[ISN] Secunia Weekly Summary - Issue: 2004-2

From: InfoSec News (isn@private)
Date: Thu Jan 08 2004 - 05:51:07 PST

  • Next message: InfoSec News: "[ISN] 'Homeless hacker' pleads guilty to Times hack"

    ========================================================================
    
                      The Secunia Weekly Advisory Summary                  
                            2004-01-01 - 2004-01-08                        
    
                          This week : 106 advisories                       
    
    ========================================================================
    Table of Contents:
    
    1.....................................................Word From Secunia
    2....................................................This Week In Brief
    3...............................This Weeks Top Ten Most Read Advisories
    4.......................................Vulnerabilities Summary Listing
    5.......................................Vulnerabilities Content Listing
    
    ========================================================================
    1) Word From Secunia:
    
    Secunia Advisory IDs
    
    Every advisory issued by Secunia has an unique identifier: The Secunia
    Advisory ID (SA ID). The SA IDs make it very easy to reference,
    identify, and find Secunia advisories.
    
    A Shortcut to Secunia Advisories
    
    Finding Secunia Advisories using SA IDs is easily done at the Secunia
    website; either by simply entering the SA ID in our search form placed
    on the right side of every Secunia web page, or by entering the SA ID
    directly after the domain when visiting the Secunia website e.g.
    http://secunia.com/SA10395
    
    In the Secunia Weekly Summary SA IDs are displayed in brackets e.g.
    [SA10395]
    
    ========================================================================
    2) This Week in Brief:
    
    Arman Nayyeri disclosed a variant of an older showHelp() zone bypass
    vulnerability in Internet Explorer, which can be exploited to execute
    arbitrary files in known locations, Arman Nayyeri included a sample
    exploit, which demonstrates how the vulnerability can be exploited
    using WinAmp to place an arbitrary file on the system, which afterwards
    will be executed using the vulnerability in showHelp(). The
    vulnerability has been confirmed on a fully patched Internet Explorer
    and WinAmp 5.
    Also, Internet Explorer for Mac was shown vulnerable to a minor 
    information disclosure vulnerability, which could result in 'referer'
    information being sent to third party sites when leaving secure sites
    using HTTPS.
    Reference: [SA10500] & [SA10523]
    
    Two vulnerabilities have been found in the Linux Kernel. The first is a
    privilege escalation vulnerability, which can allow unprivileged users
    to execute code with kernel level privileges. This vulnerability
    affects both the 2.4.x and the 2.6.x series.
    The second vulnerability can result in disclosure of kernel memory to
    unprivileged users. This however, only affects the 2.4.x series.
    Reference: [SA10532] & [SA10533]
    
    TIP:
    Finding Secunia advisories is easily done through the Secunia web site.
    Simply enter the SA ID in the URL:
    http://secunia.com/SA10500
    
    ========================================================================
    3) This Weeks Top Ten Most Read Advisories:
    
    1.  [SA10395] Internet Explorer URL Spoofing Vulnerability
    2.  [SA10523] Internet Explorer showHelp() Restriction Bypass
                  Vulnerability
    3.  [SA10532] Linux Kernel "mremap()" Privilege Escalation
                  Vulnerability
    4.  [SA10289] Internet Explorer System Compromise Vulnerabilities
    5.  [SA10533] Linux Kernel Real Time Clock Kernel Memory Disclosure
                  Vulnerability
    6.  [SA10536] Red Hat update for kernel
    7.  [SA10519] Mailman Admin Pages Cross-Site Scripting Vulnerabilities
    8.  [SA10353] rsync File Handling Integer Overflow Vulnerability
    9.  [SA10529] Microsoft Word Form Protection Bypass Vulnerability
    10. [SA10522] Flash FTP Server Directory Traversal Vulnerabilities
    
    ========================================================================
    4) Vulnerabilities Summary Listing
    
    Windows:
    [SA10527] Webcam Watchdog Web Interface Buffer Overflow Vulnerability
    [SA10511] NETObserve User Authentication Bypass Vulnerability
    [SA10497] LANDesk Management Suite "ircrboot.dll" Buffer Overflow
    Vulnerability
    [SA10492] Xlight FTP Server Buffer Overflow Vulnerability
    [SA10491] PlatinumFTPServer Format String Vulnerability
    [SA10523] Internet Explorer showHelp() Restriction Bypass
    Vulnerability
    [SA10522] Flash FTP Server Directory Traversal Vulnerabilities
    [SA10512] MDaemon Raw Message Handler Buffer Overflow Vulnerability
    [SA10484] DCAM Server Directory Traversal Vulnerability
    [SA10479] Active WebCam Directory Traversal and Cross-Site Scripting
    [SA10468] Kerio Personal Firewall TCP Stealth Scan Detection
    Vulnerability
    [SA10465] ASPapp Products Multiple Vulnerabilities
    [SA10510] Jordan Windows Telnet Server Username Buffer Overflow
    Vulnerability
    [SA10526] GoodTech Telnet Server Denial of Service Vulnerability
    [SA10521] Switch Off HTTP Request Handling Vulnerabilities
    [SA10506] Microsoft Internet Information Services Track Log Bypass
    [SA10490] Cesar FTP Denial of Service Vulnerability
    [SA10529] Microsoft Word Form Protection Bypass Vulnerability
    
    UNIX/Linux:
    [SA10562] Debian update for FSP
    [SA10561] FSP Multiple Vulnerabilities
    [SA10487] Sun Grid Engine OpenSSL Vulnerabilities
    [SA10474] Mac OS X Security Update Fixes Multiple Vulnerabilities
    [SA10563] Debian update for zebra
    [SA10550] Debian update for nd
    [SA10549] nd Buffer Overflow Vulnerabilities
    [SA10548] Conectiva update for lftp
    [SA10545] Debian update for mpg321
    [SA10544] mpg321 Remotely Exploitable Vulnerability
    [SA10543] Debian update for libnids
    [SA10531] Debian update for ethereal
    [SA10525] Debian update for lftp
    [SA10518] Cherokee POST Request Denial of Service Vulnerability
    [SA10499] Indent File Parsing Buffer Overflow Vulnerability
    [SA10494] Pico Server Directory Traversal Vulnerability
    [SA10493] Squirrelmail Address Parsing Execution of Arbitrary Commands
    [SA10483] mvdsv Download Function Buffer Overflow Vulnerability
    [SA10570] Red Hat update for Ethereal
    [SA10568] Conectiva update for ethereal
    [SA10560] Debian update for jabber
    [SA10559] jabberd SSL Denial of Service Vulnerability
    [SA10519] Mailman Admin Pages Cross-Site Scripting Vulnerabilities
    [SA10505] ViewCVS Error Page Cross-Site Scripting Vulnerability
    [SA10464] Fedora update for ethereal
    [SA10462] SARA Cross Site Scripting Vulnerability
    [SA10572] Red Hat update for kernel
    [SA10569] Slackware update for kernel
    [SA10564] Immunix update for kernel
    [SA10558] Debian update for kernel
    [SA10555] Fedora update for kernel
    [SA10541] SuSE update for kernel
    [SA10539] Debian update for screen
    [SA10538] EnGarde update for kernel
    [SA10537] Conectiva update for kernel
    [SA10536] Red Hat update for kernel
    [SA10534] Astaro update for kernel
    [SA10533] Linux Kernel Real Time Clock Kernel Memory Disclosure
    Vulnerability
    [SA10532] Linux Kernel "mremap()" Privilege Escalation Vulnerability
    [SA10507] PHP / mod_php File Descriptor Leakage Vulnerability
    [SA10503] Gentoo update for CVS
    [SA10502] CVS pserver "CVSROOT/passwd" Privilege Escalation
    Vulnerability
    [SA10486] Sun Solaris tcsh Privilege Escalation Vulnerability
    [SA10485] Sun Cobalt update for bash
    [SA10475] Red Hat update for kernel
    [SA10471] AIX diag Unspecified Privilege Escalation Vulnerability
    [SA10470] AIX enq Privilege Escalation Vulnerability
    [SA10469] Mandrake update for XFree86
    [SA10500] Internet Explorer for Mac Disclosure of Referer Information
    Weakness
    [SA10542] Debian update for bind
    [SA10552] Xsok "-xsokdir" Command Line Argument Privilege Escalation
    Vulnerability
    [SA10514] Debian update for xsok
    [SA10513] Xsok "LANG" Environment Variable Privilege Escalation
    Vulnerability
    
