[ISN] Secunia Weekly Summary - Issue: 2004-41
InfoSec News
isn at c4i.org
Sat Oct 9 05:04:05 EDT 2004
========================================================================
The Secunia Weekly Advisory Summary
2004-09-30 - 2004-10-07
This week : 60 advisories
========================================================================
Table of Contents:
1.....................................................Word From Secunia
2....................................................This Week In Brief
3...............................This Weeks Top Ten Most Read Advisories
4.......................................Vulnerabilities Summary Listing
5.......................................Vulnerabilities Content Listing
========================================================================
1) Word From Secunia:
Secunia has implemented new features at Secunia.com
SECUNIA ADVISORIES NOW INCLUDE "Solution Status":
In addition to the extensive information Secunia advisories already
include, Secunia has added a new parameter: "Solution Status". This
simply means that all Secunia advisories, including older advisories,
now include the current "Solution Status" of a advisory, i.e. if the
vendor has released a patch or not.
IMPROVED PRODUCT PAGES:
The improved product pages now include a detailed listing of all
Secunia advisories affecting each product. The listings include a clear
indication of the "Solution Status" each advisory has ("Unpatched",
"Vendor patch", "Vendor workaround", or "Partial fix"). View the
following for examples:
Opera 7:
http://secunia.com/product/761/
Internet Explorer 6:
http://secunia.com/product/11/
Mozilla Firefox:
http://secunia.com/product/3256/
EXTRA STATISTICS:
Each product page also includes a new pie graph, displaying the
"Solution Status" for all Secunia advisories affecting each product in
a given period. View the following for an example:
Internet Explorer 6:
http://secunia.com/product/11/#statistics_solution
FEEDBACK SYSTEM:
To make it easier to provide feedback to the Secunia staff, we have
made an online feedback form. Enter your inquiry and it will
immediately be sent to the appropriate Secunia department.
Ideas, suggestions, and other feedback is most welcome
Secunia Feedback Form:
http://secunia.com/contact_form/
========================================================================
2) This Week in Brief:
ADVISORIES:
Apple has issued a security update for Mac OS X, which fixes several
vulnerabilities in various software included in Mac OS X.
Additional details about the affected software and patch instructions
can be found in the Secunia advisory below.
Reference:
http://secunia.com/SA12690
--
Mozilla Foundation has fixed a moderately critical vulnerability in
Mozilla Firefox, which can be exploited by malicious people to delete
files on a vulnerable system.
Successful exploitation will result in recursive deletion of all
files in the user's download directory.
Reference:
http://secunia.com/SA12708
VIRUS ALERTS:
Secunia has not issued any virus alerts during the last week.
========================================================================
3) This Weeks Top Ten Most Read Advisories:
1. [SA12304] Internet Explorer Address Bar Spoofing Vulnerability
2. [SA12321] Microsoft Internet Explorer Drag and Drop Vulnerability
3. [SA12708] Mozilla Firefox Download Directory File Deletion
Vulnerability
4. [SA12526] Mozilla Multiple Vulnerabilities
5. [SA12580] Mozilla / Mozilla Firefox Cross-Domain Cookie Injection
Vulnerability
6. [SA12635] Symantec Firewall/VPN Products Multiple Vulnerabilities
7. [SA12672] RealOne Player / RealPlayer / Helix Player Multiple
Vulnerabilities
8. [SA11978] Multiple Browsers Frame Injection Vulnerability
9. [SA12680] Microsoft SQL Server Denial of Service Vulnerability
10. [SA12403] Mozilla / Mozilla Firefox Apple Java Plugin Tab Spoofing
Vulnerability
