[ISN] Secunia Weekly Summary

From: InfoSec News (isnat_private)
Date: Thu May 29 2003 - 02:51:22 PDT

  • Next message: InfoSec News: "[ISN] Windows & .NET Magazine Security UPDATE--May 28, 2003"

    ===========================================================================
    
                        The Secunia Weekly Advisory Summary
                              2003-05-22 - 2003-05-29
    
                             This week : 51 advisories
    
    ===========================================================================
    
        An effective security solution starts with a position of expertise.
    
    
    The following 51 advisories are written by Secunia. 
    Customers instantly receive relevant advisories to their unique system by
    E-mail and textmessage, enabling them to react efficiently.
    
    Security Experts at Secunia constantly search for new vulnerabilities and
    threats.
    
    Vast amounts of advisories, vulnerabilities and security news is gathered
    and assessed daily.
    
    
     - Stay Secure
    
    ===========================================================================
    
    ============
     2003-05-29
    ============
    
    Webfroot Shoutbox Execution of Arbitrary Code
    Highly critical
    http://www.secunia.com/advisories/8886/
    
    
    ============
     2003-05-28
    ============
    
    Internet Information Server/Services Multiple Vulnerabilities
    Less critical
    http://www.secunia.com/advisories/8884/
    
     -- 
    
    Windows Media Services ISAPI Extension Denial of Service
    Moderately critical
    http://www.secunia.com/advisories/8883/
    
     -- 
    
    Red Hat update for httpd
    Highly critical
    http://www.secunia.com/advisories/8882/
    
     -- 
    
    Apache Denial of Service and Potential System Compromise Vulnerabilities
    Highly critical
    http://www.secunia.com/advisories/8881/
    
     -- 
    
    UpClient Privilege Escalation Vulnerability
    Less critical
    http://www.secunia.com/advisories/8878/
    
     -- 
    
    Conectiva update for BitchX
    Moderately critical
    http://www.secunia.com/advisories/8877/
    
     -- 
    
    Axis Network Camera HTTP Authentication Bypass Vulnerability
    Highly critical
    http://www.secunia.com/advisories/8876/
    
     -- 
    
    HP-UX update for various network drivers
    Less critical
    http://www.secunia.com/advisories/8875/
    
     -- 
    
    Red Hat update for kernel
    Moderately critical
    http://www.secunia.com/advisories/8873/
    
     -- 
    
    OpenServer update for squid
    Moderately critical
    http://www.secunia.com/advisories/8872/
    
     -- 
    
    EVFS Privilege Escalation Vulnerability
    Not critical
    http://www.secunia.com/advisories/8871/
    
     -- 
    
    SuSE update for glibc
    Moderately critical
    http://www.secunia.com/advisories/8870/
    
     -- 
    
    Conectiva update for netpbm
    Less critical
    http://www.secunia.com/advisories/8869/
    
     -- 
    
    Kazaa and FastTrack P2P Network Client Buffer Overflow Vulnerability
    Highly critical
    http://www.secunia.com/advisories/8868/
    
     -- 
    
    EServ Directory Listing and Unauthorised Proxy Access
    Moderately critical
    http://www.secunia.com/advisories/8867/
    
    
    ============
     2003-05-27
    ============
    
    Gentoo update for heimdal
    Moderately critical
    http://www.secunia.com/advisories/8866/
    
     -- 
    
    Gentoo update for Nessus
    Less critical
    http://www.secunia.com/advisories/8865/
    
     -- 
    
    BLNews Execution of Arbitrary Code
    Highly critical
    http://www.secunia.com/advisories/8864/
    
     -- 
    
    CUPS Partial IPP Request Denial of Service Vulnerability
    Less critical
    http://www.secunia.com/advisories/8863/
    
     -- 
    
    Newsscript Admin Access Vulnerability
    Less critical
    http://www.secunia.com/advisories/8862/
    
     -- 
    
    Privatefirewall Filter Bypass Vulnerability
    Not critical
    http://www.secunia.com/advisories/8861/
    
     -- 
    
    AnalogX Proxy Long URL Buffer Overflow Vulnerability
    Moderately critical
    http://www.secunia.com/advisories/8860/
    
     -- 
    
    TextPortal Weak Default Account Password
    Moderately critical
    http://www.secunia.com/advisories/8859/
    