    Other:
    [SA10473] Xerox Document Centre Directory Traversal Vulnerability
    [SA10520] Canon VB-C10R Network Camera Cross-Site Scripting
    Vulnerability
    [SA10472] CyberGuard Error Page Cross-Site Scripting Vulnerability
    [SA10524] Mac OS X Local Denial of Service Vulnerability
    
    Cross Platform:
    [SA10565] PhpGedView Multiple Vulnerabilities
    [SA10551] HotNews Arbitrary File Inclusion Vulnerability
    [SA10535] EasyDynamicPages Arbitrary File Inclusion Vulnerability
    [SA10509] PHP-Ping "count" Parameter Arbitrary Command Execution
    Vulnerability
    [SA10504] KnowledgeBuilder Arbitrary File Inclusion Vulnerability
    [SA10480] Subscribe Me Pro Installation Invocation
    [SA10477] BES-CMS Arbitrary File Inclusion Vulnerabilities
    [SA10476] Double Choco Latte Arbitrary File Inclusion Vulnerabilities
    [SA10567] Phorum SQL Injection and Cross-Site Scripting
    Vulnerabilities
    [SA10557] vBulletin "calendar.php" SQL Injection Vulnerability
    [SA10554] PostCalendar Search Function SQL Injection Vulnerability
    [SA10553] PostNuke SQL Injection and Cross Site Scripting
    Vulnerabilities
    [SA10530] Invision Power Board "calendar.php" SQL Injection
    Vulnerability
    [SA10516] PHPCatalog "id" Parameter SQL Injection Vulnerability
    [SA10508] PHP-Nuke "pollID" Parameter SQL Injection Vulnerability
    [SA10498] OpenBB "FID" Parameter Cross-Site Scripting Vulnerability
    [SA10496] PsychoBlogger SQL Injection and Cross-Site Scripting
    Vulnerabilities
    [SA10488] ProjectForum and CourseForum Multiple Vulnerabilities
    [SA10467] AutoRank PHP SQL Injection Vulnerabilities
    [SA10466] Web Art Factory CMS Unspecified User Authentication
    Vulnerability
    [SA10547] FreznoShop "search.php" Cross-Site Scripting Vulnerability
    [SA10546] ThWboard "board.php" Cross-Site Scripting Vulnerability
    [SA10517] miniBB Cross-Site Scripting Vulnerability
    [SA10515] phpBB SQL Injection Vulnerability
    [SA10501] Private Message System Cross-Site Scripting Vulnerability
    [SA10495] LISTSERV "WA" CGI Script Cross-Site Scripting Vulnerability
    [SA10489] My Little Forum Cross-Site Scripting Vulnerabilities
    [SA10482] Dada Mail Non-Random Verification PIN
    [SA10481] Xoops URL Parameter Cross Site Scripting Vulnerability
    [SA10478] BoastMachine (bMachine) Comment Cross-Site Scripting
    Vulnerability
    
    ========================================================================
    5) Vulnerabilities Content Listing
    
    Windows:--
    
    [SA10527] Webcam Watchdog Web Interface Buffer Overflow Vulnerability
    
    Critical:    Highly critical
    Where:       From remote
    Impact:      System access
    Released:    2004-01-05
    
    Peter Winter-Smith has reported a vulnerability in Webcam Watchdog,
    which can be exploited by malicious people to compromise a vulnerable
    system.
    
    Full Advisory:
    http://www.secunia.com/advisories/10527/
    
     --
    
    [SA10511] NETObserve User Authentication Bypass Vulnerability
    
    Critical:    Highly critical
    Where:       From remote
    Impact:      Security Bypass
    Released:    2003-12-30
    
    Peter Winter-Smith has reported a vulnerability in NETObserve, which
    can be exploited by malicious people to compromise a vulnerable
    system.
    
    Full Advisory:
    http://www.secunia.com/advisories/10511/
    
     --
    
    [SA10497] LANDesk Management Suite "ircrboot.dll" Buffer Overflow
    Vulnerability
    
    Critical:    Highly critical
    Where:       From remote
    Impact:      System access
    Released:    2003-12-28
    
    Tri Huynh has reported a vulnerability in LANDesk Management Suite,
    which potentially can be exploited by malicious people to compromise a
    vulnerable system.
    
    Full Advisory:
    http://www.secunia.com/advisories/10497/
    
     --
    
    [SA10492] Xlight FTP Server Buffer Overflow Vulnerability
    
    Critical:    Highly critical
    Where:       From remote
    Impact:      DoS, System access
    Released:    2003-12-24
    
    A vulnerability has been identified in Xlight FTP Server allowing
    malicious people to cause a Denial of Service or potentially compromise
    a vulnerable system.
    
    Full Advisory:
    http://www.secunia.com/advisories/10492/
    
     --
    
    [SA10491] PlatinumFTPServer Format String Vulnerability
    
    Critical:    Highly critical
    Where:       From local network
    Impact:      DoS, System access
    Released:    2003-12-24
    
    Jan-Olivier Filiols and Philippe Oechslin have reported a vulnerability
    in PlatinumFTPServer which potentially can be exploit to compromise a
    vulnerable system or cause a Denial of Service.
    
    Full Advisory:
    http://www.secunia.com/advisories/10491/
    
     --
    
    [SA10523] Internet Explorer showHelp() Restriction Bypass
    Vulnerability
    
    Critical:    Moderately critical
    Where:       From remote
    Impact:      Security Bypass
    Released:    2004-01-02
    
    Arman Nayyeri has discovered a variant of the older showHelp() zone
    bypass vulnerability, which works in Internet Explorer with all current
    patches.
    
    Full Advisory:
    http://www.secunia.com/advisories/10523/
    
     --
    
    [SA10522] Flash FTP Server Directory Traversal Vulnerabilities
    
    Critical:    Moderately critical
    Where:       From remote
    Impact:      Exposure of system information, Exposure of sensitive
    information
    Released:    2004-01-03
    
    Dr_insane has reported vulnerabilities in Flash FTP Server, which can
    be exploited by malicious users to conduct directory traversal
    attacks.
    
