===========================================================================
The Secunia Weekly Advisory Summary
2003-10-23 - 2003-10-30
This week : 38 advisories
===========================================================================
Several new vulnerabilities have been identified in Apple Mac OS X,
spanning from local DoS (Denial of Service) to privilege escalation
vulnerabilities.
Apple Mac OS X version 10.3 corrects 13 vulnerabilities. An additional
security update issued on 28th October corrects an unspecified
vulnerability in Quicktime Java, which can be exploited to gain system
access.
More information about these new Apple Mac OS X vulnerabilities can be
found at:
SA10086:
http://secunia.com/advisories/10086/
SA10087:
http://secunia.com/advisories/10087/
SA10089:
http://secunia.com/advisories/10089/
Secunia - Stay Secure
===========================================================================
============
2003-10-30
============
Conectiva update for libnids
SA10103 - Moderately critical
http://www.secunia.com/advisories/10103/
--
Immunix update for Apache
SA10102 - Less critical
http://www.secunia.com/advisories/10102/
============
2003-10-29
============
Fastream NetFile FTP/WebServer Cross-Site Scripting Vulnerability
SA10099 - Less critical
http://www.secunia.com/advisories/10099/
--
OpenPKG update for Apache
SA10098 - Less critical
http://www.secunia.com/advisories/10098/
--
Apache Vulnerabilities in Various Modules
SA10096 - Less critical
http://www.secunia.com/advisories/10096/
--
SGI IRIX NFS Unauthorised Resource Access Vulnerability
SA10095 - Moderately critical
http://www.secunia.com/advisories/10095/
--
Sun Solaris NFS Client Request Denial of Service Vulnerability
SA10094 - Less critical
http://www.secunia.com/advisories/10094/
--
Debian update for thttpd
SA10093 - Highly critical
http://www.secunia.com/advisories/10093/
--
thttpd "defang()" Buffer Overflow Vulnerability
SA10092 - Highly critical
http://www.secunia.com/advisories/10092/
--
VMware ESX and GSX update for OpenSSL
SA10091 - Highly critical
http://www.secunia.com/advisories/10091/
--
Mac OS X Screen Lock Bypass Vulnerability
SA10089 - Less critical
http://www.secunia.com/advisories/10089/
--
Oracle Collaboration Suite May Expose Restricted Files
SA10088 - Less critical
http://www.secunia.com/advisories/10088/
--
Mac OS X Unspecified Quicktime Java System Compromise
SA10087 - Moderately critical
http://www.secunia.com/advisories/10087/
--
Mac OS X Updated Version Addresses Thirteen Vulnerabilities
SA10086 - Moderately critical
http://www.secunia.com/advisories/10086/
--
mod_security Server Output Buffer Overflow
SA10085 - Less critical
http://www.secunia.com/advisories/10085/
--
FirstClass "/Search" Exposes Web Root Contents
SA10084 - Less critical
http://www.secunia.com/advisories/10084/
--
Nokia IPSO Cluster Unspecified Denial of Service Vulnerability
SA10083 - Moderately critical
http://www.secunia.com/advisories/10083/
--
byteHoard "files.inc.php" Directory Traversal Vulnerability
SA10082 - Less critical
http://www.secunia.com/advisories/10082/
============
2003-10-28
============
sh-httpd Directory Traversal Vulnerability
SA10081 - Moderately critical
http://www.secunia.com/advisories/10081/
--
Chi Kien Uong Guestbook Cross Site Scripting Vulnerability
SA10080 - Less critical
http://www.secunia.com/advisories/10080/
--
Les Visiteurs Arbitrary File Inclusion Vulnerability
SA10079 - Highly critical
http://www.secunia.com/advisories/10079/
--
WebTide Directory Content Disclosure Vulnerability
SA10078 - Not critical
http://www.secunia.com/advisories/10078/
--
WU-FTPD S/KEY Authentication Buffer Overflow Vulnerability
SA10077 - Highly critical
http://www.secunia.com/advisories/10077/
--
Libnids TCP Reassembly Buffer Overflow Vulnerability
SA10076 - Moderately critical
http://www.secunia.com/advisories/10076/
--
Yahoo! Messenger File Transfer Denial of Service Vulnerability
SA10075 - Not critical
http://www.secunia.com/advisories/10075/
--
Slackware update for gdm
SA10074 - Not critical
http://www.secunia.com/advisories/10074/
--
Slackware update for fetchmail
SA10073 - Less critical
http://www.secunia.com/advisories/10073/
--
Norton Internet Security Blocked Site Cross-Site Scripting Vulnerability
SA10067 - Less critical
http://www.secunia.com/advisories/10067/
============
2003-10-27
============
Mandrake update for apache2
SA10072 - Not critical
http://www.secunia.com/advisories/10072/
--
SiteKiosk Base URL Restriction Bypass
SA10071 - Less critical
http://www.secunia.com/advisories/10071/
--
HP Tru64 dtprintinfo Unspecified Vulnerability
SA10070 - Moderately critical
http://www.secunia.com/advisories/10070/
--
Conectiva update for anonftp
SA10069 - Less critical
http://www.secunia.com/advisories/10069/
--
Advanced Poll Execution of Arbitrary Code
SA10068 - Highly critical
http://www.secunia.com/advisories/10068/
--
Microsoft HTML Help Control Privilege Escalation Vulnerability
SA10066 - Less critical
http://www.secunia.com/advisories/10066/
============
2003-10-24
============
CensorNet "DENIEDURL" Cross-Site Scripting Vulnerability
SA10065 - Less critical
http://www.secunia.com/advisories/10065/
--
Apache Cocoon Directory Traversal Vulnerability
SA10064 - Less critical
http://www.secunia.com/advisories/10064/
--
Sun Solstice X.25 Denial of Service and System Compromise
SA10063 - Moderately critical
http://www.secunia.com/advisories/10063/
--
Insight Manager Unspecified Vulnerability in Web Agent
SA10062 - Moderately critical
http://www.secunia.com/advisories/10062/
===========================================================================
Secunia recommends that you verify all advisories you receive, by clicking
the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only use
those supplied by the vendor.
Contact details:
Web : http://www.secunia.com/
E-mail : support@private
Tel : +44 (0) 20 7016 2693
Fax : +44 (0) 20 7637 0419
===========================================================================
-
ISN is currently hosted by Attrition.org
To unsubscribe email majordomo@private with 'unsubscribe isn'
in the BODY of the mail.
This archive was generated by hypermail 2b30 : Fri Oct 31 2003 - 04:37:21 PST