========================================================================
4) Vulnerabilities Summary Listing
Windows:
[SA12755] TriDComm FTP Server Directory Traversal Vulnerability
[SA12753] AtHoc Toolbar Unspecified Vulnerabilities
[SA12710] Judge Dredd Client Message Handling Format String
Vulnerability
[SA12702] Kerio MailServer Unspecified Security Issue
[SA12689] MyWebServer Multiple Connection Denial of Service
Vulnerability
[SA12719] NetworkActiv Web Server Denial of Service Vulnerability
[SA12734] Symantec Norton AntiVirus MS-DOS Device Name Handling
Weakness
UNIX/Linux:
[SA12750] Mandrake update for xine-lib
[SA12747] SuSE update for mozilla
[SA12745] HP VirtualVault / Webproxy mod_ssl Format String
Vulnerability
[SA12742] Mozilla Application Suite for Tru64 UNIX Multiple
Vulnerabilities
[SA12741] Gentoo update for netkit-telnetd
[SA12727] Red Hat update for XFree86
[SA12698] Red Hat update for mozilla
[SA12694] AIX Network Authentication Service Multiple Vulnerabilities
[SA12690] Mac OS X Security Update Fixes Multiple Vulnerabilities
[SA12739] Gentoo update for PHP
[SA12725] Red Hat update for kdelibs/kdebase
[SA12699] Red Hat update for squid
[SA12743] Debian update for libapache-mod-dav
[SA12700] Red Hat update for spamassassin
[SA12688] Gentoo update for subversion
[SA12754] Fedora update for squid
[SA12748] Debian update for samba
[SA12735] SuSE update for samba
[SA12726] Red Hat update for samba
[SA12718] Mandrake update for samba
[SA12711] distcc IP-based Access Control Rules Security Bypass
[SA12707] Trustix update for samba
[SA12696] Samba Arbitrary File Access Vulnerability
[SA12746] Debian update for net-acct
[SA12744] Sun Solaris update for gzip
[SA12737] Fedora update for cups
[SA12736] CUPS Logfile User Credentials Disclosure
[SA12724] Slackware update for getmail
[SA12723] Gentoo update for netpbm
[SA12722] FreeBSD syscons Kernel Memory Disclosure Vulnerability
[SA12705] Debian freenet6 Insecure Configuration File Permissions
[SA12701] Red Hat update for ruby
[SA12697] Trustix Linux Multiple Packages Insecure Temporary File
Handling
[SA12716] spider "read_file()" Potential Privilege Escalation
Vulnerability
Other:
Cross Platform:
[SA12738] PHPLinks SQL Injection and Arbitrary Local File Inclusion
Vulnerabilities
[SA12732] AWS MySQLguest Script Insertion Vulnerability
[SA12730] BugPort Unspecified Attachment Handling Vulnerability
[SA12721] Real Estate Management Software Unspecified Vulnerabilities
[SA12720] Online Recruitment Agency Unspecified Vulnerabilities
[SA12709] yappa-ng Unspecified "Show Random Image" Vulnerability
[SA12708] Mozilla Firefox Download Directory File Deletion
Vulnerability
[SA12704] Silent Storm Portal Cross-Site Scripting and Security Bypass
Vulnerabilities
[SA12703] IBM Trading Partner Interchange Arbitrary File Access
Vulnerability
[SA12695] w-Agora Multiple Vulnerabilities
[SA12691] bBlog "p" SQL Injection Vulnerability
[SA12733] DB2 Universal Database Multiple Vulnerabilities
[SA12740] Invision Power Board Referer Header Cross-Site Scripting
Vulnerability
[SA12729] My Blog Unspecified Cross-Site Scripting Vulnerabilities
[SA12728] Online-Bookmarks Security Bypass Vulnerability
[SA12715] Xerces-C++ XML Parser Denial of Service Vulnerability
[SA12693] Macromedia ColdFusion MX Security Bypass Vulnerability
[SA12692] MediaWiki "raw" Page Output Mode Cross-Site Scripting
Vulnerability
[SA12756] MaxDB Web Agent "Server" Field Denial of Service
Vulnerability
========================================================================
5) Vulnerabilities Content Listing
Windows:--
[SA12755] TriDComm FTP Server Directory Traversal Vulnerability
Critical: Highly critical
Where: From remote
Impact: Security Bypass, System access
Released: 2004-10-07
Luigi Auriemma has reported a vulnerability in TriDComm, which can be
exploited by malicious users to access arbitrary files on a vulnerable
system.
