[ISN] Secunia Weekly Summary - Issue: 2004-25

InfoSec News isn at c4i.org
Thu Jun 17 10:33:42 EDT 2004


========================================================================

                  The Secunia Weekly Advisory Summary                  
                        2004-06-10 - 2004-06-17                        

                       This week : 51 advisories                       

========================================================================
Table of Contents:

1.....................................................Word From Secunia
2....................................................This Week In Brief
3...............................This Weeks Top Ten Most Read Advisories
4.......................................Vulnerabilities Summary Listing
5.......................................Vulnerabilities Content Listing

========================================================================
1) Word From Secunia:

The Secunia staff is spending hours every day to assure you the best
and most reliable source for vulnerability information. Every single 
vulnerability report is being validated and verified before a Secunia
advisory is written.

Secunia validates and verifies vulnerability reports in many different
ways e.g. by downloading the software and performing comprehensive
tests, by reviewing source code, or by validating the credibility of
the source from which the vulnerability report was issued.

As a result, Secunia's database is the most correct and complete source
for recent vulnerability information available on the Internet.

Secunia Online Vulnerability Database:
http://secunia.com/


========================================================================
2) This Week in Brief:


ADVISORIES:

http-equiv and eEye Digital Security have discovered two
vulnerabilities in IBM Access Support ActiveX controls, which could be
exploited to compromise a vulnerable system.

Furthermore, according to eEye the vulnerable ActiveX controls are
installed by default on many IBM machines. Owners of IBM PC's are
advised to check if their PC's have the ActiveX controls installed, and
if so install the "Fix Pack 2 for Access Support" from IBM.

Reference:
http://secunia.com/SA11072

--

A new vulnerability was identified in Internet Explorer, which could be
exploited by a malicious website to bypass security zone restrictions
and spoof the address bar.

Additionally, Mozilla suffers from the same vulnerability. However, in
Mozilla's case, this can only be used to partly spoof the address bar.

Further details available in Secunia advisories below.

Reference:
http://secunia.com/SA11830
http://secunia.com/SA11856

--

Three different research groups have independently discovered three
vulnerabilities in the popular RealPlayer, which all could be exploited
to execute arbitrary code on a vulnerable system.

RealNetworks has issued an update for all vulnerabilities. The update
is available via the "Check for Update" feature.

Reference:
http://secunia.com/SA11422


VIRUS ALERTS:

During the last week, Secunia issued one MEDIUM RISK virus alert.
Please refer to the grouped virus profile below for more information:

ZAFI.B - MEDIUM RISK Virus Alert - 2004-06-14 13:55 GMT+1
http://192.168.100.226/virus_information/9988/zafi.b/


========================================================================
3) This Weeks Top Ten Most Read Advisories:

1.  [SA11793] Internet Explorer Local Resource Access and Cross-Zone
              Scripting Vulnerabilities
2.  [SA11830] Internet Explorer Security Zone Bypass and Address Bar
              Spoofing Vulnerability
3.  [SA11856] Mozilla Browser Address Bar Spoofing Weakness
4.  [SA11422] RealPlayer Multiple Buffer Overflow Vulnerabilities
5.  [SA11841] Apache mod_proxy "Content-Length:" Header Buffer
              Overflow Vulnerability
6.  [SA10395] Internet Explorer URL Spoofing Vulnerability
7.  [SA11689] Mac OS X Volume URI Handler Registration Code Execution
              Vulnerability
8.  [SA11622] Mac OS X URI Handler Arbitrary Code Execution
9.  [SA11821] Cisco CatOS TCP-ACK Denial of Service Vulnerability
10. [SA11861] Linux Kernel "__clear_fpu()" Macro Denial of Service
              Vulnerability

========================================================================
4) Vulnerabilities Summary Listing

Windows:
[SA11839] AspDotNetStorefront Multiple Vulnerabilities
[SA11878] Web Wiz Forums Registration Rules Cross-Site Scripting
Vulnerability
[SA11856] Mozilla Browser Address Bar Spoofing Weakness
[SA11848] Blackboard Digital Dropbox File Retrieval Vulnerability
[SA11840] WinAgents TFTP Server Long Filename Request Denial of
Service
[SA11857] Sygate Personal Firewall Fail-Safe Mechanism Bypass
Vulnerability
[SA11868] Internet Explorer File Download Error Message Denial of
Service Weakness

