[ISN] Secunia Weekly Summary - Issue: 2005-9
InfoSec News
isn at c4i.org
Fri Mar 4 05:09:19 EST 2005
========================================================================
The Secunia Weekly Advisory Summary
2005-02-24 - 2005-03-03
This week : 61 advisories
========================================================================
Table of Contents:
1.....................................................Word From Secunia
2....................................................This Week In Brief
3...............................This Weeks Top Ten Most Read Advisories
4.......................................Vulnerabilities Summary Listing
5.......................................Vulnerabilities Content Listing
========================================================================
1) Word From Secunia:
The Secunia staff is spending hours every day to assure you the best
and most reliable source for vulnerability information. Every single
vulnerability report is being validated and verified before a Secunia
advisory is written.
Secunia validates and verifies vulnerability reports in many different
ways e.g. by downloading the software and performing comprehensive
tests, by reviewing source code, or by validating the credibility of
the source from which the vulnerability report was issued.
As a result, Secunia's database is the most correct and complete source
for recent vulnerability information available on the Internet.
Secunia Online Vulnerability Database:
http://secunia.com/
========================================================================
2) This Week in Brief:
The Mozilla Foundation has released a new version of their popular
Firefox browser, which corrects several vulnerabilities.
Please view Secunia advisories below for additional details.
References:
http://secunia.com/SA13258
http://secunia.com/SA14407
http://secunia.com/SA14163
http://secunia.com/SA12712
http://secunia.com/SA13129
http://secunia.com/SA13599
http://secunia.com/SA14160
http://secunia.com/SA13786
--
Various Computer Associates products have been reported vulnerable to
a buffer overflow vulnerability, which can be exploited by malicious
people to compromise a vulnerable system.
Users of Computer Associates products are advised to check if their
products are affected by this vulnerability.
References:
http://secunia.com/SA14438
--
Various products from Trend Micro have been reported vulnerable to a
buffer overflow, which can be exploited by malicious people to
compromise a vulnerable system.
Users of Trend Micro products are advised to check if their products
are affected by this vulnerability.
References:
http://secunia.com/SA14396
--
Two vulnerabilities have been reported in various RealNetworks
products, which can be exploited by malicious people to compromise a
user's system.
Additional details are available in reference advisory below.
References:
http://secunia.com/SA14456
VIRUS ALERTS:
During the last week, Secunia issued 1 MEDIUM RISK virus alert.
Please refer to the grouped virus profile below for more information:
Bagle.BE - MEDIUM RISK Virus Alert - 2005-03-01 12:58 GMT+1
http://secunia.com/virus_information/15815/bagle.be/
========================================================================
3) This Weeks Top Ten Most Read Advisories:
1. [SA14163] Mozilla Products IDN Spoofing Security Issue
2. [SA14407] Mozilla / Firefox / Thunderbird Multiple Vulnerabilities
3. [SA14396] Trend Micro Products AntiVirus Library Buffer Overflow
4. [SA13258] Mozilla / Firefox "Save Link As" Download Dialog Spoofing
5. [SA14335] Microsoft Internet Explorer Popup Title Bar Spoofing
Weakness
6. [SA14406] Mozilla Firefox Image Javascript URI Dragging Cross-Site
Scripting
7. [SA13129] Mozilla / Mozilla Firefox Window Injection Vulnerability
8. [SA14160] Mozilla / Firefox Three Vulnerabilities
