[ISN] Secunia Weekly Summary - Issue: 2004-10

From: InfoSec News (isn@private)
Date: Thu Mar 04 2004 - 03:08:41 PST

  • Next message: InfoSec News: "[ISN] Donner turns up heat on computer hackers"

    ========================================================================
    
                      The Secunia Weekly Advisory Summary                  
                            2004-02-26 - 2004-03-04                        
    
                           This week : 52 advisories                       
    
    ========================================================================
    Table of Contents:
    
    1.....................................................Word From Secunia
    2....................................................This Week In Brief
    3...............................This Weeks Top Ten Most Read Advisories
    4.......................................Vulnerabilities Summary Listing
    5.......................................Vulnerabilities Content Listing
    
    ========================================================================
    1) Word From Secunia:
    
    The Secunia staff is spending hours every day to assure you the best
    and most reliable source for vulnerability information. Every single 
    vulnerability report is being validated and verified before a Secunia
    advisory is written.
    
    Secunia validates and verifies vulnerability reports in many different
    ways e.g. by downloading the software and performing comprehensive
    tests, by reviewing source code, or by validating the credibility of
    the source from which the vulnerability report was issued.
    
    As a result, Secunia's database is the most correct and complete source
    for recent vulnerability information available on the Internet.
    
    Secunia Online Vulnerability Database:
    http://secunia.com/
    
    ========================================================================
    2) This Week in Brief:
    
    Another vulnerability has been reported in Internet Explorer, which can
    be exploited by malicious people to bypass certain frame scripting
    restrictions.
    
    Microsoft has not acknowledged this as a vulnerability and no solution
    is therefore available. However, a knowledge base article has been
    published; see referenced Secunia advisory.
    Reference: [SA10996]
    
    A vulnerability has been reported in the UUDeview package, which can be
    exploited by malicious people through a specially crafted MIME archive,
    to execute arbitrary code on a vulnerable user's system. WinZIP 
    includes the UUDeview package and is therefore also vulnerable.
    Reference: [SA10995] & [SA11019]
    
    TIP:
    Finding Secunia advisories is easily done through the Secunia web site.
    Simply enter the SA ID in the URL:
    http://secunia.com/SA11019
    
    ========================================================================
    3) This Weeks Top Ten Most Read Advisories:
    
    1.  [SA10395] Internet Explorer URL Spoofing Vulnerability
    2.  [SA10995] WinZip MIME Archive Parsing Buffer Overflow Vulnerability
    3.  [SA11012] Apple Filing Protocol Insecure Implementation
    4.  [SA10968] Microsoft Windows Enhanced/Windows Metafile Handling
                  Vulnerability
    5.  [SA10994] Dell OpenManage Server Administrator Heap Overflow
                  Vulnerability
    6.  [SA10996] Internet Explorer Cross Frame Scripting Restriction
                  Bypass
    7.  [SA10706] Serv-U FTP Server "SITE CHMOD" Command Buffer Overflow
                  Vulnerability
    8.  [SA10988] ISS Multiple Products SMB Packet Handling Buffer Overflow
                  Vulnerability
    9.  [SA10736] Internet Explorer File Download Extension Spoofing
    10. [SA10980] Mozilla Cross-Site Scripting Vulnerability
    
    ========================================================================
    4) Vulnerabilities Summary Listing
    
    Windows:
    [SA11029] 1st Class Mail Server "APOP" Digest Parameter Buffer Overflow
    Vulnerability
    [SA11003] IA WebMail Server Multiple Vulnerabilities
    [SA11001] WFTPD Server/Pro Server Multiple Vulnerabilities
    [SA10998] Red Faction Server Reply Buffer Overflow Vulnerability
    [SA11027] SkyHigh Chat Server Multiple Connection Denial of Service
    [SA11002] ArGoSoft FTP Server Multiple Vulnerabilities
    [SA10995] WinZip MIME Archive Parsing Buffer Overflow Vulnerability
    [SA10989] Serv-U FTP Server MDTM Command Buffer Overflow Vulnerability
    [SA10996] Internet Explorer Cross Frame Scripting Restriction Bypass
    [SA10990] Symantec Gateway Security Cross Site Scripting Vulnerability
    [SA11014] Novell Client Firewall Privilege Escalation Vulnerability
    [SA11015] Magic Winmail Server Path Disclosure
    [SA11007] 602Pro LANSuite Exposure of Installation Path
    [SA11016] XBoard "-icshost" Command Line Option Buffer Overflow
    Vulnerability
    
