[ISN] Secunia Weekly Summary

From: InfoSec News (isnat_private)
Date: Thu Jun 05 2003 - 23:04:37 PDT

  • Next message: InfoSec News: "[ISN] Wired Magazine Story to Detail Slammer Web Attack"

    ===========================================================================
    
                        The Secunia Weekly Advisory Summary
                              2003-05-29 - 2003-06-05
    
                             This week : 58 advisories
    
    ===========================================================================
    
        An effective security solution starts with a position of expertise.
    
    
    The following 58 advisories are written by Secunia. 
    Customers instantly receive relevant advisories to their unique system by
    E-mail and textmessage, enabling them to react efficiently.
    
    Security Experts at Secunia constantly search for new vulnerabilities and
    threats.
    
    Vast amounts of advisories, vulnerabilities and security news is gathered
    and assessed daily.
    
    
     - Stay Secure
    
    ===========================================================================
    
    ============
     2003-06-05
    ============
    
    Sun Solaris Sendmail Privilege Escalation
    Less critical
    http://www.secunia.com/advisories/8946/
    
     -- 
    
    Mac OS X LDAP Clear Text User Credentials
    Less critical
    http://www.secunia.com/advisories/8945/
    
     -- 
    
    Sun Solaris syslogd Denial of Service
    Moderately critical
    http://www.secunia.com/advisories/8944/
    
    
    ============
     2003-06-04
    ============
    
    Internet Explorer Object Tag Buffer Overflow Vulnerability
    Highly critical
    http://www.secunia.com/advisories/8943/
    
     -- 
    
    newsPHP Arbitrary Field Insertion Vulnerability
    Less critical
    http://www.secunia.com/advisories/8942/
    
     -- 
    
    JBoss JSP Source Disclosure Vulnerability
    Moderately critical
    http://www.secunia.com/advisories/8941/
    
     -- 
    
    OpenPKG update for Ghostscript
    Less critical
    http://www.secunia.com/advisories/8939/
    
     -- 
    
    Red Hat update for kon2
    Less critical
    http://www.secunia.com/advisories/8938/
    
     -- 
    
    Pablo FTP Server Username and Password Disclosure Vulnerability
    Less critical
    http://www.secunia.com/advisories/8937/
    
    
    ============
     2003-06-03
    ============
    
    Linux Kernel Denial of Service Vulnerabilities
    Moderately critical
    http://www.secunia.com/advisories/8936/
    
     -- 
    
    Sun Solaris "in.telnetd" Denial of Service Vulnerability
    Less critical
    http://www.secunia.com/advisories/8935/
    
     -- 
    
    IRCXpro Server Username and Password Disclosure Vulnerability
    Less critical
    http://www.secunia.com/advisories/8934/
    
     -- 
    
    Saarport SPChat Cross Site Scripting Vulnerability
    Less critical
    http://www.secunia.com/advisories/8933/
    
     -- 
    
    Saarport WebChat Cross Site Scripting Vulnerability
    Less critical
    http://www.secunia.com/advisories/8932/
    
     -- 
    
    Xmame Privilege Escalation Vulnerability
    Not critical
    http://www.secunia.com/advisories/8931/
    
     -- 
    
    Sun Management Center Change Manager Buffer Overflow
    Less critical
    http://www.secunia.com/advisories/8930/
    
     -- 
    
    Crob FTP Server Username Format String Error Vulnerability
    Highly critical
    http://www.secunia.com/advisories/8929/
    
     -- 
    
    mod_gzip Multiple Vulnerabilities
    Moderately critical
    http://www.secunia.com/advisories/8928/
    
     -- 
    
    iisCART2000 Upload Vulnerability
    Highly critical
    http://www.secunia.com/advisories/8927/
    
     -- 
    
    Sun Cobalt update for MySQL
    Less critical
    http://www.secunia.com/advisories/8926/
    
     -- 
    
    Webstores 2000 SQL Injection Vulnerability
    Moderately critical
    http://www.secunia.com/advisories/8925/
    
     -- 
    
    Yahoo! Chat and Messenger Hostname Buffer Overflow Vulnerability
    Moderately critical
    http://www.secunia.com/advisories/8924/
    
     -- 
    
    Gentoo update for uw-imapd
    Less critical
    http://www.secunia.com/advisories/8923/
    
     -- 
    
    Forum Web Server Username and Password Disclosure Vulnerability
    Not critical
    http://www.secunia.com/advisories/8922/
    
     -- 
    
    Personal FTP-Server Username and Password Disclosure Vulnerability
    Not critical
    http://www.secunia.com/advisories/8921/
    
     -- 
    
    Desktop Orbiter Multiple Connection Denial of Service
    Less critical
    http://www.secunia.com/advisories/8920/
    
    
    ============
     2003-06-02
    ============
    
    MAILsweeper for SMTP RTF Attachment Denial of Service
    Moderately critical
    http://www.secunia.com/advisories/8919/
    
