========================================================================
The Secunia Weekly Advisory Summary
2004-01-01 - 2004-01-08
This week : 106 advisories
========================================================================
Table of Contents:
1.....................................................Word From Secunia
2....................................................This Week In Brief
3...............................This Weeks Top Ten Most Read Advisories
4.......................................Vulnerabilities Summary Listing
5.......................................Vulnerabilities Content Listing
========================================================================
1) Word From Secunia:
Secunia Advisory IDs
Every advisory issued by Secunia has an unique identifier: The Secunia
Advisory ID (SA ID). The SA IDs make it very easy to reference,
identify, and find Secunia advisories.
A Shortcut to Secunia Advisories
Finding Secunia Advisories using SA IDs is easily done at the Secunia
website; either by simply entering the SA ID in our search form placed
on the right side of every Secunia web page, or by entering the SA ID
directly after the domain when visiting the Secunia website e.g.
http://secunia.com/SA10395
In the Secunia Weekly Summary SA IDs are displayed in brackets e.g.
[SA10395]
========================================================================
2) This Week in Brief:
Arman Nayyeri disclosed a variant of an older showHelp() zone bypass
vulnerability in Internet Explorer, which can be exploited to execute
arbitrary files in known locations, Arman Nayyeri included a sample
exploit, which demonstrates how the vulnerability can be exploited
using WinAmp to place an arbitrary file on the system, which afterwards
will be executed using the vulnerability in showHelp(). The
vulnerability has been confirmed on a fully patched Internet Explorer
and WinAmp 5.
Also, Internet Explorer for Mac was shown vulnerable to a minor
information disclosure vulnerability, which could result in 'referer'
information being sent to third party sites when leaving secure sites
using HTTPS.
Reference: [SA10500] & [SA10523]
Two vulnerabilities have been found in the Linux Kernel. The first is a
privilege escalation vulnerability, which can allow unprivileged users
to execute code with kernel level privileges. This vulnerability
affects both the 2.4.x and the 2.6.x series.
The second vulnerability can result in disclosure of kernel memory to
unprivileged users. This however, only affects the 2.4.x series.
Reference: [SA10532] & [SA10533]
TIP:
Finding Secunia advisories is easily done through the Secunia web site.
Simply enter the SA ID in the URL:
http://secunia.com/SA10500
========================================================================
3) This Weeks Top Ten Most Read Advisories:
1. [SA10395] Internet Explorer URL Spoofing Vulnerability
2. [SA10523] Internet Explorer showHelp() Restriction Bypass
Vulnerability
3. [SA10532] Linux Kernel "mremap()" Privilege Escalation
Vulnerability
4. [SA10289] Internet Explorer System Compromise Vulnerabilities
5. [SA10533] Linux Kernel Real Time Clock Kernel Memory Disclosure
Vulnerability
6. [SA10536] Red Hat update for kernel
7. [SA10519] Mailman Admin Pages Cross-Site Scripting Vulnerabilities
8. [SA10353] rsync File Handling Integer Overflow Vulnerability
9. [SA10529] Microsoft Word Form Protection Bypass Vulnerability
10. [SA10522] Flash FTP Server Directory Traversal Vulnerabilities
========================================================================
4) Vulnerabilities Summary Listing
Windows:
[SA10527] Webcam Watchdog Web Interface Buffer Overflow Vulnerability
[SA10511] NETObserve User Authentication Bypass Vulnerability
[SA10497] LANDesk Management Suite "ircrboot.dll" Buffer Overflow
Vulnerability
[SA10492] Xlight FTP Server Buffer Overflow Vulnerability
[SA10491] PlatinumFTPServer Format String Vulnerability
[SA10523] Internet Explorer showHelp() Restriction Bypass
Vulnerability
[SA10522] Flash FTP Server Directory Traversal Vulnerabilities
[SA10512] MDaemon Raw Message Handler Buffer Overflow Vulnerability
[SA10484] DCAM Server Directory Traversal Vulnerability
[SA10479] Active WebCam Directory Traversal and Cross-Site Scripting
[SA10468] Kerio Personal Firewall TCP Stealth Scan Detection
Vulnerability
[SA10465] ASPapp Products Multiple Vulnerabilities
[SA10510] Jordan Windows Telnet Server Username Buffer Overflow
Vulnerability
[SA10526] GoodTech Telnet Server Denial of Service Vulnerability
[SA10521] Switch Off HTTP Request Handling Vulnerabilities
[SA10506] Microsoft Internet Information Services Track Log Bypass
[SA10490] Cesar FTP Denial of Service Vulnerability
[SA10529] Microsoft Word Form Protection Bypass Vulnerability
UNIX/Linux:
[SA10562] Debian update for FSP
[SA10561] FSP Multiple Vulnerabilities
[SA10487] Sun Grid Engine OpenSSL Vulnerabilities
[SA10474] Mac OS X Security Update Fixes Multiple Vulnerabilities
[SA10563] Debian update for zebra
[SA10550] Debian update for nd
[SA10549] nd Buffer Overflow Vulnerabilities
[SA10548] Conectiva update for lftp
[SA10545] Debian update for mpg321
[SA10544] mpg321 Remotely Exploitable Vulnerability
[SA10543] Debian update for libnids
[SA10531] Debian update for ethereal
[SA10525] Debian update for lftp
