[ISN] Secunia Weekly Summary - Issue: 2004-12

From: InfoSec News (isn@private)
Date: Fri Mar 19 2004 - 03:40:27 PST

  • Next message: InfoSec News: "[ISN] STATE REVENUE DEPARTMENT: Agency's computer security too lax"

    ========================================================================
    
                      The Secunia Weekly Advisory Summary                  
                            2004-03-11 - 2004-03-18                        
    
                           This week : 53 advisories                       
    
    ========================================================================
    Table of Contents:
    
    1.....................................................Word From Secunia
    2....................................................This Week In Brief
    3...............................This Weeks Top Ten Most Read Advisories
    4.......................................Vulnerabilities Summary Listing
    5.......................................Vulnerabilities Content Listing
    
    ========================================================================
    1) Word From Secunia:
    
    The Secunia staff is spending hours every day to assure you the best
    and most reliable source for vulnerability information. Every single 
    vulnerability report is being validated and verified before a Secunia
    advisory is written.
    
    Secunia validates and verifies vulnerability reports in many different
    ways e.g. by downloading the software and performing comprehensive
    tests, by reviewing source code, or by validating the credibility of
    the source from which the vulnerability report was issued.
    
    As a result, Secunia's database is the most correct and complete source
    for recent vulnerability information available on the Internet.
    
    Secunia Online Vulnerability Database:
    http://secunia.com/
    
    ========================================================================
    2) This Week in Brief:
    
    New OpenSSL packages have been released to address 3 different
    vulnerabilities, which can be exploited to cause a Denial of Service
    on vulnerable systems.
    
    Many vendors have already updated their products. However, many other
    vendors will propably also issue updates for their products within a
    short time. Please refer to http://secunia.com for further information
    regarding updates for your products.
    
    The initial Secunia advisory regarding the vulnerabilities in OpenSSL
    is referenced below.
    
    Reference:
    http://secunia.com/SA11139
    
    
    A vulnerability was reported in the popular FTP client WS_FTP Pro,
    which could be exploited by a malicious FTP server to compromise a
    connected client.
    
    Currently, no solution is available from the vendor.
    
    Reference:
    http://secunia.com/SA11136
    
    
    Security Research Luigi Auriemma has reported a vulnerability in the
    Unreal Engine from Epic Games. The Unreal Engine is used in many
    multi player games from different vendors, many games may be affected
    by this vulnerability. Please refer to referenced Secunia Advisory for
    more information about possible affected games.
    
    Reference:
    http://secunia.com/SA11108
    
    ========================================================================
    3) This Weeks Top Ten Most Read Advisories:
    
    1.  [SA10395] Internet Explorer URL Spoofing Vulnerability
    2.  [SA11111] cPanel Password Reset Command Injection Vulnerability
    3.  [SA11139] OpenSSL SSL/TLS Handshake Denial of Service
                  Vulnerabilities
    4.  [SA11046] Norton AntiVirus 2002 Virus Detection Bypass Issue
    5.  [SA10736] Internet Explorer File Download Extension Spoofing
    6.  [SA11127] SPIP "forum.php3" PHP Code Injection Vulnerability
    7.  [SA11119] Novell Groupwise WebAccess Insecure Default Configuration
    8.  [SA11124] cPanel Login Command Injection Vulnerability
    9.  [SA11092] Apache mod_ssl HTTP Request Denial of Service
                  Vulnerability
    10. [SA10706] Serv-U FTP Server "SITE CHMOD" Command Buffer Overflow
                  Vulnerability
    
    ========================================================================
    4) Vulnerabilities Summary Listing
    
    Windows:
    [SA11159] GlobalSCAPE Secure FTP Server "SITE" Command Vulnerability
    [SA11136] WS_FTP Pro Directory Listing Buffer Overflow Vulnerability
    [SA11132] Macromedia ColdFusion MX / JRun SOAP Request Denial of
    Service
    [SA11120] AntiGen for Domino Encrypted Zip File Denial of Service
    [SA11131] CA Unicenter TNG Daemons Buffer Overflow Vulnerabilities
    [SA11143] IBM Lotus Domino Server Quick Console Cross-Site Scripting
    
