========================================================================
The Secunia Weekly Advisory Summary
2004-03-11 - 2004-03-18
This week : 53 advisories
========================================================================
Table of Contents:
1.....................................................Word From Secunia
2....................................................This Week In Brief
3...............................This Weeks Top Ten Most Read Advisories
4.......................................Vulnerabilities Summary Listing
5.......................................Vulnerabilities Content Listing
========================================================================
1) Word From Secunia:
The Secunia staff is spending hours every day to assure you the best
and most reliable source for vulnerability information. Every single
vulnerability report is being validated and verified before a Secunia
advisory is written.
Secunia validates and verifies vulnerability reports in many different
ways e.g. by downloading the software and performing comprehensive
tests, by reviewing source code, or by validating the credibility of
the source from which the vulnerability report was issued.
As a result, Secunia's database is the most correct and complete source
for recent vulnerability information available on the Internet.
Secunia Online Vulnerability Database:
http://secunia.com/
========================================================================
2) This Week in Brief:
New OpenSSL packages have been released to address 3 different
vulnerabilities, which can be exploited to cause a Denial of Service
on vulnerable systems.
Many vendors have already updated their products. However, many other
vendors will propably also issue updates for their products within a
short time. Please refer to http://secunia.com for further information
regarding updates for your products.
The initial Secunia advisory regarding the vulnerabilities in OpenSSL
is referenced below.
Reference:
http://secunia.com/SA11139
A vulnerability was reported in the popular FTP client WS_FTP Pro,
which could be exploited by a malicious FTP server to compromise a
connected client.
Currently, no solution is available from the vendor.
Reference:
http://secunia.com/SA11136
Security Research Luigi Auriemma has reported a vulnerability in the
Unreal Engine from Epic Games. The Unreal Engine is used in many
multi player games from different vendors, many games may be affected
by this vulnerability. Please refer to referenced Secunia Advisory for
more information about possible affected games.
Reference:
http://secunia.com/SA11108
========================================================================
3) This Weeks Top Ten Most Read Advisories:
1. [SA10395] Internet Explorer URL Spoofing Vulnerability
2. [SA11111] cPanel Password Reset Command Injection Vulnerability
3. [SA11139] OpenSSL SSL/TLS Handshake Denial of Service
Vulnerabilities
4. [SA11046] Norton AntiVirus 2002 Virus Detection Bypass Issue
5. [SA10736] Internet Explorer File Download Extension Spoofing
6. [SA11127] SPIP "forum.php3" PHP Code Injection Vulnerability
7. [SA11119] Novell Groupwise WebAccess Insecure Default Configuration
8. [SA11124] cPanel Login Command Injection Vulnerability
9. [SA11092] Apache mod_ssl HTTP Request Denial of Service
Vulnerability
10. [SA10706] Serv-U FTP Server "SITE CHMOD" Command Buffer Overflow
Vulnerability
========================================================================
4) Vulnerabilities Summary Listing
Windows:
[SA11159] GlobalSCAPE Secure FTP Server "SITE" Command Vulnerability
[SA11136] WS_FTP Pro Directory Listing Buffer Overflow Vulnerability
[SA11132] Macromedia ColdFusion MX / JRun SOAP Request Denial of
Service
[SA11120] AntiGen for Domino Encrypted Zip File Denial of Service
[SA11131] CA Unicenter TNG Daemons Buffer Overflow Vulnerabilities
[SA11143] IBM Lotus Domino Server Quick Console Cross-Site Scripting
UNIX/Linux:
[SA11124] cPanel Login Command Injection Vulnerability
[SA11155] Red Hat update for Mozilla
[SA11154] OpenBSD update for OpenSSL
[SA11153] Gentoo update for OpenSSL
[SA11152] Slackware update for OpenSSL
[SA11151] Debian update for OpenSSL
[SA11150] FreeBSD update for OpenSSL
[SA11149] Mandrake update for OpenSSL
[SA11148] EnGarde update for OpenSSL
[SA11147] Red Hat update for OpenSSL
[SA11146] SuSE update for OpenSSL
[SA11144] Red Hat update for OpenSSL
[SA11125] OpenPKG update for uudeview
[SA11103] Mandrake update for Mozilla
[SA11116] OpenBSD update for httpd
[SA11113] Chaogic Systems vHost Unspecified Cross-Site Scripting
Vulnerability
