[ISN] Secunia Weekly Summary - Issue: 2005-8

InfoSec News isn at c4i.org
Fri Feb 25 04:46:39 EST 2005


========================================================================

                  The Secunia Weekly Advisory Summary                  
                        2005-02-17 - 2005-02-24                        

                       This week : 57 advisories                       

========================================================================
Table of Contents:

1.....................................................Word From Secunia
2....................................................This Week In Brief
3...............................This Weeks Top Ten Most Read Advisories
4.......................................Vulnerabilities Summary Listing
5.......................................Vulnerabilities Content Listing

========================================================================
1) Word From Secunia:

The Secunia staff is spending hours every day to assure you the best
and most reliable source for vulnerability information. Every single 
vulnerability report is being validated and verified before a Secunia
advisory is written.

Secunia validates and verifies vulnerability reports in many different
ways e.g. by downloading the software and performing comprehensive
tests, by reviewing source code, or by validating the credibility of
the source from which the vulnerability report was issued.

As a result, Secunia's database is the most correct and complete source
for recent vulnerability information available on the Internet.

Secunia Online Vulnerability Database:
http://secunia.com/

========================================================================
2) This Week in Brief:

Two vulnerabilities have been reported in PuTTY, which can be exploited
by malicious people to compromise a user's system.

The vendor has an updated version available. Please see Secunia
advisory below for details.

References:
http://secunia.com/SA14333

--

Apple has acknowledged a vulnerability in Java for Mac OS X, which can
be exploited by malicious people to compromise a user's system.

The vulnerability was initially fixed by Sun on the 23rd November 2004.
Additional details can be found in referenced Secunia advisories below.

References:
http://secunia.com/SA14346
http://secunia.com/SA13271


VIRUS ALERTS:

Secunia has not issued any virus alerts during the week.

========================================================================
3) This Weeks Top Ten Most Read Advisories:

1.  [SA14163] Mozilla Products IDN Spoofing Security Issue
2.  [SA14295] Linux Kernel Multiple Vulnerabilities
3.  [SA14333] PuTTY Two Integer Overflow Vulnerabilities
4.  [SA14304] Internet Explorer/Outlook Express Status Bar Spoofing
5.  [SA14335] Microsoft Internet Explorer Popup Title Bar Spoofing
              Weakness
6.  [SA14179] Symantec Multiple Products UPX Parsing Engine Buffer
              Overflow
7.  [SA14160] Mozilla / Firefox Three Vulnerabilities
8.  [SA14346] Apple Mac OS X update for Java
9.  [SA13712] Yahoo! Messenger File Transfer Filename Spoofing
10. [SA12889] Microsoft Internet Explorer Multiple Vulnerabilities

========================================================================
4) Vulnerabilities Summary Listing

Windows:
[SA14350] Bontago Nickname Handling Buffer Overflow Vulnerability
[SA14344] TrackerCam Multiple Vulnerabilities
[SA14365] SD Server Directory Traversal Vulnerability
[SA14349] Xinkaa WEB Station Directory Traversal Vulnerability
[SA14372] ArGoSoft FTP Server "SITE COPY" Shortcuts Security Issue
[SA14367] Verity Ultraseek Search Request Cross-Site Scripting
[SA14335] Microsoft Internet Explorer Popup Title Bar Spoofing
Weakness