    UNIX/Linux:
    [SA11031] OpenLinux update for rsync
    [SA11036] Mandrake update for pwlib
    [SA11035] Mandrake update for libxml2
    [SA11033] OpenLinux update for gnupg
    [SA11032] OpenLinux update for tcpdump
    [SA11023] FreeBSD Out-of-Sequence TCP Packet Denial of Service
    Vulnerability
    [SA11022] Fedora update for tcpdump
    [SA11020] Fedora update for pwlib
    [SA11012] Apple Filing Protocol Insecure Implementation
    [SA11005] Debian update for libapache-mod-python
    [SA10999] Anubis Unspecified Vulnerabilities
    [SA10993] eXtremail User Authentication Bypass Vulnerability
    [SA10986] Red Hat update for libxml2
    [SA11021] OpenLinux update for fileutils
    [SA11017] ignitionServer Operator Privilege Escalation Vulnerability
    [SA11030] OpenLinux update for screen
    [SA11004] Calife Password Heap Overflow Privilege Escalation
    Vulnerability
    [SA10997] FreeBSD "jail_attach()" Jail Shifting Vulnerability
    [SA10992] Sun Solaris "passwd" Privilege Escalation Vulnerability
    [SA10991] Sun Solaris "conv_fix" Privilege Escalation Vulnerability
    [SA10987] Smoothwall update for kernel
    [SA11011] Debian update for xboing
    [SA11010] xboing Potential Privilege Escalation Vulnerabilities
    
    Other:
    [SA11025] NetScreen-SA Cross Site Scripting Vulnerability
    [SA11024] Motorola T720 Denial of Service Vulnerability
    [SA11034] Nortel WLAN Access Point 2200 Denial of Service
    [SA11026] SonicWALL Internal IP Address Enumeration Weakness
    [SA11013] Symantec Firewall / VPN 100/200/200R Exposure of Password
    
    Cross Platform:
    [SA10994] Dell OpenManage Server Administrator Heap Overflow
    Vulnerability
    [SA11019] UUDeview Parameter Parsing Buffer Overflow Vulnerability
    [SA11008] Invision Power Board "st" Parameter SQL Injection
    Vulnerability
    [SA11000] Intel NetStructure Products H.323 Protocol Implementation
    Vulnerabilities
    [SA10988] ISS Multiple Products SMB Packet Handling Buffer Overflow
    Vulnerability
    [SA11028] SandSurfer Cross-Site Scripting Vulnerabilities
    [SA11018] Hot Open Tickets User Privilege Escalation Vulnerability
    [SA11009] iG FREE Shopping Cart "type_id" Parameter Input Validation
    Error
    [SA11006] phpBB "postorder" Parameter Cross Site Scripting
    Vulnerability
    
    ========================================================================
    5) Vulnerabilities Content Listing
    
    Windows:--
    
    [SA11029] 1st Class Mail Server "APOP" Digest Parameter Buffer Overflow
    Vulnerability
    
    Critical:    Highly critical
    Where:       From remote
    Impact:      System access
    Released:    2004-03-03
    
    JeFFOsZ has discovered a vulnerability in 1st Class Mail Server, which
    can be exploited by malicious people to compromise a vulnerable
    system.
    
    Full Advisory:
    http://secunia.com/advisories/11029/
    
     --
    
    [SA11003] IA WebMail Server Multiple Vulnerabilities
    
    Critical:    Highly critical
    Where:       From remote
    Impact:      Cross Site Scripting, ID Spoofing, DoS, System access
    Released:    2004-03-01
    
    Dr_insane has reported multiple vulnerabilities in IA WebMail Server,
    which potentially can be exploited by malicious people to compromise a
    vulnerable system, cause a DoS (Denial of Service), conduct cross-site
    scripting attacks, or spoof a sender's identity.
    
    Full Advisory:
    http://secunia.com/advisories/11003/
    
     --
    
    [SA11001] WFTPD Server/Pro Server Multiple Vulnerabilities
    
    Critical:    Highly critical
    Where:       From remote
    Impact:      DoS, System access
    Released:    2004-03-01
    
    axl has discovered multiple vulnerabilities in WFTPD Server and WFTPD
    Pro Server, which can be exploited by malicious users to compromise a
    vulnerable system and cause a DoS (Denial of Service).
    
