From; Secunia Weekly Advisory Summary 2005-03-24 - 2005-03-31 This week : 70 advisories Table of Contents: 1.....................................................Word From Secunia 2....................................................This Week In Brief 3...............................This Weeks Top Ten Most Read Advisories 4.......................................Vulnerabilities Summary Listing 5.......................................Vulnerabilities Content Listing ========================= ============== 1) Word From Secunia: Want a new IT Security job? Vacant positions at Secunia: http://secunia.com/secunia_vacancies/ ========================= ================= 2) This Week in Brief: Two vulnerabilities have been reported in Kerberos V5 and Sun Solaris, which can be exploited by malicious people to compromise a vulnerable system. Successful exploitation allows execution of arbitrary code, but requires that a user connects to a malicious server with the vulnerable telnet client. Patches are available from the vendor, please see Secunia advisories below for details. References: http://secunia.com/SA14745 http://secunia.com/SA14754 VIRUS ALERTS: Secunia has not issued any virus alerts during the week. ========================= =============== 3) This Weeks Top Ten Most Read Advisories: 1. [SA14654] Mozilla Firefox Three Vulnerabilities 2. [SA14684] Mozilla Security Bypass and Buffer Overflow Vulnerabilities 3. [SA14713] Linux Kernel Multiple Vulnerabilities 4. [SA12758] Microsoft Word Document Parsing Buffer Overflow Vulnerability 5. [SA12889] Microsoft Internet Explorer Multiple Vulnerabilities 6. [SA14754] Sun Solaris Telnet Client Buffer Overflow Vulnerabilities 7. [SA14685] Mozilla Thunderbird GIF Image Processing Buffer Overflow Vulnerability 8. [SA14741] Symantec Norton AntiVirus Denial of Service Vulnerabilities 9. [SA14745] MIT Kerberos Telnet Client Buffer Overflow Vulnerabilities 10. [SA14659] phpBB Topic calendar "start" Cross-Site Scripting Vulnerability ========================= ================ 4) Vulnerabilities Summary Listing Windows: [SA14769] Sacred Player Logging Buffer Overflow Vulnerability [SA14767] TinCat Player Logging Buffer Overflow Vulnerability [SA14762] The Settlers: Heritage of Kings Player Logging Buffer Overflow [SA14749] PortalApp Cross-Site Scripting and SQL Injection [SA14743] FastStone 4in1 Browser Web Server Directory Traversal [SA14726] Antigen File Processing Denial of Service Vulnerabilities [SA14725] Ublog Reload Cross-Site Scripting and Exposure of Database [SA14722] BugTracker.NET Multiple SQL Injection Vulnerabilities [SA14753] IntranetApp / SiteEnable Two Cross-Site Scripting Vulnerabilities [SA14741] Symantec Norton AntiVirus Denial of Service Vulnerabilities [SA14712] Maxthon "m2_search_text" Search Bar Exposure of Information [SA14717] Kerio Personal Firewall Network Rules Security Bypass UNIX/Linux: [SA14788] Red Hat update for XFree86 [SA14782] Fedora update for imagemagick [SA14773] SGI Advanced Linux Environment Multiple Updates [SA14766] Fedora update for sylpheed [SA14756] Sylpheed MIME-encoded Attachment Filename Buffer Overflow [SA14737] Gentoo update for Mozilla [SA14736] Gentoo update for Firefox [SA14735] Gentoo update for Thunderbird [SA14733] Smail-3 "Mail From" Buffer Overflow and Signal Handling Vulnerabilities [SA14724] Fedora update for xorg-x11 [SA14714] Slackware update for Mozilla [SA14738] Debian update for mc [SA14783] Fedora update for telnet [SA14778] OpenBSD update for telnet [SA14772] SUSE update for telnet [SA14771] Red Hat update for krb5 [SA14765] Gentoo update for mpg321 [SA14763] FreeBSD update for telnet [SA14759] Conectiva update for ethereal [SA14757] Red Hat update for telnet [SA14754] Sun Solaris Telnet Client Buffer Overflow Vulnerabilities [SA14751] Fedora update for kernel [SA14750] Ubuntu update for telnet/telnetd [SA14747] Fedora update for squirrelmail [SA14745] MIT Kerberos Telnet Client Buffer Overflow Vulnerabilities [SA14740] Fedora update for krb5 [SA14734] Debian update for netkit-telnet-ssl [SA14728] Debian update for netkit-telnet [SA14727] Gentoo update for ipsec-tools [SA14721] Mandrake update for krb5 [SA14713] Linux Kernel Multiple Vulnerabilities [SA14787] Debian update for mailreader [SA14786] Fedora update for squid [SA14785] Gentoo update for smarty [SA14777] Mailreader "network.cgi" Cross-Site Scripting Vulnerability [SA14758] Red Hat update for grip [SA14730] Horde Page Title Cross-Site Scripting Vulnerability [SA14755] Red Hat update for mysql [SA14781] Fedora update for gdk-pixbuf [SA14780] Fedora update for gtk2 [SA14776] GdkPixbuf BMP Loader Double Free Denial of Service Vulnerability [SA14775] GTK+ BMP Loader Double Free Denial of Service Vulnerability Other: [SA14731] NetComm NB1300 Denial of Service [SA14784] Cisco VPN Concentrator 3000 Series HTTPS Packet Denial of Service Cross Platform: [SA14761] EncapsBB "root" File Inclusion Vulnerability [SA14723] E-Store Kit-2 PayPal Edition Cross-Site Scripting and File Inclusion [SA14770] Squirrelcart PHP Shopping Cart SQL Injection Vulnerabilities [SA14744] ACS Blog BBcode Script Insertion Vulnerability [SA14742] PhotoPost PHP Pro Cross-Site Scripting and SQL Injection [SA14739] E-Data Personal Information Script Insertion Vulnerability [SA14732] Chatness "user" Script Insertion Vulnerability [SA14719] Valdersoft Shopping Cart Cross-Site Scripting and SQL Injection [SA14716] WebAPP Unspecified File Content Disclosure Vulnerability [SA14715] PHP-Nuke Nuke Bookmarks Cross-Site Scripting and SQL Injection [SA14764] Tkai's Shoutbox "query" Cross-Site Scripting Vulnerability [SA14748] CPG Dragonfly CMS Two Cross-Site Scripting Vulnerabilities [SA14729] Smarty "regex_replace" Modifier Template Security Bypass [SA14720] WackoWiki Multiple Cross-Site Scripting Vulnerabilities ========================= ================ 5) Vulnerabilities Content Listing Windows:-- [SA14769] Sacred Player Logging Buffer Overflow Vulnerability Critical: Highly critical Where: From remote Impact: System access Released: 2005-03-29 Luigi Auriemma has reported a vulnerability in Sacred, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/14769/ -- [SA14767] TinCat Player Logging Buffer Overflow Vulnerability Critical: Highly critical Where: From remote Impact: System access Released: 2005-03-29 Luigi Auriemma has reported a vulnerability in TinCat, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/14767/ -- [SA14762] The Settlers: Heritage of Kings Player Logging Buffer Overflow Critical: Highly critical Where: From remote Impact: System access Released: 2005-03-29 Luigi Auriemma has reported a vulnerability in The Settlers: Heritage of Kings, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/14762/ -- [SA14749] PortalApp Cross-Site Scripting and SQL Injection Critical: Moderately critical Where: From remote Impact: Cross Site Scripting, Manipulation of data Released: 2005-03-30 Diabolic Crab has reported some vulnerabilities in PortalApp, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks. Full Advisory: http://secunia.com/advisories/14749/ -- [SA14743] FastStone 4in1 Browser Web Server Directory Traversal Critical: Moderately critical Where: From remote Impact: Exposure of sensitive information Released: 2005-03-30 Donato Ferrante has reported a vulnerability in FastStone 4in1 Browser, which can be exploited by malicious people to disclose sensitive information. Full Advisory: http://secunia.com/advisories/14743/ -- [SA14726] Antigen File Processing Denial of Service Vulnerabilities Critical: Moderately critical Where: From remote Impact: DoS Released: 2005-03-29 Two vulnerabilities have been reported in Antigen for Domino, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/14726/ -- [SA14725] Ublog Reload Cross-Site Scripting and Exposure of Database Critical: Moderately critical Where: From remote Impact: Cross Site Scripting, Exposure of sensitive information Released: 2005-03-30 3nitro has reported two vulnerabilities in Ublog Reload, which can be exploited by malicious people to conduct cross-site scripting attacks and disclose sensitive information. Full Advisory: http://secunia.com/advisories/14725/ -- [SA14722] BugTracker.NET Multiple SQL Injection Vulnerabilities Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2005-03-29 Maty Siman has reported some