UNIX/Linux:
[SA14346] Apple Mac OS X update for Java
[SA14364] cURL/libcURL NTLM and Kerberos Authentication Buffer
Overflows
[SA14363] Gentoo update for putty
[SA14361] Gentoo update for gproftpd
[SA14352] SUSE Updates for Multiple Packages
[SA14340] GProftpd Log Parser Format String Vulnerability
[SA14331] Gentoo update for mc
[SA14330] Astaro update for BIND
[SA14334] Fedora update for kdeedu
[SA14376] Debian update for libapache-mod-python
[SA14375] SUSE update for squid
[SA14370] Fedora update for squid
[SA14368] Debian update for squid
[SA14355] Red Hat update for imap
[SA14354] glFTPd "SITE NFO" Directory Traversal Vulnerability
[SA14348] Tarantella Products User Account Enumeration Security Issue
[SA14347] Debian update for bidwatcher
[SA14343] Ubuntu update for squid
[SA14341] Gentoo update for gftp
[SA14339] Gentoo update for squid
[SA14332] Debian update for gftp
[SA14325] Mono ASP.NET Unicode Conversion Cross-Site Scripting
[SA14324] Bidwatcher eBay Format String Vulnerability
[SA14323] Mandrake update for kdelibs
[SA14320] Mandrake update for postgresql
[SA14371] Fedora update for postgresql
[SA14328] fallback-reboot Daemon Status Denial of Service
Vulnerability
[SA14321] Ulog-php SQL Injection Vulnerabilities
[SA14357] Red Hat update for cpio
[SA14356] Red Hat update for vim
[SA14345] IBM AIX Perl Interpreter Privilege Escalation
Vulnerabilities
[SA14338] Sun Solaris kcms_configure Arbitrary File Manipulation
Vulnerability
[SA14374] Fedora update for gaim
[SA14322] Gaim Two Denial of Service Weaknesses

Other:
[SA14353] Thomson TCW690 Cable Modem Two Vulnerabilities
[SA14366] GigaFast EE400-R Broadband Router Two Vulnerabilities
[SA14358] ADP Elite System Max 9000 Series Local Shell Access

Cross Platform:
[SA14337] Mambo "GLOBALS['mosConfig_absolute_path']" File Inclusion
[SA14369] iGeneric iG Shop SQL Injection Vulnerabilities
[SA14362] phpBB Avatar Functions Information Disclosure and Deletion
[SA14359] unace Directory Traversal and Buffer Overflow
Vulnerabilities
[SA14351] Biz Mail Form Open Mail Relay Vulnerability
[SA14342] IRM LDAP Login Security Bypass Vulnerability
[SA14336] Batik Squiggle Browser Unspecified Security Bypass
[SA14333] PuTTY Two Integer Overflow Vulnerabilities
[SA14326] vBulletin "template" PHP Code Injection Vulnerability
[SA14319] WebCalendar "webcalendar_session" SQL Injection
[SA14327] Arkeia Backup Client Type 77 Request Processing Buffer
Overflow
[SA14360] MediaWiki Multiple Vulnerabilities
[SA14329] Invision Power Board SML Codes Script Insertion
Vulnerability

========================================================================
5) Vulnerabilities Content Listing

Windows:--

[SA14350] Bontago Nickname Handling Buffer Overflow Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2005-02-21

Luigi Auriemma has reported a vulnerability in Bontago, which
potentially can be exploited by malicious people to compromise a
vulnerable system.

Full Advisory:
http://secunia.com/advisories/14350/

 --

[SA14344] TrackerCam Multiple Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      Security Bypass, Cross Site Scripting, Exposure of system
information, Exposure of sensitive information, DoS, System access
Released:    2005-02-21

Luigi Auriemma has reported some vulnerabilities in TrackerCam, which
can be exploited by malicious people to conduct cross-site scripting
and script insertion attacks, disclose system and sensitive
information, bypass certain security restrictions, cause a DoS (Denial
of Service) and potentially compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/14344/

 --

[SA14365] SD Server Directory Traversal Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Exposure of system information, Exposure of sensitive
information
Released:    2005-02-22

CorryL has reported a vulnerability in SD Server, which can be
exploited by malicious people to gain knowledge of potentially
sensitive information.

Full Advisory:
http://secunia.com/advisories/14365/

 --

[SA14349] Xinkaa WEB Station Directory Traversal Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Exposure of system information, Exposure of sensitive
information
Released:    2005-02-21

Luigi Auriemma has reported a vulnerability in Xinkaa WEB Station,
which can be exploited by malicious people to gain knowledge of
potentially sensitive information.

Full Advisory:
http://secunia.com/advisories/14349/

 --

[SA14372] ArGoSoft FTP Server "SITE COPY" Shortcuts Security Issue

Critical:    Less critical
Where:       From remote
Impact:      Unknown
Released:    2005-02-23

Cirpian Radu has reported a security issue with an unknown impact in
ArGoSoft FTP Server.

