[ISN] Secunia Weekly Summary - Issue: 2005-14

InfoSec News isn at c4i.org
Fri Apr 8 01:58:16 EDT 2005


========================================================================

                  The Secunia Weekly Advisory Summary                  
                        2005-03-31 - 2005-04-07                        

                       This week : 58 advisories                       

========================================================================
Table of Contents:

1.....................................................Word From Secunia
2....................................................This Week In Brief
3...............................This Weeks Top Ten Most Read Advisories
4.......................................Vulnerabilities Summary Listing
5.......................................Vulnerabilities Content Listing

========================================================================
1) Word From Secunia:

Want a new IT Security job?

Vacant positions at Secunia:
http://secunia.com/secunia_vacancies/

========================================================================
2) This Week in Brief:

A vulnerability has been discovered in various Mozilla based products,
which can be exploited by malicious people to gain knowledge of
potentially sensitive information.

Secunia has constructed a test, which can be used to check if your
browser is affected by this issue:
http://secunia.com/mozilla_products_arbitrary_memory_exposure_test/

References:
http://secunia.com/SA14804
http://secunia.com/SA14820
http://secunia.com/SA14821


VIRUS ALERTS:

Secunia has not issued any virus alerts during the week.

========================================================================
3) This Weeks Top Ten Most Read Advisories:

1.  [SA14820] Mozilla Firefox JavaScript Engine Information Disclosure
              Vulnerability
2.  [SA14821] Mozilla Suite JavaScript Engine Information Disclosure
              Vulnerability
3.  [SA14792] PHP Multiple Vulnerabilities
4.  [SA14654] Mozilla Firefox Three Vulnerabilities
5.  [SA14804] Netscape JavaScript Engine Information Disclosure
              Vulnerability
6.  [SA12758] Microsoft Word Document Parsing Buffer Overflow
              Vulnerability
7.  [SA12889] Microsoft Internet Explorer Multiple Vulnerabilities
8.  [SA14784] Cisco VPN Concentrator 3000 Series HTTPS Packet Denial of
              Service
9.  [SA14745] MIT Kerberos Telnet Client Buffer Overflow
              Vulnerabilities
10. [SA14808] Windows Server 2003 Local Denial of Service
              Vulnerabilities

========================================================================
4) Vulnerabilities Summary Listing

Windows:
[SA14812] MailEnable IMAP Buffer Overflow and SMTP Denial of Service
[SA14809] Star Wars Jedi Knight: Jedi Academy Message Handling Buffer
Overflow
[SA14839] Active Auction House Cross-Site Scripting and SQL Injection
[SA14833] ProductCart Cross-Site Scripting and SQL Injection
Vulnerabilities
[SA14825] Comersus Cart Username Script Insertion Vulnerability
[SA14811] Quake3 Engine Denial of Service Vulnerability
[SA14837] CA eTrust Intrusion Detection CPImportKey Denial of Service
[SA14829] DameWare NT Utilities / Mini Remote Control Privilege
Escalation
[SA14790] BlueSoleil Object Push Service Directory Traversal
Vulnerability
[SA14813] Adobe Reader / Adobe Acrobat Local Files Detection and Denial
of Service
[SA14808] Windows Server 2003 Local Denial of Service Vulnerabilities