9. [SA12889] Microsoft Internet Explorer Multiple Vulnerabilities
10. [SA14382] phpMyAdmin Local File Inclusion and Cross-Site Scripting
========================================================================
4) Vulnerabilities Summary Listing
Windows:
[SA14456] RealPlayer WAV and SMIL File Handling Buffer Overflows
[SA14453] RaidenHTTPD Buffer Overflow and PHP Source Code Disclosure
[SA14405] BadBlue "mfcisapicommand" Parameter Buffer Overflow
Vulnerability
[SA14400] KNet HTTP Request Processing Buffer Overflow Vulnerability
[SA14435] Scrapland Packet Handling Denial of Service Vulnerabilities
[SA14392] CIS WebServer Directory Traversal Vulnerability
[SA14454] CA Unicenter Asset Management Multiple Vulnerabilities
[SA14455] Einstein Sensitive Information Disclosure
[SA14389] PeerFTP_5 User Credentials Disclosure
UNIX/Linux:
[SA14447] Gentoo update for phpwebsite
[SA14412] Debian bsmtpd Arbitrary Command Injection Vulnerability
[SA14452] SUSE update for imap
[SA14448] Red Hat update for firefox
[SA14445] Gentoo update for phpBB
[SA14440] Fedora update for Firefox
[SA14439] phpCOIN Multiple Vulnerabilities
[SA14437] CuteNews Script Insertion Vulnerability
[SA14433] PostNuke Multiple Vulnerabilities
[SA14431] SUSE update for curl
[SA14430] Ubuntu update for libxml1
[SA14425] Gentoo update for unace
[SA14421] Ubuntu update for curl
[SA14420] Ubuntu update for cyrus21-imapd
[SA14419] SUSE Updates for Multiple Packages
[SA14393] SUSE update for cyrus-imapd
[SA14388] Gentoo update for cyrus-imapd
[SA14426] Gentoo update for mediawiki
[SA14423] Ubuntu update for reportbug
[SA14422] Debian reportbug Exposure of Sensitive Information
[SA14411] WU-FTPD Wildcard Denial of Service Vulnerability
[SA14398] mkbold-mkitalic BDF Font File Conversion Format String
Vulnerability
[SA14397] HP-UX ftpd Unspecified File Access Vulnerability
[SA14390] Mandrake update for squid
[SA14442] Gentoo Qt Insecure Library Path Searching Vulnerability
[SA14432] OpenBSD Unspecified Copy Functions Vulnerability
[SA14427] KDE kppp Privileged File Descriptor Leak Vulnerability
[SA14424] Gentoo update for uim
[SA14408] Gentoo update for cmd5checkpw
[SA14404] cmd5checkpw Privilege Escalation Vulnerability
[SA14402] FreeNX X Server Authentication Bypass Security Issue
[SA14391] Mandrake update for uim
[SA14446] Gentoo update for gaim
[SA14415] Fedora update for gaim
[SA14410] Ubuntu update for gaim
Other:
[SA14395] Cisco ACNS Network Traffic Handling Denial of Service
Vulnerabilities
[SA14429] Mitel 3300 ICP Web Management Interface Two Vulnerabilities
[SA14428] Symantec Firewall Devices SMTP Binding Configuration Bypass
Cross Platform:
[SA14449] PHPNews Arbitrary File Inclusion Vulnerability
[SA14399] phpWebSite Announcement Image Upload Vulnerability
[SA14396] Trend Micro Products AntiVirus Library Buffer Overflow
[SA14418] Forumwa Two Vulnerabilities
[SA14414] MercuryBoard Two Vulnerabilities
[SA14413] phpBB "autologinid" Security Bypass
[SA14407] Mozilla / Firefox / Thunderbird Multiple Vulnerabilities
[SA14394] PunBB Multiple Vulnerabilities
[SA14438] CA License Software Multiple Buffer Overflow Vulnerabilities
[SA14434] 427BB "user" Cross Site Scripting Vulnerability
[SA14416] CubeCart Cross-Site Scripting Vulnerabilities
[SA14409] PHP "readfile()" Denial of Service
[SA14406] Mozilla Firefox Image Javascript URI Dragging Cross-Site
Scripting
[SA14417] NX Server X Server Authentication Bypass Security Issue
========================================================================
5) Vulnerabilities Content Listing
Windows:--
[SA14456] RealPlayer WAV and SMIL File Handling Buffer Overflows
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2005-03-02
Two vulnerabilities have been reported in various RealNetworks
products, which can be exploited by malicious people to compromise a
user's system.
