[ISN] Secunia Weekly Summary

From: InfoSec News (isnat_private)
Date: Thu May 01 2003 - 22:19:28 PDT

  • Next message: InfoSec News: "[ISN] ISO17799 News"

    ===========================================================================
    
                        The Secunia Weekly Advisory Summary
                              2003-04-24 - 2003-05-01
    
                             This week : 55 advisories
    
    ===========================================================================
    
        An effective security solution starts with a position of expertise.
    
    
    The following 55 advisories are written by Secunia. 
    Customers instantly receive relevant advisories to their unique system by
    E-mail and textmessage, enabling them to react efficiently.
    
    Security Experts at Secunia constantly search for new vulnerabilities and
    threats.
    
    Vast amounts of advisories, vulnerabilities and security news is gathered
    and assessed daily.
    
    
     - Stay Secure
    
    ===========================================================================
    
    ============
     2003-05-01
    ============
    
    Microsoft BizTalk Server Two Vulnerabilities
    Moderately critical
    http://www.secunia.com/advisories/8707/
    
     -- 
    
    Conectiva update for Apache
    Moderately critical
    http://www.secunia.com/advisories/8706/
    
     -- 
    
    Conectiva update for glibc
    Moderately critical
    http://www.secunia.com/advisories/8705/
    
    
    ============
     2003-04-30
    ============
    
    Gentoo update for balsa
    Less critical
    http://www.secunia.com/advisories/8704/
    
     -- 
    
    OpenLinux update for tcp_sec
    Not critical
    http://www.secunia.com/advisories/8703/
    
     -- 
    
    OpenLinux update for file
    Less critical
    http://www.secunia.com/advisories/8702/
    
     -- 
    
    IdeaBox Arbitrary File Inclusion Vulnerability
    Highly critical
    http://www.secunia.com/advisories/8701/
    
     -- 
    
    3D-FTP Banner Buffer Overflow Vulnerability
    Less critical
    http://www.secunia.com/advisories/8700/
    
     -- 
    
    Debian update for kdebase
    Moderately critical
    http://www.secunia.com/advisories/8699/
    
     -- 
    
    ColdFusion MX Java Environment Integer Overflow Vulnerability
    Not critical
    http://www.secunia.com/advisories/8698/
    
     -- 
    
    HP-UX "rexec" Buffer Overflow Vulnerability
    Less critical
    http://www.secunia.com/advisories/8697/
    
     -- 
    
    Linux-atm "les" Buffer Overflow Vulnerability
    Less critical
    http://www.secunia.com/advisories/8696/
    
     -- 
    
    Debian update for pptpd
    Highly critical
    http://www.secunia.com/advisories/8695/
    
     -- 
    
    HP Tru64 "setld" and "dupatch" Vulnerability
    Less critical
    http://www.secunia.com/advisories/8694/
    
     -- 
    
    MDaemon IMAP Buffer Overflow Vulnerability
    Less critical
    http://www.secunia.com/advisories/8693/
    
     -- 
    
    Red Hat update for MySQL
    Less critical
    http://www.secunia.com/advisories/8692/
    
     -- 
    
    MDaemon UIDL and DELE Command Negative Value DoS
    Not critical
    http://www.secunia.com/advisories/8687/
    
    
    ============
     2003-04-29
    ============
    
    Opera Long Filename Extension Heap Overflow
    Less critical
    http://www.secunia.com/advisories/8691/
    
     -- 
    
    Opera Javascript Console Script Injection Vulnerability
    Less critical
    http://www.secunia.com/advisories/8690/
    
     -- 
    
    Oracle Database Link Buffer Overflow Vulnerability
    Less critical
    http://www.secunia.com/advisories/8689/
    
     -- 
    
    Qpopper poppassd Privilege Escalation Vulnerability
    Less critical
    http://www.secunia.com/advisories/8688/
    
     -- 
    
    Sun Solaris "lofiadm" Command Memory Leak Vulnerability
    Not critical
    http://www.secunia.com/advisories/8686/
    
     -- 
    
    Sun Solaris rpcbind Denial of Service
    Less critical
    http://www.secunia.com/advisories/8685/
    
     -- 
    
    Pi3Web Long HTTP Request Denial of Service
    Moderately critical
    http://www.secunia.com/advisories/8684/
    
     -- 
    
    Truegalerie Authentication Bypass and File Read Vulnerability
    Moderately critical
    http://www.secunia.com/advisories/8683/
    
     -- 
    
    Kerio Personal Firewall Administration Interface Buffer Overflow and
    Replay Attack
    Highly critical
    http://www.secunia.com/advisories/8682/
    
     -- 
    
    Mandrake update for Snort
    Highly critical
    http://www.secunia.com/advisories/8681/
    
