Internet Security Report 090207

Internet Security Report 090207

1. Microsoft Word Malformed Object Code Execution
       Vulnerability
2. Skype URL Handling File Disclosure Vulnerability
3. RealVNC Password Authentication Bypass Vulnerability
4. Internet Explorer "object" Tag Memory Corruption
       Vulnerability
5. Firefox Exception Handling Full Path Disclosure Weakness
6. Internet Explorer Window Loading Race Condition Address
       Bar Spoofing
7. Internet Explorer "mhtml:" Redirection Disclosure of
       Sensitive Information
8. Solaris in.ftpd Directory Access Restriction Bypass
       Vulnerability
9. Microsoft Internet Explorer "createTextRange()" Code
       Execution
10. Invision Power Board Multiple Vulnerabilities

IT Security Summary Listing

Windows:
PDF Form Filling and Flattening Tool Field Name Buffer
Overflow
Zix Forum "layid" SQL Injection Vulnerability
Fujitsu MyWeb Products SQL Injection Vulnerability
IntelliTamper Site Map File Buffer Overflow Vulnerability
CodeAvalanche News "password" SQL Injection Vulnerability
FrontRange iHEAT Host System Access Vulnerability
BitZipper Multiple Archive Directory Traversal Vulnerability
aspbb Cross-Site Scripting Vulnerabilities
Cisco VPN Client Privilege Escalation Vulnerability
Novell Client Clipboard Content Handling Weakness

UNIX/Linux:
Debian update for mpg123
Debian update for nagios
UnixWare update for Sendmail
mpg123 "III_i_stereo()" Function Buffer Overflow
Vulnerability
HP-UX Motif Applications libXpm Image Decoding
Vulnerabilities
SUSE Updates for Multiple Packages
HP Tru64 UNIX Firefox/Mozilla Application Suite
Vulnerability
SGI Advanced Linux Environment Multiple Updates
Debian update for phpgroupware
Ubuntu update for awstats
Debian update for awstats
Tor Weakness and Multiple Vulnerabilities
Publicist SQL Injection and Script Insertion Vulnerabilities
Ubuntu update for dia
Perlpodder Shell Command Injection Vulnerability
Red Hat update for kernel
Red Hat update for postgresql
Red Hat update for php
HP-UX BIND4 DNS Cache Poisoning Vulnerability
Prodder Podcast Feed Shell Command Injection Vulnerability
Debian update for kernel-source-2.4.18
Dia Multiple Format String Vulnerabilities
Debian update for cscope
GNU Binutils libbfd TekHex Record Handling Vulnerability
Linux Kernel Netfilter Weakness and Two SCTP Vulnerabilities
Debian update for kernel-source-2.4.19
Debian update for kernel-source-2.4.16
Mandriva update for php
Debian update for popfile
Debian update for phpbb2
Solaris in.ftpd Directory Access Restriction Bypass
Vulnerability
Apple Xcode WebObjects Plugin Access Control Vulnerability
Mandriva update for hostapd
Debian update for mysql
Debian update for mysql-dfsg
Linux Kernel SNMP NAT Helper Denial of Service
Trustix update for mysql
Debian update for quagga
Debian update for hostapd
Mandriva update for kernel
HP-UX Software Distributor Privilege Escalation
Vulnerability
XScreenSaver Insecure Temporary File Creation Vulnerability
Debian update for kernel-patch-vserver
SAP sapdba Command Insecure Environment Variable Handling
Debian update for fbi
HP-UX Kernel Denial of Service Vulnerability

Other:
Sitecom WL-153 UPnP Shell Command Injection Vulnerability
Edimax BR-6104K UPnP Shell Command Injection Vulnerability
ZyXEL P-335WT UPnP Port Mapping Vulnerability