    UNIX/Linux:
    [SA11124] cPanel Login Command Injection Vulnerability
    [SA11155] Red Hat update for Mozilla
    [SA11154] OpenBSD update for OpenSSL
    [SA11153] Gentoo update for OpenSSL
    [SA11152] Slackware update for OpenSSL
    [SA11151] Debian update for OpenSSL
    [SA11150] FreeBSD update for OpenSSL
    [SA11149] Mandrake update for OpenSSL
    [SA11148] EnGarde update for OpenSSL
    [SA11147] Red Hat update for OpenSSL
    [SA11146] SuSE update for OpenSSL
    [SA11144] Red Hat update for OpenSSL
    [SA11125] OpenPKG update for uudeview
    [SA11103] Mandrake update for Mozilla
    [SA11116] OpenBSD update for httpd
    [SA11113] Chaogic Systems vHost Unspecified Cross-Site Scripting
    Vulnerability
    [SA11123] Macromedia Multiple Products Privilege Escalation
    Vulnerability
    [SA11117] Debian update for samba
    [SA11115] Debian update for xitalk
    [SA11114] xitalk Privilege Escalation Vulnerability
    [SA11109] Debian update for Calife
    [SA11107] Debian update for sysstat
    [SA11106] Red Hat update for sysstat
    [SA11105] Sysstat Insecure Temporary File Creation Vulnerability
    [SA11137] Debian update for gdk-pixbuf
    [SA11104] Red Hat update for nfs-utils
    
    Other:
    [SA11119] Novell Groupwise WebAccess Insecure Default Configuration
    
    Cross Platform:
    [SA11134] 4nAlbum Multiple Vulnerabilities
    [SA11127] SPIP "forum.php3" PHP Code Injection Vulnerability
    [SA11118] Oracle Web Cache Unspecified Client Request Handling
    Vulnerabilities
    [SA11111] cPanel Password Reset Command Injection Vulnerability
    [SA11108] Unreal Engine Class Name Format String Vulnerability
    [SA11145] Cisco Multiple Products OpenSSL Denial of Service
    Vulnerability
    [SA11141] Fizmez Web Server Connection Denial of Service Vulnerability
    [SA11140] Mambo Cross Site Scripting and SQL Injection Vulnerabilities
    [SA11139] OpenSSL SSL/TLS Handshake Denial of Service Vulnerabilities
    [SA11138] mod_security POST Request Processing Off-By-One
    Vulnerability
    [SA11133] 4nGuestbook "x" Parameter SQL Injection and Cross-Site
    Scripting
    [SA11130] Sun Java System Application Server SOAP Request Denial of
    Service
    [SA11122] Pegasi Web Server Directory Traversal and Cross-Site
    Scripting
    [SA11121] phpBB SQL Injection and Cross Site Scripting Vulnerabilities
    [SA11112] CFWebstore SQL Injection and Cross-Site Scripting
    Vulnerabilities
    [SA11126] HP Web Based Management Anonymous Certificate Upload
    Vulnerability
    [SA11142] vBulletin Cross-Site Scripting Vulnerabilities
    [SA11135] PHP-Nuke Cross Site Scripting Vulnerabilities
    [SA11128] YaBB / YaBB SE Formatting Tag Cross-Site Scripting
    Vulnerability
    [SA11110] Emumail Webmail Cross Site Scripting Vulnerability
    
    ========================================================================
    5) Vulnerabilities Content Listing
    
    Windows:--
    
    [SA11159] GlobalSCAPE Secure FTP Server "SITE" Command Vulnerability
    
    Critical:    Moderately critical
    Where:       From remote
    Impact:      DoS
    Released:    2004-03-18
    
    STORM has reported a vulnerability in GlobalSCAPE Secure FTP Server,
    which can be exploited by malicious users to cause a DoS (Denial of
    Service).
    
