[ISN] Secunia Weekly Summary - Issue: 2004-27

From: InfoSec News (isn@private)
Date: Fri Jul 02 2004 - 05:35:25 PDT

  • Next message: InfoSec News: "[ISN] Military clashes with Coca-Cola over electronics used in promotion"

    ========================================================================
    
                      The Secunia Weekly Advisory Summary                  
                            2004-06-24 - 2004-07-01                        
    
                           This week : 42 advisories                       
    
    ========================================================================
    Table of Contents:
    
    1.....................................................Word From Secunia
    2....................................................This Week In Brief
    3...............................This Weeks Top Ten Most Read Advisories
    4.......................................Vulnerabilities Summary Listing
    5.......................................Vulnerabilities Content Listing
    
    ========================================================================
    1) Word From Secunia:
    
    New Features at Secunia.com
    
    
    Secunia has implemented various statistical features at the websites
    for both Secunia advisories and Virus Information.
    
    Secunia Advisories Statistics:
    http://secunia.com/advisory_statistics/
    
    Examples of Specific Product Statistics:
    http://secunia.com/product/11/ (Internet Explorer 6)
    http://secunia.com/product/761/ (Opera 7.x)
    http://secunia.com/product/1480/ (Mozilla 1.3)
    
    Secunia Virus Information Statistics:
    http://secunia.com/virus_statistics/
    
    
    Furthermore, Secunia has made it possible for you to include all graphs
    available at secunia.com on your own website.
    
    This is described in detail at:
    http://secunia.com/secunia_image_inclusion/
    
    
    ========================================================================
    2) This Week in Brief:
    
    
    ADVISORIES:
    
    Multiple browser have been proven vulnerable to a 6 year old
    vulnerability, which can be exploited by malicious people to inject
    information into other sites' frameset.
    
    The vulnerability was first reported (and corrected) in Internet
    Explorer 3 and 4 back in 1998. However, during the past week Internet
    Explorer 6.0 was proven vulnerable to this issue again.
    
    After this information surfaced, several other people reported to
    Secunia that many other browsers also are affected by this.
    
    Secunia has therefore constructed a test for this issue, allowing you
    to check your own browser. A link for the test can be found in the
    Secunia advisories below.
    
    Reference:
    http://secunia.com/SA11966
    http://secunia.com/SA11978
    
    
    VIRUS ALERTS:
    
    During the last week, Secunia issued two MEDIUM RISK virus alerts.
    Please refer to the grouped virus profile below for more information:
    
    Bagle.x!proxy - MEDIUM RISK Virus Alert - 2004-07-01 05:35 GMT+1
    http://secunia.com/virus_information/8675/bagle.xproxy/
    
    Korgo.T - MEDIUM RISK Virus Alert - 2004-06-27 14:46 GMT+1
    http://secunia.com/virus_information/10230/korgo.t/
    
    
    ========================================================================
    3) This Weeks Top Ten Most Read Advisories:
    
    1.  [SA11793] Internet Explorer Local Resource Access and Cross-Zone
                  Scripting Vulnerabilities
    2.  [SA11900] Unreal Engine "secure" Query Buffer Overflow
                  Vulnerability
    3.  [SA11966] Internet Explorer Frame Injection Vulnerability
    4.  [SA11956] Apache Input Header Folding Denial of Service
                  Vulnerability
    5.  [SA11925] Lotus Domino/Notes Cross-Site Scripting and Arbitrary
                  Code Execution
    6.  [SA11072] IBM Access Support ActiveX Controls Various Insecure
                  Methods
    7.  [SA11830] Internet Explorer Security Zone Bypass and Address Bar
                  Spoofing Vulnerability
    8.  [SA11928] php-exec-dir Command Execution Bypass Vulnerability
    9.  [SA11622] Mac OS X URI Handler Arbitrary Code Execution
    10. [SA10395] Internet Explorer URL Spoofing Vulnerability
    
    ========================================================================
    4) Vulnerabilities Summary Listing
    
    Windows:
    [SA11966] Internet Explorer Frame Injection Vulnerability
    [SA11951] Cart32 "GetLatestBuilds" Cross-Site Scripting Vulnerability
    
