======================================================================== The Secunia Weekly Advisory Summary 2004-01-01 - 2004-01-08 This week : 106 advisories ======================================================================== Table of Contents: 1.....................................................Word From Secunia 2....................................................This Week In Brief 3...............................This Weeks Top Ten Most Read Advisories 4.......................................Vulnerabilities Summary Listing 5.......................................Vulnerabilities Content Listing ======================================================================== 1) Word From Secunia: Secunia Advisory IDs Every advisory issued by Secunia has an unique identifier: The Secunia Advisory ID (SA ID). The SA IDs make it very easy to reference, identify, and find Secunia advisories. A Shortcut to Secunia Advisories Finding Secunia Advisories using SA IDs is easily done at the Secunia website; either by simply entering the SA ID in our search form placed on the right side of every Secunia web page, or by entering the SA ID directly after the domain when visiting the Secunia website e.g. http://secunia.com/SA10395 In the Secunia Weekly Summary SA IDs are displayed in brackets e.g. [SA10395] ======================================================================== 2) This Week in Brief: Arman Nayyeri disclosed a variant of an older showHelp() zone bypass vulnerability in Internet Explorer, which can be exploited to execute arbitrary files in known locations, Arman Nayyeri included a sample exploit, which demonstrates how the vulnerability can be exploited using WinAmp to place an arbitrary file on the system, which afterwards will be executed using the vulnerability in showHelp(). The vulnerability has been confirmed on a fully patched Internet Explorer and WinAmp 5. Also, Internet Explorer for Mac was shown vulnerable to a minor information disclosure vulnerability, which could result in 'referer' information being sent to third party sites when leaving secure sites using HTTPS. Reference: [SA10500] & [SA10523] Two vulnerabilities have been found in the Linux Kernel. The first is a privilege escalation vulnerability, which can allow unprivileged users to execute code with kernel level privileges. This vulnerability affects both the 2.4.x and the 2.6.x series. The second vulnerability can result in disclosure of kernel memory to unprivileged users. This however, only affects the 2.4.x series. Reference: [SA10532] & [SA10533] TIP: Finding Secunia advisories is easily done through the Secunia web site. Simply enter the SA ID in the URL: http://secunia.com/SA10500 ======================================================================== 3) This Weeks Top Ten Most Read Advisories: 1. [SA10395] Internet Explorer URL Spoofing Vulnerability 2. [SA10523] Internet Explorer showHelp() Restriction Bypass Vulnerability 3. [SA10532] Linux Kernel "mremap()" Privilege Escalation Vulnerability 4. [SA10289] Internet Explorer System Compromise Vulnerabilities 5. [SA10533] Linux Kernel Real Time Clock Kernel Memory Disclosure Vulnerability 6. [SA10536] Red Hat update for kernel 7. [SA10519] Mailman Admin Pages Cross-Site Scripting Vulnerabilities 8. [SA10353] rsync File Handling Integer Overflow Vulnerability 9. [SA10529] Microsoft Word Form Protection Bypass Vulnerability 10. [SA10522] Flash FTP Server Directory Traversal Vulnerabilities ======================================================================== 4) Vulnerabilities Summary Listing Windows: [SA10527] Webcam Watchdog Web Interface Buffer Overflow Vulnerability [SA10511] NETObserve User Authentication Bypass Vulnerability [SA10497] LANDesk Management Suite "ircrboot.dll" Buffer Overflow Vulnerability [SA10492] Xlight FTP Server Buffer Overflow Vulnerability [SA10491] PlatinumFTPServer Format String Vulnerability [SA10523] Internet Explorer showHelp() Restriction Bypass Vulnerability [SA10522] Flash FTP Server Directory Traversal Vulnerabilities [SA10512] MDaemon Raw Message Handler Buffer Overflow Vulnerability [SA10484] DCAM Server Directory Traversal Vulnerability [SA10479] Active WebCam Directory Traversal and Cross-Site Scripting [SA10468] Kerio Personal Firewall TCP Stealth Scan Detection Vulnerability [SA10465] ASPapp Products Multiple Vulnerabilities [SA10510] Jordan Windows Telnet Server Username Buffer Overflow Vulnerability [SA10526] GoodTech Telnet Server Denial of Service Vulnerability [SA10521] Switch Off HTTP Request Handling Vulnerabilities [SA10506] Microsoft Internet Information Services Track Log Bypass [SA10490] Cesar FTP Denial of Service Vulnerability [SA10529] Microsoft Word Form Protection Bypass Vulnerability UNIX/Linux: [SA10562] Debian update for FSP [SA10561] FSP Multiple Vulnerabilities [SA10487] Sun Grid Engine OpenSSL Vulnerabilities [SA10474] Mac OS X Security Update Fixes Multiple Vulnerabilities [SA10563] Debian update for zebra [SA10550] Debian update for nd [SA10549] nd Buffer Overflow Vulnerabilities [SA10548] Conectiva update for lftp [SA10545] Debian update for mpg321 [SA10544] mpg321 Remotely Exploitable Vulnerability [SA10543] Debian update for libnids [SA10531] Debian update for ethereal [SA10525] Debian update for lftp [SA10518] Cherokee POST Request Denial of Service Vulnerability [SA10499] Indent File Parsing Buffer Overflow Vulnerability [SA10494] Pico Server Directory Traversal Vulnerability [SA10493] Squirrelmail Address Parsing Execution of Arbitrary Commands [SA10483] mvdsv Download Function Buffer Overflow Vulnerability [SA10570] Red Hat update for Ethereal [SA10568] Conectiva update for ethereal [SA10560] Debian update for jabber [SA10559] jabberd SSL Denial of Service Vulnerability [SA10519] Mailman Admin Pages Cross-Site Scripting Vulnerabilities [SA10505] ViewCVS Error Page Cross-Site Scripting