an update for tcpdump. This fixes some vulnerabilities,
which can be exploited by malicious people to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/18146/

 --

[SA18100] UnixWare update for gzip

Critical:    Less critical
Where:       From remote
Impact:      Security Bypass, Manipulation of data
Released:    2005-12-19

SCO has issued an update for gzip. This fixes a vulnerability, which
potentially can be exploited by malicious people to extract files to
arbitrary directories on a user's system.

Full Advisory:
http://secunia.com/advisories/18100/

 --

[SA18076] Webglimpse "ID" Cross-Site Scripting Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2005-12-19

r0t has reported a vulnerability in Webglimpse, which can be exploited
by malicious people to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/18076/

 --

[SA18075] Red Hat update perl

Critical:    Less critical
Where:       From remote
Impact:      Privilege escalation, DoS
Released:    2005-12-21

Red Hat has issued an update for perl. This fixes some vulnerabilities,
which can be exploited by malicious people to cause a Denial of Service,
and by malicious, local users to perform certain actions on a vulnerable
system with escalated privileges.

Full Advisory:
http://secunia.com/advisories/18075/

 --

[SA18071] ProjectForum Cross-Site Scripting Vulnerabilities

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2005-12-15

r0t has reported a vulnerability in ProjectForum, which can be
exploited by malicious people to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/18071/

 --

[SA18193] Red Hat update for udev

Critical:    Less critical
Where:       Local system
Impact:      Exposure of sensitive information
Released:    2005-12-21

Red Hat has issued an update for udev. This fixes a vulnerability,
which potentially can be exploited by malicious, local users to gain
access to potentially sensitive information.

Full Advisory:
http://secunia.com/advisories/18193/

 --

[SA18188] Red Hat update for curl

Critical:    Less critical
Where:       Local system
Impact:      Unknown
Released:    2005-12-21

Red Hat has issued an update for curl. This fixes a vulnerability with
an unknown impact.

Full Advisory:
http://secunia.com/advisories/18188/

 --

[SA18156] Mandriva update for sudo

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2005-12-21

Mandriva has issued an update for sudo. This fixes a vulnerability,
which can be exploited by malicious, local users to gain escalated
privileges.

Full Advisory:
http://secunia.com/advisories/18156/

 --

[SA18139] Fedora update for kdebase

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2005-12-19

Fedora has issued an update for kdebase. This fixes a vulnerability,
which potentially can be exploited by malicious, local users to gain
escalated privileges.

Full Advisory:
http://secunia.com/advisories/18139/

 --

[SA18105] Gentoo update for curl

Critical:    Less critical
Where:       Local system
Impact:      Unknown
Released:    2005-12-19

Gentoo has issued an update for curl. This fixes a vulnerability, which
has an unknown impact.

Full Advisory:
http://secunia.com/advisories/18105/

 --

[SA18102] Fedora update for sudo

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2005-12-19

Fedora has issued an updated for sudo. This fixes a vulnerability,
which can be exploited by malicious, local users to gain escalated
privileges.

Full Advisory:
http://secunia.com/advisories/18102/

 --

[SA18088] AIX Multiple Privilege Escalation Vulnerabilities

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2005-12-16

David Litchfield has reported some vulnerabilities in AIX, which can be
exploited by malicious, local users to gain escalated privileges.

Full Advisory:
http://secunia.com/advisories/18088/

 --

[SA18187] Red Hat update for perl

Critical:    Not critical
Where:       From remote
Impact:      DoS
Released:    2005-12-21

Red Hat has issued an update for perl. This fixes a vulnerability,
which can be exploited by malicious people to cause a Denial of
Service.

Full Advisory:
http://secunia.com/advisories/18187/

 --

[SA18183] SUSE update for perl

Critical:    Not critical
Where:       From remote
Impact:      DoS
Released:    2005-12-21

SUSE has issued an update for perl. This fixes a vulnerability, which
can be exploited by malicious people to cause a Denial of Service.

Full Advisory:
http://secunia.com/advisories/18183/

 --

[SA18172] Fedora update for fetchmail

Critical:    Not critical
Where:       From remote
Impact:      DoS
Released:    2005-12-21

Fedora has issued an update for fetchmail. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/18172/

 --

[SA18081] Gentoo update for centericq

Critical:    Not critical
Where:       From remote
Impact:      DoS
Released:    2005-12-20

Gentoo has issued an update for centericq. This fixes a weakness, which
can be exploited by malicious people to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/18081/


Other:--

[SA18179] ADTRAN NetVanta Products ISAKMP IKE Message Processing
Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Unknown, DoS
Released:    2005-12-21

Some vulnerabilities have been reported in ADTRAN NetVanta, which can
be exploited by malicious people to cause a DoS (Denial of Service),
and with an unknown impact.