Cross Platform:
RWiki Script Insertion and Ruby Code Injection
Vulnerabilities
Docebo Multiple File Inclusion Vulnerabilities
DSChat Script Insertion and PHP Code Execution
Vulnerabilities
PunkBuster WebTool Buffer Overflow Vulnerability
PHP Easy Galerie "includepath" Parameter File Inclusion
Vulnerability
UBB.threads "thispath" Parameter File Inclusion
Vulnerability
Russcom.Ping "domain" Shell Command Injection Vulnerability
Nucleus "GLOBALS[DIR_LIBS]" Parameter File Inclusion
Vulnerability
phpMyDirectory "ROOT_PATH" File Inclusion Vulnerability
artmedic newsletter "log.php" PHP Code Injection
Vulnerability
phpBazar "language_dir" File Inclusion Vulnerability
HyperStop Web Host Directory "uri" SQL Injection
Vulnerability
AlstraSoft Web Host Directory "uri" SQL Injection
Vulnerability
Diesel Joke Site "id" Parameter SQL Injection Vulnerability
e107 Unspecified SQL Injection Vulnerabilities
Chatty "username" Parameter Script Insertion Vulnerability
Hiox Guestbook Script Insertion Vulnerability
NetPanzer "setFrame()" Denial of Service Vulnerability
Destiney Links Script Multiple Vulnerabilities
ipLogger "User-Agent" HTTP Header Script Insertion
Vulnerability
phpwcms Cross-Site Scripting and Local File Inclusion
SkyeBox "post.php" Script Insertion Vulnerability
PostgreSQL Encoding-Based SQL Injection Vulnerability
AlstraSoft E-Friends Script Insertion Vulnerabilities
AlstraSoft Article Manager Pro SQL Injection and Script
Insertion
phpListPro "Language" Local File Inclusion Vulnerability
Dayfox Blog "slog_users.txt" Exposure of User Credentials
Stylish Text Ads Script "id" SQL Injection Vulnerability
Coppermine Photo Gallery Multiple File Extensions
Vulnerability
DGBook "index.php" Multiple Vulnerabilities
Xtreme Topsites Cross-Site Scripting and SQL Injection
Vulnerabilities
MediaWiki Script Insertion Vulnerabilities
UseBB Cross-Site Scripting and SQL Injection Vulnerabilities
Horizontal Shooter BOR Mod File Handling Format String
Vulnerability
Cosmoshop SQL Injection and Disclosure of Sensitive
Information
Xoops Local File Inclusion Vulnerabilities
OpenBOR Engine Mod File Handling Format String Vulnerability
Beats of Rage (BOR) Engine Format String Vulnerability
4R Linklist "cat" SQL Injection Vulnerability
HP OpenView Storage Data Protector Arbitrary Command
Execution
HP OpenView Network Node Manager Arbitrary Command Execution
Alkacon OpenCms "query" Cross-Site Scripting Vulnerability
Destiney Rated Images Script Multiple Script Insertion
Vulnerabilities
JemScripts DownloadControl "dcid" Cross-Site Scripting
Vulnerability
SiteScape Forum Information Disclosure Weaknesses
Mozilla Suite Exception Handling Full Path Disclosure
Weakness
Netscape Exception Handling Full Path Disclosure Weakness
Firefox Exception Handling Full Path Disclosure Weakness

IT Seurity Content Listing

Windows:

PDF Form Filling and Flattening Tool Field Name Buffer
Overflow

Critical: Moderately critical
Where: From remote
Impact: System access

George D. Gal has reported a vulnerability in PDF Form Filling and
Flattening Tool, which potentially can be exploited by malicious people
to compromise a user's system.

Zix Forum "layid" SQL Injection Vulnerability

Critical: Moderately critical
Where: From remote
Impact: Manipulation of data

PHP Emperor has discovered a vulnerability in Zix Forum, which can be
exploited by malicious people to conduct SQL injection attacks.

Fujitsu MyWeb Products SQL Injection Vulnerability

Critical: Moderately critical
Where: From remote
Impact: Manipulation of data

A vulnerability has been reported in Fujitsu MyWeb products, which can
be exploited by malicious people to conduct SQL injection attacks.

IntelliTamper Site Map File Buffer Overflow Vulnerability

Critical: Moderately critical
Where: From remote
Impact: System access

Devil00 has discovered a vulnerability in IntelliTamper, which can be
exploited by malicious people to compromise a user's system.

CodeAvalanche News "password" SQL Injection Vulnerability

Critical: Moderately critical
Where: From remote
Impact: Manipulation of data

Omnipresent has reported a vulnerability in CodeAvalanche News, which
can be exploited by malicious people to conduct SQL injection attacks.

FrontRange iHEAT Host System Access Vulnerability

Critical: Moderately critical
Where: From remote
Impact: System access

mcdanielar has reported a vulnerability in FrontRange iHEAT, which
potentially can be exploited by malicious users to compromise a
vulnerable system.

BitZipper Multiple Archive Directory Traversal Vulnerability

Critical: Less critical
Where: From remote
Impact: System access

Hamid Ebadi has discovered a vulnerability in BitZipper, which
potentially can be exploited by malicious people to compromise a user's
system.

aspbb Cross-Site Scripting Vulnerabilities

Critical: Less critical
Where: From remote
Impact: Cross Site Scripting

TeufeL has reported two vulnerabilities in aspbb, which can be
exploited by malicious people to conduct cross-site scripting attacks.