    Full Advisory:
    http://www.secunia.com/advisories/10522/
    
     --
    
    [SA10512] MDaemon Raw Message Handler Buffer Overflow Vulnerability
    
    Critical:    Moderately critical
    Where:       From remote
    Impact:      System access
    Released:    2003-12-30
    
    Hat-Squad Security Team has reported a vulnerability in MDaemon, which
    can be exploited by malicious users to compromise a vulnerable system.
    
    Full Advisory:
    http://www.secunia.com/advisories/10512/
    
     --
    
    [SA10484] DCAM Server Directory Traversal Vulnerability
    
    Critical:    Moderately critical
    Where:       From remote
    Impact:      Exposure of system information, Exposure of sensitive
    information
    Released:    2003-12-23
    
    Luigi Auriemma has reported a vulnerability in DCAM Server, which can
    be exploited by malicious people to gain knowledge of sensitive
    information.
    
    Full Advisory:
    http://www.secunia.com/advisories/10484/
    
     --
    
    [SA10479] Active WebCam Directory Traversal and Cross-Site Scripting
    
    Critical:    Moderately critical
    Where:       From remote
    Impact:      Cross Site Scripting, Exposure of system information,
    Exposure of sensitive information
    Released:    2003-12-22
    
    Luigi Auriemma has reported two vulnerabilities in Active WebCam, which
    can be exploited by malicious people to read arbitrary files on a
    system and conduct Cross-Site Scripting attacks.
    
    Full Advisory:
    http://www.secunia.com/advisories/10479/
    
     --
    
    [SA10468] Kerio Personal Firewall TCP Stealth Scan Detection
    Vulnerability
    
    Critical:    Moderately critical
    Where:       From remote
    Impact:      Security Bypass
    Released:    2003-12-19
    
    Kerio has reported a vulnerability in their Kerio Personal Firewall,
    which may be exploited by malicious people to port scan users'
    systems.
    
    Full Advisory:
    http://www.secunia.com/advisories/10468/
    
     --
    
    [SA10465] ASPapp Products Multiple Vulnerabilities
    
    Critical:    Moderately critical
    Where:       From remote
    Impact:      Hijacking, Cross Site Scripting, Manipulation of data,
    Exposure of sensitive information, Privilege escalation
    Released:    2003-12-19
    
    JeiAr and parag0d have reported vulnerabilities in PortalApp,
    IntranetApp, and ProjectApp. These can be exploited by malicious people
    to gain higher privileges than intended, hijack other users' accounts,
    and conduct Cross-Site Scripting attacks.
    
    Full Advisory:
    http://www.secunia.com/advisories/10465/
    
     --
    
    [SA10510] Jordan Windows Telnet Server Username Buffer Overflow
    Vulnerability
    
    Critical:    Moderately critical
    Where:       From local network
    Impact:      System access
    Released:    2003-12-30
    
    Luigi Auriemma has reported a vulnerability in Jordan's Windows Telnet
    Server, which potentially can be exploited by malicious people to
    compromise a vulnerable system.
    
    Full Advisory:
    http://www.secunia.com/advisories/10510/
    
     --
    
    [SA10526] GoodTech Telnet Server Denial of Service Vulnerability
    
    Critical:    Less critical
    Where:       From local network
    Impact:      DoS
    Released:    2004-01-05
    
    Donato Ferrante has reported a vulnerability in GoodTech Telnet Server,
    which can be exploited by malicious people to cause a DoS (Denial of
    Service).
    
    Full Advisory:
    http://www.secunia.com/advisories/10526/
    
     --
    
    [SA10521] Switch Off HTTP Request Handling Vulnerabilities
    
    Critical:    Less critical
    Where:       From local network
    Impact:      DoS, System access
    Released:    2004-01-03
    
    Peter Winter-Smith has reported three vulnerabilities in Switch Off,
    which can be exploited by malicious people to cause a DoS (Denial of
    Service) and potentially compromise a vulnerable system.
    
    Full Advisory:
    http://www.secunia.com/advisories/10521/
    
     --
    
    [SA10506] Microsoft Internet Information Services Track Log Bypass
    
    Critical:    Not critical
    Where:       From remote
    Impact:      Security Bypass
    Released:    2003-12-29
    
    Parcifal Aertssen has reported a security issue in Microsoft Internet
    Information Services (IIS), which can be exploited by malicious people
    to make requests without being logged.
    
    Full Advisory:
    http://www.secunia.com/advisories/10506/
    
     --
    
    [SA10490] Cesar FTP Denial of Service Vulnerability
    
    Critical:    Not critical
    Where:       From remote
    Impact:      DoS
    Released:    2003-12-24
    
    A vulnerability has been identified in Cesar FTP allowing malicious
    users to cause the FTP server to consume large amounts of CPU power.
    
    Full Advisory:
    http://www.secunia.com/advisories/10490/
    
     --
    
    [SA10529] Microsoft Word Form Protection Bypass Vulnerability
    
    Critical:    Not critical
    Where:       Local system
    Impact:      Manipulation of data
    Released:    2004-01-05
    
    Thorsten Delbrouck has reported a vulnerability in Microsoft Word,
    which can be exploited by malicious people to manipulate protected
    documents.
    
    Full Advisory:
    http://www.secunia.com/advisories/10529/
    
    
    UNIX/Linux:--
    
    [SA10562] Debian update for FSP
    
    Critical:    Highly critical
    Where:       From remote
    Impact:      Exposure of sensitive information, System access
    Released:    2004-01-07
    
    Debian has issued updated packages for FSP. These fix two
    vulnerabilities, allowing malicious people to view arbitrary files and
    potentially gain system access.
    
    Full Advisory:
    http://www.secunia.com/advisories/10562/
    
     --
    
    [SA10561] FSP Multiple Vulnerabilities
    
    Critical:    Highly critical
    Where:       From remote
    Impact:      Exposure of sensitive information, System access
    Released:    2004-01-07
    
    Two vulnerabilities have been identified in FSP, allowing malicious
    people to gain system access or view files outside the root directory.
    
    Full Advisory:
    http://www.secunia.com/advisories/10561/
    
     --
    
    [SA10487] Sun Grid Engine OpenSSL Vulnerabilities
    
    Critical:    Highly critical
    Where:       From remote
    Impact:      DoS, System access
    Released:    2003-12-23
    
    Sun has reported that Sun Grid Engine (SGE) is affected by the recent
    OpenSSL vulnerabilities, which can be exploited by malicious people to
    cause a DoS (Denial of Service) and potentially compromise a vulnerable
    system.
    
    Full Advisory:
    http://www.secunia.com/advisories/10487/
    
     --
    
    [SA10474] Mac OS X Security Update Fixes Multiple Vulnerabilities
    
    Critical:    Highly critical
    Where:       From remote
    Impact:      Security Bypass, Privilege escalation, DoS, System access
    Released:    2003-12-22
    
    Apple has issued security updates for Mac OS X. These fix several
    vulnerabilities, which can be exploited by malicious people to perform
    a variety of attacks.
    
    Full Advisory:
    http://www.secunia.com/advisories/10474/
    
     --
    
    [SA10563] Debian update for zebra
    
    Critical:    Moderately critical
    Where:       From remote
    Impact:      DoS
    Released:    2004-01-07
    
    Debian has issued updated packages for Zebra. These fix two
    vulnerabilities, allowing malicious people and local users to cause a
    Denial of Service.
    