[SA11123] Macromedia Multiple Products Privilege Escalation
Vulnerability
[SA11117] Debian update for samba
[SA11115] Debian update for xitalk
[SA11114] xitalk Privilege Escalation Vulnerability
[SA11109] Debian update for Calife
[SA11107] Debian update for sysstat
[SA11106] Red Hat update for sysstat
[SA11105] Sysstat Insecure Temporary File Creation Vulnerability
[SA11137] Debian update for gdk-pixbuf
[SA11104] Red Hat update for nfs-utils
Other:
[SA11119] Novell Groupwise WebAccess Insecure Default Configuration
Cross Platform:
[SA11134] 4nAlbum Multiple Vulnerabilities
[SA11127] SPIP "forum.php3" PHP Code Injection Vulnerability
[SA11118] Oracle Web Cache Unspecified Client Request Handling
Vulnerabilities
[SA11111] cPanel Password Reset Command Injection Vulnerability
[SA11108] Unreal Engine Class Name Format String Vulnerability
[SA11145] Cisco Multiple Products OpenSSL Denial of Service
Vulnerability
[SA11141] Fizmez Web Server Connection Denial of Service Vulnerability
[SA11140] Mambo Cross Site Scripting and SQL Injection Vulnerabilities
[SA11139] OpenSSL SSL/TLS Handshake Denial of Service Vulnerabilities
[SA11138] mod_security POST Request Processing Off-By-One
Vulnerability
[SA11133] 4nGuestbook "x" Parameter SQL Injection and Cross-Site
Scripting
[SA11130] Sun Java System Application Server SOAP Request Denial of
Service
[SA11122] Pegasi Web Server Directory Traversal and Cross-Site
Scripting
[SA11121] phpBB SQL Injection and Cross Site Scripting Vulnerabilities
[SA11112] CFWebstore SQL Injection and Cross-Site Scripting
Vulnerabilities
[SA11126] HP Web Based Management Anonymous Certificate Upload
Vulnerability
[SA11142] vBulletin Cross-Site Scripting Vulnerabilities
[SA11135] PHP-Nuke Cross Site Scripting Vulnerabilities
[SA11128] YaBB / YaBB SE Formatting Tag Cross-Site Scripting
Vulnerability
[SA11110] Emumail Webmail Cross Site Scripting Vulnerability
========================================================================
5) Vulnerabilities Content Listing
Windows:--
[SA11159] GlobalSCAPE Secure FTP Server "SITE" Command Vulnerability
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2004-03-18
STORM has reported a vulnerability in GlobalSCAPE Secure FTP Server,
which can be exploited by malicious users to cause a DoS (Denial of
Service).
Full Advisory:
http://secunia.com/advisories/11159/
--
[SA11136] WS_FTP Pro Directory Listing Buffer Overflow Vulnerability
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2004-03-17
A vulnerability has been reported in WS_FTP Pro, which can be exploited
by malicious people to cause a DoS (Denial-of-Service) on the
application and potentially compromise a user's system.
Full Advisory:
http://secunia.com/advisories/11136/
--
[SA11132] Macromedia ColdFusion MX / JRun SOAP Request Denial of
Service
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2004-03-16
Amit Klein has discovered a vulnerability in ColdFusion MX and JRun,
which can be exploited by malicious people to cause a DoS
(Denial-of-Service).
Full Advisory:
http://secunia.com/advisories/11132/
--
[SA11120] AntiGen for Domino Encrypted Zip File Denial of Service
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2004-03-15
A vulnerability has been reported in AntiGen for Domino, which can be
exploited by malicious people to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/11120/
--
[SA11131] CA Unicenter TNG Daemons Buffer Overflow Vulnerabilities
Critical: Moderately critical
Where: From local network
Impact: System access
Released: 2004-03-16
Dave Aitel of Immunity has reported some vulnerabilities in CA
Unicenter TNG, which can be exploited by malicious people to compromise
a vulnerable system.
Full Advisory:
http://secunia.com/advisories/11131/
--
[SA11143] IBM Lotus Domino Server Quick Console Cross-Site Scripting
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2004-03-17
Dr_insane has reported a vulnerability in IBM Lotus Domino, which can
be exploited by malicious people to conduct cross-site scripting
attacks.
Full Advisory:
http://secunia.com/advisories/11143/
UNIX/Linux:--
[SA11124] cPanel Login Command Injection Vulnerability
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2004-03-15
Arab VieruZ has reported a vulnerability in cPanel, allowing malicious
people to execute certain system commands on a vulnerable system.
Full Advisory:
http://secunia.com/advisories/11124/
--
[SA11155] Red Hat update for Mozilla
Critical: Moderately critical
Where: From remote
Impact: Security Bypass, Cross Site Scripting, DoS, System access
Released: 2004-03-18
Red Hat has issued updated packages for mozilla, which fixes various
vulnerabilities.
