|
Secunia Weekly Summary - Issue: 2004-41
- From: Educational CyberPlayGround <admin@xxxxxxxxxxxxxxx>
- To: NetworkNewsletters@xxxxxxxxxxxxx
- Date: Tue, 12 Oct 2004 12:32:26 -0400
*************************************************************
Educational CyberPlayGround http://www.edu-cyberpg.com/
Network Newsletters Mailing List
**************************************************************
Network Newsletters Mailing List Service
<http://www.edu-cyberpg.com/Community/Subguidelines.html>
Subscribe | Unsubscribe | Change Email Preferences -
<http://www.edu-cyberpg.com/Community/K12Newsletters.html>
**************************************************************
>
>========================================================================
>
> The Secunia Weekly Advisory Summary
> 2004-09-30 - 2004-10-07
>
> This week : 60 advisories
>
>========================================================================
>Table of Contents:
>
>1.....................................................Word From Secunia
>2....................................................This Week In Brief
>3...............................This Weeks Top Ten Most Read Advisories
>4.......................................Vulnerabilities Summary Listing
>5.......................................Vulnerabilities Content Listing
>
>========================================================================
>1) Word From Secunia:
>
>Secunia has implemented new features at Secunia.com
>
>
>SECUNIA ADVISORIES NOW INCLUDE "Solution Status":
>In addition to the extensive information Secunia advisories already
>include, Secunia has added a new parameter: "Solution Status". This
>simply means that all Secunia advisories, including older advisories,
>now include the current "Solution Status" of a advisory, i.e. if the
>vendor has released a patch or not.
>
>
>IMPROVED PRODUCT PAGES:
>The improved product pages now include a detailed listing of all
>Secunia advisories affecting each product. The listings include a clear
>indication of the "Solution Status" each advisory has ("Unpatched",
>"Vendor patch", "Vendor workaround", or "Partial fix"). View the
>following for examples:
>
>Opera 7:
>http://secunia.com/product/761/
>
>Internet Explorer 6:
>http://secunia.com/product/11/
>
>Mozilla Firefox:
>http://secunia.com/product/3256/
>
>
>EXTRA STATISTICS:
>Each product page also includes a new pie graph, displaying the
>"Solution Status" for all Secunia advisories affecting each product in
>a given period. View the following for an example:
>
>Internet Explorer 6:
>http://secunia.com/product/11/#statistics_solution
>
>
>FEEDBACK SYSTEM:
>To make it easier to provide feedback to the Secunia staff, we have
>made an online feedback form. Enter your inquiry and it will
>immediately be sent to the appropriate Secunia department.
>
>Ideas, suggestions, and other feedback is most welcome
>
>Secunia Feedback Form:
>http://secunia.com/contact_form/
>
>
>========================================================================
>2) This Week in Brief:
>
>
>ADVISORIES:
>
>Apple has issued a security update for Mac OS X, which fixes several
>vulnerabilities in various software included in Mac OS X.
>
>Additional details about the affected software and patch instructions
>can be found in the Secunia advisory below.
>
>Reference:
>http://secunia.com/SA12690
>
>--
>
>Mozilla Foundation has fixed a moderately critical vulnerability in
>Mozilla Firefox, which can be exploited by malicious people to delete
>files on a vulnerable system.
>
>Successful exploitation will result in recursive deletion of all
>files in the user's download directory.
>
>Reference:
>http://secunia.com/SA12708
>
>
>VIRUS ALERTS:
>
>Secunia has not issued any virus alerts during the last week.