    Full Advisory:
    http://www.secunia.com/advisories/10563/
    
     --
    
    [SA10550] Debian update for nd
    
    Critical:    Moderately critical
    Where:       From remote
    Impact:      System access
    Released:    2004-01-06
    
    Debian has issued updated packages for nd. These fix multiple
    vulnerabilities, which can be exploited by malicious people to
    compromise a user's system.
    
    Full Advisory:
    http://www.secunia.com/advisories/10550/
    
     --
    
    [SA10549] nd Buffer Overflow Vulnerabilities
    
    Critical:    Moderately critical
    Where:       From remote
    Impact:      System access
    Released:    2004-01-06
    
    Multiple vulnerabilities have been identified in nd, which can be
    exploited by malicious people to compromise a user's system.
    
    Full Advisory:
    http://www.secunia.com/advisories/10549/
    
     --
    
    [SA10548] Conectiva update for lftp
    
    Critical:    Moderately critical
    Where:       From remote
    Impact:      System access, DoS
    Released:    2004-01-06
    
    Conectiva has issued updated packages for lftp. These fix two
    vulnerabilities, which potentially can be exploited by malicious people
    to compromise a user's system.
    
    Full Advisory:
    http://www.secunia.com/advisories/10548/
    
     --
    
    [SA10545] Debian update for mpg321
    
    Critical:    Moderately critical
    Where:       From remote
    Impact:      System access
    Released:    2004-01-06
    
    Debian has issued updated packages for mpg321. These fix a
    vulnerability, which potentially may allow malicious people to gain
    system access.
    
    Full Advisory:
    http://www.secunia.com/advisories/10545/
    
     --
    
    [SA10544] mpg321 Remotely Exploitable Vulnerability
    
    Critical:    Moderately critical
    Where:       From remote
    Impact:      System access
    Released:    2004-01-06
    
    A vulnerability has been identified in mpg321, allowing malicious
    people to execute arbitrary code.
    
    Full Advisory:
    http://www.secunia.com/advisories/10544/
    
     --
    
    [SA10543] Debian update for libnids
    
    Critical:    Moderately critical
    Where:       From remote
    Impact:      DoS, System access
    Released:    2004-01-06
    
    Debian has issued updated packages for libnids. These fix a
    vulnerability, which can be exploited by malicious people to compromise
    a vulnerable system.
    
    Full Advisory:
    http://www.secunia.com/advisories/10543/
    
     --
    
    [SA10531] Debian update for ethereal
    
    Critical:    Moderately critical
    Where:       From remote
    Impact:      DoS, System access
    Released:    2004-01-05
    
    Debian has issued updated packages for Ethereal. These fix multiple
    vulnerabilities, which potentially can be exploited by malicious people
    to compromise a vulnerable system running Ethereal or cause a DoS
    (Denial of Service).
    
    Full Advisory:
    http://www.secunia.com/advisories/10531/
    
     --
    
    [SA10525] Debian update for lftp
    
    Critical:    Moderately critical
    Where:       From remote
    Impact:      DoS, System access
    Released:    2004-01-05
    
    Debian has issued updated packages for lftp. These fix two
    vulnerabilities, which potentially can be exploited by malicious people
    to compromise a user's system.
    
    Full Advisory:
    http://www.secunia.com/advisories/10525/
    
     --
    
    [SA10518] Cherokee POST Request Denial of Service Vulnerability
    
    Critical:    Moderately critical
    Where:       From remote
    Impact:      DoS
    Released:    2004-01-01
    
    A vulnerability has been reported in Cherokee, which can be exploited
    by malicious people to cause a DoS (Denial of Service).
    
    Full Advisory:
    http://www.secunia.com/advisories/10518/
    
     --
    
    [SA10499] Indent File Parsing Buffer Overflow Vulnerability
    
    Critical:    Moderately critical
    Where:       From remote
    Impact:      System access
    Released:    2003-12-28
    
    Winnie The Pooh Hacking Squadron has reported a vulnerability in
    Indent, which potentially can be exploited to compromise a user's
    system.
    
    Full Advisory:
    http://www.secunia.com/advisories/10499/
    
     --
    
    [SA10494] Pico Server Directory Traversal Vulnerability
    
    Critical:    Moderately critical
    Where:       From remote
    Impact:      Exposure of system information, Exposure of sensitive
    information
    Released:    2003-12-27
    
    Donato Ferrante has reported a vulnerability in Pico Server (pServ),
    which can be exploited by malicious people to gain knowledge of
    sensitive information.
    
    Full Advisory:
    http://www.secunia.com/advisories/10494/
    
     --
    
    [SA10493] Squirrelmail Address Parsing Execution of Arbitrary Commands
    
    Critical:    Moderately critical
    Where:       From remote
    Impact:      System access
    Released:    2003-12-26
    
    A vulnerability has been reported in Squirrelmail, potentially allowing
    malicious users to execute arbitrary system commands.
    
    Full Advisory:
    http://www.secunia.com/advisories/10493/
    
     --
    
    [SA10483] mvdsv Download Function Buffer Overflow Vulnerability
    
    Critical:    Moderately critical
    Where:       From remote
    Impact:      System access
    Released:    2003-12-22
    
    A vulnerability has been reported in mvdsv, possibly allowing malicious
    people to execute arbitrary code.
    
    Full Advisory:
    http://www.secunia.com/advisories/10483/
    
     --
    
    [SA10570] Red Hat update for Ethereal
    
    Critical:    Less critical
    Where:       From remote
    Impact:      DoS
    Released:    2004-01-08
    
    Red Hat has issued updated packages for ethereal. These fix two
    vulnerabilities, which can be exploited by malicious people to crash
    the application.
    
    Full Advisory:
    http://www.secunia.com/advisories/10570/
    
     --
    
    [SA10568] Conectiva update for ethereal
    
    Critical:    Less critical
    Where:       From remote
    Impact:      DoS
    Released:    2004-01-07
    
    Conectiva has issued updated packages for ethereal. These fix two
    vulnerabilities, which can be exploited by malicious people to crash
    the application.
    
    Full Advisory:
    http://www.secunia.com/advisories/10568/
    
     --
    
    [SA10560] Debian update for jabber
    
    Critical:    Less critical
    Where:       From remote
    Impact:      DoS
    Released:    2004-01-07
    
    Debian has issued updated packages for jabber. These fix a
    vulnerability, which can be exploited by malicious people to cause a
    Denial of Service.
    
    Full Advisory:
    http://www.secunia.com/advisories/10560/
    
     --
    
    [SA10559] jabberd SSL Denial of Service Vulnerability
    
    Critical:    Less critical
    Where:       From remote
    Impact:      DoS
    Released:    2004-01-07
    
    A vulnerability has been identified in jabber, allowing malicious
    people to cause a Denial of Service.
    
    Full Advisory:
    http://www.secunia.com/advisories/10559/
    
     --
    
    [SA10519] Mailman Admin Pages Cross-Site Scripting Vulnerabilities
    
    Critical:    Less critical
    Where:       From remote
    Impact:      Cross Site Scripting
    Released:    2004-01-01
    
    Vulnerabilities have been reported in Mailman, which can be exploited
    by malicious people to conduct cross-site scripting attacks.
    
