======================================================================== The Secunia Weekly Advisory Summary 2004-09-02 - 2004-09-09 This week : 58 advisories ======================================================================== Table of Contents: 1.....................................................Word From Secunia 2....................................................This Week In Brief 3...............................This Weeks Top Ten Most Read Advisories 4.......................................Vulnerabilities Summary Listing 5.......................................Vulnerabilities Content Listing ======================================================================== 1) Word From Secunia: Secunia has implemented new features at Secunia.com SECUNIA ADVISORIES NOW INCLUDE "Solution Status": In addition to the extensive information Secunia advisories already include, Secunia has added a new parameter: "Solution Status". This simply means that all Secunia advisories, including older advisories, now include the current "Solution Status" of a advisory, i.e. if the vendor has released a patch or not. IMPROVED PRODUCT PAGES: The improved product pages now include a detailed listing of all Secunia advisories affecting each product. The listings include a clear indication of the "Solution Status" each advisory has ("Unpatched", "Vendor patch", "Vendor workaround", or "Partial fix"). View the following for examples: Opera 7: http://secunia.com/product/761/ Internet Explorer 6: http://secunia.com/product/11/ Mozilla Firefox: http://secunia.com/product/3256/ EXTRA STATISTICS: Each product page also includes a new pie graph, displaying the "Solution Status" for all Secunia advisories affecting each product in a given period. View the following for an example: Internet Explorer 6: http://secunia.com/product/11/#statistics_solution FEEDBACK SYSTEM: To make it easier to provide feedback to the Secunia staff, we have made an online feedback form. Enter your inquiry and it will immediately be sent to the appropriate Secunia department. Ideas, suggestions, and other feedback is most welcome Secunia Feedback Form: http://secunia.com/contact_form/ ======================================================================== 2) This Week in Brief: ADVISORIES: WinZIP released a new version of their very popular packaging program for Windows, which according to the vendor addresses some buffer overflow vulnerabilities and a vulnerability, which is caused due to insufficient command line validation. According to the vendor, all vulnerabilities were discovered during internal review and testing. An updated version is available at the WinZIP website. Reference: http://secunia.com/SA12430 -- Apple has issued a security update for the Mac OS X, which fixes 15 vulnerabilities. A detailed list can be found in the Secunia advisory below. Reference: http://secunia.com/SA12491 -- The Altnet Download Manager is vulnerable to a buffer overflow in an included ActiveX Control, which can be exploited by malicious people to execute arbitrary code on a vulnerable system. What makes this even more critical is that this ActiveX Control, also is shipped with file sharing programs such as Kazaa and Grokster. Most users of these products are not aware that they need to download a patch from Altnet in order to address this problem. Users, who have Kazaa or Grokster installed, should visit Altnet and download the available patch as soon as possible. Reference: http://secunia.com/SA12446 VIRUS ALERTS: Secunia has not issued any virus alerts during the last week. ======================================================================== 3) This Weeks Top Ten Most Read Advisories: 1. [SA12430] Winzip Unspecified Multiple Buffer Overflow Vulnerabilities 2. [SA12321] Microsoft Internet Explorer Drag and Drop Vulnerability 3. [SA12304] Internet Explorer Address Bar Spoofing Vulnerability 4. [SA12381] Winamp Skin File Arbitrary Code Execution Vulnerability 5. [SA12455] Kazaa Altnet Download Manager Buffer Overflow Vulnerability 6. [SA12446] Altnet Download Manager Buffer Overflow Vulnerability 7. [SA12409] Oracle Products Multiple Vulnerabilities 8. [SA12198] AOL Instant Messenger "Away" Message Buffer Overflow Vulnerability 9. [SA11978] Multiple Browsers Frame Injection Vulnerability 10. [SA12408] Kerberos V5 Multiple Vulnerabilities ======================================================================== 4) Vulnerabilities Summary Listing Windows: [SA12456] Grokster Altnet