======================================================================== The Secunia Weekly Advisory Summary 2004-02-12 - 2004-02-19 This week : 61 advisories ======================================================================== Table of Contents: 1.....................................................Word From Secunia 2....................................................This Week In Brief 3...............................This Weeks Top Ten Most Read Advisories 4.......................................Vulnerabilities Summary Listing 5.......................................Vulnerabilities Content Listing ======================================================================== 1) Word From Secunia: The Secunia staff is spending hours every day to assure you the best and most reliable source for vulnerability information. Every single vulnerability report is being validated and verified before a Secunia advisory is written. Secunia validates and verifies vulnerability reports in many different ways e.g. by downloading the software and performing comprehensive tests, by reviewing source code, or by validating the credibility of the source from which the vulnerability report was issued. As a result, Secunia's database is the most correct and complete source for recent vulnerability information available on the Internet. Secunia Online Vulnerability Database: http://secunia.com/ ======================================================================== 2) This Week in Brief: Security researcher Paul Starzetz has found a vulnerability in the Linux Kernel, which can be exploited by unprivileged users to execute code with kernel level privileges. This vulnerability affects the latest kernel branches: 2.2.x, 2.4.x and 2.6.x. Two other vulnerabilities have also been corrected in the Linux Kernel. Reference: [SA10897], [SA10911] && [SA10912] A vulnerability has been reported in eTrust Antivirus, which can be exploited to avoid scanning of files attached in emails. A patch is available from the vendor, see the referenced Secunia Advisory. Reference: [SA10874] Sophos Antivirus has been reported vulnerable to a Denial of Service vulnerability. The vulnerability can be exploited by sending a specially crafted email containing an unexpectedly terminated MIME header to a vulnerable system. Reference: [SA10855] TIP: Finding Secunia advisories is easily done through the Secunia web site. Simply enter the SA ID in the URL: http://secunia.com/SA10760 ======================================================================== 3) This Weeks Top Ten Most Read Advisories: 1. [SA10759] Microsoft Windows ASN.1 Library Integer Overflow Vulnerabilities 2. [SA10760] Opera Browser File Download Extension Spoofing 3. [SA10395] Internet Explorer URL Spoofing Vulnerability 4. [SA10736] Internet Explorer File Download Extension Spoofing 5. [SA10796] RealOne Player / RealPlayer Multiple Vulnerabilities 6. [SA10706] Serv-U FTP Server "SITE CHMOD" Command Buffer Overflow Vulnerability 7. [SA10900] Symantec AntiVirus Scan Engine Race Condition Vulnerability 8. [SA10855] Sophos Anti-Virus MIME Header Handling Vulnerability 9. [SA10708] Windows XP Malicious Folder Automatic Code Execution Vulnerability 10. [SA10820] Internet Explorer File Identification Variant ======================================================================== 4) Vulnerabilities Summary Listing Windows: [SA10899] Purge and Purge Jihad Client Buffer Overflow Vulnerabilities [SA10895] RobotFTP Server Buffer Overflow Vulnerability [SA10880] IMail Server LDAP Daemon Buffer Overflow Vulnerability [SA10920] Webstores 2000 SQL Injection and Cross Site Scripting Vulnerabilities [SA10898] ProductCart SQL Injection and Cross Site Scripting Vulnerabilities [SA10894] Sami HTTP Server Denial of Service Vulnerability [SA10883] Sami FTP Server Invalid Command Argument Denial of Service Vulnerability [SA10881] Vizer Web Server Invalid Request Denial of Service Vulnerabilities [SA10879] ASP Portal Multiple Vulnerabilities [SA10874] eTrust Antivirus Zip Archive Virus Detection Bypass Vulnerability [SA10888] FTP Broker Connection Handling Denial of Service Vulnerabilities [SA10861] Macallan Mail Solution Web Interface Authentication Bypass UNIX/Linux: [SA10893] Sun Cobalt update for rsync [SA10914] Mandrake update for metamail [SA10910] Red Hat update for metamail [SA10909] Slackware