[ISN] Secunia Weekly Summary

From: InfoSec News (isn@private)
Date: Fri Oct 17 2003 - 00:17:46 PDT

  • Next message: InfoSec News: "[ISN] REVIEW: "Secure Coding", Mark G. Graff/Kenneth R. van Wyk"

    ===========================================================================
    
                        The Secunia Weekly Advisory Summary
                              2003-10-09 - 2003-10-16
    
                             This week : 36 advisories
    
    ===========================================================================
    
    7 New Microsoft Security Bulletins
    
    Microsoft has released no less than 7 security bulletins for their
    products.
    
    Make sure that your system gets the appropriate patches installed! Read
    more about the vulnerabilities and patches in the following Secunia
    Advisories:
    
    SA10010
    http://secunia.com/SA10010/
    
    SA10011
    http://secunia.com/SA10011/
    
    SA10012
    http://secunia.com/SA10012/
    
    SA10013
    http://secunia.com/SA10013/
    
    SA10014
    http://secunia.com/SA10014/
    
    SA10015
    http://secunia.com/SA10015/
    
    SA10016
    http://secunia.com/SA10016/
    
    
    Secunia - Stay Secure
    
    ===========================================================================
    
    ============
     2003-10-16
    ============
    
    IRCnet IRCD Buffer Overflow Vulnerability
    SA9999 - Not critical
    http://www.secunia.com/advisories/9999/
    
    
    ============
     2003-10-15
    ============
    
    Microsoft Exchange Cross-Site Scripting Vulnerability in Outlook Web
    Access
    SA10016 - Less critical
    http://www.secunia.com/advisories/10016/
    
     -- 
    
    Microsoft Exchange SMTP Extended Request Buffer Overflow
    SA10015 - Highly critical
    http://www.secunia.com/advisories/10015/
    
     -- 
    
    Microsoft Windows Buffer Overflow in ListBox and ComboBox Control
    SA10014 - Less critical
    http://www.secunia.com/advisories/10014/
    
     -- 
    
    Microsoft Windows HCP protocol Buffer Overflow
    SA10013 - Highly critical
    http://www.secunia.com/advisories/10013/
    
     -- 
    
    Microsoft Windows Buffer Overflow in Messenger Service
    SA10012 - Highly critical
    http://www.secunia.com/advisories/10012/
    
     -- 
    
    Microsoft Windows 2000 Buffer Overflow in Windows Troubleshooter ActiveX
    Control
    SA10011 - Highly critical
    http://www.secunia.com/advisories/10011/
    
     -- 
    
    Microsoft Windows May Allow Installation of Arbitrary ActiveX Controls
    SA10010 - Highly critical
    http://www.secunia.com/advisories/10010/
    
     -- 
    
    Debian update for tomcat4
    SA10009 - Moderately critical
    http://www.secunia.com/advisories/10009/
    
     -- 
    
    Red Hat Stronghold mod_ssl update
    SA10008 - Less critical
    http://www.secunia.com/advisories/10008/
    
     -- 
    
    Sun Solaris namefs Mounted Pipe and STREAMS Routines Denial of Service
    SA10007 - Not critical
    http://www.secunia.com/advisories/10007/
    
     -- 
    
    Sun Solaris sysinfo Kernel Memory Disclosure Vulnerability
    SA10006 - Less critical
    http://www.secunia.com/advisories/10006/
    
     -- 
    
    HP-UX BINDv920 OpenSSL Vulnerabilities
    SA10005 - Highly critical
    http://www.secunia.com/advisories/10005/
    
     -- 
    
    WinSyslog Long Syslog Message Denial of Service
    SA10004 - Less critical
    http://www.secunia.com/advisories/10004/
    
     -- 
    
    Zoom Search Engine Cross Site Scripting Vulnerability
    SA10002 - Less critical
    http://www.secunia.com/advisories/10002/
    
     -- 
    
    dbmail IMAP Service SQL Injection Vulnerability
    SA10001 - Moderately critical
    http://www.secunia.com/advisories/10001/
    