     -- 
    
    Gentoo update for maelstrom
    Not critical
    http://www.secunia.com/advisories/8918/
    
     -- 
    
    Meteor FTP User Enumeration Vulnerability
    Less critical
    http://www.secunia.com/advisories/8917/
    
     -- 
    
    Gentoo update for Apache
    Highly critical
    http://www.secunia.com/advisories/8916/
    
     -- 
    
    Activity Monitor 2002 Denial of Service Vulnerability
    Not critical
    http://www.secunia.com/advisories/8915/
    
     -- 
    
    Titan FTP Server Directory Traversal Vulnerability
    Less critical
    http://www.secunia.com/advisories/8914/
    
     -- 
    
    VisNetic FTPServer Directory Traversal Vulnerability
    Less critical
    http://www.secunia.com/advisories/8913/
    
     -- 
    
    Gentoo update for tomcat
    Less critical
    http://www.secunia.com/advisories/8912/
    
     -- 
    
    Mandrake update for apache2
    Highly critical
    http://www.secunia.com/advisories/8911/
    
     -- 
    
    Red Hat update for Ghostscript
    Less critical
    http://www.secunia.com/advisories/8910/
    
     -- 
    
    Baby POP3 Server Multiple Connection Denial of Service
    Moderately critical
    http://www.secunia.com/advisories/8909/
    
     -- 
    
    Vignette Story Server Multiple Vulnerabilities
    Moderately critical
    http://www.secunia.com/advisories/8908/
    
     -- 
    
    Baby ASP Web Server Directory Traversal and Multiple Connection DoS
    Moderately critical
    http://www.secunia.com/advisories/8907/
    
     -- 
    
    ICQ Lite Insecure File Permissions
    Not critical
    http://www.secunia.com/advisories/8906/
    
     -- 
    
    Zeus Admin Server Cross Site Scripting Vulnerability
    Not critical
    http://www.secunia.com/advisories/8905/
    
     -- 
    
    Baby FTP Server Directory Traversal and Multiple Connection DoS
    Moderately critical
    http://www.secunia.com/advisories/8904/
    
     -- 
    
    Quick and Easy FTP Server Multiple Connection DoS
    Moderately critical
    http://www.secunia.com/advisories/8903/
    
    
    ============
     2003-05-30
    ============
    
    P-Synch Total Password Management Solution Multiple Vulnerabilities
    Moderately critical
    http://www.secunia.com/advisories/8902/
    
     -- 
    
    BaSoMail Server Denial of Service
    Moderately critical
    http://www.secunia.com/advisories/8901/
    
     -- 
    
    BNC IRC proxy Denial of Service
    Not critical
    http://www.secunia.com/advisories/8900/
    
     -- 
    
    Batalla Naval Buffer Overflow
    Moderately critical
    http://www.secunia.com/advisories/8899/
    
     -- 
    
    Philboard Admin Access
    Moderately critical
    http://www.secunia.com/advisories/8898/
    
     -- 
    
    D-Link DI-704P Denial of Service
    Less critical
    http://www.secunia.com/advisories/8897/
    
     -- 
    
    Mandrake update for CUPS
    Less critical
    http://www.secunia.com/advisories/8896/
    
     -- 
    
    Geeklog Admin Access and Execution of Arbitrary Code
    Highly critical
    http://www.secunia.com/advisories/8895/
    
     -- 
    
    b2 cafelog Execution of Arbitrary Code
    Highly critical
    http://www.secunia.com/advisories/8894/
    
     -- 
    
    GoldMine Execution of Arbitrary Code
    Highly critical
    http://www.secunia.com/advisories/8893/
    
     -- 
    
    PHP Multiple Issues
    Moderately critical
    http://www.secunia.com/advisories/8892/
    
     -- 
    
    Red Hat update for kernel
    Moderately critical
    http://www.secunia.com/advisories/8891/
    
    
    ============
     2003-05-29
    ============
    
    Son hServer Directory Traversal Vulnerability
    Moderately critical
    http://www.secunia.com/advisories/8890/
    
     -- 
    
    Slackware update for CUPS
    Less critical
    http://www.secunia.com/advisories/8889/
    
     -- 
    
    Remote PC Access Server Denial of Service
    Less critical
    http://www.secunia.com/advisories/8888/
    
    
    ===========================================================================
    
    Secunia recommends that you verify all advisories you receive, by clicking
    the link.
    Secunia NEVER sends attached files with advisories.
    Secunia does not advise people to install third party patches, only use
    those supplied by the vendor.
    
    Contact details:
    Web	: http://www.secunia.com/
    E-mail	: supportat_private
    Tel	: +44 (0) 20 7016 2693
    Fax	: +44 (0) 20 7637 0419
    
    ===========================================================================
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Fri Jun 06 2003 - 01:06:25 PDT