[ISN] Secunia Weekly Summary - Issue: 2003-49

From: InfoSec News (isn@private)
Date: Fri Dec 05 2003 - 01:06:32 PST

  • Next message: InfoSec News: "[ISN] eBay 'hacker' challenges PC ban"

    ========================================================================
    
                      The Secunia Weekly Advisory Summary                  
                            2003-11-27 - 2003-12-04                        
    
                           This week : 47 advisories                       
    
    ========================================================================
    Table of Contents:
    
    1.....................................................Word From Secunia
    2....................................................This Week In Brief
    3...............................This Weeks Top Ten Most Read Advisories
    4.......................................Vulnerabilities Summary Listing
    5.......................................Vulnerabilities Content Listing
    
    ========================================================================
    1) Word From Secunia:
    
    Secunia Advisory IDs
    
    Every advisory issued by Secunia has an unique identifier: the Secunia
    Advisory ID (SA ID). The SA IDs makes it very easy to reference,
    identify, and find Secunia advisories.
    
    A Shortcut to Secunia Advisories
    
    Finding Secunia Advisories using SA IDs is easily done at the Secunia
    website, either by simply entering the SA ID in our search form placed
    on the right side of every Secunia web page, or by entering the SA ID
    directly after the domain when visiting the Secunia website e.g.:
    http://secunia.com/SA10342
    
    In the Secunia Weekly Summary SA IDs are displayed in brackets e.g.:
    [SA10342]
    
    ========================================================================
    2) This Week in Brief:
    
    Security researcher Tri Huynh has found a buffer overflow vulnerability
    in the popular Yahoo! Messenger program. The vulnerability, which is in
    an ActiveX control installed on the user's system as part of the
    installation of Yahoo! Messenger, can be exploited to gain system
    access on a vulnerable system. Successful exploitation requires that a
    vulnerable user is tricked into visiting a web page or similar, which
    then invokes the vulnerable component.
    Ref.: [SA10342]
    
    The developers of GnuPG informed in an advisory that a weakness has
    been found in the handling of ElGamal type 20 keys in GnuPG; thus
    that all ElGamal type 20 keys should be considered compromised!
    GnuPG has released a new version which removes support for ElGamal
    type 20 keys.
    Ref.: [SA10304]
    
    A privilege escalation vulnerability in the Linux Kernel "do_brk()"
    system call has been identified, affecting almost all Linux
    distributions. Exploits are already available for this vulnerability,
    and reportedly this very same vulnerability was used in the compromise
    of several Debian project servers in November.
    Ref.: [SA10328]
    
    Sun has released information about the Sun ONE/iPlanet Web Server being
    vulnerable to a Denial of Service vulnerability. However, only very
    limited information was provided by Sun, who recommends administrators
    to upgrade their systems in order to eliminate this vulnerability.
    Ref.: [SA10345]
    
    ========================================================================
    3) This Weeks Top Ten Most Read Advisories:
    
    1.  [SA10289] Internet Explorer System Compromise Vulnerabilities
    2.  [SA9711]  Microsoft Internet Explorer Multiple Vulnerabilities
    3.  [SA10328] Linux Kernel "do_brk()" Privilege Escalation
                  Vulnerability
    4.  [SA10252] Apple Safari Cookie Stealing Vulnerability
    5.  [SA10295] Mac OS X Insecure Default DHCP Packet Handling
                  Vulnerability
    6.  [SA10310] GNU Screen Privilege Escalation Vulnerability
    7.  [SA10300] BIND Negative Cache Poisoning Vulnerability
    8.  [SA10192] Microsoft Internet Explorer Multiple Vulnerabilities
    9.  [SA9191]  CCBill whereami.cgi Arbitrary Command Execution
                  Vulnerability
    10. [SA10342] Yahoo! Messenger "yauto.dll" Buffer Overflow
                  Vulnerability
    
    ========================================================================
    4) Vulnerabilities Summary Listing
    