Download Manager Buffer Overflow Vulnerability [SA12455] Kazaa Altnet Download Manager Buffer Overflow Vulnerability [SA12446] Altnet Download Manager Buffer Overflow Vulnerability [SA12487] Trillian MSN Module Buffer Overflow Vulnerability [SA12453] IMail Multiple Denial of Service Vulnerabilities [SA12460] eZ / eZphotoshare Multiple Connection Denial of Service Vulnerability [SA12468] Kerio Personal Firewall Program Execution Protection Feature Bypass UNIX/Linux: [SA12496] Gentoo update for LHA [SA12494] Fedora update for LHA [SA12489] Gentoo update for ImageMagick/imlib/imlib2 [SA12488] Usermin Shell Command Injection and Insecure Installation Vulnerabilities [SA12483] Mandrake update for imlib/imlib2 [SA12480] Red Hat update for gaim [SA12479] ImageMagick BMP Image Decoding Buffer Overflow Vulnerability [SA12478] mpg123 Mpeg Layer-2 Audio Decoder Buffer Overflow Vulnerability [SA12475] Red Hat update for mod_ssl [SA12457] Gentoo update for krb5 [SA12445] gnubiff POP3 Buffer Overflow and Denial of Service Vulnerabilities [SA12437] Red Hat update for LHA [SA12495] Fedora update for kdelibs / kdebase [SA12491] Mac OS X Security Update Fixes Multiple Vulnerabilities [SA12473] OpenCA Web Frontend Script Insertion Vulnerability [SA12465] Slackware update for KDE [SA12459] Gentoo update for xv [SA12458] Mailworks User Authentication Bypass Vulnerability [SA12452] Gentoo update for Python [SA12449] Gentoo update for eGroupWare [SA12448] Gentoo update for Squid [SA12447] SuSE update for zlib [SA12442] Gentoo update for vpopmail [SA12441] vpopmail SQL Injection Vulnerabilities [SA12454] Fedora update for samba [SA12474] SUSE update for apache2 [SA12451] Gentoo update for Gallery [SA12443] Red Hat update for httpd [SA12499] Gentoo update for samba [SA12485] Gentoo update for star [SA12484] Star Unspecified Privilege Escalation Vulnerability [SA12482] Mandrake update for cdrecord [SA12481] cdrecord Privilege Escalation Vulnerability [SA12476] Net-Acct Insecure Temporary File Creation Vulnerability [SA12462] Gentoo update for Ruby [SA12440] bsdmainutils calender Utility File Content Disclosure Vulnerability [SA12470] Sun Solaris in.named Dynamic Update Denial of Service Vulnerability [SA12477] Gentoo multi-gnome-terminal Potential Exposure of Sensitive Information Other: [SA12461] Dynalink RTA230 Default Username and Password [SA12471] StorageTek D280 Disk System Denial of Service Vulnerability [SA12469] IBM TotalStorage DS4100 Denial of Service Vulnerability [SA12464] Engenio Storage Controllers Denial of Service Vulnerability [SA12450] NetScreen-IDP scp Directory Traversal Vulnerability [SA12472] Brocade SilkWorm Switches Denial of Service Vulnerability Cross Platform: [SA12467] Tutti Nova Unspecified Vulnerabilities [SA12444] Squid NTLM Authentication Denial of Service Vulnerability [SA12439] TorrentTrader "id" SQL Injection Vulnerability [SA12438] phpWebSite Cross-Site Scripting and Script Insertion Vulnerabilities [SA12466] phpGroupWare Unspecified Cross-Site Scripting Vulnerability [SA12486] Emdros Create/Update Object Type Denial of Service Vulnerability [SA12463] Cosminexus Portal Framework Unspecified Cached Content Replacement ======================================================================== 5) Vulnerabilities Content Listing Windows:-- [SA12456] Grokster Altnet Download Manager Buffer Overflow Vulnerability Critical: Highly critical Where: From remote Impact: System access Released: 2004-09-03 CelebrityHacker has reported a vulnerability in the Altnet Download Manager included in Grokster, which can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/12456/ -- [SA12455] Kazaa Altnet Download Manager Buffer Overflow Vulnerability Critical: Highly critical Where: From remote Impact: System access Released: 2004-09-03 CelebrityHacker has reported a vulnerability in the Altnet Download Manager included in Kazaa, which can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/12455/ -- [SA12446] Altnet Download Manager Buffer Overflow Vulnerability Critical: Highly critical Where: From remote Impact: System access Released: 2004-09-03 CelebrityHacker has discovered a vulnerability in Altnet Download Manager, which can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/12446/ -- [SA12487] Trillian MSN Module Buffer Overflow Vulnerability Critical: Moderately critical Where: From remote Impact: System access Released: 2004-09-08 Komrade has reported a vulnerability in Trillian, which can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/12487/ -- [SA12453] IMail Multiple Denial of Service Vulnerabilities Critical: Moderately critical Where: From remote Impact: DoS Released: 2004-09-03 Various vulnerabilities have been reported in IMail, which potentially can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/12453/ -- [SA12460] eZ / eZphotoshare Multiple Connection Denial of Service Vulnerability Critical: Less critical Where: From local network Impact: DoS Released: 2004-09-06 Dr_insane has reported a vulnerability in eZ and eZphotoshare, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/12460/ -- [SA12468] Kerio Personal Firewall Program Execution Protection Feature Bypass Critical: Less critical Where: Local system Impact: Security Bypass Released: 2004-09-06 Tan Chew Keong has reported a vulnerability in Kerio Personal Firewall, which can be exploited certain malicious processes to bypass certain security features provided by the product. Full Advisory: http://secunia.com/advisories/12468/ UNIX/Linux:-- [SA12496] Gentoo update for LHA Critical: Highly critical Where: From remote Impact: System access Released: 2004-09-09 Gentoo has issued an update for LHA. This fixes some vulnerabilities, which can be exploited to compromise a user's system. Full Advisory: http://secunia.com/advisories/12496/ -- [SA12494] Fedora update for LHA Critical: Highly critical Where: From remote Impact: System access Released: 2004-09-09 Fedora has issued an update for LHA. This fixes some vulnerabilities, which can be exploited to compromise a user's system. Full Advisory: http://secunia.com/advisories/12494/ -- [SA12489] Gentoo update for ImageMagick/imlib/imlib2 Critical: Highly critical Where: From remote Impact: DoS, System access Released: 2004-09-08 Gentoo has issued updates for ImageMagick, imlib, and imlib2. These fix a vulnerability, which potentially can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/12489/ -- [SA12488] Usermin Shell Command Injection and Insecure Installation Vulnerabilities Critical: Highly critical Where: From remote Impact: Unknown, System access Released: 2004-09-08 Two vulnerabilities have been reported in Usermin, where the most critical can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/12488/ -- [SA12483] Mandrake update for imlib/imlib2 Critical: Highly critical Where: From remote Impact: DoS, System access Released: 2004-09-08 MandrakeSoft has issued updates for imlib and imlib2. These fix a vulnerability, which potentially can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/12483/ -- [SA12480] Red Hat update for gaim Critical: Highly critical Where: From remote Impact: System access, DoS Released: 2004-09-07 Red Hat has issued an update for gaim. This fixes multiple vulnerabilities, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/12480/ -- [SA12479] ImageMagick BMP Image Decoding Buffer Overflow Vulnerability Critical: Highly critical Where: From remote Impact: System access Released: 2004-09-08 A vulnerability has been reported in ImageMagick, which potentially can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/12479/ -- [SA12478] mpg123 Mpeg Layer-2 Audio Decoder Buffer Overflow Vulnerability Critical: Highly critical Where: From remote Impact: System access Released: 2004-09-08 Davide Del Vecchio has reported a vulnerability in mpg123, which can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/12478/ -- [SA12475] Red Hat update for mod_ssl Critical: Highly critical Where: From remote Impact: System access Released: 2004-09-07 Red Hat has issued an update for mod_ssl. This fixes a vulnerability, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/12475/ -- [SA12457] Gentoo update for krb5 Critical: Highly critical Where: From remote Impact: System access, DoS Released: 2004-09-06 Gentoo has issued an update for krb5. This fixes multiple vulnerabilities, where the most critical potentially can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/12457/ -- [SA12445] gnubiff POP3 Buffer Overflow and Denial of Service Vulnerabilities Critical: Highly critical Where: From remote Impact: DoS, System access Released: 2004-09-06 Two vulnerabilities have been reported in gnubiff, which potentially can be exploited to cause a DoS (Denial of Service) or compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/12445/ -- [SA12437] Red Hat update for LHA Critical: Highly critical Where: From remote Impact: System access Released: 2004-09-02 Red Hat has issued an update for LHA. This fixes some