Full Advisory:
http://secunia.com/advisories/11155/
--
[SA11154] OpenBSD update for OpenSSL
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2004-03-18
OpenBSD has issued a patch for OpenSSL. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS
(Denial-of-Service).
Full Advisory:
http://secunia.com/advisories/11154/
--
[SA11153] Gentoo update for OpenSSL
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2004-03-18
Gentoo has issued updated packages for OpenSSL. These fix three
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial-of-Service).
Full Advisory:
http://secunia.com/advisories/11153/
--
[SA11152] Slackware update for OpenSSL
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2004-03-18
Slackware has issued updated packages for OpenSSL. These fix two
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial-of-Service).
Full Advisory:
http://secunia.com/advisories/11152/
--
[SA11151] Debian update for OpenSSL
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2004-03-18
Debian has issued updated packages for OpenSSL. These fix two
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial-of-Service).
Full Advisory:
http://secunia.com/advisories/11151/
--
[SA11150] FreeBSD update for OpenSSL
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2004-03-18
FreeBSD has issued a patch for OpenSSL. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS
(Denial-of-Service).
Full Advisory:
http://secunia.com/advisories/11150/
--
[SA11149] Mandrake update for OpenSSL
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2004-03-18
MandrakeSoft has issued updated packages for OpenSSL. These fix two
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial-of-Service).
Full Advisory:
http://secunia.com/advisories/11149/
--
[SA11148] EnGarde update for OpenSSL
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2004-03-18
Guardian Digital has issued updated packages for OpenSSL. These fix two
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial-of-Service).
Full Advisory:
http://secunia.com/advisories/11148/
--
[SA11147] Red Hat update for OpenSSL
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2004-03-18
Red Hat has issued updated packages for OpenSSL. These fix three
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial-of-Service).
Full Advisory:
http://secunia.com/advisories/11147/
--
[SA11146] SuSE update for OpenSSL
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2004-03-18
SuSE has issued updated packages for OpenSSL. These fix two
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial-of-Service).
Full Advisory:
http://secunia.com/advisories/11146/
--
[SA11144] Red Hat update for OpenSSL
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2004-03-17
Red Hat has issued updated packages for OpenSSL. These fix two
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial-of-Service).
Full Advisory:
http://secunia.com/advisories/11144/
--
[SA11125] OpenPKG update for uudeview
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2004-03-15
OpenPKG has issued updated packages for uudeview. These fix a
vulnerability, which potentially can be exploited by malicious people
to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/11125/
--
[SA11103] Mandrake update for Mozilla
Critical: Moderately critical
Where: From remote
Impact: Security Bypass, Exposure of sensitive information, DoS,
System access
Released: 2004-03-11
MandrakeSoft has issued updated packages for Mozilla. These fix various
older vulnerabilities, which can be exploited by malicious people to
disclose users' proxy server credentials, bypass certain cookie path
restrictions, cause a DoS (Denial of Service), and potentially
compromise a user's system.
Full Advisory:
http://secunia.com/advisories/11103/
--
[SA11116] OpenBSD update for httpd
Critical: Less critical
Where: From remote
Impact: Security Bypass
Released: 2004-03-15
OpenBSD has issued patches for httpd. These fix a vulnerability, which
can be exploited by malicious people to bypass certain restrictions on
sparc64 systems.
Full Advisory:
http://secunia.com/advisories/11116/
--
[SA11113] Chaogic Systems vHost Unspecified Cross-Site Scripting
Vulnerability
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2004-03-12
An unspecified vulnerability has been reported in Chaogic Systems
vHost, which can be exploited by malicious people to conduct
cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/11113/
--
[SA11123] Macromedia Multiple Products Privilege Escalation
Vulnerability
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2004-03-15
Chris Irvine has discovered a vulnerability in Macromedia MX 2004
products, which can be exploited by malicious, local users to escalate
their privileges.
Full Advisory:
http://secunia.com/advisories/11123/
--
[SA11117] Debian update for samba
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2004-03-15
Debian has issued updated packages for Samba. These fix a
vulnerability, which can be exploited by malicious, local users to gain
escalated privileges.
Full Advisory:
http://secunia.com/advisories/11117/
--
[SA11115] Debian update for xitalk
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2004-03-12
Debian has issued updated packages for xitalk. These fix a
vulnerability, which can be exploited by malicious, local users to gain
group "utmp" privileges on a vulnerable system.
Full Advisory:
http://secunia.com/advisories/11115/
--
[SA11114] xitalk Privilege Escalation Vulnerability
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2004-03-12
Steve Kemp has reported a vulnerability in xitalk, which can be
exploited by malicious, local users to gain escalated privileges.