    Full Advisory:
    http://secunia.com/advisories/11001/
    
     --
    
    [SA10998] Red Faction Server Reply Buffer Overflow Vulnerability
    
    Critical:    Highly critical
    Where:       From remote
    Impact:      System access
    Released:    2004-03-01
    
    Luigi Auriemma has reported a vulnerability in Red Faction, which
    potentially can be exploited by malicious people to compromise a user's
    system.
    
    Full Advisory:
    http://secunia.com/advisories/10998/
    
     --
    
    [SA11027] SkyHigh Chat Server Multiple Connection Denial of Service
    
    Critical:    Moderately critical
    Where:       From remote
    Impact:      DoS
    Released:    2004-03-03
    
    Donato Ferrante has reported a vulnerability in SkyHigh Chat Server,
    allowing malicious people to cause a DoS (Denial of Service).
    
    Full Advisory:
    http://secunia.com/advisories/11027/
    
     --
    
    [SA11002] ArGoSoft FTP Server Multiple Vulnerabilities
    
    Critical:    Moderately critical
    Where:       From remote
    Impact:      System access, DoS, Exposure of system information
    Released:    2004-03-01
    
    STORM has discovered multiple vulnerabilities in ArGoSoft FTP Server,
    which can be exploited by malicious users to determine the existence of
    files, cause a DoS (Denial of Service), or compromise a vulnerable
    system.
    
    Full Advisory:
    http://secunia.com/advisories/11002/
    
     --
    
    [SA10995] WinZip MIME Archive Parsing Buffer Overflow Vulnerability
    
    Critical:    Moderately critical
    Where:       From remote
    Impact:      System access
    Released:    2004-02-27
    
    iDEFENSE has reported a vulnerability in WinZip, which potentially can
    be exploited by malicious people to compromise a user's system.
    
    Full Advisory:
    http://secunia.com/advisories/10995/
    
     --
    
    [SA10989] Serv-U FTP Server MDTM Command Buffer Overflow Vulnerability
    
    Critical:    Moderately critical
    Where:       From remote
    Impact:      System access
    Released:    2004-02-27
    
    bkbll has reported a vulnerability in Serv-U FTP Server, which can be
    exploited by malicious users to gain system access.
    
    Full Advisory:
    http://secunia.com/advisories/10989/
    
     --
    
    [SA10996] Internet Explorer Cross Frame Scripting Restriction Bypass
    
    Critical:    Less critical
    Where:       From remote
    Impact:      Security Bypass, Exposure of sensitive information
    Released:    2004-02-27
    
    iDEFENSE has reported a vulnerability in Internet Explorer, which can
    be exploited by malicious people to bypass certain frame scripting
    restrictions.
    
    Full Advisory:
    http://secunia.com/advisories/10996/
    
     --
    
    [SA10990] Symantec Gateway Security Cross Site Scripting Vulnerability
    
    Critical:    Less critical
    Where:       From remote
    Impact:      Cross Site Scripting
    Released:    2004-02-27
    
    Brian Soby has discovered a vulnerability in Symantec Gateway Security,
    allowing malicious people to conduct Cross Site Scripting attacks.
    
    Full Advisory:
    http://secunia.com/advisories/10990/
    
     --
    
    [SA11014] Novell Client Firewall Privilege Escalation Vulnerability
    
    Critical:    Less critical
    Where:       Local system
    Impact:      Privilege escalation
    Released:    2004-03-02
    
    Novell has reported that Novell Client Firewall (NCF) is affected by a
    vulnerability, which can be exploited by malicious, local users to gain
    escalated privileges.
    
    Full Advisory:
    http://secunia.com/advisories/11014/
    
     --
    
    [SA11015] Magic Winmail Server Path Disclosure
    
    Critical:    Not critical
    Where:       From remote
    Impact:      Exposure of sensitive information
    Released:    2004-03-02
    
    Dr_insane has reported a security issue in Magic Winmail Server,
    allowing malicious people to see the installation path.
    