Vulnerability [SA10464] Fedora update for ethereal [SA10462] SARA Cross Site Scripting Vulnerability [SA10572] Red Hat update for kernel [SA10569] Slackware update for kernel [SA10564] Immunix update for kernel [SA10558] Debian update for kernel [SA10555] Fedora update for kernel [SA10541] SuSE update for kernel [SA10539] Debian update for screen [SA10538] EnGarde update for kernel [SA10537] Conectiva update for kernel [SA10536] Red Hat update for kernel [SA10534] Astaro update for kernel [SA10533] Linux Kernel Real Time Clock Kernel Memory Disclosure Vulnerability [SA10532] Linux Kernel "mremap()" Privilege Escalation Vulnerability [SA10507] PHP / mod_php File Descriptor Leakage Vulnerability [SA10503] Gentoo update for CVS [SA10502] CVS pserver "CVSROOT/passwd" Privilege Escalation Vulnerability [SA10486] Sun Solaris tcsh Privilege Escalation Vulnerability [SA10485] Sun Cobalt update for bash [SA10475] Red Hat update for kernel [SA10471] AIX diag Unspecified Privilege Escalation Vulnerability [SA10470] AIX enq Privilege Escalation Vulnerability [SA10469] Mandrake update for XFree86 [SA10500] Internet Explorer for Mac Disclosure of Referer Information Weakness [SA10542] Debian update for bind [SA10552] Xsok "-xsokdir" Command Line Argument Privilege Escalation Vulnerability [SA10514] Debian update for xsok [SA10513] Xsok "LANG" Environment Variable Privilege Escalation Vulnerability Other: [SA10473] Xerox Document Centre Directory Traversal Vulnerability [SA10520] Canon VB-C10R Network Camera Cross-Site Scripting Vulnerability [SA10472] CyberGuard Error Page Cross-Site Scripting Vulnerability [SA10524] Mac OS X Local Denial of Service Vulnerability Cross Platform: [SA10565] PhpGedView Multiple Vulnerabilities [SA10551] HotNews Arbitrary File Inclusion Vulnerability [SA10535] EasyDynamicPages Arbitrary File Inclusion Vulnerability [SA10509] PHP-Ping "count" Parameter Arbitrary Command Execution Vulnerability [SA10504] KnowledgeBuilder Arbitrary File Inclusion Vulnerability [SA10480] Subscribe Me Pro Installation Invocation [SA10477] BES-CMS Arbitrary File Inclusion Vulnerabilities [SA10476] Double Choco Latte Arbitrary File Inclusion Vulnerabilities [SA10567] Phorum SQL Injection and Cross-Site Scripting Vulnerabilities [SA10557] vBulletin "calendar.php" SQL Injection Vulnerability [SA10554] PostCalendar Search Function SQL Injection Vulnerability [SA10553] PostNuke SQL Injection and Cross Site Scripting Vulnerabilities [SA10530] Invision Power Board "calendar.php" SQL Injection Vulnerability [SA10516] PHPCatalog "id" Parameter SQL Injection Vulnerability [SA10508] PHP-Nuke "pollID" Parameter SQL Injection Vulnerability [SA10498] OpenBB "FID" Parameter Cross-Site Scripting Vulnerability [SA10496] PsychoBlogger SQL Injection and Cross-Site Scripting Vulnerabilities [SA10488] ProjectForum and CourseForum Multiple Vulnerabilities [SA10467] AutoRank PHP SQL Injection Vulnerabilities [SA10466] Web Art Factory CMS Unspecified User Authentication Vulnerability [SA10547] FreznoShop "search.php" Cross-Site Scripting Vulnerability [SA10546] ThWboard "board.php" Cross-Site Scripting Vulnerability [SA10517] miniBB Cross-Site Scripting Vulnerability [SA10515] phpBB SQL Injection Vulnerability [SA10501] Private Message System Cross-Site Scripting Vulnerability [SA10495] LISTSERV "WA" CGI Script Cross-Site Scripting Vulnerability [SA10489] My Little Forum Cross-Site Scripting Vulnerabilities [SA10482] Dada Mail Non-Random Verification PIN [SA10481] Xoops URL Parameter Cross Site Scripting Vulnerability [SA10478] BoastMachine (bMachine) Comment Cross-Site Scripting Vulnerability ======================================================================== 5) Vulnerabilities Content Listing Windows:-- [SA10527] Webcam Watchdog Web Interface Buffer Overflow Vulnerability Critical: Highly critical Where: From remote Impact: System access Released: 2004-01-05 Peter Winter-Smith has reported a vulnerability in Webcam Watchdog, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://www.secunia.com/advisories/10527/ -- [SA10511] NETObserve User Authentication Bypass Vulnerability Critical: Highly critical Where: From remote Impact: Security Bypass Released: 2003-12-30 Peter Winter-Smith has reported a vulnerability in NETObserve, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://www.secunia.com/advisories/10511/ -- [SA10497] LANDesk Management Suite "ircrboot.dll" Buffer Overflow Vulnerability Critical: Highly critical Where: From remote Impact: System access Released: 2003-12-28 Tri Huynh has reported a vulnerability in LANDesk Management Suite, which potentially can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://www.secunia.com/advisories/10497/ -- [SA10492] Xlight FTP Server Buffer Overflow Vulnerability Critical: Highly critical Where: From remote Impact: DoS, System access Released: 2003-12-24 A vulnerability has been identified in Xlight FTP Server allowing malicious people to cause a Denial of Service or potentially compromise a vulnerable system. Full Advisory: http://www.secunia.com/advisories/10492/ -- [SA10491] PlatinumFTPServer Format String Vulnerability Critical: Highly critical Where: From local network Impact: DoS, System access Released: 2003-12-24 Jan-Olivier Filiols and Philippe Oechslin have reported a vulnerability in PlatinumFTPServer which potentially can be exploit to compromise a vulnerable system or cause a Denial of Service. Full Advisory: http://www.secunia.com/advisories/10491/ -- [SA10523] Internet Explorer showHelp() Restriction Bypass Vulnerability Critical: Moderately critical Where: From remote Impact: Security Bypass Released: 2004-01-02 Arman Nayyeri has discovered a variant of the older showHelp() zone bypass vulnerability, which works in Internet Explorer with all current patches. Full Advisory: http://www.secunia.com/advisories/10523/ -- [SA10522] Flash FTP Server Directory