Cisco VPN Client Privilege Escalation Vulnerability

Critical: Less critical
Where: Local system
Impact: Privilege escalation

A vulnerability has been reported in Cisco VPN Client, which can be
exploited by malicious, local users to gain escalated privileges on a
vulnerable system.

Novell Client Clipboard Content Handling Weakness

Critical: Not critical
Where: Local system
Impact: Manipulation of data, Exposure of sensitive information

Eitan Caspi has reported a weakness in Novell Client, which can be
exploited by malicious people to disclose potentially sensitive
information and to manipulate certain information.

UNIX/Linux:--

Debian update for mpg123

Critical: Highly critical
Where: From remote
Impact: System access

Debian has issued an update for mpg123. This fixes a vulnerability,
which potentially can be exploited by malicious people to compromise a
user's system.

Debian update for nagios

Critical: Highly critical
Where: From remote
Impact: DoS, System access

Debian has issued an update for nagios. This fixes two vulnerabilities,
which can be exploited by malicious people to cause a DoS (Denial of
Service) and potentially compromise a vulnerable system.

UnixWare update for Sendmail

Critical: Highly critical
Where: From remote
Impact: System access

SCO has issued an update for Sendmail. This fixes a vulnerability,
which can be exploited by malicious people to compromise a vulnerable
system.

mpg123 "III_i_stereo()" Function Buffer Overflow
Vulnerability

Critical: Highly critical
Where: From remote
Impact: System access

A. Alejandro Hernández has reported a vulnerability in mpg123, which
potentially can be exploited by malicious people to compromise a user's
system.

HP-UX Motif Applications libXpm Image Decoding
Vulnerabilities

Critical: Highly critical
Where: From remote
Impact: System access

HP has acknowledged a vulnerability in HP-UX running Motif
applications, which potentially can be exploited by malicious people to
compromise a vulnerable system.

SUSE Updates for Multiple Packages

Critical: Highly critical
Where: From remote
Impact: Security Bypass, Cross Site Scripting, Manipulation of
data, DoS, System access

SUSE has issued updates for multiple packages. These fix some
vulnerabilities, which potentially can be exploited by malicious people
to conduct HTTP request smuggling attacks, cause a DoS (Denial of
Service) and potentially compromise a vulnerable system.

HP Tru64 UNIX Firefox/Mozilla Application Suite
Vulnerability

Critical: Highly critical
Where: From remote
Impact: DoS, System access

HP has acknowledged a vulnerability in HP Tru64 UNIX running
Firefox/Mozilla Application Suite, which can be exploited by malicious
people to cause a DoS (Denial of Service) and potentially compromise a
user's system.

SGI Advanced Linux Environment Multiple Updates

Critical: Highly critical
Where: From remote
Impact: Security Bypass, Cross Site Scripting, Manipulation of
data, Exposure of sensitive information, DoS, System access

SGI has issued a patch for SGI Advanced Linux Environment. This fixes
some vulnerabilities, which can be exploited by malicious, local users
to bypass certain security restrictions, by malicious users to cause a
DoS (Denial of Service), manipulate certain information, and compromise
a vulnerable system, or by malicious people to use PHP as an open mail
relay, gain knowledge of potentially sensitive information, conduct
cross-site scripting attacks and script insertion attacks, cause a DoS,
and compromise a vulnerable system.

Debian update for phpgroupware

Critical: Highly critical
Where: From remote
Impact: System access

Debian has issued an update for phpgroupware. This fixes a
vulnerability, which can be exploited by malicious people to compromise
a vulnerable system.

Ubuntu update for awstats

Critical: Highly critical
Where: From remote
Impact: System access

Ubuntu has issued an update for awstats. This fixes a vulnerability,
which can be exploited by malicious people to compromise a vulnerable
system.

Debian update for awstats

Critical: Highly critical
Where: From remote
Impact: System access

Debian has issued an update for awstats. This fixes a vulnerability,
which can be exploited by malicious people to compromise a vulnerable
system.

Tor Weakness and Multiple Vulnerabilities

Critical: Moderately critical
Where: From remote
Impact:

Some vulnerabilities and a weakness have been reported in Tor, which
can be exploited by malicious people to spoof log entries, disclose
certain sensitive information, and cause a DoS (Denial of Service).

Publicist SQL Injection and Script Insertion Vulnerabilities

Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting, Manipulation of data

luny has reported some vulnerabilities in Publicist, which can be
exploited by malicious people to conduct script insertion and SQL
injection attacks.

