[ISN] Secunia Weekly Summary - Issue: 2004-6

From: InfoSec News (isn@private)
Date: Fri Feb 06 2004 - 00:27:16 PST

  • Next message: InfoSec News: "[ISN] Clueless office workers help spread computer viruses"

    ========================================================================
    
                      The Secunia Weekly Advisory Summary                  
                            2004-01-29 - 2004-02-05                        
    
                           This week : 52 advisories                       
    
    ========================================================================
    Table of Contents:
    
    1.....................................................Word From Secunia
    2....................................................This Week In Brief
    3...............................This Weeks Top Ten Most Read Advisories
    4.......................................Vulnerabilities Summary Listing
    5.......................................Vulnerabilities Content Listing
    
    ========================================================================
    1) Word From Secunia:
    
    Secunia Advisory IDs
    
    Every advisory issued by Secunia has an unique identifier: The Secunia
    Advisory ID (SA ID). The SA IDs make it very easy to reference,
    identify, and find Secunia advisories.
    
    A Shortcut to Secunia Advisories
    
    Finding Secunia Advisories using SA IDs is easily done at the Secunia
    website; either by simply entering the SA ID in our search form placed
    on the right side of every Secunia web page, or by entering the SA ID
    directly after the domain when visiting the Secunia website e.g.
    http://secunia.com/SA10736
    
    In the Secunia Weekly Summary SA IDs are displayed in brackets e.g.
    [SA10736]
    
    ========================================================================
    2) This Week in Brief:
    
    Microsoft has issued patches for Internet Explorer one week prior to
    the scheduled release date. These fix three known vulnerabilities
    including the URL spoofing vulnerability, which has been actively
    exploited on the Internet the past 1˝ month.
    Reference: [SA10289], [SA10395] & [SA10765]
    
    A hole in the wall. Check Point has issued patches for FireWall-1,
    which fix serious vulnerabilities in the HTTP application proxy
    functionality. These can be exploited by malicious people to compromise
    a vulnerable firewall.
    Reference: [SA10794]
    
    RealNetworks has published patches for RealOne Player and RealPlayer,
    which fix multiple vulnerabilities. The most serious of these can be
    exploited by malicious people to compromise a user's system.
    Reference: [SA10796]
    
    TIP:
    Finding Secunia advisories is easily done through the Secunia web site.
    Simply enter the SA ID in the URL:
    http://secunia.com/SA10736
    
    ========================================================================
    3) This Weeks Top Ten Most Read Advisories:
    
    1.  [SA10736] Internet Explorer File Download Extension Spoofing
    2.  [SA10395] Internet Explorer URL Spoofing Vulnerability
    3.  [SA10708] Windows XP Malicious Folder Automatic Code Execution
                  Vulnerability
    4.  [SA9580]  Microsoft Internet Explorer Multiple Vulnerabilities
    5.  [SA10765] Internet Explorer Travel Log Arbitrary Script Execution
                  Vulnerability
    6.  [SA10289] Internet Explorer System Compromise Vulnerabilities
    7.  [SA10523] Internet Explorer showHelp() Restriction Bypass
                  Vulnerability
    8.  [SA10706] Serv-U FTP Server "SITE CHMOD" Command Buffer Overflow
                  Vulnerability
    9.  [SA10755] Sun Solaris pfexec Privilege Escalation Vulnerability
    10. [SA10746] Kerio Personal Firewall Privilege Escalation
                  Vulnerability
    
    ========================================================================
    4) Vulnerabilities Summary Listing
    
    Windows:
    [SA10796] RealOne Player / RealPlayer Multiple Vulnerabilities
    [SA10765] Internet Explorer Travel Log Arbitrary Script Execution
    Vulnerability
    [SA10781] Web Crossing "Content-Length" Header Denial of Service
    Vulnerability
    [SA10764] FirstClass Client File Extensions Restriction Bypass
    [SA10747] DotNetNuke Multiple Vulnerabilities
    [SA10793] RxGoogle Cross-Site Scripting Vulnerability
    [SA10762] Application Access Server Long HTTP Request Denial of
    Service
    [SA10761] BaSoMail Server Multiple Connection Denial of Service
    Vulnerability
    [SA10758] SurgeFTP Web Interface URL Decoding Denial of Service
    Vulnerability
    [SA10746] Kerio Personal Firewall Privilege Escalation Vulnerability
    [SA10778] Crob FTP Server Directory Listing Vulnerability
    