    Windows:
    [SA10342] Yahoo! Messenger "yauto.dll" Buffer Overflow Vulnerability
    [SA10337] VP-ASP Shopping Cart SQL Injection Vulnerabilities
    [SA10347] IBM Tivoli Directory Server Cross-Site Scripting
    Vulnerability
    [SA10323] War FTP Daemon Multiple Connection Denial of Service
    
    UNIX/Linux:
    [SA10336] Jason Maloney Guestbook Arbitrary Command Execution
    Vulnerability
    [SA10327] Surfboard httpd Directory Traversal and Denial of Service
    [SA10324] OpenCA Signature Validation Vulnerabilities
    [SA10316] Mandrake update for gnupg
    [SA10304] GnuPG ElGamal Signing Weakness Expose Private Key
    [SA10343] Red Hat update for net-snmp
    [SA10331] Sun Cobalt update for nfs-utils
    [SA10338] Astaro update for Kernel
    [SA10352] HP Tru64 UNIX CDE libDtHelp Privilege Escalation
    Vulnerability
    [SA10351] XBoard Insecure Temporary File Creation Vulnerability
    [SA10346] Sun Solaris Xsun DGA Mode Vulnerability
    [SA10341] Slackware update for kernel
    [SA10339] HP-UX Shar Utility Insecure Temporary File Creation
    Vulnerability
    [SA10333] Debian update for Kernel
    [SA10330] Mandrake update for Kernel
    [SA10329] Red Hat update for Kernel
    [SA10328] Linux Kernel "do_brk()" Privilege Escalation Vulnerability
    [SA10314] OpenPKG update for screen
    [SA10312] Trustix update for stunnel
    [SA10310] GNU Screen Privilege Escalation Vulnerability
    [SA10340] IBM AIX update for bind
    [SA10334] HP Tru64 update for bind
    [SA10332] UnixWare update for bind
    [SA10317] FreeBSD update for bind
    [SA10315] SuSE update for bind
    [SA10313] Trustix update for BIND
    [SA10307] Solaris BIND Negative Cache Poisoning
    [SA10305] Immunix update for bind
    [SA10303] Engarde update for bind
    [SA10335] Fedora update for Kernel
    [SA10309] OpenBSD Local Denial of Service Vulnerabilities
    
    Other:
    [SA10344] Cisco Aironet AP Static WEP Key Disclosure Vulnerability
    [SA10326] Applied Watch Server Un-authenticated Access to
    Administrative Functions
    [SA10319] HP ProCurve 5300xl Series RPC Traffic Denial of Service
    
    Cross Platform:
    [SA10306] RNN Guestbook Lack of Authentication
    [SA10345] Sun ONE Web Server Unspecified Denial of Service
    Vulnerability
    [SA10325] Mod_python Denial of Service Vulnerability
    [SA10308] phpBB SQL Injection Vulnerability
    [SA10321] PieterPost Anonymous Email Sending Vulnerability
    [SA10320] IlohaMail Cross-Site Scripting Vulnerability
    [SA10318] MoinMoin Cross-Site Scripting Vulnerabilities
    [SA10311] Macromedia JRun JMC Interface Cross-Site Scripting
    Vulnerabilities
    [SA10322] CuteNews Debug Information Disclosure
    
    ========================================================================
    5) Vulnerabilities Content Listing
    
    Windows:--
    
    [SA10342] Yahoo! Messenger "yauto.dll" Buffer Overflow Vulnerability
    
    Critical:    Highly critical
    Where:       From remote
    Impact:      System access
    Released:    2003-12-03
    
    A vulnerability has been reported in Yahoo! Messenger, which can be
    exploited by malicious people to compromise a vulnerable system.
    
    Full Advisory:
    http://www.secunia.com/advisories/10342/
    
     --
    
    [SA10337] VP-ASP Shopping Cart SQL Injection Vulnerabilities
    
    Critical:    Moderately critical
    Where:       From remote
    Impact:      Manipulation of data, Exposure of system information,
    Exposure of sensitive information
    Released:    2003-12-02
    
    Some vulnerabilities have been reported in VP-ASP Shopping Cart, which
    can be exploited by malicious people to conduct SQL injection attacks.
    
