=========================================================================== The Secunia Weekly Advisory Summary 2003-10-09 - 2003-10-16 This week : 36 advisories =========================================================================== 7 New Microsoft Security Bulletins Microsoft has released no less than 7 security bulletins for their products. Make sure that your system gets the appropriate patches installed! Read more about the vulnerabilities and patches in the following Secunia Advisories: SA10010 http://secunia.com/SA10010/ SA10011 http://secunia.com/SA10011/ SA10012 http://secunia.com/SA10012/ SA10013 http://secunia.com/SA10013/ SA10014 http://secunia.com/SA10014/ SA10015 http://secunia.com/SA10015/ SA10016 http://secunia.com/SA10016/ Secunia - Stay Secure =========================================================================== ============ 2003-10-16 ============ IRCnet IRCD Buffer Overflow Vulnerability SA9999 - Not critical http://www.secunia.com/advisories/9999/ ============ 2003-10-15 ============ Microsoft Exchange Cross-Site Scripting Vulnerability in Outlook Web Access SA10016 - Less critical http://www.secunia.com/advisories/10016/ -- Microsoft Exchange SMTP Extended Request Buffer Overflow SA10015 - Highly critical http://www.secunia.com/advisories/10015/ -- Microsoft Windows Buffer Overflow in ListBox and ComboBox Control SA10014 - Less critical http://www.secunia.com/advisories/10014/ -- Microsoft Windows HCP protocol Buffer Overflow SA10013 - Highly critical http://www.secunia.com/advisories/10013/ -- Microsoft Windows Buffer Overflow in Messenger Service SA10012 - Highly critical http://www.secunia.com/advisories/10012/ -- Microsoft Windows 2000 Buffer Overflow in Windows Troubleshooter ActiveX Control SA10011 - Highly critical http://www.secunia.com/advisories/10011/ -- Microsoft Windows May Allow Installation of Arbitrary ActiveX Controls SA10010 - Highly critical http://www.secunia.com/advisories/10010/ -- Debian update for tomcat4 SA10009 - Moderately critical http://www.secunia.com/advisories/10009/ -- Red Hat Stronghold mod_ssl update SA10008 - Less critical http://www.secunia.com/advisories/10008/ -- Sun Solaris namefs Mounted Pipe and STREAMS Routines Denial of Service SA10007 - Not critical http://www.secunia.com/advisories/10007/ -- Sun Solaris sysinfo Kernel Memory Disclosure Vulnerability SA10006 - Less critical http://www.secunia.com/advisories/10006/ -- HP-UX BINDv920 OpenSSL Vulnerabilities SA10005 - Highly critical http://www.secunia.com/advisories/10005/ -- WinSyslog Long Syslog Message Denial of Service SA10004 - Less critical http://www.secunia.com/advisories/10004/ -- Zoom Search Engine Cross Site Scripting Vulnerability SA10002 - Less critical http://www.secunia.com/advisories/10002/ -- dbmail IMAP Service SQL Injection Vulnerability SA10001 - Moderately critical http://www.secunia.com/advisories/10001/ ============ 2003-10-14 ============ mIRC IRC URI Handler Buffer Overflow Vulnerability SA9996 - Moderately critical http://www.secunia.com/advisories/9996/ -- Novell update for OpenSSH SA9995 - Highly critical http://www.secunia.com/advisories/9995/ ============ 2003-10-13 ============ mIRC Unspecified DCC Request Vulnerability SA10000 - Less critical http://www.secunia.com/advisories/10000/ -- Gallery Arbitrary File Inclusion Vulnerability SA9998 - Moderately critical http://www.secunia.com/advisories/9998/ -- TRACKtheCLICK Cross Site Scripting Vulnerability SA9997 - Less critical http://www.secunia.com/advisories/9997/ -- PHP-Nuke SQL Injection Vulnerability SA9994 - Moderately critical http://www.secunia.com/advisories/9994/ -- HP Tru64 Unix dtmailpr Unspecified Vulnerability SA9990 - Moderately critical http://www.secunia.com/advisories/9990/ ============ 2003-10-11 ============ Debian update for OpenSSL095 SA9993 - Moderately critical http://www.secunia.com/advisories/9993/ -- PeopleTools Information Disclosure and Denial of Service SA9992 - Less critical http://www.secunia.com/advisories/9992/ -- Windows Message Queuing Service Heap Overflow Vulnerability SA9991 - Moderately critical http://www.secunia.com/advisories/9991/ ============ 2003-10-10 ============ Windows Server 2003 "Shell Folders" Directory Traversal SA9989 - Not critical http://www.secunia.com/advisories/9989/ -- NetBSD update for XFree86 SA9988 - Less critical http://www.secunia.com/advisories/9988/ -- NetBSD update for Sendmail SA9987 - Highly critical http://www.secunia.com/advisories/9987/ -- NetBSD update for OpenSSL SA9986 - Highly critical http://www.secunia.com/advisories/9986/ -- CyberDOCS Multiple Vulnerabilities SA9985 - Moderately critical http://www.secunia.com/advisories/9985/ -- Mandrake update for SANE SA9984 - Less critical http://www.secunia.com/advisories/9984/ ============ 2003-10-09 ============ PayPal Cart Arbitrary File Inclusion Vulnerability SA9983 - Highly critical http://www.secunia.com/advisories/9983/ -- EnGarde update for OpenSSL SA9982 - Moderately critical http://www.secunia.com/advisories/9982/ -- Red Hat update for MySQL SA9981 - Not critical http://www.secunia.com/advisories/9981/ -- OpenOffice UNO Denial of Service Vulnerability SA9980 - Not critical http://www.secunia.com/advisories/9980/ =========================================================================== Secunia recommends that you verify all advisories you receive, by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. Contact details: Web : http://www.secunia.com/ E-mail : support@private Tel : +44 (0) 20 7016 2693 Fax : +44 (0) 20 7637 0419 =========================================================================== - ISN is currently hosted by Attrition.org To unsubscribe email majordomo@private with 'unsubscribe isn' in the BODY of the mail. - ISN is currently hosted by Attrition.org To unsubscribe email majordomo@private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Fri Oct 17 2003 - 11:09:28 PDT