Full Advisory:
http://secunia.com/advisories/12755/
--
[SA12753] AtHoc Toolbar Unspecified Vulnerabilities
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2004-10-07
NGSSoftware has reported two vulnerabilities in AtHoc Toolbar, which
potentially can be exploited by malicious people to compromise a user's
system.
Full Advisory:
http://secunia.com/advisories/12753/
--
[SA12710] Judge Dredd Client Message Handling Format String
Vulnerability
Critical: Highly critical
Where: From remote
Impact: DoS, System access
Released: 2004-10-04
Luigi Auriemma has reported a vulnerability in Judge Dredd: Dredd vs.
Death, which potentially can be exploited by malicious people to
compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/12710/
--
[SA12702] Kerio MailServer Unspecified Security Issue
Critical: Moderately critical
Where: From remote
Impact: Unknown
Released: 2004-10-01
An unspecified security issue with an unknown impact has been reported
in Kerio MailServer.
Full Advisory:
http://secunia.com/advisories/12702/
--
[SA12689] MyWebServer Multiple Connection Denial of Service
Vulnerability
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2004-09-30
The unl0ck team has discovered a vulnerability in MyWebServer, which
can be exploited by malicious people to cause a DoS (Denial of
Service).
Full Advisory:
http://secunia.com/advisories/12689/
--
[SA12719] NetworkActiv Web Server Denial of Service Vulnerability
Critical: Less critical
Where: From remote
Impact: DoS
Released: 2004-10-05
Ziv Kamir has reported a vulnerability in NetworkActiv Web Server,
which can be exploited by malicious people to cause a DoS (Denial of
Service).
Full Advisory:
http://secunia.com/advisories/12719/
--
[SA12734] Symantec Norton AntiVirus MS-DOS Device Name Handling
Weakness
Critical: Not critical
Where: Local system
Impact: Security Bypass
Released: 2004-10-06
Kurt Seifried has reported a weakness in Symantec Norton AntiVirus,
which can be exploited by malware to bypass certain scanning
functionality.
Full Advisory:
http://secunia.com/advisories/12734/
UNIX/Linux:--
[SA12750] Mandrake update for xine-lib
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2004-10-07
MandrakeSoft has issued an update for xine-lib. This fixes multiple
vulnerabilities, which can be exploited by malicious people to
compromise a user's system.
Full Advisory:
http://secunia.com/advisories/12750/
--
[SA12747] SuSE update for mozilla
Critical: Highly critical
Where: From remote
Impact: Cross Site Scripting, Spoofing, Manipulation of data,
Exposure of sensitive information, DoS, System access
Released: 2004-10-07
SuSE has issued an update for mozilla. This fixes multiple
vulnerabilities, which can be exploited to cause a DoS (Denial of
Service), spoof content of websites, conduct cross-site scripting
attacks, access and modify sensitive information, or compromise a
vulnerable system.
Full Advisory:
http://secunia.com/advisories/12747/
--
[SA12745] HP VirtualVault / Webproxy mod_ssl Format String
Vulnerability
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2004-10-06
HP has confirmed a vulnerability in Apache affecting HP VirtualVault
and HP Webproxy, which potentially can be exploited by malicious people
to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/12745/
--
[SA12742] Mozilla Application Suite for Tru64 UNIX Multiple
Vulnerabilities
Critical: Highly critical
Where: From remote
Impact: Cross Site Scripting, Manipulation of data, Exposure of
sensitive information, System access
Released: 2004-10-06
HP has confirmed some vulnerabilities in the Mozilla Application Suite
for Tru64 UNIX, which can be exploited to conduct cross-site scripting
attacks, access and modify sensitive information, and compromise a
user's system.
Full Advisory:
http://secunia.com/advisories/12742/
--
[SA12741] Gentoo update for netkit-telnetd
Critical: Highly critical
Where: From remote
Impact: DoS, System access
Released: 2004-10-06
Gentoo has issued an update for netkit-telnetd. This fixes a
vulnerability, which can be exploited by malicious people to cause a
DoS (Denial of Service) and potentially compromise a vulnerable
system.