update for metamail [SA10889] Fedora update for FreeRADIUS [SA10865] Slackware update for mutt [SA10906] Gentoo update for clamav [SA10904] ShopCartCGI Directory Traversal Vulnerability [SA10896] Red Hat update for PWLib [SA10892] Sun Cobalt update for Iptables [SA10890] Sun Cobalt update for gnupg [SA10887] Fedora update for Gaim [SA10886] Gentoo update for phpMyAdmin [SA10882] Crob FTP Server Denial of Service Vulnerability [SA10870] Red Hat update for PWLib [SA10891] Sun Cobalt update for fileutils [SA10917] SuSE update for kernel [SA10916] Astaro update for kernel [SA10915] Red Hat update for kernel [SA10913] Debian update for kernel [SA10912] Linux kernel ncpfs Privilege Escalation Vulnerability [SA10907] Slackware update for kernel [SA10900] Symantec AntiVirus Scan Engine Race Condition Vulnerability [SA10897] Linux Kernel "mremap()" Missing Return Value Checking Privilege Escalation [SA10885] Gentoo update for kernel [SA10877] Immunix update for XFree86 [SA10876] Mandrake update for XFree86 [SA10875] Fedora update for XFree86 [SA10873] Mandrake update for mailman [SA10872] Red Hat update for XFree86 [SA10868] Red Hat update for XFree86 [SA10867] Mailmgr Insecure Temporary File Creation Vulnerabilities [SA10866] Slackware update for XFree86 [SA10864] AIM Sniff Insecure Temporary File Creation Vulnerability [SA10911] Linux Kernel Vicam USB Driver Insecure Userspace Access [SA10871] OpenBSD update for XFree86 Other: [SA10863] Ingate Firewall and SIParator OpenSSL Vulnerabilities [SA10905] APC SmartSlot Web/SNMP Management Card Default Password Cross Platform: [SA10908] Metamail Message Parsing System Compromise Vulnerabilities [SA10901] AllMyPHP Various Products Arbitrary File Inclusion Vulnerabilities [SA10919] Owls Workshop Arbitrary File Retrieval Vulnerabilities [SA10902] Online Store Kit SQL Injection and Cross Site Scripting Vulnerability [SA10884] mnoGoSearch "UdmDocToTextBuf()" Buffer Overflow Vulnerability [SA10878] phpWebSite SQL Injection Vulnerabilities [SA10869] PWLib H.323 Protocol Implementation Vulnerabilities [SA10903] YaBB SE "quote" Parameter SQL Injection Vulnerability [SA10862] phpCodeCabinet Cross-Site Scripting Vulnerabilities ======================================================================== 5) Vulnerabilities Content Listing Windows:-- [SA10899] Purge and Purge Jihad Client Buffer Overflow Vulnerabilities Critical: Highly critical Where: From remote Impact: System access Released: 2004-02-17 Luigi Auriemma has discovered a vulnerability in Purge and Purge Jihad, which can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/10899/ -- [SA10895] RobotFTP Server Buffer Overflow Vulnerability Critical: Highly critical Where: From remote Impact: System access Released: 2004-02-17 gsicht has discovered a vulnerability in RobotFTP Server, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/10895/ -- [SA10880] IMail Server LDAP Daemon Buffer Overflow Vulnerability Critical: Highly critical Where: From remote Impact: System access Released: 2004-02-18 iDEFENSE has reported a vulnerability in IMail Server, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/10880/ -- [SA10920] Webstores 2000 SQL Injection and Cross Site Scripting Vulnerabilities Critical: Moderately critical Where: From remote Impact: Cross Site Scripting, Manipulation of data Released: 2004-02-19 Nick Gudov has reported two vulnerabilities in Webstores 2000, allowing malicious people to conduct Cross Site Scripting and SQL injection attacks. Full Advisory: http://secunia.com/advisories/10920/ -- [SA10898] ProductCart SQL Injection and Cross Site Scripting Vulnerabilities Critical: Moderately critical Where: From remote Impact: Security Bypass Released: 2004-02-17 Nick Gudov has identified two vulnerabilities in ProductCart, allowing malicious people to conduct SQL injection and Cross Site Scripting attacks. Full Advisory: http://secunia.com/advisories/10898/ -- [SA10894] Sami HTTP Server Denial of Service Vulnerability Critical: Moderately critical Where: From remote Impact: DoS Released: 2004-02-17 badpack3t has discovered a vulnerability in Sami HTTP Server, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/10894/ -- [SA10883] Sami FTP Server Invalid Command Argument Denial of Service Vulnerability Critical: Moderately critical Where: From remote Impact: DoS Released: 2004-02-16 intuit has reported