>
>
>========================================================================
>3) This Weeks Top Ten Most Read Advisories:
>
>1. [SA12304] Internet Explorer Address Bar Spoofing Vulnerability
>2. [SA12321] Microsoft Internet Explorer Drag and Drop Vulnerability
>3. [SA12708] Mozilla Firefox Download Directory File Deletion
> Vulnerability
>4. [SA12526] Mozilla Multiple Vulnerabilities
>5. [SA12580] Mozilla / Mozilla Firefox Cross-Domain Cookie Injection
> Vulnerability
>6. [SA12635] Symantec Firewall/VPN Products Multiple Vulnerabilities
>7. [SA12672] RealOne Player / RealPlayer / Helix Player Multiple
> Vulnerabilities
>8. [SA11978] Multiple Browsers Frame Injection Vulnerability
>9. [SA12680] Microsoft SQL Server Denial of Service Vulnerability
>10. [SA12403] Mozilla / Mozilla Firefox Apple Java Plugin Tab Spoofing
> Vulnerability
>
>========================================================================
>4) Vulnerabilities Summary Listing
>
>Windows:
>[SA12755] TriDComm FTP Server Directory Traversal Vulnerability
>[SA12753] AtHoc Toolbar Unspecified Vulnerabilities
>[SA12710] Judge Dredd Client Message Handling Format String
>Vulnerability
>[SA12702] Kerio MailServer Unspecified Security Issue
>[SA12689] MyWebServer Multiple Connection Denial of Service
>Vulnerability
>[SA12719] NetworkActiv Web Server Denial of Service Vulnerability
>[SA12734] Symantec Norton AntiVirus MS-DOS Device Name Handling
>Weakness
>
>UNIX/Linux:
>[SA12750] Mandrake update for xine-lib
>[SA12747] SuSE update for mozilla
>[SA12745] HP VirtualVault / Webproxy mod_ssl Format String
>Vulnerability
>[SA12742] Mozilla Application Suite for Tru64 UNIX Multiple
>Vulnerabilities
>[SA12741] Gentoo update for netkit-telnetd
>[SA12727] Red Hat update for XFree86
>[SA12698] Red Hat update for mozilla
>[SA12694] AIX Network Authentication Service Multiple Vulnerabilities
>[SA12690] Mac OS X Security Update Fixes Multiple Vulnerabilities
>[SA12739] Gentoo update for PHP
>[SA12725] Red Hat update for kdelibs/kdebase
>[SA12699] Red Hat update for squid
>[SA12743] Debian update for libapache-mod-dav
>[SA12700] Red Hat update for spamassassin
>[SA12688] Gentoo update for subversion
>[SA12754] Fedora update for squid
>[SA12748] Debian update for samba
>[SA12735] SuSE update for samba
>[SA12726] Red Hat update for samba
>[SA12718] Mandrake update for samba
>[SA12711] distcc IP-based Access Control Rules Security Bypass
>[SA12707] Trustix update for samba
>[SA12696] Samba Arbitrary File Access Vulnerability
>[SA12746] Debian update for net-acct
>[SA12744] Sun Solaris update for gzip
>[SA12737] Fedora update for cups
>[SA12736] CUPS Logfile User Credentials Disclosure
>[SA12724] Slackware update for getmail
>[SA12723] Gentoo update for netpbm
>[SA12722] FreeBSD syscons Kernel Memory Disclosure Vulnerability
>[SA12705] Debian freenet6 Insecure Configuration File Permissions
>[SA12701] Red Hat update for ruby
>[SA12697] Trustix Linux Multiple Packages Insecure Temporary File
>Handling
>[SA12716] spider "read_file()" Potential Privilege Escalation
>Vulnerability
>
>Other:
>
>
>Cross Platform:
>[SA12738] PHPLinks SQL Injection and Arbitrary Local File Inclusion
>Vulnerabilities
>[SA12732] AWS MySQLguest Script Insertion Vulnerability
>[SA12730] BugPort Unspecified Attachment Handling Vulnerability
>[SA12721] Real Estate Management Software Unspecified Vulnerabilities
>[SA12720] Online Recruitment Agency Unspecified Vulnerabilities
>[SA12709] yappa-ng Unspecified "Show Random Image" Vulnerability
>[SA12708] Mozilla Firefox Download Directory File Deletion
>Vulnerability
>[SA12704] Silent Storm Portal Cross-Site Scripting and Security Bypass
>Vulnerabilities
>[SA12703] IBM Trading Partner Interchange Arbitrary File Access
>Vulnerability
>[SA12695] w-Agora Multiple Vulnerabilities
>[SA12691] bBlog "p" SQL Injection Vulnerability
>[SA12733] DB2 Universal Database Multiple Vulnerabilities
>[SA12740] Invision Power Board Referer Header Cross-Site Scripting
>Vulnerability
>[SA12729] My Blog Unspecified Cross-Site Scripting Vulnerabilities
>[SA12728] Online-Bookmarks Security Bypass Vulnerability
>[SA12715] Xerces-C++ XML Parser Denial of Service Vulnerability
>[SA12693] Macromedia ColdFusion MX Security Bypass Vulnerability
>[SA12692] MediaWiki "raw" Page Output Mode Cross-Site Scripting
>Vulnerability
>[SA12756] MaxDB Web Agent "Server" Field Denial of Service
>Vulnerability
>
>========================================================================
>5) Vulnerabilities Content Listing
>
>Windows:--
>
>[SA12755] TriDComm FTP Server Directory Traversal Vulnerability
>
>Critical: Highly critical
>Where: From remote
>Impact: Security Bypass, System access
>Released: 2004-10-07
>
>Luigi Auriemma has reported a vulnerability in TriDComm, which can be
>exploited by malicious users to access arbitrary files on a vulnerable
>system.