vulnerabilities, which can be exploited to compromise a user's system. Full Advisory: http://secunia.com/advisories/12437/ -- [SA12495] Fedora update for kdelibs / kdebase Critical: Moderately critical Where: From remote Impact: Hijacking, Spoofing, Privilege escalation Released: 2004-09-09 Fedora has issued updates for kdelibs and kdebase. These fix multiple vulnerabilities, which can be exploited to perform certain actions on a vulnerable system with escalated privileges, spoof the content of websites, or hijack sessions. Full Advisory: http://secunia.com/advisories/12495/ -- [SA12491] Mac OS X Security Update Fixes Multiple Vulnerabilities Critical: Moderately critical Where: From remote Impact: Security Bypass, Cross Site Scripting, Manipulation of data, Exposure of system information, Exposure of sensitive information, Privilege escalation, DoS, System access Released: 2004-09-08 Apple has issued a security update for Mac OS X, which fixes various vulnerabilities. Full Advisory: http://secunia.com/advisories/12491/ -- [SA12473] OpenCA Web Frontend Script Insertion Vulnerability Critical: Moderately critical Where: From remote Impact: Cross Site Scripting Released: 2004-09-08 A vulnerability has been reported in OpenCA, which can be exploited by malicous people to conduct script insertion attacks. Full Advisory: http://secunia.com/advisories/12473/ -- [SA12465] Slackware update for KDE Critical: Moderately critical Where: From remote Impact: Privilege escalation, Spoofing, Hijacking Released: 2004-09-06 Slackware has issued updates for kdelibs and kdebase. These fix multiple vulnerabilities, which can be exploited to perform certain actions on a vulnerable system with escalated privileges, spoof the content of websites, or hijack sessions. Full Advisory: http://secunia.com/advisories/12465/ -- [SA12459] Gentoo update for xv Critical: Moderately critical Where: From remote Impact: System access Released: 2004-09-06 Gentoo has issued an update for xv. This fixes multiple vulnerabilities, which potentially can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/12459/ -- [SA12458] Mailworks User Authentication Bypass Vulnerability Critical: Moderately critical Where: From remote Impact: Security Bypass Released: 2004-09-06 Paul Craig has reported a vulnerability in Mailworks, which can be exploited by malicious people to bypass the user authentication. Full Advisory: http://secunia.com/advisories/12458/ -- [SA12452] Gentoo update for Python Critical: Moderately critical Where: From remote Impact: System access Released: 2004-09-03 Gentoo has issued an update for Python. This fixes a vulnerability, which potentially can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/12452/ -- [SA12449] Gentoo update for eGroupWare Critical: Moderately critical Where: From remote Impact: Cross Site Scripting Released: 2004-09-03 Gentoo has issued an update for eGroupWare. This fixes a vulnerability, which can be exploited by malicious people to conduct cross-site scripting and script insertion attacks. Full Advisory: http://secunia.com/advisories/12449/ -- [SA12448] Gentoo update for Squid Critical: Moderately critical Where: From remote Impact: DoS Released: 2004-09-03 Gentoo has issued an update for Squid. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/12448/ -- [SA12447] SuSE update for zlib Critical: Moderately critical Where: From remote Impact: DoS Released: 2004-09-03 SuSE has issued an update for zlib. This fixes a vulnerability, which potentially can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/12447/ -- [SA12442] Gentoo update for vpopmail Critical: Moderately critical Where: From remote Impact: Manipulation of data, Exposure of system information, Exposure of sensitive information, Privilege escalation Released: 2004-09-03 Gentoo has issued an update for vpopmail. This fixes some vulnerabilities, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/12442/ -- [SA12441] vpopmail SQL Injection Vulnerabilities Critical: Moderately critical Where: From remote Impact: Manipulation of data, Exposure of system information, Exposure of sensitive information, Privilege escalation Released: 2004-09-03 Some vulnerabilities have been reported in vpopmail, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/12441/ -- [SA12454] Fedora update for samba Critical: Moderately critical Where: From local network Impact: System access Released: 2004-09-03 Fedora has issued an update for samba. This fixes two vulnerabilities, which