a vulnerability in Sami FTP Server, allowing malicious users to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/10883/ -- [SA10881] Vizer Web Server Invalid Request Denial of Service Vulnerabilities Critical: Moderately critical Where: From remote Impact: DoS Released: 2004-02-18 Donato Ferrante has reported some vulnerabilities in Vizer Web Server, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/10881/ -- [SA10879] ASP Portal Multiple Vulnerabilities Critical: Moderately critical Where: From remote Impact: Security Bypass, Cross Site Scripting Released: 2004-02-16 Manuel López has identified multiple vulnerabilities in ASP Portal, allowing malicious people to conduct SQL injection and Cross Site Scripting attacks. Full Advisory: http://secunia.com/advisories/10879/ -- [SA10874] eTrust Antivirus Zip Archive Virus Detection Bypass Vulnerability Critical: Moderately critical Where: From remote Impact: Security Bypass Released: 2004-02-16 A vulnerability has been reported in eTrust Antivirus 7.0, allowing malware to bypass the virus detection. Full Advisory: http://secunia.com/advisories/10874/ -- [SA10888] FTP Broker Connection Handling Denial of Service Vulnerabilities Critical: Less critical Where: From local network Impact: DoS Released: 2004-02-18 Two vulnerabilities have been reported in FTP Broker, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/10888/ -- [SA10861] Macallan Mail Solution Web Interface Authentication Bypass Critical: Not critical Where: From remote Impact: Security Bypass Released: 2004-02-12 Ziv Kamir has reported a security issue in Macallan Mail Solution, which can be exploited by malicious people to bypass certain security mechanisms. Full Advisory: http://secunia.com/advisories/10861/ UNIX/Linux:-- [SA10893] Sun Cobalt update for rsync Critical: Extremely critical Where: From remote Impact: System access Released: 2004-02-17 Sun has issued updated packages for rsync. These fix a vulnerability, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/10893/ -- [SA10914] Mandrake update for metamail Critical: Highly critical Where: From remote Impact: System access Released: 2004-02-19 MandrakeSoft has issued updated packages for metamail. These fix some vulnerabilities, which can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/10914/ -- [SA10910] Red Hat update for metamail Critical: Highly critical Where: From remote Impact: System access Released: 2004-02-18 Red Hat has issued updated packages for metamail. These fix some vulnerabilities, which can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/10910/ -- [SA10909] Slackware update for metamail Critical: Highly critical Where: From remote Impact: System access Released: 2004-02-18 Slackware has issued updated packages for metamail. These fix some vulnerabilities, which can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/10909/ -- [SA10889] Fedora update for FreeRADIUS Critical: Highly critical Where: From remote Impact: System access, DoS Released: 2004-02-17 Red Hat has issued an updated version of FreeRADIUS. This fixes two vulnerabilities, which can be exploited to cause a DoS (Denial of Service) and potentially compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/10889/ -- [SA10865] Slackware update for mutt Critical: Highly critical Where: From remote Impact: DoS, System access Released: 2004-02-13 Slackware has issued updated packages for mutt. These fix a vulnerability which can be exploited to crash the mail client or potentially compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/10865/ -- [SA10906] Gentoo update for clamav Critical: Moderately critical Where: From remote Impact: DoS Released: 2004-02-18 Gentoo has issued an update for clamav. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/10906/ -- [SA10904] ShopCartCGI Directory Traversal Vulnerability Critical: Moderately critical Where: From remote Impact: Exposure of sensitive information Released: 2004-02-17 G00db0y has reported a vulnerability in ShopCartCGI, allowing malicious people to view arbitrary files. Full Advisory: http://secunia.com/advisories/10904/ -- [SA10896] Red Hat update for PWLib Critical: Moderately critical Where: From remote Impact: DoS Released: 2004-02-18 Red Hat has issued updated packages for pwlib. These fix some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/10896/ -- [SA10892] Sun Cobalt update for Iptables Critical: Moderately critical Where: From remote Impact: Released: 2004-02-17 Full Advisory: http://secunia.com/advisories/10892/ -- [SA10890] Sun Cobalt update for gnupg Critical: Moderately critical Where: From remote Impact: Exposure of sensitive information, ID Spoofing Released: 2004-02-17 Sun has issued updated packages for gnupg. These fix a vulnerability, which exposes the private key when using El-Gamal type 20 keys. Full Advisory: http://secunia.com/advisories/10890/ -- [SA10887] Fedora update for Gaim Critical: Moderately critical Where: From remote Impact: System access Released: 2004-02-17 Red Hat has issued updated packages for gaim. These fix multiple vulnerabilities, which potentially can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/10887/ -- [SA10886] Gentoo update for phpMyAdmin Critical: Moderately critical Where: From remote Impact: Exposure of system information, Exposure of sensitive information Released: 2004-02-17 Gentoo has issued updates for phpMyAdmin. These fix a vulnerability allowing malicious people to see sensitive information. Full Advisory: http://secunia.com/advisories/10886/ -- [SA10882] Crob FTP Server Denial of Service Vulnerability Critical: Moderately critical Where: From remote Impact: DoS Released: 2004-02-16 gsicht has reported a vulnerability in Crob FTP Server, allowing malicious people to cause a Denial of Service. Full Advisory: http://secunia.com/advisories/10882/ -- [SA10870] Red Hat update for PWLib Critical: Moderately critical Where: From remote Impact: DoS Released: 2004-02-13 Red Hat has issued updated packages for pwlib. These fix some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/10870/ -- [SA10891] Sun Cobalt update for fileutils Critical: Less critical Where: From remote Impact: DoS Released: 2004-02-17 Sun has issued updated packages for fileutils. These fix two vulnerabilities in the "ls" program, which can be exploited by malicious users to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/10891/ -- [SA10917] SuSE update for kernel Critical: Less critical Where: Local system Impact: Security Bypass, Privilege escalation, DoS Released: 2004-02-19 SuSE has issued updated packages for the kernel. These fix various vulnerabilities, which can be exploited by malicious, local users to gain escalated privileges. Full Advisory: http://secunia.com/advisories/10917/ -- [SA10916] Astaro update for kernel Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2004-02-19 Astaro has issued an updated package for the kernel. This fixes a vulnerability, which can be exploited by malicious, local users to gain escalated privileges. Full Advisory: http://secunia.com/advisories/10916/ -- [SA10915] Red Hat update for kernel Critical: Less critical Where: Local system Impact: Security Bypass, Privilege escalation, DoS Released: 2004-02-19 Red Hat has issued updated packages for the kernel. These fix various vulnerabilities, which can be exploited by malicious people to gain escalated privileges. Full Advisory: http://secunia.com/advisories/10915/ -- [SA10913] Debian update for kernel Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2004-02-18 Debian has issued updated packages for the kernel. These fix some vulnerabilities, which can be exploited by malicious users to escalate their privileges. Full Advisory: http://secunia.com/advisories/10913/ -- [SA10912] Linux kernel ncpfs Privilege Escalation Vulnerability Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2004-02-19 Arjan van de Ven has discovered a vulnerability in the Linux kernel, allowing malicious, local users to gain escalated privileges on a vulnerable system. Full Advisory: http://secunia.com/advisories/10912/ -- [SA10907] Slackware update for kernel Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2004-02-18 Slackware has issued updated packages for the kernel. These fix a vulnerability, which can be exploited by malicious, local users to gain escalated privileges. Full Advisory: http://secunia.com/advisories/10907/ -- [SA10900] Symantec AntiVirus Scan Engine Race Condition Vulnerability Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2004-02-17 Dr. Peter Bieringer has reported a vulnerability in Symantec AntiVirus Scan Engine, which can be exploited by malicious, local users to perform certain actions on a vulnerable system with escalated