[ISN] Secunia Weekly Summary - Issue: 2005-12
InfoSec News
isn at c4i.org
Fri Mar 25 04:36:48 EST 2005
========================================================================
The Secunia Weekly Advisory Summary
2005-03-17 - 2005-03-24
This week : 88 advisories
========================================================================
Table of Contents:
1.....................................................Word From Secunia
2....................................................This Week In Brief
3...............................This Weeks Top Ten Most Read Advisories
4.......................................Vulnerabilities Summary Listing
5.......................................Vulnerabilities Content Listing
========================================================================
1) Word From Secunia:
Want a new IT Security job?
Vacant positions at Secunia:
http://secunia.com/secunia_vacancies/
========================================================================
2) This Week in Brief:
Apple has released a new security update for Mac OS X, which corrects
several vulnerabilities, including the famous IDN Spoofing
Vulnerability.
A complete listing of the vulnerabilities can be found in Secunia
advisory SA14655. Additional details about the IDN Spoofing
vulnerability can be found in SA14164.
References:
http://secunia.com/SA14655
http://secunia.com/SA14164
--
ISS X-Force has reported a vulnerability in various McAfee products,
which can be exploited to compromise a vulnerable system.
Please view Secunia advisory below for at complete listing of products
affected by this vulnerability.
References:
http://secunia.com/SA14628
VIRUS ALERTS:
Secunia has not issued any virus alerts during the week.
========================================================================
3) This Weeks Top Ten Most Read Advisories:
1. [SA14628] McAfee Multiple Products LHA File Handling Buffer
Overflow
2. [SA14163] Mozilla Products IDN Spoofing Security Issue
3. [SA14585] Linux Kernel Multiple Vulnerabilities
4. [SA14631] Microsoft Windows EMF File Denial of Service
Vulnerability
5. [SA14565] Firefox "Save Link As..." Status Bar Spoofing Weakness
6. [SA14595] Symantec Products Unspecified DNS Cache Poisoning
Vulnerability
7. [SA12889] Microsoft Internet Explorer Multiple Vulnerabilities
8. [SA12758] Microsoft Word Document Parsing Buffer Overflow
Vulnerability
9. [SA14640] Java Web Start JNLP File Command Line Argument Injection
Vulnerability
10. [SA14555] LimeWire Gnutella Disclosure of Sensitive Information
========================================================================
4) Vulnerabilities Summary Listing
Windows:
[SA14630] Cain & Abel IKE-PSK / HTTP Sniffer Buffer Overflow
Vulnerabilities
[SA14627] MailEnable Standard SMTP Format String Vulnerability
[SA14668] betaparticle blog Exposure of Sensitive Information and
Security Bypass
[SA14664] FileZilla Server Denial of Service Vulnerabilities
[SA14638] FUN labs Various Games Denial of Service Vulnerabilities
[SA14617] NotifyLink Enterprise Server Multiple Vulnerabilities
[SA14671] Mozilla Thunderbird Drag and Drop Vulnerability
[SA14662] Ocean FTP Server Multiple Connections Denial of Service
[SA14660] Proview Disassembler Filename Handling Buffer Overflow
[SA14625] ACS Blog "search" Cross-Site Scripting Vulnerability
[SA14629] iPool / iSnooker Sensitive Information Disclosure
[SA14616] Servers Alive Privilege Escalation Vulnerability
[SA14631] Microsoft Windows EMF File Denial of Service Vulnerability
[SA14610] IDA Pro Debugger Dynamic Link Library Loading Vulnerability
UNIX/Linux:
[SA14709] Red Hat update for Mozilla
[SA14706] Red Hat update for Thunderbird
[SA14705] Fedora update for Firefox
[SA14699] Fedora update for Thunderbird
[SA14698] Fedora update for mozilla
[SA14687] Red Hat update for imagemagick
[SA14655] Mac OS X Security Update Fixes Multiple Vulnerabilities
[SA14653] Ubuntu update for php4
[SA14650] SUSE Updates for Multiple Packages
[SA14623] Red Hat update for tetex
[SA14621] Ubuntu update for libxpm4/libxpm4-dbg
[SA14704] Fedora update for kdelibs
[SA14700] SUSE update for imagemagick
[SA14686] Red Hat update for ipsec-tools
[SA14683] Debian update for xloadimage
[SA14682] Red Hat update for kdelibs
[SA14681] Red Hat update for imagemagick