potentially can be exploited by malicious people to compromise a vulnerability system. Full Advisory: http://secunia.com/advisories/12454/ -- [SA12474] SUSE update for apache2 Critical: Less critical Where: From remote Impact: DoS Released: 2004-09-07 SUSE has issued an update for apache2. This fixes two vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/12474/ -- [SA12451] Gentoo update for Gallery Critical: Less critical Where: From remote Impact: System access Released: 2004-09-03 Gentoo has issued an update for Gallery. This fixes a vulnerability, which potentially can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/12451/ -- [SA12443] Red Hat update for httpd Critical: Less critical Where: From remote Impact: DoS Released: 2004-09-02 Red Hat has issued an update for httpd. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/12443/ -- [SA12499] Gentoo update for samba Critical: Less critical Where: From local network Impact: DoS Released: 2004-09-09 Gentoo has issued an update for samba. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/12499/ -- [SA12485] Gentoo update for star Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2004-09-08 Gentoo has issued an update for star. This fixes a vulnerability, which can be exploited by malicious, local users to gain escalated privileges. Full Advisory: http://secunia.com/advisories/12485/ -- [SA12484] Star Unspecified Privilege Escalation Vulnerability Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2004-09-08 An unspecified vulnerability has been reported in star, which can be exploited by malicious, local users to gain escalated privileges. Full Advisory: http://secunia.com/advisories/12484/ -- [SA12482] Mandrake update for cdrecord Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2004-09-08 MandrakeSoft has issued an update for cdrecord. This fixes a vulnerability, which can be exploited by malicious, local users to gain escalated privileges. Full Advisory: http://secunia.com/advisories/12482/ -- [SA12481] cdrecord Privilege Escalation Vulnerability Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2004-09-08 Max Vozeler has reported a vulnerability in cdrecord, which potentially can be exploited by malicious, local users to gain escalated privileges. Full Advisory: http://secunia.com/advisories/12481/ -- [SA12476] Net-Acct Insecure Temporary File Creation Vulnerability Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2004-09-07 Stefan Nordhausen has discovered a vulnerability in net-acct, which can be exploited by malicious, local users to perform certain actions on a vulnerable system with escalated privileges. Full Advisory: http://secunia.com/advisories/12476/ -- [SA12462] Gentoo update for Ruby Critical: Less critical Where: Local system Impact: Exposure of sensitive information Released: 2004-09-06 Gentoo has issued an update for ruby. This fixes a vulnerability, which potentially can be exploited by malicious, local users to gain knowledge of sensitive information. Full Advisory: http://secunia.com/advisories/12462/ -- [SA12440] bsdmainutils calender Utility File Content Disclosure Vulnerability Critical: Less critical Where: Local system Impact: Exposure of sensitive information Released: 2004-09-03 Steven Van Acker has reported a vulnerability in bsdmainutils, which potentially can be exploited by malicious, local users to gain knowledge of sensitive information. Full Advisory: http://secunia.com/advisories/12440/ -- [SA12470] Sun Solaris in.named Dynamic Update Denial of Service Vulnerability Critical: Not critical Where: From remote Impact: DoS Released: 2004-09-06 A vulnerability has been reported in Sun Solaris, which can be exploited by certain malicious users to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/12470/ -- [SA12477] Gentoo multi-gnome-terminal Potential Exposure of Sensitive Information Critical: Not critical Where: Local system Impact: Exposure of sensitive information Released: 2004-09-07 Gentoo has issued an update for multi-gnome-terminal. This fixes a potential security issue, which may expose sensitive information. Full Advisory: http://secunia.com/advisories/12477/ Other:-- [SA12461] Dynalink RTA230 Default Username and Password Critical: Moderately critical Where: From remote Impact: System access Released: 2004-09-06 fabio has reported a security issue in Dynalink RTA230, which can be exploited by malicious people to gain control of a vulnerable device. Full Advisory: http://secunia.com/advisories/12461/ -- [SA12471] StorageTek D280 Disk System Denial of Service Vulnerability Critical: Moderately critical Where: From local network Impact: DoS Released: 2004-09-07 Frank Denis has reported a vulnerability in StorageTek D280 Disk System, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/12471/ -- [SA12469] IBM TotalStorage DS4100 Denial of Service Vulnerability Critical: Moderately critical Where: From local network Impact: DoS Released: 2004-09-07 Frank Denis has reported a vulnerability in IBM TotalStorage DS4100 (formerly FAStT100), which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/12469/ -- [SA12464] Engenio Storage Controllers Denial of Service Vulnerability Critical: Moderately critical Where: From local network Impact: DoS Released: 2004-09-07 Frank Denis has reported a vulnerability in Engenio Storage Controllers, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/12464/ -- [SA12450] NetScreen-IDP scp Directory Traversal Vulnerability Critical: Less critical Where: From remote Impact: Manipulation of data Released: 2004-09-03 Juniper Networks has acknowledged an older vulnerability in OpenSSH for Netscreen-IDP, which potentially can be exploited by malicious people to overwrite arbitrary files on a vulnerable device. Full Advisory: http://secunia.com/advisories/12450/ -- [SA12472] Brocade SilkWorm Switches Denial of Service Vulnerability Critical: Less critical Where: From local network Impact: DoS Released: 2004-09-07 Frank Denis has reported a vulnerability in Brocade SilkWork Switches, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/12472/ Cross Platform:-- [SA12467] Tutti Nova Unspecified Vulnerabilities Critical: Highly critical Where: From remote Impact: Unknown Released: 2004-09-06 Various unspecified vulnerabilities with an unknown impact have been reported in Tutti Nova. Full Advisory: http://secunia.com/advisories/12467/ -- [SA12444] Squid NTLM Authentication Denial of Service Vulnerability Critical: Moderately critical Where: From remote Impact: DoS Released: 2004-09-03 Marco Ortisi has reported a vulnerability in Squid, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/12444/ -- [SA12439] TorrentTrader "id" SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Exposure of system information, Exposure of sensitive information, Manipulation of data Released: 2004-09-02 aCiDBiTS has reported a vulnerability in TorrentTrader, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/12439/ -- [SA12438] phpWebSite Cross-Site Scripting and Script Insertion Vulnerabilities Critical: Moderately critical Where: From remote Impact: Cross Site Scripting, Manipulation of data Released: 2004-09-03 James Bercegay has reported some vulnerabilities in phpWebSite, allowing malicious people to conduct cross-site scripting and script insertion attacks. Full Advisory: http://secunia.com/advisories/12438/ -- [SA12466] phpGroupWare Unspecified Cross-Site Scripting Vulnerability Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2004-09-06 An unspecified vulnerability has been reported in phpGroupWare, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/12466/ -- [SA12486] Emdros Create/Update Object Type Denial of Service Vulnerability Critical: Less critical Where: From local network Impact: DoS Released: 2004-09-08 A vulnerability has been reported in Emdros, which can be exploited by malicious users to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/12486/ -- [SA12463] Cosminexus Portal Framework Unspecified Cached Content Replacement Critical: Less critical Where: From local network Impact: Exposure of system information, Exposure of sensitive information Released: 2004-09-07 A vulnerability has been reported in Cosminexus Portal Framework, which potentially can be exploited by malicious users to gain knowledge of sensitive information. Full Advisory: http://secunia.com/advisories/12463/ ======================================================================== Secunia recommends that you verify all advisories you receive, by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Subscribe: http://secunia.com/secunia_weekly_summary/ Contact details: Web : http://secunia.com/ E-mail : support@private Tel : +45 70 20 51 44 Fax : +45 70 20 51 45 ======================================================================== _________________________________________ Donate online for the Ron Santo Walk to Cure Diabetes - http://www.c4i.org/ethan.html
This archive was generated by hypermail 2.1.3 : Thu Sep 09 2004 - 05:08:43 PDT