    
    ============
     2003-05-26
    ============
    
    Ultimate PHP Board Arbitrary Code Execution Vulnerability
    Highly critical
    http://www.secunia.com/advisories/8858/
    
     -- 
    
    P-News Admin Access Vulnerability
    Less critical
    http://www.secunia.com/advisories/8857/
    
     -- 
    
    ST FTP Service Directory Traversal Vulnerability
    Moderately critical
    http://www.secunia.com/advisories/8856/
    
     -- 
    
    iisPROTECT SQL Injection Vulnerability
    Highly critical
    http://www.secunia.com/advisories/8855/
    
     -- 
    
    Magic Winmail Server Denial of Service
    Moderately critical
    http://www.secunia.com/advisories/8854/
    
     -- 
    
    XMB Cross Site Scripting
    Less critical
    http://www.secunia.com/advisories/8853/
    
     -- 
    
    ShareMailPro User Enumeration
    Less critical
    http://www.secunia.com/advisories/8852/
    
     -- 
    
    Outlook Express File Download Security Restriction Bypass
    Less critical
    http://www.secunia.com/advisories/8841/
    
    
    ============
     2003-05-23
    ============
    
    Red Hat update for sharutils
    Less critical
    http://www.secunia.com/advisories/8851/
    
     -- 
    
    iisPROTECT URL Encoding Authentication Bypass Vulnerability
    Moderately critical
    http://www.secunia.com/advisories/8850/
    
     -- 
    
    Sun Cobalt update for glibc
    Less critical
    http://www.secunia.com/advisories/8849/
    
     -- 
    
    Red Hat update for glibc
    Moderately critical
    http://www.secunia.com/advisories/8848/
    
     -- 
    
    Red Hat update for balsa
    Less critical
    http://www.secunia.com/advisories/8847/
    
     -- 
    
    Red Hat update for KDE
    Moderately critical
    http://www.secunia.com/advisories/8846/
    
     -- 
    
    Red Hat update for LPRng
    Not critical
    http://www.secunia.com/advisories/8845/
    
     -- 
    
    Red Hat update for xinetd
    Less critical
    http://www.secunia.com/advisories/8844/
    
     -- 
    
    Load Sharing Facility Privilege Escalation
    Less critical
    http://www.secunia.com/advisories/8843/
    
     -- 
    
    Nessus NASL Arbitrary Code Execution Vulnerabilities
    Less critical
    http://www.secunia.com/advisories/8842/
    
     -- 
    
    BlackMoon FTP Server Username Enumeration and Password Disclosure
    Less critical
    http://www.secunia.com/advisories/8840/
    
     -- 
    
    Slackware update for sysvinit
    Not critical
    http://www.secunia.com/advisories/8835/
    
    
    ============
     2003-05-22
    ============
    
    Mandrake update for lpr
    Less critical
    http://www.secunia.com/advisories/8839/
    
     -- 
    
    WsMP3 Multiple Vulnerabilities
    Moderately critical
    http://www.secunia.com/advisories/8838/
    
     -- 
    
    Mandrake update for LPRng
    Not critical
    http://www.secunia.com/advisories/8837/
    
     -- 
    
    Conectiva update for bugzilla
    Less critical
    http://www.secunia.com/advisories/8836/
    
     -- 
    
    ttCMS Execution of Arbitrary Code
    Highly critical
    http://www.secunia.com/advisories/8834/
    
     -- 
    
    Sun Cluster Username and Password Disclosure Vulnerability
    Less critical
    http://www.secunia.com/advisories/8833/
    
     -- 
    
    ttForum and ttCMS SQL Injection Vulnerability
    Not critical
    http://www.secunia.com/advisories/8832/
    
    
    ===========================================================================
    
    Secunia recommends that you verify all advisories you receive, by clicking
    the link.
    Secunia NEVER sends attached files with advisories.
    Secunia does not advise people to install third party patches, only use
    those supplied by the vendor.
    
    Contact details:
    Web	: http://www.secunia.com/
    E-mail	: supportat_private
    Tel	: +44 (0) 20 7016 2693
    Fax	: +44 (0) 20 7637 0419
    
    ===========================================================================
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Thu May 29 2003 - 05:30:55 PDT