[SA10518] Cherokee POST Request Denial of Service Vulnerability
[SA10499] Indent File Parsing Buffer Overflow Vulnerability
[SA10494] Pico Server Directory Traversal Vulnerability
[SA10493] Squirrelmail Address Parsing Execution of Arbitrary Commands
[SA10483] mvdsv Download Function Buffer Overflow Vulnerability
[SA10570] Red Hat update for Ethereal
[SA10568] Conectiva update for ethereal
[SA10560] Debian update for jabber
[SA10559] jabberd SSL Denial of Service Vulnerability
[SA10519] Mailman Admin Pages Cross-Site Scripting Vulnerabilities
[SA10505] ViewCVS Error Page Cross-Site Scripting Vulnerability
[SA10464] Fedora update for ethereal
[SA10462] SARA Cross Site Scripting Vulnerability
[SA10572] Red Hat update for kernel
[SA10569] Slackware update for kernel
[SA10564] Immunix update for kernel
[SA10558] Debian update for kernel
[SA10555] Fedora update for kernel
[SA10541] SuSE update for kernel
[SA10539] Debian update for screen
[SA10538] EnGarde update for kernel
[SA10537] Conectiva update for kernel
[SA10536] Red Hat update for kernel
[SA10534] Astaro update for kernel
[SA10533] Linux Kernel Real Time Clock Kernel Memory Disclosure
Vulnerability
[SA10532] Linux Kernel "mremap()" Privilege Escalation Vulnerability
[SA10507] PHP / mod_php File Descriptor Leakage Vulnerability
[SA10503] Gentoo update for CVS
[SA10502] CVS pserver "CVSROOT/passwd" Privilege Escalation
Vulnerability
[SA10486] Sun Solaris tcsh Privilege Escalation Vulnerability
[SA10485] Sun Cobalt update for bash
[SA10475] Red Hat update for kernel
[SA10471] AIX diag Unspecified Privilege Escalation Vulnerability
[SA10470] AIX enq Privilege Escalation Vulnerability
[SA10469] Mandrake update for XFree86
[SA10500] Internet Explorer for Mac Disclosure of Referer Information
Weakness
[SA10542] Debian update for bind
[SA10552] Xsok "-xsokdir" Command Line Argument Privilege Escalation
Vulnerability
[SA10514] Debian update for xsok
[SA10513] Xsok "LANG" Environment Variable Privilege Escalation
Vulnerability
Other:
[SA10473] Xerox Document Centre Directory Traversal Vulnerability
[SA10520] Canon VB-C10R Network Camera Cross-Site Scripting
Vulnerability
[SA10472] CyberGuard Error Page Cross-Site Scripting Vulnerability
[SA10524] Mac OS X Local Denial of Service Vulnerability
Cross Platform:
[SA10565] PhpGedView Multiple Vulnerabilities
[SA10551] HotNews Arbitrary File Inclusion Vulnerability
[SA10535] EasyDynamicPages Arbitrary File Inclusion Vulnerability
[SA10509] PHP-Ping "count" Parameter Arbitrary Command Execution
Vulnerability
[SA10504] KnowledgeBuilder Arbitrary File Inclusion Vulnerability
[SA10480] Subscribe Me Pro Installation Invocation
[SA10477] BES-CMS Arbitrary File Inclusion Vulnerabilities
[SA10476] Double Choco Latte Arbitrary File Inclusion Vulnerabilities
[SA10567] Phorum SQL Injection and Cross-Site Scripting
Vulnerabilities
[SA10557] vBulletin "calendar.php" SQL Injection Vulnerability
[SA10554] PostCalendar Search Function SQL Injection Vulnerability
[SA10553] PostNuke SQL Injection and Cross Site Scripting
Vulnerabilities
[SA10530] Invision Power Board "calendar.php" SQL Injection
Vulnerability
[SA10516] PHPCatalog "id" Parameter SQL Injection Vulnerability
[SA10508] PHP-Nuke "pollID" Parameter SQL Injection Vulnerability
[SA10498] OpenBB "FID" Parameter Cross-Site Scripting Vulnerability
[SA10496] PsychoBlogger SQL Injection and Cross-Site Scripting
Vulnerabilities
[SA10488] ProjectForum and CourseForum Multiple Vulnerabilities
[SA10467] AutoRank PHP SQL Injection Vulnerabilities
[SA10466] Web Art Factory CMS Unspecified User Authentication
Vulnerability
[SA10547] FreznoShop "search.php" Cross-Site Scripting Vulnerability
[SA10546] ThWboard "board.php" Cross-Site Scripting Vulnerability
[SA10517] miniBB Cross-Site Scripting Vulnerability
[SA10515] phpBB SQL Injection Vulnerability
[SA10501] Private Message System Cross-Site Scripting Vulnerability
[SA10495] LISTSERV "WA" CGI Script Cross-Site Scripting Vulnerability
[SA10489] My Little Forum Cross-Site Scripting Vulnerabilities
[SA10482] Dada Mail Non-Random Verification PIN
[SA10481] Xoops URL Parameter Cross Site Scripting Vulnerability
[SA10478] BoastMachine (bMachine) Comment Cross-Site Scripting
Vulnerability
========================================================================
5) Vulnerabilities Content Listing
Windows:--
[SA10527] Webcam Watchdog Web Interface Buffer Overflow Vulnerability
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2004-01-05
Peter Winter-Smith has reported a vulnerability in Webcam Watchdog,
which can be exploited by malicious people to compromise a vulnerable
system.
Full Advisory:
http://www.secunia.com/advisories/10527/
--
[SA10511] NETObserve User Authentication Bypass Vulnerability
Critical: Highly critical
Where: From remote
Impact: Security Bypass
Released: 2003-12-30
Peter Winter-Smith has reported a vulnerability in NETObserve, which
can be exploited by malicious people to compromise a vulnerable
system.
Full Advisory:
http://www.secunia.com/advisories/10511/
--
[SA10497] LANDesk Management Suite "ircrboot.dll" Buffer Overflow
Vulnerability
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2003-12-28
Tri Huynh has reported a vulnerability in LANDesk Management Suite,
which potentially can be exploited by malicious people to compromise a
vulnerable system.