    Full Advisory:
    http://www.secunia.com/advisories/10337/
    
     --
    
    [SA10347] IBM Tivoli Directory Server Cross-Site Scripting
    Vulnerability
    
    Critical:    Less critical
    Where:       From remote
    Impact:      Cross Site Scripting
    Released:    2003-12-03
    
    A vulnerability has been reported in IBM Tivoli Directory Server, which
    can be exploited by malicious people to conduct Cross-Site Scripting
    attacks.
    
    Full Advisory:
    http://www.secunia.com/advisories/10347/
    
     --
    
    [SA10323] War FTP Daemon Multiple Connection Denial of Service
    
    Critical:    Less critical
    Where:       From remote
    Impact:      DoS
    Released:    2003-12-01
    
    A vulnerability has been reported in War FTP Daemon, which can be
    exploited by malicious people to cause a DoS (Denial of Service).
    
    Full Advisory:
    http://www.secunia.com/advisories/10323/
    
    
    UNIX/Linux:--
    
    [SA10336] Jason Maloney Guestbook Arbitrary Command Execution
    Vulnerability
    
    Critical:    Highly critical
    Where:       From remote
    Impact:      System access
    Released:    2003-12-02
    
    A vulnerability has been reported in Jason Maloney Guestbook, which
    potentially can be exploited by malicious people to compromise a
    vulnerable system.
    
    Full Advisory:
    http://www.secunia.com/advisories/10336/
    
     --
    
    [SA10327] Surfboard httpd Directory Traversal and Denial of Service
    
    Critical:    Moderately critical
    Where:       From remote
    Impact:      Exposure of system information, Exposure of sensitive
    information, DoS
    Released:    2003-12-01
    
    Two vulnerabilities have been reported in Surfboard httpd, which can be
    exploited by malicious people to gain knowledge of sensitive
    information and cause a DoS (Denial of Service).
    
    Full Advisory:
    http://www.secunia.com/advisories/10327/
    
     --
    
    [SA10324] OpenCA Signature Validation Vulnerabilities
    
    Critical:    Moderately critical
    Where:       From remote
    Impact:      Security Bypass
    Released:    2003-12-01
    
    Multiple vulnerabilities have been reported in OpenCA, which can result
    in revoked or expired certificates being accepted as valid.
    
    Full Advisory:
    http://www.secunia.com/advisories/10324/
    
     --
    
    [SA10316] Mandrake update for gnupg
    
    Critical:    Moderately critical
    Where:       From remote
    Impact:      ID Spoofing, Exposure of sensitive information
    Released:    2003-12-01
    
    MandrakeSoft has issued updated packages for gnupg. These fix a
    vulnerability, which expose the private key when using El-Gamal type 20
    keys.
    
    Full Advisory:
    http://www.secunia.com/advisories/10316/
    
     --
    
    [SA10304] GnuPG ElGamal Signing Weakness Expose Private Key
    
    Critical:    Moderately critical
    Where:       From remote
    Impact:      ID Spoofing, Exposure of sensitive information
    Released:    2003-11-27
    
    A weakness has been identified in the handling of ElGamal keys in
    GnuPG, which exposes the private key.
    
    Full Advisory:
    http://www.secunia.com/advisories/10304/
    
     --
    
    [SA10343] Red Hat update for net-snmp
    
    Critical:    Moderately critical
    Where:       From local network
    Impact:      Security Bypass
    Released:    2003-12-03
    
    Red Hat has issued updated packages for net-snmp. These fix a
    vulnerability, which can be exploited by malicious users to bypass
    certain security restrictions.
    
    Full Advisory:
    http://www.secunia.com/advisories/10343/
    
     --
    
    [SA10331] Sun Cobalt update for nfs-utils
    
    Critical:    Moderately critical
    Where:       From local network
    Impact:      DoS, System access
    Released:    2003-12-02
    
    Sun has issued updated packages for nfs-utils. These fix a
    vulnerability, which potentially can be exploited by malicious people
    to compromise a vulnerable system.
    