    UNIX/Linux:
    [SA10801] OpenBSD IPv6 Traffic Handling Denial of Service
    Vulnerability
    [SA10791] Fedora update for mod_python
    [SA10750] SGI IRIX Multiple Vulnerabilities
    [SA10748] SuSE update for gaim
    [SA10800] Red Hat update for mailman
    [SA10792] Mandrake update for glibc
    [SA10799] GNU Radius Denial of Service Vulnerability
    [SA10798] Red Hat update for NetPBM
    [SA10784] Red Hat update for kernel
    [SA10782] Linux Kernel R128 Direct Render Infrastructure Privilege
    Escalation
    [SA10777] GNU libtool Insecure Temporary Directory Creation
    Vulnerability
    [SA10771] Red Hat update for NetPBM
    [SA10756] FreeBSD mksnap_ffs Filesystem Flag Clearing Security Issue
    [SA10755] Sun Solaris pfexec Privilege Escalation Vulnerability
    [SA10752] inlook Insecure Default Permissions
    [SA10774] HP TCP/IP Services for OpenVMS BIND Vulnerability
    [SA10790] Debian update for crawl
    [SA10788] Linley's Dungeon Crawl Environment Variable Handling Buffer
    Overflows
    [SA10773] Red Hat util-linux Login Program Information Leakage
    
    Other:
    [SA10780] Cisco 6000/6500/7600 Series Denial of Service Vulnerability
    
    Cross Platform:
    [SA10795] Check Point VPN-1 ISAKMP Buffer Overflow Vulnerability
    [SA10794] Check Point FireWall-1 HTTP Parsing Format String
    Vulnerabilities
    [SA10783] X-Cart Multiple Vulnerabilities
    [SA10776] Web Blog Arbitrary Command Execution Vulnerability
    [SA10754] Kietu Arbitrary File Inclusion Vulnerability
    [SA10753] PhpGedView Arbitrary File Inclusion Vulnerabilities
    [SA10768] Les Commentaires Arbitrary File Inclusion Vulnerability
    [SA10797] PHPX Multiple Vulnerabilities
    [SA10786] ReviewPost PHP Pro SQL Injection Vulnerability
    [SA10779] Aprox PHP Portal Arbitrary Local File Inclusion
    Vulnerability
    [SA10775] ChatterBox Invalid Request Handling Denial of Service
    Vulnerability
    [SA10770] Tunez Unspecified SQL Injection Vulnerabilities
    [SA10769] phpMyAdmin "export.php" Directory Traversal Vulnerability
    [SA10766] PhotoPost PHP Pro SQL Injection Vulnerability
    [SA10763] Caravan Business Server Directory Traversal Vulnerability
    [SA10757] PHP-Nuke SQL Injection Vulnerabilities
    [SA10789] Apache mod_digest Cross Realm Replay Security Issue
    [SA10785] BugPort Sensitive Information Exposure
    [SA10749] Bodington Uploaded File Exposure Vulnerability
    [SA10751] WWW::Form Potential Cross-Site Scripting Vulnerability
    
    ========================================================================
    5) Vulnerabilities Content Listing
    
    Windows:--
    
    [SA10796] RealOne Player / RealPlayer Multiple Vulnerabilities
    
    Critical:    Highly critical
    Where:       From remote
    Impact:      Cross Site Scripting, System access
    Released:    2004-02-05
    
    Multiple vulnerabilities have been discovered in RealOne Player and
    RealPlayer, where the most serious potentially can be exploited by
    malicious people to compromise a vulnerable system.
    
    Full Advisory:
    http://www.secunia.com/advisories/10796/
    
     --
    
    [SA10765] Internet Explorer Travel Log Arbitrary Script Execution
    Vulnerability
    
    Critical:    Highly critical
    Where:       From remote
    Impact:      System access
    Released:    2004-02-02
    
    Microsoft has issued patches for Internet Explorer, which fix three
    vulnerabilities. One of these can be exploited by malicious people to
    compromise a user's system.
    
    Full Advisory:
    http://www.secunia.com/advisories/10765/
    
     --
    
    [SA10781] Web Crossing "Content-Length" Header Denial of Service
    Vulnerability
    
    Critical:    Moderately critical
    Where:       From remote
    Impact:      DoS
    Released:    2004-02-04
    
    Peter Winter-Smith has reported a vulnerability in Web Crossing, which
    can be exploited by malicious people to cause a DoS (Denial of
    Service).
    