>
>Full Advisory:
>http://secunia.com/advisories/12755/
>
> --
>
>[SA12753] AtHoc Toolbar Unspecified Vulnerabilities
>
>Critical: Highly critical
>Where: From remote
>Impact: System access
>Released: 2004-10-07
>
>NGSSoftware has reported two vulnerabilities in AtHoc Toolbar, which
>potentially can be exploited by malicious people to compromise a user's
>system.
>
>Full Advisory:
>http://secunia.com/advisories/12753/
>
> --
>
>[SA12710] Judge Dredd Client Message Handling Format String
>Vulnerability
>
>Critical: Highly critical
>Where: From remote
>Impact: DoS, System access
>Released: 2004-10-04
>
>Luigi Auriemma has reported a vulnerability in Judge Dredd: Dredd vs.
>Death, which potentially can be exploited by malicious people to
>compromise a vulnerable system.
>
>Full Advisory:
>http://secunia.com/advisories/12710/
>
> --
>
>[SA12702] Kerio MailServer Unspecified Security Issue
>
>Critical: Moderately critical
>Where: From remote
>Impact: Unknown
>Released: 2004-10-01
>
>An unspecified security issue with an unknown impact has been reported
>in Kerio MailServer.
>
>Full Advisory:
>http://secunia.com/advisories/12702/
>
> --
>
>[SA12689] MyWebServer Multiple Connection Denial of Service
>Vulnerability
>
>Critical: Moderately critical
>Where: From remote
>Impact: DoS
>Released: 2004-09-30
>
>The unl0ck team has discovered a vulnerability in MyWebServer, which
>can be exploited by malicious people to cause a DoS (Denial of
>Service).
>
>Full Advisory:
>http://secunia.com/advisories/12689/
>
> --
>
>[SA12719] NetworkActiv Web Server Denial of Service Vulnerability
>
>Critical: Less critical
>Where: From remote
>Impact: DoS
>Released: 2004-10-05
>
>Ziv Kamir has reported a vulnerability in NetworkActiv Web Server,
>which can be exploited by malicious people to cause a DoS (Denial of
>Service).
>
>Full Advisory:
>http://secunia.com/advisories/12719/
>
> --
>
>[SA12734] Symantec Norton AntiVirus MS-DOS Device Name Handling
>Weakness
>
>Critical: Not critical
>Where: Local system
>Impact: Security Bypass
>Released: 2004-10-06
>
>Kurt Seifried has reported a weakness in Symantec Norton AntiVirus,
>which can be exploited by malware to bypass certain scanning
>functionality.
>
>Full Advisory:
>http://secunia.com/advisories/12734/
>
>
>UNIX/Linux:--
>
>[SA12750] Mandrake update for xine-lib
>
>Critical: Highly critical
>Where: From remote
>Impact: System access
>Released: 2004-10-07
>
>MandrakeSoft has issued an update for xine-lib. This fixes multiple
>vulnerabilities, which can be exploited by malicious people to
>compromise a user's system.
>
>Full Advisory:
>http://secunia.com/advisories/12750/
>
> --
>
>[SA12747] SuSE update for mozilla
>
>Critical: Highly critical
>Where: From remote
>Impact: Cross Site Scripting, Spoofing, Manipulation of data,
>Exposure of sensitive information, DoS, System access
>Released: 2004-10-07
>
>SuSE has issued an update for mozilla. This fixes multiple
>vulnerabilities, which can be exploited to cause a DoS (Denial of
>Service), spoof content of websites, conduct cross-site scripting
>attacks, access and modify sensitive information, or compromise a
>vulnerable system.
>
>Full Advisory:
>http://secunia.com/advisories/12747/
>
> --
>
>[SA12745] HP VirtualVault / Webproxy mod_ssl Format String
>Vulnerability
>
>Critical: Highly critical
>Where: From remote
>Impact: System access
>Released: 2004-10-06
>
>HP has confirmed a vulnerability in Apache affecting HP VirtualVault
>and HP Webproxy, which potentially can be exploited by malicious people
>to compromise a vulnerable system.
>
>Full Advisory:
>http://secunia.com/advisories/12745/
>
> --
>
>[SA12742] Mozilla Application Suite for Tru64 UNIX Multiple
>Vulnerabilities
>
>Critical: Highly critical
>Where: From remote
>Impact: Cross Site Scripting, Manipulation of data, Exposure of
>sensitive information, System access
>Released: 2004-10-06
>
>HP has confirmed some vulnerabilities in the Mozilla Application Suite
>for Tru64 UNIX, which can be exploited to conduct cross-site scripting
>attacks, access and modify sensitive information, and compromise a
>user's system.