    Full Advisory:
    http://www.secunia.com/advisories/10331/
    
     --
    
    [SA10338] Astaro update for Kernel
    
    Critical:    Less critical
    Where:       From remote
    Impact:      Privilege escalation
    Released:    2003-12-02
    
    Astaro has issued updated packages for the kernel. These fix a
    vulnerability, which can be exploited by malicious users to escalate
    their privileges.
    
    Full Advisory:
    http://www.secunia.com/advisories/10338/
    
     --
    
    [SA10352] HP Tru64 UNIX CDE libDtHelp Privilege Escalation
    Vulnerability
    
    Critical:    Less critical
    Where:       Local system
    Impact:      Privilege escalation
    Released:    2003-12-04
    
    HP has acknowledged a vulnerability in CDE (Common Desktop
    Environment), which can be exploited by malicious, local users to
    escalate their privileges on a vulnerable system.
    
    Full Advisory:
    http://www.secunia.com/advisories/10352/
    
     --
    
    [SA10351] XBoard Insecure Temporary File Creation Vulnerability
    
    Critical:    Less critical
    Where:       Local system
    Impact:      Privilege escalation
    Released:    2003-12-04
    
    A vulnerability has been identified in XBoard, which can be exploited
    by malicious, local users to escalate their privileges.
    
    Full Advisory:
    http://www.secunia.com/advisories/10351/
    
     --
    
    [SA10346] Sun Solaris Xsun DGA Mode Vulnerability
    
    Critical:    Less critical
    Where:       Local system
    Impact:      Privilege escalation, DoS
    Released:    2003-12-03
    
    Sun has reported a vulnerability in Solaris, which can be exploited by
    malicious, local users to escalate their privileges or cause a DoS
    (Denial of Service).
    
    Full Advisory:
    http://www.secunia.com/advisories/10346/
    
     --
    
    [SA10341] Slackware update for kernel
    
    Critical:    Less critical
    Where:       Local system
    Impact:      Privilege escalation
    Released:    2003-12-03
    
    Slackware has issued updated packages for the kernel. These fix a
    vulnerability, which can be exploited by malicious users to escalate
    their privileges.
    
    Full Advisory:
    http://www.secunia.com/advisories/10341/
    
     --
    
    [SA10339] HP-UX Shar Utility Insecure Temporary File Creation
    Vulnerability
    
    Critical:    Less critical
    Where:       Local system
    Impact:      Privilege escalation
    Released:    2003-12-02
    
    A vulnerability has been identified in HP-UX, which can be exploited by
    malicious, local users to escalate their privileges.
    
    Full Advisory:
    http://www.secunia.com/advisories/10339/
    
     --
    
    [SA10333] Debian update for Kernel
    
    Critical:    Less critical
    Where:       Local system
    Impact:      Privilege escalation
    Released:    2003-12-02
    
    Debian has issued updated packages for the kernel. These fix a
    vulnerability, which can be exploited by malicious users to escalate
    their privileges.
    
    Full Advisory:
    http://www.secunia.com/advisories/10333/
    
     --
    
    [SA10330] Mandrake update for Kernel
    
    Critical:    Less critical
    Where:       Local system
    Impact:      Privilege escalation
    Released:    2003-12-02
    
    MandrakeSoft has issued updated packages for the kernel. These fix a
    vulnerability, which can be exploited by malicious users to escalate
    their privileges.
    
    Full Advisory:
    http://www.secunia.com/advisories/10330/
    
     --
    
    [SA10329] Red Hat update for Kernel
    
    Critical:    Less critical
    Where:       Local system
    Impact:      Privilege escalation
    Released:    2003-12-02
    
    Red Hat has issued updated packages for the kernel. These fix a
    vulnerability, which can be exploited by malicious users to escalate
    their privileges.
    