Full Advisory:
http://www.secunia.com/advisories/10497/
--
[SA10492] Xlight FTP Server Buffer Overflow Vulnerability
Critical: Highly critical
Where: From remote
Impact: DoS, System access
Released: 2003-12-24
A vulnerability has been identified in Xlight FTP Server allowing
malicious people to cause a Denial of Service or potentially compromise
a vulnerable system.
Full Advisory:
http://www.secunia.com/advisories/10492/
--
[SA10491] PlatinumFTPServer Format String Vulnerability
Critical: Highly critical
Where: From local network
Impact: DoS, System access
Released: 2003-12-24
Jan-Olivier Filiols and Philippe Oechslin have reported a vulnerability
in PlatinumFTPServer which potentially can be exploit to compromise a
vulnerable system or cause a Denial of Service.
Full Advisory:
http://www.secunia.com/advisories/10491/
--
[SA10523] Internet Explorer showHelp() Restriction Bypass
Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Security Bypass
Released: 2004-01-02
Arman Nayyeri has discovered a variant of the older showHelp() zone
bypass vulnerability, which works in Internet Explorer with all current
patches.
Full Advisory:
http://www.secunia.com/advisories/10523/
--
[SA10522] Flash FTP Server Directory Traversal Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Exposure of system information, Exposure of sensitive
information
Released: 2004-01-03
Dr_insane has reported vulnerabilities in Flash FTP Server, which can
be exploited by malicious users to conduct directory traversal
attacks.
Full Advisory:
http://www.secunia.com/advisories/10522/
--
[SA10512] MDaemon Raw Message Handler Buffer Overflow Vulnerability
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2003-12-30
Hat-Squad Security Team has reported a vulnerability in MDaemon, which
can be exploited by malicious users to compromise a vulnerable system.
Full Advisory:
http://www.secunia.com/advisories/10512/
--
[SA10484] DCAM Server Directory Traversal Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Exposure of system information, Exposure of sensitive
information
Released: 2003-12-23
Luigi Auriemma has reported a vulnerability in DCAM Server, which can
be exploited by malicious people to gain knowledge of sensitive
information.
Full Advisory:
http://www.secunia.com/advisories/10484/
--
[SA10479] Active WebCam Directory Traversal and Cross-Site Scripting
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting, Exposure of system information,
Exposure of sensitive information
Released: 2003-12-22
Luigi Auriemma has reported two vulnerabilities in Active WebCam, which
can be exploited by malicious people to read arbitrary files on a
system and conduct Cross-Site Scripting attacks.
Full Advisory:
http://www.secunia.com/advisories/10479/
--
[SA10468] Kerio Personal Firewall TCP Stealth Scan Detection
Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Security Bypass
Released: 2003-12-19
Kerio has reported a vulnerability in their Kerio Personal Firewall,
which may be exploited by malicious people to port scan users'
systems.
Full Advisory:
http://www.secunia.com/advisories/10468/
--
[SA10465] ASPapp Products Multiple Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Hijacking, Cross Site Scripting, Manipulation of data,
Exposure of sensitive information, Privilege escalation
Released: 2003-12-19
JeiAr and parag0d have reported vulnerabilities in PortalApp,
IntranetApp, and ProjectApp. These can be exploited by malicious people
to gain higher privileges than intended, hijack other users' accounts,
and conduct Cross-Site Scripting attacks.
Full Advisory:
http://www.secunia.com/advisories/10465/
--
[SA10510] Jordan Windows Telnet Server Username Buffer Overflow
Vulnerability
Critical: Moderately critical
Where: From local network
Impact: System access
Released: 2003-12-30
Luigi Auriemma has reported a vulnerability in Jordan's Windows Telnet
Server, which potentially can be exploited by malicious people to
compromise a vulnerable system.
Full Advisory:
http://www.secunia.com/advisories/10510/
--
[SA10526] GoodTech Telnet Server Denial of Service Vulnerability
Critical: Less critical
Where: From local network
Impact: DoS
Released: 2004-01-05
Donato Ferrante has reported a vulnerability in GoodTech Telnet Server,
which can be exploited by malicious people to cause a DoS (Denial of
Service).
Full Advisory:
http://www.secunia.com/advisories/10526/
--
[SA10521] Switch Off HTTP Request Handling Vulnerabilities
Critical: Less critical
Where: From local network
Impact: DoS, System access
Released: 2004-01-03
Peter Winter-Smith has reported three vulnerabilities in Switch Off,
which can be exploited by malicious people to cause a DoS (Denial of
Service) and potentially compromise a vulnerable system.
Full Advisory:
http://www.secunia.com/advisories/10521/
--
[SA10506] Microsoft Internet Information Services Track Log Bypass
Critical: Not critical
Where: From remote
Impact: Security Bypass
Released: 2003-12-29
Parcifal Aertssen has reported a security issue in Microsoft Internet
Information Services (IIS), which can be exploited by malicious people
to make requests without being logged.
Full Advisory:
http://www.secunia.com/advisories/10506/
--
[SA10490] Cesar FTP Denial of Service Vulnerability
Critical: Not critical
Where: From remote
Impact: DoS
Released: 2003-12-24
A vulnerability has been identified in Cesar FTP allowing malicious
users to cause the FTP server to consume large amounts of CPU power.
Full Advisory:
http://www.secunia.com/advisories/10490/
--
[SA10529] Microsoft Word Form Protection Bypass Vulnerability
Critical: Not critical
Where: Local system
Impact: Manipulation of data
Released: 2004-01-05
Thorsten Delbrouck has reported a vulnerability in Microsoft Word,
which can be exploited by malicious people to manipulate protected
documents.
