[ISN] Secunia Weekly Summary - Issue: 2004-32

From: InfoSec News (isn@private)
Date: Fri Aug 06 2004 - 05:16:48 PDT


========================================================================

                  The Secunia Weekly Advisory Summary                  
                        2004-07-30 - 2004-08-06                        

                       This week : 49 advisories                       

========================================================================
Table of Contents:

1.....................................................Word From Secunia
2....................................................This Week In Brief
3...............................This Weeks Top Ten Most Read Advisories
4.......................................Vulnerabilities Summary Listing
5.......................................Vulnerabilities Content Listing

========================================================================
1) Word From Secunia:

New Features at Secunia.com


Secunia has implemented various statistical features at the websites
for both Secunia advisories and Virus Information.

Secunia Advisories Statistics:
http://secunia.com/advisory_statistics/

Examples of Specific Product Statistics:
http://secunia.com/product/11/ (Internet Explorer 6)
http://secunia.com/product/761/ (Opera 7.x)
http://secunia.com/product/1480/ (Mozilla 1.3)

Secunia Virus Information Statistics:
http://secunia.com/virus_statistics/


Furthermore, Secunia has made it possible for you to include all graphs
available at secunia.com on your own website.

This is described in detail at:
http://secunia.com/secunia_image_inclusion/


========================================================================
2) This Week in Brief:

ADVISORIES:

Chris Evans has discovered multiple vulnerabilities in the very widely
used image library libpng. Some of these vulnerabilities could be
exploited to compromise a vulnerable system. 

Many Linux distributions have already issued updated packages, and some
standalone programs have also issued new versions to address the
vulnerabilities.

Please refer to Secunia.com for further information on updated
distributions and programs.

Reference:
http://secunia.com/SA12219

--

Microsoft issued a very rare "out-of-cycle" patch for Internet
Explorer addressing three vulnerabilities, which all could be
exploited to compromise a user's system.

Among the addressed vulnerabilities, there is also a fix for an older
vulnerability that has actively been used by attackers to compromise
users' systems and install e.g. adware.

Reference:
http://secunia.com/SA12192

--

Mozilla / Mozilla Firefox is vulnerable to a very sophisticated
spoofing issue using XUL (XML User Interface Language), which could be
exploited to spoof the whole user interface (including tool bars, SSL
certificate dialogs, address bar and more).

Reference:
http://secunia.com/SA12188


VIRUS ALERTS:

Secunia has not issued any virus alerts during the last week.


========================================================================
3) This Weeks Top Ten Most Read Advisories:

1.  [SA12188] Mozilla / Mozilla Firefox User Interface Spoofing
              Vulnerability
2.  [SA12192] Microsoft Internet Explorer Multiple Vulnerabilities
3.  [SA12048] Microsoft Internet Explorer Multiple Vulnerabilities
4.  [SA11978] Multiple Browsers Frame Injection Vulnerability
5.  [SA11793] Internet Explorer Local Resource Access and Cross-Zone
              Scripting Vulnerabilities
6.  [SA12204] Mozilla / Netscape SOAPParameter Integer Overflow
              Vulnerability
7.  [SA12160] Mozilla / Mozilla Firefox "onunload" SSL Certificate
              Spoofing
8.  [SA12212] PuTTY Authentication Process Buffer Overflow
              Vulnerabilities
9.  [SA12219] libpng Multiple Vulnerabilities 
10. [SA10856] Mozilla Multiple Vulnerabilities

========================================================================
4) Vulnerabilities Summary Listing

Windows:
[SA12218] MailEnable Professional HTTPMail "Content-Length:" Buffer
Overflow Vulnerability
[SA12203] BlackJumboDog FTP Commands Buffer Overflow Vulnerability
[SA12192] Microsoft Internet Explorer Multiple Vulnerabilities
[SA12183] Comersus SQL Injection and Cross-Site Scripting
Vulnerabilities
[SA12217] StackDefender Invalid Pointer Dereference Denial of Service
Vulnerabilities
[SA12199] Webcam Watchdog "sresult.exe" Cross-Site Scripting
Vulnerability