[SA14675] IPsec-Tools ISAKMP Header Parsing Denial of Service
[SA14666] Red Hat update for libexif
[SA14665] Red Hat update for realplayer
[SA14661] Debian update for xli
[SA14656] Trustix update for mysql / kernel
[SA14637] Gentoo update for sylpheed/sylpheed-claws
[SA14634] Gentoo update for rxvt-unicode
[SA14633] Red Hat update for sylpheed
[SA14632] Red Hat update for ethereal
[SA14624] Red Hat Postfix IPv6 Relaying Security Issue
[SA14622] Sylpheed-Claws Message Reply Buffer Overflow Vulnerability
[SA14620] Fedora update for ethereal
[SA14619] Gentoo update for curl
[SA14614] SUSE update for MozillaFirefox
[SA14612] Conectiva update for cyrus-imapd
[SA14636] Gentoo update for openslp
[SA14708] Interspire ArticleLive 2005 "ArticleId" Cross-Site Scripting
Vulnerability
[SA14678] Fedora update for mailman
[SA14677] Sun Java System Application Server Cross-Site Scripting
[SA14674] HP-UX Apache Security Bypass and Denial of Service
[SA14673] Gentoo dyndnsupdate Multiple Buffer Overflows
[SA14667] Red Hat update for mailman
[SA14663] Xzabite dyndnsupdate Multiple Buffer Overflows
[SA14646] AnswerBook2 Documentation Server Two Vulnerabilities
[SA14643] Fedora update for xloadimage
[SA14615] Gentoo update for grip
[SA14657] Mandrake update for mysql
[SA14618] Gentoo update for mysql
[SA14672] Debian update for perl
[SA14645] Sun Solaris newgrp Privilege Escalation Vulnerability
[SA14639] Gentoo update for ltris
[SA14635] LTris Highscore List Buffer Overflow Vulnerability
[SA14613] Conectiva update for kdenetwork
[SA14626] Gentoo update for kdelibs
Other:
Cross Platform:
[SA14707] Vortex Portal "act" File Inclusion Vulnerability
[SA14688] Double Choco Latte Cross-Site Scripting and PHP Code
Execution
[SA14685] Mozilla Thunderbird GIF Image Processing Buffer Overflow
Vulnerability
[SA14684] Mozilla Security Bypass and Buffer Overflow Vulnerabilities
[SA14670] CzarNews "tpath" File Inclusion Vulnerability
[SA14669] TRG News Script "dir" File Inclusion Vulnerability
[SA14654] Mozilla Firefox Three Vulnerabilities
[SA14649] DeleGate Multiple Unspecified Buffer Overflow
Vulnerabilities
[SA14640] Java Web Start JNLP File Command Line Argument Injection
Vulnerability
[SA14628] McAfee Multiple Products LHA File Handling Buffer Overflow
[SA14676] BirdBlog "userid" and "userpw" SQL Injection Vulnerability
[SA14652] Subdreamer Light Global Variables SQL Injection
Vulnerability
[SA14648] exoops "file" Exposure of Sensitive Information
[SA14647] Runcms "file" Exposure of Sensitive Information
[SA14642] phpmyfamily SQL Injection Vulnerabilities
[SA14641] ciamos "file" Exposure of Sensitive Information
[SA14690] phpSysInfo Cross-Site Scripting Vulnerabilities
[SA14680] phorum "body" Parameter HTTP Response Splitting
[SA14679] MercuryBoard "title" Script Insertion Vulnerability
[SA14658] SurgeMail Three Vulnerabilities
[SA14651] PHPOpenChat Cross-Site Scripting Vulnerabilities
[SA14644] Icecast XSL Stylesheet Source Exposure
[SA14611] Novell Netware Xsession Security Bypass
========================================================================
5) Vulnerabilities Content Listing
Windows:--
[SA14630] Cain & Abel IKE-PSK / HTTP Sniffer Buffer Overflow
Vulnerabilities
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2005-03-18
Two vulnerabilities have been reported in Cain & Abel. One has an
unknown impact and the other can be exploited by malicious people to
compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/14630/
--
[SA14627] MailEnable Standard SMTP Format String Vulnerability
Critical: Highly critical
Where: From remote
Impact: DoS, System access
Released: 2005-03-18
Mati Aharoni has discovered a vulnerability in MailEnable Standard,
which can be exploited by malicious people to cause a DoS (Denial of
Service) and potentially compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/14627/
--
[SA14668] betaparticle blog Exposure of Sensitive Information and
Security Bypass
Critical: Moderately critical
Where: From remote
Impact: Security Bypass, Exposure of sensitive information
Released: 2005-03-22
farhad koosha has reported a vulnerability and a security issue in
betaparticle blog, which can be exploited by malicious people to bypass
certain security restrictions and disclose sensitive information.