    Full Advisory:
    http://secunia.com/advisories/11159/
    
     --
    
    [SA11136] WS_FTP Pro Directory Listing Buffer Overflow Vulnerability
    
    Critical:    Moderately critical
    Where:       From remote
    Impact:      DoS, System access
    Released:    2004-03-17
    
    A vulnerability has been reported in WS_FTP Pro, which can be exploited
    by malicious people to cause a DoS (Denial-of-Service) on the
    application and potentially compromise a user's system.
    
    Full Advisory:
    http://secunia.com/advisories/11136/
    
     --
    
    [SA11132] Macromedia ColdFusion MX / JRun SOAP Request Denial of
    Service
    
    Critical:    Moderately critical
    Where:       From remote
    Impact:      DoS
    Released:    2004-03-16
    
    Amit Klein has discovered a vulnerability in ColdFusion MX and JRun,
    which can be exploited by malicious people to cause a DoS
    (Denial-of-Service).
    
    Full Advisory:
    http://secunia.com/advisories/11132/
    
     --
    
    [SA11120] AntiGen for Domino Encrypted Zip File Denial of Service
    
    Critical:    Moderately critical
    Where:       From remote
    Impact:      DoS
    Released:    2004-03-15
    
    A vulnerability has been reported in AntiGen for Domino, which can be
    exploited by malicious people to cause a DoS (Denial of Service).
    
    Full Advisory:
    http://secunia.com/advisories/11120/
    
     --
    
    [SA11131] CA Unicenter TNG Daemons Buffer Overflow Vulnerabilities
    
    Critical:    Moderately critical
    Where:       From local network
    Impact:      System access
    Released:    2004-03-16
    
    Dave Aitel of Immunity has reported some vulnerabilities in CA
    Unicenter TNG, which can be exploited by malicious people to compromise
    a vulnerable system.
    
    Full Advisory:
    http://secunia.com/advisories/11131/
    
     --
    
    [SA11143] IBM Lotus Domino Server Quick Console Cross-Site Scripting
    
    Critical:    Less critical
    Where:       From remote
    Impact:      Cross Site Scripting
    Released:    2004-03-17
    
    Dr_insane has reported a vulnerability in IBM Lotus Domino, which can
    be exploited by malicious people to conduct cross-site scripting
    attacks.
    
    Full Advisory:
    http://secunia.com/advisories/11143/
    
    
    UNIX/Linux:--
    
    [SA11124] cPanel Login Command Injection Vulnerability
    
    Critical:    Highly critical
    Where:       From remote
    Impact:      System access
    Released:    2004-03-15
    
    Arab VieruZ has reported a vulnerability in cPanel, allowing malicious
    people to execute certain system commands on a vulnerable system.
    
    Full Advisory:
    http://secunia.com/advisories/11124/
    
     --
    
    [SA11155] Red Hat update for Mozilla
    
    Critical:    Moderately critical
    Where:       From remote
    Impact:      Security Bypass, Cross Site Scripting, DoS, System access
    Released:    2004-03-18
    
    Red Hat has issued updated packages for mozilla, which fixes various
    vulnerabilities.
    
    Full Advisory:
    http://secunia.com/advisories/11155/
    
     --
    
    [SA11154] OpenBSD update for OpenSSL
    
    Critical:    Moderately critical
    Where:       From remote
    Impact:      DoS
    Released:    2004-03-18
    
    OpenBSD has issued a patch for OpenSSL. This fixes a vulnerability,
    which can be exploited by malicious people to cause a DoS
    (Denial-of-Service).
    
    Full Advisory:
    http://secunia.com/advisories/11154/
    
     --
    
    [SA11153] Gentoo update for OpenSSL
    
    Critical:    Moderately critical
    Where:       From remote
    Impact:      DoS
    Released:    2004-03-18
    
    Gentoo has issued updated packages for OpenSSL. These fix three
    vulnerabilities, which can be exploited by malicious people to cause a
    DoS (Denial-of-Service).
    