>
>Full Advisory:
>http://secunia.com/advisories/12742/
>
> --
>
>[SA12741] Gentoo update for netkit-telnetd
>
>Critical: Highly critical
>Where: From remote
>Impact: DoS, System access
>Released: 2004-10-06
>
>Gentoo has issued an update for netkit-telnetd. This fixes a
>vulnerability, which can be exploited by malicious people to cause a
>DoS (Denial of Service) and potentially compromise a vulnerable
>system.
>
>Full Advisory:
>http://secunia.com/advisories/12741/
>
> --
>
>[SA12727] Red Hat update for XFree86
>
>Critical: Highly critical
>Where: From remote
>Impact: Security Bypass, System access
>Released: 2004-10-05
>
>Red Hat has issued an update for XFree86. This fixes multiple
>vulnerabilities, which potentially can be exploited by malicious people
>to compromise a vulnerable system.
>
>Full Advisory:
>http://secunia.com/advisories/12727/
>
> --
>
>[SA12698] Red Hat update for mozilla
>
>Critical: Highly critical
>Where: From remote
>Impact: Cross Site Scripting, Manipulation of data, Exposure of
>sensitive information, System access
>Released: 2004-10-01
>
>Red Hat has issued an update for mozilla. This fixes multiple
>vulnerabilities, which can be exploited to conduct cross-site scripting
>attacks, access and modify sensitive information, and compromise a
>user's system.
>
>Full Advisory:
>http://secunia.com/advisories/12698/
>
> --
>
>[SA12694] AIX Network Authentication Service Multiple Vulnerabilities
>
>Critical: Highly critical
>Where: From remote
>Impact: DoS, System access
>Released: 2004-10-01
>
>IBM has acknowledged some vulnerabilities in IBM Network Authentication
>Service for AIX, which can be exploited by malicious people to cause a
>DoS (Denial of Service) or compromise a vulnerable system.
>
>Full Advisory:
>http://secunia.com/advisories/12694/
>
> --
>
>[SA12690] Mac OS X Security Update Fixes Multiple Vulnerabilities
>
>Critical: Highly critical
>Where: From remote
>Impact: Security Bypass, Exposure of system information, Exposure
>of sensitive information, DoS, System access
>Released: 2004-10-05
>
>Apple has issued a security update for Mac OS X, which fixes various
>vulnerabilities.
>
>Full Advisory:
>http://secunia.com/advisories/12690/
>
> --
>
>[SA12739] Gentoo update for PHP
>
>Critical: Moderately critical
>Where: From remote
>Impact: Exposure of sensitive information, System access
>Released: 2004-10-06
>
>Gentoo has issued an update for PHP. This fixes two vulnerabilities,
>which can be exploited by malicious people to disclose sensitive
>information or potentially upload files to arbitrary locations.
>
>Full Advisory:
>http://secunia.com/advisories/12739/
>
> --
>
>[SA12725] Red Hat update for kdelibs/kdebase
>
>Critical: Moderately critical
>Where: From remote
>Impact: Hijacking, Spoofing, Privilege escalation
>Released: 2004-10-05
>
>Red Hat has issued updates for kdelibs and kdebase. These fix multiple
>vulnerabilities, which can be exploited to perform certain actions on a
>vulnerable system with escalated privileges, spoof the content of
>websites, or hijack sessions.
>
>Full Advisory:
>http://secunia.com/advisories/12725/
>
> --
>
>[SA12699] Red Hat update for squid
>
>Critical: Moderately critical
>Where: From remote
>Impact: DoS
>Released: 2004-10-01
>
>Red Hat has issued an update for squid. This fixes a vulnerability,
>which can be exploited by malicious people to cause a DoS (Denial of
>Service).
>
>Full Advisory:
>http://secunia.com/advisories/12699/
>
> --
>
>[SA12743] Debian update for libapache-mod-dav
>
>Critical: Less critical
>Where: From remote
>Impact: DoS
>Released: 2004-10-06
>
>Debian has issued an update for libapache-mod-dav. This fixes a
>vulnerability, which can be exploited by malicious people to cause a
>DoS (Denial of Service).