Ubuntu update for dia

Critical: Moderately critical
Where: From remote
Impact: System access

Ubuntu has issued an update for dia. This fixes some vulnerabilities,
which potentially can be exploited by malicious people to compromise a
user's system.

Perlpodder Shell Command Injection Vulnerability

Critical: Moderately critical
Where: From remote
Impact: System access

RedTeam has reported a vulnerability in Perlpodder, which can be
exploited by malicious people to compromise a user's system.

Red Hat update for kernel

Critical: Moderately critical
Where: From remote
Impact: Security Bypass, DoS

Red Hat has issued an update for the kernel. This fixes some
vulnerabilities, which can be exploited by malicious, local users and
by malicious people to bypass certain security restrictions and cause a
DoS (Denial of Service).

Red Hat update for postgresql

Critical: Moderately critical
Where: From remote
Impact: Security Bypass, Manipulation of data

Red Hat has issued an update for postgresql. This fixes two
vulnerabilities and a weakness, which potentially can be exploited by
malicious, local users to bypass certain security restrictions, and by
malicious people to conduct SQL injection attacks.

Red Hat update for php

Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting, DoS, System access

Red Hat has issued an update for php. This fixes some vulnerabilities,
which can be exploited by malicious users to cause a DoS (Denial of
Service) or compromise a vulnerable system, and by malicious people to
conduct cross-site scripting attacks and potentially to compromise a
vulnerable system.

HP-UX BIND4 DNS Cache Poisoning Vulnerability

Critical: Moderately critical
Where: From remote
Impact: Spoofing, Manipulation of data

A vulnerability has been reported in HP-UX, which can be exploited by
malicious people to poison the DNS cache.

Prodder Podcast Feed Shell Command Injection Vulnerability

Critical: Moderately critical
Where: From remote
Impact: System access

RedTeam has reported a vulnerability in Prodder, which can be exploited
by malicious people to compromise a user's system.

Debian update for kernel-source-2.4.18

Critical: Moderately critical
Where: From remote
Impact: Exposure of system information, Exposure of sensitive
information, Privilege escalation, DoS, System access

Debian has issued an update for kernel-source-2.4.18. This fixes some
vulnerabilities, which can be exploited by malicious, local users to
gain knowledge of sensitive information, cause a DoS (Denial of
Service), gain escalated privileges, and by malicious people to cause a
DoS, and disclose potentially sensitive information.

Dia Multiple Format String Vulnerabilities

Critical: Moderately critical
Where: From remote
Impact: System access

Some vulnerabilities have been reported in Dia, which potentially can
be exploited by malicious people to compromise a user's system.

Debian update for cscope

Critical: Moderately critical
Where: From remote
Impact: System access

Debian has issued an update for cscope. This fixes a vulnerability,
which can be exploited by malicious people to potentially compromise a
user's system.

GNU Binutils libbfd TekHex Record Handling Vulnerability

Critical: Moderately critical
Where: From remote
Impact: DoS, System access

Jesús Olmos Gonzalez has reported a vulnerability in GNU Binutils,
which can be exploited by malicious people to cause a DoS (Denial of
Service) and potentially to compromise a vulnerable system.

Linux Kernel Netfilter Weakness and Two SCTP Vulnerabilities

Critical: Moderately critical
Where: From remote
Impact: Exposure of sensitive information, DoS

Two vulnerabilities and a weakness have been reported in the Linux
Kernel, which can be exploited by malicious, local users to cause a DoS
(Denial of Service) and disclose potentially sensitive information, and
by malicious people to cause a DoS.

Debian update for kernel-source-2.4.19

Critical: Moderately critical
Where: From remote
Impact: Exposure of system information, Exposure of sensitive
information, Privilege escalation, DoS, System access

Debian has issued an update for kernel-source-2.4.19. This fixes some
vulnerabilities, which can be exploited by malicious, local users to
gain knowledge of sensitive information, cause a DoS (Denial of
Service), gain escalated privileges, and by malicious people to cause a
DoS, and disclose potentially sensitive information.

Debian update for kernel-source-2.4.16

Critical: Moderately critical
Where: From remote
Impact: Exposure of system information, Exposure of sensitive
information, Privilege escalation, DoS, System access

Debian has issued an update for kernel-source-2.4.16. This fixes some
vulnerabilities, which can be exploited by malicious, local users to
gain knowledge of sensitive information, cause a DoS (Denial of
Service), gain escalated privileges, and by malicious people to cause a
DoS, and disclose potentially sensitive information.

