[ISN] Secunia Weekly Summary - Issue: 2006-14

InfoSec News isn at c4i.org
Fri Apr 7 01:32:39 EDT 2006


========================================================================

                  The Secunia Weekly Advisory Summary                  
                        2006-03-30 - 2006-04-06                        

                       This week : 65 advisories                       

========================================================================
Table of Contents:

1.....................................................Word From Secunia
2....................................................This Week In Brief
3...............................This Weeks Top Ten Most Read Advisories
4.......................................Vulnerabilities Summary Listing
5.......................................Vulnerabilities Content Listing

========================================================================
1) Word From Secunia:

The Secunia staff is spending hours every day to assure you the best
and most reliable source for vulnerability information. Every single 
vulnerability report is being validated and verified before a Secunia
advisory is written.

Secunia validates and verifies vulnerability reports in many different
ways e.g. by downloading the software and performing comprehensive
tests, by reviewing source code, or by validating the credibility of
the source from which the vulnerability report was issued.

As a result, Secunia's database is the most correct and complete source
for recent vulnerability information available on the Internet.

Secunia Online Vulnerability Database:
http://secunia.com/

========================================================================
2) This Week in Brief:

Hai Nam Luke has discovered a vulnerability in Internet Explorer,
which can be exploited by malicious people to conduct phishing attacks.

The vulnerability can be exploited to spoof the address bar in a
browser window showing web content from a malicious web site.

Secunia has constructed a test, which can be used to check if your
browser is affected by this issue:
http://secunia.com/Internet_Explorer_Address_Bar_Spoofing_Vulnerability_Test/?s

Reference:
http://secunia.com/SA19521

  -- 

A vulnerability has been reported in McAfee WebShield SMTP, which can
be exploited by malicious people to compromise a vulnerable system.

Additional information is available in the referenced Secunia advisory
below.

Reference:
http://secunia.com/SA19491


VIRUS ALERTS:

Secunia has not issued any virus alerts during the week.

========================================================================
3) This Weeks Top Ten Most Read Advisories:

1.  [SA18680] Microsoft Internet Explorer "createTextRange()" Code
              Execution
2.  [SA19118] AVG Anti-Virus Updated Files Insecure File Permissions
3.  [SA19521] Internet Explorer Window Loading Race Condition Address
              Bar Spoofing
4.  [SA19491] McAfee WebShield SMTP Format String Vulnerability
5.  [SA19451] McAfee VirusScan DUNZIP32.dll Buffer Overflow
              Vulnerability
6.  [SA19461] Claroline Multiple Vulnerabilities
7.  [SA19455] Samba Exposure of Machine Account Credentials
8.  [SA19469] Dia XFig Import Plugin Buffer Overflow Vulnerabilities
9.  [SA18963] Mac OS X File Association Meta Data Shell Script
              Execution
10. [SA19218] Flash Player Unspecified Code Execution Vulnerabilities

========================================================================
4) Vulnerabilities Summary Listing

Windows:
[SA19491] McAfee WebShield SMTP Format String Vulnerability
[SA19521] Internet Explorer Window Loading Race Condition Address Bar
Spoofing
[SA19513] Ultr at VNC Buffer Overflow Vulnerabilities
[SA19500] SiteMan "txtpassword" SQL Injection Vulnerability
[SA19535] SynchronEyes Denial of Service Vulnerabilities
[SA19529] HP Color LaserJet 2500/4600 Toolbox Disclosure of Sensitive
Information

UNIX/Linux:
[SA19540] Debian update for kaffeine
[SA19533] SGI IRIX update for sendmail
[SA19532] SGI Advanced Linux Environment Multiple Updates
[SA19528] Gentoo update for horde
[SA19525] Kaffeine Player "http_peek()" Function Buffer Overflow
[SA19509] X-Doom Denial of Service and Buffer Overflow Vulnerabilities
[SA19504] SUSE Updates for Multiple Packages
[SA19485] Horde Help Viewer Unspecified Code Execution Vulnerability
[SA19478] Crafty Syntax Image Gallery Multiple Vulnerabilities
[SA19522] Ubuntu update for mailman
[SA19517] Gentoo update for mediawiki
[SA19507] Ubuntu update for dia
[SA19505] Mandriva update for dia
[SA19472] XFIT/S File Transfer Denial of Service Vulnerability
[SA19469] Dia XFig Import Plugin Buffer Overflow Vulnerabilities
[SA19499] Mandriva update for php
[SA19527] Gentoo update for freeradius
[SA19518] Red Hat update for freeradius
[SA19497] Mandriva update for freeradius
[SA19539] Trustix update for samba
[SA19502] Mandriva update for MySQL
[SA19489] Debian update for storebackup
[SA19468] Fedora update for samba
[SA19490] HP-UX passwd Unspecified Denial of Service Vulnerability
[SA19477] BusyBox MD5 Password Hash Generation Weakness

