[ISN] Secunia Weekly Summary - Issue: 2005-36
InfoSec News
isn at c4i.org
Sat Sep 10 00:28:47 EDT 2005
========================================================================
The Secunia Weekly Advisory Summary
2005-09-01 - 2005-09-08
This week : 60 advisories
========================================================================
Table of Contents:
1.....................................................Word From Secunia
2....................................................This Week In Brief
3...............................This Weeks Top Ten Most Read Advisories
4.......................................Vulnerabilities Summary Listing
5.......................................Vulnerabilities Content Listing
========================================================================
1) Word From Secunia:
The Secunia staff is spending hours every day to assure you the best
and most reliable source for vulnerability information. Every single
vulnerability report is being validated and verified before a Secunia
advisory is written.
Secunia validates and verifies vulnerability reports in many different
ways e.g. by downloading the software and performing comprehensive
tests, by reviewing source code, or by validating the credibility of
the source from which the vulnerability report was issued.
As a result, Secunia's database is the most correct and complete source
for recent vulnerability information available on the Internet.
Secunia Online Vulnerability Database:
http://secunia.com/
========================================================================
2) This Week in Brief:
Secunia Research has discovered a vulnerability in ALZip, which can be
exploited by malicious people to compromise a vulnerable system.
Additional details can be found in the referenced Secunia advisory.
Reference:
http://secunia.com/SA16479
VIRUS ALERTS:
Secunia has not issued any virus alerts during the week.
========================================================================
3) This Weeks Top Ten Most Read Advisories:
1. [SA16686] OpenSSH Two Security Issues
2. [SA16661] Gentoo update for phpwebsite
3. [SA16560] Windows Registry Editor Utility String Concealment
Weakness
4. [SA16480] Microsoft DDS Library Shape Control Code Execution
Vulnerability
5. [SA16466] Adobe Acrobat / Reader Plug-in Buffer Overflow
Vulnerability
6. [SA15601] Mozilla / Mozilla Firefox Frame Injection Vulnerability
7. [SA16653] Symantec Anti-Virus LiveUpdate Credentials Disclosure
8. [SA12758] Microsoft Word Document Parsing Buffer Overflow
Vulnerabilities
9. [SA16700] mod_ssl "SSLVerifyClient" Security Bypass Security Issue
10. [SA16683] Barracuda Spam Firewall Multiple Vulnerabilities
========================================================================
4) Vulnerabilities Summary Listing
Windows:
[SA16722] WebArchiveX ActiveX Control Insecure Methods
[SA16698] Free SMTP Server Open Mail Relay Vulnerability
[SA16685] Rediff Bol Exposure of Windows Address Book
[SA16684] N-Stealth Security Scanner "Server" Header Script Insertion
[SA16678] SlimFTPd Denial of Service Vulnerability
[SA16666] Savant Web Server Exposure of User Credentials
UNIX/Linux:
[SA16714] Ubuntu Updates for Multiple Packages
[SA16697] Gentoo update for openttd
[SA16696] OpenTTD Format String and Buffer Overflow Vulnerabilities
[SA16675] Debian update for webcalendar
[SA16670] Debian update for phpgroupware
[SA16723] Mandriva update for mplayer
[SA16709] Fedora update for squid
[SA16708] Squid "storeBuffer()" Denial of Service Vulnerability
[SA16705] Red Hat update for httpd
[SA16704] SqWebMail Conditional Comments Script Insertion
Vulnerability
[SA16700] mod_ssl "SSLVerifyClient" Security Bypass Security Issue
[SA16694] Gentoo update for gnumeric
[SA16690] Debian update for zsync
[SA16689] Debian update for affix
[SA16681] Debian update for proftpd
[SA16679] Debian update for pcre3
[SA16677] Trustix update for multiple packages
[SA16674] Squid "sslConnectTimeout()" Denial of Service Vulnerability
[SA16672] zsync Multiple zlib Vulnerabilities
[SA16737] Avaya Intuity Audix cpio Directory Traversal Vulnerability
[SA16702] Gentoo update for phpldapadmin
[SA16701] UnixWare ICMP Message Handling Denial of Service
[SA16686] OpenSSH Two Security Issues
