[ISN] Secunia Weekly Summary

From: InfoSec News (isnat_private)
Date: Thu Apr 10 2003 - 23:34:02 PDT

  • Next message: InfoSec News: "[ISN] Bug leaves Windows open to Java attack"

    ===========================================================================
    
                        The Secunia Weekly Advisory Summary
    
                             This week: 66 advisories
    
    ===========================================================================
    
        An effective security solution starts with a position of expertise.
    
    
    The following 66 advisories are written by Secunia. 
    Customers instantly receive relevant advisories to their unique system by
    E-mail and textmessage, enabling them to react efficiently.
    
    Security Experts at Secunia constantly search for new vulnerabilities and
    threats.
    
    Vast amounts of advisories, vulnerabilities and security news is gathered
    and assessed daily.
    
    
     - Stay Secure
    
    ===========================================================================
    
    ============
     2003-04-10
    ============
    
    KDE PS/PDF File Handling Vulnerability
    Less critical
    http://www.secunia.com/advisories/8564/
    
     -- 
    
    phPay Cross Site Scripting
    Less critical
    http://www.secunia.com/advisories/8563/
    
     -- 
    
    Red Hat update for httpd
    Moderately critical
    http://www.secunia.com/advisories/8562/
    
     -- 
    
    Conectiva update for samba
    Highly critical
    http://www.secunia.com/advisories/8561/
    
    
    ============
     2003-04-09
    ============
    
    Microsoft Proxy Server 2.0 / ISA Server 2000 Denial of Service
    Less critical
    http://www.secunia.com/advisories/8560/
    
     -- 
    
    Microsoft Virtual Machine Bytecode Verifier Vulnerability
    Highly critical
    http://www.secunia.com/advisories/8559/
    
     -- 
    
    Debian update for glibc
    Moderately critical
    http://www.secunia.com/advisories/8558/
    
     -- 
    
    Firebird External Table Vulnerability
    Moderately critical
    http://www.secunia.com/advisories/8557/
    
     -- 
    
    Gentoo update for setiathome
    Moderately critical
    http://www.secunia.com/advisories/8556/
    
     -- 
    
    Gentoo update for samba
    Highly critical
    http://www.secunia.com/advisories/8555/
    
     -- 
    
    Gentoo update for Apache
    Moderately critical
    http://www.secunia.com/advisories/8554/
    
     -- 
    
    Lotus Notes/Domino JVM Denial of Service
    Not critical
    http://www.secunia.com/advisories/8553/
    
     -- 
    
    ISC ASP Guestbook Cross-Site Scripting
    Less critical
    http://www.secunia.com/advisories/8552/
    
     -- 
    
    Borland Interbase External Table Vulnerability
    Less critical
    http://www.secunia.com/advisories/8551/
    
     -- 
    
    Orplex Guest Book Cross-Site Scripting
    Less critical
    http://www.secunia.com/advisories/8550/
    
     -- 
    
    SGI IRIX update for libc
    Moderately critical
    http://www.secunia.com/advisories/8549/
    
    
    ============
     2003-04-08
    ============
    
    Debian update for xftp
    Less critical
    http://www.secunia.com/advisories/8548/
    
     -- 
    
    Trustix update for samba
    Highly critical
    http://www.secunia.com/advisories/8547/
    
     -- 
    
    Red Hat update for Mgetty
    Highly critical
    http://www.secunia.com/advisories/8546/
    
     -- 
    
    JpegX Message Disclosure
    Moderately critical
    http://www.secunia.com/advisories/8545/
    
     -- 
    
    Coppermine Photo Gallery Image Extension Vulnerability
    Moderately critical
    http://www.secunia.com/advisories/8544/
    
     -- 
    
    Vignette Story Server TCL Interpreter Information Disclosure
    Less critical
    http://www.secunia.com/advisories/8543/
    
     -- 
    
    Conectiva update for kernel
    Less critical
    http://www.secunia.com/advisories/8542/
    
     -- 
    
    OpenPKG update for samba
    Highly critical
    http://www.secunia.com/advisories/8541/
    
     -- 
    
    FreeBSD update for samba
    Highly critical
    http://www.secunia.com/advisories/8540/
    
     -- 
    
    Red Hat update for samba
    Highly critical
    http://www.secunia.com/advisories/8539/
    
     -- 
    
    Debian update for samba
    Highly critical
    http://www.secunia.com/advisories/8538/
    
     -- 
    
    SuSE update for samba
    Highly critical
    http://www.secunia.com/advisories/8537/
    
     -- 
    
    Mandrake update for samba
    Highly critical
    http://www.secunia.com/advisories/8536/
    
     -- 
    
    Slackware update for samba
    Highly critical
    http://www.secunia.com/advisories/8535/
    
    
    ============
     2003-04-07
    ============
    
    Opera Inclusion of Java Methods in JavaScript
    Less critical
    http://www.secunia.com/advisories/8534/
    
     -- 
    
    Samba exploitable buffer overflow
    Highly critical
    http://www.secunia.com/advisories/8533/
    
     -- 
    
    SETI@home remotely exploitable buffer overflow
    Moderately critical
    http://www.secunia.com/advisories/8532/
    