UNIX/Linux:
[SA11874] Gentoo update for horde-chora
[SA11869] Fedora update for subversion
[SA11866] Red Hat update for httpd/mod_ssl
[SA11859] OpenBSD update for httpd/mod_ssl
[SA11858] Chora CVS Viewer Shell Command Injection Vulnerability
[SA11855] Gentoo update for subversion
[SA11854] OpenPKG update for apache
[SA11853] Fedora update for CVS
[SA11850] OpenPKG update for CVS
[SA11842] Gentoo update for CVS
[SA11841] Apache mod_proxy "Content-Length:" Header Buffer Overflow
Vulnerability
[SA11838] Red Hat update for squid
[SA11834] Red Hat update for CVS
[SA11884] Gentoo update for horde-imp
[SA11883] Gentoo update for webmin
[SA11879] Thy Session Handling Denial of Service Vulnerability
[SA11875] Gentoo update for squirrelmail
[SA11873] Gentoo update for gallery
[SA11870] Red Hat update for squirrelmail
[SA11863] KAME Racoon X.509 Certificate Validation Vulnerability
[SA11851] Sun Solaris / SEAM Kerberos "krb5_aname_to_localname()"
Vulnerabilities
[SA11843] HP-UX ftp Pipe Character Arbitrary Command Execution
Vulnerability
[SA11837] Red Hat update for krb5
[SA11836] Red Hat update for ethereal
[SA11833] Fedora update for squirrelmail
[SA11862] Debian update for kdelibs
[SA11872] SGI IRIX Privilege Escalation and Denial of Service
Vulnerabilities
[SA11867] Red Hat update for tripwire
[SA11845] Mandrake ksymoops-gznm Insecure Temporary File Creation
Vulnerability
[SA11885] SuSE update for kernel
[SA11876] Slackware update for kernel
[SA11871] Fedora update for kernel
[SA11861] Linux Kernel "__clear_fpu()" Macro Denial of Service
Vulnerability
[SA11847] NetBSD "swapctl()" Denial of Service Vulnerability

Other:
[SA11849] Edimax EW-7205APL Default Account and Password Disclosure
[SA11882] Cisco IOS BGP Processing Denial of Service Vulnerability

Cross Platform:
[SA11880] Pivot Multiple Vulnerabilities
[SA11844] Subversion svn Protocol String Parsing Vulnerability
[SA11864] BEA WebLogic SSL Connection Handling Denial of Service
Vulnerability
[SA11835] cPanel "passwd" Script Database Password Manipulation
Vulnerability
[SA11865] BEA WebLogic Incorrect Identity RMI Method Execution
Vulnerability
[SA11852] PHP-Nuke Multiple Vulnerabilities
[SA11846] VP-ASP Shopping Cart Cross-Site Scripting Vulnerabilities
[SA11860] VICE Monitor "Memory Dump" Command Format String
Vulnerability

========================================================================
5) Vulnerabilities Content Listing

Windows:--

[SA11839] AspDotNetStorefront Multiple Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass, Cross Site Scripting
Released:    2004-06-11

Thomas Ryan has reported multiple vulnerabilities in
AspDotNetStorefront, which can be exploited by malicious people to
conduct cross-site scripting attacks, perform certain administrative
actions, and upload arbitrary files.

Full Advisory:
http://secunia.com/advisories/11839/

 --

[SA11878] Web Wiz Forums Registration Rules Cross-Site Scripting
Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2004-06-16

Ferruh Mavituna has reported a vulnerability in Web Wiz Forums, which
can be exploited by malicious people to conduct cross-site scripting
attacks.

Full Advisory:
http://secunia.com/advisories/11878/

 --

[SA11856] Mozilla Browser Address Bar Spoofing Weakness

Critical:    Less critical
Where:       From remote
Impact:      Spoofing
Released:    2004-06-14

A weakness has been reported in Mozilla, allowing malicious people to
conduct phishing attacks.

Full Advisory:
http://secunia.com/advisories/11856/

 --

[SA11848] Blackboard Digital Dropbox File Retrieval Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Security Bypass, Exposure of sensitive information
Released:    2004-06-14

Maarten Verbeek has reported a vulnerability in Blackboard, which can
be exploited by malicious users to download other users' files in their
dropbox.

Full Advisory:
http://secunia.com/advisories/11848/

 --

[SA11840] WinAgents TFTP Server Long Filename Request Denial of
Service

Critical:    Less critical
Where:       From local network
Impact:      DoS
Released:    2004-06-11

Ziv Kamir has reported a vulnerability in WinAgents TFTP Server, which
can be exploited by malicious people to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/11840/

 --

[SA11857] Sygate Personal Firewall Fail-Safe Mechanism Bypass
Vulnerability

Critical:    Less critical
Where:       Local system
Impact:      Security Bypass
Released:    2004-06-16

Chew Keong TAN has reported a vulnerability in Sygate Personal Firewall
Pro, which can be exploited by malicious, local users to bypass certain
security restrictions.