Full Advisory:
http://secunia.com/advisories/14372/

 --

[SA14367] Verity Ultraseek Search Request Cross-Site Scripting

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2005-02-22

Michael Krax has reported a vulnerability in Verity Ultraseek, which
can be exploited by malicious people to conduct cross-site scripting
attacks.

Full Advisory:
http://secunia.com/advisories/14367/

 --

[SA14335] Microsoft Internet Explorer Popup Title Bar Spoofing
Weakness

Critical:    Less critical
Where:       From remote
Impact:      Spoofing
Released:    2005-02-21

bitlance winter has discovered a weakness in Internet Explorer, which
can be exploited by malicious people to conduct phishing attacks.

Full Advisory:
http://secunia.com/advisories/14335/


UNIX/Linux:--

[SA14346] Apple Mac OS X update for Java

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2005-02-23

Apple has acknowledged a vulnerability in Java for Mac OS X, which can
be exploited by malicious people to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/14346/

 --

[SA14364] cURL/libcURL NTLM and Kerberos Authentication Buffer
Overflows

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2005-02-22

infamous41md has reported two vulnerabilities in cURL/libcURL, which
can be exploited by malicious people to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/14364/

 --

[SA14363] Gentoo update for putty

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2005-02-22

Gentoo has issued an update for putty. This fixes two vulnerabilities,
which can be exploited by malicious people to compromise a user's
system.

Full Advisory:
http://secunia.com/advisories/14363/

 --

[SA14361] Gentoo update for gproftpd

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2005-02-21

Gentoo has issued an update for gproftpd. This fixes a vulnerability,
which can be exploited by malicious users to compromise a vulnerable
system.

Full Advisory:
http://secunia.com/advisories/14361/

 --

[SA14352] SUSE Updates for Multiple Packages

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass, Manipulation of data, DoS, System access
Released:    2005-02-22

SUSE has issued updates for multiple packages. These fix various
vulnerabilities, which can be exploited to gain escalated privileges,
bypass certain security restrictions, enumerate valid users, overwrite
files, cause a DoS (Denial of Service), or potentially compromise a
vulnerable system.

Full Advisory:
http://secunia.com/advisories/14352/

 --

[SA14340] GProftpd Log Parser Format String Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2005-02-21

Tavis Ormandy has reported a vulnerability in GProftpd, which can be
exploited by malicious users to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/14340/

 --

[SA14331] Gentoo update for mc

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2005-02-18

Gentoo has issued an update for mc. This fixes multiple
vulnerabilities, which potentially can be exploited by malicious people
to cause a DoS (Denial of Service) or execute arbitrary code.

Full Advisory:
http://secunia.com/advisories/14331/

 --

[SA14330] Astaro update for BIND

Critical:    Moderately critical
Where:       From remote
Impact:      Unknown
Released:    2005-02-18



Full Advisory:
http://secunia.com/advisories/14330/

 --

[SA14334] Fedora update for kdeedu

Critical:    Moderately critical
Where:       From local network
Impact:      Privilege escalation, System access
Released:    2005-02-18

Fedora has issued an update for kdeedu. This fixes some
vulnerabilities, which can be exploited by malicious, local users to
gain escalated privileges and potentially by malicious people to
compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/14334/

 --

[SA14376] Debian update for libapache-mod-python

Critical:    Less critical
Where:       From remote
Impact:      Exposure of sensitive information
Released:    2005-02-23

Debian has issued an update for libapache-mod-python. This fixes a
vulnerability, which potentially can be exploited by malicious people
to disclose sensitive information.