UNIX/Linux:
[SA12234] Red Hat update for mozilla
[SA12228] Gentoo update for libpng
[SA12225] Red Hat update for libpng
[SA12223] Fedora update for libpng
[SA12222] SuSE update for libpng
[SA12221] Debian update for libpng
[SA12220] Mandrake update for libpng
[SA12219] libpng Multiple Vulnerabilities
[SA12197] Citadel/UX "USER" Command Buffer Overflow Vulnerability
[SA12229] Red Hat update for glibc
[SA12224] Gentoo update for courier
[SA12213] Gentoo update for putty
[SA12202] Horde IMP Script Insertion Vulnerability
[SA12201] ripMIME Attachment Extraction Bypass
[SA12195] Debian update for squirrelmail
[SA12193] SCO OpenServer update for OpenSSL
[SA12191] DansGuardian Banned Extension Filter Bypass Vulnerability
[SA12186] Gentoo update for phpMyAdmin
[SA12185] Red Hat update for ipsec-tools
[SA12184] Red Hat update for SoX
[SA12182] Mandrake update for wv
[SA12216] SGI IRIX CDE Multiple Vulnerabilities
[SA12215] Fedora update for kernel
[SA12214] DGen Insecure Temporary File Creation Vulnerability
[SA12211] Red Hat update for kernel
[SA12210] Linux Kernel File Offset Pointer Handling Memory Disclosure
Vulnerability
[SA12196] UnixWare / Open UNIX Xsco Buffer Overflow Vulnerabilities
[SA12187] OpenServer uudecode Insecure Temporary File Creation
Vulnerability
[SA12205] Oracle9i Application Server Privilege Escalation Issue

Other:
[SA12208] NetScreen ScreenOS SSHv1 Denial of Service Vulnerability
[SA12207] U.S. Robotics Wireless Access Point Denial of Service

Cross Platform:
[SA12232] Mozilla / Mozilla Firefox / Mozilla Thunderbird libpng
Vulnerabilities
[SA12204] Mozilla / Netscape SOAPParameter Integer Overflow
Vulnerability
[SA12233] Opera Browser "location" Object Write Access Vulnerability
[SA12230] JetBoxOne CMS Arbitrary File Upload Vulnerability
[SA12212] PuTTY Authentication Process Buffer Overflow Vulnerabilities
[SA12200] WHM AutoPilot Username and Password Retrieval
[SA12190] lostbook Script Insertion Vulnerability
[SA12189] LinPHA User Authentication Bypass Vulnerability
[SA12188] Mozilla / Mozilla Firefox User Interface Spoofing
Vulnerability
[SA12231] eNdonesia Cross-Site Scripting Vulnerability
[SA12209] WackoWiki textsearch Cross-Site Scripting Vulnerability
[SA12206] Sun Java JRE/SDK XSLT Processor Vulnerability

========================================================================
5) Vulnerabilities Content Listing

Windows:--

[SA12218] MailEnable Professional HTTPMail "Content-Length:" Buffer
Overflow Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      System access, DoS
Released:    2004-08-04

CoolICE has reported a vulnerability in MailEnable Professional, which
can be exploited by malicious people to cause a DoS (Denial of Service)
or potentially compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/12218/

 --

[SA12203] BlackJumboDog FTP Commands Buffer Overflow Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2004-08-02

Chew Keong TAN has reported a vulnerability in BlackJumboDog,
potentially allowing malicious people to compromise a vulnerable
system.

Full Advisory:
http://secunia.com/advisories/12203/

 --

[SA12192] Microsoft Internet Explorer Multiple Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2004-07-30

Microsoft has issued an update for Internet Explorer. This fixes three
vulnerabilities, allowing malicious websites to cause a DoS (Denial of
Service) or compromise a user's system.

Full Advisory:
http://secunia.com/advisories/12192/

 --

[SA12183] Comersus SQL Injection and Cross-Site Scripting
Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting, Manipulation of data
Released:    2004-08-03

Two vulnerabilities have been reported in Comersus, allowing malicious
people to conduct SQL injection and cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/12183/

 --

[SA12217] StackDefender Invalid Pointer Dereference Denial of Service
Vulnerabilities

Critical:    Less critical
Where:       From remote
Impact:      DoS
Released:    2004-08-04

iDEFENSE has reported two vulnerabilities in StackDefender, which
potentially can be exploited by malicious people to crash a system
protected by StackDefender.