    
    ============
     2003-04-28
    ============
    
    SonicWall Pro Large HTTP POST Denial of Service
    Less critical
    http://www.secunia.com/advisories/8680/
    
     -- 
    
    Red Hat update for MySQL
    Less critical
    http://www.secunia.com/advisories/8679/
    
     -- 
    
    Red Hat "mod_auth_any" Command Execution Vulnerability
    Moderately critical
    http://www.secunia.com/advisories/8678/
    
     -- 
    
    Red Hat update for mICQ
    Not critical
    http://www.secunia.com/advisories/8677/
    
     -- 
    
    OpenBB SQL Injection Vulnerability
    Moderately critical
    http://www.secunia.com/advisories/8676/
    
     -- 
    
    Gentoo update for pptpd
    Highly critical
    http://www.secunia.com/advisories/8675/
    
     -- 
    
    Gentoo update for mgetty
    Highly critical
    http://www.secunia.com/advisories/8674/
    
     -- 
    
    Gentoo update for monkeyd
    Highly critical
    http://www.secunia.com/advisories/8673/
    
     -- 
    
    XOOPS MyTextSanitizer Cross-Site Scripting
    Less critical
    http://www.secunia.com/advisories/8672/
    
     -- 
    
    ColdFusion MX Path Disclosure Vulnerability
    Not critical
    http://www.secunia.com/advisories/8671/
    
     -- 
    
    SGI IRIX "nsd" User Authentication Bypass
    Moderately critical
    http://www.secunia.com/advisories/8670/
    
    
    ============
     2003-04-26
    ============
    
    Bugzilla XSS and Insecure Temporary File Creation Vulnerabilities
    Less critical
    http://www.secunia.com/advisories/8669/
    
     -- 
    
    BRS WebWeaver FTP RETR Command Denial of Service
    Less critical
    http://www.secunia.com/advisories/8668/
    
    
    ============
     2003-04-25
    ============
    
    VisNetic ActiveDefense Denial of Service Vulnerability
    Moderately critical
    http://www.secunia.com/advisories/8667/
    
     -- 
    
    bttlxeForum Login SQL Injection Vulnerability
    Moderately critical
    http://www.secunia.com/advisories/8666/
    
     -- 
    
    SAP DB Development Tools Installation Vulnerability
    Less critical
    http://www.secunia.com/advisories/8665/
    
     -- 
    
    SAP DB Installation Race Condition Vulnerability
    Not critical
    http://www.secunia.com/advisories/8664/
    
     -- 
    
    Kerio Personal Firewall Filter Bypass Vulnerability
    Not critical
    http://www.secunia.com/advisories/8663/
    
     -- 
    
    PHP-Nuke Cross-Site Scripting
    Less critical
    http://www.secunia.com/advisories/8662/
    
     -- 
    
    Red Hat update for squirrelmail
    Less critical
    http://www.secunia.com/advisories/8661/
    
     -- 
    
    Xeneo Web Server Long Query String Argument DoS
    Moderately critical
    http://www.secunia.com/advisories/8660/
    
     -- 
    
    Red Hat update for LPRng
    Not critical
    http://www.secunia.com/advisories/8659/
    
     -- 
    
    Red Hat update for mICQ
    Not critical
    http://www.secunia.com/advisories/8658/
    
     -- 
    
    Mandrake update for Ethereal
    Moderately critical
    http://www.secunia.com/advisories/8657/
    
     -- 
    
    XMB Registration Process SQL Injection
    Less critical
    http://www.secunia.com/advisories/8656/
    
    
    ============
     2003-04-24
    ============
    
    SuSE update for KDE
    Moderately critical
    http://www.secunia.com/advisories/8655/
    
     -- 
    
    Cisco Catalyst User Authentication Bypass Vulnerability
    Less critical
    http://www.secunia.com/advisories/8654/
    
     -- 
    
    Cisco Secure ACS Administration Service Buffer Overflow
    Highly critical
    http://www.secunia.com/advisories/8653/
    
    
    ===========================================================================
    
    Secunia recommends that you verify all advisories you receive, by clicking
    the link.
    Secunia NEVER sends attached files with advisories.
    Secunia does not advise people to install third party patches, only use
    those supplied by the vendor.
    
    Contact details:
    Web	: http://www.secunia.com/
    E-mail	: supportat_private
    Tel	: +44 (0) 20 7016 2693
    Fax	: +44 (0) 20 7637 0419
    
    ===========================================================================
    
    To unsubscribe click following link:
    isnat_private">http://www.secunia.com/summary/unsubscribe/?email=isnat_private
    
    ===========================================================================
    
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Fri May 02 2003 - 01:01:57 PDT