Full Advisory:
http://secunia.com/advisories/14376/

 --

[SA14375] SUSE update for squid

Critical:    Less critical
Where:       From remote
Impact:      DoS
Released:    2005-02-23

SUSE has issued an update for squid. This fixes a vulnerability, which
can be exploited by malicious people to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/14375/

 --

[SA14370] Fedora update for squid

Critical:    Less critical
Where:       From remote
Impact:      DoS
Released:    2005-02-23

Fedora has issued an update for squid. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/14370/

 --

[SA14368] Debian update for squid

Critical:    Less critical
Where:       From remote
Impact:      DoS
Released:    2005-02-23

Debian has issued an update for squid. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/14368/

 --

[SA14355] Red Hat update for imap

Critical:    Less critical
Where:       From remote
Impact:      System access
Released:    2005-02-21

Red Hat has issued an update for imap. This fixes an older
vulnerability, which can be exploited by malicious people to compromise
a user's system.

Full Advisory:
http://secunia.com/advisories/14355/

 --

[SA14354] glFTPd "SITE NFO" Directory Traversal Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Exposure of system information, Exposure of sensitive
information
Released:    2005-02-22

Paul Craig has reported a vulnerability in glFTPd, which can be
exploited by malicious users to detect the presence of local files and
disclose some system and sensitive information.

Full Advisory:
http://secunia.com/advisories/14354/

 --

[SA14348] Tarantella Products User Account Enumeration Security Issue

Critical:    Less critical
Where:       From remote
Impact:      Exposure of system information
Released:    2005-02-21

A security issue has been reported in Secure Global Desktop Enterprise
Edition and Tarantella Enterprise, which can be exploited by malicious
people to enumerate valid user accounts and disclose some system
information.

Full Advisory:
http://secunia.com/advisories/14348/

 --

[SA14347] Debian update for bidwatcher

Critical:    Less critical
Where:       From remote
Impact:      System access
Released:    2005-02-21

Debian has issued an update for bidwatcher. This fixes a vulnerability,
which potentially can be exploited by malicious people to compromise a
user's system.

Full Advisory:
http://secunia.com/advisories/14347/

 --

[SA14343] Ubuntu update for squid

Critical:    Less critical
Where:       From remote
Impact:      DoS
Released:    2005-02-21

Ubuntu has issued an update for squid. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/14343/

 --

[SA14341] Gentoo update for gftp

Critical:    Less critical
Where:       From remote
Impact:      Security Bypass, Manipulation of data
Released:    2005-02-21

Gentoo has issued an update for gftp. This fixes a vulnerability, which
can be exploited by malicious people to conduct directory traversal
attacks.

Full Advisory:
http://secunia.com/advisories/14341/

 --

[SA14339] Gentoo update for squid

Critical:    Less critical
Where:       From remote
Impact:      DoS
Released:    2005-02-21

Gentoo has issued an update for squid. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/14339/

 --

[SA14332] Debian update for gftp

Critical:    Less critical
Where:       From remote
Impact:      Security Bypass, Manipulation of data
Released:    2005-02-18

Debian has issued an update for gftp. This fixes a vulnerability, which
can be exploited by malicious people to conduct directory traversal
attacks.

Full Advisory:
http://secunia.com/advisories/14332/

 --

[SA14325] Mono ASP.NET Unicode Conversion Cross-Site Scripting

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2005-02-22

Andrey Rusyaev has discovered a vulnerability in Mono, which
potentially can be exploited by malicious people to conduct cross-site
scripting and script insertion attacks.

Full Advisory:
http://secunia.com/advisories/14325/

 --

[SA14324] Bidwatcher eBay Format String Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      System access
Released:    2005-02-18

Ulf Härnhammar has reported a vulnerability in Bidwatcher, which
potentially can be exploited by malicious people to compromise a user's
system.

Full Advisory:
http://secunia.com/advisories/14324/

 --

[SA14323] Mandrake update for kdelibs

Critical:    Less critical
Where:       From remote
Impact:      Manipulation of data, Privilege escalation
Released:    2005-02-18

MandrakeSoft has issued an update for kdelibs. This fixes two
vulnerabilities, which can be exploited by malicious, local users to
perform certain actions on a vulnerable system with escalated
privileges and by malicious people to conduct FTP command injection
attacks.

Full Advisory:
http://secunia.com/advisories/14323/

 --

[SA14320] Mandrake update for postgresql

Critical:    Less critical
Where:       From remote
Impact:      Security Bypass, Privilege escalation, DoS
Released:    2005-02-18

MandrakeSoft has issued an update for postgresql. This fixes various
vulnerabilities, which can be exploited by malicious users to gain
escalated privileges, cause a DoS (Denial of Service), or bypass
certain security restrictions.