Other:


Cross Platform:
[SA19524] Virtual War "vwar_root" File Inclusion Vulnerabilities
[SA19515] Doomsday Format String Vulnerabilities
[SA19514] Barracuda Spam Firewall Archives Buffer Overflow
Vulnerabilities
[SA19501] PHPNuke-Clan "vwar_root" File Inclusion Vulnerability
[SA19498] Exponent CMS Unspecified PHP Code Injection Vulnerabilities
[SA19496] Zdaemon Denial of Service and Buffer Overflow
Vulnerabilities
[SA19482] SQuery "libpath" Multiple File Inclusion Vulnerabilities
[SA19541] CzarNews Script Insertion and SQL Injection Vulnerabilities
[SA19538] wpBlog "postid" SQL Injection Vulnerability
[SA19530] MD News "id" SQL Injection Vulnerability
[SA19526] N.T. Multiple Vulnerabilities
[SA19523] Softbiz Image Gallery Script Multiple Vulnerabilities
[SA19516] MyBB "email" BBcode Script Insertion Vulnerability
[SA19512] gtd-php Cross-Site Scripting and Script Insertion
Vulnerabilities
[SA19510] Basic Analysis and Security Engine Authentication Bypass
[SA19508] MediaWiki Encoded Links Script Insertion Vulnerability
[SA19503] MonAlbum Multiple SQL Injection Vulnerabilities
[SA19493] Struts Multiple Vulnerabilities
[SA19488] Interact Multiple Vulnerabilities and Weakness
[SA19487] aWebNews Multiple Vulnerabilities
[SA19486] aWebBB Multiple Vulnerabilities
[SA19481] Oxygen "fid" SQL Injection Vulnerability
[SA19479] QLnews Multiple Vulnerabilities
[SA19476] qliteNews "loginprocess.php" SQL Injection Vulnerability
[SA19475] RedCMS SQL Injection and Script Insertion Vulnerabilities
[SA19470] ReloadCMS Statistics Script Insertion Vulnerability
[SA19520] Blank'N'Berg Directory Traversal and Cross-Site Scripting
[SA19511] KGB Archiver Directory Traversal Vulnerability
[SA19506] WebAPP Cross-Site Scripting Vulnerabilities
[SA19494] phpBB "cur_password" Cross-Site Scripting Vulnerability
[SA19492] Bugzero Cross-Site Scripting Vulnerabilities
[SA19483] Groupmax World Wide Web Cross-Site Scripting Vulnerability
[SA19474] Esqlanelapse Unspecified Cross-Site Scripting Vulnerability
[SA19471] Mantis Cross-Site Scripting Vulnerabilities

========================================================================
5) Vulnerabilities Content Listing

Windows:--

[SA19491] McAfee WebShield SMTP Format String Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2006-04-04

Ollie Whitehouse has reported a vulnerability in McAfee WebShield SMTP,
which can be exploited by malicious people to compromise a vulnerable
system.

Full Advisory:
http://secunia.com/advisories/19491/

 --

[SA19521] Internet Explorer Window Loading Race Condition Address Bar
Spoofing

Critical:    Moderately critical
Where:       From remote
Impact:      Spoofing
Released:    2006-04-04

Hai Nam Luke has discovered a vulnerability in Internet Explorer, which
can be exploited by malicious people to conduct phishing attacks.