Full Advisory:
http://secunia.com/advisories/18179/

 --

[SA18166] NEC UNIVERGE ISAKMP IKE Message Processing Denial of Service

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2005-12-21

Some vulnerabilities have been reported in NEC UNIVERGE
IX1000/IX2000/IX3000 series router, which can be exploited by malicious
people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/18166/

 --

[SA18138] Ingate Firewall and SIParator Denial of Service
Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2005-12-21

A vulnerability has been reported in Ingate Firewall and SIParator,
which potentially can be exploited by malicious people to cause a DoS
(Denial of Service).

Full Advisory:
http://secunia.com/advisories/18138/

 --

[SA18103] Cisco Clean Access Manager Obsolete JSP Files Vulnerability

Critical:    Less critical
Where:       From local network
Impact:      DoS
Released:    2005-12-22

Alex Lanstein has reported a vulnerability in Cisco CAM (Clean Access
Manager), which can be exploited by malicious people to cause a DoS
(Denial of Service).

Full Advisory:
http://secunia.com/advisories/18103/


Cross Platform:--

[SA18177] PhpGedView File Inclusion and PHP Code Injection
Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      Exposure of sensitive information, System access
Released:    2005-12-21

rgod has reported some vulnerabilities in PhpGedView, which can be
exploited by malicious people to disclose sensitive information and
compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/18177/

 --

[SA18131] Symantec AntiVirus RAR Archive Decompression Buffer Overflow

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2005-12-20

Alex Wheeler has reported a vulnerability in Symantec AntiVirus, which
potentially can be exploited by malicious people to compromise a
vulnerable system.

Full Advisory:
http://secunia.com/advisories/18131/

 --

[SA18092] IBM Java SDK JRE Sandbox Security Bypass Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2005-12-16

Some vulnerabilities have been reported in IBM Java SDK, which can be
exploited by malicious people to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/18092/

 --

[SA18077] Macromedia JRun Server Two Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      Exposure of sensitive information, DoS, System access
Released:    2005-12-16

Two vulnerabilities have been reported in Macromedia JRun Server, which
can be exploited by malicious people to disclose potentially sensitive
information and to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/18077/

 --

[SA18184] phpBB Chatspot Module Two Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Spoofing, Manipulation of data
Released:    2005-12-22

Two vulnerabilities have been reported in the Chatspot module for
phpBB, which potentially can be exploited by malicious people to
conduct spoofing and SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/18184/

 --

[SA18176] Blender "get_bhead()" Integer Overflow Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2005-12-21

Damian Put has reported a vulnerability in Blender, which can be
exploited by malicious people to cause a DoS (Denial of Service) or to
potentially compromise a user's system.

Full Advisory:
http://secunia.com/advisories/18176/

 --

[SA18173] Portfolio NetPublish "template" Disclosure of Sensitive
Information

Critical:    Moderately critical
Where:       From remote
Impact:      Exposure of sensitive information
Released:    2005-12-22

Information Risk Management Plc. has reported a vulnerability in
Portfolio NetPublish, which can be exploited by malicious people to
disclose sensitive information.

Full Advisory:
http://secunia.com/advisories/18173/

 --

[SA18154] Beehive Forum Script Insertion Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2005-12-22

trueend5 has discovered some vulnerabilities in Beehive Forum, which
can be exploited by malicious people to conduct script insertion
attacks.

Full Advisory:
http://secunia.com/advisories/18154/

 --

[SA18152] Papoo SQL Injection Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2005-12-22

r0t has reported some vulnerabilities in Papoo, which can be exploited
by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/18152/

 --

[SA18150] phpSlash "story_id" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2005-12-22

r0t has discovered a vulnerability in phpSlash, which can be exploited
by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/18150/

 --

[SA18149] Apple QuickTime / iTunes Memory Corruption Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Unknown, DoS
Released:    2005-12-21

Tom Ferris has discovered a vulnerability in Apple QuickTime / iTunes,
which can be exploited by malicious people to cause a DoS (Denial of
Service), and with an unknown impact.

Full Advisory:
http://secunia.com/advisories/18149/

 --

[SA18145] Community Enterprise Cross-Site Scripting and SQL Injection

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting, Manipulation of data, Exposure of
system information
Released:    2005-12-22

r0t has reported some vulnerabilities in Community Enterprise, which
can be exploited by malicious people to conduct cross-site scripting
and SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/18145/

 --

[SA18121] ODFaq SQL Injection Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2005-12-19

r0t has discovered two vulnerabilities in ODFaq, which can be exploited
by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/18121/

 --

[SA18120] Komodo CMS Cross-Site Scripting and SQL Injection
Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting, Manipulation of data
Released:    2005-12-19

r0t has reported two vulnerabilities in Komodo CMS, which can be
exploited by malicious people to conduct cross-site scripting and SQL
injection attacks.