    Full Advisory:
    http://secunia.com/advisories/11153/
    
     --
    
    [SA11152] Slackware update for OpenSSL
    
    Critical:    Moderately critical
    Where:       From remote
    Impact:      DoS
    Released:    2004-03-18
    
    Slackware has issued updated packages for OpenSSL. These fix two
    vulnerabilities, which can be exploited by malicious people to cause a
    DoS (Denial-of-Service).
    
    Full Advisory:
    http://secunia.com/advisories/11152/
    
     --
    
    [SA11151] Debian update for OpenSSL
    
    Critical:    Moderately critical
    Where:       From remote
    Impact:      DoS
    Released:    2004-03-18
    
    Debian has issued updated packages for OpenSSL. These fix two
    vulnerabilities, which can be exploited by malicious people to cause a
    DoS (Denial-of-Service).
    
    Full Advisory:
    http://secunia.com/advisories/11151/
    
     --
    
    [SA11150] FreeBSD update for OpenSSL
    
    Critical:    Moderately critical
    Where:       From remote
    Impact:      DoS
    Released:    2004-03-18
    
    FreeBSD has issued a patch for OpenSSL. This fixes a vulnerability,
    which can be exploited by malicious people to cause a DoS
    (Denial-of-Service).
    
    Full Advisory:
    http://secunia.com/advisories/11150/
    
     --
    
    [SA11149] Mandrake update for OpenSSL
    
    Critical:    Moderately critical
    Where:       From remote
    Impact:      DoS
    Released:    2004-03-18
    
    MandrakeSoft has issued updated packages for OpenSSL. These fix two
    vulnerabilities, which can be exploited by malicious people to cause a
    DoS (Denial-of-Service).
    
    Full Advisory:
    http://secunia.com/advisories/11149/
    
     --
    
    [SA11148] EnGarde update for OpenSSL
    
    Critical:    Moderately critical
    Where:       From remote
    Impact:      DoS
    Released:    2004-03-18
    
    Guardian Digital has issued updated packages for OpenSSL. These fix two
    vulnerabilities, which can be exploited by malicious people to cause a
    DoS (Denial-of-Service).
    
    Full Advisory:
    http://secunia.com/advisories/11148/
    
     --
    
    [SA11147] Red Hat update for OpenSSL
    
    Critical:    Moderately critical
    Where:       From remote
    Impact:      DoS
    Released:    2004-03-18
    
    Red Hat has issued updated packages for OpenSSL. These fix three
    vulnerabilities, which can be exploited by malicious people to cause a
    DoS (Denial-of-Service).
    
    Full Advisory:
    http://secunia.com/advisories/11147/
    
     --
    
    [SA11146] SuSE update for OpenSSL
    
    Critical:    Moderately critical
    Where:       From remote
    Impact:      DoS
    Released:    2004-03-18
    
    SuSE has issued updated packages for OpenSSL. These fix two
    vulnerabilities, which can be exploited by malicious people to cause a
    DoS (Denial-of-Service).
    
    Full Advisory:
    http://secunia.com/advisories/11146/
    
     --
    
    [SA11144] Red Hat update for OpenSSL
    
    Critical:    Moderately critical
    Where:       From remote
    Impact:      DoS
    Released:    2004-03-17
    
    Red Hat has issued updated packages for OpenSSL. These fix two
    vulnerabilities, which can be exploited by malicious people to cause a
    DoS (Denial-of-Service).
    
    Full Advisory:
    http://secunia.com/advisories/11144/
    
     --
    
    [SA11125] OpenPKG update for uudeview
    
    Critical:    Moderately critical
    Where:       From remote
    Impact:      System access
    Released:    2004-03-15
    
    OpenPKG has issued updated packages for uudeview. These fix a
    vulnerability, which potentially can be exploited by malicious people
    to compromise a user's system.
    