    UNIX/Linux:
    [SA11971] HP-UX Netscape Multiple Vulnerabilities
    [SA11968] Mandrake update for apache
    [SA11946] Debian update for apache
    [SA11945] MPlayer GUI Filename Handling Buffer Overflow Vulnerability
    [SA11976] Gentoo update for pavuk
    [SA11975] Pavuk HTTP "Location:" Header Processing Buffer Overflow
    Vulnerability
    [SA11973] Gentoo update for krb5
    [SA11962] Fedora update for ipsec-tools
    [SA11954] artmedic links "id" Parameter Arbitrary File Reading
    Vulnerability
    [SA11953] Confixx "/root" Directory Information Disclosure
    Vulnerability
    [SA11949] Gentoo update for freeswan/openswan/strongswan
    [SA11948] Various Products X.509 Certificate Validation Vulnerability
    [SA11969] HP-UX Object Action Manager WebAdmin Vulnerability
    [SA11967] Mandrake update for apache2
    [SA11942] Gentoo update for gift-fasttrack
    [SA11941] giFT-FastTrack Unspecified Denial of Service Vulnerability
    [SA11937] vBulletin "newreply.php" Cross-Site Scripting Vulnerability
    [SA11955] HP Tru64 UNIX DCE RPC Buffer Overflow Vulnerability
    [SA11939] Gentoo update for gzip
    [SA11938] Fedora update for kernel
    [SA11936] Red Hat Linux Broadcom 5820 Cryptonet Driver Integer
    Overflow
    [SA11935] Sun StorEdge ESM Unspecified Privilege Escalation
    Vulnerability
    [SA11977] popclient "POP3_readmsg()" Off-By-One Buffer Overflow
    Vulnerability
    [SA11970] HP-UX ARPA Transport Unspecified Denial of Service
    Vulnerability
    [SA11940] Sun Solaris Kerberos Client Clear Text Password Logging
    
    Other:
    [SA11950] Juniper JUNOS Packet Forwarding Engine IPv6 Denial of
    Service
    [SA11963] D-Link DI-614+ DHCP Request Flooding Denial of Service
    [SA11961] D-Link DI-614+ DHCP Service "LEASETIME" Option Denial of
    Service
    
    Cross Platform:
    [SA11957] IBM HTTP Server mod_proxy "Content-Length:" Header Buffer
    Overflow
    [SA11978] Multiple Browsers Frame Injection Vulnerability
    [SA11974] phpMyAdmin Configuration Manipulation and Code Injection
    [SA11960] PowerPortal Multiple Vulnerabilities
    [SA11959] BEA WebLogic Role Interpretation Security Issue
    [SA11958] BEA WebLogic Crystal Reports Web Viewer Directory Traversal
    Vulnerability
    [SA11952] Help Desk Pro Login Validation SQL Injection Vulnerability
    [SA11947] Infinity WEB Login Validation SQL Injection Vulnerability
    [SA11944] phpmyfamily User Authentication Bypass Vulnerability
    [SA11964] CuteNews "id" Parameter Cross Site Scripting Vulnerabilities
    [SA11956] Apache Input Header Folding Denial of Service Vulnerability
    [SA11965] csFAQ "database" Parameter Path Disclosure
    
    ========================================================================
    5) Vulnerabilities Content Listing
    
    Windows:--
    
    [SA11966] Internet Explorer Frame Injection Vulnerability
    
    Critical:    Moderately critical
    Where:       From remote
    Impact:      Spoofing
    Released:    2004-06-30
    
    Mark Laurence has discovered a 6 year old vulnerability in Microsoft
    Internet Explorer, allowing malicious people to spoof the content of
    websites.
    
    Full Advisory:
    http://secunia.com/advisories/11966/
    
     --
    
    [SA11951] Cart32 "GetLatestBuilds" Cross-Site Scripting Vulnerability
    
    Critical:    Less critical
    Where:       From remote
    Impact:      Cross Site Scripting
    Released:    2004-06-29
    
    Dr Ponidi has reported a vulnerability in Cart32, which can be
    exploited by malicious people to conduct cross-site scripting attacks.
    
    Full Advisory:
    http://secunia.com/advisories/11951/
    
    
    UNIX/Linux:--
    
    [SA11971] HP-UX Netscape Multiple Vulnerabilities
    
    Critical:    Highly critical
    Where:       From remote
    Impact:      Exposure of system information, Exposure of sensitive
    information, DoS, System access
    Released:    2004-06-30
    
    HP has acknowledged multiple vulnerabilities in Netscape for HP-UX,
    which potentially can be exploited by malicious people to cause a DoS
    (Denial of Service), gain knowledge of sensitive information, or
    compromise a user's system.
    