UNIX/Linux:
[SA14819] Red Hat update for tetex
[SA14816] Debian update for imagemagick
[SA14807] SGI Advanced Linux Environment Multiple Updates
[SA14806] Gentoo update for sylpheed / sylpheed-claws
[SA14800] Mandrake update for ImageMagick
[SA14791] teTeX Multiple Image Decoder Parsing Vulnerabilities
[SA14855] Ubuntu update for libapache2-mod-php4/php4-cgi
[SA14845] Red Hat update for curl
[SA14830] Gentoo update for dnsmasq
[SA14828] Slackware update for php
[SA14817] Debian update for krb5
[SA14805] Gentoo update for telnet-bsd
[SA14798] Ubuntu update for kernel
[SA14797] SUSE update for ipsec-tools
[SA14796] Mandrake update for libexif
[SA14794] Mandrake update for ipsec-tools
[SA14792] PHP Multiple Vulnerabilities
[SA14856] AIX Unspecified NIS Client System Compromise Vulnerability
[SA14826] Debian update for remstats
[SA14810] remstats Insecure Temporary File Creation and Arbitrary
Command Execution
[SA14834] Debian update for wu-ftpd
[SA14803] Mandrake update for grip
[SA14799] phpMyAdmin "convcharset" Cross-Site Scripting Vulnerability
[SA14795] Mandrake update for htdig
[SA14847] Fedora update for mysql
[SA14846] Red Hat update for mysql-server
[SA14822] Conectiva update for mysql
[SA14842] FreeBSD sendfile Kernel Memory Disclosure Vulnerability
[SA14840] Trustix update for kernel
[SA14836] SCO OpenServer nwclient Privilege Escalation Vulnerability
[SA14835] SUSE update for kernel
[SA14827] FreeBSD amd64 Direct Hardware Access Security Issue
[SA14850] Fedora update for gaim
[SA14849] Ubuntu update for gaim
[SA14844] Red Hat update for gdk-pixbuf
[SA14838] Ubuntu update for libgdk-pixbuf2/libgtk2.0-0
[SA14818] Red Hat update for gtk2
[SA14815] Gaim Multiple Denial of Service Weaknesses
[SA14824] Ubuntu update for unshar

Other:
[SA14823] SonicWALL SOHO series Cross-Site Scripting and Script
Injection

Cross Platform:
[SA14802] AlstraSoft EPay Pro Cross-Site Scripting and Arbitrary File
Inclusion
[SA14814] BakBone NetVault Buffer Overflow Vulnerabilities
[SA14832] PayProCart Multiple Vulnerabilities
[SA14821] Mozilla Suite JavaScript Engine Information Disclosure
Vulnerability
[SA14820] Mozilla Firefox JavaScript Engine Information Disclosure
Vulnerability
[SA14804] Netscape JavaScript Engine Information Disclosure
Vulnerability
[SA14793] MX Shop / MX Kart SQL Injection Vulnerabilities

========================================================================
5) Vulnerabilities Content Listing

Windows:--

[SA14812] MailEnable IMAP Buffer Overflow and SMTP Denial of Service

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2005-04-04

Two vulnerabilities have been reported in MailEnable, which can be
exploited by malicious people to cause a DoS (Denial of Service) and
compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/14812/

 --

[SA14809] Star Wars Jedi Knight: Jedi Academy Message Handling Buffer
Overflow

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2005-04-04

Luigi Auriemma has reported a vulnerability in Star Wars Jedi Knight:
Jedi Academy, which can be exploited by malicious people to compromise
a vulnerable system.

Full Advisory:
http://secunia.com/advisories/14809/

 --

[SA14839] Active Auction House Cross-Site Scripting and SQL Injection

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting, Manipulation of data
Released:    2005-04-06

Diabolic Crab has reported some vulnerabilities in Active Auction
House, which can be exploited by malicious people to conduct cross-site
scripting and SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/14839/

 --

[SA14833] ProductCart Cross-Site Scripting and SQL Injection
Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting, Manipulation of data
Released:    2005-04-05

Diabolic Crab has reported some vulnerabilities in ProductCart, which
can be exploited by malicious people to conduct cross-site scripting
and SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/14833/

 --

[SA14825] Comersus Cart Username Script Insertion Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2005-04-05

Zinho has discovered a vulnerability in Comersus Cart, which can be
exploited by malicious people to conduct script insertion attacks.

Full Advisory:
http://secunia.com/advisories/14825/

 --

[SA14811] Quake3 Engine Denial of Service Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      DoS
Released:    2005-04-05

Luigi Auriemma has reported a vulnerability in the Quake3 Engine, which
can be exploited by malicious people to conduct a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/14811/

 --

[SA14837] CA eTrust Intrusion Detection CPImportKey Denial of Service

Critical:    Less critical
Where:       From local network
Impact:      DoS
Released:    2005-04-06

A vulnerability has been reported in CA eTrust Intrusion Detection,
which can be exploited by malicious people to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/14837/

 --

[SA14829] DameWare NT Utilities / Mini Remote Control Privilege
Escalation

Critical:    Less critical
Where:       From local network
Impact:      Privilege escalation
Released:    2005-04-06

A vulnerability has been reported in DameWare NT Utilities and DameWare
Mini Remote Control, which can be exploited by malicious users to gain
escalated privileges.