    Full Advisory:
    http://www.secunia.com/advisories/10781/
    
     --
    
    [SA10764] FirstClass Client File Extensions Restriction Bypass
    
    Critical:    Moderately critical
    Where:       From remote
    Impact:      System access
    Released:    2004-02-05
    
    Richard Maudsley has reported a vulnerability in FirstClass Client
    allowing malicious users to construct filenames, which can bypass
    certain restrictions.
    
    Full Advisory:
    http://www.secunia.com/advisories/10764/
    
     --
    
    [SA10747] DotNetNuke Multiple Vulnerabilities
    
    Critical:    Moderately critical
    Where:       From remote
    Impact:      Cross Site Scripting, Manipulation of data, Exposure of
    sensitive information
    Released:    2004-01-29
    
    Ferruh Mavituna has reported multiple vulnerabilities in DotNetNuke,
    allowing malicious people to see database credentials, and conduct
    Cross Site Scripting and SQL injection attacks.
    
    Full Advisory:
    http://www.secunia.com/advisories/10747/
    
     --
    
    [SA10793] RxGoogle Cross-Site Scripting Vulnerability
    
    Critical:    Less critical
    Where:       From remote
    Impact:      Cross Site Scripting
    Released:    2004-02-05
    
    Shaun Colley has reported a vulnerability in RxGoogle, allowing
    malicious people to conduct Cross-Site Scripting attacks.
    
    Full Advisory:
    http://www.secunia.com/advisories/10793/
    
     --
    
    [SA10762] Application Access Server Long HTTP Request Denial of
    Service
    
    Critical:    Less critical
    Where:       From remote
    Impact:      DoS
    Released:    2004-02-02
    
    Dr_insane has reported a vulnerability in A-A-S Application Access
    Server allowing malicious, authenticated users to cause a DoS (Denial
    of Service).
    
    Full Advisory:
    http://www.secunia.com/advisories/10762/
    
     --
    
    [SA10761] BaSoMail Server Multiple Connection Denial of Service
    Vulnerability
    
    Critical:    Less critical
    Where:       From remote
    Impact:      DoS
    Released:    2004-02-02
    
    Dr_insane has reported a vulnerability in BaSoMail Server, allowing
    malicious people to cause a Denial of Service.
    
    Full Advisory:
    http://www.secunia.com/advisories/10761/
    
     --
    
    [SA10758] SurgeFTP Web Interface URL Decoding Denial of Service
    Vulnerability
    
    Critical:    Less critical
    Where:       From remote
    Impact:      DoS
    Released:    2004-02-02
    
    Dr_insane has discovered a vulnerability in SurgeFTP, which can be
    exploited by malicious people to cause a DoS (Denial of Service).
    
    Full Advisory:
    http://www.secunia.com/advisories/10758/
    
     --
    
    [SA10746] Kerio Personal Firewall Privilege Escalation Vulnerability
    
    Critical:    Less critical
    Where:       Local system
    Impact:      Privilege escalation
    Released:    2004-01-29
    
    Tuneld.com has reported a vulnerability in Kerio Personal Firewall,
    allowing malicious, local users to escalate their privileges.
    
    Full Advisory:
    http://www.secunia.com/advisories/10746/
    
     --
    
    [SA10778] Crob FTP Server Directory Listing Vulnerability
    
    Critical:    Not critical
    Where:       From remote
    Impact:      Exposure of system information
    Released:    2004-02-04
    
    Zero_X has reported a vulnerability in Crob FTP Server, which can be
    exploited by malicious users to disclose directory information.
    
    Full Advisory:
    http://www.secunia.com/advisories/10778/
    
    
    UNIX/Linux:--
    
    [SA10801] OpenBSD IPv6 Traffic Handling Denial of Service
    Vulnerability
    
    Critical:    Moderately critical
    Where:       From remote
    Impact:      DoS
    Released:    2004-02-05
    
    Georgi Guninski has reported a vulnerability in OpenBSD, which can be
    exploited by malicious people to cause a DoS (Denial of Service) on a
    vulnerable system.
    
    Full Advisory:
    http://www.secunia.com/advisories/10801/
    
     --
    
    [SA10791] Fedora update for mod_python
    
    Critical:    Moderately critical
    Where:       From remote
    Impact:      DoS
    Released:    2004-02-04
    
    Red Hat has issued updated packages for mod_python. These fix a
    vulnerability, which can be exploited by malicious people to cause a
    Denial of Service.
    