    Full Advisory:
    http://secunia.com/advisories/11971/
    
     --
    
    [SA11968] Mandrake update for apache
    
    Critical:    Highly critical
    Where:       From remote
    Impact:      System access, DoS
    Released:    2004-06-30
    
    MandrakeSoft has issued an update for apache. This fixes a
    vulnerability, which can be exploited by malicious people to cause a
    DoS (Denial of Service) and potentially compromise a vulnerable
    system.
    
    Full Advisory:
    http://secunia.com/advisories/11968/
    
     --
    
    [SA11946] Debian update for apache
    
    Critical:    Highly critical
    Where:       From remote
    Impact:      DoS, System access
    Released:    2004-06-28
    
    Debian has issued an update for apache. This fixes a vulnerability,
    which can be exploited by malicious people to cause a DoS (Denial of
    Service) and potentially compromise a vulnerable system.
    
    Full Advisory:
    http://secunia.com/advisories/11946/
    
     --
    
    [SA11945] MPlayer GUI Filename Handling Buffer Overflow Vulnerability
    
    Critical:    Highly critical
    Where:       From remote
    Impact:      System access
    Released:    2004-06-29
    
    c0ntex has reported a vulnerability in MPlayer, which can be exploited
    by malicious people to compromise a user's system.
    
    Full Advisory:
    http://secunia.com/advisories/11945/
    
     --
    
    [SA11976] Gentoo update for pavuk
    
    Critical:    Moderately critical
    Where:       From remote
    Impact:      System access
    Released:    2004-06-30
    
    Gentoo has issued an update for pavuk. This fixes a vulnerability,
    which can be exploited by malicious people to compromise a vulnerable
    system.
    
    Full Advisory:
    http://secunia.com/advisories/11976/
    
     --
    
    [SA11975] Pavuk HTTP "Location:" Header Processing Buffer Overflow
    Vulnerability
    
    Critical:    Moderately critical
    Where:       From remote
    Impact:      System access
    Released:    2004-06-30
    
    A vulnerability has been reported in Pavuk, which can be exploited by
    malicious people to compromise a vulnerable system.
    
    Full Advisory:
    http://secunia.com/advisories/11975/
    
     --
    
    [SA11973] Gentoo update for krb5
    
    Critical:    Moderately critical
    Where:       From remote
    Impact:      System access
    Released:    2004-06-30
    
    Gentoo has issued an update for krb5. This fixes some vulnerabilities,
    which can be exploited by malicious users to compromise a vulnerable
    system.
    
    Full Advisory:
    http://secunia.com/advisories/11973/
    
     --
    
    [SA11962] Fedora update for ipsec-tools
    
    Critical:    Moderately critical
    Where:       From remote
    Impact:      Security Bypass
    Released:    2004-06-29
    
    Fedora has issued an update for ipsec-tools. This fixes a
    vulnerability, which potentially can be exploited by malicious people
    to bypass certain security restrictions.
    
    Full Advisory:
    http://secunia.com/advisories/11962/
    
     --
    
    [SA11954] artmedic links "id" Parameter Arbitrary File Reading
    Vulnerability
    
    Critical:    Moderately critical
    Where:       From remote
    Impact:      Exposure of system information, Exposure of sensitive
    information
    Released:    2004-06-28
    
    Adam Simuntis has reported a vulnerability in artmedic links, allowing
    malicious people to disclose the content of arbitrary files.
    
    Full Advisory:
    http://secunia.com/advisories/11954/
    
     --
    
    [SA11953] Confixx "/root" Directory Information Disclosure
    Vulnerability
    
    Critical:    Moderately critical
    Where:       From remote
    Impact:      Exposure of system information, Exposure of sensitive
    information
    Released:    2004-06-28
    
    Dirk Pirschel has reported a vulnerability in Confixx, which
    potentially can be exploited by malicious users to gain knowledge of
    sensitive information.
    
    Full Advisory:
    http://secunia.com/advisories/11953/
    
     --
    
    [SA11949] Gentoo update for freeswan/openswan/strongswan
    
    Critical:    Moderately critical
    Where:       From remote
    Impact:      Security Bypass, DoS
    Released:    2004-06-28
    
    Gentoo has issued updates for freeswan/openswan/strongswan. These fix a
    vulnerability, which can be exploited by malicious people to cause a
    DoS (Denial of Service) or bypass certain security restrictions.
    
    Full Advisory:
    http://secunia.com/advisories/11949/
    
     --
    
    [SA11948] Various Products X.509 Certificate Validation Vulnerability
    
    Critical:    Moderately critical
    Where:       From remote
    Impact:      Security Bypass, DoS
    Released:    2004-06-28
    
    Thomas Walpuski has reported a vulnerability in strongSwan, Openswan,
    and FreeS/WAN, which potentially can be exploited by malicious people
    to bypass certain security restrictions.
    