Traversal Vulnerabilities Critical: Moderately critical Where: From remote Impact: Exposure of system information, Exposure of sensitive information Released: 2004-01-03 Dr_insane has reported vulnerabilities in Flash FTP Server, which can be exploited by malicious users to conduct directory traversal attacks. Full Advisory: http://www.secunia.com/advisories/10522/ -- [SA10512] MDaemon Raw Message Handler Buffer Overflow Vulnerability Critical: Moderately critical Where: From remote Impact: System access Released: 2003-12-30 Hat-Squad Security Team has reported a vulnerability in MDaemon, which can be exploited by malicious users to compromise a vulnerable system. Full Advisory: http://www.secunia.com/advisories/10512/ -- [SA10484] DCAM Server Directory Traversal Vulnerability Critical: Moderately critical Where: From remote Impact: Exposure of system information, Exposure of sensitive information Released: 2003-12-23 Luigi Auriemma has reported a vulnerability in DCAM Server, which can be exploited by malicious people to gain knowledge of sensitive information. Full Advisory: http://www.secunia.com/advisories/10484/ -- [SA10479] Active WebCam Directory Traversal and Cross-Site Scripting Critical: Moderately critical Where: From remote Impact: Cross Site Scripting, Exposure of system information, Exposure of sensitive information Released: 2003-12-22 Luigi Auriemma has reported two vulnerabilities in Active WebCam, which can be exploited by malicious people to read arbitrary files on a system and conduct Cross-Site Scripting attacks. Full Advisory: http://www.secunia.com/advisories/10479/ -- [SA10468] Kerio Personal Firewall TCP Stealth Scan Detection Vulnerability Critical: Moderately critical Where: From remote Impact: Security Bypass Released: 2003-12-19 Kerio has reported a vulnerability in their Kerio Personal Firewall, which may be exploited by malicious people to port scan users' systems. Full Advisory: http://www.secunia.com/advisories/10468/ -- [SA10465] ASPapp Products Multiple Vulnerabilities Critical: Moderately critical Where: From remote Impact: Hijacking, Cross Site Scripting, Manipulation of data, Exposure of sensitive information, Privilege escalation Released: 2003-12-19 JeiAr and parag0d have reported vulnerabilities in PortalApp, IntranetApp, and ProjectApp. These can be exploited by malicious people to gain higher privileges than intended, hijack other users' accounts, and conduct Cross-Site Scripting attacks. Full Advisory: http://www.secunia.com/advisories/10465/ -- [SA10510] Jordan Windows Telnet Server Username Buffer Overflow Vulnerability Critical: Moderately critical Where: From local network Impact: System access Released: 2003-12-30 Luigi Auriemma has reported a vulnerability in Jordan's Windows Telnet Server, which potentially can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://www.secunia.com/advisories/10510/ -- [SA10526] GoodTech Telnet Server Denial of Service Vulnerability Critical: Less critical Where: From local network Impact: DoS Released: 2004-01-05 Donato Ferrante has reported a vulnerability in GoodTech Telnet Server, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://www.secunia.com/advisories/10526/ -- [SA10521] Switch Off HTTP Request Handling Vulnerabilities Critical: Less critical Where: From local network Impact: DoS, System access Released: 2004-01-03 Peter Winter-Smith has reported three vulnerabilities in Switch Off, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system. Full Advisory: http://www.secunia.com/advisories/10521/ -- [SA10506] Microsoft Internet Information Services Track Log Bypass Critical: Not critical Where: From remote Impact: Security Bypass Released: 2003-12-29 Parcifal Aertssen has reported a security issue in Microsoft Internet Information Services (IIS), which can be exploited by malicious people to make requests without being logged. Full Advisory: http://www.secunia.com/advisories/10506/ -- [SA10490] Cesar FTP Denial of Service Vulnerability Critical: Not critical Where: From remote Impact: DoS Released: 2003-12-24 A vulnerability has been identified in Cesar FTP allowing malicious users to cause the FTP server to consume large amounts of CPU power. Full Advisory: http://www.secunia.com/advisories/10490/ -- [SA10529] Microsoft Word Form Protection Bypass Vulnerability Critical: Not critical Where: Local system Impact: Manipulation of data Released: 2004-01-05 Thorsten Delbrouck has reported a vulnerability in Microsoft Word, which can be exploited by malicious people to manipulate protected documents. Full Advisory: http://www.secunia.com/advisories/10529/ UNIX/Linux:-- [SA10562] Debian update for FSP Critical: Highly critical Where: From remote Impact: Exposure of sensitive information, System access Released: 2004-01-07 Debian has issued updated packages for FSP. These fix two vulnerabilities, allowing malicious people to view arbitrary files and potentially gain system access. Full Advisory: http://www.secunia.com/advisories/10562/ -- [SA10561] FSP Multiple Vulnerabilities Critical: Highly critical Where: From remote Impact: Exposure of sensitive information, System access Released: 2004-01-07 Two vulnerabilities have been identified in FSP, allowing malicious people to gain system access or view files outside the root directory. Full Advisory: http://www.secunia.com/advisories/10561/ -- [SA10487] Sun Grid Engine OpenSSL Vulnerabilities Critical: Highly critical Where: From remote Impact: DoS, System access Released: 2003-12-23 Sun has reported that Sun Grid Engine (SGE) is affected by the recent OpenSSL vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system. Full Advisory: http://www.secunia.com/advisories/10487/ -- [SA10474] Mac OS X Security Update Fixes Multiple Vulnerabilities Critical: Highly critical Where: From remote Impact: Security Bypass, Privilege escalation, DoS, System access Released: 