[ISN] Secunia Weekly Summary

From: InfoSec News (isnat_private)
Date: Fri Aug 22 2003 - 01:38:33 PDT

  • Next message: InfoSec News: "[ISN] HiverCon 2003 Corporate Security Conference Final Speaker Announcement"

    ===========================================================================
    
                        The Secunia Weekly Advisory Summary
                              2003-08-14 - 2003-08-21
    
                             This week : 51 advisories
    
    ===========================================================================
    
    Are you confident that your environment is secure?
    
    Really Secure?
    
    or have you missed one patch!
    
    Spend 2 minutes and get your security level documented via The Secunia
    Vulnerability Scanner.
    
    https://testzone.secunia.com/online_vulnerability_scanner/
    
    ===========================================================================
    
    ============
     2003-08-20
    ============
    
    Updated - Special Alert: Microsoft Internet Explorer Multiple
    Vulnerabilities
    Extremely critical
    http://www.secunia.com/advisories/9580/
    
     -- 
    
    Microsoft MDAC Buffer Overflow
    Moderately critical
    http://www.secunia.com/advisories/9579/
    
     -- 
    
    Cerberus FTP Server Denial of Service Vulnerability
    Less critical
    http://www.secunia.com/advisories/9575/
    
     -- 
    
    Allenchow POP3 Checker Weak Password Encryption
    Less critical
    http://www.secunia.com/advisories/9574/
    
     -- 
    
    Starfish Family Mail Stores Account Information in Clear Text
    Less critical
    http://www.secunia.com/advisories/9573/
    
     -- 
    
    vHost POP3 Denial of Service Vulnerability
    Moderately critical
    http://www.secunia.com/advisories/9572/
    
     -- 
    
    HP update for Internet Express
    Highly critical
    http://www.secunia.com/advisories/9570/
    
     -- 
    
    Oracle 9i XML Database Buffer Overflow
    Moderately critical
    http://www.secunia.com/advisories/9569/
    
     -- 
    
    Mandrake update for eroaster
    Less critical
    http://www.secunia.com/advisories/9568/
    
    
    ============
     2003-08-19
    ============
    
    phpBB Cross Site Scripting Vulnerability
    Less critical
    http://www.secunia.com/advisories/9567/
    
     -- 
    
    WebFtp Stores Account Information in Clear Text
    Less critical
    http://www.secunia.com/advisories/9566/
    
     -- 
    
    MySQL Win32 Exposes Admin Password
    Less critical
    http://www.secunia.com/advisories/9565/
    
     -- 
    
    MatrikzGB Exposure of Passwords
    Moderately critical
    http://www.secunia.com/advisories/9564/
    
     -- 
    
    phpSecureSite SQL Injection Vulnerability
    Moderately critical
    http://www.secunia.com/advisories/9563/
    
     -- 
    
    Conectiva update for OpenSLP
    Less critical
    http://www.secunia.com/advisories/9562/
    
     -- 
    
    Sun Linux update for Mozilla/Galeon
    Moderately critical
    http://www.secunia.com/advisories/9561/
    
     -- 
    
    Sun Linux update for OpenSSH
    Less critical
    http://www.secunia.com/advisories/9560/
    
     -- 
    
    OpenSLP Insecure Temporary File Handling Vulnerability
    Less critical
    http://www.secunia.com/advisories/9559/
    
     -- 
    
    Sun Linux update for stunnel
    Moderately critical
    http://www.secunia.com/advisories/9558/
    
     -- 
    
    Sun Linux update for VNC
    Moderately critical
    http://www.secunia.com/advisories/9557/
    
     -- 
    
    Sun Linux update for wu-ftpd
    Highly critical
    http://www.secunia.com/advisories/9556/
    
     -- 
    
    msmtp Authentication Information Disclosure Vulnerability
    Less critical
    http://www.secunia.com/advisories/9555/
    
     -- 
    
    eMule Multiple Vulnerabilities
    Moderately critical
    http://www.secunia.com/advisories/9553/
    
    
    ============
     2003-08-18
    ============
    
    AttilaPHP Cross-Site Scripting and Path Disclosure
    Less critical
    http://www.secunia.com/advisories/9554/
    
     -- 
    
    WebiToome Stores Account Information in Clear Text
    Less critical
    http://www.secunia.com/advisories/9552/
    