    Full Advisory:
    http://secunia.com/advisories/11015/
    
     --
    
    [SA11007] 602Pro LANSuite Exposure of Installation Path
    
    Critical:    Not critical
    Where:       From remote
    Impact:      Exposure of system information
    Released:    2004-03-01
    
    Rafel Ivgi has reported some issues in 602Pro LANSuite, where one of
    these allows malicious people to gain knowledge of the installation
    path.
    
    Full Advisory:
    http://secunia.com/advisories/11007/
    
     --
    
    [SA11016] XBoard "-icshost" Command Line Option Buffer Overflow
    Vulnerability
    
    Critical:    Not critical
    Where:       Local system
    Impact:      Privilege escalation
    Released:    2004-03-02
    
    narkotix has reported a vulnerability in XBoard, which potentially may
    allow malicious, local users to gain escalated privileges.
    
    Full Advisory:
    http://secunia.com/advisories/11016/
    
    
    UNIX/Linux:--
    
    [SA11031] OpenLinux update for rsync
    
    Critical:    Extremely critical
    Where:       From remote
    Impact:      System access
    Released:    2004-03-03
    
    SCO has issued updated packages for rsync. These fix an old
    vulnerability, which can be exploited by malicious people to compromise
    a vulnerable system.
    
    Full Advisory:
    http://secunia.com/advisories/11031/
    
     --
    
    [SA11036] Mandrake update for pwlib
    
    Critical:    Moderately critical
    Where:       From remote
    Impact:      DoS
    Released:    2004-03-04
    
    Mandrake has issued updated packages for pwlib. These fix some
    vulnerabilities, which can be exploited by malicious people to cause a
    DoS (Denial of Service).
    
    Full Advisory:
    http://secunia.com/advisories/11036/
    
     --
    
    [SA11035] Mandrake update for libxml2
    
    Critical:    Moderately critical
    Where:       From remote
    Impact:      System access
    Released:    2004-03-04
    
    Mandrake has issued updated packages for libxml2. These fix some
    vulnerabilities, which potentially can be exploited by malicious people
    to compromise a vulnerable system.
    
    Full Advisory:
    http://secunia.com/advisories/11035/
    
     --
    
    [SA11033] OpenLinux update for gnupg
    
    Critical:    Moderately critical
    Where:       From remote
    Impact:      ID Spoofing, Exposure of sensitive information
    Released:    2004-03-03
    
    SCO has issued updated packages for gnupg. These fix a vulnerability,
    which exposes the private key when using El-Gamal type 20 keys.
    
    Full Advisory:
    http://secunia.com/advisories/11033/
    
     --
    
    [SA11032] OpenLinux update for tcpdump
    
    Critical:    Moderately critical
    Where:       From remote
    Impact:      DoS, System access
    Released:    2004-03-03
    
    SCO has issued updated packages for tcpdump. These fix three
    vulnerabilities, which can be exploited by malicious people to cause a
    DoS (Denial of Service) and potentially compromise a system running
    tcpdump.
    
    Full Advisory:
    http://secunia.com/advisories/11032/
    
     --
    
    [SA11023] FreeBSD Out-of-Sequence TCP Packet Denial of Service
    Vulnerability
    
    Critical:    Moderately critical
    Where:       From remote
    Impact:      DoS
    Released:    2004-03-03
    
    Alexander Cuttergo has discovered a vulnerability in FreeBSD, which can
    be exploited by malicious people to cause a DoS (Denial of Service).
    
    Full Advisory:
    http://secunia.com/advisories/11023/
    
     --
    
    [SA11022] Fedora update for tcpdump
    
    Critical:    Moderately critical
    Where:       From remote
    Impact:      DoS, System access
    Released:    2004-03-03
    
    Red Hat has issued updated packages for tcpdump. These fix three
    vulnerabilities, which can be exploited by malicious people to cause a
    DoS (Denial of Service) and potentially compromise a system running
    tcpdump.
    
    Full Advisory:
    http://secunia.com/advisories/11022/
    
     --
    
    [SA11020] Fedora update for pwlib
    
    Critical:    Moderately critical
    Where:       From remote
    Impact:      DoS
    Released:    2004-03-02
    
    Red Hat has issued updated packages for pwlib. These fix some
    vulnerabilities, which can be exploited by malicious people to cause a
    DoS (Denial of Service).
    