2003-12-22 Apple has issued security updates for Mac OS X. These fix several vulnerabilities, which can be exploited by malicious people to perform a variety of attacks. Full Advisory: http://www.secunia.com/advisories/10474/ -- [SA10563] Debian update for zebra Critical: Moderately critical Where: From remote Impact: DoS Released: 2004-01-07 Debian has issued updated packages for Zebra. These fix two vulnerabilities, allowing malicious people and local users to cause a Denial of Service. Full Advisory: http://www.secunia.com/advisories/10563/ -- [SA10550] Debian update for nd Critical: Moderately critical Where: From remote Impact: System access Released: 2004-01-06 Debian has issued updated packages for nd. These fix multiple vulnerabilities, which can be exploited by malicious people to compromise a user's system. Full Advisory: http://www.secunia.com/advisories/10550/ -- [SA10549] nd Buffer Overflow Vulnerabilities Critical: Moderately critical Where: From remote Impact: System access Released: 2004-01-06 Multiple vulnerabilities have been identified in nd, which can be exploited by malicious people to compromise a user's system. Full Advisory: http://www.secunia.com/advisories/10549/ -- [SA10548] Conectiva update for lftp Critical: Moderately critical Where: From remote Impact: System access, DoS Released: 2004-01-06 Conectiva has issued updated packages for lftp. These fix two vulnerabilities, which potentially can be exploited by malicious people to compromise a user's system. Full Advisory: http://www.secunia.com/advisories/10548/ -- [SA10545] Debian update for mpg321 Critical: Moderately critical Where: From remote Impact: System access Released: 2004-01-06 Debian has issued updated packages for mpg321. These fix a vulnerability, which potentially may allow malicious people to gain system access. Full Advisory: http://www.secunia.com/advisories/10545/ -- [SA10544] mpg321 Remotely Exploitable Vulnerability Critical: Moderately critical Where: From remote Impact: System access Released: 2004-01-06 A vulnerability has been identified in mpg321, allowing malicious people to execute arbitrary code. Full Advisory: http://www.secunia.com/advisories/10544/ -- [SA10543] Debian update for libnids Critical: Moderately critical Where: From remote Impact: DoS, System access Released: 2004-01-06 Debian has issued updated packages for libnids. These fix a vulnerability, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://www.secunia.com/advisories/10543/ -- [SA10531] Debian update for ethereal Critical: Moderately critical Where: From remote Impact: DoS, System access Released: 2004-01-05 Debian has issued updated packages for Ethereal. These fix multiple vulnerabilities, which potentially can be exploited by malicious people to compromise a vulnerable system running Ethereal or cause a DoS (Denial of Service). Full Advisory: http://www.secunia.com/advisories/10531/ -- [SA10525] Debian update for lftp Critical: Moderately critical Where: From remote Impact: DoS, System access Released: 2004-01-05 Debian has issued updated packages for lftp. These fix two vulnerabilities, which potentially can be exploited by malicious people to compromise a user's system. Full Advisory: http://www.secunia.com/advisories/10525/ -- [SA10518] Cherokee POST Request Denial of Service Vulnerability Critical: Moderately critical Where: From remote Impact: DoS Released: 2004-01-01 A vulnerability has been reported in Cherokee, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://www.secunia.com/advisories/10518/ -- [SA10499] Indent File Parsing Buffer Overflow Vulnerability Critical: Moderately critical Where: From remote Impact: System access Released: 2003-12-28 Winnie The Pooh Hacking Squadron has reported a vulnerability in Indent, which potentially can be exploited to compromise a user's system. Full Advisory: http://www.secunia.com/advisories/10499/ -- [SA10494] Pico Server Directory Traversal Vulnerability Critical: Moderately critical Where: From remote Impact: Exposure of system information, Exposure of sensitive information Released: 2003-12-27 Donato Ferrante has reported a vulnerability in Pico Server (pServ), which can be exploited by malicious people to gain knowledge of sensitive information. Full Advisory: http://www.secunia.com/advisories/10494/ -- [SA10493] Squirrelmail Address Parsing Execution of Arbitrary Commands Critical: Moderately critical Where: From remote Impact: System access Released: 2003-12-26 A vulnerability has been reported in Squirrelmail, potentially allowing malicious users to execute arbitrary system commands. Full Advisory: http://www.secunia.com/advisories/10493/ -- [SA10483] mvdsv Download Function Buffer Overflow Vulnerability Critical: Moderately critical Where: From remote Impact: System access Released: 2003-12-22 A vulnerability has been reported in mvdsv, possibly allowing malicious people to execute arbitrary code. Full Advisory: http://www.secunia.com/advisories/10483/ -- [SA10570] Red Hat update for Ethereal Critical: Less critical Where: From remote Impact: DoS Released: 2004-01-08 Red Hat has issued updated packages for ethereal. These fix two vulnerabilities, which can be exploited by malicious people to crash the application. Full Advisory: http://www.secunia.com/advisories/10570/ -- [SA10568] Conectiva update for ethereal Critical: Less critical Where: From remote Impact: DoS Released: 2004-01-07 Conectiva has issued updated packages for ethereal. These fix two vulnerabilities, which can be exploited by malicious people to crash the application. Full Advisory: http://www.secunia.com/advisories/10568/ -- [SA10560] Debian update for jabber Critical: Less critical Where: From remote Impact: DoS Released: 2004-01-07 Debian has issued updated packages for jabber. These fix a vulnerability, which can be exploited by malicious people to cause a Denial of Service. Full