    Full Advisory:
    http://www.secunia.com/advisories/10791/
    
     --
    
    [SA10750] SGI IRIX Multiple Vulnerabilities
    
    Critical:    Moderately critical
    Where:       From remote
    Impact:      Security Bypass, Privilege escalation, System access
    Released:    2004-01-30
    
    SGI has acknowledged multiple, older vulnerabilities in IRIX. These can
    be exploited by malicious users to compromise a vulnerable system or
    escalate their privileges.
    
    Full Advisory:
    http://www.secunia.com/advisories/10750/
    
     --
    
    [SA10748] SuSE update for gaim
    
    Critical:    Moderately critical
    Where:       From remote
    Impact:      System access
    Released:    2004-01-29
    
    SuSE has issued updated packages for gaim. These fix multiple
    vulnerabilities, which potentially can be exploited by malicious people
    to compromise a user's system.
    
    Full Advisory:
    http://www.secunia.com/advisories/10748/
    
     --
    
    [SA10800] Red Hat update for mailman
    
    Critical:    Less critical
    Where:       From remote
    Impact:      Cross Site Scripting
    Released:    2004-02-05
    
    Red Hat has issued updated packages for mailman. These fix two
    vulnerabilities, which can be exploited by malicious people to conduct
    cross-site scripting attacks.
    
    Full Advisory:
    http://www.secunia.com/advisories/10800/
    
     --
    
    [SA10792] Mandrake update for glibc
    
    Critical:    Less critical
    Where:       From remote
    Impact:      DoS
    Released:    2004-02-05
    
    MandrakeSoft has released an updated package for glibc. This fixes an
    old vulnerability, which can be exploited by malicious people to cause
    a DoS (Denial of Service) on a vulnerable system.
    
    Full Advisory:
    http://www.secunia.com/advisories/10792/
    
     --
    
    [SA10799] GNU Radius Denial of Service Vulnerability
    
    Critical:    Less critical
    Where:       From local network
    Impact:      DoS
    Released:    2004-02-05
    
    iDEFENSE has reported a vulnerability in GNU Radius, allowing malicious
    people to cause a Denial of Service.
    
    Full Advisory:
    http://www.secunia.com/advisories/10799/
    
     --
    
    [SA10798] Red Hat update for NetPBM
    
    Critical:    Less critical
    Where:       Local system
    Impact:      Privilege escalation
    Released:    2004-02-05
    
    Red Hat has issued updated packages for netpbm. These fix a
    vulnerability, allowing malicious users to escalate their privileges on
    a vulnerable system.
    
    Full Advisory:
    http://www.secunia.com/advisories/10798/
    
     --
    
    [SA10784] Red Hat update for kernel
    
    Critical:    Less critical
    Where:       Local system
    Impact:      Privilege escalation
    Released:    2004-02-04
    
    Red Hat has issued updated packages for the kernel. These fix various
    vulnerabilities, which potentially can be exploited by malicious, local
    users to gain escalated privileges.
    
    Full Advisory:
    http://www.secunia.com/advisories/10784/
    
     --
    
    [SA10782] Linux Kernel R128 Direct Render Infrastructure Privilege
    Escalation
    
    Critical:    Less critical
    Where:       Local system
    Impact:      Privilege escalation
    Released:    2004-02-04
    
    Alan Cox has discovered a vulnerability in the Linux kernel, which can
    be exploited by malicious, local users to gain escalated privileges.
    
    Full Advisory:
    http://www.secunia.com/advisories/10782/
    
     --
    
    [SA10777] GNU libtool Insecure Temporary Directory Creation
    Vulnerability
    
    Critical:    Less critical
    Where:       Local system
    Impact:      Privilege escalation
    Released:    2004-02-03
    
    Stefan Nordhausen has reported a vulnerability in libtool, which
    potentially can be exploited by malicious, local users to gain
    escalated privileges.
    
    Full Advisory:
    http://www.secunia.com/advisories/10777/
    
     --
    
    [SA10771] Red Hat update for NetPBM
    
    Critical:    Less critical
    Where:       Local system
    Impact:      Privilege escalation
    Released:    2004-02-03
    
    Red Hat has issued updated packages for netpbm. These fix a
    vulnerability, allowing malicious users to escalate their privileges on
    a vulnerable system.
    