>
>Full Advisory:
>http://secunia.com/advisories/12743/
>
> --
>
>[SA12700] Red Hat update for spamassassin
>
>Critical: Less critical
>Where: From remote
>Impact: DoS
>Released: 2004-10-01
>
>Red Hat has issued an update for spamassassin. This fixes a
>vulnerability, which can be exploited by malicious people to cause a
>DoS (Denial of Service).
>
>Full Advisory:
>http://secunia.com/advisories/12700/
>
> --
>
>[SA12688] Gentoo update for subversion
>
>Critical: Less critical
>Where: From remote
>Impact: Exposure of system information, Exposure of sensitive
>information
>Released: 2004-09-30
>
>Gentoo has issued an update for subversion. This fixes a security
>issue, which can be exploited by malicious people to disclose
>potentially sensitive information.
>
>Full Advisory:
>http://secunia.com/advisories/12688/
>
> --
>
>[SA12754] Fedora update for squid
>
>Critical: Less critical
>Where: From local network
>Impact: DoS
>Released: 2004-10-07
>
>Fedora has issued an update for squid. This fixes a vulnerability,
>which can be exploited by malicious people to cause a DoS (Denial of
>Service).
>
>Full Advisory:
>http://secunia.com/advisories/12754/
>
> --
>
>[SA12748] Debian update for samba
>
>Critical: Less critical
>Where: From local network
>Impact: Security Bypass
>Released: 2004-10-07
>
>Debian has issued an update for samba. This fixes a vulnerability,
>which can be exploited by malicious users to access arbitrary files and
>directories.
>
>Full Advisory:
>http://secunia.com/advisories/12748/
>
> --
>
>[SA12735] SuSE update for samba
>
>Critical: Less critical
>Where: From local network
>Impact: Security Bypass
>Released: 2004-10-05
>
>SuSE has issued an update for samba. This fixes a vulnerability, which
>can be exploited by malicious users to access arbitrary files and
>directories.
>
>Full Advisory:
>http://secunia.com/advisories/12735/
>
> --
>
>[SA12726] Red Hat update for samba
>
>Critical: Less critical
>Where: From local network
>Impact: Security Bypass
>Released: 2004-10-05
>
>Red Hat has issued an update for samba. This fixes a vulnerability,
>which can be exploited by malicious users to access arbitrary files and
>directories.
>
>Full Advisory:
>http://secunia.com/advisories/12726/
>
> --
>
>[SA12718] Mandrake update for samba
>
>Critical: Less critical
>Where: From local network
>Impact: Security Bypass
>Released: 2004-10-04
>
>MandrakeSoft has issued an update for samba. This fixes a
>vulnerability, which can be exploited by malicious users to access
>arbitrary files and directories.
>
>Full Advisory:
>http://secunia.com/advisories/12718/
>
> --
>
>[SA12711] distcc IP-based Access Control Rules Security Bypass
>
>Critical: Less critical
>Where: From local network
>Impact: Security Bypass
>Released: 2004-10-04
>
>A vulnerability has been reported in distcc, which potentially can be
>exploited by malicious people to bypass certain security restrictions.
>
>Full Advisory:
>http://secunia.com/advisories/12711/
>
> --
>
>[SA12707] Trustix update for samba
>
>Critical: Less critical
>Where: From local network
>Impact: Security Bypass
>Released: 2004-10-01
>
>Trustix has issued an update for samba. This fixes a vulnerability,
>which can be exploited by malicious users to access arbitrary files and
>directories.
>
>Full Advisory:
>http://secunia.com/advisories/12707/
>
> --
>
>[SA12696] Samba Arbitrary File Access Vulnerability
>
>Critical: Less critical
>Where: From local network
>Impact: Security Bypass
>Released: 2004-10-01
>
>Karol Wiesek has reported a vulnerability in Samba, which can be
>exploited by malicious users to access arbitrary files and
>directories.
>
>Full Advisory:
>http://secunia.com/advisories/12696/
>
> --
>
>[SA12746] Debian update for net-acct
>
>Critical: Less critical
>Where: Local system
>Impact: Privilege escalation
>Released: 2004-10-06
>
>Debian has issued an update for net-acct. This fixes a vulnerability,
>which can be exploited by malicious, local users to perform certain
>actions on a vulnerable system with escalated privileges.
>
>Full Advisory:
>http://secunia.com/advisories/12746/
>
> --
>
>[SA12744] Sun Solaris update for gzip
>
>Critical: Less critical
>Where: Local system
>Impact: Manipulation of data, Exposure of sensitive information
>Released: 2004-10-06
>
>Sun has issued an updated for gzip. This fixes a vulnerability, which
>can be exploited by malicious, local users to access sensitive
>information.
