[virusinfo] Secunia Weekly Summary - Issue: 2005-13
- From: "Mike" <mikebike@xxxxxxxxx>
- To: virusinfo@xxxxxxxxxxxxx
- Date: Thu, 31 Mar 2005 16:08:40 -0800
From; Secunia Weekly Advisory Summary
2005-03-24 - 2005-03-31
This week : 70 advisories
Table of Contents:
1.....................................................Word From Secunia
2....................................................This Week In Brief
3...............................This Weeks Top Ten Most Read Advisories
4.......................................Vulnerabilities Summary Listing
5.......................................Vulnerabilities Content Listing
=========================
==============
1) Word From Secunia:
Want a new IT Security job?
Vacant positions at Secunia:
http://secunia.com/secunia_vacancies/
=========================
=================
2) This Week in Brief:
Two vulnerabilities have been reported in Kerberos V5 and Sun Solaris,
which can be exploited by malicious people to compromise a vulnerable
system.
Successful exploitation allows execution of arbitrary code, but
requires that a user connects to a malicious server with the vulnerable
telnet client.
Patches are available from the vendor, please see Secunia advisories
below for details.
References:
http://secunia.com/SA14745
http://secunia.com/SA14754
VIRUS ALERTS:
Secunia has not issued any virus alerts during the week.
=========================
===============
3) This Weeks Top Ten Most Read Advisories:
1. [SA14654] Mozilla Firefox Three Vulnerabilities
2. [SA14684] Mozilla Security Bypass and Buffer Overflow
Vulnerabilities
3. [SA14713] Linux Kernel Multiple Vulnerabilities
4. [SA12758] Microsoft Word Document Parsing Buffer Overflow
Vulnerability
5. [SA12889] Microsoft Internet Explorer Multiple Vulnerabilities
6. [SA14754] Sun Solaris Telnet Client Buffer Overflow Vulnerabilities
7. [SA14685] Mozilla Thunderbird GIF Image Processing Buffer Overflow
Vulnerability
8. [SA14741] Symantec Norton AntiVirus Denial of Service
Vulnerabilities
9. [SA14745] MIT Kerberos Telnet Client Buffer Overflow
Vulnerabilities
10. [SA14659] phpBB Topic calendar "start" Cross-Site Scripting
Vulnerability
=========================
================
4) Vulnerabilities Summary Listing
Windows:
[SA14769] Sacred Player Logging Buffer Overflow Vulnerability
[SA14767] TinCat Player Logging Buffer Overflow Vulnerability
[SA14762] The Settlers: Heritage of Kings Player Logging Buffer
Overflow
[SA14749] PortalApp Cross-Site Scripting and SQL Injection
[SA14743] FastStone 4in1 Browser Web Server Directory Traversal
[SA14726] Antigen File Processing Denial of Service Vulnerabilities
[SA14725] Ublog Reload Cross-Site Scripting and Exposure of Database
[SA14722] BugTracker.NET Multiple SQL Injection Vulnerabilities
[SA14753] IntranetApp / SiteEnable Two Cross-Site Scripting
Vulnerabilities
[SA14741] Symantec Norton AntiVirus Denial of Service Vulnerabilities
[SA14712] Maxthon "m2_search_text" Search Bar Exposure of Information
[SA14717] Kerio Personal Firewall Network Rules Security Bypass
UNIX/Linux:
[SA14788] Red Hat update for XFree86
[SA14782] Fedora update for imagemagick
[SA14773] SGI Advanced Linux Environment Multiple Updates
[SA14766] Fedora update for sylpheed
[SA14756] Sylpheed MIME-encoded Attachment Filename Buffer Overflow
[SA14737] Gentoo update for Mozilla
[SA14736] Gentoo update for Firefox
[SA14735] Gentoo update for Thunderbird
[SA14733] Smail-3 "Mail From" Buffer Overflow and Signal Handling
Vulnerabilities
[SA14724] Fedora update for xorg-x11
[SA14714] Slackware update for Mozilla
[SA14738] Debian update for mc
[SA14783] Fedora update for telnet
[SA14778] OpenBSD update for telnet
[SA14772] SUSE update for telnet
[SA14771] Red Hat update for krb5
[SA14765] Gentoo update for mpg321
[SA14763] FreeBSD update for telnet
[SA14759] Conectiva update for ethereal