    Full Advisory:
    http://secunia.com/advisories/11125/
    
     --
    
    [SA11103] Mandrake update for Mozilla
    
    Critical:    Moderately critical
    Where:       From remote
    Impact:      Security Bypass, Exposure of sensitive information, DoS,
    System access
    Released:    2004-03-11
    
    MandrakeSoft has issued updated packages for Mozilla. These fix various
    older vulnerabilities, which can be exploited by malicious people to
    disclose users' proxy server credentials, bypass certain cookie path
    restrictions, cause a DoS (Denial of Service), and potentially
    compromise a user's system.
    
    Full Advisory:
    http://secunia.com/advisories/11103/
    
     --
    
    [SA11116] OpenBSD update for httpd
    
    Critical:    Less critical
    Where:       From remote
    Impact:      Security Bypass
    Released:    2004-03-15
    
    OpenBSD has issued patches for httpd. These fix a vulnerability, which
    can be exploited by malicious people to bypass certain restrictions on
    sparc64 systems.
    
    Full Advisory:
    http://secunia.com/advisories/11116/
    
     --
    
    [SA11113] Chaogic Systems vHost Unspecified Cross-Site Scripting
    Vulnerability
    
    Critical:    Less critical
    Where:       From remote
    Impact:      Cross Site Scripting
    Released:    2004-03-12
    
    An unspecified vulnerability has been reported in Chaogic Systems
    vHost, which can be exploited by  malicious people to conduct
    cross-site scripting attacks.
    
    Full Advisory:
    http://secunia.com/advisories/11113/
    
     --
    
    [SA11123] Macromedia Multiple Products Privilege Escalation
    Vulnerability
    
    Critical:    Less critical
    Where:       Local system
    Impact:      Privilege escalation
    Released:    2004-03-15
    
    Chris Irvine has discovered a vulnerability in Macromedia MX 2004
    products, which can be exploited by malicious, local users to escalate
    their privileges.
    
    Full Advisory:
    http://secunia.com/advisories/11123/
    
     --
    
    [SA11117] Debian update for samba
    
    Critical:    Less critical
    Where:       Local system
    Impact:      Privilege escalation
    Released:    2004-03-15
    
    Debian has issued updated packages for Samba. These fix a
    vulnerability, which can be exploited by malicious, local users to gain
    escalated privileges.
    
    Full Advisory:
    http://secunia.com/advisories/11117/
    
     --
    
    [SA11115] Debian update for xitalk
    
    Critical:    Less critical
    Where:       Local system
    Impact:      Privilege escalation
    Released:    2004-03-12
    
    Debian has issued updated packages for xitalk. These fix a
    vulnerability, which can be exploited by malicious, local users to gain
    group "utmp" privileges on a vulnerable system.
    
    Full Advisory:
    http://secunia.com/advisories/11115/
    
     --
    
    [SA11114] xitalk Privilege Escalation Vulnerability
    
    Critical:    Less critical
    Where:       Local system
    Impact:      Privilege escalation
    Released:    2004-03-12
    
    Steve Kemp has reported a vulnerability in xitalk, which can be
    exploited by malicious, local users to gain escalated privileges.
    
    Full Advisory:
    http://secunia.com/advisories/11114/
    
     --
    
    [SA11109] Debian update for Calife
    
    Critical:    Less critical
    Where:       Local system
    Impact:      Privilege escalation
    Released:    2004-03-12
    
    Debian has issued updated packages for Calife. These fix a
    vulnerability, which potentially can be exploited by malicious, local
    users to escalate their privileges on a vulnerable system.
    
    Full Advisory:
    http://secunia.com/advisories/11109/
    
     --
    
    [SA11107] Debian update for sysstat
    
    Critical:    Less critical
    Where:       Local system
    Impact:      Privilege escalation
    Released:    2004-03-11
    
    Debian has issued updated packages for sysstat. These fix a
    vulnerability, which can be exploited by malicious, local users to gain
    escalated privileges.
    
    Full Advisory:
    http://secunia.com/advisories/11107/
    
     --
    
    [SA11106] Red Hat update for sysstat
    
    Critical:    Less critical
    Where:       Local system
    Impact:      Privilege escalation
    Released:    2004-03-11
    
    Red Hat has issued updated packages for sysstat. These fix a
    vulnerability, allowing malicious local users to escalate their
    privileges.
    