Full Advisory:
http://secunia.com/advisories/14668/
--
[SA14664] FileZilla Server Denial of Service Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2005-03-22
Two vulnerabilities have been reported in FileZilla Server, which can
be exploited by malicious people to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/14664/
--
[SA14638] FUN labs Various Games Denial of Service Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2005-03-22
Luigi Auriemma has reported two vulnerabilities in various FUN labs
games, which can be exploited by malicious people to cause a DoS
(Denial of Service).
Full Advisory:
http://secunia.com/advisories/14638/
--
[SA14617] NotifyLink Enterprise Server Multiple Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Security Bypass, Manipulation of data, Exposure of
sensitive information
Released: 2005-03-18
NOAA NCIRT Lab has reported some vulnerabilities in NotifyLink
Enterprise Server, which can be exploited to disclose sensitive
information, bypass certain security restrictions, and conduct SQL
injection attacks.
Full Advisory:
http://secunia.com/advisories/14617/
--
[SA14671] Mozilla Thunderbird Drag and Drop Vulnerability
Critical: Less critical
Where: From remote
Impact: Manipulation of data
Released: 2005-03-22
A vulnerability has been reported in Thunderbird, which can be
exploited by malicious people to plant malware on a user's system.
Full Advisory:
http://secunia.com/advisories/14671/
--
[SA14662] Ocean FTP Server Multiple Connections Denial of Service
Critical: Less critical
Where: From remote
Impact: DoS
Released: 2005-03-22
GSS-IT has reported a vulnerability in Ocean FTP Server, which can be
exploited by malicious people to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/14662/
--
[SA14660] Proview Disassembler Filename Handling Buffer Overflow
Critical: Less critical
Where: From remote
Impact: System access
Released: 2005-03-22
HaCkZaTaN has discovered a vulnerability in Proview Disassembler, which
potentially can be exploited by malicious people to compromise a user's
system.
Full Advisory:
http://secunia.com/advisories/14660/
--
[SA14625] ACS Blog "search" Cross-Site Scripting Vulnerability
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2005-03-18
farhad koosha has reported a vulnerability in ACS Blog, which can be
exploited by malicious people to conduct cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/14625/
--
[SA14629] iPool / iSnooker Sensitive Information Disclosure
Critical: Less critical
Where: Local system
Impact: Exposure of sensitive information
Released: 2005-03-18
Kozan has discovered a security issue in iPool and iSnooker, which can
be exploited by malicious, local users to disclose sensitive
information.
Full Advisory:
http://secunia.com/advisories/14629/
--
[SA14616] Servers Alive Privilege Escalation Vulnerability
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2005-03-17
Michael Starks has discovered a vulnerability in Servers Alive, which
can be exploited by malicious, local users to gain escalated
privileges.
Full Advisory:
http://secunia.com/advisories/14616/
--
[SA14631] Microsoft Windows EMF File Denial of Service Vulnerability
Critical: Not critical
Where: From remote
Impact: DoS
Released: 2005-03-18
Hongzhen Zhou has discovered a vulnerability in Microsoft Windows,
which can be exploited by malicious people to cause a DoS (Denial of
Service).
Full Advisory:
http://secunia.com/advisories/14631/
--
[SA14610] IDA Pro Debugger Dynamic Link Library Loading Vulnerability
Critical: Not critical
Where: From remote
Impact: System access
Released: 2005-03-17
Piotr Bania has reported a vulnerability in IDA Pro, which can be
exploited by malicious people to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/14610/
UNIX/Linux:--
[SA14709] Red Hat update for Mozilla
Critical: Highly critical
Where: From remote
Impact: Security Bypass, Cross Site Scripting, Spoofing, System
access
Released: 2005-03-24
Red Hat has issued an update for Mozilla. This fixes several
vulnerabilities, which can be exploited by malicious people to bypass
certain security restrictions, conduct cross-site scripting attacks,
conduct spoofing attacks and compromise a user's system.
Full Advisory:
http://secunia.com/advisories/14709/
--
[SA14706] Red Hat update for Thunderbird
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2005-03-24
Red Hat has issued an update for Thunderbird. This fixes two
vulnerabilities, which can be exploited by malicious people to
compromise a user's system.