[SA14757] Red Hat update for telnet
[SA14754] Sun Solaris Telnet Client Buffer Overflow Vulnerabilities
[SA14751] Fedora update for kernel
[SA14750] Ubuntu update for telnet/telnetd
[SA14747] Fedora update for squirrelmail
[SA14745] MIT Kerberos Telnet Client Buffer Overflow Vulnerabilities
[SA14740] Fedora update for krb5
[SA14734] Debian update for netkit-telnet-ssl
[SA14728] Debian update for netkit-telnet
[SA14727] Gentoo update for ipsec-tools
[SA14721] Mandrake update for krb5
[SA14713] Linux Kernel Multiple Vulnerabilities
[SA14787] Debian update for mailreader
[SA14786] Fedora update for squid
[SA14785] Gentoo update for smarty
[SA14777] Mailreader "network.cgi" Cross-Site Scripting Vulnerability
[SA14758] Red Hat update for grip
[SA14730] Horde Page Title Cross-Site Scripting Vulnerability
[SA14755] Red Hat update for mysql
[SA14781] Fedora update for gdk-pixbuf
[SA14780] Fedora update for gtk2
[SA14776] GdkPixbuf BMP Loader Double Free Denial of Service
Vulnerability
[SA14775] GTK+ BMP Loader Double Free Denial of Service Vulnerability
Other:
[SA14731] NetComm NB1300 Denial of Service
[SA14784] Cisco VPN Concentrator 3000 Series HTTPS Packet Denial of
Service
Cross Platform:
[SA14761] EncapsBB "root" File Inclusion Vulnerability
[SA14723] E-Store Kit-2 PayPal Edition Cross-Site Scripting and File
Inclusion
[SA14770] Squirrelcart PHP Shopping Cart SQL Injection Vulnerabilities
[SA14744] ACS Blog BBcode Script Insertion Vulnerability
[SA14742] PhotoPost PHP Pro Cross-Site Scripting and SQL Injection
[SA14739] E-Data Personal Information Script Insertion Vulnerability
[SA14732] Chatness "user" Script Insertion Vulnerability
[SA14719] Valdersoft Shopping Cart Cross-Site Scripting and SQL
Injection
[SA14716] WebAPP Unspecified File Content Disclosure Vulnerability
[SA14715] PHP-Nuke Nuke Bookmarks Cross-Site Scripting and SQL
Injection
[SA14764] Tkai's Shoutbox "query" Cross-Site Scripting Vulnerability
[SA14748] CPG Dragonfly CMS Two Cross-Site Scripting Vulnerabilities
[SA14729] Smarty "regex_replace" Modifier Template Security Bypass
[SA14720] WackoWiki Multiple Cross-Site Scripting Vulnerabilities
=========================
================
5) Vulnerabilities Content Listing
Windows:--
[SA14769] Sacred Player Logging Buffer Overflow Vulnerability
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2005-03-29
Luigi Auriemma has reported a vulnerability in Sacred, which can be
exploited by malicious people to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/14769/
--
[SA14767] TinCat Player Logging Buffer Overflow Vulnerability
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2005-03-29
Luigi Auriemma has reported a vulnerability in TinCat, which can be
exploited by malicious people to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/14767/
--
[SA14762] The Settlers: Heritage of Kings Player Logging Buffer
Overflow
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2005-03-29
Luigi Auriemma has reported a vulnerability in The Settlers: Heritage
of Kings, which can be exploited by malicious people to compromise a
vulnerable system.
Full Advisory:
http://secunia.com/advisories/14762/
--
[SA14749] PortalApp Cross-Site Scripting and SQL Injection
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting, Manipulation of data
Released: 2005-03-30
Diabolic Crab has reported some vulnerabilities in PortalApp, which can
be exploited by malicious people to conduct cross-site scripting and SQL
injection attacks.
Full Advisory:
http://secunia.com/advisories/14749/
--
[SA14743] FastStone 4in1 Browser Web Server Directory Traversal
Critical: Moderately critical
Where: From remote
Impact: Exposure of sensitive information
Released: 2005-03-30
Donato Ferrante has reported a vulnerability in FastStone 4in1 Browser,
which can be exploited by malicious people to disclose sensitive
information.