vulnerabilities in BugTracker.NET, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/14722/ -- [SA14753] IntranetApp / SiteEnable Two Cross-Site Scripting Vulnerabilities Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2005-03-30 Diabolic Crab has reported two vulnerabilities in IntranetApp and SiteEnable, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/14753/ -- [SA14741] Symantec Norton AntiVirus Denial of Service Vulnerabilities Critical: Less critical Where: From remote Impact: DoS Released: 2005-03-29 Isamu Noguchi has reported two vulnerabilities in Symantec Norton AntiVirus, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/14741/ -- [SA14712] Maxthon "m2_search_text" Search Bar Exposure of Information Critical: Less critical Where: From remote Impact: Exposure of sensitive information Released: 2005-03-28 Aviv Raff has reported a vulnerability in Maxthon, which can be exploited by malicious people to disclose some potentially sensitive information. Full Advisory: http://secunia.com/advisories/14712/ -- [SA14717] Kerio Personal Firewall Network Rules Security Bypass Critical: Not critical Where: Local system Impact: Security Bypass Released: 2005-03-30 Petr Matousek has reported a vulnerability in Kerio Personal Firewall, which can be exploited by malicious programs to bypass the firewall rules. Full Advisory: http://secunia.com/advisories/14717/ UNIX/Linux:-- [SA14788] Red Hat update for XFree86 Critical: Highly critical Where: From remote Impact: System access Released: 2005-03-31 Red Hat has issued an update for XFree86. This fixes a vulnerability, which potentially can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/14788/ -- [SA14782] Fedora update for imagemagick Critical: Highly critical Where: From remote Impact: System access Released: 2005-03-31 Fedora has issued an update for imagemagick. This fixes some vulnerabilities, which potentially can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/14782/ -- [SA14773] SGI Advanced Linux Environment Multiple Updates Critical: Highly critical Where: From remote Impact: System access, DoS, Manipulation of data Released: 2005-03-31 SGI has issued a patch for SGI Advanced Linux Environment. This fixes multiple vulnerabilities, which can be exploited malicious, local users to manipulate the contents of certain files and by malicious people to cause a DoS (Denial of Service) or to compromise a user's system. Full Advisory: http://secunia.com/advisories/14773/ -- [SA14766] Fedora update for sylpheed Critical: Highly critical Where: From remote Impact: System access Released: 2005-03-30 Fedora has issued an update for sylpheed. This fixes a vulnerability, which potentially can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/14766/ -- [SA14756] Sylpheed MIME-encoded Attachment Filename Buffer Overflow Critical: Highly critical Where: From remote Impact: System access Released: 2005-03-30 A vulnerability has been reported in Sylpheed, which potentially can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/14756/ -- [SA14737] Gentoo update for Mozilla Critical: Highly critical Where: From remote Impact: System access, Exposure of sensitive information, Exposure of system information, Spoofing, Cross Site Scripting, Security Bypass Released: 2005-03-28 Gentoo has issued an update for mozilla. This fixes some vulnerabilities, which can be exploited to bypass certain security restrictions, conduct spoofing and script insertion attacks, disclose various information, or compromise a user's system. Full Advisory: http://secunia.com/advisories/14737/ -- [SA14736] Gentoo update for Firefox Critical: Highly critical Where: From remote Impact: Security Bypass Released: 2005-03-28 Gentoo has issued an update for Firefox. This fixes three vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions and compromise a user's system. Full Advisory: http://secunia.com/advisories/14736/ -- [SA14735] Gentoo update for Thunderbird Critical: Highly critical Where: From remote Impact: System access Released: 2005-03-28 Gentoo has issued an update for Thunderbird. This fixes four vulnerabilities, which can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/14735/ -- [SA14733] Smail-3 "Mail From" Buffer Overflow and Signal Handling Vulnerabilities Critical: Highly critical Where: From remote Impact: Privilege escalation, System access Released: 2005-03-29 infamous41md has reported some vulnerabilities in Smail-3, which potentially can be exploited by malicious, local users to gain escalated privileges and by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/14733/ -- [SA14724] Fedora update for xorg-x11 Critical: Highly critical Where: From remote Impact: System access Released: 2005-03-30 Fedora has issued an update for xorg-x11. This fixes a vulnerability, which potentially can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/14724/ -- [SA14714] Slackware update for Mozilla Critical: Highly critical Where: From remote Impact: System access, Exposure of sensitive information, Exposure of system information, Spoofing, Cross Site Scripting, Security Bypass Released: 2005-03-28 Slackware has issued an update for mozilla. This fixes some vulnerabilities, which can be exploited to bypass certain security restrictions, conduct spoofing and script insertion attacks, disclose various information, or compromise a user's system. Full Advisory: http://secunia.com/advisories/14714/ -- [SA14738] Debian update for mc Critical: Moderately critical Where: Impact: Unknown Released: 2005-03-29 Debian has issued an update for mc. This fixes a vulnerability with an unknown impact. Full Advisory: http://secunia.com/advisories/14738/ -- [SA14783] Fedora update for telnet Critical: Moderately critical Where: From remote Impact: System access Released: 2005-03-31 Fedora has issued an update for telnet. This fixes two vulnerabilities, which can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/14783/ -- [SA14778] OpenBSD update for telnet Critical: Moderately critical Where: From remote Impact: System access Released: 2005-03-31 OpenBSD has issued an update for telnet. This fixes two vulnerabilities, which can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/14778/ -- [SA14772] SUSE update for telnet Critical: Moderately critical Where: From remote Impact: System access Released: 2005-03-30 SUSE has issued an update for telnet. This fixes two vulnerabilities, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/14772/ -- [SA14771] Red Hat update for krb5 Critical: Moderately critical Where: From remote Impact: System access Released: 2005-03-30 Red Hat has issued an update for krb5. This fixes two vulnerabilities, which can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/14771/ -- [SA14765] Gentoo update for mpg321 Critical: Moderately critical Where: From remote Impact: System access Released: 2005-03-29 Gentoo has issued an update for mpg321. This fixes a vulnerability, which potentially can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/14765/ -- [SA14763] FreeBSD update for telnet Critical: Moderately critical Where: From remote Impact: System access Released: 2005-03-29 FreeBSD has issued an update for telnet. This fixes two vulnerabilities, which can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/14763/ -- [SA14759] Conectiva update for ethereal Critical: Moderately critical Where: From remote Impact: DoS, System access Released: 2005-03-29 Conectiva has issued an update for ethereal. This fixes multiple vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/14759/ -- [SA14757] Red Hat update for telnet Critical: Moderately critical Where: From remote Impact: System access Released: 2005-03-29 Red Hat has issued an update for telnet. This fixes two vulnerabilities, which can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/14757/ -- [SA14754] Sun Solaris Telnet Client Buffer Overflow Vulnerabilities Critical: Moderately critical Where: From remote Impact: System access Released: 2005-03-29 Gaël Delalleau has reported two vulnerabilities in the telnet client included with Sun Solaris, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/14754/ -- [SA14751] Fedora update for kernel Critical: Moderately critical Where: From remote Impact: Privilege escalation, DoS, System access, Exposure of sensitive information Released: 2005-03-29 