    Full Advisory:
    http://secunia.com/advisories/11948/
    
     --
    
    [SA11969] HP-UX Object Action Manager WebAdmin Vulnerability
    
    Critical:    Moderately critical
    Where:       From local network
    Impact:      System access
    Released:    2004-06-30
    
    HP has acknowledged a vulnerability in HP-UX, which potentially can be
    exploited by malicious people to compromise a vulnerable system.
    
    Full Advisory:
    http://secunia.com/advisories/11969/
    
     --
    
    [SA11967] Mandrake update for apache2
    
    Critical:    Less critical
    Where:       From remote
    Impact:      DoS
    Released:    2004-06-30
    
    MandrakeSoft has issued an update for apache2. This fixes a
    vulnerability, which can be exploited by malicious people to cause a
    DoS (Denial of Service).
    
    Full Advisory:
    http://secunia.com/advisories/11967/
    
     --
    
    [SA11942] Gentoo update for gift-fasttrack
    
    Critical:    Less critical
    Where:       From remote
    Impact:      DoS
    Released:    2004-06-25
    
    Gentoo has issued an update for gift-fasttrack. This fixes a
    vulnerability, which can be exploited by malicious people to cause a
    DoS (Denial of Service).
    
    Full Advisory:
    http://secunia.com/advisories/11942/
    
     --
    
    [SA11941] giFT-FastTrack Unspecified Denial of Service Vulnerability
    
    Critical:    Less critical
    Where:       From remote
    Impact:      DoS
    Released:    2004-06-25
    
    Alan Fitton has discovered a vulnerability in giFT-FastTrack, allowing
    malicious people to cause a DoS (Denial of Service).
    
    Full Advisory:
    http://secunia.com/advisories/11941/
    
     --
    
    [SA11937] vBulletin "newreply.php" Cross-Site Scripting Vulnerability
    
    Critical:    Less critical
    Where:       From remote
    Impact:      Cross Site Scripting
    Released:    2004-06-25
    
    Cheng Peng Su has reported a vulnerability in vBulletin, allowing
    malicious people to conduct cross-site scripting attacks.
    
    Full Advisory:
    http://secunia.com/advisories/11937/
    
     --
    
    [SA11955] HP Tru64 UNIX DCE RPC Buffer Overflow Vulnerability
    
    Critical:    Less critical
    Where:       From local network
    Impact:      DoS
    Released:    2004-06-28
    
    A vulnerability has been reported in DCE/DFS for Tru64 UNIX, which can
    be exploited by malicious people to cause a DoS (Denial of Service).
    
    Full Advisory:
    http://secunia.com/advisories/11955/
    
     --
    
    [SA11939] Gentoo update for gzip
    
    Critical:    Less critical
    Where:       Local system
    Impact:      Privilege escalation
    Released:    2004-06-25
    
    Gentoo has issued an update for gzip. This fixes two vulnerabilities,
    which can be exploited by malicious, local users to escalate their
    privileges on a vulnerable system.
    
    Full Advisory:
    http://secunia.com/advisories/11939/
    
     --
    
    [SA11938] Fedora update for kernel
    
    Critical:    Less critical
    Where:       Local system
    Impact:      Exposure of sensitive information, Privilege escalation,
    DoS
    Released:    2004-06-25
    
    Fedora as issued an update for the kernel. This fixes various
    vulnerabilities, which can be exploited by malicious, local users to
    cause a DoS (Denial of Service), gain knowledge of sensitive
    information, or gain escalated privileges.
    
    Full Advisory:
    http://secunia.com/advisories/11938/
    
     --
    
    [SA11936] Red Hat Linux Broadcom 5820 Cryptonet Driver Integer
    Overflow
    
    Critical:    Less critical
    Where:       Local system
    Impact:      Privilege escalation, DoS
    Released:    2004-06-24
    
    infamous41md has reported a vulnerability in the Broadcom 5820
    Cryptonet driver included with Red Hat Linux. This can potentially be
    exploited by malicious, local users to cause a DoS (Denial of Service)
    or gain escalated privileges.
    
    Full Advisory:
    http://secunia.com/advisories/11936/
    
     --
    
    [SA11935] Sun StorEdge ESM Unspecified Privilege Escalation
    Vulnerability
    
    Critical:    Less critical
    Where:       Local system
    Impact:      Privilege escalation
    Released:    2004-06-24
    
    An unspecified vulnerability has been discovered in Sun StorEdge
    Enterprise Storage Manager, which can be exploited by malicious, local
    users to gain root privileges.
    