Full Advisory:
http://secunia.com/advisories/12741/
--
[SA12727] Red Hat update for XFree86
Critical: Highly critical
Where: From remote
Impact: Security Bypass, System access
Released: 2004-10-05
Red Hat has issued an update for XFree86. This fixes multiple
vulnerabilities, which potentially can be exploited by malicious people
to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/12727/
--
[SA12698] Red Hat update for mozilla
Critical: Highly critical
Where: From remote
Impact: Cross Site Scripting, Manipulation of data, Exposure of
sensitive information, System access
Released: 2004-10-01
Red Hat has issued an update for mozilla. This fixes multiple
vulnerabilities, which can be exploited to conduct cross-site scripting
attacks, access and modify sensitive information, and compromise a
user's system.
Full Advisory:
http://secunia.com/advisories/12698/
--
[SA12694] AIX Network Authentication Service Multiple Vulnerabilities
Critical: Highly critical
Where: From remote
Impact: DoS, System access
Released: 2004-10-01
IBM has acknowledged some vulnerabilities in IBM Network Authentication
Service for AIX, which can be exploited by malicious people to cause a
DoS (Denial of Service) or compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/12694/
--
[SA12690] Mac OS X Security Update Fixes Multiple Vulnerabilities
Critical: Highly critical
Where: From remote
Impact: Security Bypass, Exposure of system information, Exposure
of sensitive information, DoS, System access
Released: 2004-10-05
Apple has issued a security update for Mac OS X, which fixes various
vulnerabilities.
Full Advisory:
http://secunia.com/advisories/12690/
--
[SA12739] Gentoo update for PHP
Critical: Moderately critical
Where: From remote
Impact: Exposure of sensitive information, System access
Released: 2004-10-06
Gentoo has issued an update for PHP. This fixes two vulnerabilities,
which can be exploited by malicious people to disclose sensitive
information or potentially upload files to arbitrary locations.
Full Advisory:
http://secunia.com/advisories/12739/
--
[SA12725] Red Hat update for kdelibs/kdebase
Critical: Moderately critical
Where: From remote
Impact: Hijacking, Spoofing, Privilege escalation
Released: 2004-10-05
Red Hat has issued updates for kdelibs and kdebase. These fix multiple
vulnerabilities, which can be exploited to perform certain actions on a
vulnerable system with escalated privileges, spoof the content of
websites, or hijack sessions.
Full Advisory:
http://secunia.com/advisories/12725/
--
[SA12699] Red Hat update for squid
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2004-10-01
Red Hat has issued an update for squid. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service).
Full Advisory:
http://secunia.com/advisories/12699/
--
[SA12743] Debian update for libapache-mod-dav
Critical: Less critical
Where: From remote
Impact: DoS
Released: 2004-10-06
Debian has issued an update for libapache-mod-dav. This fixes a
vulnerability, which can be exploited by malicious people to cause a
DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/12743/
--
[SA12700] Red Hat update for spamassassin
Critical: Less critical
Where: From remote
Impact: DoS
Released: 2004-10-01
Red Hat has issued an update for spamassassin. This fixes a
vulnerability, which can be exploited by malicious people to cause a
DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/12700/
--
[SA12688] Gentoo update for subversion
Critical: Less critical
Where: From remote
Impact: Exposure of system information, Exposure of sensitive
information
Released: 2004-09-30
Gentoo has issued an update for subversion. This fixes a security
issue, which can be exploited by malicious people to disclose
potentially sensitive information.
Full Advisory:
http://secunia.com/advisories/12688/
--
[SA12754] Fedora update for squid
Critical: Less critical
Where: From local network
Impact: DoS
Released: 2004-10-07
Fedora has issued an update for squid. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service).