Full Advisory:
http://secunia.com/advisories/14456/
--
[SA14453] RaidenHTTPD Buffer Overflow and PHP Source Code Disclosure
Critical: Highly critical
Where: From remote
Impact: Exposure of sensitive information, System access
Released: 2005-03-02
Tan Chew Keong has reported two vulnerabilities in RaidenHTTPD, which
can be exploited by malicious people to gain knowledge of potentially
sensitive information or compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/14453/
--
[SA14405] BadBlue "mfcisapicommand" Parameter Buffer Overflow
Vulnerability
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2005-02-28
Andres Tarasco has reported a vulnerability in BadBlue, which can be
exploited by malicious people to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/14405/
--
[SA14400] KNet HTTP Request Processing Buffer Overflow Vulnerability
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2005-02-28
CorryL has reported a vulnerability in KNet, which potentially can be
exploited by malicious people to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/14400/
--
[SA14435] Scrapland Packet Handling Denial of Service Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2005-03-01
Luigi Auriemma has reported some vulnerabilities in Scrapland, which
can be exploited by malicious people to cause a DoS (Denial of
Service).
Full Advisory:
http://secunia.com/advisories/14435/
--
[SA14392] CIS WebServer Directory Traversal Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Exposure of sensitive information, Exposure of system
information
Released: 2005-02-28
CorryL has reported a vulnerability in CIS WebServer, which can be
exploited by malicious people to gain knowledge of potentially
sensitive information.
Full Advisory:
http://secunia.com/advisories/14392/
--
[SA14454] CA Unicenter Asset Management Multiple Vulnerabilities
Critical: Less critical
Where: From local network
Impact: Cross Site Scripting, Manipulation of data, Exposure of
system information, Exposure of sensitive information
Released: 2005-03-02
Three vulnerabilities have been reported in CA Unicenter Asset
Management, which can be exploited to gain knowledge of sensitive
information or conduct script insertion and SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/14454/
--
[SA14455] Einstein Sensitive Information Disclosure
Critical: Less critical
Where: Local system
Impact: Exposure of sensitive information
Released: 2005-03-02
Kozan has discovered a security issue in Einstein, which can be
exploited by malicious, local users to gain knowledge of sensitive
information.
Full Advisory:
http://secunia.com/advisories/14455/
--
[SA14389] PeerFTP_5 User Credentials Disclosure
Critical: Less critical
Where: Local system
Impact: Exposure of sensitive information
Released: 2005-02-24
Kozan has discovered a security issue in PeerFTP_5, which can be
exploited by malicious, local users to gain knowledge of sensitive
information.
Full Advisory:
http://secunia.com/advisories/14389/
UNIX/Linux:--
[SA14447] Gentoo update for phpwebsite
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2005-03-02
Gentoo has issued an update for phpWebSite. This fixes a vulnerability,
which potentially can be exploited by malicious people to compromise a
vulnerable system.
Full Advisory:
http://secunia.com/advisories/14447/
--
[SA14412] Debian bsmtpd Arbitrary Command Injection Vulnerability
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2005-02-28
Bastian Blank has reported a vulnerability in bsmtpd, which can be
exploited by malicious people to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/14412/
--
[SA14452] SUSE update for imap
Critical: Moderately critical
Where: From remote
Impact: Security Bypass
Released: 2005-03-02
SUSE has issued an update for imap. This fixes a vulnerability, which
can be exploited by malicious people to bypass the user
authentication.
Full Advisory:
http://secunia.com/advisories/14452/
--
[SA14448] Red Hat update for firefox
Critical: Moderately critical
Where: From remote
Impact: Security Bypass, Cross Site Scripting, Spoofing,
Manipulation of data, Exposure of sensitive information, System access
Released: 2005-03-02
Red Hat has issued an update for firefox. This fixes multiple
vulnerabilities, which can be exploited to spoof various information,
plant malware on a user's system, conduct cross-site scripting attacks,
disclose and manipulate sensitive information, bypass certain security
restrictions, perform certain actions on a vulnerable system with
escalated privileges, and compromise a user's system.