privileges. Full Advisory: http://secunia.com/advisories/10900/ -- [SA10897] Linux Kernel "mremap()" Missing Return Value Checking Privilege Escalation Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2004-02-18 Paul Starzetz has reported a vulnerability in the Linux kernel, which can be exploited by malicious, local users to gain escalated privileges on a vulnerable system. Full Advisory: http://secunia.com/advisories/10897/ -- [SA10885] Gentoo update for kernel Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2004-02-17 Gentoo has issued updated kernel packages. These fix a vulnerability, allowing malicious users to escalate their privileges through a vulnerability in the 32-bit ptrace emulation. Full Advisory: http://secunia.com/advisories/10885/ -- [SA10877] Immunix update for XFree86 Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2004-02-16 Immunix has issued updated packages for XFree86. These fix some vulnerabilities, which potentially can be exploited by malicious, local users to escalate their privileges on a vulnerable system. Full Advisory: http://secunia.com/advisories/10877/ -- [SA10876] Mandrake update for XFree86 Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2004-02-16 MandrakeSoft has issued updated packages for XFree86. These fix some vulnerabilities, which potentially can be exploited by malicious, local users to escalate their privileges on a vulnerable system. Full Advisory: http://secunia.com/advisories/10876/ -- [SA10875] Fedora update for XFree86 Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2004-02-16 Red Hat has issued updated packages for XFree86. These fix some vulnerabilities, which potentially can be exploited by malicious, local users to escalate their privileges on a vulnerable system. Full Advisory: http://secunia.com/advisories/10875/ -- [SA10873] Mandrake update for mailman Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2004-02-16 MandrakeSoft has issued updated packages for mailman. These fix three vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting attacks or crash the mailman process. Full Advisory: http://secunia.com/advisories/10873/ -- [SA10872] Red Hat update for XFree86 Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2004-02-16 Red Hat has issued updated packages for XFree86. These fix some vulnerabilities, which potentially can be exploited by malicious, local users to escalate their privileges on a vulnerable system. Full Advisory: http://secunia.com/advisories/10872/ -- [SA10868] Red Hat update for XFree86 Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2004-02-13 Red Hat has issued updated packages for XFree86. These fix some vulnerabilities, which potentially can be exploited by malicious, local users to escalate their privileges on a vulnerable system. Full Advisory: http://secunia.com/advisories/10868/ -- [SA10867] Mailmgr Insecure Temporary File Creation Vulnerabilities Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2004-02-13 Marco van Berkum has reported some vulnerabilities in mailmgr, which can be exploited by malicious, local users to perform certain actions on a vulnerable system with escalated privileges. Full Advisory: http://secunia.com/advisories/10867/ -- [SA10866] Slackware update for XFree86 Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2004-02-13 Slackware has issued an update for XFree86. This fixes a vulnerability, which potentially can be exploited by malicious users to escalate their privileges on a vulnerable system. Full Advisory: http://secunia.com/advisories/10866/ -- [SA10864] AIM Sniff Insecure Temporary File Creation Vulnerability Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2004-02-12 A vulnerability has been identified in AIM Sniff, allowing malicious, local users to escalate their privileges. Full Advisory: http://secunia.com/advisories/10864/ -- [SA10911] Linux Kernel Vicam USB Driver Insecure Userspace Access Critical: Not critical Where: Local system Impact: Security Bypass, DoS Released: 2004-02-19 A vulnerability has been reported in the Linux kernel, which can be exploited by malicious, local users to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/10911/ -- [SA10871] OpenBSD update for XFree86 Critical: Not critical Where: Local system Impact: DoS Released: 2004-02-16 OpenBSD Project has issued patches, which fix some vulnerabilities in