Full Advisory:
http://secunia.com/advisories/12754/
--
[SA12748] Debian update for samba
Critical: Less critical
Where: From local network
Impact: Security Bypass
Released: 2004-10-07
Debian has issued an update for samba. This fixes a vulnerability,
which can be exploited by malicious users to access arbitrary files and
directories.
Full Advisory:
http://secunia.com/advisories/12748/
--
[SA12735] SuSE update for samba
Critical: Less critical
Where: From local network
Impact: Security Bypass
Released: 2004-10-05
SuSE has issued an update for samba. This fixes a vulnerability, which
can be exploited by malicious users to access arbitrary files and
directories.
Full Advisory:
http://secunia.com/advisories/12735/
--
[SA12726] Red Hat update for samba
Critical: Less critical
Where: From local network
Impact: Security Bypass
Released: 2004-10-05
Red Hat has issued an update for samba. This fixes a vulnerability,
which can be exploited by malicious users to access arbitrary files and
directories.
Full Advisory:
http://secunia.com/advisories/12726/
--
[SA12718] Mandrake update for samba
Critical: Less critical
Where: From local network
Impact: Security Bypass
Released: 2004-10-04
MandrakeSoft has issued an update for samba. This fixes a
vulnerability, which can be exploited by malicious users to access
arbitrary files and directories.
Full Advisory:
http://secunia.com/advisories/12718/
--
[SA12711] distcc IP-based Access Control Rules Security Bypass
Critical: Less critical
Where: From local network
Impact: Security Bypass
Released: 2004-10-04
A vulnerability has been reported in distcc, which potentially can be
exploited by malicious people to bypass certain security restrictions.
Full Advisory:
http://secunia.com/advisories/12711/
--
[SA12707] Trustix update for samba
Critical: Less critical
Where: From local network
Impact: Security Bypass
Released: 2004-10-01
Trustix has issued an update for samba. This fixes a vulnerability,
which can be exploited by malicious users to access arbitrary files and
directories.
Full Advisory:
http://secunia.com/advisories/12707/
--
[SA12696] Samba Arbitrary File Access Vulnerability
Critical: Less critical
Where: From local network
Impact: Security Bypass
Released: 2004-10-01
Karol Wiesek has reported a vulnerability in Samba, which can be
exploited by malicious users to access arbitrary files and
directories.
Full Advisory:
http://secunia.com/advisories/12696/
--
[SA12746] Debian update for net-acct
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2004-10-06
Debian has issued an update for net-acct. This fixes a vulnerability,
which can be exploited by malicious, local users to perform certain
actions on a vulnerable system with escalated privileges.
Full Advisory:
http://secunia.com/advisories/12746/
--
[SA12744] Sun Solaris update for gzip
Critical: Less critical
Where: Local system
Impact: Manipulation of data, Exposure of sensitive information
Released: 2004-10-06
Sun has issued an updated for gzip. This fixes a vulnerability, which
can be exploited by malicious, local users to access sensitive
information.
Full Advisory:
http://secunia.com/advisories/12744/
--
[SA12737] Fedora update for cups
Critical: Less critical
Where: Local system
Impact: Exposure of sensitive information
Released: 2004-10-06
Fedora has issued an update for cups. This fixes a vulnerability, which
can be exploited by malicious, local users to gain knowledge of
sensitive information.
Full Advisory:
http://secunia.com/advisories/12737/
--
[SA12736] CUPS Logfile User Credentials Disclosure
Critical: Less critical
Where: Local system
Impact: Exposure of sensitive information
Released: 2004-10-06
Gary Smith has reported a vulnerability in CUPS, which can be exploited
by malicious, local users to gain knowledge of sensitive information.
Full Advisory:
http://secunia.com/advisories/12736/
--
[SA12724] Slackware update for getmail
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2004-10-05
Slackware has issued an update for getmail. This fixes a vulnerability,
which can be exploited by malicious, local users to gain escalated
privileges.
Full Advisory:
http://secunia.com/advisories/12724/
--
[SA12723] Gentoo update for netpbm
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2004-10-05
Gentoo has issued an update for netpbm. This fixes a vulnerability,
which can be exploited by malicious, local users to escalate their
privileges on a vulnerable system.