    Full Advisory:
    http://www.secunia.com/advisories/10329/
    
     --
    
    [SA10328] Linux Kernel "do_brk()" Privilege Escalation Vulnerability
    
    Critical:    Less critical
    Where:       Local system
    Impact:      Privilege escalation
    Released:    2003-12-02
    
    A vulnerability has been identified in the Linux kernel 2.4, which can
    be exploited by malicious, local users to escalate their privileges.
    
    Full Advisory:
    http://www.secunia.com/advisories/10328/
    
     --
    
    [SA10314] OpenPKG update for screen
    
    Critical:    Less critical
    Where:       Local system
    Impact:      Privilege escalation
    Released:    2003-12-01
    
    OpenPKG has issued updated packages for screen. These fix a
    vulnerability, which potentially may allow users to escalate their
    privileges.
    
    Full Advisory:
    http://www.secunia.com/advisories/10314/
    
     --
    
    [SA10312] Trustix update for stunnel
    
    Critical:    Less critical
    Where:       Local system
    Impact:      Privilege escalation
    Released:    2003-12-01
    
    Trustix has issued updated packages for stunnel. These fix a
    vulnerability, which can be exploited by malicious users to hijack the
    service.
    
    Full Advisory:
    http://www.secunia.com/advisories/10312/
    
     --
    
    [SA10310] GNU Screen Privilege Escalation Vulnerability
    
    Critical:    Less critical
    Where:       Local system
    Impact:      Privilege escalation
    Released:    2003-11-28
    
    A vulnerability has been reported in GNU Screen, which potentially can
    be exploited by malicious, local users to escalate their privileges on
    a vulnerable system.
    
    Full Advisory:
    http://www.secunia.com/advisories/10310/
    
     --
    
    [SA10340] IBM AIX update for bind
    
    Critical:    Not critical
    Where:       From local network
    Impact:      DoS
    Released:    2003-12-03
    
    IBM has issued an update for bind. This fixes a vulnerability, which
    can be exploited by malicious people to poison the DNS cache with
    negative entries.
    
    Full Advisory:
    http://www.secunia.com/advisories/10340/
    
     --
    
    [SA10334] HP Tru64 update for bind
    
    Critical:    Not critical
    Where:       From local network
    Impact:      DoS
    Released:    2003-12-02
    
    HP has issued updated packages for bind. These fix a vulnerability,
    which can be exploited to poison the DNS cache with negative entries.
    
    Full Advisory:
    http://www.secunia.com/advisories/10334/
    
     --
    
    [SA10332] UnixWare update for bind
    
    Critical:    Not critical
    Where:       From local network
    Impact:      DoS
    Released:    2003-12-02
    
    SCO has issued an update for bind. This fix a vulnerability, which can
    be exploited to poison the DNS cache with negative entries.
    
    Full Advisory:
    http://www.secunia.com/advisories/10332/
    
     --
    
    [SA10317] FreeBSD update for bind
    
    Critical:    Not critical
    Where:       From local network
    Impact:      DoS
    Released:    2003-12-01
    
    FreeBSD has issued updated packages for bind. These fix a
    vulnerability, which can be exploited to poison the DNS cache with
    negative entries.
    
    Full Advisory:
    http://www.secunia.com/advisories/10317/
    
     --
    
    [SA10315] SuSE update for bind
    
    Critical:    Not critical
    Where:       From local network
    Impact:      DoS
    Released:    2003-12-01
    
    SuSE has issued updated packages for bind. These fix a vulnerability,
    which can be exploited to poison the DNS cache with negative entries.
    
    Full Advisory:
    http://www.secunia.com/advisories/10315/
    
     --
    
    [SA10313] Trustix update for BIND
    
    Critical:    Not critical
    Where:       From local network
    Impact:      DoS
    Released:    2003-11-28
    
    Trustix has issued updated packages for bind. These fix a
    vulnerability, which can be exploited to poison the DNS cache with
    negative entries.
    