XFree86. These can be exploited by malicious, local users to crash the X server on a vulnerable system. Full Advisory: http://secunia.com/advisories/10871/ Other:-- [SA10863] Ingate Firewall and SIParator OpenSSL Vulnerabilities Critical: Moderately critical Where: From remote Impact: DoS Released: 2004-02-12 Ingate has acknowledged some OpenSSL vulnerabilities in their Ingate Firewall and SIParator products, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/10863/ -- [SA10905] APC SmartSlot Web/SNMP Management Card Default Password Critical: Moderately critical Where: From local network Impact: System access Released: 2004-02-18 Dave Tarbatt has reported a security issue in APC SmartSlot Web/SNMP Management Card, allowing malicious people to log into the device. Full Advisory: http://secunia.com/advisories/10905/ Cross Platform:-- [SA10908] Metamail Message Parsing System Compromise Vulnerabilities Critical: Highly critical Where: From remote Impact: System access Released: 2004-02-18 Ulf Härnhammar has discovered some vulnerabilities in Metamail, which can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/10908/ -- [SA10901] AllMyPHP Various Products Arbitrary File Inclusion Vulnerabilities Critical: Highly critical Where: From remote Impact: System access Released: 2004-02-17 Mad_Skater has identified multiple vulnerabilities in AllMyGuests, AllMyLinks, and AllMyVisitors, allowing malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/10901/ -- [SA10919] Owls Workshop Arbitrary File Retrieval Vulnerabilities Critical: Moderately critical Where: From remote Impact: Exposure of sensitive information Released: 2004-02-19 G00db0y has reported vulnerabilities in Owls, allowing malicious people to retrieve arbitrary files. Full Advisory: http://secunia.com/advisories/10919/ -- [SA10902] Online Store Kit SQL Injection and Cross Site Scripting Vulnerability Critical: Moderately critical Where: From remote Impact: Security Bypass Released: 2004-02-17 David Sopas Ferreira has reported a vulnerability in Online Store Kit, allowing malicious people to conduct SQL injection and Cross Site Scripting attacks. Full Advisory: http://secunia.com/advisories/10902/ -- [SA10884] mnoGoSearch "UdmDocToTextBuf()" Buffer Overflow Vulnerability Critical: Moderately critical Where: From remote Impact: DoS, System access Released: 2004-02-16 Frank Denis has reported a vulnerability in mnoGoSearch, which potentially can be exploited by malicious people to cause a DoS (Denial of Service) or compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/10884/ -- [SA10878] phpWebSite SQL Injection Vulnerabilities Critical: Moderately critical Where: From remote Impact: Manipulation of data, Exposure of system information, Exposure of sensitive information Released: 2004-02-16 David Sopas Ferreira has identified some vulnerabilities in phpWebSite, allowing malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/10878/ -- [SA10869] PWLib H.323 Protocol Implementation Vulnerabilities Critical: Moderately critical Where: From remote Impact: DoS Released: 2004-02-13 The OpenH323 Project has acknowledged some vulnerabilities in PWLib, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/10869/ -- [SA10903] YaBB SE "quote" Parameter SQL Injection Vulnerability Critical: Less critical Where: From remote Impact: Security Bypass Released: 2004-02-17 BackSpace has reported a vulnerability in YaBB SE, allowing malicious users to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/10903/ -- [SA10862] phpCodeCabinet Cross-Site Scripting Vulnerabilities Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2004-02-12 Yao-Wen has discovered some vulnerabilities in phpCodeCabinet, allowing malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/10862/ ======================================================================== Secunia recommends that you verify all advisories you receive, by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Subscribe: http://secunia.com/secunia_weekly_summary/ Contact details: Web : http://secunia.com/ E-mail : support@private Tel : +45 70 20 51 44 Fax : +45 70 20 51 45 ======================================================================== - ISN is currently hosted by Attrition.org To unsubscribe email majordomo@private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Mon Feb 23 2004 - 17:41:21 PST