Full Advisory:
http://secunia.com/advisories/14320/

 --

[SA14371] Fedora update for postgresql

Critical:    Less critical
Where:       From local network
Impact:      Privilege escalation
Released:    2005-02-23

Fedora has issued an update for postgresql. This fixes some
vulnerabilities, which can be exploited by malicious users to gain
escalated privileges.

Full Advisory:
http://secunia.com/advisories/14371/

 --

[SA14328] fallback-reboot Daemon Status Denial of Service
Vulnerability

Critical:    Less critical
Where:       From local network
Impact:      DoS
Released:    2005-02-22

A vulnerability has been reported in fallback-reboot, which potentially
can be exploited by malicious people to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/14328/

 --

[SA14321] Ulog-php SQL Injection Vulnerabilities

Critical:    Less critical
Where:       From local network
Impact:      Manipulation of data
Released:    2005-02-21

Some vulnerabilities have been reported in Ulog-php, which can be
exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/14321/

 --

[SA14357] Red Hat update for cpio

Critical:    Less critical
Where:       Local system
Impact:      Exposure of sensitive information, Manipulation of data
Released:    2005-02-21

Red Hat has issued an update for cpio. This fixes a vulnerability,
which can be exploited by malicious, local users to disclose and
manipulate information.

Full Advisory:
http://secunia.com/advisories/14357/

 --

[SA14356] Red Hat update for vim

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2005-02-21

Red Hat has issued an update for vim. This fixes a vulnerability, which
can be exploited by malicious, local users to perform certain actions on
a vulnerable system with escalated privileges.

Full Advisory:
http://secunia.com/advisories/14356/

 --

[SA14345] IBM AIX Perl Interpreter Privilege Escalation
Vulnerabilities

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2005-02-21

IBM has acknowledged two vulnerabilities in the perl interpreter in
AIX. These can be exploited by malicious, local users to gain escalated
privileges.

Full Advisory:
http://secunia.com/advisories/14345/

 --

[SA14338] Sun Solaris kcms_configure Arbitrary File Manipulation
Vulnerability

Critical:    Less critical
Where:       Local system
Impact:      Manipulation of data
Released:    2005-02-22

A vulnerability has been reported in Sun Solaris, which can be
exploited by malicious, local users to manipulate the contents of
arbitrary files.

Full Advisory:
http://secunia.com/advisories/14338/

 --

[SA14374] Fedora update for gaim

Critical:    Not critical
Where:       From remote
Impact:      DoS
Released:    2005-02-23

Fedora has issued an update for gaim. This fixes two weaknesses, which
can be exploited by malicious people to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/14374/

 --

[SA14322] Gaim Two Denial of Service Weaknesses

Critical:    Not critical
Where:       From remote
Impact:      DoS
Released:    2005-02-18

Two weaknesses have been reported in Gaim, which can be exploited by
malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/14322/


Other:--

[SA14353] Thomson TCW690 Cable Modem Two Vulnerabilities

Critical:    Moderately critical
Where:       From local network
Impact:      Security Bypass, DoS
Released:    2005-02-21

MurDoK has reported two vulnerabilities in Thomson TCW690 Cable Modem,
which can be exploited by malicious people to cause a DoS (Denial of
Service) and bypass certain security restrictions.

Full Advisory:
http://secunia.com/advisories/14353/

 --

[SA14366] GigaFast EE400-R Broadband Router Two Vulnerabilities

Critical:    Less critical
Where:       From local network
Impact:      Exposure of sensitive information, DoS
Released:    2005-02-22

Gary H. Jones II has reported two vulnerabilities in GigaFast EE400-R
Broadband Router, which can be exploited by malicious people to cause a
DoS (Denial of Service) and disclose some sensitive information.