Full Advisory:
http://secunia.com/advisories/12723/
--
[SA12722] FreeBSD syscons Kernel Memory Disclosure Vulnerability
Critical: Less critical
Where: Local system
Impact: Exposure of system information, Exposure of sensitive
information
Released: 2004-10-05
Christer Oberg has reported a vulnerability in FreeBSD, which can be
exploited by malicious, local users to gain knowledge of sensitive
information.
Full Advisory:
http://secunia.com/advisories/12722/
--
[SA12705] Debian freenet6 Insecure Configuration File Permissions
Critical: Less critical
Where: Local system
Impact: Exposure of sensitive information
Released: 2004-10-01
Debian has issued an update for freenet6. This fixes a security issue,
which can be exploited by malicious, local users to access sensitive
information.
Full Advisory:
http://secunia.com/advisories/12705/
--
[SA12701] Red Hat update for ruby
Critical: Less critical
Where: Local system
Impact: Exposure of sensitive information
Released: 2004-10-01
Red Hat has issued an update for ruby. This fixes a vulnerability,
which potentially can be exploited by malicious, local users to gain
knowledge of sensitive information.
Full Advisory:
http://secunia.com/advisories/12701/
--
[SA12697] Trustix Linux Multiple Packages Insecure Temporary File
Handling
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2004-10-01
Trustix has issued updates for multiple packages. These fix some
vulnerabilities, which can be exploited by malicious, local users to
perform certain actions on a vulnerable system with escalated
privileges.
Full Advisory:
http://secunia.com/advisories/12697/
--
[SA12716] spider "read_file()" Potential Privilege Escalation
Vulnerability
Critical: Not critical
Where: Local system
Impact: Privilege escalation
Released: 2004-10-04
Emuadmin Security Team has reported a vulnerability in spider, which
potentially can be exploited by malicious, local users to gain
escalated privileges.
Full Advisory:
http://secunia.com/advisories/12716/
Other:
Cross Platform:--
[SA12738] PHPLinks SQL Injection and Arbitrary Local File Inclusion
Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data, Exposure of system information,
Exposure of sensitive information
Released: 2004-10-06
LSS Security Team has discovered two vulnerabilities in PHPLinks, which
can be exploited by malicious people to conduct SQL injection attacks
and execute arbitrary local PHP scripts.
Full Advisory:
http://secunia.com/advisories/12738/
--
[SA12732] AWS MySQLguest Script Insertion Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting
Released: 2004-10-05
BliZZard has reported a vulnerability in AWS MySQLguest, which can be
exploited by malicious people to conduct script insertion attacks.
Full Advisory:
http://secunia.com/advisories/12732/
--
[SA12730] BugPort Unspecified Attachment Handling Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Unknown
Released: 2004-10-05
Eduardo Correia has reported a vulnerability with an unknown impact in
BugPort.
Full Advisory:
http://secunia.com/advisories/12730/
--
[SA12721] Real Estate Management Software Unspecified Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Unknown
Released: 2004-10-05
Some unspecified vulnerabilities with unknown impacts have been
reported in Real Estate Management Software.
Full Advisory:
http://secunia.com/advisories/12721/
--
[SA12720] Online Recruitment Agency Unspecified Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Unknown
Released: 2004-10-05
Some vulnerabilities with an unknown impact have been reported in
Online Recruitment Agency.
Full Advisory:
http://secunia.com/advisories/12720/
--
[SA12709] yappa-ng Unspecified "Show Random Image" Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Unknown
Released: 2004-10-04
Georg Ragaz has reported a vulnerability with an unknown impact in
yappa-ng.
Full Advisory:
http://secunia.com/advisories/12709/
--
[SA12708] Mozilla Firefox Download Directory File Deletion
Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2004-10-04
Alex Vincent has reported a vulnerability in Mozilla Firefox, which can
be exploited by malicious people to delete files on a user's system.