    Full Advisory:
    http://www.secunia.com/advisories/10519/
    
     --
    
    [SA10505] ViewCVS Error Page Cross-Site Scripting Vulnerability
    
    Critical:    Less critical
    Where:       From remote
    Impact:      Cross Site Scripting
    Released:    2003-12-29
    
    Hugo Vazquez Carames has reported a vulnerability in ViewCVS, allowing
    malicious people to conduct cross-site scripting attacks.
    
    Full Advisory:
    http://www.secunia.com/advisories/10505/
    
     --
    
    [SA10464] Fedora update for ethereal
    
    Critical:    Less critical
    Where:       From remote
    Impact:      DoS
    Released:    2003-12-18
    
    Red Hat has issued updated packages for Ethereal. These fix multiple
    vulnerabilities, which potentially can be exploited by malicious people
    to cause a Denial of Service.
    
    Full Advisory:
    http://www.secunia.com/advisories/10464/
    
     --
    
    [SA10462] SARA Cross Site Scripting Vulnerability
    
    Critical:    Less critical
    Where:       From remote
    Impact:      Cross Site Scripting
    Released:    2003-12-18
    
    Thomas M. Payerle has reported a vulnerability in SARA allowing
    malicious people to conduct Cross Site Scripting.
    
    Full Advisory:
    http://www.secunia.com/advisories/10462/
    
     --
    
    [SA10572] Red Hat update for kernel
    
    Critical:    Less critical
    Where:       Local system
    Impact:      Privilege escalation
    Released:    2004-01-08
    
    Red Hat has issued updated packages for the kernel. These fix a
    vulnerability, which can be exploited by malicious, local users to gain
    escalated privileges.
    
    Full Advisory:
    http://www.secunia.com/advisories/10572/
    
     --
    
    [SA10569] Slackware update for kernel
    
    Critical:    Less critical
    Where:       Local system
    Impact:      Privilege escalation
    Released:    2004-01-08
    
    Slackware has issued updated packages for the kernel. These fix a
    vulnerability, which can be exploited by malicious, local users to gain
    escalated privileges.
    
    Full Advisory:
    http://www.secunia.com/advisories/10569/
    
     --
    
    [SA10564] Immunix update for kernel
    
    Critical:    Less critical
    Where:       Local system
    Impact:      Privilege escalation
    Released:    2004-01-07
    
    Immunix has issued updated packages for the kernel. These fix a
    vulnerability, which can be exploited by malicious, local users to gain
    escalated privileges.
    
    Full Advisory:
    http://www.secunia.com/advisories/10564/
    
     --
    
    [SA10558] Debian update for kernel
    
    Critical:    Less critical
    Where:       Local system
    Impact:      Privilege escalation
    Released:    2004-01-07
    
    Debian has issued updated packages for the kernel. These fix a
    vulnerability, which can be exploited by malicious, local users to gain
    escalated privileges.
    
    Full Advisory:
    http://www.secunia.com/advisories/10558/
    
     --
    
    [SA10555] Fedora update for kernel
    
    Critical:    Less critical
    Where:       Local system
    Impact:      Privilege escalation
    Released:    2004-01-06
    
    Red Hat has issued updated packages for the kernel. These fix two
    vulnerabilities, which may disclose sensitive information to malicious,
    local users or allow them to gain escalated privileges.
    
    Full Advisory:
    http://www.secunia.com/advisories/10555/
    
     --
    
    [SA10541] SuSE update for kernel
    
    Critical:    Less critical
    Where:       Local system
    Impact:      Privilege escalation
    Released:    2004-01-06
    
    SuSE has issued updated packages for the kernel. These fix two
    vulnerabilities, which may disclose sensitive information to malicious,
    local users or allow them to gain escalated privileges.
    
    Full Advisory:
    http://www.secunia.com/advisories/10541/
    
     --
    
    [SA10539] Debian update for screen
    
    Critical:    Less critical
    Where:       Local system
    Impact:      Privilege escalation
    Released:    2004-01-05
    
    Debian has issued updated packages for screen. These fix a
    vulnerability, which potentially may allow malicious, local users to
    escalate their privileges.
    
    Full Advisory:
    http://www.secunia.com/advisories/10539/
    
     --
    
    [SA10538] EnGarde update for kernel
    
    Critical:    Less critical
    Where:       Local system
    Impact:      Exposure of system information, Exposure of sensitive
    information, Privilege escalation
    Released:    2004-01-05
    
    Guardian Digital has issued updated packages for the kernel. These fix
    two vulnerabilities, which may disclose sensitive information to
    malicious, local users or allow them to gain escalated privileges.
    
    Full Advisory:
    http://www.secunia.com/advisories/10538/
    
     --
    
    [SA10537] Conectiva update for kernel
    
    Critical:    Less critical
    Where:       Local system
    Impact:      Exposure of system information, Exposure of sensitive
    information, Privilege escalation
    Released:    2004-01-05
    
    Conectiva has issued updated packages for the kernel. These fix two
    vulnerabilities, which may disclose sensitive information to malicious,
    local users or allow them to gain escalated privileges.
    
    Full Advisory:
    http://www.secunia.com/advisories/10537/
    
     --
    
    [SA10536] Red Hat update for kernel
    
    Critical:    Less critical
    Where:       Local system
    Impact:      Exposure of system information, Exposure of sensitive
    information, Privilege escalation
    Released:    2004-01-05
    
    Red Hat has issued updated packages for the kernel. These fix two
    vulnerabilities, which may disclose sensitive information to malicious,
    local users or allow them to gain escalated privileges.
    
    Full Advisory:
    http://www.secunia.com/advisories/10536/
    
     --
    
    [SA10534] Astaro update for kernel
    
    Critical:    Less critical
    Where:       Local system
    Impact:      Privilege escalation
    Released:    2004-01-05
    
    Astaro has issued an update for the kernel. This fixes a vulnerability,
    which can be exploited by malicious, local users to gain escalated
    privileges.
    
    Full Advisory:
    http://www.secunia.com/advisories/10534/
    
     --
    
    [SA10533] Linux Kernel Real Time Clock Kernel Memory Disclosure
    Vulnerability
    
    Critical:    Less critical
    Where:       Local system
    Impact:      Exposure of system information, Exposure of sensitive
    information
    Released:    2004-01-05
    
    A vulnerability has been reported in the Linux kernel, which
    potentially can be exploited by malicious, local users to gain
    knowledge of sensitive information.
    
    Full Advisory:
    http://www.secunia.com/advisories/10533/
    
     --
    
    [SA10532] Linux Kernel "mremap()" Privilege Escalation Vulnerability
    
    Critical:    Less critical
    Where:       Local system
    Impact:      Privilege escalation
    Released:    2004-01-05
    
    Paul Starzetz and Wojciech Purczynski have reported a vulnerability in
    the Linux kernel, which can be exploited by malicious, local users to
    escalate their privileges.
    
    Full Advisory:
    http://www.secunia.com/advisories/10532/
    
     --
    
    [SA10507] PHP / mod_php File Descriptor Leakage Vulnerability
    
    Critical:    Less critical
    Where:       Local system
    Impact:      Hijacking, Privilege escalation
    Released:    2003-12-29
    
    Steve Grubb has reported a vulnerability in PHP, which potentially can
    be exploited by malicious, local users to hi-jack the HTTPS port.
    