Full Advisory:
http://secunia.com/advisories/14366/

 --

[SA14358] ADP Elite System Max 9000 Series Local Shell Access

Critical:    Less critical
Where:       From local network
Impact:      Security Bypass
Released:    2005-02-22

rootfiend has reported a vulnerability in ADP Elite System Max 9000
Series, which can be exploited by malicious users to gain local shell
access to a vulnerable system.

Full Advisory:
http://secunia.com/advisories/14358/


Cross Platform:--

[SA14337] Mambo "GLOBALS['mosConfig_absolute_path']" File Inclusion

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2005-02-21

A vulnerability has been reported in Mambo, which can be exploited by
malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/14337/

 --

[SA14369] iGeneric iG Shop SQL Injection Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2005-02-23

John Cobb has reported some vulnerabilities in iG Shop, which can be
exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/14369/

 --

[SA14362] phpBB Avatar Functions Information Disclosure and Deletion

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data, Exposure of sensitive information
Released:    2005-02-22

AnthraX101 has reported two vulnerabilities in phpBB, which can be
exploited by malicious users to disclose and delete sensitive
information.

Full Advisory:
http://secunia.com/advisories/14362/

 --

[SA14359] unace Directory Traversal and Buffer Overflow
Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2005-02-23

Ulf Härnhammar has discovered some vulnerabilities in unace, which can
be exploited by malicious people to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/14359/

 --

[SA14351] Biz Mail Form Open Mail Relay Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass
Released:    2005-02-22

Jason Frisvold has reported a vulnerability in Biz Mail Form, which can
be exploited by malicious people to use it as an open mail relay.

Full Advisory:
http://secunia.com/advisories/14351/

 --

[SA14342] IRM LDAP Login Security Bypass Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass
Released:    2005-02-21

Fulvio Civitareale has reported a vulnerability in IRM, which can be
exploited by malicious people to bypass certain security restrictions.

Full Advisory:
http://secunia.com/advisories/14342/

 --

[SA14336] Batik Squiggle Browser Unspecified Security Bypass

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass
Released:    2005-02-22

A vulnerability has been reported in Batik, which can be exploited by
malicious people to bypass certain security restrictions.

Full Advisory:
http://secunia.com/advisories/14336/

 --

[SA14333] PuTTY Two Integer Overflow Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2005-02-21

Gaël Delalleau has reported two vulnerabilities in PuTTY, which can be
exploited by malicious people to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/14333/

 --

[SA14326] vBulletin "template" PHP Code Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2005-02-22

pokleyzz has reported a vulnerability in vBulletin, which potentially
can be exploited by malicious users to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/14326/

 --

[SA14319] WebCalendar "webcalendar_session" SQL Injection

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2005-02-18

Michael Scovetta has reported a vulnerability in WebCalendar, which can
be exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/14319/

 --

[SA14327] Arkeia Backup Client Type 77 Request Processing Buffer
Overflow

Critical:    Moderately critical
Where:       From local network
Impact:      System access
Released:    2005-02-21

John Doe has reported a vulnerability in Arkeia, which can be exploited
by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/14327/

 --

[SA14360] MediaWiki Multiple Vulnerabilities

Critical:    Less critical
Where:       From remote
Impact:      Security Bypass, Cross Site Scripting, Manipulation of
data
Released:    2005-02-22

Some vulnerabilities have been reported in MediaWiki, which can be
exploited by malicious users to delete arbitrary files, and by
malicious people to conduct cross-site scripting attacks and bypass
certain security restrictions.

Full Advisory:
http://secunia.com/advisories/14360/

 --

[SA14329] Invision Power Board SML Codes Script Insertion
Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2005-02-21

Daniel A. has reported a vulnerability in Invision Power Board, which
potentially can be exploited by malicious users to conduct script
insertion attacks.

Full Advisory:
http://secunia.com/advisories/14329/



========================================================================

Secunia recommends that you verify all advisories you receive,
by clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only use
those supplied by the vendor.

Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/

Subscribe:
http://secunia.com/secunia_weekly_summary/

Contact details:
Web	: http://secunia.com/
E-mail	: support at secunia.com
Tel	: +45 70 20 51 44
Fax	: +45 70 20 51 45





More information about the ISN mailing list