>
>Full Advisory:
>http://secunia.com/advisories/12744/
>
> --
>
>[SA12737] Fedora update for cups
>
>Critical: Less critical
>Where: Local system
>Impact: Exposure of sensitive information
>Released: 2004-10-06
>
>Fedora has issued an update for cups. This fixes a vulnerability, which
>can be exploited by malicious, local users to gain knowledge of
>sensitive information.
>
>Full Advisory:
>http://secunia.com/advisories/12737/
>
> --
>
>[SA12736] CUPS Logfile User Credentials Disclosure
>
>Critical: Less critical
>Where: Local system
>Impact: Exposure of sensitive information
>Released: 2004-10-06
>
>Gary Smith has reported a vulnerability in CUPS, which can be exploited
>by malicious, local users to gain knowledge of sensitive information.
>
>Full Advisory:
>http://secunia.com/advisories/12736/
>
> --
>
>[SA12724] Slackware update for getmail
>
>Critical: Less critical
>Where: Local system
>Impact: Privilege escalation
>Released: 2004-10-05
>
>Slackware has issued an update for getmail. This fixes a vulnerability,
>which can be exploited by malicious, local users to gain escalated
>privileges.
>
>Full Advisory:
>http://secunia.com/advisories/12724/
>
> --
>
>[SA12723] Gentoo update for netpbm
>
>Critical: Less critical
>Where: Local system
>Impact: Privilege escalation
>Released: 2004-10-05
>
>Gentoo has issued an update for netpbm. This fixes a vulnerability,
>which can be exploited by malicious, local users to escalate their
>privileges on a vulnerable system.
>
>Full Advisory:
>http://secunia.com/advisories/12723/
>
> --
>
>[SA12722] FreeBSD syscons Kernel Memory Disclosure Vulnerability
>
>Critical: Less critical
>Where: Local system
>Impact: Exposure of system information, Exposure of sensitive
>information
>Released: 2004-10-05
>
>Christer Oberg has reported a vulnerability in FreeBSD, which can be
>exploited by malicious, local users to gain knowledge of sensitive
>information.
>
>Full Advisory:
>http://secunia.com/advisories/12722/
>
> --
>
>[SA12705] Debian freenet6 Insecure Configuration File Permissions
>
>Critical: Less critical
>Where: Local system
>Impact: Exposure of sensitive information
>Released: 2004-10-01
>
>Debian has issued an update for freenet6. This fixes a security issue,
>which can be exploited by malicious, local users to access sensitive
>information.
>
>Full Advisory:
>http://secunia.com/advisories/12705/
>
> --
>
>[SA12701] Red Hat update for ruby
>
>Critical: Less critical
>Where: Local system
>Impact: Exposure of sensitive information
>Released: 2004-10-01
>
>Red Hat has issued an update for ruby. This fixes a vulnerability,
>which potentially can be exploited by malicious, local users to gain
>knowledge of sensitive information.
>
>Full Advisory:
>http://secunia.com/advisories/12701/
>
> --
>
>[SA12697] Trustix Linux Multiple Packages Insecure Temporary File
>Handling
>
>Critical: Less critical
>Where: Local system
>Impact: Privilege escalation
>Released: 2004-10-01
>
>Trustix has issued updates for multiple packages. These fix some
>vulnerabilities, which can be exploited by malicious, local users to
>perform certain actions on a vulnerable system with escalated
>privileges.
>
>Full Advisory:
>http://secunia.com/advisories/12697/
>
> --
>
>[SA12716] spider "read_file()" Potential Privilege Escalation
>Vulnerability
>
>Critical: Not critical
>Where: Local system
>Impact: Privilege escalation
>Released: 2004-10-04
>
>Emuadmin Security Team has reported a vulnerability in spider, which
>potentially can be exploited by malicious, local users to gain
>escalated privileges.
>
>Full Advisory:
>http://secunia.com/advisories/12716/
>
>
>Other:
>
>
>Cross Platform:--
>
>[SA12738] PHPLinks SQL Injection and Arbitrary Local File Inclusion
>Vulnerabilities
>
>Critical: Moderately critical
>Where: From remote
>Impact: Manipulation of data, Exposure of system information,
>Exposure of sensitive information
>Released: 2004-10-06
>
>LSS Security Team has discovered two vulnerabilities in PHPLinks, which
>can be exploited by malicious people to conduct SQL injection attacks
>and execute arbitrary local PHP scripts.