[SA16676] Trustix update for cups
[SA16730] DCC dccifd Proxy Mode Denial of Service
[SA16736] Mandriva update for smb4k
[SA16724] Smb4k Insecure Temporary File Handling Vulnerability
[SA16720] Ubuntu update for kdebase-bin
[SA16716] Mandriva update for kdeedu
[SA16715] Mandriva update for kdebase
[SA16703] Fedora update for perl-DBI
[SA16695] Gentoo update for net-snmp
[SA16692] KDE kcheckpass Insecure Lock File Creation Vulnerability
[SA16725] Debian udpate for cvs
[SA16706] Red Hat update for cvs
[SA16687] Debian update for ntp
[SA16680] URBAN Symlink and Multiple Local Buffer Overflow
Vulnerabilities
[SA16673] Debian update for polygen
[SA16671] Polygen Output Files Insecure Permissions Weakness
Other:
[SA16683] Barracuda Spam Firewall Multiple Vulnerabilities
Cross Platform:
[SA16707] GuppY Multiple Vulnerabilities
[SA16693] MAXdev MD-Pro Multiple Vulnerabilities
[SA16682] WebGUI Perl Code Execution Vulnerabilities
[SA16733] Symantec Brightmail AntiSpam Denial of Service
Vulnerabilities
[SA16731] MAXdev MD-Pro Cross-Site Scripting and File Upload
Vulnerabilities
[SA16726] Unclassified NewsBoard "Description" Script Insertion
Vulnerability
[SA16721] phpCommunityCalendar Multiple Vulnerabilities
[SA16710] Land Down Under "neventtext" Script Insertion Vulnerability
[SA16699] myBloggie "username" SQL Injection Vulnerability
[SA16669] Nikto "Server" Header Script Insertion Vulnerability
[SA16667] Phorum "Username" Script Insertion Vulnerability
[SA16734] Open WebMail "sessionid" Cross-Site Scripting Vulnerability
[SA16668] gBook Unspecified Cross-Site Scripting Vulnerabilities
[SA16688] Apache PCRE Integer Overflow Vulnerability
========================================================================
5) Vulnerabilities Content Listing
Windows:--
[SA16722] WebArchiveX ActiveX Control Insecure Methods
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2005-09-07
Brett Moore has reported a vulnerability in WebArchiveX, which can be
exploited by malicious people to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/16722/
--
[SA16698] Free SMTP Server Open Mail Relay Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Security Bypass
Released: 2005-09-05
basher13 has discovered a vulnerability in Free SMTP Server, which can
be exploited by malicious people to use it as an open mail relay.
Full Advisory:
http://secunia.com/advisories/16698/
--
[SA16685] Rediff Bol Exposure of Windows Address Book
Critical: Moderately critical
Where: From remote
Impact: Exposure of sensitive information
Released: 2005-09-05
Gregory R. Panakkal has discovered a security issue in Rediff Bol,
which can be exploited by malicious people to disclose sensitive
information.
Full Advisory:
http://secunia.com/advisories/16685/
--
[SA16684] N-Stealth Security Scanner "Server" Header Script Insertion
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting
Released: 2005-09-02
Mariano Nunez Di Croce has reported a vulnerability in N-Stealth
Security Scanner, which can be exploited by malicious people to conduct
script insertion attacks.
Full Advisory:
http://secunia.com/advisories/16684/
--
[SA16678] SlimFTPd Denial of Service Vulnerability
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2005-09-02
Critical Security has discovered a vulnerability in SlimFTPd, which can
be exploited by malicious people to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/16678/
--
[SA16666] Savant Web Server Exposure of User Credentials
Critical: Less critical
Where: Local system
Impact: Exposure of sensitive information
Released: 2005-09-02
basher13 has discovered a security issue in Savant Web Server, which
can be exploited by malicious, local users to disclose potentially
sensitive information.
Full Advisory:
http://secunia.com/advisories/16666/
UNIX/Linux:--
[SA16714] Ubuntu Updates for Multiple Packages
Critical: Highly critical
Where: From remote
Impact: Security Bypass, DoS, System access
Released: 2005-09-07
Ubuntu has issued updates for multiple packages. These fix various
vulnerabilities and security issues, which can be exploited by
malicious people to cause a DoS (Denial of Service), and potentially
bypass certain security restrictions or compromise a vulnerable
system.