Full Advisory:
http://secunia.com/advisories/11114/
--
[SA11109] Debian update for Calife
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2004-03-12
Debian has issued updated packages for Calife. These fix a
vulnerability, which potentially can be exploited by malicious, local
users to escalate their privileges on a vulnerable system.
Full Advisory:
http://secunia.com/advisories/11109/
--
[SA11107] Debian update for sysstat
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2004-03-11
Debian has issued updated packages for sysstat. These fix a
vulnerability, which can be exploited by malicious, local users to gain
escalated privileges.
Full Advisory:
http://secunia.com/advisories/11107/
--
[SA11106] Red Hat update for sysstat
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2004-03-11
Red Hat has issued updated packages for sysstat. These fix a
vulnerability, allowing malicious local users to escalate their
privileges.
Full Advisory:
http://secunia.com/advisories/11106/
--
[SA11105] Sysstat Insecure Temporary File Creation Vulnerability
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2004-03-11
A vulnerability has been discovered in sysstat, which can be exploited
by malicious, local users to escalate their privileges.
Full Advisory:
http://secunia.com/advisories/11105/
--
[SA11137] Debian update for gdk-pixbuf
Critical: Not critical
Where: From remote
Impact: DoS
Released: 2004-03-16
Debian has issued updated packages for gdk-pixbuf. These fix a
vulnerability, which can be exploited by malicious people to crash
certain applications like Evolution on a vulnerable system.
Full Advisory:
http://secunia.com/advisories/11137/
--
[SA11104] Red Hat update for nfs-utils
Critical: Not critical
Where: From local network
Impact: DoS
Released: 2004-03-11
Red Hat has issued updated packages for nfs-utils. These fix a
vulnerability, which can be exploited by malicious people to crash
rpc.mountd.
Full Advisory:
http://secunia.com/advisories/11104/
Other:--
[SA11119] Novell Groupwise WebAccess Insecure Default Configuration
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2004-03-15
A security issue has been reported in GroupWise 6 and 6.5 WebAccess,
which potentially can be exploited by malicious people to gain
unauthorised access to a vulnerable server.
Full Advisory:
http://secunia.com/advisories/11119/
Cross Platform:--
[SA11134] 4nAlbum Multiple Vulnerabilities
Critical: Highly critical
Where: From remote
Impact: Cross Site Scripting, Manipulation of data, Exposure of
sensitive information, System access
Released: 2004-03-16
Janek Vind "waraxe" has reported some vulnerabilities in 4nAlbum, where
the most critical can be exploited by malicious people to compromise a
vulnerable system.
Full Advisory:
http://secunia.com/advisories/11134/
--
[SA11127] SPIP "forum.php3" PHP Code Injection Vulnerability
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2004-03-15
SIMON Baptiste has discovered a vulnerability in SPIP, allowing
malicious people to inject arbitrary PHP code.
Full Advisory:
http://secunia.com/advisories/11127/
--
[SA11118] Oracle Web Cache Unspecified Client Request Handling
Vulnerabilities
Critical: Highly critical
Where: From remote
Impact:
Released: 2004-03-15
Oracle has reported that multiple vulnerabilities have been discovered
in Oracle Web Cache.
Full Advisory:
http://secunia.com/advisories/11118/
--
[SA11111] cPanel Password Reset Command Injection Vulnerability
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2004-03-12
Arab VieruZ has discovered a vulnerability in cPanel, allowing
malicious people to execute certain system commands on a vulnerable
system.
Full Advisory:
http://secunia.com/advisories/11111/
--
[SA11108] Unreal Engine Class Name Format String Vulnerability
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2004-03-11
Luigi Auriemma has reported a vulnerability in the Unreal engine, which
can be exploited by malicious people to cause a DoS (Denial of Service)
and potentially compromise a vulnerable server.
Full Advisory:
http://secunia.com/advisories/11108/
--
[SA11145] Cisco Multiple Products OpenSSL Denial of Service
Vulnerability
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2004-03-17
Cisco has confirmed a vulnerability in various products, which can be
exploited by malicious people to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/11145/
--
[SA11141] Fizmez Web Server Connection Denial of Service Vulnerability
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2004-03-17
Donato Ferrante has reported a vulnerability in Fizmez Web Server,
which can be exploited by malicious people to cause a DoS
(Denial-of-Service).