Full Advisory:
http://www.secunia.com/advisories/10529/
UNIX/Linux:--
[SA10562] Debian update for FSP
Critical: Highly critical
Where: From remote
Impact: Exposure of sensitive information, System access
Released: 2004-01-07
Debian has issued updated packages for FSP. These fix two
vulnerabilities, allowing malicious people to view arbitrary files and
potentially gain system access.
Full Advisory:
http://www.secunia.com/advisories/10562/
--
[SA10561] FSP Multiple Vulnerabilities
Critical: Highly critical
Where: From remote
Impact: Exposure of sensitive information, System access
Released: 2004-01-07
Two vulnerabilities have been identified in FSP, allowing malicious
people to gain system access or view files outside the root directory.
Full Advisory:
http://www.secunia.com/advisories/10561/
--
[SA10487] Sun Grid Engine OpenSSL Vulnerabilities
Critical: Highly critical
Where: From remote
Impact: DoS, System access
Released: 2003-12-23
Sun has reported that Sun Grid Engine (SGE) is affected by the recent
OpenSSL vulnerabilities, which can be exploited by malicious people to
cause a DoS (Denial of Service) and potentially compromise a vulnerable
system.
Full Advisory:
http://www.secunia.com/advisories/10487/
--
[SA10474] Mac OS X Security Update Fixes Multiple Vulnerabilities
Critical: Highly critical
Where: From remote
Impact: Security Bypass, Privilege escalation, DoS, System access
Released: 2003-12-22
Apple has issued security updates for Mac OS X. These fix several
vulnerabilities, which can be exploited by malicious people to perform
a variety of attacks.
Full Advisory:
http://www.secunia.com/advisories/10474/
--
[SA10563] Debian update for zebra
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2004-01-07
Debian has issued updated packages for Zebra. These fix two
vulnerabilities, allowing malicious people and local users to cause a
Denial of Service.
Full Advisory:
http://www.secunia.com/advisories/10563/
--
[SA10550] Debian update for nd
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2004-01-06
Debian has issued updated packages for nd. These fix multiple
vulnerabilities, which can be exploited by malicious people to
compromise a user's system.
Full Advisory:
http://www.secunia.com/advisories/10550/
--
[SA10549] nd Buffer Overflow Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2004-01-06
Multiple vulnerabilities have been identified in nd, which can be
exploited by malicious people to compromise a user's system.
Full Advisory:
http://www.secunia.com/advisories/10549/
--
[SA10548] Conectiva update for lftp
Critical: Moderately critical
Where: From remote
Impact: System access, DoS
Released: 2004-01-06
Conectiva has issued updated packages for lftp. These fix two
vulnerabilities, which potentially can be exploited by malicious people
to compromise a user's system.
Full Advisory:
http://www.secunia.com/advisories/10548/
--
[SA10545] Debian update for mpg321
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2004-01-06
Debian has issued updated packages for mpg321. These fix a
vulnerability, which potentially may allow malicious people to gain
system access.
Full Advisory:
http://www.secunia.com/advisories/10545/
--
[SA10544] mpg321 Remotely Exploitable Vulnerability
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2004-01-06
A vulnerability has been identified in mpg321, allowing malicious
people to execute arbitrary code.
Full Advisory:
http://www.secunia.com/advisories/10544/
--
[SA10543] Debian update for libnids
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2004-01-06
Debian has issued updated packages for libnids. These fix a
vulnerability, which can be exploited by malicious people to compromise
a vulnerable system.
Full Advisory:
http://www.secunia.com/advisories/10543/
--
[SA10531] Debian update for ethereal
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2004-01-05
Debian has issued updated packages for Ethereal. These fix multiple
vulnerabilities, which potentially can be exploited by malicious people
to compromise a vulnerable system running Ethereal or cause a DoS
(Denial of Service).
Full Advisory:
http://www.secunia.com/advisories/10531/
--
[SA10525] Debian update for lftp
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2004-01-05
Debian has issued updated packages for lftp. These fix two
vulnerabilities, which potentially can be exploited by malicious people
to compromise a user's system.
Full Advisory:
http://www.secunia.com/advisories/10525/
--
[SA10518] Cherokee POST Request Denial of Service Vulnerability
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2004-01-01
A vulnerability has been reported in Cherokee, which can be exploited
by malicious people to cause a DoS (Denial of Service).
Full Advisory:
http://www.secunia.com/advisories/10518/
--
[SA10499] Indent File Parsing Buffer Overflow Vulnerability
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2003-12-28
Winnie The Pooh Hacking Squadron has reported a vulnerability in
Indent, which potentially can be exploited to compromise a user's
system.
Full Advisory:
http://www.secunia.com/advisories/10499/
--
[SA10494] Pico Server Directory Traversal Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Exposure of system information, Exposure of sensitive
information
Released: 2003-12-27
Donato Ferrante has reported a vulnerability in Pico Server (pServ),
which can be exploited by malicious people to gain knowledge of
sensitive information.
Full Advisory:
http://www.secunia.com/advisories/10494/
--
[SA10493] Squirrelmail Address Parsing Execution of Arbitrary Commands
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2003-12-26
A vulnerability has been reported in Squirrelmail, potentially allowing
malicious users to execute arbitrary system commands.
Full Advisory:
http://www.secunia.com/advisories/10493/
--
[SA10483] mvdsv Download Function Buffer Overflow Vulnerability
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2003-12-22
A vulnerability has been reported in mvdsv, possibly allowing malicious
people to execute arbitrary code.
Full Advisory:
http://www.secunia.com/advisories/10483/
--
[SA10570] Red Hat update for Ethereal
Critical: Less critical
Where: From remote
Impact: DoS
Released: 2004-01-08
Red Hat has issued updated packages for ethereal. These fix two
vulnerabilities, which can be exploited by malicious people to crash
the application.