Full Advisory:
http://secunia.com/advisories/14829/

 --

[SA14790] BlueSoleil Object Push Service Directory Traversal
Vulnerability

Critical:    Less critical
Where:       From local network
Impact:      Security Bypass
Released:    2005-04-01

Kevin Finisterre has reported a vulnerability in BlueSoleil, which can
be exploited by malicious users to bypass certain security
restrictions.

Full Advisory:
http://secunia.com/advisories/14790/

 --

[SA14813] Adobe Reader / Adobe Acrobat Local Files Detection and Denial
of Service

Critical:    Not critical
Where:       From remote
Impact:      Exposure of system information, DoS
Released:    2005-04-04

Two weaknesses have been reported in Adobe Reader and Adobe Acrobat,
which can be exploited by malicious people to enumerate files on a
user's system or crash the application.

Full Advisory:
http://secunia.com/advisories/14813/

 --

[SA14808] Windows Server 2003 Local Denial of Service Vulnerabilities

Critical:    Not critical
Where:       Local system
Impact:      DoS
Released:    2005-04-05

Two vulnerabilities have been reported in Microsoft Windows Server
2003, which can be exploited by malicious, local users to cause a DoS
(Denial of Service).

Full Advisory:
http://secunia.com/advisories/14808/


UNIX/Linux:--

[SA14819] Red Hat update for tetex

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2005-04-04

Red Hat has issued an update for tetex. This fixes multiple
vulnerabilities, which potentially can be exploited by malicious people
to cause a DoS (Denial of Service) or compromise a user's system.

Full Advisory:
http://secunia.com/advisories/14819/

 --

[SA14816] Debian update for imagemagick

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2005-04-04

Debian has issued an update for imagemagick. This fixes some
vulnerabilities, which potentially can be exploited by malicious people
to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/14816/

 --

[SA14807] SGI Advanced Linux Environment Multiple Updates

Critical:    Highly critical
Where:       From remote
Impact:      Security Bypass, Cross Site Scripting, Spoofing, DoS,
System access
Released:    2005-04-06

SGI has issued a patch for SGI Advanced Linux Environment. This fixes
multiple vulnerabilities, which can be exploited by malicious people to
bypass certain security restrictions, conduct cross-site scripting and
spoofing attacks, cause a DoS (Denial of Service), and compromise a
user's system.

Full Advisory:
http://secunia.com/advisories/14807/

 --

[SA14806] Gentoo update for sylpheed / sylpheed-claws

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2005-04-04

Gentoo has issued updates for sylpheed and sylpheed-claws. These fix a
vulnerability, which potentially can be exploited by malicious people
to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/14806/

 --

[SA14800] Mandrake update for ImageMagick

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2005-04-04

MandrakeSoft has issued an update for ImageMagick. This fixes some
vulnerabilities, which potentially can be exploited by malicious people
to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/14800/

 --

[SA14791] teTeX Multiple Image Decoder Parsing Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2005-04-04

Some vulnerabilities have been reported in tetex, which potentially can
be exploited by malicious people to cause a DoS (Denial of Service) or
compromise a user's system.

Full Advisory:
http://secunia.com/advisories/14791/

 --

[SA14855] Ubuntu update for libapache2-mod-php4/php4-cgi

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2005-04-06

Ubuntu has issued updates for libapache2-mod-php4 and php4-cgi. These
fix two vulnerabilities, which can be exploited by malicious people to
cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/14855/

 --

[SA14845] Red Hat update for curl

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2005-04-06

Red Hat has issued an update for curl. This fixes a vulnerability,
which can be exploited by malicious people to compromise a user's
system.

Full Advisory:
http://secunia.com/advisories/14845/

 --

[SA14830] Gentoo update for dnsmasq

Critical:    Moderately critical
Where:       From remote
Impact:      Spoofing, Manipulation of data, DoS
Released:    2005-04-05

Gentoo has issued an update for dnsmasq. This fixes two
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service) or poison the DNS cache.

Full Advisory:
http://secunia.com/advisories/14830/

 --

[SA14828] Slackware update for php

Critical:    Moderately critical
Where:       From remote
Impact:      Unknown, DoS
Released:    2005-04-06

Slackware has issued an update for php. This fixes some
vulnerabilities, where some have an unknown impact and others can be
exploited by malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/14828/

 --

[SA14817] Debian update for krb5

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2005-04-04

Debian has issued an update for krb5. This fixes two vulnerabilities,
which can be exploited by malicious people to compromise a vulnerable
system.