    Full Advisory:
    http://secunia.com/advisories/11020/
    
     --
    
    [SA11012] Apple Filing Protocol Insecure Implementation
    
    Critical:    Moderately critical
    Where:       From remote
    Impact:      Exposure of sensitive information
    Released:    2004-03-01
    
    Chris Adams has reported a vulnerability in Mac OS X, which may allow
    malicious people to gain knowledge of sensitive data like user
    credentials.
    
    Full Advisory:
    http://secunia.com/advisories/11012/
    
     --
    
    [SA11005] Debian update for libapache-mod-python
    
    Critical:    Moderately critical
    Where:       From remote
    Impact:      DoS
    Released:    2004-03-01
    
    Debian has issued updated packages for libapache-mod-python. These fix
    a vulnerability, which can be exploited by malicious people to cause a
    Denial of Service.
    
    Full Advisory:
    http://secunia.com/advisories/11005/
    
     --
    
    [SA10999] Anubis Unspecified Vulnerabilities
    
    Critical:    Moderately critical
    Where:       From remote
    Impact:      System access
    Released:    2004-03-01
    
    Two vulnerabilities have been reported in Anubis, which potentially can
    be exploited by malicious people to compromise a vulnerable system.
    
    Full Advisory:
    http://secunia.com/advisories/10999/
    
     --
    
    [SA10993] eXtremail User Authentication Bypass Vulnerability
    
    Critical:    Moderately critical
    Where:       From remote
    Impact:      Security Bypass
    Released:    2004-03-03
    
    Andrey Smirnov has reported a vulnerability in eXtremail, allowing
    malicious people to bypass user authentication.
    
    Full Advisory:
    http://secunia.com/advisories/10993/
    
     --
    
    [SA10986] Red Hat update for libxml2
    
    Critical:    Moderately critical
    Where:       From remote
    Impact:      System access
    Released:    2004-02-27
    
    Red Hat has issued updated packages for libxml2. These fix some
    vulnerabilities, which potentially can be exploited by malicious people
    to compromise a vulnerable system.
    
    Full Advisory:
    http://secunia.com/advisories/10986/
    
     --
    
    [SA11021] OpenLinux update for fileutils
    
    Critical:    Less critical
    Where:       From remote
    Impact:      DoS
    Released:    2004-03-03
    
    SCO has issued updated packages for fileutils. These fix two
    vulnerabilities in the "ls" program, which can be exploited by
    malicious users to cause a DoS (Denial of Service).
    
    Full Advisory:
    http://secunia.com/advisories/11021/
    
     --
    
    [SA11017] ignitionServer Operator Privilege Escalation Vulnerability
    
    Critical:    Less critical
    Where:       From remote
    Impact:      Privilege escalation
    Released:    2004-03-02
    
    A vulnerability has been reported in ignitionServer, which can be
    exploited by certain malicious users to gain escalated privileges.
    
    Full Advisory:
    http://secunia.com/advisories/11017/
    
     --
    
    [SA11030] OpenLinux update for screen
    
    Critical:    Less critical
    Where:       Local system
    Impact:      Privilege escalation
    Released:    2004-03-03
    
    SCO has issued updated packages for screen. These fix a vulnerability,
    which potentially may allow malicious, local users to escalate their
    privileges.
    
    Full Advisory:
    http://secunia.com/advisories/11030/
    
     --
    
    [SA11004] Calife Password Heap Overflow Privilege Escalation
    Vulnerability
    
    Critical:    Less critical
    Where:       Local system
    Impact:      Privilege escalation
    Released:    2004-03-01
    
    Leon Juranic has discovered a vulnerability in Calife, which
    potentially can be exploited by malicious, local users to gain
    escalated privileges on a vulnerable system.
    
    Full Advisory:
    http://secunia.com/advisories/11004/
    
     --
    
    [SA10997] FreeBSD "jail_attach()" Jail Shifting Vulnerability
    
    Critical:    Less critical
    Where:       Local system
    Impact:      Privilege escalation, Security Bypass
    Released:    2004-03-01
    
    JAS Group has discovered a vulnerability in FreeBSD, which may allow
    malicious processes to bypass certain restrictions.
    
    Full Advisory:
    http://secunia.com/advisories/10997/
    
     --
    
    [SA10992] Sun Solaris "passwd" Privilege Escalation Vulnerability
    
    Critical:    Less critical
    Where:       Local system
    Impact:      Privilege escalation
    Released:    2004-02-27
    
    Tim Wort has discovered a vulnerability in Solaris, which can be
    exploited by malicious, local users to gain escalated privileges.
    