Mandriva update for php

Critical: Less critical
Where: From remote
Impact: DoS, System access

Mandriva has issued an update for php. This fixes two vulnerabilities,
which potentially can be exploited by malicious people to cause a DoS
(Denial of Service) or compromise a vulnerable system.

Debian update for popfile

Critical: Less critical
Where: From remote
Impact: DoS

Debian has issued an update for popfile. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service).

Debian update for phpbb2

Critical: Less critical
Where: From remote
Impact: System access

Debian has issued an update for phpbb2. This fixes a vulnerability,
which can be exploited by malicious users to compromise a vulnerable
system.

Solaris in.ftpd Directory Access Restriction Bypass
Vulnerability

Critical: Less critical
Where: From remote
Impact: Security Bypass

Sun Microsystems has acknowledged a vulnerability in Solaris, which can
be exploited by malicious users to bypass certain security
restrictions.

Apple Xcode WebObjects Plugin Access Control Vulnerability

Critical: Less critical
Where: From local network
Impact: Security Bypass

A vulnerability has been reported in Apple Xcode, which can be
exploited by malicious people to bypass certain security restrictions.

Mandriva update for hostapd

Critical: Less critical
Where: From local network
Impact: DoS

Mandriva has issued an update for hostapd. This fixes a vulnerability,
which potentially can be exploited by malicious people to cause a DoS
(Denial of Service).

Debian update for mysql

Critical: Less critical
Where: From local network
Impact: Security Bypass, Exposure of sensitive information, System
access

Debian has issued an update for mysql. This fixes some vulnerabilities,
which can be exploited by malicious users to bypass certain security
restrictions, disclose potentially sensitive information, and
compromise a vulnerable system.

Debian update for mysql-dfsg

Critical: Less critical
Where: From local network
Impact: Security Bypass, Exposure of sensitive information, System
access

Debian has issued an update for mysql-dfsg. This fixes some
vulnerabilities, which can be exploited by malicious users to bypass
certain security restrictions, disclose potentially sensitive
information, and compromise a vulnerable system.

Linux Kernel SNMP NAT Helper Denial of Service

Critical: Less critical
Where: From local network
Impact: DoS

A vulnerability has been reported in the Linux Kernel, which can be
exploited by malicious people to cause a DoS (Denial of Service).

Trustix update for mysql

Critical: Less critical
Where: From local network
Impact: Exposure of sensitive information, System access

Trustix has issued an update for mysql. This fixes some
vulnerabilities, which can be exploited by malicious users to disclose
potentially sensitive information and compromise a vulnerable system.

Debian update for quagga

Critical: Less critical
Where: From local network
Impact: Security Bypass, Exposure of system information, DoS

Debian has issued an update for quagga. This fixes two security issues
and a vulnerability, which can be exploited by malicious, local users
to cause a DoS (Denial of Service), and by malicious people to bypass
certain security restrictions and to disclose system information.

Debian update for hostapd

Critical: Less critical
Where: From local network
Impact: DoS

Debian has issued an update for hostapd. This fixes a vulnerability,
which potentially can be exploited by malicious people to cause a DoS
(Denial of Service).

Mandriva update for kernel

Critical: Less critical
Where: From local network
Impact: DoS

Mandriva has issued an update for kernel. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service).

HP-UX Software Distributor Privilege Escalation
Vulnerability

Critical: Less critical
Where: Local system
Impact: Privilege escalation

A vulnerability has been reported in HP-UX, which can be exploited by
malicious, local users to gain escalated privileges.

XScreenSaver Insecure Temporary File Creation Vulnerability

Critical: Less critical
Where: Local system
Impact: Privilege escalation

A vulnerability has been reported in XScreenSaver, which can be
exploited by malicious, local users to perform certain actions with
escalated privileges.

Debian update for kernel-patch-vserver

Critical: Less critical
Where: Local system
Impact: Privilege escalation

Debian has issued an update for kernel-patch-vserver. This fixes a
security issue, which can be exploited by malicious, local users to
perform certain actions with escalated privileges.

SAP sapdba Command Insecure Environment Variable Handling

Critical: Less critical
Where: Local system
Impact: Privilege escalation

Leandro Meiners has reported a vulnerability in SAP, which can be
exploited by malicious, local users to gain escalated privileges.

Debian update for fbi

Critical: Less critical
Where: Local system
Impact: Privilege escalation

Debian has issued an update for fbi. This fixes a vulnerability, which
can be exploited by malicious, local users to perform certain actions
on a vulnerable system with escalated privileges.

HP-UX Kernel Denial of Service Vulnerability

Critical: Not critical
Where: Local system
Impact: DoS

A vulnerability has been reported in HP-UX, which can be exploited by
malicious, local users to cause a DoS (Denial of Service).