    Full Advisory:
    http://secunia.com/advisories/11935/
    
     --
    
    [SA11977] popclient "POP3_readmsg()" Off-By-One Buffer Overflow
    Vulnerability
    
    Critical:    Not critical
    Where:       From remote
    Impact:      DoS
    Released:    2004-06-30
    
    A vulnerability has been reported in popclient, which can be exploited
    by malicious people to cause a DoS (Denial of Service).
    
    Full Advisory:
    http://secunia.com/advisories/11977/
    
     --
    
    [SA11970] HP-UX ARPA Transport Unspecified Denial of Service
    Vulnerability
    
    Critical:    Not critical
    Where:       Local system
    Impact:      DoS
    Released:    2004-06-30
    
    A vulnerability has been discovered in HP-UX, which can be exploited by
    malicious, local users to cause a DoS (Denial of Service).
    
    Full Advisory:
    http://secunia.com/advisories/11970/
    
     --
    
    [SA11940] Sun Solaris Kerberos Client Clear Text Password Logging
    
    Critical:    Not critical
    Where:       Local system
    Impact:      Exposure of sensitive information
    Released:    2004-06-25
    
    A security issue has been discovered in Sun Solaris, which may disclose
    sensitive information to users.
    
    Full Advisory:
    http://secunia.com/advisories/11940/
    
    
    Other:--
    
    [SA11950] Juniper JUNOS Packet Forwarding Engine IPv6 Denial of
    Service
    
    Critical:    Moderately critical
    Where:       From remote
    Impact:      DoS
    Released:    2004-06-30
    
    A vulnerability has been discovered in Juniper JUNOS, which can be
    exploited by malicious people to cause a DoS (Denial of Service).
    
    Full Advisory:
    http://secunia.com/advisories/11950/
    
     --
    
    [SA11963] D-Link DI-614+ DHCP Request Flooding Denial of Service
    
    Critical:    Less critical
    Where:       From local network
    Impact:      DoS
    Released:    2004-06-29
    
    Gregory Duchemin has reported a vulnerability in D-Link 614+, which can
    be exploited by malicious people to cause a DoS (Denial of Service).
    
    Full Advisory:
    http://secunia.com/advisories/11963/
    
     --
    
    [SA11961] D-Link DI-614+ DHCP Service "LEASETIME" Option Denial of
    Service
    
    Critical:    Less critical
    Where:       From local network
    Impact:      DoS
    Released:    2004-06-30
    
    Gregory Duchemin has reported a vulnerability in D-Link DI-614+, which
    can be exploited by malicious people to cause a DoS (Denial of
    Service).
    
    Full Advisory:
    http://secunia.com/advisories/11961/
    
    
    Cross Platform:--
    
    [SA11957] IBM HTTP Server mod_proxy "Content-Length:" Header Buffer
    Overflow
    
    Critical:    Highly critical
    Where:       From remote
    Impact:      DoS, System access
    Released:    2004-06-29
    
    IBM has acknowledged a vulnerability in IBM HTTP Server, which can be
    exploited by malicious people to cause a DoS (Denial of Service) and
    potentially compromise a vulnerable system.
    
    Full Advisory:
    http://secunia.com/advisories/11957/
    
     --
    
    [SA11978] Multiple Browsers Frame Injection Vulnerability
    
    Critical:    Moderately critical
    Where:       From remote
    Impact:      Spoofing
    Released:    2004-07-01
    
    A 6 year old vulnerability has been discovered in multiple browsers,
    allowing malicious people to spoof the content of websites.
    
    Full Advisory:
    http://secunia.com/advisories/11978/
    
     --
    
    [SA11974] phpMyAdmin Configuration Manipulation and Code Injection
    
    Critical:    Moderately critical
    Where:       From remote
    Impact:      Security Bypass, System access
    Released:    2004-06-30
    
    Nasir Simbolon has reported two vulnerabilities in phpMyAdmin, allowing
    malicious people to manipulate certain configuration settings and
    inject arbitrary code.
    
    Full Advisory:
    http://secunia.com/advisories/11974/
    
     --
    
    [SA11960] PowerPortal Multiple Vulnerabilities
    
    Critical:    Moderately critical
    Where:       From remote
    Impact:      Cross Site Scripting, Exposure of system information,
    Exposure of sensitive information
    Released:    2004-06-29
    
    DarkBicho has reported some vulnerabilities in PowerPortal, potentially
    allowing malicious people to reveal sensitive information and conduct
    cross-site scripting attacks.
    