Fedora has issued an update for the kernel. This fixes multiple vulnerabilities, which can be exploited to gain knowledge of potentially sensitive information, cause a DoS (Denial of Service), gain escalated privileges, or potentially compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/14751/ -- [SA14750] Ubuntu update for telnet/telnetd Critical: Moderately critical Where: From remote Impact: DoS, System access Released: 2005-03-29 Ubuntu has issued updates for telnet and telnetd. These fix some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) or compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/14750/ -- [SA14747] Fedora update for squirrelmail Critical: Moderately critical Where: From remote Impact: Cross Site Scripting, Exposure of sensitive information Released: 2005-03-29 Fedora has issued an update for squirrelmail. This fixes some vulnerabilities, which can be exploited by malicious people to gain knowledge of sensitive information or conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/14747/ -- [SA14745] MIT Kerberos Telnet Client Buffer Overflow Vulnerabilities Critical: Moderately critical Where: From remote Impact: System access Released: 2005-03-29 Gaël Delalleau has reported two vulnerabilities in Kerberos V5, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/14745/ -- [SA14740] Fedora update for krb5 Critical: Moderately critical Where: From remote Impact: System access Released: 2005-03-30 Fedora has issued an update for krb5. This fixes two vulnerabilities, which can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/14740/ -- [SA14734] Debian update for netkit-telnet-ssl Critical: Moderately critical Where: From remote Impact: System access Released: 2005-03-29 Debian has issued an update for netkit-telnet-ssl. This fixes a vulnerability, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/14734/ -- [SA14728] Debian update for netkit-telnet Critical: Moderately critical Where: From remote Impact: System access Released: 2005-03-29 Debian has issued an update for netkit-telnet. This fixes a vulnerability, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/14728/ -- [SA14727] Gentoo update for ipsec-tools Critical: Moderately critical Where: From remote Impact: DoS Released: 2005-03-28 Gentoo has issued an update for ipsec-tools. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/14727/ -- [SA14721] Mandrake update for krb5 Critical: Moderately critical Where: From remote Impact: System access Released: 2005-03-30 MandrakeSoft has issued an update for krb5. This fixes two vulnerabilities, which can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/14721/ -- [SA14713] Linux Kernel Multiple Vulnerabilities Critical: Moderately critical Where: From remote Impact: Exposure of system information, Exposure of sensitive information, Privilege escalation, DoS, System access Released: 2005-03-29 Multiple vulnerabilities have been reported in the Linux kernel, which can be exploited to disclose information, cause a DoS (Denial of Service), gain escalated privileges, or potentially compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/14713/ -- [SA14787] Debian update for mailreader Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2005-03-31 Debian has issued an update for mailreader. This fixes a vulnerability, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/14787/ -- [SA14786] Fedora update for squid Critical: Less critical Where: From remote Impact: Exposure of sensitive information Released: 2005-03-31 Fedora has issued an update for squid. This fixes a security issue, which may disclose sensitive information to malicious people. Full Advisory: http://secunia.com/advisories/14786/ -- [SA14785] Gentoo update for smarty Critical: Less critical Where: From remote Impact: Security Bypass Released: 2005-03-31 Gentoo has issued an update for smarty. This fixes a vulnerability, which can be exploited by malicious people to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/14785/ -- [SA14777] Mailreader "network.cgi" Cross-Site Scripting Vulnerability Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2005-03-31 Ulf Härnhammar has reported a vulnerability