Full Advisory:
http://secunia.com/advisories/14706/
--
[SA14705] Fedora update for Firefox
Critical: Highly critical
Where: From remote
Impact: Security Bypass
Released: 2005-03-24
Fedora has issued an update for Firefox. This fixes three
vulnerabilities, which can be exploited by malicious people to bypass
certain security restrictions and compromise a user's system.
Full Advisory:
http://secunia.com/advisories/14705/
--
[SA14699] Fedora update for Thunderbird
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2005-03-24
Fedora has issued an update for Thunderbird. This fixes two
vulnerabilities, which can be exploited by malicious people to
compromise a user's system.
Full Advisory:
http://secunia.com/advisories/14699/
--
[SA14698] Fedora update for mozilla
Critical: Highly critical
Where: From remote
Impact: Security Bypass, Cross Site Scripting, Spoofing, Exposure
of system information, Exposure of sensitive information, System
access
Released: 2005-03-24
Fedora has issued an update for mozilla. This fixes some
vulnerabilities, which can be exploited to bypass certain security
restrictions, conduct spoofing and script insertion attacks, disclose
various information, or compromise a user's system.
Full Advisory:
http://secunia.com/advisories/14698/
--
[SA14687] Red Hat update for imagemagick
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2005-03-23
Red Hat has issued an update for imagemagick. This fixes some
vulnerabilities, which potentially can be exploited by malicious people
to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/14687/
--
[SA14655] Mac OS X Security Update Fixes Multiple Vulnerabilities
Critical: Highly critical
Where: From remote
Impact: Security Bypass, Spoofing, Exposure of sensitive
information, Privilege escalation, DoS, System access
Released: 2005-03-22
Apple has issued a security update for Mac OS X, which fixes various
vulnerabilities.
Full Advisory:
http://secunia.com/advisories/14655/
--
[SA14653] Ubuntu update for php4
Critical: Highly critical
Where: From remote
Impact: Security Bypass, System access
Released: 2005-03-21
Ubuntu has issued an update for php4. This fixes some vulnerabilities,
which can be exploited to bypass certain security restrictions or
compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/14653/
--
[SA14650] SUSE Updates for Multiple Packages
Critical: Highly critical
Where: From remote
Impact: DoS, System access
Released: 2005-03-21
SUSE has issued updates for multiple packages. These fix various
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service) or potentially compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/14650/
--
[SA14623] Red Hat update for tetex
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2005-03-17
Red Hat has issued an update for tetex. This fixes some
vulnerabilities, which potentially can be exploited by malicious people
to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/14623/
--
[SA14621] Ubuntu update for libxpm4/libxpm4-dbg
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2005-03-17
Ubuntu has issued updates for libxpm4 and libxpm4-dbg. These fix a
vulnerability, which potentially can be exploited by malicious people
to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/14621/
--
[SA14704] Fedora update for kdelibs
Critical: Moderately critical
Where: From remote
Impact: DoS, Privilege escalation, Spoofing
Released: 2005-03-24
Fedora has issued an update for kdelibs. This fixes two vulnerabilities
and a security issue, which can be exploited by malicious, local users
to cause a DoS (Denial of Service), perform certain actions with
escalated privileges on a vulnerable system, and by a malicious web
site to spoof the URL displayed in the address bar and status bar.
Full Advisory:
http://secunia.com/advisories/14704/
--
[SA14700] SUSE update for imagemagick
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2005-03-24
SUSE has issued an update for imagemagick. This fixes some
vulnerabilities, which potentially can be exploited by malicious people
to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/14700/
--
[SA14686] Red Hat update for ipsec-tools
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2005-03-23
Red Hat has issued an update for ipsec-tools. This fixes a
vulnerability, which can be exploited by malicious people to cause a
DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/14686/
--
[SA14683] Debian update for xloadimage
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2005-03-23
Debian has issued an update for xloadimage. This fixes some
vulnerabilities, which can be exploited by malicious people to
compromise a user's system.
Full Advisory:
http://secunia.com/advisories/14683/
--
[SA14682] Red Hat update for kdelibs
Critical: Moderately critical
Where: From remote
Impact: Spoofing, Privilege escalation, DoS
Released: 2005-03-23
Red Hat has issued an update for kdelibs. This fixes two
vulnerabilities and a security issue, which can be exploited by
malicious, local users to cause a DoS (Denial of Service), perform
certain actions with escalated privileges on a vulnerable system, and
by a malicious web site to spoof the URL displayed in the address bar
and status bar.