    Full Advisory:
    http://secunia.com/advisories/11106/
    
     --
    
    [SA11105] Sysstat Insecure Temporary File Creation Vulnerability
    
    Critical:    Less critical
    Where:       Local system
    Impact:      Privilege escalation
    Released:    2004-03-11
    
    A vulnerability has been discovered in sysstat, which can be exploited
    by malicious, local users to escalate their privileges.
    
    Full Advisory:
    http://secunia.com/advisories/11105/
    
     --
    
    [SA11137] Debian update for gdk-pixbuf
    
    Critical:    Not critical
    Where:       From remote
    Impact:      DoS
    Released:    2004-03-16
    
    Debian has issued updated packages for gdk-pixbuf. These fix a
    vulnerability, which can be exploited by malicious people to crash
    certain applications like Evolution on a vulnerable system.
    
    Full Advisory:
    http://secunia.com/advisories/11137/
    
     --
    
    [SA11104] Red Hat update for nfs-utils
    
    Critical:    Not critical
    Where:       From local network
    Impact:      DoS
    Released:    2004-03-11
    
    Red Hat has issued updated packages for nfs-utils. These fix a
    vulnerability, which can be exploited by malicious people to crash
    rpc.mountd.
    
    Full Advisory:
    http://secunia.com/advisories/11104/
    
    
    Other:--
    
    [SA11119] Novell Groupwise WebAccess Insecure Default Configuration
    
    Critical:    Moderately critical
    Where:       From remote
    Impact:      System access
    Released:    2004-03-15
    
    A security issue has been reported in GroupWise 6 and 6.5 WebAccess,
    which potentially can be exploited by malicious people to gain
    unauthorised access to a vulnerable server.
    
    Full Advisory:
    http://secunia.com/advisories/11119/
    
    
    Cross Platform:--
    
    [SA11134] 4nAlbum Multiple Vulnerabilities
    
    Critical:    Highly critical
    Where:       From remote
    Impact:      Cross Site Scripting, Manipulation of data, Exposure of
    sensitive information, System access
    Released:    2004-03-16
    
    Janek Vind "waraxe" has reported some vulnerabilities in 4nAlbum, where
    the most critical can be exploited by malicious people to compromise a
    vulnerable system.
    
    Full Advisory:
    http://secunia.com/advisories/11134/
    
     --
    
    [SA11127] SPIP "forum.php3" PHP Code Injection Vulnerability
    
    Critical:    Highly critical
    Where:       From remote
    Impact:      System access
    Released:    2004-03-15
    
    SIMON Baptiste has discovered a vulnerability in SPIP, allowing
    malicious people to inject arbitrary PHP code.
    
    Full Advisory:
    http://secunia.com/advisories/11127/
    
     --
    
    [SA11118] Oracle Web Cache Unspecified Client Request Handling
    Vulnerabilities
    
    Critical:    Highly critical
    Where:       From remote
    Impact:      
    Released:    2004-03-15
    
    Oracle has reported that multiple vulnerabilities have been discovered
    in Oracle Web Cache.
    
    Full Advisory:
    http://secunia.com/advisories/11118/
    
     --
    
    [SA11111] cPanel Password Reset Command Injection Vulnerability
    
    Critical:    Highly critical
    Where:       From remote
    Impact:      System access
    Released:    2004-03-12
    
    Arab VieruZ has discovered a vulnerability in cPanel, allowing
    malicious people to execute certain system commands on a vulnerable
    system.
    
    Full Advisory:
    http://secunia.com/advisories/11111/
    
     --
    
    [SA11108] Unreal Engine Class Name Format String Vulnerability
    
    Critical:    Highly critical
    Where:       From remote
    Impact:      System access
    Released:    2004-03-11
    
    Luigi Auriemma has reported a vulnerability in the Unreal engine, which
    can be exploited by malicious people to cause a DoS (Denial of Service)
    and potentially compromise a vulnerable server.
    