Full Advisory:
http://www.secunia.com/advisories/10570/
--
[SA10568] Conectiva update for ethereal
Critical: Less critical
Where: From remote
Impact: DoS
Released: 2004-01-07
Conectiva has issued updated packages for ethereal. These fix two
vulnerabilities, which can be exploited by malicious people to crash
the application.
Full Advisory:
http://www.secunia.com/advisories/10568/
--
[SA10560] Debian update for jabber
Critical: Less critical
Where: From remote
Impact: DoS
Released: 2004-01-07
Debian has issued updated packages for jabber. These fix a
vulnerability, which can be exploited by malicious people to cause a
Denial of Service.
Full Advisory:
http://www.secunia.com/advisories/10560/
--
[SA10559] jabberd SSL Denial of Service Vulnerability
Critical: Less critical
Where: From remote
Impact: DoS
Released: 2004-01-07
A vulnerability has been identified in jabber, allowing malicious
people to cause a Denial of Service.
Full Advisory:
http://www.secunia.com/advisories/10559/
--
[SA10519] Mailman Admin Pages Cross-Site Scripting Vulnerabilities
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2004-01-01
Vulnerabilities have been reported in Mailman, which can be exploited
by malicious people to conduct cross-site scripting attacks.
Full Advisory:
http://www.secunia.com/advisories/10519/
--
[SA10505] ViewCVS Error Page Cross-Site Scripting Vulnerability
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2003-12-29
Hugo Vazquez Carames has reported a vulnerability in ViewCVS, allowing
malicious people to conduct cross-site scripting attacks.
Full Advisory:
http://www.secunia.com/advisories/10505/
--
[SA10464] Fedora update for ethereal
Critical: Less critical
Where: From remote
Impact: DoS
Released: 2003-12-18
Red Hat has issued updated packages for Ethereal. These fix multiple
vulnerabilities, which potentially can be exploited by malicious people
to cause a Denial of Service.
Full Advisory:
http://www.secunia.com/advisories/10464/
--
[SA10462] SARA Cross Site Scripting Vulnerability
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2003-12-18
Thomas M. Payerle has reported a vulnerability in SARA allowing
malicious people to conduct Cross Site Scripting.
Full Advisory:
http://www.secunia.com/advisories/10462/
--
[SA10572] Red Hat update for kernel
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2004-01-08
Red Hat has issued updated packages for the kernel. These fix a
vulnerability, which can be exploited by malicious, local users to gain
escalated privileges.
Full Advisory:
http://www.secunia.com/advisories/10572/
--
[SA10569] Slackware update for kernel
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2004-01-08
Slackware has issued updated packages for the kernel. These fix a
vulnerability, which can be exploited by malicious, local users to gain
escalated privileges.
Full Advisory:
http://www.secunia.com/advisories/10569/
--
[SA10564] Immunix update for kernel
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2004-01-07
Immunix has issued updated packages for the kernel. These fix a
vulnerability, which can be exploited by malicious, local users to gain
escalated privileges.
Full Advisory:
http://www.secunia.com/advisories/10564/
--
[SA10558] Debian update for kernel
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2004-01-07
Debian has issued updated packages for the kernel. These fix a
vulnerability, which can be exploited by malicious, local users to gain
escalated privileges.
Full Advisory:
http://www.secunia.com/advisories/10558/
--
[SA10555] Fedora update for kernel
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2004-01-06
Red Hat has issued updated packages for the kernel. These fix two
vulnerabilities, which may disclose sensitive information to malicious,
local users or allow them to gain escalated privileges.
Full Advisory:
http://www.secunia.com/advisories/10555/
--
[SA10541] SuSE update for kernel
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2004-01-06
SuSE has issued updated packages for the kernel. These fix two
vulnerabilities, which may disclose sensitive information to malicious,
local users or allow them to gain escalated privileges.
Full Advisory:
http://www.secunia.com/advisories/10541/
--
[SA10539] Debian update for screen
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2004-01-05
Debian has issued updated packages for screen. These fix a
vulnerability, which potentially may allow malicious, local users to
escalate their privileges.
Full Advisory:
http://www.secunia.com/advisories/10539/
--
[SA10538] EnGarde update for kernel
Critical: Less critical
Where: Local system
Impact: Exposure of system information, Exposure of sensitive
information, Privilege escalation
Released: 2004-01-05
Guardian Digital has issued updated packages for the kernel. These fix
two vulnerabilities, which may disclose sensitive information to
malicious, local users or allow them to gain escalated privileges.
Full Advisory:
http://www.secunia.com/advisories/10538/
--
[SA10537] Conectiva update for kernel
Critical: Less critical
Where: Local system
Impact: Exposure of system information, Exposure of sensitive
information, Privilege escalation
Released: 2004-01-05
Conectiva has issued updated packages for the kernel. These fix two
vulnerabilities, which may disclose sensitive information to malicious,
local users or allow them to gain escalated privileges.
Full Advisory:
http://www.secunia.com/advisories/10537/
--
[SA10536] Red Hat update for kernel
Critical: Less critical
Where: Local system
Impact: Exposure of system information, Exposure of sensitive
information, Privilege escalation
Released: 2004-01-05
Red Hat has issued updated packages for the kernel. These fix two
vulnerabilities, which may disclose sensitive information to malicious,
local users or allow them to gain escalated privileges.
Full Advisory:
http://www.secunia.com/advisories/10536/
--
[SA10534] Astaro update for kernel
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2004-01-05
Astaro has issued an update for the kernel. This fixes a vulnerability,
which can be exploited by malicious, local users to gain escalated
privileges.