Full Advisory:
http://secunia.com/advisories/16714/
--
[SA16697] Gentoo update for openttd
Critical: Highly critical
Where: From remote
Impact: DoS, System access
Released: 2005-09-06
Gentoo has issued an update for openttd. This fixes some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service) or potentially compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/16697/
--
[SA16696] OpenTTD Format String and Buffer Overflow Vulnerabilities
Critical: Highly critical
Where: From remote
Impact: DoS, System access
Released: 2005-09-06
Alexey Dobriyan has reported some vulnerabilities in OpenTTD, which can
be exploited by malicious people to cause a DoS (Denial of Service) or
potentially compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/16696/
--
[SA16675] Debian update for webcalendar
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2005-09-02
Debian has issued an update for webcalendar. This fixes a
vulnerability, which can be exploited by malicious people to compromise
a vulnerable system.
Full Advisory:
http://secunia.com/advisories/16675/
--
[SA16670] Debian update for phpgroupware
Critical: Highly critical
Where: From remote
Impact: Security Bypass, Cross Site Scripting, System access
Released: 2005-09-02
Debian has issued an update for phpgroupware. This fixes some
vulnerabilities, which can be exploited by malicious administrative
users to conduct script insertion attacks, or by malicious people to
bypass certain security restrictions or compromise a vulnerable
system.
Full Advisory:
http://secunia.com/advisories/16670/
--
[SA16723] Mandriva update for mplayer
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2005-09-07
Mandriva has issued an update for mplayer. This fixes a vulnerability,
which potentially can be exploited by malicious people to compromise a
vulnerable system.
Full Advisory:
http://secunia.com/advisories/16723/
--
[SA16709] Fedora update for squid
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2005-09-07
Fedora has issued an update for squid. This fixes some vulnerabilities,
which potentially can be exploited by malicious people to cause a DoS
(Denial of Service).
Full Advisory:
http://secunia.com/advisories/16709/
--
[SA16708] Squid "storeBuffer()" Denial of Service Vulnerability
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2005-09-07
Nickolay has reported a vulnerability in Squid, which potentially can
be exploited by malicious people to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/16708/
--
[SA16705] Red Hat update for httpd
Critical: Moderately critical
Where: From remote
Impact: Security Bypass, DoS
Released: 2005-09-06
Red Hat has issued an update for httpd. This fixes a vulnerability and
a security issue, which can be exploited by malicious people to cause a
DoS (Denial of Service) and potentially bypass certain security
restrictions.
Full Advisory:
http://secunia.com/advisories/16705/
--
[SA16704] SqWebMail Conditional Comments Script Insertion
Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting
Released: 2005-09-06
Secunia Research has discovered a vulnerability in SqWebMail, which can
be exploited by malicious people to conduct script insertion attacks.
Full Advisory:
http://secunia.com/advisories/16704/
--
[SA16700] mod_ssl "SSLVerifyClient" Security Bypass Security Issue
Critical: Moderately critical
Where: From remote
Impact: Security Bypass
Released: 2005-09-05
A security issue has been reported in mod_ssl, which potentially can be
exploited by malicious people to bypass certain security restrictions.
Full Advisory:
http://secunia.com/advisories/16700/
--
[SA16694] Gentoo update for gnumeric
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2005-09-05
Gentoo has issued an update for gnumeric. This fixes a vulnerability,
which potentially can be exploited by malicious people to compromise a
vulnerable system.
Full Advisory:
http://secunia.com/advisories/16694/
--
[SA16690] Debian update for zsync
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2005-09-02
Debian has issued an update for zsync. This fixes some vulnerabilities,
which can be exploited by malicious people to cause a DoS (Denial of
Service) or potentially compromise a user's system.
Full Advisory:
http://secunia.com/advisories/16690/
--
[SA16689] Debian update for affix
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2005-09-02
Debian has issued an update for affix. This fixes a vulnerability,
which can be exploited by malicious people to compromise a vulnerable
system.