in Mailreader, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/14777/ -- [SA14758] Red Hat update for grip Critical: Less critical Where: From remote Impact: System access Released: 2005-03-29 Red Hat has issued an update for grip. This fixes a vulnerability, which potentially can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/14758/ -- [SA14730] Horde Page Title Cross-Site Scripting Vulnerability Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2005-03-29 A vulnerability has been reported in Horde, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/14730/ -- [SA14755] Red Hat update for mysql Critical: Less critical Where: From local network Impact: Privilege escalation, System access Released: 2005-03-29 Red Hat has issued an update for mysql. This fixes some vulnerabilities, which potentially can be exploited by malicious users to compromise a vulnerable system and by malicious, local users to perform certain actions on a vulnerable system with escalated privileges. Full Advisory: http://secunia.com/advisories/14755/ -- [SA14781] Fedora update for gdk-pixbuf Critical: Not critical Where: From remote Impact: DoS Released: 2005-03-31 Fedora has issued an update for gdk-pixbuf. This fixes a vulnerability, which can be exploited by malicious people to crash certain applications on a vulnerable system. Full Advisory: http://secunia.com/advisories/14781/ -- [SA14780] Fedora update for gtk2 Critical: Not critical Where: From remote Impact: DoS Released: 2005-03-31 Fedora has issued an update for gtk2. This fixes a vulnerability, which can be exploited by malicious people to crash certain applications on a vulnerable system. Full Advisory: http://secunia.com/advisories/14780/ -- [SA14776] GdkPixbuf BMP Loader Double Free Denial of Service Vulnerability Critical: Not critical Where: From remote Impact: DoS Released: 2005-03-31 David Costanzo has reported a vulnerability in GdkPixbuf, which can be exploited by malicious people to crash certain applications on a user's system. Full Advisory: http://secunia.com/advisories/14776/ -- [SA14775] GTK+ BMP Loader Double Free Denial of Service Vulnerability Critical: Not critical Where: From remote Impact: DoS Released: 2005-03-31 David Costanzo has reported a vulnerability in GTK+, which can be exploited by malicious people to crash certain applications on a user's system. Full Advisory: http://secunia.com/advisories/14775/ Other:-- [SA14731] NetComm NB1300 Denial of Service Critical: Less critical Where: From remote Impact: DoS Released: 2005-03-29 Chris Rock has reported a vulnerability in NetComm NB1300, allowing malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/14731/ -- [SA14784] Cisco VPN Concentrator 3000 Series HTTPS Packet Denial of Service Critical: Less critical Where: From local network Impact: DoS Released: 2005-03-31 A vulnerability has been reported in Cisco VPN Concentrator 3000 Series, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/14784/ Cross Platform:-- [SA14761] EncapsBB "root" File Inclusion Vulnerability Critical: Highly critical Where: From remote Impact: System access Released: 2005-03-29 Frank "brOmstar" Reissner has reported a vulnerability in EncapsBB, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/14761/ -- [SA14723] E-Store Kit-2 PayPal Edition Cross-Site Scripting and File Inclusion Critical: Highly critical Where: From remote Impact: Cross Site Scripting, System access Released: 2005-03-29 Diabolic Crab has reported two vulnerabilities in E-Store Kit-2 PayPal Edition, which can be exploited by malicious people to conduct cross-site scripting attacks and potentially compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/14723/ -- [SA14770] Squirrelcart PHP Shopping Cart SQL Injection Vulnerabilities Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2005-03-30 Diabolic Crab has reported two vulnerabilities in Squirrelcart PHP Shopping Cart, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/14770/ -- [SA14744] ACS Blog BBcode Script Insertion Vulnerability Critical: Moderately critical Where: From remote Impact: Cross Site Scripting Released: 2005-03-29 Dan Crowley has reported a vulnerability