Full Advisory:
http://secunia.com/advisories/14743/
--
[SA14726] Antigen File Processing Denial of Service Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2005-03-29
Two vulnerabilities have been reported in Antigen for Domino, which can
be exploited by malicious people to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/14726/
--
[SA14725] Ublog Reload Cross-Site Scripting and Exposure of Database
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting, Exposure of sensitive information
Released: 2005-03-30
3nitro has reported two vulnerabilities in Ublog Reload, which can be
exploited by malicious people to conduct cross-site scripting attacks
and disclose sensitive information.
Full Advisory:
http://secunia.com/advisories/14725/
--
[SA14722] BugTracker.NET Multiple SQL Injection Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2005-03-29
Maty Siman has reported some vulnerabilities in BugTracker.NET, which
can be exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/14722/
--
[SA14753] IntranetApp / SiteEnable Two Cross-Site Scripting
Vulnerabilities
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2005-03-30
Diabolic Crab has reported two vulnerabilities in IntranetApp and
SiteEnable, which can be exploited by malicious people to conduct
cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/14753/
--
[SA14741] Symantec Norton AntiVirus Denial of Service Vulnerabilities
Critical: Less critical
Where: From remote
Impact: DoS
Released: 2005-03-29
Isamu Noguchi has reported two vulnerabilities in Symantec Norton
AntiVirus, which can be exploited by malicious people to cause a DoS
(Denial of Service).
Full Advisory:
http://secunia.com/advisories/14741/
--
[SA14712] Maxthon "m2_search_text" Search Bar Exposure of Information
Critical: Less critical
Where: From remote
Impact: Exposure of sensitive information
Released: 2005-03-28
Aviv Raff has reported a vulnerability in Maxthon, which can be
exploited by malicious people to disclose some potentially sensitive
information.
Full Advisory:
http://secunia.com/advisories/14712/
--
[SA14717] Kerio Personal Firewall Network Rules Security Bypass
Critical: Not critical
Where: Local system
Impact: Security Bypass
Released: 2005-03-30
Petr Matousek has reported a vulnerability in Kerio Personal Firewall,
which can be exploited by malicious programs to bypass the firewall
rules.
Full Advisory:
http://secunia.com/advisories/14717/
UNIX/Linux:--
[SA14788] Red Hat update for XFree86
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2005-03-31
Red Hat has issued an update for XFree86. This fixes a vulnerability,
which potentially can be exploited by malicious people to compromise a
vulnerable system.
Full Advisory:
http://secunia.com/advisories/14788/
--
[SA14782] Fedora update for imagemagick
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2005-03-31
Fedora has issued an update for imagemagick. This fixes some
vulnerabilities, which potentially can be exploited by malicious people
to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/14782/
--
[SA14773] SGI Advanced Linux Environment Multiple Updates
Critical: Highly critical
Where: From remote
Impact: System access, DoS, Manipulation of data
Released: 2005-03-31
SGI has issued a patch for SGI Advanced Linux Environment. This fixes
multiple vulnerabilities, which can be exploited malicious, local users
to manipulate the contents of certain files and by malicious people to
cause a DoS (Denial of Service) or to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/14773/
--
[SA14766] Fedora update for sylpheed
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2005-03-30
Fedora has issued an update for sylpheed. This fixes a vulnerability,
which potentially can be exploited by malicious people to compromise a
user's system.
Full Advisory:
http://secunia.com/advisories/14766/
--
[SA14756] Sylpheed MIME-encoded Attachment Filename Buffer Overflow
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2005-03-30
A vulnerability has been reported in Sylpheed, which potentially can be
exploited by malicious people to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/14756/
--
[SA14737] Gentoo update for Mozilla
Critical: Highly critical
Where: From remote
Impact: System access, Exposure of sensitive information, Exposure
of system information, Spoofing, Cross Site Scripting, Security Bypass
Released: 2005-03-28
Gentoo has issued an update for mozilla. This fixes some
vulnerabilities, which can be exploited to bypass certain security
restrictions, conduct spoofing and script insertion attacks, disclose
various information, or compromise a user's system.
