SECUNIA ADVISORY ID: SA22592

VERIFY ADVISORY: http://secunia.com/advisories/22592/

CRITICAL: Less critical

IMPACT: DoS

WHERE: >From local network

OPERATING SYSTEM:
Microsoft Windows XP Home Edition - http://secunia.com/product/16/
Microsoft Windows XP Professional - http://secunia.com/product/22/

DESCRIPTION: h07 has discovered a vulnerability in Microsoft Windows, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to a NULL pointer dereference error in Windows NAT Helper Components (ipnathlp.dll). This can be exploited to crash the service via a specially crafted DNS query. Successful exploitation requires that Internet Connection Sharing is enabled and the query is received from a client on the shared network interface. The vulnerability is confirmed in a fully patched Windows XP SP2 system. Other versions may also be affected.

SOLUTION: Use another way of sharing the Internet connection.

PROVIDED AND/OR DISCOVERED BY: h07

ORIGINAL ADVISORY: http://milw0rm.com/exploits/2672

Coppermine Photo Gallery *aid* SQL Injection Vulnerability SECUNIA ADVISORY ID: SA22625

VERIFY ADVISORY: http://secunia.com/advisories/22625/

CRITICAL: Less critical

IMPACT: Manipulation of data

WHERE: >From remote

SOFTWARE: Coppermine Photo Gallery 1.x - http://secunia.com/product/1427/

DESCRIPTION: w4ck1ng has reported a vulnerability in Coppermine Photo Gallery, which can be exploited by malicious users to conduct SQL injection attacks. Input passed to the "aid" parameter in picmgr.php is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The vulnerability is reported in version 1.4.9. Other versions may also be affected.

SOLUTION: Update to version 1.4.10.

PROVIDED AND/OR DISCOVERED BY: w4ck1ng

ORIGINAL ADVISORY: http://coppermine-gallery.net/forum/index.php?topic=37895.0

SECUNIA ADVISORY ID: SA22591

VERIFY ADVISORY: http://secunia.com/advisories/22591/

CRITICAL: Moderately critical

IMPACT: DoS

WHERE: >From remote

SOFTWARE:
Sophos Anti-Virus for Windows 6.x - http://secunia.com/product/12449/
Sophos Anti-Virus 5.x - http://secunia.com/product/5390/
Sophos Anti-Virus 4.x - http://secunia.com/product/5391/
Sophos Anti-Virus Small Business Edition - http://secunia.com/product/9822/

DESCRIPTION: Some vulnerabilities have been reported in Sophos Anti-Virus, which can be exploited by malicious people to cause a DoS (Denial of Service).

1) An unspecified error when processing RAR archives may in certain cases cause an infinite loop in the scanning engine and consume all available CPU resources.

2) An unspecified error when processing CHM files may in certain cases result in a heap-based buffer overflow.

3) An unspecified error when processing CHM files with long names may cause a memory corruption.

SOLUTION: The vulnerabilities will reportedly be fixed in December 2006.

PROVIDED AND/OR DISCOVERED BY: The vendor credits iDefense.

ORIGINAL ADVISORY: Sophos: http://www.sophos.com/support/knowledgebase/article/7609.html

SECUNIA ADVISORY ID: SA22635

VERIFY ADVISORY: http://secunia.com/advisories/22635/

CRITICAL: Moderately critical

IMPACT: DoS

WHERE: >From remote

SOFTWARE:
Sophos Anti-Virus for Windows 6.x - http://secunia.com/product/12449/
Sophos Anti-Virus 5.x - http://secunia.com/product/5390/
Sophos Anti-Virus 4.x - http://secunia.com/product/5391/
Sophos Anti-Virus Small Business Edition - http://secunia.com/product/9822/

DESCRIPTION: A vulnerability has been reported in Sophos Anti-Virus, which can be exploited by malicious people to cause a DoS (Denial of Service). An unspecified error in the Petite plugin when processing Petite archives containing a large number of large sectors can be exploited to DoS the virus engine. Please see the vendor's advisory for a list of affected versions.

SOLUTION: Updates are available for all products, but Sophos Anti-Virus for Macintosh (available in December 2006).

PROVIDED AND/OR DISCOVERED BY: The vendor credits iDefense.

ORIGINAL ADVISORY: Sophos: http://www.sophos.com/support/knowledgebase/article/7609.html

SECUNIA ADVISORY ID: SA22621

VERIFY ADVISORY: http://secunia.com/advisories/22621/

CRITICAL: Highly critical

IMPACT: System access

WHERE: >From remote

SOFTWARE: Faq Administrator 2.x - http://secunia.com/product/12451/

DESCRIPTION: v1per-haCker has discovered a vulnerability in Faq Administrator, which can be exploited by malicious people to compromise a vulnerable system. Input passed to the "email" parameter in faq_reply.php is not properly verified, before being used to include files. This can be exploited to include arbitrary files from local or external resources. The vulnerability is confirmed in version 2.1. Other versions may also be affected.

SOLUTION: Edit the source code to ensure that input is properly verified.

PROVIDED AND/OR DISCOVERED BY: v1per-haCker

SECUNIA ADVISORY ID: SA22566

VERIFY ADVISORY: http://secunia.com/advisories/22566/

CRITICAL: Less critical

IMPACT: Manipulation of data

WHERE: >From remote

SOFTWARE: Drupal Extended Tracker Module 4.x - http://secunia.com/product/12431/

DESCRIPTION: A vulnerability has been reported in the Extended Tracker module for Drupal, which can be exploited by malicious users to conduct SQL injection attacks. Read More...