Full Advisory:
http://secunia.com/advisories/12217/

 --

[SA12199] Webcam Watchdog "sresult.exe" Cross-Site Scripting
Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2004-08-02

Dr_insane has reported a vulnerability in Webcam Watchdog, which can be
exploited by malicious people to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/12199/


UNIX/Linux:--

[SA12234] Red Hat update for mozilla

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2004-08-05

Red Hat has issued an update for mozilla. This fixes multiple
vulnerabilities, where the most serious can be exploited by malicious
people to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/12234/

 --

[SA12228] Gentoo update for libpng

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2004-08-05

Gentoo has issued an update for libpng. This fixes multiple
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service) or compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/12228/

 --

[SA12225] Red Hat update for libpng

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2004-08-05

Red Hat has issued an update for libpng. This fixes multiple
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service) or compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/12225/

 --

[SA12223] Fedora update for libpng

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2004-08-05

Fedora has issued an update for libpng. This fixes multiple
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service) or compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/12223/

 --

[SA12222] SuSE update for libpng

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2004-08-05

SuSE has issued an update for libpng. This fixes multiple
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service) or compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/12222/

 --

[SA12221] Debian update for libpng

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2004-08-05

Debian has issued an update for libpng. This fixes multiple
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service) or compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/12221/

 --

[SA12220] Mandrake update for libpng

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2004-08-05

MandrakeSoft has issued an update for libpng. This fixes multiple
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service) or compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/12220/

 --

[SA12219] libpng Multiple Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2004-08-05

Chris Evans has discovered multiple vulnerabilities in libpng, which
can be exploited by malicious people to compromise a vulnerable system
or cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/12219/

 --

[SA12197] Citadel/UX "USER" Command Buffer Overflow Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2004-08-03

CoKi has reported a vulnerability in Citadel/UX, which can be exploited
by malicious people to cause a DoS (Denial of Service) and potentially
compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/12197/

 --

[SA12229] Red Hat update for glibc

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2004-08-05

Red Hat has issued an update for glibc. This fixes an old
vulnerability, which potentially can be exploited by malicious people
to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/12229/

 --

[SA12224] Gentoo update for courier

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2004-08-05

Gentoo has issued an update for courier. This fixes a vulnerability,
which can be exploited by malicious people to conduct script insertion
attacks.

Full Advisory:
http://secunia.com/advisories/12224/

 --

[SA12213] Gentoo update for putty

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2004-08-05

Gentoo has issued an update for putty. This fixes two vulnerabilities,
which potentially can be exploited by malicious people to compromise a
user's system.

Full Advisory:
http://secunia.com/advisories/12213/

 --

[SA12202] Horde IMP Script Insertion Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2004-08-03

A vulnerability has been discovered in Horde IMP, which can be
exploited by malicious people to conduct script insertion attacks.

Full Advisory:
http://secunia.com/advisories/12202/

 --

[SA12201] ripMIME Attachment Extraction Bypass

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass
Released:    2004-08-03

A security issue has been reported in ripMIME, potentially allowing
malicious people to bypass filtering software.

Full Advisory:
http://secunia.com/advisories/12201/

 --

[SA12195] Debian update for squirrelmail

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2004-08-03

Debian has issued an update for squirrelmail. This fixes multiple
vulnerabilities, which can be exploited by malicious people to conduct
cross-site scripting, script insertion, and SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/12195/

 --

[SA12193] SCO OpenServer update for OpenSSL

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2004-08-02

SCO has issued updated packages for OpenSSL. These fix three
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial-of-Service).

Full Advisory:
http://secunia.com/advisories/12193/

 --

[SA12191] DansGuardian Banned Extension Filter Bypass Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass
Released:    2004-07-30

Ruben Molina has reported a vulnerability in DansGuardian, which can be
exploited by malicious people to bypass certain security restrictions.

Full Advisory:
http://secunia.com/advisories/12191/

 --

[SA12186] Gentoo update for phpMyAdmin

Critical:    Moderately critical
Where:       From remote
Impact:      System access, Security Bypass
Released:    2004-07-30

Gentoo has issued an update for phpMyAdmin. This fixes two
vulnerabilities, which can be exploited by malicious people to
manipulate certain configuration settings and inject arbitrary code.