    Full Advisory:
    http://www.secunia.com/advisories/10507/
    
     --
    
    [SA10503] Gentoo update for CVS
    
    Critical:    Less critical
    Where:       Local system
    Impact:      Privilege escalation
    Released:    2003-12-29
    
    Gentoo has issued updated packages for CVS. These fix a vulnerability,
    which can be exploited by malicious users to gain escalated privileges
    on a vulnerable system.
    
    Full Advisory:
    http://www.secunia.com/advisories/10503/
    
     --
    
    [SA10502] CVS pserver "CVSROOT/passwd" Privilege Escalation
    Vulnerability
    
    Critical:    Less critical
    Where:       Local system
    Impact:      Privilege escalation
    Released:    2003-12-29
    
    A security issue has been identified in CVS, which can be exploited by
    malicious users to gain escalated privileges.
    
    Full Advisory:
    http://www.secunia.com/advisories/10502/
    
     --
    
    [SA10486] Sun Solaris tcsh Privilege Escalation Vulnerability
    
    Critical:    Less critical
    Where:       Local system
    Impact:      Privilege escalation
    Released:    2003-12-23
    
    Sun has reported a vulnerability in Solaris, which can be exploited by
    malicious, local users to escalate their privileges.
    
    Full Advisory:
    http://www.secunia.com/advisories/10486/
    
     --
    
    [SA10485] Sun Cobalt update for bash
    
    Critical:    Less critical
    Where:       Local system
    Impact:      Privilege escalation
    Released:    2003-12-23
    
    Sun has issued updated packages for bash. These fix an old
    vulnerability, which can be exploited by malicious, local users to
    perform certain actions on a system with escalated privileges.
    
    Full Advisory:
    http://www.secunia.com/advisories/10485/
    
     --
    
    [SA10475] Red Hat update for kernel
    
    Critical:    Less critical
    Where:       Local system
    Impact:      Privilege escalation
    Released:    2003-12-22
    
    Red Hat has issued updated packages for the kernel. These fix two
    vulnerabilities, which can be exploited by malicious, local users to
    gain escalated privileges.
    
    Full Advisory:
    http://www.secunia.com/advisories/10475/
    
     --
    
    [SA10471] AIX diag Unspecified Privilege Escalation Vulnerability
    
    Critical:    Less critical
    Where:       Local system
    Impact:      Privilege escalation
    Released:    2003-12-19
    
    IBM has reported a vulnerability in AIX, which can be exploited by
    malicious, local users to gain escalated privileges.
    
    Full Advisory:
    http://www.secunia.com/advisories/10471/
    
     --
    
    [SA10470] AIX enq Privilege Escalation Vulnerability
    
    Critical:    Less critical
    Where:       Local system
    Impact:      Privilege escalation
    Released:    2003-12-19
    
    IBM has reported a vulnerability in AIX, which can be exploited by
    certain malicious, local users to gain escalated privileges.
    
    Full Advisory:
    http://www.secunia.com/advisories/10470/
    
     --
    
    [SA10469] Mandrake update for XFree86
    
    Critical:    Less critical
    Where:       Local system
    Impact:      Privilege escalation
    Released:    2003-12-19
    
    MandrakeSoft has issued updated packages for XFree86. These fix a
    vulnerability in the XDM display manager, which potentially can be
    exploited by users to gain escalated privileges.
    
    Full Advisory:
    http://www.secunia.com/advisories/10469/
    
     --
    
    [SA10500] Internet Explorer for Mac Disclosure of Referer Information
    Weakness
    
    Critical:    Not critical
    Where:       From remote
    Impact:      Exposure of system information, Exposure of sensitive
    information
    Released:    2003-12-28
    
    Deane has reported a security issue in Internet Explorer for Mac, which
    potentially can disclose sensitive information.
    
    Full Advisory:
    http://www.secunia.com/advisories/10500/
    
     --
    
    [SA10542] Debian update for bind
    
    Critical:    Not critical
    Where:       From local network
    Impact:      DoS
    Released:    2004-01-06
    
    Debian has issued updated packages for bind. These fix a vulnerability,
    which can be exploited by malicious people to poison the DNS cache with
    negative entries.
    
    Full Advisory:
    http://www.secunia.com/advisories/10542/
    
     --
    
    [SA10552] Xsok "-xsokdir" Command Line Argument Privilege Escalation
    Vulnerability
    
    Critical:    Not critical
    Where:       Local system
    Impact:      Privilege escalation
    Released:    2004-01-06
    
    c0wboy has reported a vulnerability in Xsok, which potentially can be
    exploited by malicious, local users to gain escalated privileges.
    
    Full Advisory:
    http://www.secunia.com/advisories/10552/
    
     --
    
    [SA10514] Debian update for xsok
    
    Critical:    Not critical
    Where:       Local system
    Impact:      Privilege escalation
    Released:    2003-12-30
    
    Debian has issued updated packages for xsok. These fix a vulnerability,
    which can be exploited by malicious, local users to gain privileges as
    "group" games on a vulnerable system.
    
    Full Advisory:
    http://www.secunia.com/advisories/10514/
    
     --
    
    [SA10513] Xsok "LANG" Environment Variable Privilege Escalation
    Vulnerability
    
    Critical:    Not critical
    Where:       Local system
    Impact:      Privilege escalation
    Released:    2003-12-30
    
    A vulnerability has been reported in Xsok, which potentially can be
    exploited by malicious, local users to gain escalated privileges.
    
    Full Advisory:
    http://www.secunia.com/advisories/10513/
    
    
    Other:--
    
    [SA10473] Xerox Document Centre Directory Traversal Vulnerability
    
    Critical:    Moderately critical
    Where:       From local network
    Impact:      Exposure of system information, Exposure of sensitive
    information
    Released:    2003-12-22
    
    J.A. Gutierrez has reported a vulnerability in the Xerox Document
    Centre, which can be exploited by malicious people to gain knowledge of
    sensitive information.
    
    Full Advisory:
    http://www.secunia.com/advisories/10473/
    
     --
    
    [SA10520] Canon VB-C10R Network Camera Cross-Site Scripting
    Vulnerability
    
    Critical:    Less critical
    Where:       From remote
    Impact:      Cross Site Scripting
    Released:    2004-01-02
    
    Casey Townsend has reported a vulnerability in Canon VB-C10R Network
    Camera, which can be exploited by malicious people to conduct
    cross-site scripting attacks.
    
    Full Advisory:
    http://www.secunia.com/advisories/10520/
    
     --
    
    [SA10472] CyberGuard Error Page Cross-Site Scripting Vulnerability
    
    Critical:    Less critical
    Where:       From remote
    Impact:      Cross Site Scripting
    Released:    2003-12-22
    
    Jamie Fisher has identified a vulnerability in CyberGuard, which can be
    exploited by malicious people to conduct Cross-Site Scripting attacks.
    
    Full Advisory:
    http://www.secunia.com/advisories/10472/
    
     --
    
    [SA10524] Mac OS X Local Denial of Service Vulnerability
    
    Critical:    Not critical
    Where:       Local system
    Impact:      DoS
    Released:    2004-01-05
    
    Matt Burnett has reported a vulnerability in Mac OS X, which can be
    exploited by malicious, local users to cause a Denial of Service.
    