Full Advisory:
http://secunia.com/advisories/16689/
--
[SA16681] Debian update for proftpd
Critical: Moderately critical
Where: From remote
Impact: Exposure of sensitive information, DoS, System access
Released: 2005-09-02
Debian has issued an update for proftpd. This fixes two
vulnerabilities, which can be exploited by malicious users to disclose
certain sensitive information, cause a DoS (Denial of Service), or
potentially compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/16681/
--
[SA16679] Debian update for pcre3
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2005-09-02
Debian has issued an update for pcre3. This fixes a vulnerability,
which potentially can be exploited by malicious people to compromise a
vulnerable system.
Full Advisory:
http://secunia.com/advisories/16679/
--
[SA16677] Trustix update for multiple packages
Critical: Moderately critical
Where: From remote
Impact: Privilege escalation, DoS, System access
Released: 2005-09-02
Trustix has issued updates for multiple packages. These fix some
vulnerabilities, which potentially can be exploited by malicious, local
users to perform certain actions on a vulnerable system with escalated
privileges, and by malicious people to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/16677/
--
[SA16674] Squid "sslConnectTimeout()" Denial of Service Vulnerability
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2005-09-02
Alex Masterov has reported a vulnerability in Squid, which potentially
can be exploited by malicious people to cause a DoS (Denial of
Service).
Full Advisory:
http://secunia.com/advisories/16674/
--
[SA16672] zsync Multiple zlib Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2005-09-02
Some vulnerabilities have been reported in zsync, which can be
exploited by malicious people to conduct a DoS (Denial of Service) or
potentially compromise a user's system.
Full Advisory:
http://secunia.com/advisories/16672/
--
[SA16737] Avaya Intuity Audix cpio Directory Traversal Vulnerability
Critical: Less critical
Where: From remote
Impact: System access
Released: 2005-09-07
Avaya has acknowledged a vulnerability in Intuity Audix, which can be
exploited by malicious people to cause files to be unpacked to
arbitrary locations on a user's system.
Full Advisory:
http://secunia.com/advisories/16737/
--
[SA16702] Gentoo update for phpldapadmin
Critical: Less critical
Where: From remote
Impact: Security Bypass
Released: 2005-09-06
Gentoo has issued an update for phpldapadmin. This fixes a security
issue, which can be exploited by malicious people to bypass certain
security restrictions.
Full Advisory:
http://secunia.com/advisories/16702/
--
[SA16701] UnixWare ICMP Message Handling Denial of Service
Critical: Less critical
Where: From remote
Impact: DoS
Released: 2005-09-05
SCO has issued an update for UnixWare. This fixes some vulnerabilities,
which can be exploited by malicious people to cause a DoS (Denial of
Service) on an active TCP session.
Full Advisory:
http://secunia.com/advisories/16701/
--
[SA16686] OpenSSH Two Security Issues
Critical: Less critical
Where: From remote
Impact: Security Bypass, Privilege escalation
Released: 2005-09-02
Two security issues have been reported in OpenSSH, which can be
exploited malicious users to gain escalated privileges or bypass
certain security restrictions.
Full Advisory:
http://secunia.com/advisories/16686/
--
[SA16676] Trustix update for cups
Critical: Less critical
Where: From remote
Impact: DoS
Released: 2005-09-02
Trustix has issued an update for cups. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service) on a vulnerable system.
Full Advisory:
http://secunia.com/advisories/16676/
--
[SA16730] DCC dccifd Proxy Mode Denial of Service
Critical: Less critical
Where: From local network
Impact: DoS
Released: 2005-09-07
Martin Pala has reported a vulnerability in DCC, which potentially can
be exploited by malicious people to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/16730/
--
[SA16736] Mandriva update for smb4k
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2005-09-07
Mandriva has issued an update for smb4k. This fixes a vulnerability,
which can be exploited by malicious, local users to perform certain
actions on a vulnerable system with escalated privileges.
Full Advisory:
http://secunia.com/advisories/16736/
--
[SA16724] Smb4k Insecure Temporary File Handling Vulnerability
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2005-09-07
A vulnerability has been reported in Smb4K, which can be exploited by
malicious, local users to perform certain actions on a vulnerable
system with escalated privileges.
Full Advisory:
http://secunia.com/advisories/16724/
--
[SA16720] Ubuntu update for kdebase-bin
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2005-09-07
Ubuntu has issued an update for kdebase-bin. This fixes a
vulnerability, which potentially can be exploited by malicious, local
users to gain escalated privileges.