Full Advisory:
http://secunia.com/advisories/14448/
--
[SA14445] Gentoo update for phpBB
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data, Exposure of sensitive information
Released: 2005-03-02
Gentoo has issued an update for phpBB. This fixes two vulnerabilities,
which can be exploited by malicious users to disclose and delete
sensitive information.
Full Advisory:
http://secunia.com/advisories/14445/
--
[SA14440] Fedora update for Firefox
Critical: Moderately critical
Where: From remote
Impact: Spoofing, Manipulation of data, Exposure of system
information, Exposure of sensitive information, Privilege escalation,
System access
Released: 2005-03-01
Fedora has issued an update for Firefox. This fixes multiple
vulnerabilities, which can be exploited by malicious, local users to
perform certain actions on a vulnerable system with escalated
privileges and by malicious people to trick users into downloading
malicious files, to conduct spoofing attacks, disclose and manipulate
sensitive information, and potentially compromise a user's system.
Full Advisory:
http://secunia.com/advisories/14440/
--
[SA14439] phpCOIN Multiple Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting, Manipulation of data
Released: 2005-03-01
Lostmon has reported multiple vulnerabilities in phpCOIN, allowing
malicious people to conduct cross-site scripting and SQL injection
attacks.
Full Advisory:
http://secunia.com/advisories/14439/
--
[SA14437] CuteNews Script Insertion Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting
Released: 2005-03-02
FraMe has reported a vulnerability in CuteNews, which can be exploited
by malicious people to conduct script insertion attacks.
Full Advisory:
http://secunia.com/advisories/14437/
--
[SA14433] PostNuke Multiple Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting, Manipulation of data
Released: 2005-03-01
Maksymilian Arciemowicz has reported multiple vulnerabilities in
PostNuke, allowing malicious people to conduct cross-site scripting and
SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/14433/
--
[SA14431] SUSE update for curl
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2005-03-01
SUSE has issued an update for curl. This fixes a vulnerability, which
can be exploited by malicious people to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/14431/
--
[SA14430] Ubuntu update for libxml1
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2005-03-01
Ubuntu has issued an update for libxml1. This fixes a vulnerability,
which potentially can be exploited by malicious people to compromise a
vulnerable system.
Full Advisory:
http://secunia.com/advisories/14430/
--
[SA14425] Gentoo update for unace
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2005-03-01
Gentoo has issued an update for unace. This fixes two vulnerabilities,
which can be exploited by malicious people to compromise a user's
system.
Full Advisory:
http://secunia.com/advisories/14425/
--
[SA14421] Ubuntu update for curl
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2005-02-28
Ubuntu has issued an update for curl. This fixes a vulnerability, which
can be exploited by malicious people to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/14421/
--
[SA14420] Ubuntu update for cyrus21-imapd
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2005-02-28
Ubuntu has issued an update for cyrus21-imapd. This fixes a
vulnerability, which can be exploited by malicious users to compromise
a vulnerable system.
Full Advisory:
http://secunia.com/advisories/14420/
--
[SA14419] SUSE Updates for Multiple Packages
Critical: Moderately critical
Where: From remote
Impact: Security Bypass, DoS, System access
Released: 2005-03-01
SUSE has issued updates for multiple packages. These fix various
vulnerabilities, which can be exploited by malicious, local users to
bypass certain security restrictions, or by malicious people to cause a
DoS (Denial of Service) or compromise a user's system.
Full Advisory:
http://secunia.com/advisories/14419/
--
[SA14393] SUSE update for cyrus-imapd
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2005-02-25
SUSE has issued an update for cyrus-imapd. This fixes some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service) and potentially compromise a vulnerable
system.