Full Advisory:
http://secunia.com/advisories/14737/
--
[SA14736] Gentoo update for Firefox
Critical: Highly critical
Where: From remote
Impact: Security Bypass
Released: 2005-03-28
Gentoo has issued an update for Firefox. This fixes three
vulnerabilities, which can be exploited by malicious people to bypass
certain security restrictions and compromise a user's system.
Full Advisory:
http://secunia.com/advisories/14736/
--
[SA14735] Gentoo update for Thunderbird
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2005-03-28
Gentoo has issued an update for Thunderbird. This fixes four
vulnerabilities, which can be exploited by malicious people to
compromise a user's system.
Full Advisory:
http://secunia.com/advisories/14735/
--
[SA14733] Smail-3 "Mail From" Buffer Overflow and Signal Handling
Vulnerabilities
Critical: Highly critical
Where: From remote
Impact: Privilege escalation, System access
Released: 2005-03-29
infamous41md has reported some vulnerabilities in Smail-3, which
potentially can be exploited by malicious, local users to gain
escalated privileges and by malicious people to compromise a vulnerable
system.
Full Advisory:
http://secunia.com/advisories/14733/
--
[SA14724] Fedora update for xorg-x11
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2005-03-30
Fedora has issued an update for xorg-x11. This fixes a vulnerability,
which potentially can be exploited by malicious people to compromise a
vulnerable system.
Full Advisory:
http://secunia.com/advisories/14724/
--
[SA14714] Slackware update for Mozilla
Critical: Highly critical
Where: From remote
Impact: System access, Exposure of sensitive information, Exposure
of system information, Spoofing, Cross Site Scripting, Security Bypass
Released: 2005-03-28
Slackware has issued an update for mozilla. This fixes some
vulnerabilities, which can be exploited to bypass certain security
restrictions, conduct spoofing and script insertion attacks, disclose
various information, or compromise a user's system.
Full Advisory:
http://secunia.com/advisories/14714/
--
[SA14738] Debian update for mc
Critical: Moderately critical
Where:
Impact: Unknown
Released: 2005-03-29
Debian has issued an update for mc. This fixes a vulnerability with an
unknown impact.
Full Advisory:
http://secunia.com/advisories/14738/
--
[SA14783] Fedora update for telnet
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2005-03-31
Fedora has issued an update for telnet. This fixes two vulnerabilities,
which can be exploited by malicious people to compromise a user's
system.
Full Advisory:
http://secunia.com/advisories/14783/
--
[SA14778] OpenBSD update for telnet
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2005-03-31
OpenBSD has issued an update for telnet. This fixes two
vulnerabilities, which can be exploited by malicious people to
compromise a user's system.
Full Advisory:
http://secunia.com/advisories/14778/
--
[SA14772] SUSE update for telnet
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2005-03-30
SUSE has issued an update for telnet. This fixes two vulnerabilities,
which can be exploited by malicious people to compromise a vulnerable
system.
Full Advisory:
http://secunia.com/advisories/14772/
--
[SA14771] Red Hat update for krb5
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2005-03-30
Red Hat has issued an update for krb5. This fixes two vulnerabilities,
which can be exploited by malicious people to compromise a user's
system.
Full Advisory:
http://secunia.com/advisories/14771/
--
[SA14765] Gentoo update for mpg321
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2005-03-29
Gentoo has issued an update for mpg321. This fixes a vulnerability,
which potentially can be exploited by malicious people to compromise a
user's system.
Full Advisory:
http://secunia.com/advisories/14765/
--
[SA14763] FreeBSD update for telnet
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2005-03-29
FreeBSD has issued an update for telnet. This fixes two
vulnerabilities, which can be exploited by malicious people to
compromise a user's system.
Full Advisory:
http://secunia.com/advisories/14763/
--
[SA14759] Conectiva update for ethereal
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2005-03-29
Conectiva has issued an update for ethereal. This fixes multiple
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service) or potentially compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/14759/
--
[SA14757] Red Hat update for telnet
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2005-03-29
Red Hat has issued an update for telnet. This fixes two
vulnerabilities, which can be exploited by malicious people to
compromise a user's system.