Other:--

Sitecom WL-153 UPnP Shell Command Injection Vulnerability

Critical: Moderately critical
Where: From local network
Impact: DoS, System access

Armijn Hemel has reported a vulnerability in Sitecom WL-153, which can
be exploited by malicious people to cause a DoS (Denial of Service) and
potentially compromise a vulnerable device.

Edimax BR-6104K UPnP Shell Command Injection Vulnerability

Critical: Moderately critical
Where: From local network
Impact: DoS, System access

Armijn Hemel has reported a vulnerability in Edimax BR-6104K, which can
be exploited by malicious people to cause a DoS (Denial of Service) and
potentially compromise a vulnerable device.

ZyXEL P-335WT UPnP Port Mapping Vulnerability

Critical: Less critical
Where: From local network
Impact: Security Bypass

Armijn Hemel has reported a vulnerability in ZyXEL P-335WT, which can
be exploited by malicious people to bypass certain security
restrictions.

Cross Platform:--

RWiki Script Insertion and Ruby Code Injection
Vulnerabilities

Critical: Highly critical
Where: From remote
Impact: Cross Site Scripting, System access

Two vulnerabilities have been reported in RWiki, which can be exploited
by malicious people to conduct script insertion attacks and potentially
compromise a vulnerable system.

Docebo Multiple File Inclusion Vulnerabilities

Critical: Highly critical
Where: From remote
Impact: System access

Kacper has discovered some vulnerabilities in Docebo, which can be
exploited by malicious people to compromise a vulnerable system.

DSChat Script Insertion and PHP Code Execution
Vulnerabilities

Critical: Highly critical
Where: From remote
Impact: Cross Site Scripting, System access

Two vulnerabilities have been discovered in DSChat, which can be
exploited by malicious people to conduct script insertion attacks and
compromise a vulnerable system.

PunkBuster WebTool Buffer Overflow Vulnerability

Critical: Highly critical
Where: From remote
Impact: System access

Luigi Auriemma has reported a vulnerability in PunkBuster, which can be
exploited by malicious people to cause a DoS (Denial of Service) and
potentially compromise a vulnerable system.

PHP Easy Galerie "includepath" Parameter File Inclusion
Vulnerability

Critical: Highly critical
Where: From remote
Impact: System access

BrEakerS has reported a vulnerability in PHP Easy Galerie, which can be
exploited by malicious people to compromise a vulnerable system.

UBB.threads "thispath" Parameter File Inclusion
Vulnerability

Critical: Highly critical
Where: From remote
Impact: System access

V4mu has discovered a vulnerability in UBB.threads, which can be
exploited by malicious people to compromise a vulnerable system.

Russcom.Ping "domain" Shell Command Injection Vulnerability

Critical: Highly critical
Where: From remote
Impact: System access

Nomenumbra has discovered a vulnerability in Russcom.Ping, which can be
exploited by malicious people to compromise a vulnerable system.

Nucleus "GLOBALS[DIR_LIBS]" Parameter File Inclusion
Vulnerability

Critical: Highly critical
Where: From remote
Impact: System access

rgod has discovered a vulnerability in Nucleus, which can be exploited
by malicious people to compromise a vulnerable system.

phpMyDirectory "ROOT_PATH" File Inclusion Vulnerability

Critical: Highly critical
Where: From remote
Impact: System access

OLiBekaS has reported a vulnerability in phpMyDirectory, which can be
exploited by malicious people to compromise a vulnerable system.

artmedic newsletter "log.php" PHP Code Injection
Vulnerability

Critical: Highly critical
Where: From remote
Impact: System access

C.Schmitz has discovered a vulnerability in artmedic newsletter, which
can be exploited by malicious people to compromise a vulnerable
system.

phpBazar "language_dir" File Inclusion Vulnerability

Critical: Highly critical
Where: From remote
Impact: System access

PHP Emperor has discovered a vulnerability in phpBazar, which can be
exploited by malicious people to compromise a vulnerable system.

HyperStop Web Host Directory "uri" SQL Injection
Vulnerability

Critical: Moderately critical
Where: From remote
Impact: Manipulation of data

luny has reported a vulnerability in HyperStop Web Host (WebHost)
Directory, which can be exploited by malicious people to conduct SQL
injection attacks.

AlstraSoft Web Host Directory "uri" SQL Injection
Vulnerability

Critical: Moderately critical
Where: From remote
Impact: Manipulation of data

luny has reported a vulnerability in AlstraSoft Web Host (WebHost)
Directory, which can be exploited by malicious people to conduct SQL
injection attacks.