Full Advisory:
http://secunia.com/advisories/12708/
--
[SA12704] Silent Storm Portal Cross-Site Scripting and Security Bypass
Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting, Manipulation of data
Released: 2004-10-01
R00tCr4ck has reported two vulnerabilities in Silent Storm Portal,
which can be exploited by malicious people to conduct cross-site
scripting attacks and bypass certain security restrictions.
Full Advisory:
http://secunia.com/advisories/12704/
--
[SA12703] IBM Trading Partner Interchange Arbitrary File Access
Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Exposure of system information, Exposure of sensitive
information
Released: 2004-10-05
A vulnerability has been reported in Trading Partner Interchange, which
can be exploited by malicious people to access arbitrary files
Full Advisory:
http://secunia.com/advisories/12703/
--
[SA12695] w-Agora Multiple Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting, Manipulation of data
Released: 2004-10-01
Positive Technologies has reported some vulnerabilities in w-Agora,
which can be exploited by malicious people to conduct SQL injection and
cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/12695/
--
[SA12691] bBlog "p" SQL Injection Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2004-10-01
James McGlinn has reported a vulnerability in bBlog, which can be
exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/12691/
--
[SA12733] DB2 Universal Database Multiple Vulnerabilities
Critical: Moderately critical
Where: From local network
Impact: Unknown, Security Bypass, DoS, System access
Released: 2004-10-06
Multiple vulnerabilities have been reported in DB2 Universal Database,
where some of the vulnerabilities can be exploited to compromise a
vulnerable system.
Full Advisory:
http://secunia.com/advisories/12733/
--
[SA12740] Invision Power Board Referer Header Cross-Site Scripting
Vulnerability
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2004-10-06
Alexander Antipov has reported a vulnerability in Invision Power Board,
which can be exploited by malicious people to conduct cross-site
scripting attacks.
Full Advisory:
http://secunia.com/advisories/12740/
--
[SA12729] My Blog Unspecified Cross-Site Scripting Vulnerabilities
Critical: Less critical
Where: From remote
Impact: Unknown, Cross Site Scripting
Released: 2004-10-05
Some vulnerabilities have been reported in My Blog, which can be
exploited by malicious people to conduct cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/12729/
--
[SA12728] Online-Bookmarks Security Bypass Vulnerability
Critical: Less critical
Where: From remote
Impact: Security Bypass
Released: 2004-10-05
A vulnerability has been reported in Online-Bookmarks, which can be
exploited by malicious people to bypass certain security restrictions.
Full Advisory:
http://secunia.com/advisories/12728/
--
[SA12715] Xerces-C++ XML Parser Denial of Service Vulnerability
Critical: Less critical
Where: From remote
Impact: DoS
Released: 2004-10-04
Amit Klein has reported a vulnerability in Xerces-C++, which can be
exploited by malicious people to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/12715/
--
[SA12693] Macromedia ColdFusion MX Security Bypass Vulnerability
Critical: Less critical
Where: From remote
Impact: Security Bypass
Released: 2004-10-04
Eric Lackey has reported a vulnerability in ColdFusion MX, which can be
exploited by malicious, authenticated users to bypass certain security
restrictions.
Full Advisory:
http://secunia.com/advisories/12693/
--
[SA12692] MediaWiki "raw" Page Output Mode Cross-Site Scripting
Vulnerability
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2004-10-01
A vulnerability has been reported in MediaWiki, which can be exploited
by malicious people to conduct cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/12692/
--
[SA12756] MaxDB Web Agent "Server" Field Denial of Service
Vulnerability
Critical: Less critical
Where: From local network
Impact: DoS
Released: 2004-10-07
Patrik Karlsson has reported a vulnerability in MaxDB, which can be
exploited by malicious people to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/12756/
========================================================================
Secunia recommends that you verify all advisories you receive,
by clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only use
those supplied by the vendor.
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Subscribe:
http://secunia.com/secunia_weekly_summary/
Contact details:
Web : http://secunia.com/
E-mail : support at secunia.com
Tel : +45 70 20 51 44
Fax : +45 70 20 51 45
========================================================================
More information about the ISN
mailing list