Full Advisory:
http://www.secunia.com/advisories/10534/
--
[SA10533] Linux Kernel Real Time Clock Kernel Memory Disclosure
Vulnerability
Critical: Less critical
Where: Local system
Impact: Exposure of system information, Exposure of sensitive
information
Released: 2004-01-05
A vulnerability has been reported in the Linux kernel, which
potentially can be exploited by malicious, local users to gain
knowledge of sensitive information.
Full Advisory:
http://www.secunia.com/advisories/10533/
--
[SA10532] Linux Kernel "mremap()" Privilege Escalation Vulnerability
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2004-01-05
Paul Starzetz and Wojciech Purczynski have reported a vulnerability in
the Linux kernel, which can be exploited by malicious, local users to
escalate their privileges.
Full Advisory:
http://www.secunia.com/advisories/10532/
--
[SA10507] PHP / mod_php File Descriptor Leakage Vulnerability
Critical: Less critical
Where: Local system
Impact: Hijacking, Privilege escalation
Released: 2003-12-29
Steve Grubb has reported a vulnerability in PHP, which potentially can
be exploited by malicious, local users to hi-jack the HTTPS port.
Full Advisory:
http://www.secunia.com/advisories/10507/
--
[SA10503] Gentoo update for CVS
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2003-12-29
Gentoo has issued updated packages for CVS. These fix a vulnerability,
which can be exploited by malicious users to gain escalated privileges
on a vulnerable system.
Full Advisory:
http://www.secunia.com/advisories/10503/
--
[SA10502] CVS pserver "CVSROOT/passwd" Privilege Escalation
Vulnerability
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2003-12-29
A security issue has been identified in CVS, which can be exploited by
malicious users to gain escalated privileges.
Full Advisory:
http://www.secunia.com/advisories/10502/
--
[SA10486] Sun Solaris tcsh Privilege Escalation Vulnerability
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2003-12-23
Sun has reported a vulnerability in Solaris, which can be exploited by
malicious, local users to escalate their privileges.
Full Advisory:
http://www.secunia.com/advisories/10486/
--
[SA10485] Sun Cobalt update for bash
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2003-12-23
Sun has issued updated packages for bash. These fix an old
vulnerability, which can be exploited by malicious, local users to
perform certain actions on a system with escalated privileges.
Full Advisory:
http://www.secunia.com/advisories/10485/
--
[SA10475] Red Hat update for kernel
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2003-12-22
Red Hat has issued updated packages for the kernel. These fix two
vulnerabilities, which can be exploited by malicious, local users to
gain escalated privileges.
Full Advisory:
http://www.secunia.com/advisories/10475/
--
[SA10471] AIX diag Unspecified Privilege Escalation Vulnerability
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2003-12-19
IBM has reported a vulnerability in AIX, which can be exploited by
malicious, local users to gain escalated privileges.
Full Advisory:
http://www.secunia.com/advisories/10471/
--
[SA10470] AIX enq Privilege Escalation Vulnerability
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2003-12-19
IBM has reported a vulnerability in AIX, which can be exploited by
certain malicious, local users to gain escalated privileges.
Full Advisory:
http://www.secunia.com/advisories/10470/
--
[SA10469] Mandrake update for XFree86
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2003-12-19
MandrakeSoft has issued updated packages for XFree86. These fix a
vulnerability in the XDM display manager, which potentially can be
exploited by users to gain escalated privileges.
Full Advisory:
http://www.secunia.com/advisories/10469/
--
[SA10500] Internet Explorer for Mac Disclosure of Referer Information
Weakness
Critical: Not critical
Where: From remote
Impact: Exposure of system information, Exposure of sensitive
information
Released: 2003-12-28
Deane has reported a security issue in Internet Explorer for Mac, which
potentially can disclose sensitive information.
Full Advisory:
http://www.secunia.com/advisories/10500/
--
[SA10542] Debian update for bind
Critical: Not critical
Where: From local network
Impact: DoS
Released: 2004-01-06
Debian has issued updated packages for bind. These fix a vulnerability,
which can be exploited by malicious people to poison the DNS cache with
negative entries.
Full Advisory:
http://www.secunia.com/advisories/10542/
--
[SA10552] Xsok "-xsokdir" Command Line Argument Privilege Escalation
Vulnerability
Critical: Not critical
Where: Local system
Impact: Privilege escalation
Released: 2004-01-06
c0wboy has reported a vulnerability in Xsok, which potentially can be
exploited by malicious, local users to gain escalated privileges.
Full Advisory:
http://www.secunia.com/advisories/10552/
--
[SA10514] Debian update for xsok
Critical: Not critical
Where: Local system
Impact: Privilege escalation
Released: 2003-12-30
Debian has issued updated packages for xsok. These fix a vulnerability,
which can be exploited by malicious, local users to gain privileges as
"group" games on a vulnerable system.
Full Advisory:
http://www.secunia.com/advisories/10514/
--
[SA10513] Xsok "LANG" Environment Variable Privilege Escalation
Vulnerability
Critical: Not critical
Where: Local system
Impact: Privilege escalation
Released: 2003-12-30
A vulnerability has been reported in Xsok, which potentially can be
exploited by malicious, local users to gain escalated privileges.
Full Advisory:
http://www.secunia.com/advisories/10513/
Other:--
[SA10473] Xerox Document Centre Directory Traversal Vulnerability
Critical: Moderately critical
Where: From local network
Impact: Exposure of system information, Exposure of sensitive
information
Released: 2003-12-22
J.A. Gutierrez has reported a vulnerability in the Xerox Document
Centre, which can be exploited by malicious people to gain knowledge of
sensitive information.