Full Advisory:
http://secunia.com/advisories/11857/

 --

[SA11868] Internet Explorer File Download Error Message Denial of
Service Weakness

Critical:    Not critical
Where:       From remote
Impact:      DoS
Released:    2004-06-16

Rafel Ivgi has discovered a weakness in Internet Explorer (IE),
allowing malicious people to crash a user's browser.

Full Advisory:
http://secunia.com/advisories/11868/


UNIX/Linux:--

[SA11874] Gentoo update for horde-chora

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2004-06-16

Gentoo has issued an update for horde-chora. This fixes a
vulnerability, which can be exploited by malicious people to compromise
a vulnerable system.

Full Advisory:
http://secunia.com/advisories/11874/

 --

[SA11869] Fedora update for subversion

Critical:    Highly critical
Where:       From remote
Impact:      System access, DoS
Released:    2004-06-15

Fedora has issued an update for subversion. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service) and potentially compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/11869/

 --

[SA11866] Red Hat update for httpd/mod_ssl

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2004-06-15

Red Hat has issued an update for httpd/mod_ssl. This fixes some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service) and potentially compromise a vulnerable
system.

Full Advisory:
http://secunia.com/advisories/11866/

 --

[SA11859] OpenBSD update for httpd/mod_ssl

Critical:    Highly critical
Where:       From remote
Impact:      Security Bypass, Spoofing, DoS, System access
Released:    2004-06-14

OpenBSD has issued an update for httpd. This fixes various
vulnerabilities, which can be exploited by malicious people to inject
potentially malicious characters into error logfiles, bypass certain
restrictions, cause a DoS (Denial of Service) and potentially
compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/11859/

 --

[SA11858] Chora CVS Viewer Shell Command Injection Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2004-06-14

Stefan Esser has reported a vulnerability in Chora, which can be
exploited by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/11858/

 --

[SA11855] Gentoo update for subversion

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2004-06-14

Gentoo has issued an update for subversion. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service) and potentially compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/11855/

 --

[SA11854] OpenPKG update for apache

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2004-06-12

OpenPKG has issued an update for apache. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service) and potentially compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/11854/

 --

[SA11853] Fedora update for CVS

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2004-06-12

Fedora has issued an update for CVS. This fixes multiple
vulnerabilities, which can be exploited by malicious users to cause a
DoS (Denial of Service) or compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/11853/

 --

[SA11850] OpenPKG update for CVS

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2004-06-11

OpenPKG has issued an update for CVS. This fixes multiple
vulnerabilities, which can be exploited by malicious users to cause a
DoS (Denial of Service) or compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/11850/

 --

[SA11842] Gentoo update for CVS

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2004-06-14

Gentoo has issued an update for CVS. This fixes multiple
vulnerabilities, which can be exploited by malicious users to cause a
DoS (Denial of Service) or compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/11842/

 --

[SA11841] Apache mod_proxy "Content-Length:" Header Buffer Overflow
Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2004-06-10

Georgi Guninski has discovered a vulnerability in Apache, which can be
exploited by malicious people to cause a DoS (Denial of Service) and
potentially compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/11841/

 --

[SA11838] Red Hat update for squid

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2004-06-10

Red Hat has issued an update for squid. This fixes a vulnerability,
which can be exploited by malicious people to compromise a vulnerable
system.

Full Advisory:
http://secunia.com/advisories/11838/

 --

[SA11834] Red Hat update for CVS

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2004-06-10

Red Hat has issued an update for CVS. This fixes multiple
vulnerabilities, which can be exploited by malicious users to cause a
DoS (Denial of Service) or compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/11834/

 --

[SA11884] Gentoo update for horde-imp

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2004-06-16

Gentoo has issued an update for horde-imp. This fixes a vulnerability,
which can be exploited by malicious people to conduct script insertion
attacks.

Full Advisory:
http://secunia.com/advisories/11884/

 --

[SA11883] Gentoo update for webmin

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass, DoS
Released:    2004-06-16

Gentoo has issued an update for webmin. This fixes some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service) or bypass certain security restrictions.