Full Advisory:
http://secunia.com/advisories/12186/

 --

[SA12185] Red Hat update for ipsec-tools

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass
Released:    2004-07-30

Red Hat has issued an update for ipsec-tools. This fixes a
vulnerability, which can be exploited by malicious people to bypass
certain security restrictions.

Full Advisory:
http://secunia.com/advisories/12185/

 --

[SA12184] Red Hat update for SoX

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2004-07-30

Red Hat has issued an update for sox. This fixes two vulnerabilities,
which potentially can be exploited by malicious people to compromise a
user's system.

Full Advisory:
http://secunia.com/advisories/12184/

 --

[SA12182] Mandrake update for wv

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2004-07-30

Mandrakesoft has issued an update for wv. This fixes a vulnerability,
which potentially can be exploited by malicious people to compromise a
user's system.

Full Advisory:
http://secunia.com/advisories/12182/

 --

[SA12216] SGI IRIX CDE Multiple Vulnerabilities

Critical:    Moderately critical
Where:       From local network
Impact:      Privilege escalation, System access
Released:    2004-08-04

SGI has confirmed multiple vulnerabilities in CDE, which can be
exploited by malicious people to compromise a vulnerable system or gain
escalated privileges.

Full Advisory:
http://secunia.com/advisories/12216/

 --

[SA12215] Fedora update for kernel

Critical:    Less critical
Where:       Local system
Impact:      Exposure of system information, Exposure of sensitive
information
Released:    2004-08-04

Fedora has issued an update for the kernel. This fixes a vulnerability,
which can be exploited by malicious, local users to gain knowledge of
sensitive information in kernel memory.

Full Advisory:
http://secunia.com/advisories/12215/

 --

[SA12214] DGen Insecure Temporary File Creation Vulnerability

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2004-08-04

Joey Hess has reported a vulnerability in DGen, which can be exploited
by malicious, local users to perform certain actions on a vulnerable
system with escalated privileges.

Full Advisory:
http://secunia.com/advisories/12214/

 --

[SA12211] Red Hat update for kernel

Critical:    Less critical
Where:       Local system
Impact:      Exposure of system information, Exposure of sensitive
information, DoS
Released:    2004-08-04

Red Hat has issued an update for the kernel. This fixes multiple
vulnerabilities, which can be exploited by malicious, local users to
gain knowledge of sensitive information or cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/12211/

 --

[SA12210] Linux Kernel File Offset Pointer Handling Memory Disclosure
Vulnerability

Critical:    Less critical
Where:       Local system
Impact:      Exposure of system information, Exposure of sensitive
information
Released:    2004-08-04

Paul Starzetz has reported a vulnerability in the Linux kernel, which
can be exploited by malicious, local users to disclose sensitive
information in kernel memory.

Full Advisory:
http://secunia.com/advisories/12210/

 --

[SA12196] UnixWare / Open UNIX Xsco Buffer Overflow Vulnerabilities

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2004-08-02

SCO has confirmed some vulnerabilities in UnixWare and Open UNIX, which
can be exploited by malicious, local users to gain escalated
privileges.

Full Advisory:
http://secunia.com/advisories/12196/

 --

[SA12187] OpenServer uudecode Insecure Temporary File Creation
Vulnerability

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2004-08-02

SCO has confirmed an old vulnerability in OpenServer, which can be
exploited by malicious, local users to gain escalated privileges.

Full Advisory:
http://secunia.com/advisories/12187/

 --

[SA12205] Oracle9i Application Server Privilege Escalation Issue

Critical:    Not critical
Where:       Local system
Impact:      Privilege escalation
Released:    2004-08-03

Juan Manuel Pascual Escriba has reported a security issue in Oracle9i
Application Server, allowing malicious local users to escalate their
privileges.

Full Advisory:
http://secunia.com/advisories/12205/


Other:--

[SA12208] NetScreen ScreenOS SSHv1 Denial of Service Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2004-08-04

Mark Ellzey Thomas has discovered a vulnerability in ScreenOS, which
can be exploited by malicious people to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/12208/

 --

[SA12207] U.S. Robotics Wireless Access Point Denial of Service

Critical:    Less critical
Where:       From local network
Impact:      DoS
Released:    2004-08-03

Albert Puigsech Galicia has reported a vulnerability in U.S. Robotics
Wireless Access Point 8054 Series, allowing malicious people to cause a
Denial of Service.