Full Advisory:
http://secunia.com/advisories/14757/
--
[SA14754] Sun Solaris Telnet Client Buffer Overflow Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2005-03-29
Gaël Delalleau has reported two vulnerabilities in the telnet client
included with Sun Solaris, which can be exploited by malicious people
to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/14754/
--
[SA14751] Fedora update for kernel
Critical: Moderately critical
Where: From remote
Impact: Privilege escalation, DoS, System access, Exposure of
sensitive information
Released: 2005-03-29
Fedora has issued an update for the kernel. This fixes multiple
vulnerabilities, which can be exploited to gain knowledge of
potentially sensitive information, cause a DoS (Denial of Service),
gain escalated privileges, or potentially compromise a vulnerable
system.
Full Advisory:
http://secunia.com/advisories/14751/
--
[SA14750] Ubuntu update for telnet/telnetd
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2005-03-29
Ubuntu has issued updates for telnet and telnetd. These fix some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service) or compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/14750/
--
[SA14747] Fedora update for squirrelmail
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting, Exposure of sensitive information
Released: 2005-03-29
Fedora has issued an update for squirrelmail. This fixes some
vulnerabilities, which can be exploited by malicious people to gain
knowledge of sensitive information or conduct cross-site scripting
attacks.
Full Advisory:
http://secunia.com/advisories/14747/
--
[SA14745] MIT Kerberos Telnet Client Buffer Overflow Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2005-03-29
Gaël Delalleau has reported two vulnerabilities in Kerberos V5, which
can be exploited by malicious people to compromise a vulnerable
system.
Full Advisory:
http://secunia.com/advisories/14745/
--
[SA14740] Fedora update for krb5
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2005-03-30
Fedora has issued an update for krb5. This fixes two vulnerabilities,
which can be exploited by malicious people to compromise a user's
system.
Full Advisory:
http://secunia.com/advisories/14740/
--
[SA14734] Debian update for netkit-telnet-ssl
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2005-03-29
Debian has issued an update for netkit-telnet-ssl. This fixes a
vulnerability, which can be exploited by malicious people to compromise
a vulnerable system.
Full Advisory:
http://secunia.com/advisories/14734/
--
[SA14728] Debian update for netkit-telnet
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2005-03-29
Debian has issued an update for netkit-telnet. This fixes a
vulnerability, which can be exploited by malicious people to compromise
a vulnerable system.
Full Advisory:
http://secunia.com/advisories/14728/
--
[SA14727] Gentoo update for ipsec-tools
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2005-03-28
Gentoo has issued an update for ipsec-tools. This fixes a
vulnerability, which can be exploited by malicious people to cause a
DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/14727/
--
[SA14721] Mandrake update for krb5
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2005-03-30
MandrakeSoft has issued an update for krb5. This fixes two
vulnerabilities, which can be exploited by malicious people to
compromise a user's system.
Full Advisory:
http://secunia.com/advisories/14721/
--
[SA14713] Linux Kernel Multiple Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Exposure of system information, Exposure of sensitive
information, Privilege escalation, DoS, System access
Released: 2005-03-29
Multiple vulnerabilities have been reported in the Linux kernel, which
can be exploited to disclose information, cause a DoS (Denial of
Service), gain escalated privileges, or potentially compromise a
vulnerable system.
Full Advisory:
http://secunia.com/advisories/14713/
--
[SA14787] Debian update for mailreader
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2005-03-31
Debian has issued an update for mailreader. This fixes a vulnerability,
which can be exploited by malicious people to conduct cross-site
scripting attacks.
Full Advisory:
http://secunia.com/advisories/14787/
--
[SA14786] Fedora update for squid
Critical: Less critical
Where: From remote
Impact: Exposure of sensitive information
Released: 2005-03-31
Fedora has issued an update for squid. This fixes a security issue,
which may disclose sensitive information to malicious people.
Full Advisory:
http://secunia.com/advisories/14786/
--
[SA14785] Gentoo update for smarty
Critical: Less critical
Where: From remote
Impact: Security Bypass
Released: 2005-03-31
Gentoo has issued an update for smarty. This fixes a vulnerability,
which can be exploited by malicious people to bypass certain security
restrictions.