Full Advisory:
http://secunia.com/advisories/18120/

 --

[SA18110] Miraserver SQL Injection Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2005-12-20

r0t has reported some vulnerabilities in Miraserver, which can be
exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/18110/

 --

[SA18099] Marwel "show" Potential SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2005-12-19

r0t has reported a vulnerability in Marwel, which potentially can be
exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/18099/

 --

[SA18094] AlmondSoft Products "id" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2005-12-16

r0t has reported a vulnerability in various AlmondSoft products, which
can be exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/18094/

 --

[SA18078] Macromedia ColdFusion Multiple Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass, Exposure of sensitive information
Released:    2005-12-16

Some vulnerabilities have been reported in Macromedia ColdFusion, which
can be exploited by malicious people to bypass certain security
restrictions, or by malicious, local users to disclose potentially
sensitive information and bypass certain security restrictions.

Full Advisory:
http://secunia.com/advisories/18078/

 --

[SA18069] Envolution Cross-Site Scripting and SQL Injection
Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data, Cross Site Scripting
Released:    2005-12-15

x1ng has discovered some vulnerabilities in Envolution, which can be
exploited by malicious people to conduct cross-site scripting and SQL
injection attacks.

Full Advisory:
http://secunia.com/advisories/18069/

 --

[SA18162] VMware NAT Networking Buffer Overflow Vulnerability

Critical:    Moderately critical
Where:       From local network
Impact:      System access
Released:    2005-12-21

Tim Shelton has reported a vulnerability in VMware, which potentially
can be exploited by malicious people to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/18162/

 --

[SA18196] RAMSite R|1 CMS "searchfield" Cross-Site Scripting
Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2005-12-22

r0t has reported a vulnerability in RAMSite R|1 CMS, which can be
exploited by malicious people to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/18196/

 --

[SA18195] Redakto WCMS Cross-Site Scripting Vulnerabilities

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2005-12-22

r0t has reported some vulnerabilities in Redakto WCMS, which can be
exploited by malicious people to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/18195/

 --

[SA18182] Scoop Cross-Site Scripting Vulnerabilities

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2005-12-22

r0t has reported some vulnerabilities in Scoop, which can be exploited
by malicious people to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/18182/

 --

[SA18168] OpenEdit Cross-Site Scripting Vulnerabilities

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2005-12-22

r0t has reported two vulnerabilities in OpenEdit, which can be
exploited by malicious people to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/18168/

 --

[SA18144] contenite "id" Cross-Site Scripting Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2005-12-20

r0t has reported a vulnerability in contenite, which can be exploited
by malicious people to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/18144/

 --

[SA18143] CONTENS "near" Cross-Site Scripting Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting, Exposure of system information
Released:    2005-12-20

r0t has reported a vulnerability in CONTENS, which can be exploited by
malicious people to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/18143/

 --

[SA18137] Metadot Portal Server "Group.pm" Privilege Escalation
Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Privilege escalation
Released:    2005-12-21

Gerry Chng and Claudean Zheng have reported a vulnerability in Metadot
Portal Server, which can be exploited by malicious users to gain
escalated privileges.

Full Advisory:
http://secunia.com/advisories/18137/

 --

[SA18132] ASPBite "strSearch" Cross-Site Scripting Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2005-12-20

Preddy has reported a vulnerability in ASPBite, which can be exploited
by malicious people to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/18132/

 --

[SA18130] Esselbach Storyteller CMS System "query" Cross-Site
Scripting

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2005-12-19

r0t has reported a vulnerability in Esselbach Storyteller CMS System,
which can be exploited by malicious people to conduct cross-site
scripting attacks.

Full Advisory:
http://secunia.com/advisories/18130/

 --

[SA18128] FLIP "name" Cross-Site Scripting Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2005-12-19

r0t has reported a vulnerability in FLIP, which can be exploited by
malicious people to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/18128/

 --

[SA18126] Hot Banana Web Content Management Suite Cross-Site Scripting

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2005-12-19

r0t has reported a vulnerability in Hot Banana Web Content Management
Suite, which can be exploited by malicious people to conduct cross-site
scripting attacks.

Full Advisory:
http://secunia.com/advisories/18126/

 --

[SA18125] phpBB "Allow HTML" Script Insertion Security Issue

Critical:    Less critical
Where:       From remote
Impact:      Exposure of system information, Cross Site Scripting
Released:    2005-12-19

Maksymilian Arciemowicz has discovered a security issue in phpBB, which
can be exploited by malicious people to conduct script insertion
attacks.