    
    ============
     2003-10-14
    ============
    
    mIRC IRC URI Handler Buffer Overflow Vulnerability
    SA9996 - Moderately critical
    http://www.secunia.com/advisories/9996/
    
     -- 
    
    Novell update for OpenSSH
    SA9995 - Highly critical
    http://www.secunia.com/advisories/9995/
    
    
    ============
     2003-10-13
    ============
    
    mIRC Unspecified DCC Request Vulnerability
    SA10000 - Less critical
    http://www.secunia.com/advisories/10000/
    
     -- 
    
    Gallery Arbitrary File Inclusion Vulnerability
    SA9998 - Moderately critical
    http://www.secunia.com/advisories/9998/
    
     -- 
    
    TRACKtheCLICK Cross Site Scripting Vulnerability
    SA9997 - Less critical
    http://www.secunia.com/advisories/9997/
    
     -- 
    
    PHP-Nuke SQL Injection Vulnerability
    SA9994 - Moderately critical
    http://www.secunia.com/advisories/9994/
    
     -- 
    
    HP Tru64 Unix dtmailpr Unspecified Vulnerability
    SA9990 - Moderately critical
    http://www.secunia.com/advisories/9990/
    
    
    ============
     2003-10-11
    ============
    
    Debian update for OpenSSL095
    SA9993 - Moderately critical
    http://www.secunia.com/advisories/9993/
    
     -- 
    
    PeopleTools Information Disclosure and Denial of Service
    SA9992 - Less critical
    http://www.secunia.com/advisories/9992/
    
     -- 
    
    Windows Message Queuing Service Heap Overflow Vulnerability
    SA9991 - Moderately critical
    http://www.secunia.com/advisories/9991/
    
    
    ============
     2003-10-10
    ============
    
    Windows Server 2003 "Shell Folders" Directory Traversal
    SA9989 - Not critical
    http://www.secunia.com/advisories/9989/
    
     -- 
    
    NetBSD update for XFree86
    SA9988 - Less critical
    http://www.secunia.com/advisories/9988/
    
     -- 
    
    NetBSD update for Sendmail
    SA9987 - Highly critical
    http://www.secunia.com/advisories/9987/
    
     -- 
    
    NetBSD update for OpenSSL
    SA9986 - Highly critical
    http://www.secunia.com/advisories/9986/
    
     -- 
    
    CyberDOCS Multiple Vulnerabilities
    SA9985 - Moderately critical
    http://www.secunia.com/advisories/9985/
    
     -- 
    
    Mandrake update for SANE
    SA9984 - Less critical
    http://www.secunia.com/advisories/9984/
    
    
    ============
     2003-10-09
    ============
    
    PayPal Cart Arbitrary File Inclusion Vulnerability
    SA9983 - Highly critical
    http://www.secunia.com/advisories/9983/
    
     -- 
    
    EnGarde update for OpenSSL
    SA9982 - Moderately critical
    http://www.secunia.com/advisories/9982/
    
     -- 
    
    Red Hat update for MySQL
    SA9981 - Not critical
    http://www.secunia.com/advisories/9981/
    
     -- 
    
    OpenOffice UNO Denial of Service Vulnerability
    SA9980 - Not critical
    http://www.secunia.com/advisories/9980/
    
    
    ===========================================================================
    
    Secunia recommends that you verify all advisories you receive, by clicking
    the link.
    Secunia NEVER sends attached files with advisories.
    Secunia does not advise people to install third party patches, only use
    those supplied by the vendor.
    
    Contact details:
    Web	: http://www.secunia.com/
    E-mail	: support@private
    Tel	: +44 (0) 20 7016 2693
    Fax	: +44 (0) 20 7637 0419
    
    ===========================================================================
    
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomo@private with 'unsubscribe isn'
    in the BODY of the mail.
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomo@private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Fri Oct 17 2003 - 11:09:28 PDT