Full Advisory:
http://secunia.com/advisories/19521/

 --

[SA19513] Ultr at VNC Buffer Overflow Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2006-04-05

Luigi Auriemma has reported two vulnerabilities in Ultr at VNC, which can
be exploited by malicious people to cause a DoS (Denial of Service) and
potentially compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/19513/

 --

[SA19500] SiteMan "txtpassword" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2006-04-03

S3rv3r_hack3r has reported a vulnerability in SiteMan, which can be
exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/19500/

 --

[SA19535] SynchronEyes Denial of Service Vulnerabilities

Critical:    Less critical
Where:       From local network
Impact:      DoS
Released:    2006-04-05

Dennis Elser has reported two vulnerabilities in SynchronEyes, which
can be exploited by malicious people to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/19535/

 --

[SA19529] HP Color LaserJet 2500/4600 Toolbox Disclosure of Sensitive
Information

Critical:    Less critical
Where:       From local network
Impact:      Exposure of sensitive information
Released:    2006-04-05

Richard Horsman has reported a vulnerability in the HP Color LaserJet
2500 Toolbox and HP Color LaserJet 4600 Toolbox software, which can be
exploited by malicious people to disclose sensitive information.

Full Advisory:
http://secunia.com/advisories/19529/


UNIX/Linux:--

[SA19540] Debian update for kaffeine

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2006-04-05

Debian has issued an update for kaffeine. This fixes a vulnerability,
which potentially can be exploited by malicious people to compromise a
user's system.

Full Advisory:
http://secunia.com/advisories/19540/

 --

[SA19533] SGI IRIX update for sendmail

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2006-04-05

SGI has issued an update for sendmail. This fixes a vulnerability,
which can be exploited by malicious people to compromise a vulnerable
system.

Full Advisory:
http://secunia.com/advisories/19533/

 --

[SA19532] SGI Advanced Linux Environment Multiple Updates

Critical:    Highly critical
Where:       From remote
Impact:      Security Bypass, Exposure of system information, Privilege
escalation, DoS, System access
Released:    2006-04-05

SGI has issued a patch for SGI Advanced Linux Environment. This fixes
some vulnerabilities and a security issue, which can be exploited by
malicious, local users to gain escalated privileges and read arbitrary
cron files, and by malicious people to bypass certain security
restrictions, potentially cause a DoS (Denial of Service), and
compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/19532/

 --

[SA19528] Gentoo update for horde

Critical:    Highly critical
Where:       From remote
Impact:      Exposure of sensitive information, System access
Released:    2006-04-05

Gentoo has issued an update for horde. This fixes some vulnerabilities,
which can be exploited by malicious people to disclose sensitive
information or compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/19528/

 --

[SA19525] Kaffeine Player "http_peek()" Function Buffer Overflow

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2006-04-04

A vulnerability has been reported in Kaffeine Player, which potentially
can be exploited by malicious people to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/19525/

 --

[SA19509] X-Doom Denial of Service and Buffer Overflow Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2006-04-03

Luigi Auriemma has reported two vulnerabilities in X-Doom, which can be
exploited by malicious people to cause a DoS (Denial of Service) and
potentially compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/19509/

 --

[SA19504] SUSE Updates for Multiple Packages

Critical:    Highly critical
Where:       From remote
Impact:      Cross Site Scripting, System access
Released:    2006-04-03

SUSE has issued updates for multiple packages. These fix some
vulnerabilities, which can be exploited by malicious people to conduct
cross-site scripting attacks and to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/19504/

 --

[SA19485] Horde Help Viewer Unspecified Code Execution Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2006-04-03

A vulnerability has been reported in Horde, which can be exploited by
malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/19485/

 --

[SA19478] Crafty Syntax Image Gallery Multiple Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      Manipulation of data, System access
Released:    2006-04-05

r0t has discovered some vulnerabilities in Crafty Syntax Image Gallery,
which can be exploited by malicious users to compromise a vulnerable
system and by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/19478/

 --

[SA19522] Ubuntu update for mailman

Critical:    Moderately critical
Where:       From remote
Impact:      Exposure of sensitive information, DoS
Released:    2006-04-04

Ubuntu has issued an update for mailman. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/19522/

 --

[SA19517] Gentoo update for mediawiki

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2006-04-04

Gentoo has issued an update for mediawiki. This fixes a vulnerability,
which can be exploited by malicious people to conduct script insertion
attacks.

Full Advisory:
http://secunia.com/advisories/19517/

 --

[SA19507] Ubuntu update for dia

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2006-04-03

Ubuntu has issued an update for dia. This fixes some vulnerabilities,
which potentially can be exploited by malicious people to compromise a
user's system.