     -- 
    
    Debian autorespond Buffer Overflow Vulnerability
    Moderately critical
    http://www.secunia.com/advisories/9551/
    
     -- 
    
    Magic Winmail Server Stores Account Information in Clear Text
    Less critical
    http://www.secunia.com/advisories/9550/
    
     -- 
    
    CPOP Stores Account Information in Clear Text
    Less critical
    http://www.secunia.com/advisories/9549/
    
     -- 
    
    Poster version.two Access to Setup
    Moderately critical
    http://www.secunia.com/advisories/9548/
    
     -- 
    
    Netware XNFS Denial of Service Vulnerability
    Less critical
    http://www.secunia.com/advisories/9547/
    
     -- 
    
    Open UNIX / Unixware update for metamail
    Highly critical
    http://www.secunia.com/advisories/9546/
    
     -- 
    
    Sun Linux Python Insecure Temporary Files
    Less critical
    http://www.secunia.com/advisories/9545/
    
     -- 
    
    PHPki Insecure Temporary File Creation Vulnerability
    Less critical
    http://www.secunia.com/advisories/9544/
    
     -- 
    
    Debian update for netris
    Moderately critical
    http://www.secunia.com/advisories/9543/
    
     -- 
    
    Dropbear SSH Server Username Format String Vulnerability
    Highly critical
    http://www.secunia.com/advisories/9542/
    
     -- 
    
    Ecartis Multiple Vulnerabilities
    Highly critical
    http://www.secunia.com/advisories/9539/
    
     -- 
    
    Horde Exposure of Session ID
    Less critical
    http://www.secunia.com/advisories/9530/
    
    
    ============
     2003-08-15
    ============
    
    Sun ONE Web Server Unspecified Denial of Service
    Moderately critical
    http://www.secunia.com/advisories/9541/
    
     -- 
    
    RSA ACE/Agent and URLScan Enumeration of Blocked File Extensions
    Not critical
    http://www.secunia.com/advisories/9540/
    
     -- 
    
    HP-UX DCE Denial of Service Vulnerability
    Less critical
    http://www.secunia.com/advisories/9538/
    
     -- 
    
    Gentoo update for Semi
    Less critical
    http://www.secunia.com/advisories/9537/
    
     -- 
    
    IRIX Checkpoint/Restart System Privilege Escalation Vulnerability
    Less critical
    http://www.secunia.com/advisories/9536/
    
     -- 
    
    Mac OS X "fb_realpath()" Buffer Overflow Vulnerability
    Highly critical
    http://www.secunia.com/advisories/9535/
    
    
    ============
     2003-08-14
    ============
    
    Microsoft MCIWNDX.OCX ActiveX Plugin Buffer Overflow
    Highly critical
    http://www.secunia.com/advisories/9534/
    
     -- 
    
    Gentoo update for gentoo-sources
    Moderately critical
    http://www.secunia.com/advisories/9533/
    
     -- 
    
    Inframail Stores Passwords in Clear Text
    Less critical
    http://www.secunia.com/advisories/9532/
    
     -- 
    
    WorkgroupMail Stores Passwords in Clear Text
    Less critical
    http://www.secunia.com/advisories/9531/
    
     -- 
    
    ChitChat.NET Cross-Site Scripting Vulnerability
    Less critical
    http://www.secunia.com/advisories/9529/
    
     -- 
    
    Xoops Cross Site Scripting
    Less critical
    http://www.secunia.com/advisories/9528/
    
     -- 
    
    Small ftpd Stores Passwords in Clear Text
    Less critical
    http://www.secunia.com/advisories/9527/
    
     -- 
    
    WWW File Share Pro Stores Password in Clear Text
    Less critical
    http://www.secunia.com/advisories/9526/
    
    
    ===========================================================================
    
    Secunia recommends that you verify all advisories you receive, by
    clicking the link. Secunia NEVER sends attached files with advisories.
    Secunia does not advise people to install third party patches, only
    use those supplied by the vendor.
    
    Contact details:
    Web	: http://www.secunia.com/
    E-mail	: supportat_private
    Tel	: +44 (0) 20 7016 2693
    Fax	: +44 (0) 20 7637 0419
    
    ===========================================================================
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Fri Aug 22 2003 - 05:08:45 PDT