Full Advisory:
http://secunia.com/advisories/11883/

 --

[SA11879] Thy Session Handling Denial of Service Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2004-06-16

jethro has reported a vulnerability in Thy, which can be exploited by
malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/11879/

 --

[SA11875] Gentoo update for squirrelmail

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2004-06-16

Gentoo has issued an update for squirrelmail. This fixes a
vulnerability, which can be exploited by malicious people to conduct
script insertion attacks.

Full Advisory:
http://secunia.com/advisories/11875/

 --

[SA11873] Gentoo update for gallery

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass
Released:    2004-06-16

Gentoo has issued an update for gallery. This fixes a vulnerability,
which can be exploited by malicious people to bypass the user
authentication.

Full Advisory:
http://secunia.com/advisories/11873/

 --

[SA11870] Red Hat update for squirrelmail

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting, Manipulation of data, Exposure of
system information, Exposure of sensitive information
Released:    2004-06-15

Red Hat has issued an update for squirrelmail. This fixes multiple
vulnerabilities, which can be exploited by malicious people to conduct
cross-site scripting, script insertion, and SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/11870/

 --

[SA11863] KAME Racoon X.509 Certificate Validation Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass
Released:    2004-06-17

Thomas Walpuski has reported a vulnerability in KAME Racoon, which
potentially can be exploited by malicious people to bypass certain
security restrictions.

Full Advisory:
http://secunia.com/advisories/11863/

 --

[SA11851] Sun Solaris / SEAM Kerberos "krb5_aname_to_localname()"
Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2004-06-11

Sun has acknowledged some vulnerabilities in Solaris and SEAM, which
can be exploited by malicious users to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/11851/

 --

[SA11843] HP-UX ftp Pipe Character Arbitrary Command Execution
Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2004-06-11

HP has acknowledged a very old vulnerability in ftp for HP-UX, which
can be exploited by malicious people to compromise a vulnerable
system.

Full Advisory:
http://secunia.com/advisories/11843/

 --

[SA11837] Red Hat update for krb5

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2004-06-10

Red Hat has issued an update for krb5. This fixes some vulnerabilities,
which can be exploited by malicious users to compromise a vulnerable
system.

Full Advisory:
http://secunia.com/advisories/11837/

 --

[SA11836] Red Hat update for ethereal

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2004-06-10

Red Hat has issued an update for ethereal. This fixes multiple
vulnerabilities, which can be exploited by malicious people to
compromise a vulnerable system or cause a DoS (Denial-of-Service).

Full Advisory:
http://secunia.com/advisories/11836/

 --

[SA11833] Fedora update for squirrelmail

Critical:    Moderately critical
Where:       From remote
Impact:      Exposure of sensitive information, Exposure of system
information, Manipulation of data, Cross Site Scripting
Released:    2004-06-10

Fedora has issued an update for squirrelmail. This fixes multiple
vulnerabilities, which can be exploited by malicious people to conduct
cross-site scripting, script insertion, and SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/11833/

 --

[SA11862] Debian update for kdelibs

Critical:    Less critical
Where:       From remote
Impact:      Manipulation of data
Released:    2004-06-15

Debian has issued an update for kdelibs. This fixes a vulnerability,
which can be exploited by malicious people to create or truncate files
on a user's system.

Full Advisory:
http://secunia.com/advisories/11862/

 --

[SA11872] SGI IRIX Privilege Escalation and Denial of Service
Vulnerabilities

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation, DoS
Released:    2004-06-16

Three vulnerabilities have been discovered in IRIX, which can be
exploited by malicious, local users to gain escalated privileges or
cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/11872/

 --

[SA11867] Red Hat update for tripwire

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2004-06-15

Red Hat has issued an update for tripwire. This fixes a vulnerability,
which potentially can be exploited by malicious, local users to gain
escalated privileges.

Full Advisory:
http://secunia.com/advisories/11867/

 --

[SA11845] Mandrake ksymoops-gznm Insecure Temporary File Creation
Vulnerability

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2004-06-12

Geoffrey Lee has discovered a vulnerability in Mandrakelinux, which can
be exploited by malicious, local users to perform certain actions with
escalated privileges.

Full Advisory:
http://secunia.com/advisories/11845/

 --

[SA11885] SuSE update for kernel

Critical:    Not critical
Where:       Local system
Impact:      DoS
Released:    2004-06-16

SuSE has issued an update for the kernel. This fixes a vulnerability,
which can be exploited by malicious, local users to cause a DoS (Denial
of Service).