Full Advisory:
http://www.secunia.com/advisories/10473/
--
[SA10520] Canon VB-C10R Network Camera Cross-Site Scripting
Vulnerability
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2004-01-02
Casey Townsend has reported a vulnerability in Canon VB-C10R Network
Camera, which can be exploited by malicious people to conduct
cross-site scripting attacks.
Full Advisory:
http://www.secunia.com/advisories/10520/
--
[SA10472] CyberGuard Error Page Cross-Site Scripting Vulnerability
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2003-12-22
Jamie Fisher has identified a vulnerability in CyberGuard, which can be
exploited by malicious people to conduct Cross-Site Scripting attacks.
Full Advisory:
http://www.secunia.com/advisories/10472/
--
[SA10524] Mac OS X Local Denial of Service Vulnerability
Critical: Not critical
Where: Local system
Impact: DoS
Released: 2004-01-05
Matt Burnett has reported a vulnerability in Mac OS X, which can be
exploited by malicious, local users to cause a Denial of Service.
Full Advisory:
http://www.secunia.com/advisories/10524/
Cross Platform:--
[SA10565] PhpGedView Multiple Vulnerabilities
Critical: Highly critical
Where: From remote
Impact: Security Bypass, Cross Site Scripting, Exposure of system
information, System access
Released: 2004-01-07
Windak has reported multiple vulnerabilities in PhpGedView, which can
be exploited by malicious people to compromise a vulnerable system or
conduct cross-site scripting attacks.
Full Advisory:
http://www.secunia.com/advisories/10565/
--
[SA10551] HotNews Arbitrary File Inclusion Vulnerability
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2004-01-06
Officerrr has identified a vulnerability in HotNews, allowing malicious
people to compromise a vulnerable system.
Full Advisory:
http://www.secunia.com/advisories/10551/
--
[SA10535] EasyDynamicPages Arbitrary File Inclusion Vulnerability
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2004-01-05
tsbeginnervn has reported a vulnerability in EasyDynamicPages, which
can be exploited by malicious people to compromise a vulnerable
system.
Full Advisory:
http://www.secunia.com/advisories/10535/
--
[SA10509] PHP-Ping "count" Parameter Arbitrary Command Execution
Vulnerability
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2003-12-30
ppp-design has reported a vulnerability in PHP-Ping, which can be
exploited by malicious people to compromise a vulnerable system.
Full Advisory:
http://www.secunia.com/advisories/10509/
--
[SA10504] KnowledgeBuilder Arbitrary File Inclusion Vulnerability
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2003-12-29
Zero_X has reported a vulnerability in KnowledgeBuilder, allowing
malicious people to include and execute arbitrary PHP code.
Full Advisory:
http://www.secunia.com/advisories/10504/
--
[SA10480] Subscribe Me Pro Installation Invocation
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2003-12-22
Paul Craig has reported a vulnerability in Subscribe Me Pro, which can
be exploited by malicious people to execute arbitrary commands.
Full Advisory:
http://www.secunia.com/advisories/10480/
--
[SA10477] BES-CMS Arbitrary File Inclusion Vulnerabilities
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2003-12-22
Frog-m@n has reported multiple vulnerability in BES-CMS, which can be
exploited by malicious people to compromise a vulnerable system.
Full Advisory:
http://www.secunia.com/advisories/10477/
--
[SA10476] Double Choco Latte Arbitrary File Inclusion Vulnerabilities
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2003-12-22
Multiple vulnerabilities have been reported in Double Choco Latte,
which can be exploited by malicious people to compromise a vulnerable
system.
Full Advisory:
http://www.secunia.com/advisories/10476/
--
[SA10567] Phorum SQL Injection and Cross-Site Scripting
Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting, Manipulation of data, Exposure of
system information, Exposure of sensitive information
Released: 2004-01-07
Calum Power has reported multiple vulnerabilities in Phorum, which can
be exploited by malicious people to conduct cross-site scripting and
SQL injection attacks.
Full Advisory:
http://www.secunia.com/advisories/10567/
--
[SA10557] vBulletin "calendar.php" SQL Injection Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2004-01-07
mslug has reported a vulnerability in vBulletin, allowing malicious
people to conduct SQL injection attacks.
Full Advisory:
http://www.secunia.com/advisories/10557/
--
[SA10554] PostCalendar Search Function SQL Injection Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data, Exposure of system information,
Exposure of sensitive information
Released: 2004-01-06
Klavs Klavsen has discovered a vulnerability in PostCalendar, which can
be exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://www.secunia.com/advisories/10554/
--
[SA10553] PostNuke SQL Injection and Cross Site Scripting
Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Exposure of system information, Exposure of sensitive
information, Manipulation of data, Cross Site Scripting
Released: 2004-01-06
JeiAr has reported vulnerabilities in PostNuke, which can be exploited
to conduct Cross Site Scripting and SQL injection attacks.
Full Advisory:
http://www.secunia.com/advisories/10553/
--
[SA10530] Invision Power Board "calendar.php" SQL Injection
Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data, Exposure of system information,
Exposure of sensitive information
Released: 2004-01-05
Frog-m@n has reported a vulnerability in Invision Power Board, which
can be exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://www.secunia.com/advisories/10530/
--
[SA10516] PHPCatalog "id" Parameter SQL Injection Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Exposure of sensitive information, Exposure of system
information, Manipulation of data
Released: 2003-12-30
David S. Ferreira has identified a vulnerability in PHPCatalog,
allowing malicious people to conduct SQL injection attacks.
Full Advisory:
http://www.secunia.com/advisories/10516/
--
[SA10508] PHP-Nuke "pollID" Parameter SQL Injection Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2003-12-29
A vulnerability has been reported in PHP-Nuke, allowing malicious
people to conduct SQL injection attacks.