Full Advisory:
http://secunia.com/advisories/14817/

 --

[SA14805] Gentoo update for telnet-bsd

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2005-04-04

Gentoo has issued an update for telnet-bsd. This fixes two
vulnerabilities, which can be exploited by malicious people to
compromise a user's system.

Full Advisory:
http://secunia.com/advisories/14805/

 --

[SA14798] Ubuntu update for kernel

Critical:    Moderately critical
Where:       From remote
Impact:      Hijacking, Exposure of system information, Exposure of
sensitive information, Privilege escalation, DoS, System access
Released:    2005-04-04

Ubuntu has issued an update for the kernel. This fixes multiple
vulnerabilities, which can be exploited to disclose information, cause
a DoS (Denial of Service), gain escalated privileges, or potentially
compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/14798/

 --

[SA14797] SUSE update for ipsec-tools

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2005-04-01

SUSE has issued an update for ipsec-tools. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/14797/

 --

[SA14796] Mandrake update for libexif

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2005-04-01

Mandrakesoft has issued an update for libexif. This fixes a
vulnerability, which can be exploited by malicious people to cause a
DoS (Denial of Service) or potentially compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/14796/

 --

[SA14794] Mandrake update for ipsec-tools

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2005-04-01

MandrakeSoft has issued an update for ipsec-tools. This fixes a
vulnerability, which can be exploited by malicious people to cause a
DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/14794/

 --

[SA14792] PHP Multiple Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Unknown, DoS
Released:    2005-04-01

Multiple vulnerabilities have been reported in PHP, where some have an
unknown impact and others can be exploited by malicious people to cause
a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/14792/

 --

[SA14856] AIX Unspecified NIS Client System Compromise Vulnerability

Critical:    Moderately critical
Where:       From local network
Impact:      Privilege escalation, System access
Released:    2005-04-06

A vulnerability has been reported in AIX, which can be exploited by
malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/14856/

 --

[SA14826] Debian update for remstats

Critical:    Moderately critical
Where:       From local network
Impact:      Privilege escalation, System access
Released:    2005-04-05

Debian has issued an update for remstats. This fixes two
vulnerabilities, which can be exploited by malicious, local users to
perform certain actions on a vulnerable system with escalated
privileges and by malicious people to potentially compromise a
vulnerable system.

Full Advisory:
http://secunia.com/advisories/14826/

 --

[SA14810] remstats Insecure Temporary File Creation and Arbitrary
Command Execution

Critical:    Moderately critical
Where:       From local network
Impact:      Privilege escalation, System access
Released:    2005-04-05

Jens Steube has reported two vulnerabilities in remstats, which can be
exploited by malicious, local users to perform certain actions on a
vulnerable system with escalated privileges, and by malicious people to
potentially compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/14810/

 --

[SA14834] Debian update for wu-ftpd

Critical:    Less critical
Where:       From remote
Impact:      DoS
Released:    2005-04-05

Debian has issued an update for wu-ftpd. This fixes two
vulnerabilities, which can be exploited by malicious users to cause a
DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/14834/

 --

[SA14803] Mandrake update for grip

Critical:    Less critical
Where:       From remote
Impact:      System access
Released:    2005-04-04

MandrakeSoft has issued an update for grip. This fixes a vulnerability,
which potentially can be exploited by malicious people to compromise a
user's system.

Full Advisory:
http://secunia.com/advisories/14803/

 --

[SA14799] phpMyAdmin "convcharset" Cross-Site Scripting Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2005-04-04

Oriol Torrent Santiago has reported a vulnerability in phpMyAdmin,
allowing malicious people to conduct cross-site scripting attack.

Full Advisory:
http://secunia.com/advisories/14799/

 --

[SA14795] Mandrake update for htdig

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2005-04-01

Mandrakesoft has issued an update for htdig. This fixes a
vulnerability, which can be exploited by malicious people to conduct
cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/14795/

 --

[SA14847] Fedora update for mysql

Critical:    Less critical
Where:       From local network
Impact:      Privilege escalation, System access
Released:    2005-04-06

Fedora has issued an update for mysql. This fixes two vulnerabilities,
which potentially can be exploited by malicious users to compromise a
vulnerable system and by malicious, local users to perform certain
actions on a vulnerable system with escalated privileges.