     -- 
    
    Debian Metrics Insecure Temporary File Handling
    Less critical
    http://www.secunia.com/advisories/8531/
    
     -- 
    
    Conectiva update for samba
    Moderately critical
    http://www.secunia.com/advisories/8530/
    
     -- 
    
    Conectiva update for file
    Less critical
    http://www.secunia.com/advisories/8529/
    
     -- 
    
    Abyss Webserver Denial of Service
    Moderately critical
    http://www.secunia.com/advisories/8528/
    
     -- 
    
    Hyperion FTP Server MKD Buffer Overflow
    Less critical
    http://www.secunia.com/advisories/8527/
    
     -- 
    
    Conectiva update for dhcp
    Not critical
    http://www.secunia.com/advisories/8526/
    
     -- 
    
    AspJar Guestbook Cross-Site Scripting
    Less critical
    http://www.secunia.com/advisories/8525/
    
     -- 
    
    Conectiva update for sendmail
    Extremely critical
    http://www.secunia.com/advisories/8524/
    
     -- 
    
    NetBSD update for sendmail
    Extremely critical
    http://www.secunia.com/advisories/8523/
    
     -- 
    
    Sign Here! Guestbook Cross-Site Scripting
    Less critical
    http://www.secunia.com/advisories/8522/
    
     -- 
    
    Conectiva update for snort
    Highly critical
    http://www.secunia.com/advisories/8521/
    
     -- 
    
    Entrust Authority Security Manager Password Manipulation
    Less critical
    http://www.secunia.com/advisories/8520/
    
     -- 
    
    NetBSD update for Kerberos
    Moderately critical
    http://www.secunia.com/advisories/8519/
    
    
    ============
     2003-04-04
    ============
    
    BRS WebWeaver multiple vulnerabilities
    Moderately critical
    http://www.secunia.com/advisories/8518/
    
     -- 
    
    Debian update for sendmail
    Extremely critical
    http://www.secunia.com/advisories/8517/
    
     -- 
    
    SuSE update for OpenSSL
    Less critical
    http://www.secunia.com/advisories/8516/
    
     -- 
    
    WebC Multiple Buffer Overflow Vulnerabilities
    Highly critical
    http://www.secunia.com/advisories/8515/
    
     -- 
    
    NetGear FM114P Username and Password Disclosure
    Moderately critical
    http://www.secunia.com/advisories/8514/
    
     -- 
    
    Borland Interbase ISC_LOCK_ENV Variable Privilege Escalation
    Less critical
    http://www.secunia.com/advisories/8513/
    
     -- 
    
    HP Tru64 patches for sendmail
    Extremely critical
    http://www.secunia.com/advisories/8512/
    
     -- 
    
    Python Documentation Server Cross-Site Scripting
    Less critical
    http://www.secunia.com/advisories/8511/
    
     -- 
    
    BEA WebLogic Server Internal Hostname Disclosure
    Not critical
    http://www.secunia.com/advisories/8509/
    
     -- 
    
    OpenLinux update for sendmail
    Extremely critical
    http://www.secunia.com/advisories/8508/
    
     -- 
    
    Sakki's Guestbook Cross-Site Scripting
    Less critical
    http://www.secunia.com/advisories/8507/
    
     -- 
    
    Red Hat update for mutt and balsa
    Less critical
    http://www.secunia.com/advisories/8506/
    
    
    ============
     2003-04-03
    ============
    
    Debian update for apcupsd
    Less critical
    http://www.secunia.com/advisories/8505/
    
     -- 
    
    TYPSoft FTP Server Anonymous User Directory Creation and Deletion
    Less critical
    http://www.secunia.com/advisories/8504/
    
     -- 
    
    XOOPS Glossary Module Cross-Site Scripting
    Less critical
    http://www.secunia.com/advisories/8503/
    
     -- 
    
    passlogd Multiple Parser Buffer Overflows
    Moderately critical
    http://www.secunia.com/advisories/8502/
    
     -- 
    
    Sun Solaris cachefsd Buffer Overflow
    Moderately critical
    http://www.secunia.com/advisories/8501/
    
     -- 
    
    Progress PROSTARTUP Variable Information Disclosure Vulnerability
    Not critical
    http://www.secunia.com/advisories/8500/
    
     -- 
    
    Apache Linefeed Denial of Service Vulnerability
    Moderately critical
    http://www.secunia.com/advisories/8499/
    
     -- 
    
    Progress DLC Variable Privilege Escalation
    Less critical
    http://www.secunia.com/advisories/8498/
    
    
    ===========================================================================
    
    Secunia recommends that you verify all advisories you receive, by clicking
    the link.
    Secunia NEVER sends attached files with advisories.
    Secunia does not advise people to install third party patches, only use
    those supplied by the vendor.
    
    Contact details:
    Web	: http://www.secunia.com/
    E-mail	: supportat_private
    Tel	: +44 (0) 20 7016 2693
    Fax	: +44 (0) 20 7637 0419
    
    ===========================================================================
    
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Fri Apr 11 2003 - 02:01:27 PDT