Full Advisory:
http://www.secunia.com/advisories/10508/
--
[SA10498] OpenBB "FID" Parameter Cross-Site Scripting Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting, Manipulation of data, Exposure of
system information, Exposure of sensitive information
Released: 2003-12-28
gr00vy has reported a vulnerability in OpenBB, which can be exploited
by malicious people to conduct Cross-Site Scripting attacks.
Full Advisory:
http://www.secunia.com/advisories/10498/
--
[SA10496] PsychoBlogger SQL Injection and Cross-Site Scripting
Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting, Manipulation of data, Exposure of
system information, Exposure of sensitive information
Released: 2003-12-28
Calum Power has reported multiple vulnerabilities in PsychoBlogger,
which can be exploited by malicious people to conduct Cross-Site
Scripting attacks and SQL injection attacks.
Full Advisory:
http://www.secunia.com/advisories/10496/
--
[SA10488] ProjectForum and CourseForum Multiple Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting, DoS
Released: 2003-12-23
Peter Winter-Smith has identified multiple vulnerabilities in
ProjectForum and CourseForum, which can be exploited by malicious
people to cause a DoS (Denial of Service) or conduct Cross-Site
Scripting attacks.
Full Advisory:
http://www.secunia.com/advisories/10488/
--
[SA10467] AutoRank PHP SQL Injection Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data, Exposure of system information,
Exposure of sensitive information
Released: 2003-12-19
JeiAr has reported vulnerabilities in AutoRank PHP, which can be
exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://www.secunia.com/advisories/10467/
--
[SA10466] Web Art Factory CMS Unspecified User Authentication
Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Security Bypass
Released: 2003-12-19
Jose Torres and Ruben Recabarren have reported a vulnerability in Web
Art Factory CMS, which can be exploited by malicious people to bypass
the user authentication.
Full Advisory:
http://www.secunia.com/advisories/10466/
--
[SA10547] FreznoShop "search.php" Cross-Site Scripting Vulnerability
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2004-01-06
David Sopas Ferreira has reported a vulnerability in FreznoShop, which
can be exploited by malicious people to conduct cross-site scripting
attacks.
Full Advisory:
http://www.secunia.com/advisories/10547/
--
[SA10546] ThWboard "board.php" Cross-Site Scripting Vulnerability
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2004-01-06
theDon has reported a vulnerability in ThWboard, which can be exploited
by malicious people to conduct cross-site scripting attacks.
Full Advisory:
http://www.secunia.com/advisories/10546/
--
[SA10517] miniBB Cross-Site Scripting Vulnerability
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2003-12-30
Chintan Trivedi has reported a vulnerability in miniBB, allowing
malicious users to conduct cross-site scripting attacks.
Full Advisory:
http://www.secunia.com/advisories/10517/
--
[SA10515] phpBB SQL Injection Vulnerability
Critical: Less critical
Where: From remote
Impact: Security Bypass
Released: 2003-12-30
Zarath has reported a vulnerability in phpBB, allowing malicious
moderators to manipulate SQL queries.
Full Advisory:
http://www.secunia.com/advisories/10515/
--
[SA10501] Private Message System Cross-Site Scripting Vulnerability
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2003-12-29
David Sopas Ferreira has discovered a vulnerability in Private Message
System, which can be exploited by malicious people to conduct
cross-site scripting attacks.
Full Advisory:
http://www.secunia.com/advisories/10501/
--
[SA10495] LISTSERV "WA" CGI Script Cross-Site Scripting Vulnerability
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2003-12-28
http-equiv has discovered a vulnerability in LISTSERV, which can be
exploited by malicious people to conduct cross-site scripting attacks.
Full Advisory:
http://www.secunia.com/advisories/10495/
--
[SA10489] My Little Forum Cross-Site Scripting Vulnerabilities
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2003-12-23
David Sopas Ferreira has reported vulnerabilities in My Little Forum,
which can be exploited by malicious people to conduct Cross-Site
Scripting attacks.
Full Advisory:
http://www.secunia.com/advisories/10489/
--
[SA10482] Dada Mail Non-Random Verification PIN
Critical: Less critical
Where: From remote
Impact: Security Bypass
Released: 2003-12-22
Two vulnerabilities have been identified in Dada Mail, allowing
malicious people to subscribe arbitrary people to the mailing list and
possibly bypass the login function.
Full Advisory:
http://www.secunia.com/advisories/10482/
--
[SA10481] Xoops URL Parameter Cross Site Scripting Vulnerability
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2003-12-22
Chintan Trivedi has reported a vulnerability in Xoops, which can be
exploited by malicious people to conduct Cross Site Scripting attacks.
Full Advisory:
http://www.secunia.com/advisories/10481/
--
[SA10478] BoastMachine (bMachine) Comment Cross-Site Scripting
Vulnerability
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2003-12-22
David Sopas Ferreira has reported a vulnerability in BoastMachine
(bMachine), which can be exploited by malicious users to conduct
Cross-Site Scripting attacks.
Full Advisory:
http://www.secunia.com/advisories/10478/
========================================================================
Secunia recommends that you verify all advisories you receive,
by clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only use
those supplied by the vendor.
Definitions: (Criticality, Where etc.)
http://www.secunia.com/about_secunia_advisories/
Subscribe:
http://www.secunia.com/secunia_weekly_summary/
Contact details:
Web : http://www.secunia.com/
E-mail : support@private
Tel : +45 70 20 51 44
Fax : +45 70 20 51 45
========================================================================
-
ISN is currently hosted by Attrition.org
To unsubscribe email majordomo@private with 'unsubscribe isn'
in the BODY of the mail.
This archive was generated by hypermail 2b30 : Thu Jan 08 2004 - 08:10:08 PST