Full Advisory:
http://secunia.com/advisories/14682/
--
[SA14681] Red Hat update for imagemagick
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2005-03-23
Red Hat has issued an update for imagemagick. This fixes a
vulnerability, which potentially can be exploited by malicious people
to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/14681/
--
[SA14675] IPsec-Tools ISAKMP Header Parsing Denial of Service
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2005-03-23
A vulnerability has been reported in IPsec-Tools, which can be
exploited by malicious people to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/14675/
--
[SA14666] Red Hat update for libexif
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2005-03-22
Red Hat has issued an update for libexif. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service) or potentially compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/14666/
--
[SA14665] Red Hat update for realplayer
Critical: Moderately critical
Where: From remote
Impact: Unknown
Released: 2005-03-22
Full Advisory:
http://secunia.com/advisories/14665/
--
[SA14661] Debian update for xli
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2005-03-22
Debian has issued an update for xli. This fixes some vulnerabilities,
which can be exploited by malicious people to compromise a user's
system.
Full Advisory:
http://secunia.com/advisories/14661/
--
[SA14656] Trustix update for mysql / kernel
Critical: Moderately critical
Where: From remote
Impact: System access, DoS, Privilege escalation
Released: 2005-03-22
Trustix has issued updates for mysql and the kernel. These fix various
vulnerabilities, which can be exploited to cause a DoS (Denial of
Service), perform certain actions with escalated privileges, or
compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/14656/
--
[SA14637] Gentoo update for sylpheed/sylpheed-claws
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2005-03-21
Gentoo has issued updates for sylpheed and sylpheed-claws. These fix a
vulnerability, which potentially can be exploited by malicious people
to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/14637/
--
[SA14634] Gentoo update for rxvt-unicode
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2005-03-21
Gentoo has issued an update for rxvt-unicode. This fixes a
vulnerability, which can be exploited by malicious people to compromise
a user's system.
Full Advisory:
http://secunia.com/advisories/14634/
--
[SA14633] Red Hat update for sylpheed
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2005-03-18
Red Hat has issued an update for sylpheed. This fixes a vulnerability,
which potentially can be exploited by malicious people to compromise a
user's system.
Full Advisory:
http://secunia.com/advisories/14633/
--
[SA14632] Red Hat update for ethereal
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2005-03-18
Red Hat has issued an update for ethereal. This fixes some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service) and potentially compromise a vulnerable
system.
Full Advisory:
http://secunia.com/advisories/14632/
--
[SA14624] Red Hat Postfix IPv6 Relaying Security Issue
Critical: Moderately critical
Where: From remote
Impact: Security Bypass
Released: 2005-03-17
Red Hat has issued an update for postfix. This fixes a security issue,
which can be exploited by malicious people to use a vulnerable system
as an open relay.
Full Advisory:
http://secunia.com/advisories/14624/
--
[SA14622] Sylpheed-Claws Message Reply Buffer Overflow Vulnerability
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2005-03-21
A vulnerability has been reported in Sylpheed-Claws, which potentially
can be exploited by malicious people to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/14622/
--
[SA14620] Fedora update for ethereal
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2005-03-17
Fedora has issued an update for ethereal. This fixes some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service) and potentially compromise a vulnerable
system.
Full Advisory:
http://secunia.com/advisories/14620/
--
[SA14619] Gentoo update for curl
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2005-03-17
Gentoo has issued an update for curl. This fixes a vulnerability, which
can be exploited by malicious people to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/14619/
--
[SA14614] SUSE update for MozillaFirefox
Critical: Moderately critical
Where: From remote
Impact: Security Bypass, Cross Site Scripting, Spoofing, System
access
Released: 2005-03-17
SUSE has issued an update for MozillaFirefox. This fixes some
vulnerabilities, which can be exploited by a malicious web site to
spoof the URL displayed in the address bar, SSL certificate, and status
bar and by malicious people to conduct cross-site scripting attacks,
bypass certain security restrictions and potentially compromise a
user's system.
Full Advisory:
http://secunia.com/advisories/14614/
--
[SA14612] Conectiva update for cyrus-imapd
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2005-03-18
Conectiva has issued an update for cyrus-imapd. This fixes some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service) and potentially compromise a vulnerable
system.