Full Advisory:
http://secunia.com/advisories/14393/
--
[SA14388] Gentoo update for cyrus-imapd
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2005-02-24
Gentoo has issued an update for cyrus-imapd. This fixes some
vulnerabilities, which potentially can be exploited by malicious people
to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/14388/
--
[SA14426] Gentoo update for mediawiki
Critical: Less critical
Where: From remote
Impact: Security Bypass, Cross Site Scripting, Manipulation of
data
Released: 2005-03-01
Gentoo has issued an update for mediawiki. This fixes some
vulnerabilities, which can be exploited by malicious users to delete
arbitrary files, and by malicious people to conduct cross-site
scripting attacks and bypass certain security restrictions.
Full Advisory:
http://secunia.com/advisories/14426/
--
[SA14423] Ubuntu update for reportbug
Critical: Less critical
Where: From remote
Impact: Exposure of sensitive information
Released: 2005-02-28
Ubuntu has issued an update for reportbug. This fixes two
vulnerabilities, which may potentially expose sensitive information in
bugreports or can be exploited by malicious, local users to view
sensitive information.
Full Advisory:
http://secunia.com/advisories/14423/
--
[SA14422] Debian reportbug Exposure of Sensitive Information
Critical: Less critical
Where: From remote
Impact: Exposure of sensitive information
Released: 2005-02-28
Rolf Leggewie has reported two vulnerabilities in reportbug, which may
potentially expose sensitive information in bugreports and can be
exploited by malicious, local users to view sensitive information.
Full Advisory:
http://secunia.com/advisories/14422/
--
[SA14411] WU-FTPD Wildcard Denial of Service Vulnerability
Critical: Less critical
Where: From remote
Impact: DoS
Released: 2005-02-28
Adam Zabrocki has reported a vulnerability in WU-FTPD, which can be
exploited by malicious users to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/14411/
--
[SA14398] mkbold-mkitalic BDF Font File Conversion Format String
Vulnerability
Critical: Less critical
Where: From remote
Impact: System access
Released: 2005-02-25
A vulnerability has been reported in mkbold-mkitalic, which potentially
can be exploited by malicious people to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/14398/
--
[SA14397] HP-UX ftpd Unspecified File Access Vulnerability
Critical: Less critical
Where: From remote
Impact: Exposure of system information, Exposure of sensitive
information
Released: 2005-02-25
A vulnerability has been reported in HP-UX, which can be exploited by
malicious users to gain knowledge of potentially sensitive
information.
Full Advisory:
http://secunia.com/advisories/14397/
--
[SA14390] Mandrake update for squid
Critical: Less critical
Where: From remote
Impact: System access
Released: 2005-02-25
MandrakeSoft has issued an update for squid. This fixes a
vulnerability, which can be exploited by malicious people to cause a
DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/14390/
--
[SA14442] Gentoo Qt Insecure Library Path Searching Vulnerability
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2005-03-02
Gentoo has issued an update for qt. This fixes a vulnerability, which
can be exploited by malicious, local users to gain escalated
privileges.
Full Advisory:
http://secunia.com/advisories/14442/
--
[SA14432] OpenBSD Unspecified Copy Functions Vulnerability
Critical: Less critical
Where: Local system
Impact: Unknown
Released: 2005-03-01
A vulnerability with an unknown impact has been reported in OpenBSD.
Full Advisory:
http://secunia.com/advisories/14432/
--
[SA14427] KDE kppp Privileged File Descriptor Leak Vulnerability
Critical: Less critical
Where: Local system
Impact: Manipulation of data
Released: 2005-03-01
A vulnerability has been reported in KDE, which can be exploited by
malicious, local users to manipulate the contents of certain files.
Full Advisory:
http://secunia.com/advisories/14427/
--
[SA14424] Gentoo update for uim
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2005-03-01
Gentoo has issued an update for uim. This fixes a vulnerability, which
potentially can be exploited by malicious, local users to gain
escalated privileges.