Full Advisory:
http://secunia.com/advisories/12207/


Cross Platform:--

[SA12232] Mozilla / Mozilla Firefox / Mozilla Thunderbird libpng
Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2004-08-05

Mozilla has confirmed some vulnerabilities in Mozilla, Mozilla Firefox,
and Mozilla Thunderbird, which can be exploited by malicious people to
cause a DoS (Denial of Service) or compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/12232/

 --

[SA12204] Mozilla / Netscape SOAPParameter Integer Overflow
Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2004-08-03

zen-parse has reported a vulnerability in Mozilla and Netscape,
potentially allowing malicious people to compromise a vulnerable
system.

Full Advisory:
http://secunia.com/advisories/12204/

 --

[SA12233] Opera Browser "location" Object Write Access Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting, Spoofing, Exposure of sensitive
information
Released:    2004-08-05

GreyMagic has discovered a vulnerability in Opera, allowing a malicious
website to steal sensitive information and conduct cross-site scripting
attacks.

Full Advisory:
http://secunia.com/advisories/12233/

 --

[SA12230] JetBoxOne CMS Arbitrary File Upload Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2004-08-05

y3dips has reported a vulnerability in Jetbox One, allowing malicious
users to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/12230/

 --

[SA12212] PuTTY Authentication Process Buffer Overflow Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2004-08-04

Core Security Technologies has discovered two vulnerabilities in PuTTY,
which potentially can be exploited by malicious people to compromise a
user's system.

Full Advisory:
http://secunia.com/advisories/12212/

 --

[SA12200] WHM AutoPilot Username and Password Retrieval

Critical:    Moderately critical
Where:       From remote
Impact:      Exposure of sensitive information
Released:    2004-08-03

A vulnerability has been reported in WHM AutoPilot, allowing malicious
people to retrieve usernames and clear text passwords.

Full Advisory:
http://secunia.com/advisories/12200/

 --

[SA12190] lostbook Script Insertion Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2004-07-30

r3d5pik3 has reported a vulnerability in lostBook, which can be
exploited by malicious people to conduct script insertion attacks.

Full Advisory:
http://secunia.com/advisories/12190/

 --

[SA12189] LinPHA User Authentication Bypass Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass, Exposure of system information, Exposure
of sensitive information
Released:    2004-07-30

Fernando Quintero has reported a vulnerability in LinPHA, which can be
exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/12189/

 --

[SA12188] Mozilla / Mozilla Firefox User Interface Spoofing
Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Spoofing
Released:    2004-07-30

A vulnerability has been reported in Mozilla and Mozilla Firefox,
allowing malicious websites to spoof the user interface.

Full Advisory:
http://secunia.com/advisories/12188/

 --

[SA12231] eNdonesia Cross-Site Scripting Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2004-08-05

y3dips has reported a vulnerability in eNdonesia, allowing malicious
people to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/12231/

 --

[SA12209] WackoWiki textsearch Cross-Site Scripting Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2004-08-04

A vulnerability has been reported in WackoWiki, which can be exploited
by malicious people to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/12209/

 --

[SA12206] Sun Java JRE/SDK XSLT Processor Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Exposure of sensitive information, Privilege escalation
Released:    2004-08-03

Marc Schoenefeld has discovered a vulnerability in Sun Java JRE/SDK,
allowing an untrusted applet to gain escalated privileges on a
vulnerable system.

Full Advisory:
http://secunia.com/advisories/12206/



========================================================================

Secunia recommends that you verify all advisories you receive,
by clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only use
those supplied by the vendor.

Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/

Subscribe:
http://secunia.com/secunia_weekly_summary/

Contact details:
Web	: http://secunia.com/
E-mail	: support@private
Tel	: +45 70 20 51 44
Fax	: +45 70 20 51 45

========================================================================



_________________________________________
Help InfoSec News with a donation: http://www.c4i.org/donation.html



This archive was generated by hypermail 2.1.3 : Fri Aug 06 2004 - 05:39:17 PDT