Full Advisory:
http://secunia.com/advisories/14612/
--
[SA14636] Gentoo update for openslp
Critical: Moderately critical
Where: From local network
Impact: System access
Released: 2005-03-21
Gentoo has issued an update for openslp. This fixes some
vulnerabilities, which can be exploited by malicious people to
compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/14636/
--
[SA14708] Interspire ArticleLive 2005 "ArticleId" Cross-Site Scripting
Vulnerability
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2005-03-24
mircia has reported a vulnerability in Interspire ArticleLive 2005,
which can be exploited by malicious people to conduct cross-site
scripting attacks.
Full Advisory:
http://secunia.com/advisories/14708/
--
[SA14678] Fedora update for mailman
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2005-03-23
Fedora has issued an update for mailman. This fixes a vulnerability,
which can be exploited by malicious people to conduct cross-site
scripting attacks.
Full Advisory:
http://secunia.com/advisories/14678/
--
[SA14677] Sun Java System Application Server Cross-Site Scripting
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2005-03-23
Eric Hobbs has reported a vulnerability in Sun Java System Application
Server, which can be exploited by malicious people to conduct
cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/14677/
--
[SA14674] HP-UX Apache Security Bypass and Denial of Service
Critical: Less critical
Where: From remote
Impact: Security Bypass, DoS
Released: 2005-03-22
HP has acknowledged some vulnerabilities in HP-UX Apache, which can be
exploited by malicious people to bypass certain security restrictions
or cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/14674/
--
[SA14673] Gentoo dyndnsupdate Multiple Buffer Overflows
Critical: Less critical
Where: From remote
Impact: System access
Released: 2005-03-22
Gentoo has acknowledged some vulnerabilities in dyndnsupdate, which
potentially can be exploited by malicious people to compromise a user's
system.
Full Advisory:
http://secunia.com/advisories/14673/
--
[SA14667] Red Hat update for mailman
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2005-03-22
Red Hat has issued an update for mailman. This fixes a vulnerability,
which can be exploited by malicious people to conduct cross-site
scripting attacks.
Full Advisory:
http://secunia.com/advisories/14667/
--
[SA14663] Xzabite dyndnsupdate Multiple Buffer Overflows
Critical: Less critical
Where: From remote
Impact: System access
Released: 2005-03-22
Toby Dickenson has reported multiple vulnerabilities in Xzabite
dyndnsupdate, which potentially can be exploited by malicious people to
compromise a user's system.
Full Advisory:
http://secunia.com/advisories/14663/
--
[SA14646] AnswerBook2 Documentation Server Two Vulnerabilities
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2005-03-21
Thomas Liam Romanis has reported two vulnerabilities in AnswerBook2
Documentation Server, which can be exploited by malicious people to
conduct cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/14646/
--
[SA14643] Fedora update for xloadimage
Critical: Less critical
Where: From remote
Impact: System access
Released: 2005-03-21
Fedora has issued an update for xloadimage. This fixes a vulnerability,
which potentially can be exploited by malicious people to compromise a
user's system.
Full Advisory:
http://secunia.com/advisories/14643/
--
[SA14615] Gentoo update for grip
Critical: Less critical
Where: From remote
Impact: System access
Released: 2005-03-18
Gentoo has issued an update for grip. This fixes a vulnerability, which
potentially can be exploited by malicious people to compromise a user's
system.
Full Advisory:
http://secunia.com/advisories/14615/
--
[SA14657] Mandrake update for mysql
Critical: Less critical
Where: From local network
Impact: Privilege escalation, System access
Released: 2005-03-22
MandrakeSoft has issued an update for mysql. This fixes some
vulnerabilities, which potentially can be exploited by malicious users
to compromise a vulnerable system and by malicious, local users to
perform certain actions on a vulnerable system with escalated
privileges.
Full Advisory:
http://secunia.com/advisories/14657/
--
[SA14618] Gentoo update for mysql
Critical: Less critical
Where: From local network
Impact: Privilege escalation, System access
Released: 2005-03-17
Gentoo has issued an update for mysql. This fixes some vulnerabilities,
which potentially can be exploited by malicious users to compromise a
vulnerable system and by malicious, local users to perform certain
actions on a vulnerable system with escalated privileges.
Full Advisory:
http://secunia.com/advisories/14618/
--
[SA14672] Debian update for perl
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2005-03-22
Debian has issued an update for perl. This fixes a vulnerability, which
can be exploited by malicious, local users to gain escalated
privileges.
