=========================================================================== The Secunia Weekly Advisory Summary 2003-04-24 - 2003-05-01 This week : 55 advisories =========================================================================== An effective security solution starts with a position of expertise. The following 55 advisories are written by Secunia. Customers instantly receive relevant advisories to their unique system by E-mail and textmessage, enabling them to react efficiently. Security Experts at Secunia constantly search for new vulnerabilities and threats. Vast amounts of advisories, vulnerabilities and security news is gathered and assessed daily. - Stay Secure =========================================================================== ============ 2003-05-01 ============ Microsoft BizTalk Server Two Vulnerabilities Moderately critical http://www.secunia.com/advisories/8707/ -- Conectiva update for Apache Moderately critical http://www.secunia.com/advisories/8706/ -- Conectiva update for glibc Moderately critical http://www.secunia.com/advisories/8705/ ============ 2003-04-30 ============ Gentoo update for balsa Less critical http://www.secunia.com/advisories/8704/ -- OpenLinux update for tcp_sec Not critical http://www.secunia.com/advisories/8703/ -- OpenLinux update for file Less critical http://www.secunia.com/advisories/8702/ -- IdeaBox Arbitrary File Inclusion Vulnerability Highly critical http://www.secunia.com/advisories/8701/ -- 3D-FTP Banner Buffer Overflow Vulnerability Less critical http://www.secunia.com/advisories/8700/ -- Debian update for kdebase Moderately critical http://www.secunia.com/advisories/8699/ -- ColdFusion MX Java Environment Integer Overflow Vulnerability Not critical http://www.secunia.com/advisories/8698/ -- HP-UX "rexec" Buffer Overflow Vulnerability Less critical http://www.secunia.com/advisories/8697/ -- Linux-atm "les" Buffer Overflow Vulnerability Less critical http://www.secunia.com/advisories/8696/ -- Debian update for pptpd Highly critical http://www.secunia.com/advisories/8695/ -- HP Tru64 "setld" and "dupatch" Vulnerability Less critical http://www.secunia.com/advisories/8694/ -- MDaemon IMAP Buffer Overflow Vulnerability Less critical http://www.secunia.com/advisories/8693/ -- Red Hat update for MySQL Less critical http://www.secunia.com/advisories/8692/ -- MDaemon UIDL and DELE Command Negative Value DoS Not critical http://www.secunia.com/advisories/8687/ ============ 2003-04-29 ============ Opera Long Filename Extension Heap Overflow Less critical http://www.secunia.com/advisories/8691/ -- Opera Javascript Console Script Injection Vulnerability Less critical http://www.secunia.com/advisories/8690/ -- Oracle Database Link Buffer Overflow Vulnerability Less critical http://www.secunia.com/advisories/8689/ -- Qpopper poppassd Privilege Escalation Vulnerability Less critical http://www.secunia.com/advisories/8688/ -- Sun Solaris "lofiadm" Command Memory Leak Vulnerability Not critical http://www.secunia.com/advisories/8686/ -- Sun Solaris rpcbind Denial of Service Less critical http://www.secunia.com/advisories/8685/ -- Pi3Web Long HTTP Request Denial of Service Moderately critical http://www.secunia.com/advisories/8684/ -- Truegalerie Authentication Bypass and File Read Vulnerability Moderately critical http://www.secunia.com/advisories/8683/ -- Kerio Personal Firewall Administration Interface Buffer Overflow and Replay Attack Highly critical http://www.secunia.com/advisories/8682/ -- Mandrake update for Snort Highly critical http://www.secunia.com/advisories/8681/ ============ 2003-04-28 ============ SonicWall Pro Large HTTP POST Denial of Service Less critical http://www.secunia.com/advisories/8680/ -- Red Hat update for MySQL Less critical http://www.secunia.com/advisories/8679/ -- Red Hat "mod_auth_any" Command Execution Vulnerability Moderately critical http://www.secunia.com/advisories/8678/ -- Red Hat update for mICQ Not critical http://www.secunia.com/advisories/8677/ -- OpenBB SQL Injection Vulnerability Moderately critical http://www.secunia.com/advisories/8676/ -- Gentoo update for pptpd Highly critical http://www.secunia.com/advisories/8675/ -- Gentoo update for mgetty Highly critical http://www.secunia.com/advisories/8674/ -- Gentoo update for monkeyd Highly critical http://www.secunia.com/advisories/8673/ -- XOOPS MyTextSanitizer Cross-Site Scripting Less critical http://www.secunia.com/advisories/8672/ -- ColdFusion MX Path Disclosure Vulnerability Not critical http://www.secunia.com/advisories/8671/ -- SGI IRIX "nsd" User Authentication Bypass Moderately critical http://www.secunia.com/advisories/8670/ ============ 2003-04-26 ============ Bugzilla XSS and Insecure Temporary File Creation Vulnerabilities Less critical http://www.secunia.com/advisories/8669/ -- BRS WebWeaver FTP RETR Command Denial of Service Less critical http://www.secunia.com/advisories/8668/ ============ 2003-04-25 ============ VisNetic ActiveDefense Denial of Service Vulnerability Moderately critical http://www.secunia.com/advisories/8667/ -- bttlxeForum Login SQL Injection Vulnerability Moderately critical http://www.secunia.com/advisories/8666/ -- SAP DB Development Tools Installation Vulnerability Less critical http://www.secunia.com/advisories/8665/ -- SAP DB Installation Race Condition Vulnerability Not critical http://www.secunia.com/advisories/8664/ -- Kerio Personal Firewall Filter Bypass Vulnerability Not critical http://www.secunia.com/advisories/8663/ -- PHP-Nuke Cross-Site Scripting Less critical http://www.secunia.com/advisories/8662/ -- Red Hat update for squirrelmail Less critical http://www.secunia.com/advisories/8661/ -- Xeneo Web Server Long Query String Argument DoS Moderately critical http://www.secunia.com/advisories/8660/ -- Red Hat update for LPRng Not critical http://www.secunia.com/advisories/8659/ -- Red Hat update for mICQ Not critical http://www.secunia.com/advisories/8658/ -- Mandrake update for Ethereal Moderately critical http://www.secunia.com/advisories/8657/ -- XMB Registration Process SQL Injection Less critical http://www.secunia.com/advisories/8656/ ============ 2003-04-24 ============ SuSE update for KDE Moderately critical http://www.secunia.com/advisories/8655/ -- Cisco Catalyst User Authentication Bypass Vulnerability Less critical http://www.secunia.com/advisories/8654/ -- Cisco Secure ACS Administration Service Buffer Overflow Highly critical http://www.secunia.com/advisories/8653/ =========================================================================== Secunia recommends that you verify all advisories you receive, by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. Contact details: Web : http://www.secunia.com/ E-mail : supportat_private Tel : +44 (0) 20 7016 2693 Fax : +44 (0) 20 7637 0419 =========================================================================== To unsubscribe click following link: isnat_private">http://www.secunia.com/summary/unsubscribe/?email=isnat_private =========================================================================== - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Fri May 02 2003 - 01:01:57 PDT