Full Advisory:
http://secunia.com/advisories/14785/
--
[SA14777] Mailreader "network.cgi" Cross-Site Scripting Vulnerability
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2005-03-31
Ulf Härnhammar has reported a vulnerability in Mailreader, which can be
exploited by malicious people to conduct cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/14777/
--
[SA14758] Red Hat update for grip
Critical: Less critical
Where: From remote
Impact: System access
Released: 2005-03-29
Red Hat has issued an update for grip. This fixes a vulnerability,
which potentially can be exploited by malicious people to compromise a
user's system.
Full Advisory:
http://secunia.com/advisories/14758/
--
[SA14730] Horde Page Title Cross-Site Scripting Vulnerability
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2005-03-29
A vulnerability has been reported in Horde, which can be exploited by
malicious people to conduct cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/14730/
--
[SA14755] Red Hat update for mysql
Critical: Less critical
Where: From local network
Impact: Privilege escalation, System access
Released: 2005-03-29
Red Hat has issued an update for mysql. This fixes some
vulnerabilities, which potentially can be exploited by malicious users
to compromise a vulnerable system and by malicious, local users to
perform certain actions on a vulnerable system with escalated
privileges.
Full Advisory:
http://secunia.com/advisories/14755/
--
[SA14781] Fedora update for gdk-pixbuf
Critical: Not critical
Where: From remote
Impact: DoS
Released: 2005-03-31
Fedora has issued an update for gdk-pixbuf. This fixes a vulnerability,
which can be exploited by malicious people to crash certain applications
on a vulnerable system.
Full Advisory:
http://secunia.com/advisories/14781/
--
[SA14780] Fedora update for gtk2
Critical: Not critical
Where: From remote
Impact: DoS
Released: 2005-03-31
Fedora has issued an update for gtk2. This fixes a vulnerability, which
can be exploited by malicious people to crash certain applications on a
vulnerable system.
Full Advisory:
http://secunia.com/advisories/14780/
--
[SA14776] GdkPixbuf BMP Loader Double Free Denial of Service
Vulnerability
Critical: Not critical
Where: From remote
Impact: DoS
Released: 2005-03-31
David Costanzo has reported a vulnerability in GdkPixbuf, which can be
exploited by malicious people to crash certain applications on a user's
system.
Full Advisory:
http://secunia.com/advisories/14776/
--
[SA14775] GTK+ BMP Loader Double Free Denial of Service Vulnerability
Critical: Not critical
Where: From remote
Impact: DoS
Released: 2005-03-31
David Costanzo has reported a vulnerability in GTK+, which can be
exploited by malicious people to crash certain applications on a user's
system.
Full Advisory:
http://secunia.com/advisories/14775/
Other:--
[SA14731] NetComm NB1300 Denial of Service
Critical: Less critical
Where: From remote
Impact: DoS
Released: 2005-03-29
Chris Rock has reported a vulnerability in NetComm NB1300, allowing
malicious people to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/14731/
--
[SA14784] Cisco VPN Concentrator 3000 Series HTTPS Packet Denial of
Service
Critical: Less critical
Where: From local network
Impact: DoS
Released: 2005-03-31
A vulnerability has been reported in Cisco VPN Concentrator 3000
Series, which can be exploited by malicious people to cause a DoS
(Denial of Service).
Full Advisory:
http://secunia.com/advisories/14784/
Cross Platform:--
[SA14761] EncapsBB "root" File Inclusion Vulnerability
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2005-03-29
Frank "brOmstar" Reissner has reported a vulnerability in EncapsBB,
which can be exploited by malicious people to compromise a vulnerable
system.
Full Advisory:
http://secunia.com/advisories/14761/
--
[SA14723] E-Store Kit-2 PayPal Edition Cross-Site Scripting and File
Inclusion
Critical: Highly critical
Where: From remote
Impact: Cross Site Scripting, System access
Released: 2005-03-29
Diabolic Crab has reported two vulnerabilities in E-Store Kit-2 PayPal
Edition, which can be exploited by malicious people to conduct
cross-site scripting attacks and potentially compromise a vulnerable
system.
Full Advisory:
http://secunia.com/advisories/14723/
--
[SA14770] Squirrelcart PHP Shopping Cart SQL Injection Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2005-03-30
Diabolic Crab has reported two vulnerabilities in Squirrelcart PHP
Shopping Cart, which can be exploited by malicious people to conduct
SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/14770/
--
[SA14744] ACS Blog BBcode Script Insertion Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting
Released: 2005-03-29
Dan Crowley has reported a vulnerability in ACS Blog, which can be
exploited by malicious people to conduct script insertion attacks.