Full Advisory:
http://secunia.com/advisories/19507/

 --

[SA19505] Mandriva update for dia

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2006-04-04

Mandriva has issued an update for dia. This fixes some vulnerabilities,
which potentially can be exploited by malicious people to compromise a
user's system.

Full Advisory:
http://secunia.com/advisories/19505/

 --

[SA19472] XFIT/S File Transfer Denial of Service Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2006-03-31

A vulnerability has been reported in XFIT/S, which can be exploited by
malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/19472/

 --

[SA19469] Dia XFig Import Plugin Buffer Overflow Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2006-03-31

Some vulnerabilities have been reported in Dia, which potentially can
be exploited by malicious people to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/19469/

 --

[SA19499] Mandriva update for php

Critical:    Less critical
Where:       From remote
Impact:      Exposure of sensitive information
Released:    2006-04-04

Mandriva has issued an update for php. This fixes a vulnerability,
which can be exploited by malicious people to gain knowledge of
potentially sensitive information.

Full Advisory:
http://secunia.com/advisories/19499/

 --

[SA19527] Gentoo update for freeradius

Critical:    Less critical
Where:       From local network
Impact:      Security Bypass, DoS
Released:    2006-04-05

Gentoo has issued an update for freeradius. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service) and bypass certain security restrictions.

Full Advisory:
http://secunia.com/advisories/19527/

 --

[SA19518] Red Hat update for freeradius

Critical:    Less critical
Where:       From local network
Impact:      Security Bypass, Exposure of sensitive information, DoS
Released:    2006-04-04

Red Hat has issued an update for freeradius. This fixes some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service), to bypass certain security restrictions, and
potentially to disclose certain sensitive information.

Full Advisory:
http://secunia.com/advisories/19518/

 --

[SA19497] Mandriva update for freeradius

Critical:    Less critical
Where:       From local network
Impact:      DoS
Released:    2006-04-06

Mandriva has issued an update for freeradius. This fixes some
vulnerabilities, which potentially can be exploited by malicious people
to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/19497/

 --

[SA19539] Trustix update for samba

Critical:    Less critical
Where:       Local system
Impact:      Exposure of sensitive information
Released:    2006-04-05

Trustix has issued an update for samba. This fixes a security issue,
which can be exploited by malicious, local users to gain knowledge of
sensitive information.

Full Advisory:
http://secunia.com/advisories/19539/

 --

[SA19502] Mandriva update for MySQL

Critical:    Less critical
Where:       Local system
Impact:      Security Bypass
Released:    2006-04-04

Mandriva has issued an update for MySQL. This fixes a security issue,
which can be exploited by malicious users to bypass certain security
restrictions.

Full Advisory:
http://secunia.com/advisories/19502/

 --

[SA19489] Debian update for storebackup

Critical:    Less critical
Where:       Local system
Impact:      Exposure of sensitive information, Privilege escalation
Released:    2006-04-04

Debian has issued an update for storebackup. This fixes a vulnerability
and a security issue, which potentially can be exploited by malicious,
local users to gain access to sensitive information or perform certain
actions on a vulnerable system with escalated privileges.

Full Advisory:
http://secunia.com/advisories/19489/

 --

[SA19468] Fedora update for samba

Critical:    Less critical
Where:       Local system
Impact:      Exposure of sensitive information
Released:    2006-03-31

Fedora has issued an update for samba. This fixes a security issue,
which can be exploited by malicious, local users to gain knowledge of
sensitive information.

Full Advisory:
http://secunia.com/advisories/19468/

 --

[SA19490] HP-UX passwd Unspecified Denial of Service Vulnerability

Critical:    Not critical
Where:       Local system
Impact:      DoS
Released:    2006-04-03

A vulnerability has been reported in HP-UX, which can be exploited by
malicious, local users to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/19490/

 --

[SA19477] BusyBox MD5 Password Hash Generation Weakness

Critical:    Not critical
Where:       Local system
Impact:      Security Bypass
Released:    2006-03-31

taviso has reported a weakness in Busybox, which potentially can be
exploited by malicious, local users to bypass certain security
restrictions.