    Full Advisory:
    http://secunia.com/advisories/11960/
    
     --
    
    [SA11959] BEA WebLogic Role Interpretation Security Issue
    
    Critical:    Moderately critical
    Where:       From remote
    Impact:      Security Bypass
    Released:    2004-06-29
    
    A security issue has been discovered in BEA WebLogic, potentially
    allowing unauthorised users to access affected web applications.
    
    Full Advisory:
    http://secunia.com/advisories/11959/
    
     --
    
    [SA11958] BEA WebLogic Crystal Reports Web Viewer Directory Traversal
    Vulnerability
    
    Critical:    Moderately critical
    Where:       From remote
    Impact:      DoS, Exposure of sensitive information, Exposure of system
    information
    Released:    2004-06-29
    
    A vulnerability has been discovered in BEA WebLogic, allowing malicious
    people to disclose the content of arbitrary files or delete these.
    
    Full Advisory:
    http://secunia.com/advisories/11958/
    
     --
    
    [SA11952] Help Desk Pro Login Validation SQL Injection Vulnerability
    
    Critical:    Moderately critical
    Where:       From remote
    Impact:      Manipulation of data
    Released:    2004-06-28
    
    D'Amato Luigi has reported a vulnerability in Help Desk Pro, allowing
    malicious people to conduct SQL injection attacks.
    
    Full Advisory:
    http://secunia.com/advisories/11952/
    
     --
    
    [SA11947] Infinity WEB Login Validation SQL Injection Vulnerability
    
    Critical:    Moderately critical
    Where:       From remote
    Impact:      Manipulation of data
    Released:    2004-06-28
    
    D'Amato Luigi has reported a vulnerability in Infinity WEB, allowing
    malicious people to conduct SQL injection attacks.
    
    Full Advisory:
    http://secunia.com/advisories/11947/
    
     --
    
    [SA11944] phpmyfamily User Authentication Bypass Vulnerability
    
    Critical:    Moderately critical
    Where:       From remote
    Impact:      Security Bypass
    Released:    2004-06-28
    
    Valerie Holfield has discovered a vulnerability in phpmyfamily, which
    can be exploited by malicious people to gain edit privileges.
    
    Full Advisory:
    http://secunia.com/advisories/11944/
    
     --
    
    [SA11964] CuteNews "id" Parameter Cross Site Scripting Vulnerabilities
    
    Critical:    Less critical
    Where:       From remote
    Impact:      Cross Site Scripting
    Released:    2004-06-29
    
    DarkBicho has reported some vulnerabilities in CuteNews, potentially
    allowing malicious people to conduct cross-site scripting attacks.
    
    Full Advisory:
    http://secunia.com/advisories/11964/
    
     --
    
    [SA11956] Apache Input Header Folding Denial of Service Vulnerability
    
    Critical:    Less critical
    Where:       From remote
    Impact:      DoS
    Released:    2004-06-28
    
    Georgi Guninski has reported a vulnerability in Apache httpd, which can
    be exploited by malicious people to cause a DoS (Denial of Service).
    
    Full Advisory:
    http://secunia.com/advisories/11956/
    
     --
    
    [SA11965] csFAQ "database" Parameter Path Disclosure
    
    Critical:    Not critical
    Where:       From remote
    Impact:      Exposure of system information
    Released:    2004-06-30
    
    DarkBicho has reported a weakness in csFAQ, allowing malicious people
    to see the installation path.
    
    Full Advisory:
    http://secunia.com/advisories/11965/
    
    
    
    ========================================================================
    
    Secunia recommends that you verify all advisories you receive,
    by clicking the link.
    Secunia NEVER sends attached files with advisories.
    Secunia does not advise people to install third party patches, only use
    those supplied by the vendor.
    
    Definitions: (Criticality, Where etc.)
    http://secunia.com/about_secunia_advisories/
    
    Subscribe:
    http://secunia.com/secunia_weekly_summary/
    
    Contact details:
    Web	: http://secunia.com/
    E-mail	: support@private
    Tel	: +45 70 20 51 44
    Fax	: +45 70 20 51 45
    
    ========================================================================
    
    
    
    _________________________________________
    Help InfoSec News with a donation: http://www.c4i.org/donation.html
    



    This archive was generated by hypermail 2b30 : Fri Jul 02 2004 - 06:31:11 PDT