in ACS Blog, which can be exploited by malicious people to conduct script insertion attacks. Full Advisory: http://secunia.com/advisories/14744/ -- [SA14742] PhotoPost PHP Pro Cross-Site Scripting and SQL Injection Critical: Moderately critical Where: From remote Impact: Cross Site Scripting, Manipulation of data Released: 2005-03-29 Diabolic Crab has reported some vulnerabilities in PhotoPost PHP Pro, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks. Full Advisory: http://secunia.com/advisories/14742/ -- [SA14739] E-Data Personal Information Script Insertion Vulnerability Critical: Moderately critical Where: From remote Impact: Cross Site Scripting Released: 2005-03-29 Donnie Werner has reported a vulnerability in E-Data, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/14739/ -- [SA14732] Chatness "user" Script Insertion Vulnerability Critical: Moderately critical Where: From remote Impact: Cross Site Scripting Released: 2005-03-30 3nitro has reported a vulnerability in Chatness, which can be exploited by malicious people to conduct script insertion attacks. Full Advisory: http://secunia.com/advisories/14732/ -- [SA14719] Valdersoft Shopping Cart Cross-Site Scripting and SQL Injection Critical: Moderately critical Where: From remote Impact: Cross Site Scripting, Manipulation of data Released: 2005-03-29 Diabolic Crab has reported some vulnerabilities in Valdersoft Shopping Cart, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks. Full Advisory: http://secunia.com/advisories/14719/ -- [SA14716] WebAPP Unspecified File Content Disclosure Vulnerability Critical: Moderately critical Where: From remote Impact: Exposure of sensitive information Released: 2005-03-29 A vulnerability has been reported in WebAPP, which can be exploited by malicious people to disclose potentially sensitive information. Full Advisory: http://secunia.com/advisories/14716/ -- [SA14715] PHP-Nuke Nuke Bookmarks Cross-Site Scripting and SQL Injection Critical: Moderately critical Where: From remote Impact: Cross Site Scripting, Manipulation of data Released: 2005-03-28 Gerardo 'Astharot' Di Giacomo has reported some vulnerabilities in the Nuke Bookmarks module for PHP-Nuke, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks. Full Advisory: http://secunia.com/advisories/14715/ -- [SA14764] Tkai's Shoutbox "query" Cross-Site Scripting Vulnerability Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2005-03-29 CorryL has reported a vulnerability in Tkai's Shoutbox, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/14764/ -- [SA14748] CPG Dragonfly CMS Two Cross-Site Scripting Vulnerabilities Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2005-03-29 mircia has reported two vulnerabilities in CPG Dragonfly CMS, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/14748/ -- [SA14729] Smarty "regex_replace" Modifier Template Security Bypass Critical: Less critical Where: From remote Impact: Security Bypass Released: 2005-03-29 A vulnerability has been reported in Smarty, which can be exploited by malicious people to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/14729/ -- [SA14720] WackoWiki Multiple Cross-Site Scripting Vulnerabilities Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2005-03-29 Multiple vulnerabilities have been reported in WackoWiki, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/14720/ ========================= ================ Secunia recommends that you verify all advisories you receive, by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Subscribe: http://secunia.com/secunia_weekly_summary/ Contact details: Web : http://secunia.com/ E-mail : support@xxxxxxxxxxx Tel : +45 70 20 51 44 Fax : +45 70 20 51 45 ____________________________ *********** MIKE"S REPLY SEPARATOR *********** Mike ~ It is a good day if I learned something new. Editor MikesWhatsNews see a sample on my web page http://www3.telus.net/mikebike <mikeswhatsnews-request@xxxxxxxxxxxxx?Subject=subscribe> http://www3.telus.net/mikebike/worm_removal.htm See my Anti-Virus pages http://virusinfo.hackfix.org/index <virusinfo-request@xxxxxxxxxxxxx?Subject=subscribe> A Technical Support Alliance and OWTA Charter Member