Full Advisory:
http://secunia.com/advisories/19477/


Other:


Cross Platform:--

[SA19524] Virtual War "vwar_root" File Inclusion Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2006-04-04

Some vulnerabilities have been discovered in Virtual War, which can be
exploited by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/19524/

 --

[SA19515] Doomsday Format String Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2006-04-04

Luigi Auriemma has reported two vulnerabilities in Doomsday, which can
be exploited by malicious people to cause a DoS (Denial of Service) and
potentially compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/19515/

 --

[SA19514] Barracuda Spam Firewall Archives Buffer Overflow
Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2006-04-04

Jean-Sébastien Guay-Leroux has reported two vulnerabilities in
Barracuda Spam Firewall, which can be exploited by malicious people to
compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/19514/

 --

[SA19501] PHPNuke-Clan "vwar_root" File Inclusion Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2006-04-03

uid0 has discovered a vulnerability in PHPNuke-Clan, which can be
exploited by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/19501/

 --

[SA19498] Exponent CMS Unspecified PHP Code Injection Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      Unknown, System access
Released:    2006-04-03

Two vulnerabilities have been reported in Exponent CMS, which
potentially can be exploited by malicious people to compromise a
vulnerable system.

Full Advisory:
http://secunia.com/advisories/19498/

 --

[SA19496] Zdaemon Denial of Service and Buffer Overflow
Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2006-04-03

Luigi Auriemma has reported two vulnerabilities in Zdaemon, which can
be exploited by malicious people to cause a DoS (Denial of Service) and
potentially compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/19496/

 --

[SA19482] SQuery "libpath" Multiple File Inclusion Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2006-04-03

uid0 has discovered some vulnerabilities in SQuery, which can be
exploited by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/19482/

 --

[SA19541] CzarNews Script Insertion and SQL Injection Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass, Cross Site Scripting, Manipulation of
data
Released:    2006-04-05

Aliaksandr Hartsuyeu has reported some vulnerabilities in CzarNews,
which can be exploited by malicious people to conduct script insertion
and SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/19541/

 --

[SA19538] wpBlog "postid" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2006-04-05

Aliaksandr Hartsuyeu has reported a vulnerability in wpBlog, which can
be exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/19538/

 --

[SA19530] MD News "id" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2006-04-06

Aliaksandr Hartsuyeu has discovered a vulnerability in MD News, which
can be exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/19530/

 --

[SA19526] N.T. Multiple Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting, System access
Released:    2006-04-05

Aliaksandr Hartsuyeu has discovered some vulnerabilities in N.T., which
can be exploited by malicious people to conduct script insertion attacks
and by malicious users to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/19526/

 --

[SA19523] Softbiz Image Gallery Script Multiple Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting, Manipulation of data
Released:    2006-04-04

Some vulnerabilities have been reported in Softbiz Image Gallery
Script, which can be exploited by malicious people to conduct
cross-site scripting and SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/19523/

 --

[SA19516] MyBB "email" BBcode Script Insertion Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2006-04-04

Devil-00 has discovered a vulnerability in MyBB, which can be exploited
by malicious people to conduct script insertion attacks.

Full Advisory:
http://secunia.com/advisories/19516/

 --

[SA19512] gtd-php Cross-Site Scripting and Script Insertion
Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2006-04-03

Jericho has discovered some vulnerabilities in gtd-php, which can be
exploited by malicious people to conduct cross-site scripting and
script insertion attacks.

Full Advisory:
http://secunia.com/advisories/19512/

 --

[SA19510] Basic Analysis and Security Engine Authentication Bypass

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass
Released:    2006-04-03

A vulnerability has been reported in Basic Analysis and Security
Engine, which potentially can be exploited by malicious people to
bypass certain security restrictions.

Full Advisory:
http://secunia.com/advisories/19510/

 --

[SA19508] MediaWiki Encoded Links Script Insertion Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2006-04-03

A vulnerability has been reported in MediaWiki, which can be exploited
by malicious people to conduct script insertion attacks.

Full Advisory:
http://secunia.com/advisories/19508/

 --

[SA19503] MonAlbum Multiple SQL Injection Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2006-04-03

undefined1 has discovered some vulnerabilities in MonAlbum, which can
be exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/19503/

 --

[SA19493] Struts Multiple Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass, Cross Site Scripting, DoS
Released:    2006-04-03

Some vulnerabilities have been reported in Struts, which can be
exploited by malicious people to conduct cross-site scripting attacks,
cause a DoS (Denial of Service), or bypass certain security
restrictions.