Full Advisory:
http://secunia.com/advisories/16720/
--
[SA16716] Mandriva update for kdeedu
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2005-09-07
Mandriva has issued an update for kdeedu. This fixes a vulnerability,
which can be exploited by malicious, local users to perform certain
actions with escalated privileges on a vulnerable system.
Full Advisory:
http://secunia.com/advisories/16716/
--
[SA16715] Mandriva update for kdebase
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2005-09-07
Mandriva has issued an update for kdebase. This fixes a vulnerability,
which potentially can be exploited by malicious, local users to gain
escalated privileges.
Full Advisory:
http://secunia.com/advisories/16715/
--
[SA16703] Fedora update for perl-DBI
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2005-09-06
Fedora has issued an update for perl-DBI. This fixes a vulnerability,
which can be exploited by malicious, local users to perform certain
actions on a vulnerable system with escalated privileges.
Full Advisory:
http://secunia.com/advisories/16703/
--
[SA16695] Gentoo update for net-snmp
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2005-09-06
Gentoo has issued an update for net-snmp. This fixes a vulnerability,
which can be exploited by malicious, local users to gain escalated
privileges.
Full Advisory:
http://secunia.com/advisories/16695/
--
[SA16692] KDE kcheckpass Insecure Lock File Creation Vulnerability
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2005-09-05
Ilja van Sprundel has reported a vulnerability in kcheckpass, which
potentially can be exploited by malicious, local users to gain
escalated privileges.
Full Advisory:
http://secunia.com/advisories/16692/
--
[SA16725] Debian udpate for cvs
Critical: Not critical
Where: Local system
Impact: Privilege escalation
Released: 2005-09-07
Debian has issued an update for cvs. This fixes a security issue, which
potentially can be exploited by malicious, local users to perform
certain actions on a vulnerable system with escalated privileges.
Full Advisory:
http://secunia.com/advisories/16725/
--
[SA16706] Red Hat update for cvs
Critical: Not critical
Where: Local system
Impact: Privilege escalation
Released: 2005-09-06
Red Hat has issued an update for cvs. This fixes a security issue,
which potentially can be exploited by malicious, local users to perform
certain actions on a vulnerable system with escalated privileges.
Full Advisory:
http://secunia.com/advisories/16706/
--
[SA16687] Debian update for ntp
Critical: Not critical
Where: Local system
Impact: Privilege escalation
Released: 2005-09-05
Debian has issued an update for ntp. This fixes a security issue, which
can cause ntpd to run with incorrect group permissions.
Full Advisory:
http://secunia.com/advisories/16687/
--
[SA16680] URBAN Symlink and Multiple Local Buffer Overflow
Vulnerabilities
Critical: Not critical
Where: Local system
Impact: Privilege escalation
Released: 2005-09-05
shaun has reported some vulnerabilities in URBAN, which can be
exploited by malicious, local users to gain escalated privileges.
Full Advisory:
http://secunia.com/advisories/16680/
--
[SA16673] Debian update for polygen
Critical: Not critical
Where: Local system
Impact: Manipulation of data
Released: 2005-09-02
Debian has issued an update for polygen. This fixes a weakness, which
can be exploited by malicious, local users to manipulate the contents
of certain files.
Full Advisory:
http://secunia.com/advisories/16673/
--
[SA16671] Polygen Output Files Insecure Permissions Weakness
Critical: Not critical
Where: Local system
Impact: Manipulation of data
Released: 2005-09-02
Justin B Rye has reported a weakness in polygen, which can be exploited
by malicious, local users to manipulate certain information.
Full Advisory:
http://secunia.com/advisories/16671/
Other:--
[SA16683] Barracuda Spam Firewall Multiple Vulnerabilities
Critical: Moderately critical
Where: From local network
Impact: Manipulation of data, Exposure of system information,
Exposure of sensitive information, System access
Released: 2005-09-02
Francois Harvey has reported some vulnerabilities in Barracuda Spam
Firewall, which can be exploited by malicious users to disclose and
manipulate sensitive information and by malicious people to compromise
a vulnerable system.