Diesel Joke Site "id" Parameter SQL Injection Vulnerability

Critical: Moderately critical
Where: From remote
Impact: Manipulation of data

a_linuxer has reported a vulnerability in Diesel Joke Site, which can
be exploited by malicious people to conduct SQL injection attacks.

e107 Unspecified SQL Injection Vulnerabilities

Critical: Moderately critical
Where: From remote
Impact: Unknown, Manipulation of data

Some vulnerabilities have been reported in e107, which can be exploited
by malicious people to conduct SQL injection attacks.

Chatty "username" Parameter Script Insertion Vulnerability

Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting

Nomenumbra has discovered a vulnerability in Chatty, which can be
exploited by malicious people to conduct script insertion attacks.

Hiox Guestbook Script Insertion Vulnerability

Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting

luny has discovered a vulnerability in Hiox Guestbook, which can be
exploited by malicious people to conduct script insertion attacks.

NetPanzer "setFrame()" Denial of Service Vulnerability

Critical: Moderately critical
Where: From remote
Impact: DoS

Luigi Auriemma has reported a vulnerability in NetPanzer, which can be
exploited by malicious people to cause a DoS (Denial of Service).

Destiney Links Script Multiple Vulnerabilities

Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting, Manipulation of data, Exposure of
system information, Exposure of sensitive information

Some vulnerabilities have been discovered in Destiney Links Script,
which can be exploited by malicious people to conduct script insertion
attacks, cross-site scripting attacks, and to disclose sensitive
information.

ipLogger "User-Agent" HTTP Header Script Insertion
Vulnerability

Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting

Nomenumbra has discovered a vulnerability in ipLogger, which can be
exploited by malicious people to conduct script insertion attacks.

phpwcms Cross-Site Scripting and Local File Inclusion

Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting, Exposure of sensitive information,
System access

trueend5 has discovered a vulnerability in phpwcms, which potentially
can be exploited by malicious users to compromise a vulnerable system,
and by malicious people to conduct cross-site scripting attacks and
disclose potentially sensitive information.

SkyeBox "post.php" Script Insertion Vulnerability

Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting

Nomenumbra has discovered a vulnerability in SkyeBox, which can be
exploited by malicious people to conduct script insertion attacks.

PostgreSQL Encoding-Based SQL Injection Vulnerability

Critical: Moderately critical
Where: From remote
Impact: Manipulation of data

Two vulnerabilities have been reported in PostgreSQL, which potentially
can be exploited by malicious people to conduct SQL injection attacks.

AlstraSoft E-Friends Script Insertion Vulnerabilities

Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting

luny has reported some vulnerabilities in AlstraSoft E-Friends, which
can be exploited by malicious people to conduct script insertion
attacks.

AlstraSoft Article Manager Pro SQL Injection and Script
Insertion

Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting, Manipulation of data, Exposure of
system information

luny has reported some vulnerabilities in AlstraSoft Article Manager
Pro, which can be exploited by malicious people to conduct cross-site
scripting and SQL injection attacks.

phpListPro "Language" Local File Inclusion Vulnerability

Critical: Moderately critical
Where: From remote
Impact: Exposure of sensitive information

[Oo] has discovered a vulnerability in phpListPro, which can be
exploited by malicious people to disclose sensitive information.

Dayfox Blog "slog_users.txt" Exposure of User Credentials

Critical: Moderately critical
Where: From remote
Impact: Exposure of sensitive information

omnipresent has discovered a security issue in Dayfox Blog, which can
be exploited by malicious people to disclose sensitive information.

Stylish Text Ads Script "id" SQL Injection Vulnerability

Critical: Moderately critical
Where: From remote
Impact: Manipulation of data

luny has reported a vulnerability in Stylish Text Ads Script, which can
be exploited by malicious people to conduct SQL injection attacks.

Coppermine Photo Gallery Multiple File Extensions
Vulnerability

Critical: Moderately critical
Where: From remote
Impact: System access

A vulnerability has been reported in Coppermine Photo Gallery, which
can be exploited by malicious users to compromise a vulnerable system.

DGBook "index.php" Multiple Vulnerabilities

Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting, Manipulation of data

Some vulnerabilities have been discovered in DGBook, which can be
exploited by malicious people to conduct script insertion attacks and
SQL injection attacks.

Xtreme Topsites Cross-Site Scripting and SQL Injection
Vulnerabilities

Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting, Manipulation of data

luny has discovered some vulnerabilities in Xtreme Topsites, which can
be exploited by malicious people to conduct cross-site scripting and
SQL injection attacks.