    Full Advisory:
    http://secunia.com/advisories/11108/
    
     --
    
    [SA11145] Cisco Multiple Products OpenSSL Denial of Service
    Vulnerability
    
    Critical:    Moderately critical
    Where:       From remote
    Impact:      DoS
    Released:    2004-03-17
    
    Cisco has confirmed a vulnerability in various products, which can be
    exploited by malicious people to cause a DoS (Denial of Service).
    
    Full Advisory:
    http://secunia.com/advisories/11145/
    
     --
    
    [SA11141] Fizmez Web Server Connection Denial of Service Vulnerability
    
    Critical:    Moderately critical
    Where:       From remote
    Impact:      DoS
    Released:    2004-03-17
    
    Donato Ferrante has reported a vulnerability in Fizmez Web Server,
    which can be exploited by malicious people to cause a DoS
    (Denial-of-Service).
    
    Full Advisory:
    http://secunia.com/advisories/11141/
    
     --
    
    [SA11140] Mambo Cross Site Scripting and SQL Injection Vulnerabilities
    
    Critical:    Moderately critical
    Where:       From remote
    Impact:      Exposure of system information, Exposure of sensitive
    information, Manipulation of data, Cross Site Scripting
    Released:    2004-03-17
    
    JeiAr has discovered some vulnerabilities in Mambo, allowing malicious
    people to conduct SQL injection and Cross Site Scripting attacks.
    
    Full Advisory:
    http://secunia.com/advisories/11140/
    
     --
    
    [SA11139] OpenSSL SSL/TLS Handshake Denial of Service Vulnerabilities
    
    Critical:    Moderately critical
    Where:       From remote
    Impact:      DoS
    Released:    2004-03-17
    
    Three vulnerabilities have been discovered in OpenSSL, which can be
    exploited by malicious people to cause a DoS (Denial-of-Service).
    
    Full Advisory:
    http://secunia.com/advisories/11139/
    
     --
    
    [SA11138] mod_security POST Request Processing Off-By-One
    Vulnerability
    
    Critical:    Moderately critical
    Where:       From remote
    Impact:      DoS, System access
    Released:    2004-03-17
    
    Evgeny Legerov has discovered a vulnerability in mod_security, which
    can be exploited by malicious people to cause a DoS (Denial-of-Service)
    and potentially compromise a vulnerable system.
    
    Full Advisory:
    http://secunia.com/advisories/11138/
    
     --
    
    [SA11133] 4nGuestbook "x" Parameter SQL Injection and Cross-Site
    Scripting
    
    Critical:    Moderately critical
    Where:       From remote
    Impact:      Manipulation of data
    Released:    2004-03-16
    
    Janek Vind "waraxe" has reported a vulnerability in 4nGuestbook,
    allowing malicious people to conduct SQL injection and Cross Site
    Scripting attacks.
    
    Full Advisory:
    http://secunia.com/advisories/11133/
    
     --
    
    [SA11130] Sun Java System Application Server SOAP Request Denial of
    Service
    
    Critical:    Moderately critical
    Where:       From remote
    Impact:      DoS
    Released:    2004-03-16
    
    Amit Klein has discovered a vulnerability in Sun Java System
    Application Server, which can be exploited by malicious people to cause
    a DoS (Denial-of-Service).
    
    Full Advisory:
    http://secunia.com/advisories/11130/
    
     --
    
    [SA11122] Pegasi Web Server Directory Traversal and Cross-Site
    Scripting
    
    Critical:    Moderately critical
    Where:       From remote
    Impact:      Cross Site Scripting, Exposure of system information,
    Exposure of sensitive information
    Released:    2004-03-15
    
    Donato Ferrante has discovered some vulnerabilities in Pegasi Web
    Server, which can be exploited to conduct cross-site scripting and
    directory traversal attacks.
    