Advisory: http://www.secunia.com/advisories/10560/ -- [SA10559] jabberd SSL Denial of Service Vulnerability Critical: Less critical Where: From remote Impact: DoS Released: 2004-01-07 A vulnerability has been identified in jabber, allowing malicious people to cause a Denial of Service. Full Advisory: http://www.secunia.com/advisories/10559/ -- [SA10519] Mailman Admin Pages Cross-Site Scripting Vulnerabilities Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2004-01-01 Vulnerabilities have been reported in Mailman, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://www.secunia.com/advisories/10519/ -- [SA10505] ViewCVS Error Page Cross-Site Scripting Vulnerability Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2003-12-29 Hugo Vazquez Carames has reported a vulnerability in ViewCVS, allowing malicious people to conduct cross-site scripting attacks. Full Advisory: http://www.secunia.com/advisories/10505/ -- [SA10464] Fedora update for ethereal Critical: Less critical Where: From remote Impact: DoS Released: 2003-12-18 Red Hat has issued updated packages for Ethereal. These fix multiple vulnerabilities, which potentially can be exploited by malicious people to cause a Denial of Service. Full Advisory: http://www.secunia.com/advisories/10464/ -- [SA10462] SARA Cross Site Scripting Vulnerability Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2003-12-18 Thomas M. Payerle has reported a vulnerability in SARA allowing malicious people to conduct Cross Site Scripting. Full Advisory: http://www.secunia.com/advisories/10462/ -- [SA10572] Red Hat update for kernel Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2004-01-08 Red Hat has issued updated packages for the kernel. These fix a vulnerability, which can be exploited by malicious, local users to gain escalated privileges. Full Advisory: http://www.secunia.com/advisories/10572/ -- [SA10569] Slackware update for kernel Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2004-01-08 Slackware has issued updated packages for the kernel. These fix a vulnerability, which can be exploited by malicious, local users to gain escalated privileges. Full Advisory: http://www.secunia.com/advisories/10569/ -- [SA10564] Immunix update for kernel Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2004-01-07 Immunix has issued updated packages for the kernel. These fix a vulnerability, which can be exploited by malicious, local users to gain escalated privileges. Full Advisory: http://www.secunia.com/advisories/10564/ -- [SA10558] Debian update for kernel Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2004-01-07 Debian has issued updated packages for the kernel. These fix a vulnerability, which can be exploited by malicious, local users to gain escalated privileges. Full Advisory: http://www.secunia.com/advisories/10558/ -- [SA10555] Fedora update for kernel Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2004-01-06 Red Hat has issued updated packages for the kernel. These fix two vulnerabilities, which may disclose sensitive information to malicious, local users or allow them to gain escalated privileges. Full Advisory: http://www.secunia.com/advisories/10555/ -- [SA10541] SuSE update for kernel Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2004-01-06 SuSE has issued updated packages for the kernel. These fix two vulnerabilities, which may disclose sensitive information to malicious, local users or allow them to gain escalated privileges. Full Advisory: http://www.secunia.com/advisories/10541/ -- [SA10539] Debian update for screen Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2004-01-05 Debian has issued updated packages for screen. These fix a vulnerability, which potentially may allow malicious, local users to escalate their privileges. Full Advisory: http://www.secunia.com/advisories/10539/ -- [SA10538] EnGarde update for kernel Critical: Less critical Where: Local system Impact: Exposure of system information, Exposure of sensitive information, Privilege escalation Released: 2004-01-05 Guardian Digital has issued updated packages for the kernel. These fix two vulnerabilities, which may disclose sensitive information to malicious, local users or allow them to gain escalated privileges. Full Advisory: http://www.secunia.com/advisories/10538/ -- [SA10537] Conectiva update for kernel Critical: Less critical Where: Local system Impact: Exposure of system information, Exposure of sensitive information, Privilege escalation Released: 2004-01-05 Conectiva has issued updated packages for the kernel. These fix two vulnerabilities, which may disclose sensitive information to malicious, local users or allow them to gain escalated privileges. Full Advisory: http://www.secunia.com/advisories/10537/ -- [SA10536] Red Hat update for kernel Critical: Less critical Where: Local system Impact: Exposure of system information, Exposure of sensitive information, Privilege escalation Released: 2004-01-05 Red Hat has issued updated packages for the kernel. These fix two vulnerabilities, which may disclose sensitive information to malicious, local users or allow them to gain escalated privileges. Full Advisory: http://www.secunia.com/advisories/10536/ -- [SA10534] Astaro update for kernel Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2004-01-05 Astaro has issued an update for the kernel. This fixes a vulnerability, which can be exploited by malicious, local users to gain escalated privileges. Full Advisory: http://www.secunia.com/advisories/10534/ -- [SA10533] Linux Kernel Real Time Clock Kernel Memory Disclosure Vulnerability Critical: Less critical Where: Local system Impact: Exposure of system information, Exposure of sensitive information Released: 2004-01-05 A vulnerability has been reported in the Linux kernel, which potentially can be exploited by malicious, local users to gain knowledge of sensitive information. Full Advisory: http://www.secunia.com/advisories/10533/ -- [SA10532] Linux Kernel "mremap()" Privilege Escalation Vulnerability Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2004-01-05 Paul Starzetz and Wojciech Purczynski have reported a vulnerability in the Linux kernel, which can be exploited by malicious, local users to escalate their privileges. Full Advisory: http://www.secunia.com/advisories/10532/ -- [SA10507] PHP / mod_php File Descriptor Leakage Vulnerability Critical: Less critical Where: Local system Impact: Hijacking, Privilege escalation Released: 2003-12-29 Steve Grubb has reported a vulnerability in PHP, which potentially can be exploited by malicious, local users to hi-jack the HTTPS port. Full Advisory: http://www.secunia.com/advisories/10507/ -- [SA10503] Gentoo update for CVS Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2003-12-29 Gentoo has issued updated packages for CVS. These fix a vulnerability, which can be exploited by malicious users to gain escalated privileges on a vulnerable system. Full Advisory: http://www.secunia.com/advisories/10503/ -- [SA10502] CVS pserver "CVSROOT/passwd" Privilege Escalation Vulnerability Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2003-12-29 A security issue has been identified in CVS, which can be exploited by malicious users to gain escalated privileges. Full Advisory: http://www.secunia.com/advisories/10502/ -- [SA10486] Sun Solaris tcsh Privilege Escalation Vulnerability Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2003-12-23 Sun has reported a vulnerability in Solaris, which can be exploited by malicious, local users to escalate their privileges. Full Advisory: http://www.secunia.com/advisories/10486/ -- [SA10485] Sun Cobalt update for bash Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2003-12-23 Sun has issued updated packages for bash. These fix an old vulnerability, which can be exploited by malicious, local users to perform certain actions on a system with escalated privileges. Full Advisory: http://www.secunia.com/advisories/10485/ -- [SA10475] Red Hat update for kernel Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2003-12-22 Red Hat has issued updated packages for the kernel. These fix two vulnerabilities, which can be exploited by malicious, local users to gain escalated privileges. Full Advisory: http://www.secunia.com/advisories/10475/ -- [SA10471] AIX diag Unspecified Privilege Escalation Vulnerability Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2003-12-19 IBM has reported a vulnerability in AIX, which can be exploited by malicious, local users to gain escalated privileges. Full Advisory: http://www.secunia.com/advisories/10471/ -- [SA10470] AIX enq Privilege Escalation Vulnerability Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2003-12-19 IBM has reported a vulnerability in AIX, which can be exploited by certain malicious, local users to gain escalated privileges. Full Advisory: http://www.secunia.com/advisories/10470/ -- [SA10469] Mandrake update for XFree86 Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2003-12-19 MandrakeSoft has issued updated packages for XFree86. These fix a vulnerability in the XDM display manager, which potentially can be exploited by users to gain escalated privileges. Full Advisory: http://www.secunia.com/advisories/10469/ -- [SA10500] Internet Explorer for Mac Disclosure of Referer Information Weakness Critical: Not critical Where: From remote Impact: Exposure of system information, Exposure of sensitive information Released: 2003-12-28 Deane has reported a security issue in Internet Explorer for Mac, which potentially can disclose sensitive information. Full Advisory: http://www.secunia.com/advisories/10500/ -- [SA10542] Debian update for bind Critical: Not critical Where: From local network Impact: DoS Released: 2004-01-06 Debian has issued updated packages for bind. These fix a vulnerability, which can be exploited by malicious people to poison the DNS cache with negative entries. Full Advisory: http://www.secunia.com/advisories/10542/ -- [SA10552] Xsok "-xsokdir" Command Line Argument Privilege Escalation Vulnerability Critical: Not critical Where: Local system Impact: Privilege escalation Released: 2004-01-06 c0wboy has reported a vulnerability in Xsok, which potentially can be exploited by malicious, local users to gain escalated privileges. Full Advisory: http://www.secunia.com/advisories/10552/ -- [SA10514] Debian update for xsok Critical: Not critical Where: Local system Impact: Privilege escalation Released: 2003-12-30 Debian has issued updated packages for xsok. These fix a vulnerability, which can be exploited by malicious, local users to gain privileges as "group" games on a vulnerable system. Full Advisory: http://www.secunia.com/advisories/10514/ -- [SA10513] Xsok "LANG" Environment Variable Privilege Escalation Vulnerability Critical: Not critical Where: Local system Impact: Privilege escalation Released: 2003-12-30 A vulnerability has been reported in Xsok, which potentially can be exploited by malicious, local users to gain escalated privileges. Full Advisory: http://www.secunia.com/advisories/10513/ Other:-- [SA10473] Xerox Document Centre Directory Traversal Vulnerability Critical: Moderately critical Where: From local network Impact: Exposure of system information, Exposure of sensitive information Released: 2003-12-22 J.A. Gutierrez has reported a vulnerability in the Xerox Document Centre, which can be exploited by malicious people to gain knowledge of sensitive information. Full Advisory: http://www.secunia.com/advisories/10473/ -- [SA10520] Canon VB-C10R Network Camera Cross-Site Scripting Vulnerability Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2004-01-02 Casey Townsend has reported a vulnerability in Canon VB-C10R Network Camera, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://www.secunia.com/advisories/10520/ -- [SA10472] CyberGuard Error Page Cross-Site Scripting Vulnerability Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2003-12-22 Jamie Fisher has identified a vulnerability in CyberGuard, which can be exploited by malicious people to conduct Cross-Site Scripting attacks. Full Advisory: http://www.secunia.com/advisories/10472/ -- [SA10524] Mac OS X Local Denial of Service Vulnerability Critical: Not critical Where: Local system Impact: DoS Released: 2004-01-05 Matt Burnett has reported a vulnerability in Mac OS X, which can be exploited by malicious, local users to cause a Denial of Service. Full Advisory: http://www.secunia.com/advisories/10524/ Cross Platform:-- [SA10565] PhpGedView Multiple Vulnerabilities Critical: Highly critical Where: From remote Impact: Security Bypass, Cross Site Scripting, Exposure of system information, System access Released: 2004-01-07 Windak has reported multiple vulnerabilities in PhpGedView, which can be exploited by malicious people to compromise a vulnerable system or conduct cross-site scripting attacks. Full Advisory: http://www.secunia.com/advisories/10565/ -- [SA10551] HotNews Arbitrary File Inclusion Vulnerability Critical: Highly critical Where: From remote Impact: System access Released: 2004-01-06 Officerrr has identified a vulnerability in HotNews, allowing malicious people to compromise a vulnerable system. Full Advisory: http://www.secunia.com/advisories/10551/ -- [SA10535] EasyDynamicPages Arbitrary File Inclusion Vulnerability Critical: Highly critical Where: From remote Impact: System access Released: 2004-01-05 tsbeginnervn has reported a vulnerability in EasyDynamicPages, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://www.secunia.com/advisories/10535/ -- [SA10509] PHP-Ping "count" Parameter Arbitrary Command Execution Vulnerability Critical: Highly critical Where: From remote Impact: System access Released: 2003-12-30 ppp-design has reported a vulnerability in PHP-Ping, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://www.secunia.com/advisories/10509/ -- [SA10504] KnowledgeBuilder Arbitrary File Inclusion Vulnerability Critical: Highly critical Where: From remote Impact: System access Released: 2003-12-29 Zero_X has reported a vulnerability in KnowledgeBuilder, allowing malicious people to include and execute arbitrary PHP code. Full Advisory: http://www.secunia.com/advisories/10504/ -- [SA10480] Subscribe Me Pro Installation Invocation Critical: Highly critical Where: From remote Impact: System access Released: 2003-12-22 Paul Craig has reported a vulnerability in Subscribe Me Pro, which can be exploited by malicious people to execute arbitrary commands. Full Advisory: http://www.secunia.com/advisories/10480/ -- [SA10477] BES-CMS Arbitrary File Inclusion Vulnerabilities Critical: Highly critical Where: From remote Impact: System access Released: 2003-12-22 Frog-m@n has reported multiple vulnerability in BES-CMS, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://www.secunia.com/advisories/10477/ -- [SA10476] Double Choco Latte Arbitrary File Inclusion Vulnerabilities Critical: Highly critical Where: From remote Impact: System access Released: 2003-12-22 Multiple vulnerabilities have been reported in Double Choco Latte, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://www.secunia.com/advisories/10476/ -- [SA10567] Phorum SQL Injection and Cross-Site Scripting Vulnerabilities Critical: Moderately critical Where: From remote Impact: Cross Site Scripting, Manipulation of data, Exposure of system information, Exposure of sensitive information Released: 2004-01-07 Calum Power has reported multiple vulnerabilities in Phorum, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks. Full Advisory: http://www.secunia.com/advisories/10567/ -- [SA10557] vBulletin "calendar.php" SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2004-01-07 mslug has reported a vulnerability in vBulletin, allowing malicious people to conduct SQL injection attacks. Full Advisory: http://www.secunia.com/advisories/10557/ -- [SA10554] PostCalendar Search Function SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Manipulation of data, Exposure of system information, Exposure of sensitive information Released: 2004-01-06 Klavs Klavsen has discovered a vulnerability in PostCalendar, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://www.secunia.com/advisories/10554/ -- [SA10553] PostNuke SQL Injection and Cross Site Scripting Vulnerabilities Critical: Moderately critical Where: From remote Impact: Exposure of system information, Exposure of sensitive information, Manipulation of data, Cross Site Scripting Released: 2004-01-06 JeiAr has reported vulnerabilities in PostNuke, which can be exploited to conduct Cross Site Scripting and SQL injection attacks. Full Advisory: http://www.secunia.com/advisories/10553/ -- [SA10530] Invision Power Board "calendar.php" SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Manipulation of data, Exposure of system information, Exposure of sensitive information Released: 2004-01-05 Frog-m@n has reported a vulnerability in Invision Power Board, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://www.secunia.com/advisories/10530/ -- [SA10516] PHPCatalog "id" Parameter SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Exposure of sensitive information, Exposure of system information, Manipulation of data Released: 2003-12-30 David S. Ferreira has identified a vulnerability in PHPCatalog, allowing malicious people to conduct SQL injection attacks. Full Advisory: http://www.secunia.com/advisories/10516/ -- [SA10508] PHP-Nuke "pollID" Parameter SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2003-12-29 A vulnerability has been reported in PHP-Nuke, allowing malicious people to conduct SQL injection attacks. Full Advisory: http://www.secunia.com/advisories/10508/ -- [SA10498] OpenBB "FID" Parameter Cross-Site Scripting