Full Advisory:
http://secunia.com/advisories/14847/

 --

[SA14846] Red Hat update for mysql-server

Critical:    Less critical
Where:       From local network
Impact:      Privilege escalation, System access
Released:    2005-04-06

Red Hat has issued an update for mysql-server. This fixes two
vulnerabilities, which potentially can be exploited by malicious users
to compromise a vulnerable system and by malicious, local users to
perform certain actions on a vulnerable system with escalated
privileges.

Full Advisory:
http://secunia.com/advisories/14846/

 --

[SA14822] Conectiva update for mysql

Critical:    Less critical
Where:       From local network
Impact:      Privilege escalation, System access
Released:    2005-04-05

Conectiva has issued an update for mysql. This fixes two
vulnerabilities, which potentially can be exploited by malicious users
to compromise a vulnerable system and by malicious, local users to
perform certain actions on a vulnerable system with escalated
privileges.

Full Advisory:
http://secunia.com/advisories/14822/

 --

[SA14842] FreeBSD sendfile Kernel Memory Disclosure Vulnerability

Critical:    Less critical
Where:       Local system
Impact:      Exposure of system information, Exposure of sensitive
information
Released:    2005-04-06

Sven Berkvens and Marc Olzheim have reported a vulnerability in
FreeBSD, which can be exploited by malicious, local users to gain
knowledge of sensitive information.

Full Advisory:
http://secunia.com/advisories/14842/

 --

[SA14840] Trustix update for kernel

Critical:    Less critical
Where:       Local system
Impact:      Exposure of system information, Exposure of sensitive
information, Privilege escalation, DoS
Released:    2005-04-06

Trustix has issued an update for kernel. This fixes multiple
vulnerabilities, which can be exploited by malicious, local users to
disclose information, cause a DoS (Denial of Service), or gain
escalated privileges.

Full Advisory:
http://secunia.com/advisories/14840/

 --

[SA14836] SCO OpenServer nwclient Privilege Escalation Vulnerability

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2005-04-06

Pasquale Minervini has reported a vulnerability in SCO OpenServer,
which can be exploited by malicious, local users to gain escalated
privileges.

Full Advisory:
http://secunia.com/advisories/14836/

 --

[SA14835] SUSE update for kernel

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2005-04-05

SUSE has issued an update for the kernel. This fixes a vulnerability,
which can be exploited by malicious, local users to gain escalated
privileges.

Full Advisory:
http://secunia.com/advisories/14835/

 --

[SA14827] FreeBSD amd64 Direct Hardware Access Security Issue

Critical:    Less critical
Where:       Local system
Impact:      Security Bypass
Released:    2005-04-06

Jari Kirma has reported a security issue in FreeBSD, which can be
exploited by malicious, local users to bypass certain security
restrictions.

Full Advisory:
http://secunia.com/advisories/14827/

 --

[SA14850] Fedora update for gaim

Critical:    Not critical
Where:       From remote
Impact:      DoS
Released:    2005-04-06

Fedora has issued an update for gaim. This fixes three weaknesses,
which can be exploited by malicious people to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/14850/

 --

[SA14849] Ubuntu update for gaim

Critical:    Not critical
Where:       From remote
Impact:      DoS
Released:    2005-04-06

Ubuntu has issued an update for gaim. This fixes two weaknesses, which
can be exploited by malicious people to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/14849/

 --

[SA14844] Red Hat update for gdk-pixbuf

Critical:    Not critical
Where:       From remote
Impact:      DoS
Released:    2005-04-06

Red Hat has issued an update for gdk-pixbuf. This fixes a
vulnerability, which can be exploited by malicious people to crash
certain applications on a vulnerable system.

Full Advisory:
http://secunia.com/advisories/14844/

 --

[SA14838] Ubuntu update for libgdk-pixbuf2/libgtk2.0-0

Critical:    Not critical
Where:       From remote
Impact:      DoS
Released:    2005-04-06

Ubuntu has issued updates for libgdk-pixbuf2 and libgtk2.0-0. These fix
a vulnerability, which can be exploited by malicious people to crash
certain applications on a vulnerable system.