Full Advisory:
http://secunia.com/advisories/14744/
--
[SA14742] PhotoPost PHP Pro Cross-Site Scripting and SQL Injection
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting, Manipulation of data
Released: 2005-03-29
Diabolic Crab has reported some vulnerabilities in PhotoPost PHP Pro,
which can be exploited by malicious people to conduct cross-site
scripting and SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/14742/
--
[SA14739] E-Data Personal Information Script Insertion Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting
Released: 2005-03-29
Donnie Werner has reported a vulnerability in E-Data, which can be
exploited by malicious people to conduct cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/14739/
--
[SA14732] Chatness "user" Script Insertion Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting
Released: 2005-03-30
3nitro has reported a vulnerability in Chatness, which can be exploited
by malicious people to conduct script insertion attacks.
Full Advisory:
http://secunia.com/advisories/14732/
--
[SA14719] Valdersoft Shopping Cart Cross-Site Scripting and SQL
Injection
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting, Manipulation of data
Released: 2005-03-29
Diabolic Crab has reported some vulnerabilities in Valdersoft Shopping
Cart, which can be exploited by malicious people to conduct cross-site
scripting and SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/14719/
--
[SA14716] WebAPP Unspecified File Content Disclosure Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Exposure of sensitive information
Released: 2005-03-29
A vulnerability has been reported in WebAPP, which can be exploited by
malicious people to disclose potentially sensitive information.
Full Advisory:
http://secunia.com/advisories/14716/
--
[SA14715] PHP-Nuke Nuke Bookmarks Cross-Site Scripting and SQL
Injection
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting, Manipulation of data
Released: 2005-03-28
Gerardo 'Astharot' Di Giacomo has reported some vulnerabilities in the
Nuke Bookmarks module for PHP-Nuke, which can be exploited by malicious
people to conduct cross-site scripting and SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/14715/
--
[SA14764] Tkai's Shoutbox "query" Cross-Site Scripting Vulnerability
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2005-03-29
CorryL has reported a vulnerability in Tkai's Shoutbox, which can be
exploited by malicious people to conduct cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/14764/
--
[SA14748] CPG Dragonfly CMS Two Cross-Site Scripting Vulnerabilities
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2005-03-29
mircia has reported two vulnerabilities in CPG Dragonfly CMS, which can
be exploited by malicious people to conduct cross-site scripting
attacks.
Full Advisory:
http://secunia.com/advisories/14748/
--
[SA14729] Smarty "regex_replace" Modifier Template Security Bypass
Critical: Less critical
Where: From remote
Impact: Security Bypass
Released: 2005-03-29
A vulnerability has been reported in Smarty, which can be exploited by
malicious people to bypass certain security restrictions.
Full Advisory:
http://secunia.com/advisories/14729/
--
[SA14720] WackoWiki Multiple Cross-Site Scripting Vulnerabilities
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2005-03-29
Multiple vulnerabilities have been reported in WackoWiki, which can be
exploited by malicious people to conduct cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/14720/
=========================
================
Secunia recommends that you verify all advisories you receive,
by clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only use
those supplied by the vendor.
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Subscribe:
http://secunia.com/secunia_weekly_summary/
Contact details:
Web : http://secunia.com/
E-mail : support@xxxxxxxxxxx
Tel : +45 70 20 51 44
Fax : +45 70 20 51 45
____________________________
*********** MIKE"S REPLY SEPARATOR ***********
Mike ~ It is a good day if I learned something new.
Editor MikesWhatsNews see a sample on my web page
http://www3.telus.net/mikebike
<mikeswhatsnews-request@xxxxxxxxxxxxx?Subject=subscribe>
http://www3.telus.net/mikebike/worm_removal.htm
See my Anti-Virus pages http://virusinfo.hackfix.org/index
<virusinfo-request@xxxxxxxxxxxxx?Subject=subscribe>
A Technical Support Alliance and OWTA Charter Member
Other related posts:
- » [virusinfo] Secunia Weekly Summary - Issue: 2005-13