>
>Full Advisory:
>http://secunia.com/advisories/12738/
>
> --
>
>[SA12732] AWS MySQLguest Script Insertion Vulnerability
>
>Critical: Moderately critical
>Where: From remote
>Impact: Cross Site Scripting
>Released: 2004-10-05
>
>BliZZard has reported a vulnerability in AWS MySQLguest, which can be
>exploited by malicious people to conduct script insertion attacks.
>
>Full Advisory:
>http://secunia.com/advisories/12732/
>
> --
>
>[SA12730] BugPort Unspecified Attachment Handling Vulnerability
>
>Critical: Moderately critical
>Where: From remote
>Impact: Unknown
>Released: 2004-10-05
>
>Eduardo Correia has reported a vulnerability with an unknown impact in
>BugPort.
>
>Full Advisory:
>http://secunia.com/advisories/12730/
>
> --
>
>[SA12721] Real Estate Management Software Unspecified Vulnerabilities
>
>Critical: Moderately critical
>Where: From remote
>Impact: Unknown
>Released: 2004-10-05
>
>Some unspecified vulnerabilities with unknown impacts have been
>reported in Real Estate Management Software.
>
>Full Advisory:
>http://secunia.com/advisories/12721/
>
> --
>
>[SA12720] Online Recruitment Agency Unspecified Vulnerabilities
>
>Critical: Moderately critical
>Where: From remote
>Impact: Unknown
>Released: 2004-10-05
>
>Some vulnerabilities with an unknown impact have been reported in
>Online Recruitment Agency.
>
>Full Advisory:
>http://secunia.com/advisories/12720/
>
> --
>
>[SA12709] yappa-ng Unspecified "Show Random Image" Vulnerability
>
>Critical: Moderately critical
>Where: From remote
>Impact: Unknown
>Released: 2004-10-04
>
>Georg Ragaz has reported a vulnerability with an unknown impact in
>yappa-ng.
>
>Full Advisory:
>http://secunia.com/advisories/12709/
>
> --
>
>[SA12708] Mozilla Firefox Download Directory File Deletion
>Vulnerability
>
>Critical: Moderately critical
>Where: From remote
>Impact: Manipulation of data
>Released: 2004-10-04
>
>Alex Vincent has reported a vulnerability in Mozilla Firefox, which can
>be exploited by malicious people to delete files on a user's system.
>
>Full Advisory:
>http://secunia.com/advisories/12708/
>
> --
>
>[SA12704] Silent Storm Portal Cross-Site Scripting and Security Bypass
>Vulnerabilities
>
>Critical: Moderately critical
>Where: From remote
>Impact: Cross Site Scripting, Manipulation of data
>Released: 2004-10-01
>
>R00tCr4ck has reported two vulnerabilities in Silent Storm Portal,
>which can be exploited by malicious people to conduct cross-site
>scripting attacks and bypass certain security restrictions.
>
>Full Advisory:
>http://secunia.com/advisories/12704/
>
> --
>
>[SA12703] IBM Trading Partner Interchange Arbitrary File Access
>Vulnerability
>
>Critical: Moderately critical
>Where: From remote
>Impact: Exposure of system information, Exposure of sensitive
>information
>Released: 2004-10-05
>
>A vulnerability has been reported in Trading Partner Interchange, which
>can be exploited by malicious people to access arbitrary files
>
>Full Advisory:
>http://secunia.com/advisories/12703/
>
> --
>
>[SA12695] w-Agora Multiple Vulnerabilities
>
>Critical: Moderately critical
>Where: From remote
>Impact: Cross Site Scripting, Manipulation of data
>Released: 2004-10-01
>
>Positive Technologies has reported some vulnerabilities in w-Agora,
>which can be exploited by malicious people to conduct SQL injection and
>cross-site scripting attacks.
>
>Full Advisory:
>http://secunia.com/advisories/12695/
>
> --
>
>[SA12691] bBlog "p" SQL Injection Vulnerability
>
>Critical: Moderately critical
>Where: From remote
>Impact: Manipulation of data
>Released: 2004-10-01
>
>James McGlinn has reported a vulnerability in bBlog, which can be
>exploited by malicious people to conduct SQL injection attacks.
>
>Full Advisory:
>http://secunia.com/advisories/12691/
>
> --
>
>[SA12733] DB2 Universal Database Multiple Vulnerabilities
>
>Critical: Moderately critical
>Where: From local network
>Impact: Unknown, Security Bypass, DoS, System access
>Released: 2004-10-06
>
>Multiple vulnerabilities have been reported in DB2 Universal Database,
>where some of the vulnerabilities can be exploited to compromise a
>vulnerable system.