Full Advisory:
http://secunia.com/advisories/19493/

 --

[SA19488] Interact Multiple Vulnerabilities and Weakness

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting, Manipulation of data, Exposure of
system information
Released:    2006-04-05

Pratiksha Doshi has discovered some vulnerabilities and a weakness in
Interact, which can be exploited by malicious people to gain knowledge
of certain information, and conduct cross-site scripting and SQL
injection attacks.

Full Advisory:
http://secunia.com/advisories/19488/

 --

[SA19487] aWebNews Multiple Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting, Manipulation of data
Released:    2006-04-03

Aliaksandr Hartsuyeu has discovered some vulnerabilities in aWebNews,
which can be exploited by malicious people to conduct script insertion
and SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/19487/

 --

[SA19486] aWebBB Multiple Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting, Manipulation of data
Released:    2006-04-03

Aliaksandr Hartsuyeu has discovered some vulnerabilities in aWebBB,
which can be exploited by malicious people to conduct script insertion
and SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/19486/

 --

[SA19481] Oxygen "fid" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2006-03-31

DaBDouB-MoSiKaR has discovered a vulnerability in Oxygen, which can be
exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/19481/

 --

[SA19479] QLnews Multiple Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting, System access
Released:    2006-03-31

Aliaksandr Hartsuyeu has discovered multiple vulnerabilities in QLnews,
which can be exploited by malicious users to compromise a vulnerable
system or by malicious people to conduct script insertion attacks.

Full Advisory:
http://secunia.com/advisories/19479/

 --

[SA19476] qliteNews "loginprocess.php" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2006-03-31

Aliaksandr Hartsuyeu has discovered a vulnerability in qliteNews, which
can be exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/19476/

 --

[SA19475] RedCMS SQL Injection and Script Insertion Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting, Manipulation of data
Released:    2006-03-31

Aliaksandr Hartsuyeu has discovered some vulnerabilities in RedCMS,
which can be exploited by malicious people to conduct SQL injection and
script insertion attacks.

Full Advisory:
http://secunia.com/advisories/19475/

 --

[SA19470] ReloadCMS Statistics Script Insertion Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2006-04-03

rgod has discovered a vulnerability in ReloadCMS, which can be
exploited by malicious people to conduct script insertion attacks.

Full Advisory:
http://secunia.com/advisories/19470/

 --

[SA19520] Blank'N'Berg Directory Traversal and Cross-Site Scripting

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting, Exposure of system information
Released:    2006-04-04

Amine ABOUD has discovered a vulnerability and a weakness in
Blank'N'Berg, which can be exploited by malicious people to disclose
system information and conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/19520/

 --

[SA19511] KGB Archiver Directory Traversal Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      System access
Released:    2006-04-03

A vulnerability has been reported in KGB Archiver, which potentially
can be exploited by malicious people to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/19511/

 --

[SA19506] WebAPP Cross-Site Scripting Vulnerabilities

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2006-04-03

r0t has discovered some vulnerabilities in WebAPP, which can be
exploited by malicious people to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/19506/

 --

[SA19494] phpBB "cur_password" Cross-Site Scripting Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2006-04-03

Preddy has discovered a vulnerability in phpBB, which can be exploited
by malicious people to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/19494/

 --

[SA19492] Bugzero Cross-Site Scripting Vulnerabilities

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2006-04-03

Some vulnerabilities have been discovered in Bugzero, which can be
exploited by malicious people to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/19492/

 --

[SA19483] Groupmax World Wide Web Cross-Site Scripting Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2006-03-31

A vulnerability has been reported in Groupmax World Wide Web, which can
be exploited by malicious people to conduct cross-site scripting
attacks

Full Advisory:
http://secunia.com/advisories/19483/

 --

[SA19474] Esqlanelapse Unspecified Cross-Site Scripting Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2006-03-31

A vulnerability has been reported in Esqlanelapse, which can be
exploited by malicious people to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/19474/

 --

[SA19471] Mantis Cross-Site Scripting Vulnerabilities

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2006-03-31

r0t has discovered some vulnerabilities in Mantis, which can be
exploited by malicious people to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/19471/



========================================================================

Secunia recommends that you verify all advisories you receive,
by clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only use
those supplied by the vendor.

Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/

Subscribe:
http://secunia.com/secunia_weekly_summary/

Contact details:
Web	: http://secunia.com/
E-mail	: support at secunia.com
Tel	: +45 70 20 51 44
Fax	: +45 70 20 51 45





More information about the ISN mailing list