Full Advisory:
http://secunia.com/advisories/11885/

 --

[SA11876] Slackware update for kernel

Critical:    Not critical
Where:       Local system
Impact:      DoS
Released:    2004-06-16

Slackware has issued an update for the kernel. This fixes a
vulnerability, which can be exploited by malicious, local users to
cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/11876/

 --

[SA11871] Fedora update for kernel

Critical:    Not critical
Where:       Local system
Impact:      DoS
Released:    2004-06-15

Fedora has issued an update for the kernel. This fixes a vulnerability,
which can be exploited by malicious, local users to cause a DoS (Denial
of Service).

Full Advisory:
http://secunia.com/advisories/11871/

 --

[SA11861] Linux Kernel "__clear_fpu()" Macro Denial of Service
Vulnerability

Critical:    Not critical
Where:       Local system
Impact:      DoS
Released:    2004-06-15

Stian Skjelstad has reported a vulnerability in the Linux kernel
allowing malicious, local users to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/11861/

 --

[SA11847] NetBSD "swapctl()" Denial of Service Vulnerability

Critical:    Not critical
Where:       Local system
Impact:      DoS
Released:    2004-06-12

Evgeny Demidov has reported a vulnerability in NetBSD, which can be
exploited by malicious, local users to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/11847/


Other:--

[SA11849] Edimax EW-7205APL Default Account and Password Disclosure

Critical:    Moderately critical
Where:       From local network
Impact:      Exposure of sensitive information
Released:    2004-06-15

msl has reported a vulnerability in Edimax EW-7205APL, which can be
exploited by malicious people to access the access point and disclose
administrative passwords.

Full Advisory:
http://secunia.com/advisories/11849/

 --

[SA11882] Cisco IOS BGP Processing Denial of Service Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      DoS
Released:    2004-06-16

A vulnerability has been discovered in Cisco IOS, allowing malicious
people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/11882/


Cross Platform:--

[SA11880] Pivot Multiple Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2004-06-16

Some vulnerabilities have been discovered in Pivot, which potentially
can be exploited by malicious people to compromise a vulnerable
system.

Full Advisory:
http://secunia.com/advisories/11880/

 --

[SA11844] Subversion svn Protocol String Parsing Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2004-06-12

ned has reported a vulnerability in Subversion, which can be exploited
by malicious people to cause a DoS (Denial of Service) and potentially
compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/11844/

 --

[SA11864] BEA WebLogic SSL Connection Handling Denial of Service
Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2004-06-15

A vulnerability has been reported in BEA WebLogic Server and WebLogic
Express, which can be exploited by malicious people to cause a DoS
(Denial of Service).

Full Advisory:
http://secunia.com/advisories/11864/

 --

[SA11835] cPanel "passwd" Script Database Password Manipulation
Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass, Manipulation of data
Released:    2004-06-14

verb0s has reported a vulnerability in cPanel, which can be exploited
by certain, authenticated users to manipulate database passwords.

Full Advisory:
http://secunia.com/advisories/11835/

 --

[SA11865] BEA WebLogic Incorrect Identity RMI Method Execution
Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Security Bypass
Released:    2004-06-16

A vulnerability has been discovered in BEA WebLogic Server and WebLogic
Express, which can be exploited by malicious users to perform certain
actions with a wrong identity.

Full Advisory:
http://secunia.com/advisories/11865/

 --

[SA11852] PHP-Nuke Multiple Vulnerabilities

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting, Exposure of system information,
Exposure of sensitive information, DoS
Released:    2004-06-14

Janek Vind has reported multiple vulnerabilities in PHP-Nuke, which can
be exploited by malicious people to conduct cross-site scripting
attacks, disclose path information, and cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/11852/

 --

[SA11846] VP-ASP Shopping Cart Cross-Site Scripting Vulnerabilities

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2004-06-12

Thomas Ryan has discovered multiple vulnerabilities in VP-ASP, which
can be exploited by malicious people to conduct cross-site scripting
attacks.

Full Advisory:
http://secunia.com/advisories/11846/

 --

[SA11860] VICE Monitor "Memory Dump" Command Format String
Vulnerability

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2004-06-16

Spiro Trikaliotis has reported a vulnerability in VICE, which
potentially can be exploited by a malicious, local users to gain
escalated privileges.

Full Advisory:
http://secunia.com/advisories/11860/



========================================================================

Secunia recommends that you verify all advisories you receive,
by clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only use
those supplied by the vendor.

Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/

Subscribe:
http://secunia.com/secunia_weekly_summary/

Contact details:
Web	: http://secunia.com/
E-mail	: support at secunia.com
Tel	: +45 70 20 51 44
Fax	: +45 70 20 51 45

========================================================================





More information about the ISN mailing list