Full Advisory:
http://secunia.com/advisories/11141/
--
[SA11140] Mambo Cross Site Scripting and SQL Injection Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Exposure of system information, Exposure of sensitive
information, Manipulation of data, Cross Site Scripting
Released: 2004-03-17
JeiAr has discovered some vulnerabilities in Mambo, allowing malicious
people to conduct SQL injection and Cross Site Scripting attacks.
Full Advisory:
http://secunia.com/advisories/11140/
--
[SA11139] OpenSSL SSL/TLS Handshake Denial of Service Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2004-03-17
Three vulnerabilities have been discovered in OpenSSL, which can be
exploited by malicious people to cause a DoS (Denial-of-Service).
Full Advisory:
http://secunia.com/advisories/11139/
--
[SA11138] mod_security POST Request Processing Off-By-One
Vulnerability
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2004-03-17
Evgeny Legerov has discovered a vulnerability in mod_security, which
can be exploited by malicious people to cause a DoS (Denial-of-Service)
and potentially compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/11138/
--
[SA11133] 4nGuestbook "x" Parameter SQL Injection and Cross-Site
Scripting
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2004-03-16
Janek Vind "waraxe" has reported a vulnerability in 4nGuestbook,
allowing malicious people to conduct SQL injection and Cross Site
Scripting attacks.
Full Advisory:
http://secunia.com/advisories/11133/
--
[SA11130] Sun Java System Application Server SOAP Request Denial of
Service
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2004-03-16
Amit Klein has discovered a vulnerability in Sun Java System
Application Server, which can be exploited by malicious people to cause
a DoS (Denial-of-Service).
Full Advisory:
http://secunia.com/advisories/11130/
--
[SA11122] Pegasi Web Server Directory Traversal and Cross-Site
Scripting
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting, Exposure of system information,
Exposure of sensitive information
Released: 2004-03-15
Donato Ferrante has discovered some vulnerabilities in Pegasi Web
Server, which can be exploited to conduct cross-site scripting and
directory traversal attacks.
Full Advisory:
http://secunia.com/advisories/11122/
--
[SA11121] phpBB SQL Injection and Cross Site Scripting Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting, Manipulation of data
Released: 2004-03-15
Some vulnerabilities have been reported in phpBB, allowing malicious
people to conduct Cross Site Scripting and SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/11121/
--
[SA11112] CFWebstore SQL Injection and Cross-Site Scripting
Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Security Bypass, Cross Site Scripting, Manipulation of
data, Exposure of system information, Exposure of sensitive
information
Released: 2004-03-12
Nick Gudov has reported some vulnerabilities in CFWebstore, which can
be exploited by malicious people to conduct cross-site scripting and
SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/11112/
--
[SA11126] HP Web Based Management Anonymous Certificate Upload
Vulnerability
Critical: Moderately critical
Where: From local network
Impact: System access
Released: 2004-03-15
Dave Aitel has discovered a vulnerability in HP HTTP server, allowing
malicious people to gain access to administrative functions.
Full Advisory:
http://secunia.com/advisories/11126/
--
[SA11142] vBulletin Cross-Site Scripting Vulnerabilities
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2004-03-17
JeiAr has reported some vulnerabilities in vBulletin, which can be
exploited by malicious people to conduct cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/11142/
--
[SA11135] PHP-Nuke Cross Site Scripting Vulnerabilities
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2004-03-16
Janek Vind "waraxe" has reported some vulnerabilities in PHP-Nuke,
allowing malicious people to conduct Cross Site Scripting attacks.
Full Advisory:
http://secunia.com/advisories/11135/
--
[SA11128] YaBB / YaBB SE Formatting Tag Cross-Site Scripting
Vulnerability
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2004-03-16
Cheng Peng Su has reported a vulnerability in YaBB and YaBB SE,
allowing malicious people to conduct cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/11128/
--
[SA11110] Emumail Webmail Cross Site Scripting Vulnerability
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting, Exposure of sensitive information
Released: 2004-03-12
Dr_insane has reported some vulnerabilities in Emumail Webmail,
allowing malicious people to conduct Cross Site Scripting attacks and
see the installation path.
Full Advisory:
http://secunia.com/advisories/11110/
========================================================================
Secunia recommends that you verify all advisories you receive,
by clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only use
those supplied by the vendor.
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Subscribe:
http://secunia.com/secunia_weekly_summary/
Contact details:
Web : http://secunia.com/
E-mail : support@private
Tel : +45 70 20 51 44
Fax : +45 70 20 51 45
========================================================================
-
ISN is currently hosted by Attrition.org
To unsubscribe email majordomo@private with 'unsubscribe isn'
in the BODY of the mail.
This archive was generated by hypermail 2b30 : Fri Mar 19 2004 - 06:24:28 PST