    Full Advisory:
    http://www.secunia.com/advisories/10313/
    
     --
    
    [SA10307] Solaris BIND Negative Cache Poisoning
    
    Critical:    Not critical
    Where:       From local network
    Impact:      DoS
    Released:    2003-11-28
    
    Sun has acknowledged a vulnerability in Solaris, which can be exploited
    by malicious people to poison the DNS cache with negative entries.
    
    Full Advisory:
    http://www.secunia.com/advisories/10307/
    
     --
    
    [SA10305] Immunix update for bind
    
    Critical:    Not critical
    Where:       From local network
    Impact:      DoS
    Released:    2003-11-28
    
    Immunix has issued updated packages for bind. These fix a
    vulnerability, which can be exploited to poison the DNS cache with
    negative entries.
    
    Full Advisory:
    http://www.secunia.com/advisories/10305/
    
     --
    
    [SA10303] Engarde update for bind
    
    Critical:    Not critical
    Where:       From local network
    Impact:      DoS
    Released:    2003-11-27
    
    Guardian Digital has issued updated packages for bind. These fix a
    vulnerability, which can be exploited to poison the DNS cache with
    negative entries.
    
    Full Advisory:
    http://www.secunia.com/advisories/10303/
    
     --
    
    [SA10335] Fedora update for Kernel
    
    Critical:    Not critical
    Where:       Local system
    Impact:      DoS
    Released:    2003-12-03
    
    Red Hat has issued updated packages for the kernel. These fix a
    vulnerability, which can be exploited by malicious, local users to
    cause a DoS (Denial of Service).
    
    Full Advisory:
    http://www.secunia.com/advisories/10335/
    
     --
    
    [SA10309] OpenBSD Local Denial of Service Vulnerabilities
    
    Critical:    Not critical
    Where:       Local system
    Impact:      DoS
    Released:    2003-11-28
    
    Some vulnerabilities have been identified in OpenBSD, which can be
    exploited by malicious, local users to cause a DoS (Denial of
    Service).
    
    Full Advisory:
    http://www.secunia.com/advisories/10309/
    
    
    Other:--
    
    [SA10344] Cisco Aironet AP Static WEP Key Disclosure Vulnerability
    
    Critical:    Less critical
    Where:       From local network
    Impact:      Exposure of sensitive information
    Released:    2003-12-03
    
    Cisco has reported a vulnerability in various Cisco Aironet Access
    Points (AP) running Cisco IOS software, which can be exploited by
    malicious people to gain knowledge of any static Wired Equivalent
    Privacy (WEP) keys.
    
    Full Advisory:
    http://www.secunia.com/advisories/10344/
    
     --
    
    [SA10326] Applied Watch Server Un-authenticated Access to
    Administrative Functions
    
    Critical:    Less critical
    Where:       From local network
    Impact:      Security Bypass
    Released:    2003-12-01
    
    A vulnerability has been identified in Applied Watch Server, allowing
    malicious people to add users and manipulate rules.
    
    Full Advisory:
    http://www.secunia.com/advisories/10326/
    
     --
    
    [SA10319] HP ProCurve 5300xl Series RPC Traffic Denial of Service
    
    Critical:    Less critical
    Where:       From local network
    Impact:      DoS
    Released:    2003-12-01
    
    HP has reported a vulnerability in ProCurve 5300xl series switches,
    which can be exploited by malicious people to cause a DoS (Denial of
    Service).
    
    Full Advisory:
    http://www.secunia.com/advisories/10319/
    
    
    Cross Platform:--
    
    [SA10306] RNN Guestbook Lack of Authentication
    
    Critical:    Highly critical
    Where:       From remote
    Impact:      Security Bypass, System access
    Released:    2003-11-28
    
    A vulnerability has been identified in RNN Guestbook, allowing
    malicious people to access the administrative interface and execute
    arbitrary commands.
    