Full Advisory:
http://secunia.com/advisories/16683/
Cross Platform:--
[SA16707] GuppY Multiple Vulnerabilities
Critical: Highly critical
Where: From remote
Impact: Cross Site Scripting, System access
Released: 2005-09-06
Romano_45 has reported some vulnerabilities in GuppY, which can be
exploited by malicious people to conduct cross-site scripting and
script insertion attacks, and compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/16707/
--
[SA16693] MAXdev MD-Pro Multiple Vulnerabilities
Critical: Highly critical
Where: From remote
Impact: Unknown, System access
Released: 2005-09-05
Some vulnerabilities have been reported in MAXdev MD-Pro, where some
have unknown impacts and others can be exploited by malicious people to
compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/16693/
--
[SA16682] WebGUI Perl Code Execution Vulnerabilities
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2005-09-02
Some vulnerabilities have been reported in WebGUI, which can be
exploited by malicious people to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/16682/
--
[SA16733] Symantec Brightmail AntiSpam Denial of Service
Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2005-09-07
Two vulnerabilities have been reported in Brightmail, which potentially
can be exploited by malicious people to cause a DoS (Denial of
Service).
Full Advisory:
http://secunia.com/advisories/16733/
--
[SA16731] MAXdev MD-Pro Cross-Site Scripting and File Upload
Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting, Exposure of system information,
System access
Released: 2005-09-07
rgod has discovered some vulnerabilities in MAXdev MD-Pro, which can be
exploited by malicious people to conduct cross-site scripting and script
insertion attacks and potentially compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/16731/
--
[SA16726] Unclassified NewsBoard "Description" Script Insertion
Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting
Released: 2005-09-07
rgod has discovered a vulnerability in Unclassified NewsBoard, which
can be exploited by malicious people to conduct script insertion
attacks.
Full Advisory:
http://secunia.com/advisories/16726/
--
[SA16721] phpCommunityCalendar Multiple Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Security Bypass, Cross Site Scripting, Manipulation of
data
Released: 2005-09-07
rgod has discovered some vulnerabilities in phpCommunityCalendar, which
can be exploited by malicious people to conduct cross-site scripting,
script insertion and SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/16721/
--
[SA16710] Land Down Under "neventtext" Script Insertion Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting
Released: 2005-09-07
conor.e.buckley has discovered a vulnerability in Land Down Under,
which can be exploited by malicious people to conduct script insertion
attacks.
Full Advisory:
http://secunia.com/advisories/16710/
--
[SA16699] myBloggie "username" SQL Injection Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Security Bypass, Manipulation of data
Released: 2005-09-05
OS2A has reported a vulnerability in myBloggie, which can be exploited
by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/16699/
--
[SA16669] Nikto "Server" Header Script Insertion Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting
Released: 2005-09-02
Mariano Nunez Di Croce has reported a vulnerability in Nikto, which can
be exploited by malicious people to conduct script insertion attacks.
Full Advisory:
http://secunia.com/advisories/16669/
--
[SA16667] Phorum "Username" Script Insertion Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting
Released: 2005-09-02
Scott Dewey has reported a vulnerability in Phorum, which can be
exploited by malicious people to conduct script insertion attacks.
Full Advisory:
http://secunia.com/advisories/16667/
--
[SA16734] Open WebMail "sessionid" Cross-Site Scripting Vulnerability
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2005-09-07
s3cure has reported a vulnerability in Open WebMail, which can be
exploited by malicious people to conduct cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/16734/
--
[SA16668] gBook Unspecified Cross-Site Scripting Vulnerabilities
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2005-09-02
Some vulnerabilities have been reported in gBook, which can be
exploited by malicious people to conduct cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/16668/
--
[SA16688] Apache PCRE Integer Overflow Vulnerability
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2005-09-05
A vulnerability has been reported in Apache, which can be exploited by
malicious, local users to gain escalated privileges via a specially
crafted ".htaccess" file.
Full Advisory:
http://secunia.com/advisories/16688/
========================================================================
Secunia recommends that you verify all advisories you receive,
by clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only use
those supplied by the vendor.
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Subscribe:
http://secunia.com/secunia_weekly_summary/
Contact details:
Web : http://secunia.com/
E-mail : support at secunia.com
Tel : +45 70 20 51 44
Fax : +45 70 20 51 45
More information about the ISN
mailing list