    Full Advisory:
    http://www.secunia.com/advisories/10771/
    
     --
    
    [SA10756] FreeBSD mksnap_ffs Filesystem Flag Clearing Security Issue
    
    Critical:    Less critical
    Where:       Local system
    Impact:      Security Bypass
    Released:    2004-02-02
    
    Kimura Fuyuki and Wiktor Niesiobedzki have discovered a security issue
    in FreeBSD, which potentially can set insecure permissions on a file
    system.
    
    Full Advisory:
    http://www.secunia.com/advisories/10756/
    
     --
    
    [SA10755] Sun Solaris pfexec Privilege Escalation Vulnerability
    
    Critical:    Less critical
    Where:       Local system
    Impact:      Privilege escalation
    Released:    2004-01-30
    
    Sun has reported a vulnerability in Solaris, which can be exploited by
    malicious, local users to gain escalated privileges.
    
    Full Advisory:
    http://www.secunia.com/advisories/10755/
    
     --
    
    [SA10752] inlook Insecure Default Permissions
    
    Critical:    Less critical
    Where:       Local system
    Impact:      Exposure of sensitive information
    Released:    2004-01-30
    
    A vulnerability has been identified in inlook, which can be exploited
    by malicious, local users to gain knowledge of sensitive information.
    
    Full Advisory:
    http://www.secunia.com/advisories/10752/
    
     --
    
    [SA10774] HP TCP/IP Services for OpenVMS BIND Vulnerability
    
    Critical:    Not critical
    Where:       From local network
    Impact:      DoS
    Released:    2004-02-03
    
    HP has acknowledged that TCP/IP for OpenVMS BIND 8 software is affected
    by a vulnerability, which allows malicious people to poison the DNS
    cache.
    
    Full Advisory:
    http://www.secunia.com/advisories/10774/
    
     --
    
    [SA10790] Debian update for crawl
    
    Critical:    Not critical
    Where:       Local system
    Impact:      Privilege escalation
    Released:    2004-02-04
    
    Debian has issued updated packages for crawl. These fix multiple
    vulnerabilities, which can be exploited by malicious, local users to
    gain privileges as the "games" group.
    
    Full Advisory:
    http://www.secunia.com/advisories/10790/
    
     --
    
    [SA10788] Linley's Dungeon Crawl Environment Variable Handling Buffer
    Overflows
    
    Critical:    Not critical
    Where:       Local system
    Impact:      Privilege escalation
    Released:    2004-02-04
    
    Steve Kemp has reported multiple vulnerabilities in Linley's Dungeon
    Crawl, which potentially can be exploited by malicious, local users to
    gain escalated privileges.
    
    Full Advisory:
    http://www.secunia.com/advisories/10788/
    
     --
    
    [SA10773] Red Hat util-linux Login Program Information Leakage
    
    Critical:    Not critical
    Where:       Local system
    Impact:      Exposure of system information, Exposure of sensitive
    information
    Released:    2004-02-03
    
    Red Hat has issued updated packages for util-linux. These fix a
    vulnerability, which potentially could disclose information to users.
    
    Full Advisory:
    http://www.secunia.com/advisories/10773/
    
    
    Other:--
    
    [SA10780] Cisco 6000/6500/7600 Series Denial of Service Vulnerability
    
    Critical:    Less critical
    Where:       From local network
    Impact:      DoS
    Released:    2004-02-04
    
    Cisco has reported a vulnerability in Cisco 6000/6500/7600 network
    devices, which can be exploited by malicious people to cause a Denial
    of Service.
    
    Full Advisory:
    http://www.secunia.com/advisories/10780/
    
    
    Cross Platform:--
    
    [SA10795] Check Point VPN-1 ISAKMP Buffer Overflow Vulnerability
    
    Critical:    Highly critical
    Where:       From remote
    Impact:      System access
    Released:    2004-02-05
    
    Mark Dowd and Neel Mehta of ISS X-Force has discovered a vulnerability
    in Check Point VPN-1 Server and VPN clients, which can be exploited by
    malicious people to compromise a vulnerable system.
    
    Full Advisory:
    http://www.secunia.com/advisories/10795/
    
     --
    
    [SA10794] Check Point FireWall-1 HTTP Parsing Format String
    Vulnerabilities
    
    Critical:    Highly critical
    Where:       From remote
    Impact:      System access
    Released:    2004-02-05
    
    Mark Dowd of ISS X-Force has discovered multiple vulnerabilities in
    Check Point FireWall-1, which can be exploited by malicious people to
    compromise a vulnerable firewall.
    