MediaWiki Script Insertion Vulnerabilities

Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting

Nick Jenkins has reported some vulnerabilities in MediaWiki, which can
be exploited by malicious people to conduct script insertion attacks.

UseBB Cross-Site Scripting and SQL Injection Vulnerabilities

Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting, Manipulation of data

Two vulnerabilities have been reported in UseBB, which can be exploited
by malicious people to conduct cross-site scripting and SQL injection
attacks.

Horizontal Shooter BOR Mod File Handling Format String
Vulnerability

Critical: Moderately critical
Where: From remote
Impact: System access

Luigi Auriemma has reported a vulnerability in Horizontal Shooter BOR
(HOR), which potentially can be exploited by malicious people to
compromise a user's system.

Cosmoshop SQL Injection and Disclosure of Sensitive
Information

Critical: Moderately critical
Where: From remote
Impact: Manipulation of data, Exposure of sensitive information

l0om has reported some vulnerabilities in Cosmoshop, which can be
exploited by malicious users to disclose sensitive information and by
malicious people to conduct SQL injection attacks.

Xoops Local File Inclusion Vulnerabilities

Critical: Moderately critical
Where: From remote
Impact: Exposure of sensitive information, System access

rgod has reported two vulnerabilities in Xoops, which can be exploited
by malicious people to disclose sensitive information and potentially
compromise a vulnerable system.

OpenBOR Engine Mod File Handling Format String Vulnerability

Critical: Moderately critical
Where: From remote
Impact: System access

Luigi Auriemma has reported a vulnerability in OpenBOR Engine, which
potentially can be exploited by malicious people to compromise a user's
system.

Beats of Rage (BOR) Engine Format String Vulnerability

Critical: Moderately critical
Where: From remote
Impact: System access

Luigi Auriemma has reported a vulnerability in Beats of Rage (BOR)
Engine, which potentially can be exploited by malicious people to
compromise a user's system.

4R Linklist "cat" SQL Injection Vulnerability

Critical: Moderately critical
Where: From remote
Impact: Manipulation of data

Snake_23 has reported a vulnerability in 4R Linklist, which can be
exploited by malicious people to conduct SQL injection attacks.

HP OpenView Storage Data Protector Arbitrary Command
Execution

Critical: Moderately critical
Where: From local network
Impact: System access

A vulnerability has been reported in HP OpenView Storage Data
Protector, which can be exploited by malicious people to compromise a
vulnerable system.

HP OpenView Network Node Manager Arbitrary Command Execution

Critical: Moderately critical
Where: From local network
Impact: System access

A vulnerability has been reported in HP OpenView Network Node Manager
(OV NNM), which can be exploited by malicious people to compromise a
vulnerable system.

Alkacon OpenCms "query" Cross-Site Scripting Vulnerability

Critical: Less critical
Where: From remote
Impact: Cross Site Scripting

Jaime Blasco has reported a vulnerability in Alkacon OpenCms, which can
be exploited by malicious people to conduct cross-site scripting
attacks.

Destiney Rated Images Script Multiple Script Insertion
Vulnerabilities

Critical: Less critical
Where: From remote
Impact: Cross Site Scripting

luny has discovered some vulnerabilities in Destiney Rated Images
Script, which can be exploited by malicious users to conduct script
insertion attacks.

JemScripts DownloadControl "dcid" Cross-Site Scripting
Vulnerability

Critical: Less critical
Where: From remote
Impact: Cross Site Scripting

A vulnerability has been reported in JemScripts DownloadControl, which
can be exploited by malicious people to conduct cross-site scripting
attacks.

SiteScape Forum Information Disclosure Weaknesses

Critical: Not critical
Where: From remote
Impact: Exposure of system information

Two weaknesses have been reported in SiteScape Forum, which can be
exploited by malicious people to disclose certain system information.

Mozilla Suite Exception Handling Full Path Disclosure
Weakness

Critical: Not critical
Where: From remote
Impact: Exposure of system information

A weakness has been discovered in Mozilla Suite, which can be exploited
by malicious people to disclose system information.

Netscape Exception Handling Full Path Disclosure Weakness

Critical: Not critical
Where: From remote
Impact: Exposure of system information

A weakness has been discovered in Netscape, which can be exploited by
malicious people to disclose system information.

Firefox Exception Handling Full Path Disclosure Weakness

Critical: Not critical
Where: From remote
Impact: Exposure of system information

A weakness has been discovered in Firefox, which can be exploited by
malicious people to disclose system information.

Internet Security News Home