    Full Advisory:
    http://www.secunia.com/advisories/10306/
    
     --
    
    [SA10345] Sun ONE Web Server Unspecified Denial of Service
    Vulnerability
    
    Critical:    Moderately critical
    Where:       From remote
    Impact:      DoS
    Released:    2003-12-03
    
    Sun has reported an unspecified vulnerability in Sun ONE Web Server,
    which can be exploited by malicious people to cause a DoS (Denial of
    Service).
    
    Full Advisory:
    http://www.secunia.com/advisories/10345/
    
     --
    
    [SA10325] Mod_python Denial of Service Vulnerability
    
    Critical:    Moderately critical
    Where:       From remote
    Impact:      DoS
    Released:    2003-12-01
    
    The Apache Software Foundation has reported an unspecified
    vulnerability in Mod_python, allowing malicious people to cause a
    Denial of Service.
    
    Full Advisory:
    http://www.secunia.com/advisories/10325/
    
     --
    
    [SA10308] phpBB SQL Injection Vulnerability
    
    Critical:    Moderately critical
    Where:       From remote
    Impact:      Manipulation of data, Exposure of sensitive information
    Released:    2003-11-28
    
    A vulnerability has been reported in phpBB, which can be exploited by
    malicious people to inject arbitrary SQL code.
    
    Full Advisory:
    http://www.secunia.com/advisories/10308/
    
     --
    
    [SA10321] PieterPost Anonymous Email Sending Vulnerability
    
    Critical:    Less critical
    Where:       From remote
    Impact:      Security Bypass
    Released:    2003-12-01
    
    A vulnerability has been identified in PieterPost, allowing malicious
    people to access certain pages and functions without being
    authenticated.
    
    Full Advisory:
    http://www.secunia.com/advisories/10321/
    
     --
    
    [SA10320] IlohaMail Cross-Site Scripting Vulnerability
    
    Critical:    Less critical
    Where:       From remote
    Impact:      Cross Site Scripting
    Released:    2003-12-01
    
    A vulnerability has been reported in IlohaMail, which can be exploited
    by malicious people to conduct Cross Site Scripting attacks.
    
    Full Advisory:
    http://www.secunia.com/advisories/10320/
    
     --
    
    [SA10318] MoinMoin Cross-Site Scripting Vulnerabilities
    
    Critical:    Less critical
    Where:       From remote
    Impact:      Cross Site Scripting
    Released:    2003-12-01
    
    Two vulnerabilities have been identified in MoinMoin, which can be
    exploited by malicious people to conduct Cross-Site Scripting attacks.
    
    Full Advisory:
    http://www.secunia.com/advisories/10318/
    
     --
    
    [SA10311] Macromedia JRun JMC Interface Cross-Site Scripting
    Vulnerabilities
    
    Critical:    Less critical
    Where:       From remote
    Impact:      Cross Site Scripting
    Released:    2003-11-28
    
    Some vulnerabilities have been identified in Macromedia JRun, which can
    be exploited by malicious people to conduct Cross-Site Scripting
    attacks.
    
    Full Advisory:
    http://www.secunia.com/advisories/10311/
    
     --
    
    [SA10322] CuteNews Debug Information Disclosure
    
    Critical:    Not critical
    Where:       From remote
    Impact:      Exposure of system information
    Released:    2003-12-01
    
    A security issues has been reported in CuteNews, which can be exploited
    by malicious people to gain knowledge of various system information.
    
    Full Advisory:
    http://www.secunia.com/advisories/10322/
    
    
    
    ========================================================================
    
    Secunia recommends that you verify all advisories you receive,
    by clicking the link.
    Secunia NEVER sends attached files with advisories.
    Secunia does not advise people to install third party patches, only use
    those supplied by the vendor.
    
    Definitions: (Criticality, Where etc.)
    http://www.secunia.com/about_secunia_advisories/
    
    Subscribe:
    http://www.secunia.com/secunia_weekly_summary/
    
    Contact details:
    Web	: http://www.secunia.com/
    E-mail	: support@private
    Tel	: +45 70 20 51 44
    Fax	: +45 70 20 51 45
    
    =====================================================================
    
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomo@private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Fri Dec 05 2003 - 03:39:21 PST