    Full Advisory:
    http://secunia.com/advisories/10992/
    
     --
    
    [SA10991] Sun Solaris "conv_fix" Privilege Escalation Vulnerability
    
    Critical:    Less critical
    Where:       Local system
    Impact:      Privilege escalation
    Released:    2004-02-27
    
    A vulnerability has been reported in Solaris, which potentially can be
    exploited by malicious, local users to gain escalated privileges.
    
    Full Advisory:
    http://secunia.com/advisories/10991/
    
     --
    
    [SA10987] Smoothwall update for kernel
    
    Critical:    Less critical
    Where:       Local system
    Impact:      Privilege escalation
    Released:    2004-02-27
    
    The SmoothWall Open Source Project has issued an updated package for
    the kernel. This fixes a vulnerability, which can be exploited by
    malicious, local users to gain escalated privileges.
    
    Full Advisory:
    http://secunia.com/advisories/10987/
    
     --
    
    [SA11011] Debian update for xboing
    
    Critical:    Not critical
    Where:       From remote
    Impact:      Privilege escalation
    Released:    2004-03-01
    
    Debian has issued updated packages for xboing. These fix some
    vulnerabilities, which can be exploited by malicious, local users to
    escalate their privileges.
    
    Full Advisory:
    http://secunia.com/advisories/11011/
    
     --
    
    [SA11010] xboing Potential Privilege Escalation Vulnerabilities
    
    Critical:    Not critical
    Where:       Local system
    Impact:      Privilege escalation
    Released:    2004-03-01
    
    Steve Kemp has discovered some vulnerabilities in xboing, potentially
    allowing malicious, local users to gain escalated privileges.
    
    Full Advisory:
    http://secunia.com/advisories/11010/
    
    
    Other:--
    
    [SA11025] NetScreen-SA Cross Site Scripting Vulnerability
    
    Critical:    Less critical
    Where:       From remote
    Impact:      Cross Site Scripting
    Released:    2004-03-03
    
    Mark Lachniet has reported a vulnerability in NetScreen-SA 5000 Series,
    allowing malicious people to conduct Cross Site Scripting attacks.
    
    Full Advisory:
    http://secunia.com/advisories/11025/
    
     --
    
    [SA11024] Motorola T720 Denial of Service Vulnerability
    
    Critical:    Less critical
    Where:       From remote
    Impact:      DoS
    Released:    2004-03-03
    
    Shaun Colley has reported a vulnerability in Motorola T720, allowing
    malicious people to cause a Denial of Service.
    
    Full Advisory:
    http://secunia.com/advisories/11024/
    
     --
    
    [SA11034] Nortel WLAN Access Point 2200 Denial of Service
    
    Critical:    Not critical
    Where:       From local network
    Impact:      DoS
    Released:    2004-03-03
    
    Mark Ludwik has reported a vulnerability in Nortel WLAN Access Point
    2200, allowing malicious people to cause a Denial of Service.
    
    Full Advisory:
    http://secunia.com/advisories/11034/
    
     --
    
    [SA11026] SonicWALL Internal IP Address Enumeration Weakness
    
    Critical:    Not critical
    Where:       From local network
    Impact:      Exposure of system information
    Released:    2004-03-03
    
    xeno has reported a weakness in SonicWALL, allowing malicious people to
    enumerate internal IP addresses.
    
    Full Advisory:
    http://secunia.com/advisories/11026/
    
     --
    
    [SA11013] Symantec Firewall / VPN 100/200/200R Exposure of Password
    
    Critical:    Not critical
    Where:       Local system
    Impact:      Exposure of sensitive information
    Released:    2004-03-02
    
    Davide Del Vecchio has discovered a security issue in Symantec Firewall
    / VPN 100/200/200R, possibly allowing malicious users to see
    passwords.
    
    Full Advisory:
    http://secunia.com/advisories/11013/
    
    
    Cross Platform:--
    
    [SA10994] Dell OpenManage Server Administrator Heap Overflow
    Vulnerability
    
    Critical:    Highly critical
    Where:       From remote
    Impact:      DoS, System access
    Released:    2004-02-27
    
    wirepair has reported a vulnerability in the Dell OpenManage Server
    Administrator, which potentially can be exploited by malicious people
    to compromise a vulnerable system.
    