Full Advisory:
http://secunia.com/advisories/14424/
--
[SA14408] Gentoo update for cmd5checkpw
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2005-02-28
Gentoo has issued an update for cmd5checkpw. This fixes a vulnerability
allowing malicious, local users to gain escalated privileges.
Full Advisory:
http://secunia.com/advisories/14408/
--
[SA14404] cmd5checkpw Privilege Escalation Vulnerability
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2005-02-28
Florian Westphal has reported a vulnerability in cmd5checkpw, which can
be exploited by malicious, local users to gain escalated privileges.
Full Advisory:
http://secunia.com/advisories/14404/
--
[SA14402] FreeNX X Server Authentication Bypass Security Issue
Critical: Less critical
Where: Local system
Impact: Security Bypass
Released: 2005-02-28
A security issue has been reported in FreeNX, which can be exploited by
malicious, local users to bypass certain security restrictions.
Full Advisory:
http://secunia.com/advisories/14402/
--
[SA14391] Mandrake update for uim
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2005-02-25
MandrakeSoft has issued an update for uim. This fixes a vulnerability,
which potentially can be exploited by malicious, local users to gain
escalated privileges.
Full Advisory:
http://secunia.com/advisories/14391/
--
[SA14446] Gentoo update for gaim
Critical: Not critical
Where: From remote
Impact: DoS
Released: 2005-03-02
Gentoo has issued an update for gaim. This fixes three weaknesses,
which can be exploited by malicious people to cause a DoS (Denial of
Service).
Full Advisory:
http://secunia.com/advisories/14446/
--
[SA14415] Fedora update for gaim
Critical: Not critical
Where: From remote
Impact: DoS
Released: 2005-02-28
Fedora has issued an update for gaim. This fixes a weakness, which can
be exploited by malicious people to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/14415/
--
[SA14410] Ubuntu update for gaim
Critical: Not critical
Where: From remote
Impact: DoS
Released: 2005-02-28
Ubuntu has issued an update for gaim. This fixes three weaknesses,
which can be exploited by malicious people to cause a DoS (Denial of
Service).
Full Advisory:
http://secunia.com/advisories/14410/
Other:--
[SA14395] Cisco ACNS Network Traffic Handling Denial of Service
Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2005-02-25
Four vulnerabilities have been reported in Cisco Application and
Content Networking System (ACNS), which can be exploited by malicious
people to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/14395/
--
[SA14429] Mitel 3300 ICP Web Management Interface Two Vulnerabilities
Critical: Moderately critical
Where: From local network
Impact: Hijacking, DoS
Released: 2005-03-01
Stephen de Vries of Corsaire has reported two vulnerabilities in Mitel
3300 Integrated Communications Platform (ICP), which can be exploited
by malicious people to hijack sessions or by malicious users to cause a
DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/14429/
--
[SA14428] Symantec Firewall Devices SMTP Binding Configuration Bypass
Critical: Less critical
Where: From remote
Impact: Exposure of sensitive information
Released: 2005-03-01
Arthur Hagen has reported a security issue in various Symantec firewall
devices, which may disclose sensitive information to malicious people.
Full Advisory:
http://secunia.com/advisories/14428/
Cross Platform:--
[SA14449] PHPNews Arbitrary File Inclusion Vulnerability
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2005-03-02
Filip Groszynski has reported a vulnerability in PHPNews, allowing
malicious people to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/14449/
--
[SA14399] phpWebSite Announcement Image Upload Vulnerability
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2005-02-25
nst has reported a vulnerability in phpWebSite, which potentially can
be exploited by malicious people to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/14399/
--
[SA14396] Trend Micro Products AntiVirus Library Buffer Overflow
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2005-02-25
ISS X-Force has reported a vulnerability in various Trend Micro
products, which can be exploited by malicious people to compromise a
vulnerable system.