Vulnerability Critical: Moderately critical Where: From remote Impact: Cross Site Scripting, Manipulation of data, Exposure of system information, Exposure of sensitive information Released: 2003-12-28 gr00vy has reported a vulnerability in OpenBB, which can be exploited by malicious people to conduct Cross-Site Scripting attacks. Full Advisory: http://www.secunia.com/advisories/10498/ -- [SA10496] PsychoBlogger SQL Injection and Cross-Site Scripting Vulnerabilities Critical: Moderately critical Where: From remote Impact: Cross Site Scripting, Manipulation of data, Exposure of system information, Exposure of sensitive information Released: 2003-12-28 Calum Power has reported multiple vulnerabilities in PsychoBlogger, which can be exploited by malicious people to conduct Cross-Site Scripting attacks and SQL injection attacks. Full Advisory: http://www.secunia.com/advisories/10496/ -- [SA10488] ProjectForum and CourseForum Multiple Vulnerabilities Critical: Moderately critical Where: From remote Impact: Cross Site Scripting, DoS Released: 2003-12-23 Peter Winter-Smith has identified multiple vulnerabilities in ProjectForum and CourseForum, which can be exploited by malicious people to cause a DoS (Denial of Service) or conduct Cross-Site Scripting attacks. Full Advisory: http://www.secunia.com/advisories/10488/ -- [SA10467] AutoRank PHP SQL Injection Vulnerabilities Critical: Moderately critical Where: From remote Impact: Manipulation of data, Exposure of system information, Exposure of sensitive information Released: 2003-12-19 JeiAr has reported vulnerabilities in AutoRank PHP, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://www.secunia.com/advisories/10467/ -- [SA10466] Web Art Factory CMS Unspecified User Authentication Vulnerability Critical: Moderately critical Where: From remote Impact: Security Bypass Released: 2003-12-19 Jose Torres and Ruben Recabarren have reported a vulnerability in Web Art Factory CMS, which can be exploited by malicious people to bypass the user authentication. Full Advisory: http://www.secunia.com/advisories/10466/ -- [SA10547] FreznoShop "search.php" Cross-Site Scripting Vulnerability Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2004-01-06 David Sopas Ferreira has reported a vulnerability in FreznoShop, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://www.secunia.com/advisories/10547/ -- [SA10546] ThWboard "board.php" Cross-Site Scripting Vulnerability Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2004-01-06 theDon has reported a vulnerability in ThWboard, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://www.secunia.com/advisories/10546/ -- [SA10517] miniBB Cross-Site Scripting Vulnerability Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2003-12-30 Chintan Trivedi has reported a vulnerability in miniBB, allowing malicious users to conduct cross-site scripting attacks. Full Advisory: http://www.secunia.com/advisories/10517/ -- [SA10515] phpBB SQL Injection Vulnerability Critical: Less critical Where: From remote Impact: Security Bypass Released: 2003-12-30 Zarath has reported a vulnerability in phpBB, allowing malicious moderators to manipulate SQL queries. Full Advisory: http://www.secunia.com/advisories/10515/ -- [SA10501] Private Message System Cross-Site Scripting Vulnerability Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2003-12-29 David Sopas Ferreira has discovered a vulnerability in Private Message System, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://www.secunia.com/advisories/10501/ -- [SA10495] LISTSERV "WA" CGI Script Cross-Site Scripting Vulnerability Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2003-12-28 http-equiv has discovered a vulnerability in LISTSERV, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://www.secunia.com/advisories/10495/ -- [SA10489] My Little Forum Cross-Site Scripting Vulnerabilities Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2003-12-23 David Sopas Ferreira has reported vulnerabilities in My Little Forum, which can be exploited by malicious people to conduct Cross-Site Scripting attacks. Full Advisory: http://www.secunia.com/advisories/10489/ -- [SA10482] Dada Mail Non-Random Verification PIN Critical: Less critical Where: From remote Impact: Security Bypass Released: 2003-12-22 Two vulnerabilities have been identified in Dada Mail, allowing malicious people to subscribe arbitrary people to the mailing list and possibly bypass the login function. Full Advisory: http://www.secunia.com/advisories/10482/ -- [SA10481] Xoops URL Parameter Cross Site Scripting Vulnerability Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2003-12-22 Chintan Trivedi has reported a vulnerability in Xoops, which can be exploited by malicious people to conduct Cross Site Scripting attacks. Full Advisory: http://www.secunia.com/advisories/10481/ -- [SA10478] BoastMachine (bMachine) Comment Cross-Site Scripting Vulnerability Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2003-12-22 David Sopas Ferreira has reported a vulnerability in BoastMachine (bMachine), which can be exploited by malicious users to conduct Cross-Site Scripting attacks. Full Advisory: http://www.secunia.com/advisories/10478/ ======================================================================== Secunia recommends that you verify all advisories you receive, by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. Definitions: (Criticality, Where etc.) http://www.secunia.com/about_secunia_advisories/ Subscribe: http://www.secunia.com/secunia_weekly_summary/ Contact details: Web : http://www.secunia.com/ E-mail : support@private Tel : +45 70 20 51 44 Fax : +45 70 20 51 45 ======================================================================== - ISN is currently hosted by Attrition.org To unsubscribe email majordomo@private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Thu Jan 08 2004 - 08:10:08 PST