[ISN] Secunia Weekly Summary

From: InfoSec News (isn@private)
Date: Thu Nov 06 2003 - 22:55:45 PST

  • Next message: InfoSec News: "[ISN] Attempted attack on Linux kernel foiled"

    ===========================================================================
    
                        The Secunia Weekly Advisory Summary
                              2003-10-30 - 2003-11-06
    
                             This week : 45 advisories
    
    ===========================================================================
    
    Receive Filtered Vulnerability Information
    
    - Receive all relevant vulnerability information
    - Unlimited number of filters
    - Text message alerts on critical advisories requesting your
      immediate attention
    - Always access to your configuration via our easy-to-use web
      interface
    - Hotline to Secunia Experts for questions regarding vulnerabilities
    - Access to vulnerability scan of 5 random IP addresses a week
    
    Try our Vulnerability Tracking Service:
    http://www.secunia.com/free_trial/
    
    
    Secunia - Stay Secure
    
    ===========================================================================
    
    ============
     2003-11-06
    ============
    
    EnGarde update for Apache
    SA10154 - Less critical
    http://www.secunia.com/advisories/10154/
    
     -- 
    
    Conectiva update for Apache
    SA10153 - Less critical
    http://www.secunia.com/advisories/10153/
    
     -- 
    
    Conectiva update for Bugzilla
    SA10152 - Moderately critical
    http://www.secunia.com/advisories/10152/
    
    
    ============
     2003-11-05
    ============
    
    Bugzilla Multiple Vulnerabilities
    SA10149 - Moderately critical
    http://www.secunia.com/advisories/10149/
    
     -- 
    
    MAILsweeper Malformed Zip Archieve Virus Detection Bypass
    SA10148 - Moderately critical
    http://www.secunia.com/advisories/10148/
    
     -- 
    
    OpenBSD Malformed Binary Execution Denial of Service Vulnerability
    SA10147 - Not critical
    http://www.secunia.com/advisories/10147/
    
     -- 
    
    SHOUTcast Server "icy-name" and "icy-url" Buffer Overflow Vulnerability
    SA10146 - Moderately critical
    http://www.secunia.com/advisories/10146/
    
     -- 
    
    OpenLinux update for ucd-snmp
    SA10145 - Less critical
    http://www.secunia.com/advisories/10145/
    
     -- 
    
    NIPrint Buffer Overflow Vulnerability
    SA10143 - Moderately critical
    http://www.secunia.com/advisories/10143/
    
     -- 
    
    Hitachi S/MIME Implementation Denial of Service Vulnerability
    SA10142 - Less critical
    http://www.secunia.com/advisories/10142/
    
     -- 
    
    Sun Java Insecure Installation Process Vulnerability
    SA10141 - Less critical
    http://www.secunia.com/advisories/10141/
    
     -- 
    
    EnGarde update for OpenSSL
    SA10140 - Not critical
    http://www.secunia.com/advisories/10140/
    
     -- 
    
    Slackware update for Apache
    SA10139 - Less critical
    http://www.secunia.com/advisories/10139/
    
     -- 
    
    Tritanium Bulletin Board Unauthorised Access to Threads
    SA10135 - Less critical
    http://www.secunia.com/advisories/10135/
    
     -- 
    
    MLdonkey Admin Access and Cross Site Scripting Vulnerability
    SA10134 - Not critical
    http://www.secunia.com/advisories/10134/
    
    
    ============
     2003-11-04
    ============
    
    OpenAutoClassifieds "listing" Parameter Cross-Site Scripting Vulnerability
    SA10138 - Less critical
    http://www.secunia.com/advisories/10138/
    
     -- 
    
    Web Wiz Forums Unauthorised Message Access Vulnerability
    SA10137 - Less critical
    http://www.secunia.com/advisories/10137/
    
     -- 
    
    LiteServe Log Entry Buffer Overflow Vulnerability
    SA10136 - Moderately critical
    http://www.secunia.com/advisories/10136/
    
     -- 
    
    OpenSSL ASN.1 Parsing Denial of Service Vulnerability
    SA10133 - Moderately critical
    http://www.secunia.com/advisories/10133/
    
     -- 
    
    FlexWATCH Network Video Server User Authentication Bypass Vulnerability
    SA10132 - Moderately critical
    http://www.secunia.com/advisories/10132/
    
     -- 
    
    Plug and Play Web Server Proxy Service Denial of Service Vulnerability
    SA10131 - Moderately critical
    http://www.secunia.com/advisories/10131/
    