    Full Advisory:
    http://www.secunia.com/advisories/10794/
    
     --
    
    [SA10783] X-Cart Multiple Vulnerabilities
    
    Critical:    Highly critical
    Where:       From remote
    Impact:      Exposure of sensitive information, System access
    Released:    2004-02-04
    
    Philip has reported three vulnerabilities in X-Cart, where the most
    serious can be exploited by malicious people to compromise a vulnerable
    system.
    
    Full Advisory:
    http://www.secunia.com/advisories/10783/
    
     --
    
    [SA10776] Web Blog Arbitrary Command Execution Vulnerability
    
    Critical:    Highly critical
    Where:       From remote
    Impact:      System access
    Released:    2004-02-03
    
    ActualMInd has reported a vulnerability in Web Blog, allowing malicious
    people to compromise a vulnerable system.
    
    Full Advisory:
    http://www.secunia.com/advisories/10776/
    
     --
    
    [SA10754] Kietu Arbitrary File Inclusion Vulnerability
    
    Critical:    Highly critical
    Where:       From remote
    Impact:      System access
    Released:    2004-01-30
    
    Himeur Nourredine has reported a vulnerability in Kietu, allowing
    malicious people to compromise a vulnerable system.
    
    Full Advisory:
    http://www.secunia.com/advisories/10754/
    
     --
    
    [SA10753] PhpGedView Arbitrary File Inclusion Vulnerabilities
    
    Critical:    Highly critical
    Where:       From remote
    Impact:      System access
    Released:    2004-01-30
    
    Cedric Cochin has identified two vulnerabilities in PhpGedView,
    allowing malicious people to compromise a vulnerable system.
    
    Full Advisory:
    http://www.secunia.com/advisories/10753/
    
     --
    
    [SA10768] Les Commentaires Arbitrary File Inclusion Vulnerability
    
    Critical:    Moderately critical
    Where:       
    Impact:      
    Released:    2004-02-03
    
    Himeur Nourredine has identified two vulnerabilities in Les
    Commentaires, allowing malicious people to compromise a vulnerable
    system.
    
    Full Advisory:
    http://www.secunia.com/advisories/10768/
    
     --
    
    [SA10797] PHPX Multiple Vulnerabilities
    
    Critical:    Moderately critical
    Where:       From remote
    Impact:      Cross Site Scripting, ID Spoofing
    Released:    2004-02-05
    
    Manuel López has reported multiple vulnerabilities in PHPX, allowing
    malicious people to conduct cross-site scripting attacks and hijack
    accounts.
    
    Full Advisory:
    http://www.secunia.com/advisories/10797/
    
     --
    
    [SA10786] ReviewPost PHP Pro SQL Injection Vulnerability
    
    Critical:    Moderately critical
    Where:       From remote
    Impact:      Exposure of sensitive information, Exposure of system
    information, Manipulation of data
    Released:    2004-02-04
    
    G00db0y has reported a vulnerability in ReviewPost PHP Pro, allowing
    malicious people to view or manipulate data.
    
    Full Advisory:
    http://www.secunia.com/advisories/10786/
    
     --
    
    [SA10779] Aprox PHP Portal Arbitrary Local File Inclusion
    Vulnerability
    
    Critical:    Moderately critical
    Where:       From remote
    Impact:      Exposure of sensitive information
    Released:    2004-02-04
    
    Zero_X has reported a vulnerability in Aprox PHP Portal, allowing
    malicious people to view the contents of arbitrary local files.
    
    Full Advisory:
    http://www.secunia.com/advisories/10779/
    
     --
    
    [SA10775] ChatterBox Invalid Request Handling Denial of Service
    Vulnerability
    
    Critical:    Moderately critical
    Where:       From remote
    Impact:      DoS
    Released:    2004-02-03
    
    Donato Ferrante has reported a vulnerability in ChatterBox, which can
    be exploited by malicious people to cause a Denial of Service.
    
    Full Advisory:
    http://www.secunia.com/advisories/10775/
    
     --
    
    [SA10770] Tunez Unspecified SQL Injection Vulnerabilities
    
    Critical:    Moderately critical
    Where:       From remote
    Impact:      Manipulation of data, Exposure of system information,
    Exposure of sensitive information
    Released:    2004-02-03
    
    Multiple vulnerabilities have been identified in Tunez, potentially
    allowing malicious people to conduct SQL injection attacks.
    