>
>Full Advisory:
>http://secunia.com/advisories/12733/
>
> --
>
>[SA12740] Invision Power Board Referer Header Cross-Site Scripting
>Vulnerability
>
>Critical: Less critical
>Where: From remote
>Impact: Cross Site Scripting
>Released: 2004-10-06
>
>Alexander Antipov has reported a vulnerability in Invision Power Board,
>which can be exploited by malicious people to conduct cross-site
>scripting attacks.
>
>Full Advisory:
>http://secunia.com/advisories/12740/
>
> --
>
>[SA12729] My Blog Unspecified Cross-Site Scripting Vulnerabilities
>
>Critical: Less critical
>Where: From remote
>Impact: Unknown, Cross Site Scripting
>Released: 2004-10-05
>
>Some vulnerabilities have been reported in My Blog, which can be
>exploited by malicious people to conduct cross-site scripting attacks.
>
>Full Advisory:
>http://secunia.com/advisories/12729/
>
> --
>
>[SA12728] Online-Bookmarks Security Bypass Vulnerability
>
>Critical: Less critical
>Where: From remote
>Impact: Security Bypass
>Released: 2004-10-05
>
>A vulnerability has been reported in Online-Bookmarks, which can be
>exploited by malicious people to bypass certain security restrictions.
>
>Full Advisory:
>http://secunia.com/advisories/12728/
>
> --
>
>[SA12715] Xerces-C++ XML Parser Denial of Service Vulnerability
>
>Critical: Less critical
>Where: From remote
>Impact: DoS
>Released: 2004-10-04
>
>Amit Klein has reported a vulnerability in Xerces-C++, which can be
>exploited by malicious people to cause a DoS (Denial of Service).
>
>Full Advisory:
>http://secunia.com/advisories/12715/
>
> --
>
>[SA12693] Macromedia ColdFusion MX Security Bypass Vulnerability
>
>Critical: Less critical
>Where: From remote
>Impact: Security Bypass
>Released: 2004-10-04
>
>Eric Lackey has reported a vulnerability in ColdFusion MX, which can be
>exploited by malicious, authenticated users to bypass certain security
>restrictions.
>
>Full Advisory:
>http://secunia.com/advisories/12693/
>
> --
>
>[SA12692] MediaWiki "raw" Page Output Mode Cross-Site Scripting
>Vulnerability
>
>Critical: Less critical
>Where: From remote
>Impact: Cross Site Scripting
>Released: 2004-10-01
>
>A vulnerability has been reported in MediaWiki, which can be exploited
>by malicious people to conduct cross-site scripting attacks.
>
>Full Advisory:
>http://secunia.com/advisories/12692/
>
> --
>
>[SA12756] MaxDB Web Agent "Server" Field Denial of Service
>Vulnerability
>
>Critical: Less critical
>Where: From local network
>Impact: DoS
>Released: 2004-10-07
>
>Patrik Karlsson has reported a vulnerability in MaxDB, which can be
>exploited by malicious people to cause a DoS (Denial of Service).
>
>Full Advisory:
>http://secunia.com/advisories/12756/
>
>
>
>========================================================================
>
>Secunia recommends that you verify all advisories you receive,
>by clicking the link.
>Secunia NEVER sends attached files with advisories.
>Secunia does not advise people to install third party patches, only use
>those supplied by the vendor.
>
>Definitions: (Criticality, Where etc.)
>http://secunia.com/about_secunia_advisories/
>
>Subscribe:
>http://secunia.com/secunia_weekly_summary/
>
>Contact details:
>Web : http://secunia.com/
>E-mail : support@xxxxxxxxxxx
>Tel : +45 70 20 51 44
>Fax : +45 70 20 51 45
>
>========================================================================
<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>
EDUCATIONAL CYBERPLAYGROUND
http://www.edu-cyberpg.com
Net Happenings, K12 Newsletters, Network Newsletters
http://www.edu-cyberpg.com/Community/index.html
FREE EDUCATION VENDOR DIRECTORY LISTING
http://www.edu-cyberpg.com/Directory/default.asp
HOT LIST OF SCHOOLS ONLINE
http://www.edu-cyberpg.com/Schools/default.asp
Educational CyberPlayGround Services
http://www.edu-cyberpg.com/PS/Home_Products.html
<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>
Other related posts:Secunia Weekly Summary - Issue: 2004-41
|
|
|
[ Home |
Signup |
Help |
Login |
Archives |
Lists
]
All trademarks and copyrights within the FreeLists archives are owned
by their respective owners.
Everything else ©2008 Avenir Technologies, LLC.
|
|
|