     -- 
    
    Oracle9i Application Server Portal Component SQL Injection Vulnerability
    SA10130 - Moderately critical
    http://www.secunia.com/advisories/10130/
    
     -- 
    
    Mandrake update for Apache
    SA10129 - Less critical
    http://www.secunia.com/advisories/10129/
    
     -- 
    
    Mandrake update for postgresql
    SA10128 - Less critical
    http://www.secunia.com/advisories/10128/
    
    
    ============
     2003-11-03
    ============
    
    Citrix MetaFrame XP Error Page Cross-Site Scripting Vulnerability
    SA10127 - Less critical
    http://www.secunia.com/advisories/10127/
    
     -- 
    
    Red Hat update for fileutils/coreutils
    SA10126 - Less critical
    http://www.secunia.com/advisories/10126/
    
     -- 
    
    Red Hat update for CUPS
    SA10124 - Less critical
    http://www.secunia.com/advisories/10124/
    
     -- 
    
    CUPS Unspecified Denial of Service Vulnerability
    SA10123 - Less critical
    http://www.secunia.com/advisories/10123/
    
     -- 
    
    MPM Guestbook "lng" Parameter Cross-Site Scripting Vulnerability
    SA10122 - Less critical
    http://www.secunia.com/advisories/10122/
    
     -- 
    
    Immunix update for fileutils
    SA10121 - Less critical
    http://www.secunia.com/advisories/10121/
    
     -- 
    
    ThWboard Multiple SQL Injection and Cross-Site Scripting Vulnerabilities
    SA10120 - Moderately critical
    http://www.secunia.com/advisories/10120/
    
     -- 
    
    Ethereal Protocol Dissector Buffer Overflow Vulnerabilities
    SA10119 - Moderately critical
    http://www.secunia.com/advisories/10119/
    
     -- 
    
    SnapGear Release Candidate Fixes Multiple Vulnerabilities
    SA10117 - Highly critical
    http://www.secunia.com/advisories/10117/
    
     -- 
    
    e107 Page Denial of Service Vulnerability
    SA10115 - Less critical
    http://www.secunia.com/advisories/10115/
    
     -- 
    
    dbmail "From:" Address Arbitrary Command Insertion Vulnerability
    SA10111 - Moderately critical
    http://www.secunia.com/advisories/10111/
    
     -- 
    
    PHPRecipeBook Cross-Site Scripting Vulnerability
    SA10109 - Less critical
    http://www.secunia.com/advisories/10109/
    
     -- 
    
    IA WebMail Server GET Request Buffer Overflow Vulnerability
    SA10107 - Highly critical
    http://www.secunia.com/advisories/10107/
    
    
    ============
     2003-10-31
    ============
    
    SuSE update for thttpd
    SA10116 - Highly critical
    http://www.secunia.com/advisories/10116/
    
     -- 
    
    Gentoo update for apache2
    SA10114 - Less critical
    http://www.secunia.com/advisories/10114/
    
     -- 
    
    LedForums Cross-Site Scripting Vulnerabilities
    SA10113 - Less critical
    http://www.secunia.com/advisories/10113/
    
     -- 
    
    OpenBSD update for httpd
    SA10112 - Less critical
    http://www.secunia.com/advisories/10112/
    
    
    ============
     2003-10-30
    ============
    
    Booby Error Message Cross-Site Scripting Vulnerability
    SA10110 - Less critical
    http://www.secunia.com/advisories/10110/
    
     -- 
    
    OpenPKG update for postgresql
    SA10108 - Less critical
    http://www.secunia.com/advisories/10108/
    
     -- 
    
    BEA Tuxedo and WebLogic Enterprise Administration Console Vulnerability
    SA10106 - Less critical
    http://www.secunia.com/advisories/10106/
    
     -- 
    
    KPopup Privilege Escalation Vulnerability
    SA10105 - Less critical
    http://www.secunia.com/advisories/10105/
    
    
    ===========================================================================
    
    Secunia recommends that you verify all advisories you receive, by clicking
    the link.
    Secunia NEVER sends attached files with advisories.
    Secunia does not advise people to install third party patches, only use
    those supplied by the vendor.
    
    Contact details:
    Web	: http://www.secunia.com/
    E-mail	: support@private
    Tel	: +44 (0) 20 7016 2693
    Fax	: +44 (0) 20 7637 0419
    
    ===========================================================================
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomo@private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Fri Nov 07 2003 - 02:37:19 PST