Full Advisory:
http://secunia.com/advisories/14838/

 --

[SA14818] Red Hat update for gtk2

Critical:    Not critical
Where:       From remote
Impact:      DoS
Released:    2005-04-04

Red Hat has issued an update for gtk2. This fixes a vulnerability,
which can be exploited by malicious people to crash certain
applications on a vulnerable system.

Full Advisory:
http://secunia.com/advisories/14818/

 --

[SA14815] Gaim Multiple Denial of Service Weaknesses

Critical:    Not critical
Where:       From remote
Impact:      DoS
Released:    2005-04-06

Three weaknesses have been reported in Gaim, which can be exploited by
malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/14815/

 --

[SA14824] Ubuntu update for unshar

Critical:    Not critical
Where:       Local system
Impact:      Privilege escalation
Released:    2005-04-05

Ubuntu has issued an update for unshar. This fixes a vulnerability,
which potentially can be exploited by malicious, local users to conduct
certain actions on a vulnerable system with escalated privileges.

Full Advisory:
http://secunia.com/advisories/14824/


Other:--

[SA14823] SonicWALL SOHO series Cross-Site Scripting and Script
Injection

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2005-04-05

Oliver Karow has reported two vulnerabilities in SonicWALL SOHO series,
which can be exploited by malicious people to conduct cross-site
scripting and script insertion attacks.

Full Advisory:
http://secunia.com/advisories/14823/


Cross Platform:--

[SA14802] AlstraSoft EPay Pro Cross-Site Scripting and Arbitrary File
Inclusion

Critical:    Highly critical
Where:       From remote
Impact:      Cross Site Scripting, System access
Released:    2005-04-04

Diabolic Crab has reported some vulnerabilities in AlstraSoft EPay Pro,
which can be exploited by malicious people to conduct cross-site
scripting attacks and compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/14802/

 --

[SA14814] BakBone NetVault Buffer Overflow Vulnerabilities

Critical:    Highly critical
Where:       From local network
Impact:      System access
Released:    2005-04-05

class101 has reported some vulnerabilities in BakBone NetVault, which
can be exploited by malicious people to compromise a vulnerable
system.

Full Advisory:
http://secunia.com/advisories/14814/

 --

[SA14832] PayProCart Multiple Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass, Cross Site Scripting, Exposure of
sensitive information
Released:    2005-04-05

Diabolic Crab has reported some vulnerabilities in PayProCart, which
can be exploited by malicious people to conduct cross-site scripting
attacks, disclose sensitive information, and bypass certain security
restrictions.

Full Advisory:
http://secunia.com/advisories/14832/

 --

[SA14821] Mozilla Suite JavaScript Engine Information Disclosure
Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Exposure of system information, Exposure of sensitive
information
Released:    2005-04-04

A vulnerability has been discovered in Mozilla Suite, which can be
exploited by malicious people to gain knowledge of potentially
sensitive information.

Full Advisory:
http://secunia.com/advisories/14821/

 --

[SA14820] Mozilla Firefox JavaScript Engine Information Disclosure
Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Exposure of system information, Exposure of sensitive
information
Released:    2005-04-04

A vulnerability has been discovered in Mozilla Firefox, which can be
exploited by malicious people to gain knowledge of potentially
sensitive information.

Full Advisory:
http://secunia.com/advisories/14820/

 --

[SA14804] Netscape JavaScript Engine Information Disclosure
Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Exposure of system information, Exposure of sensitive
information
Released:    2005-04-05

A vulnerability has been discovered in Netscape, which can be exploited
by malicious people to gain knowledge of potentially sensitive
information.

Full Advisory:
http://secunia.com/advisories/14804/

 --

[SA14793] MX Shop / MX Kart SQL Injection Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2005-04-01

Diabolic Crab has reported some vulnerabilities in MX Shop and MX Kart,
which can be exploited by malicious people to conduct SQL injection
attacks.

Full Advisory:
http://secunia.com/advisories/14793/



========================================================================

Secunia recommends that you verify all advisories you receive,
by clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only use
those supplied by the vendor.

Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/

Subscribe:
http://secunia.com/secunia_weekly_summary/

Contact details:
Web	: http://secunia.com/
E-mail	: support at secunia.com
Tel	: +45 70 20 51 44
Fax	: +45 70 20 51 45







More information about the ISN mailing list