Full Advisory:
http://secunia.com/advisories/18125/

 --

[SA18122] AbleDesign ReSearch Cross-Site Scripting Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2005-12-20

$um$id has reported a vulnerability in AbleDesign ReSearch, which can
be exploited by malicious people to conduct cross-site scripting
attacks.

Full Advisory:
http://secunia.com/advisories/18122/

 --

[SA18117] Libertas ECMS "page_search" Cross-Site Scripting
Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2005-12-19

r0t has reported a vulnerability in Libertas ECMS, which can be
exploited by malicious people to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/18117/

 --

[SA18116] Liferay Portal Enterprise Cross-Site Scripting
Vulnerabilities

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2005-12-19

r0t has reported some vulnerabilities in Liferay Portal Enterprise,
which can be exploited by malicious people to conduct cross-site
scripting attacks.

Full Advisory:
http://secunia.com/advisories/18116/

 --

[SA18114] Lutece "query" Cross-Site Scripting Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2005-12-19

r0t has reported a vulnerability in Lutece, which can be exploited by
malicious people to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/18114/

 --

[SA18113] phpMyAdmin Cross-Site Request Forgery Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Hijacking, Manipulation of data
Released:    2005-12-19

lwang has discovered a vulnerability in phpMyAdmin, which can be
exploited by malicious people to conduct cross-site request forgery
attacks.

Full Advisory:
http://secunia.com/advisories/18113/

 --

[SA18112] Cerberus Helpdesk Cross-Site Scripting and SQL Injection
Vulnerabilities

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting, Manipulation of data
Released:    2005-12-20

Alejandro Ramos has reported some vulnerabilities in Cerberus Helpdesk,
which can be exploited by malicious users to conduct SQL injection
attacks and by malicious people to conduct cross-site scripting
attacks.

Full Advisory:
http://secunia.com/advisories/18112/

 --

[SA18104] Magnolia Search Feature "query" Cross-Site Scripting
Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2005-12-19

r0t has reported a vulnerability in Magnolia, which can be exploited by
malicious people to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/18104/

 --

[SA18096] AtlantForum Cross-Site Scripting Vulnerabilities

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2005-12-16

r0t has reported some vulnerabilities in AtlantForum, which can be
exploited by malicious people to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/18096/

 --

[SA18095] Atlant Pro Cross-Site Scripting Vulnerabilities

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2005-12-16

r0t has reported two vulnerabilities in Atlant Pro, which can be
exploited by malicious people to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/18095/

 --

[SA18093] DCForum+ Cross-Site Scripting Vulnerabilities

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2005-12-16

r0t has reported two vulnerabilities in DCForum+, which can be
exploited by malicious people to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/18093/

 --

[SA18091] bbBoard "keys" Cross-Site Scripting Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2005-12-16

r0t has reported a vulnerability in bbBoard, which can be exploited by
malicious people to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/18091/

 --

[SA18090] SiteNet BBS Cross-Site Scripting Vulnerabilities

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2005-12-16

r0t has reported some vulnerabilities in SiteNet BBS, which can be
exploited by malicious people to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/18090/

 --

[SA18086] myEZshop Shopping Cart Cross-Site Scripting and SQL
Injection

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting, Manipulation of data
Released:    2005-12-20

$um$id has reported some vulnerabilities in myEZshop Shopping Cart,
which can be exploited by malicious users to conduct SQL injection
attacks and by malicious people to conduct cross-site scripting
attacks.

Full Advisory:
http://secunia.com/advisories/18086/

 --

[SA18084] ScareCrow Cross-Site Scripting Vulnerabilities

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2005-12-16

r0t has reported some vulnerabilities in ScareCrow, which can be
exploited by malicious people to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/18084/

 --

[SA18080] phpXplorer "address bar" Cross-Site Scripting Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2005-12-16

r0t has reported a vulnerability in phpXplorer, which can be exploited
by malicious people to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/18080/

 --

[SA18074] AbleDesign D-Man "title" Cross-Site Scripting Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2005-12-20

$um$id has reported a vulnerability in AbleDesign D-Man, which can be
exploited by malicious people to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/18074/

 --

[SA18072] Red Queen Full Path Disclosure Weakness

Critical:    Not critical
Where:       From remote
Impact:      Exposure of system information
Released:    2005-12-19

r0t has reported a weakness in Red Queen, which can be exploited by
malicious people to disclose system information.

Full Advisory:
http://secunia.com/advisories/18072/



========================================================================

Secunia recommends that you verify all advisories you receive,
by clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only use
those supplied by the vendor.

Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/

Subscribe:
http://secunia.com/secunia_weekly_summary/

Contact details:
Web	: http://secunia.com/
E-mail	: support at secunia.com
Tel	: +45 70 20 51 44
Fax	: +45 70 20 51 45






More information about the ISN mailing list