    Full Advisory:
    http://www.secunia.com/advisories/10524/
    
    
    Cross Platform:--
    
    [SA10565] PhpGedView Multiple Vulnerabilities
    
    Critical:    Highly critical
    Where:       From remote
    Impact:      Security Bypass, Cross Site Scripting, Exposure of system
    information, System access
    Released:    2004-01-07
    
    Windak has reported multiple vulnerabilities in PhpGedView, which can
    be exploited by malicious people to compromise a vulnerable system or
    conduct cross-site scripting attacks.
    
    Full Advisory:
    http://www.secunia.com/advisories/10565/
    
     --
    
    [SA10551] HotNews Arbitrary File Inclusion Vulnerability
    
    Critical:    Highly critical
    Where:       From remote
    Impact:      System access
    Released:    2004-01-06
    
    Officerrr has identified a vulnerability in HotNews, allowing malicious
    people to compromise a vulnerable system.
    
    Full Advisory:
    http://www.secunia.com/advisories/10551/
    
     --
    
    [SA10535] EasyDynamicPages Arbitrary File Inclusion Vulnerability
    
    Critical:    Highly critical
    Where:       From remote
    Impact:      System access
    Released:    2004-01-05
    
    tsbeginnervn has reported a vulnerability in EasyDynamicPages, which
    can be exploited by malicious people to compromise a vulnerable
    system.
    
    Full Advisory:
    http://www.secunia.com/advisories/10535/
    
     --
    
    [SA10509] PHP-Ping "count" Parameter Arbitrary Command Execution
    Vulnerability
    
    Critical:    Highly critical
    Where:       From remote
    Impact:      System access
    Released:    2003-12-30
    
    ppp-design has reported a vulnerability in PHP-Ping, which can be
    exploited by malicious people to compromise a vulnerable system.
    
    Full Advisory:
    http://www.secunia.com/advisories/10509/
    
     --
    
    [SA10504] KnowledgeBuilder Arbitrary File Inclusion Vulnerability
    
    Critical:    Highly critical
    Where:       From remote
    Impact:      System access
    Released:    2003-12-29
    
    Zero_X has reported a vulnerability in KnowledgeBuilder, allowing
    malicious people to include and execute arbitrary PHP code.
    
    Full Advisory:
    http://www.secunia.com/advisories/10504/
    
     --
    
    [SA10480] Subscribe Me Pro Installation Invocation
    
    Critical:    Highly critical
    Where:       From remote
    Impact:      System access
    Released:    2003-12-22
    
    Paul Craig has reported a vulnerability in Subscribe Me Pro, which can
    be exploited by malicious people to execute arbitrary commands.
    
    Full Advisory:
    http://www.secunia.com/advisories/10480/
    
     --
    
    [SA10477] BES-CMS Arbitrary File Inclusion Vulnerabilities
    
    Critical:    Highly critical
    Where:       From remote
    Impact:      System access
    Released:    2003-12-22
    
    Frog-m@n has reported multiple vulnerability in BES-CMS, which can be
    exploited by malicious people to compromise a vulnerable system.
    
    Full Advisory:
    http://www.secunia.com/advisories/10477/
    
     --
    
    [SA10476] Double Choco Latte Arbitrary File Inclusion Vulnerabilities
    
    Critical:    Highly critical
    Where:       From remote
    Impact:      System access
    Released:    2003-12-22
    
    Multiple vulnerabilities have been reported in Double Choco Latte,
    which can be exploited by malicious people to compromise a vulnerable
    system.
    
    Full Advisory:
    http://www.secunia.com/advisories/10476/
    
     --
    
    [SA10567] Phorum SQL Injection and Cross-Site Scripting
    Vulnerabilities
    
    Critical:    Moderately critical
    Where:       From remote
    Impact:      Cross Site Scripting, Manipulation of data, Exposure of
    system information, Exposure of sensitive information
    Released:    2004-01-07
    
    Calum Power has reported multiple vulnerabilities in Phorum, which can
    be exploited by malicious people to conduct cross-site scripting and
    SQL injection attacks.
    
    Full Advisory:
    http://www.secunia.com/advisories/10567/
    
     --
    
    [SA10557] vBulletin "calendar.php" SQL Injection Vulnerability
    
    Critical:    Moderately critical
    Where:       From remote
    Impact:      Manipulation of data
    Released:    2004-01-07
    
    mslug has reported a vulnerability in vBulletin, allowing malicious
    people to conduct SQL injection attacks.
    
    Full Advisory:
    http://www.secunia.com/advisories/10557/
    
     --
    
    [SA10554] PostCalendar Search Function SQL Injection Vulnerability
    
    Critical:    Moderately critical
    Where:       From remote
    Impact:      Manipulation of data, Exposure of system information,
    Exposure of sensitive information
    Released:    2004-01-06
    
    Klavs Klavsen has discovered a vulnerability in PostCalendar, which can
    be exploited by malicious people to conduct SQL injection attacks.
    
    Full Advisory:
    http://www.secunia.com/advisories/10554/
    
     --
    
    [SA10553] PostNuke SQL Injection and Cross Site Scripting
    Vulnerabilities
    
    Critical:    Moderately critical
    Where:       From remote
    Impact:      Exposure of system information, Exposure of sensitive
    information, Manipulation of data, Cross Site Scripting
    Released:    2004-01-06
    
    JeiAr has reported vulnerabilities in PostNuke, which can be exploited
    to conduct Cross Site Scripting and SQL injection attacks.
    
    Full Advisory:
    http://www.secunia.com/advisories/10553/
    
     --
    
    [SA10530] Invision Power Board "calendar.php" SQL Injection
    Vulnerability
    
    Critical:    Moderately critical
    Where:       From remote
    Impact:      Manipulation of data, Exposure of system information,
    Exposure of sensitive information
    Released:    2004-01-05
    
    Frog-m@n has reported a vulnerability in Invision Power Board, which
    can be exploited by malicious people to conduct SQL injection attacks.
    
    Full Advisory:
    http://www.secunia.com/advisories/10530/
    
     --
    
    [SA10516] PHPCatalog "id" Parameter SQL Injection Vulnerability
    
    Critical:    Moderately critical
    Where:       From remote
    Impact:      Exposure of sensitive information, Exposure of system
    information, Manipulation of data
    Released:    2003-12-30
    
    David S. Ferreira has identified a vulnerability in PHPCatalog,
    allowing malicious people to conduct SQL injection attacks.
    
    Full Advisory:
    http://www.secunia.com/advisories/10516/
    
     --
    
    [SA10508] PHP-Nuke "pollID" Parameter SQL Injection Vulnerability
    
    Critical:    Moderately critical
    Where:       From remote
    Impact:      Manipulation of data
    Released:    2003-12-29
    
    A vulnerability has been reported in PHP-Nuke, allowing malicious
    people to conduct SQL injection attacks.
    
    Full Advisory:
    http://www.secunia.com/advisories/10508/
    
     --
    
    [SA10498] OpenBB "FID" Parameter Cross-Site Scripting Vulnerability
    
    Critical:    Moderately critical
    Where:       From remote
    Impact:      Cross Site Scripting, Manipulation of data, Exposure of
    system information, Exposure of sensitive information
    Released:    2003-12-28
    
    gr00vy has reported a vulnerability in OpenBB, which can be exploited
    by malicious people to conduct Cross-Site Scripting attacks.
    