    Full Advisory:
    http://secunia.com/advisories/11122/
    
     --
    
    [SA11121] phpBB SQL Injection and Cross Site Scripting Vulnerabilities
    
    Critical:    Moderately critical
    Where:       From remote
    Impact:      Cross Site Scripting, Manipulation of data
    Released:    2004-03-15
    
    Some vulnerabilities have been reported in phpBB, allowing malicious
    people to conduct Cross Site Scripting and SQL injection attacks.
    
    Full Advisory:
    http://secunia.com/advisories/11121/
    
     --
    
    [SA11112] CFWebstore SQL Injection and Cross-Site Scripting
    Vulnerabilities
    
    Critical:    Moderately critical
    Where:       From remote
    Impact:      Security Bypass, Cross Site Scripting, Manipulation of
    data, Exposure of system information, Exposure of sensitive
    information
    Released:    2004-03-12
    
    Nick Gudov has reported some vulnerabilities in CFWebstore, which can
    be exploited by malicious people to conduct cross-site scripting and
    SQL injection attacks.
    
    Full Advisory:
    http://secunia.com/advisories/11112/
    
     --
    
    [SA11126] HP Web Based Management Anonymous Certificate Upload
    Vulnerability
    
    Critical:    Moderately critical
    Where:       From local network
    Impact:      System access
    Released:    2004-03-15
    
    Dave Aitel has discovered a vulnerability in HP HTTP server, allowing
    malicious people to gain access to administrative functions.
    
    Full Advisory:
    http://secunia.com/advisories/11126/
    
     --
    
    [SA11142] vBulletin Cross-Site Scripting Vulnerabilities
    
    Critical:    Less critical
    Where:       From remote
    Impact:      Cross Site Scripting
    Released:    2004-03-17
    
    JeiAr has reported some vulnerabilities in vBulletin, which can be
    exploited by malicious people to conduct cross-site scripting attacks.
    
    Full Advisory:
    http://secunia.com/advisories/11142/
    
     --
    
    [SA11135] PHP-Nuke Cross Site Scripting Vulnerabilities
    
    Critical:    Less critical
    Where:       From remote
    Impact:      Cross Site Scripting
    Released:    2004-03-16
    
    Janek Vind "waraxe" has reported some vulnerabilities in PHP-Nuke,
    allowing malicious people to conduct Cross Site Scripting attacks.
    
    Full Advisory:
    http://secunia.com/advisories/11135/
    
     --
    
    [SA11128] YaBB / YaBB SE Formatting Tag Cross-Site Scripting
    Vulnerability
    
    Critical:    Less critical
    Where:       From remote
    Impact:      Cross Site Scripting
    Released:    2004-03-16
    
    Cheng Peng Su has reported a vulnerability in YaBB and YaBB SE,
    allowing malicious people to conduct cross-site scripting attacks.
    
    Full Advisory:
    http://secunia.com/advisories/11128/
    
     --
    
    [SA11110] Emumail Webmail Cross Site Scripting Vulnerability
    
    Critical:    Less critical
    Where:       From remote
    Impact:      Cross Site Scripting, Exposure of sensitive information
    Released:    2004-03-12
    
    Dr_insane has reported some vulnerabilities in Emumail Webmail,
    allowing malicious people to conduct Cross Site Scripting attacks and
    see the installation path.
    
    Full Advisory:
    http://secunia.com/advisories/11110/
    
    
    
    ========================================================================
    
    Secunia recommends that you verify all advisories you receive,
    by clicking the link.
    Secunia NEVER sends attached files with advisories.
    Secunia does not advise people to install third party patches, only use
    those supplied by the vendor.
    
    Definitions: (Criticality, Where etc.)
    http://secunia.com/about_secunia_advisories/
    
    Subscribe:
    http://secunia.com/secunia_weekly_summary/
    
    Contact details:
    Web	: http://secunia.com/
    E-mail	: support@private
    Tel	: +45 70 20 51 44
    Fax	: +45 70 20 51 45
    
    ========================================================================
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomo@private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Fri Mar 19 2004 - 06:24:28 PST