    Full Advisory:
    http://secunia.com/advisories/10994/
    
     --
    
    [SA11019] UUDeview Parameter Parsing Buffer Overflow Vulnerability
    
    Critical:    Moderately critical
    Where:       From remote
    Impact:      System access
    Released:    2004-03-02
    
    The developer of UUDeview has acknowledged a vulnerability reported by
    iDEFENSE, which potentially can be exploited by malicious people to
    compromise a user's system.
    
    Full Advisory:
    http://secunia.com/advisories/11019/
    
     --
    
    [SA11008] Invision Power Board "st" Parameter SQL Injection
    Vulnerability
    
    Critical:    Moderately critical
    Where:       From remote
    Impact:      Security Bypass
    Released:    2004-03-01
    
    Knight Commander has reported a vulnerability in Invision Power Board,
    allowing malicious people to conduct SQL injection attacks.
    
    Full Advisory:
    http://secunia.com/advisories/11008/
    
     --
    
    [SA11000] Intel NetStructure Products H.323 Protocol Implementation
    Vulnerabilities
    
    Critical:    Moderately critical
    Where:       From remote
    Impact:      DoS
    Released:    2004-03-02
    
    Intel has acknowledged that various NetStructure products are affected
    by the recently reported vulnerabilities in various vendors' H.323
    protocol implementations.
    
    Full Advisory:
    http://secunia.com/advisories/11000/
    
     --
    
    [SA10988] ISS Multiple Products SMB Packet Handling Buffer Overflow
    Vulnerability
    
    Critical:    Moderately critical
    Where:       From local network
    Impact:      System access
    Released:    2004-02-27
    
    eEye Digital Security has discovered a vulnerability in multiple ISS
    products, which can be exploited by malicious people to compromise a
    vulnerable system.
    
    Full Advisory:
    http://secunia.com/advisories/10988/
    
     --
    
    [SA11028] SandSurfer Cross-Site Scripting Vulnerabilities
    
    Critical:    Less critical
    Where:       From remote
    Impact:      Cross Site Scripting
    Released:    2004-03-03
    
    Some vulnerabilities have been identified in SandSurfer, allowing
    malicious people to conduct cross-site scripting attacks.
    
    Full Advisory:
    http://secunia.com/advisories/11028/
    
     --
    
    [SA11018] Hot Open Tickets User Privilege Escalation Vulnerability
    
    Critical:    Less critical
    Where:       From remote
    Impact:      Privilege escalation
    Released:    2004-03-02
    
    A vulnerability has been reported in Hot Open Tickets, allowing
    malicious users to escalate their privileges.
    
    Full Advisory:
    http://secunia.com/advisories/11018/
    
     --
    
    [SA11009] iG FREE Shopping Cart "type_id" Parameter Input Validation
    Error
    
    Critical:    Less critical
    Where:       From remote
    Impact:      Cross Site Scripting
    Released:    2004-03-01
    
    David Sopas Ferreira has discovered a vulnerability in iG FREE Shopping
    Cart, allowing malicious people to conduct Cross Site Scripting and SQL
    Injection attacks.
    
    Full Advisory:
    http://secunia.com/advisories/11009/
    
     --
    
    [SA11006] phpBB "postorder" Parameter Cross Site Scripting
    Vulnerability
    
    Critical:    Less critical
    Where:       From remote
    Impact:      Cross Site Scripting
    Released:    2004-03-01
    
    Cheng Peng Su has reported a vulnerability in phpBB, allowing malicious
    people to conduct Cross Site Scripting attacks.
    
    Full Advisory:
    http://secunia.com/advisories/11006/
    
    
    
    ========================================================================
    
    Secunia recommends that you verify all advisories you receive,
    by clicking the link.
    Secunia NEVER sends attached files with advisories.
    Secunia does not advise people to install third party patches, only use
    those supplied by the vendor.
    
    Definitions: (Criticality, Where etc.)
    http://secunia.com/about_secunia_advisories/
    
    Subscribe:
    http://secunia.com/secunia_weekly_summary/
    
    Contact details:
    Web	: http://secunia.com/
    E-mail	: support@private
    Tel	: +45 70 20 51 44
    Fax	: +45 70 20 51 45
    
    ========================================================================
    
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomo@private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Thu Mar 04 2004 - 05:23:57 PST