    Full Advisory:
    http://www.secunia.com/advisories/10498/
    
     --
    
    [SA10496] PsychoBlogger SQL Injection and Cross-Site Scripting
    Vulnerabilities
    
    Critical:    Moderately critical
    Where:       From remote
    Impact:      Cross Site Scripting, Manipulation of data, Exposure of
    system information, Exposure of sensitive information
    Released:    2003-12-28
    
    Calum Power has reported multiple vulnerabilities in PsychoBlogger,
    which can be exploited by malicious people to conduct Cross-Site
    Scripting attacks and SQL injection attacks.
    
    Full Advisory:
    http://www.secunia.com/advisories/10496/
    
     --
    
    [SA10488] ProjectForum and CourseForum Multiple Vulnerabilities
    
    Critical:    Moderately critical
    Where:       From remote
    Impact:      Cross Site Scripting, DoS
    Released:    2003-12-23
    
    Peter Winter-Smith has identified multiple vulnerabilities in
    ProjectForum and CourseForum, which can be exploited by malicious
    people to cause a DoS (Denial of Service) or conduct Cross-Site
    Scripting attacks.
    
    Full Advisory:
    http://www.secunia.com/advisories/10488/
    
     --
    
    [SA10467] AutoRank PHP SQL Injection Vulnerabilities
    
    Critical:    Moderately critical
    Where:       From remote
    Impact:      Manipulation of data, Exposure of system information,
    Exposure of sensitive information
    Released:    2003-12-19
    
    JeiAr has reported vulnerabilities in AutoRank PHP, which can be
    exploited by malicious people to conduct SQL injection attacks.
    
    Full Advisory:
    http://www.secunia.com/advisories/10467/
    
     --
    
    [SA10466] Web Art Factory CMS Unspecified User Authentication
    Vulnerability
    
    Critical:    Moderately critical
    Where:       From remote
    Impact:      Security Bypass
    Released:    2003-12-19
    
    Jose Torres and Ruben Recabarren have reported a vulnerability in Web
    Art Factory CMS, which can be exploited by malicious people to bypass
    the user authentication.
    
    Full Advisory:
    http://www.secunia.com/advisories/10466/
    
     --
    
    [SA10547] FreznoShop "search.php" Cross-Site Scripting Vulnerability
    
    Critical:    Less critical
    Where:       From remote
    Impact:      Cross Site Scripting
    Released:    2004-01-06
    
    David Sopas Ferreira has reported a vulnerability in FreznoShop, which
    can be exploited by malicious people to conduct cross-site scripting
    attacks.
    
    Full Advisory:
    http://www.secunia.com/advisories/10547/
    
     --
    
    [SA10546] ThWboard "board.php" Cross-Site Scripting Vulnerability
    
    Critical:    Less critical
    Where:       From remote
    Impact:      Cross Site Scripting
    Released:    2004-01-06
    
    theDon has reported a vulnerability in ThWboard, which can be exploited
    by malicious people to conduct cross-site scripting attacks.
    
    Full Advisory:
    http://www.secunia.com/advisories/10546/
    
     --
    
    [SA10517] miniBB Cross-Site Scripting Vulnerability
    
    Critical:    Less critical
    Where:       From remote
    Impact:      Cross Site Scripting
    Released:    2003-12-30
    
    Chintan Trivedi has reported a vulnerability in miniBB, allowing
    malicious users to conduct cross-site scripting attacks.
    
    Full Advisory:
    http://www.secunia.com/advisories/10517/
    
     --
    
    [SA10515] phpBB SQL Injection Vulnerability
    
    Critical:    Less critical
    Where:       From remote
    Impact:      Security Bypass
    Released:    2003-12-30
    
    Zarath has reported a vulnerability in phpBB, allowing malicious
    moderators to manipulate SQL queries.
    
    Full Advisory:
    http://www.secunia.com/advisories/10515/
    
     --
    
    [SA10501] Private Message System Cross-Site Scripting Vulnerability
    
    Critical:    Less critical
    Where:       From remote
    Impact:      Cross Site Scripting
    Released:    2003-12-29
    
    David Sopas Ferreira has discovered a vulnerability in Private Message
    System, which can be exploited by malicious people to conduct
    cross-site scripting attacks.
    
    Full Advisory:
    http://www.secunia.com/advisories/10501/
    
     --
    
    [SA10495] LISTSERV "WA" CGI Script Cross-Site Scripting Vulnerability
    
    Critical:    Less critical
    Where:       From remote
    Impact:      Cross Site Scripting
    Released:    2003-12-28
    
    http-equiv has discovered a vulnerability in LISTSERV, which can be
    exploited by malicious people to conduct cross-site scripting attacks.
    
    Full Advisory:
    http://www.secunia.com/advisories/10495/
    
     --
    
    [SA10489] My Little Forum Cross-Site Scripting Vulnerabilities
    
    Critical:    Less critical
    Where:       From remote
    Impact:      Cross Site Scripting
    Released:    2003-12-23
    
    David Sopas Ferreira has reported vulnerabilities in My Little Forum,
    which can be exploited by malicious people to conduct Cross-Site
    Scripting attacks.
    
    Full Advisory:
    http://www.secunia.com/advisories/10489/
    
     --
    
    [SA10482] Dada Mail Non-Random Verification PIN
    
    Critical:    Less critical
    Where:       From remote
    Impact:      Security Bypass
    Released:    2003-12-22
    
    Two vulnerabilities have been identified in Dada Mail, allowing
    malicious people to subscribe arbitrary people to the mailing list and
    possibly bypass the login function.
    
    Full Advisory:
    http://www.secunia.com/advisories/10482/
    
     --
    
    [SA10481] Xoops URL Parameter Cross Site Scripting Vulnerability
    
    Critical:    Less critical
    Where:       From remote
    Impact:      Cross Site Scripting
    Released:    2003-12-22
    
    Chintan Trivedi has reported a vulnerability in Xoops, which can be
    exploited by malicious people to conduct Cross Site Scripting attacks.
    
    Full Advisory:
    http://www.secunia.com/advisories/10481/
    
     --
    
    [SA10478] BoastMachine (bMachine) Comment Cross-Site Scripting
    Vulnerability
    
    Critical:    Less critical
    Where:       From remote
    Impact:      Cross Site Scripting
    Released:    2003-12-22
    
    David Sopas Ferreira has reported a vulnerability in BoastMachine
    (bMachine), which can be exploited by malicious users to conduct
    Cross-Site Scripting attacks.
    
    Full Advisory:
    http://www.secunia.com/advisories/10478/
    
    
    
    ========================================================================
    
    Secunia recommends that you verify all advisories you receive,
    by clicking the link.
    Secunia NEVER sends attached files with advisories.
    Secunia does not advise people to install third party patches, only use
    those supplied by the vendor.
    
    Definitions: (Criticality, Where etc.)
    http://www.secunia.com/about_secunia_advisories/
    
    Subscribe:
    http://www.secunia.com/secunia_weekly_summary/
    
    Contact details:
    Web	: http://www.secunia.com/
    E-mail	: support@private
    Tel	: +45 70 20 51 44
    Fax	: +45 70 20 51 45
    
    ========================================================================
    
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomo@private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Thu Jan 08 2004 - 08:10:08 PST