Full Advisory:
http://secunia.com/advisories/14672/
--
[SA14645] Sun Solaris newgrp Privilege Escalation Vulnerability
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2005-03-21
A vulnerability has been reported in Sun Solaris, which can be
exploited by malicious, local users to gain escalated privileges.
Full Advisory:
http://secunia.com/advisories/14645/
--
[SA14639] Gentoo update for ltris
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2005-03-21
Gentoo has issued an update for ltris. This fixes a vulnerability,
which can be exploited by malicious, local users to gain escalated
privileges.
Full Advisory:
http://secunia.com/advisories/14639/
--
[SA14635] LTris Highscore List Buffer Overflow Vulnerability
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2005-03-21
A vulnerability has been reported in LTris, which can be exploited by
malicious, local users to gain escalated privileges.
Full Advisory:
http://secunia.com/advisories/14635/
--
[SA14613] Conectiva update for kdenetwork
Critical: Less critical
Where: Local system
Impact: Manipulation of data
Released: 2005-03-17
Conectiva has issued an update for kdenetwork. This fixes a
vulnerability, which can be exploited by malicious, local users to
manipulate the contents of certain files.
Full Advisory:
http://secunia.com/advisories/14613/
--
[SA14626] Gentoo update for kdelibs
Critical: Not critical
Where: Local system
Impact: DoS
Released: 2005-03-21
Gentoo has issued an update for kdelibs. This fixes a vulnerability,
which can be exploited by malicious, local users to cause a DoS (Denial
of Service).
Full Advisory:
http://secunia.com/advisories/14626/
Other:
Cross Platform:--
[SA14707] Vortex Portal "act" File Inclusion Vulnerability
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2005-03-24
Francisco Alisson has reported a vulnerability in Vortex Portal, which
can be exploited by malicious people to compromise a vulnerable
system.
Full Advisory:
http://secunia.com/advisories/14707/
--
[SA14688] Double Choco Latte Cross-Site Scripting and PHP Code
Execution
Critical: Highly critical
Where: From remote
Impact: Cross Site Scripting, System access
Released: 2005-03-24
James Bercegay has reported two vulnerabilities in Double Choco Latte,
which can be exploited by malicious people to conduct cross-site
scripting attacks and potentially compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/14688/
--
[SA14685] Mozilla Thunderbird GIF Image Processing Buffer Overflow
Vulnerability
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2005-03-24
Mark Dowd has reported a vulnerability in Thunderbird, which can be
exploited by malicious people to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/14685/
--
[SA14684] Mozilla Security Bypass and Buffer Overflow Vulnerabilities
Critical: Highly critical
Where: From remote
Impact: Security Bypass, System access
Released: 2005-03-24
Two vulnerabilities have been reported in Mozilla, which can be
exploited by malicious people to bypass certain security restrictions
and compromise a user's system.
Full Advisory:
http://secunia.com/advisories/14684/
--
[SA14670] CzarNews "tpath" File Inclusion Vulnerability
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2005-03-22
Frank "brOmstar" Reissner has reported a vulnerability in CzarNews,
which can be exploited by malicious people to compromise a vulnerable
system.
Full Advisory:
http://secunia.com/advisories/14670/
--
[SA14669] TRG News Script "dir" File Inclusion Vulnerability
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2005-03-22
Frank "brOmstar" Reissner has reported a vulnerability in TRG News
Script, which can be exploited by malicious people to compromise a
vulnerable system.
Full Advisory:
http://secunia.com/advisories/14669/
--
[SA14654] Mozilla Firefox Three Vulnerabilities
Critical: Highly critical
Where: From remote
Impact: Security Bypass, System access
Released: 2005-03-24
Three vulnerabilities have been reported in Firefox, which can be
exploited by malicious people to bypass certain security restrictions
and compromise a user's system.
Full Advisory:
http://secunia.com/advisories/14654/
--
[SA14649] DeleGate Multiple Unspecified Buffer Overflow
Vulnerabilities
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2005-03-22
Some vulnerabilities have been reported in DeleGate, which potentially
can be exploited by malicious people to compromise a vulnerable
system.
Full Advisory:
http://secunia.com/advisories/14649/
--
[SA14640] Java Web Start JNLP File Command Line Argument Injection
Vulnerability
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2005-03-21
Jouko Pynnönen has reported a vulnerability in Java Web Start, which
can be exploited by malicious people to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/14640/
--
[SA14628] McAfee Multiple Products LHA File Handling Buffer Overflow
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2005-03-18
ISS X-Force has reported a vulnerability in multiple McAfee products,
which can be exploited by malicious people to compromise a vulnerable
system.