    Full Advisory:
    http://www.secunia.com/advisories/10770/
    
     --
    
    [SA10769] phpMyAdmin "export.php" Directory Traversal Vulnerability
    
    Critical:    Moderately critical
    Where:       From remote
    Impact:      Exposure of system information, Exposure of sensitive
    information
    Released:    2004-02-03
    
    Cedric Cochin has discovered a vulnerability in phpMyAdmin, allowing
    malicious people to gain knowledge of sensitive information.
    
    Full Advisory:
    http://www.secunia.com/advisories/10769/
    
     --
    
    [SA10766] PhotoPost PHP Pro SQL Injection Vulnerability
    
    Critical:    Moderately critical
    Where:       From remote
    Impact:      Security Bypass
    Released:    2004-02-03
    
    G00db0y has reported a vulnerability in PhotoPost PHP Pro, allowing
    malicious people to view or manipulate data.
    
    Full Advisory:
    http://www.secunia.com/advisories/10766/
    
     --
    
    [SA10763] Caravan Business Server Directory Traversal Vulnerability
    
    Critical:    Moderately critical
    Where:       From remote
    Impact:      Exposure of sensitive information
    Released:    2004-02-02
    
    Dr_insane has reported a vulnerability in Caravan Business Server,
    allowing malicious people to view arbitrary files.
    
    Full Advisory:
    http://www.secunia.com/advisories/10763/
    
     --
    
    [SA10757] PHP-Nuke SQL Injection Vulnerabilities
    
    Critical:    Moderately critical
    Where:       From remote
    Impact:      Security Bypass
    Released:    2004-02-02
    
    Germain Randaxhe has reported multiple vulnerabilities in PHP-Nuke,
    which can be exploited by malicious people to view and manipulate
    sensitive data.
    
    Full Advisory:
    http://www.secunia.com/advisories/10757/
    
     --
    
    [SA10789] Apache mod_digest Cross Realm Replay Security Issue
    
    Critical:    Less critical
    Where:       From remote
    Impact:      Security Bypass, ID Spoofing
    Released:    2004-02-04
    
    Dirk-Willem van Gulik has identified a security issue in Apache
    mod_digest, which potentially can be exploited by malicious people to
    gain unauthorised access to other websites.
    
    Full Advisory:
    http://www.secunia.com/advisories/10789/
    
     --
    
    [SA10785] BugPort Sensitive Information Exposure
    
    Critical:    Less critical
    Where:       From remote
    Impact:      Exposure of system information, Exposure of sensitive
    information
    Released:    2004-02-04
    
    Paul Harris has identified a vulnerability in BugReport, allowing
    malicious people to gain knowledge of sensitive information.
    
    Full Advisory:
    http://www.secunia.com/advisories/10785/
    
     --
    
    [SA10749] Bodington Uploaded File Exposure Vulnerability
    
    Critical:    Less critical
    Where:       From remote
    Impact:      Exposure of sensitive information
    Released:    2004-01-30
    
    A vulnerability has been identified in Bodington, allowing malicious
    people to view uploaded files.
    
    Full Advisory:
    http://www.secunia.com/advisories/10749/
    
     --
    
    [SA10751] WWW::Form Potential Cross-Site Scripting Vulnerability
    
    Critical:    Not critical
    Where:       From remote
    Impact:      Cross Site Scripting
    Released:    2004-01-30
    
    Shlomi Fish has reported a security issue in WWW::Form, potentially
    allowing malicious people to conduct cross-site scripting attacks.
    
    Full Advisory:
    http://www.secunia.com/advisories/10751/
    
    
    
    ========================================================================
    
    Secunia recommends that you verify all advisories you receive,
    by clicking the link.
    Secunia NEVER sends attached files with advisories.
    Secunia does not advise people to install third party patches, only use
    those supplied by the vendor.
    
    Definitions: (Criticality, Where etc.)
    http://www.secunia.com/about_secunia_advisories/
    
    Subscribe:
    http://www.secunia.com/secunia_weekly_summary/
    
    Contact details:
    Web	: http://www.secunia.com/
    E-mail	: support@private
    Tel	: +45 70 20 51 44
    Fax	: +45 70 20 51 45
    
    ========================================================================
    
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomo@private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Fri Feb 06 2004 - 03:24:32 PST