Full Advisory:
http://secunia.com/advisories/14396/
--
[SA14418] Forumwa Two Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting
Released: 2005-03-02
Raven has reported two vulnerabilities in Forumwa, which can be
exploited by malicious people to conduct cross-site scripting attacks
and malicious users to conduct script insertion attacks.
Full Advisory:
http://secunia.com/advisories/14418/
--
[SA14414] MercuryBoard Two Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting, Manipulation of data
Released: 2005-03-02
Doctor Grim has reported two vulnerabilities in MercuryBoard, which can
be exploited by malicious people to conduct script insertion and SQL
injection attacks.
Full Advisory:
http://secunia.com/advisories/14414/
--
[SA14413] phpBB "autologinid" Security Bypass
Critical: Moderately critical
Where: From remote
Impact: Security Bypass
Released: 2005-02-28
A vulnerability has been reported in phpBB, which can be exploited by
malicious people to bypass certain security restrictions.
Full Advisory:
http://secunia.com/advisories/14413/
--
[SA14407] Mozilla / Firefox / Thunderbird Multiple Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Spoofing, Manipulation of data, Exposure of system
information, Exposure of sensitive information, Privilege escalation,
System access
Released: 2005-03-01
Details have been released about several vulnerabilities in Firefox,
Mozilla and Thunderbird. These can be exploited by malicious, local
users to perform certain actions on a vulnerable system with escalated
privileges and by malicious people to conduct spoofing attacks,
disclose and manipulate sensitive information, and potentially
compromise a user's system.
Full Advisory:
http://secunia.com/advisories/14407/
--
[SA14394] PunBB Multiple Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Security Bypass, Manipulation of data, Exposure of
sensitive information
Released: 2005-02-25
Some vulnerabilities have been reported in PunBB, which potentially can
be exploited by malicious users to disclose sensitive information, and
by malicious people to bypass certain security restrictions and conduct
SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/14394/
--
[SA14438] CA License Software Multiple Buffer Overflow Vulnerabilities
Critical: Moderately critical
Where: From local network
Impact: System access
Released: 2005-03-02
Multiple vulnerabilities have been reported in the CA License software,
which can be exploited by malicious people to compromise a vulnerable
system.
Full Advisory:
http://secunia.com/advisories/14438/
--
[SA14434] 427BB "user" Cross Site Scripting Vulnerability
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2005-03-02
Raven has reported a vulnerability in 427BB, allowing malicious people
to conduct cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/14434/
--
[SA14416] CubeCart Cross-Site Scripting Vulnerabilities
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2005-02-28
Lostmon has reported multiple vulnerabilities in CubeCart, which can be
exploited by malicious people to conduct cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/14416/
--
[SA14409] PHP "readfile()" Denial of Service
Critical: Less critical
Where: From remote
Impact: DoS
Released: 2005-03-01
A vulnerability has been reported in PHP, which can be exploited by
malicious people to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/14409/
--
[SA14406] Mozilla Firefox Image Javascript URI Dragging Cross-Site
Scripting
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2005-03-01
Paul has reported a vulnerability in Mozilla Firefox, which can be
exploited by malicious people to conduct cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/14406/
--
[SA14417] NX Server X Server Authentication Bypass Security Issue
Critical: Less critical
Where: Local system
Impact: Security Bypass
Released: 2005-02-28
Two security issues have been reported in NX Server, which can be
exploited by malicious, local users to bypass certain security
restrictions.
Full Advisory:
http://secunia.com/advisories/14417/
========================================================================
Secunia recommends that you verify all advisories you receive,
by clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only use
those supplied by the vendor.
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Subscribe:
http://secunia.com/secunia_weekly_summary/
Contact details:
Web : http://secunia.com/
E-mail : support at secunia.com
Tel : +45 70 20 51 44
Fax : +45 70 20 51 45
More information about the ISN
mailing list