Full Advisory:
http://secunia.com/advisories/14628/
--
[SA14676] BirdBlog "userid" and "userpw" SQL Injection Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2005-03-23
A vulnerability has been reported in BirdBlog, which can be exploited
by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/14676/
--
[SA14652] Subdreamer Light Global Variables SQL Injection
Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2005-03-21
GHC team has reported a vulnerability in Subdreamer Light, which can be
exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/14652/
--
[SA14648] exoops "file" Exposure of Sensitive Information
Critical: Moderately critical
Where: From remote
Impact: Exposure of sensitive information
Released: 2005-03-21
NT has reported a vulnerability in exoops, which can be exploited by
malicious people to disclose sensitive information.
Full Advisory:
http://secunia.com/advisories/14648/
--
[SA14647] Runcms "file" Exposure of Sensitive Information
Critical: Moderately critical
Where: From remote
Impact: Exposure of sensitive information
Released: 2005-03-21
NT has reported a vulnerability in Runcms, which can be exploited by
malicious people to disclose sensitive information.
Full Advisory:
http://secunia.com/advisories/14647/
--
[SA14642] phpmyfamily SQL Injection Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2005-03-22
ADZ Security Team has reported some vulnerabilities in phpmyfamily,
which can be exploited by malicious people to conduct SQL injection
attacks.
Full Advisory:
http://secunia.com/advisories/14642/
--
[SA14641] ciamos "file" Exposure of Sensitive Information
Critical: Moderately critical
Where: From remote
Impact: Exposure of sensitive information
Released: 2005-03-21
NT has reported a vulnerability in ciamos, which can be exploited by
malicious people to disclose sensitive information.
Full Advisory:
http://secunia.com/advisories/14641/
--
[SA14690] phpSysInfo Cross-Site Scripting Vulnerabilities
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting, Exposure of system information
Released: 2005-03-24
Maksymilian Arciemowicz has reported some vulnerabilities in
phpSysInfo, which can be exploited by malicious people to conduct
cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/14690/
--
[SA14680] phorum "body" Parameter HTTP Response Splitting
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2005-03-23
Positive Technologies has reported a vulnerability in phorum, which can
be exploited by malicious people to conduct cross-site scripting
attacks.
Full Advisory:
http://secunia.com/advisories/14680/
--
[SA14679] MercuryBoard "title" Script Insertion Vulnerability
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2005-03-23
Secunia Research has discovered a vulnerability in MercuryBoard, which
can be exploited by malicious users to conduct script insertion
attacks.
Full Advisory:
http://secunia.com/advisories/14679/
--
[SA14658] SurgeMail Three Vulnerabilities
Critical: Less critical
Where: From remote
Impact: Security Bypass, Cross Site Scripting, Exposure of system
information, Exposure of sensitive information
Released: 2005-03-22
Tan Chew Keong has reported three vulnerabilities in SurgeMail, which
can be exploited by malicious people to conduct cross-site scripting
attacks and by malicious users to conduct script insertion attacks,
bypass certain security restrictions, and gain knowledge of various
information.
Full Advisory:
http://secunia.com/advisories/14658/
--
[SA14651] PHPOpenChat Cross-Site Scripting Vulnerabilities
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2005-03-22
Pi3cH has reported some vulnerabilities in PHPOpenChat, which can be
exploited by malicious people to conduct cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/14651/
--
[SA14644] Icecast XSL Stylesheet Source Exposure
Critical: Less critical
Where: From remote
Impact: Exposure of sensitive information
Released: 2005-03-21
Patrick has discovered a vulnerability in Icecast, which can be
exploited by malicious people to disclose potentially sensitive
information.
Full Advisory:
http://secunia.com/advisories/14644/
--
[SA14611] Novell Netware Xsession Security Bypass
Critical: Less critical
Where: From local network
Impact: Security Bypass
Released: 2005-03-17
A vulnerability has been reported in Novell Netware, which can be
exploited by malicious people to bypass certain security restrictions.
Full Advisory:
http://secunia.com/advisories/14611/
========================================================================
Secunia recommends that you verify all advisories you receive,
by clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only use
those supplied by the vendor.
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Subscribe:
http://secunia.com/secunia_weekly_summary/
Contact details:
Web : http://secunia.com/
E-mail : support at secunia.com
Tel : +45 70 20 51 44
Fax : +45 70 20 51 45
More information about the ISN
mailing list