[ISN] Secunia Weekly Summary - Issue: 2004-52

From: InfoSec News (isn@private)
Date: Fri Dec 24 2004 - 00:16:30 PST


========================================================================

                  The Secunia Weekly Advisory Summary                  
                        2004-12-16 - 2004-12-23                        

                      This week : 131 advisories                       

========================================================================
Table of Contents:

1.....................................................Word From Secunia
2....................................................This Week In Brief
3...............................This Weeks Top Ten Most Read Advisories
4.......................................Vulnerabilities Summary Listing
5.......................................Vulnerabilities Content Listing

========================================================================
1) Word From Secunia:

Monitor, Filter, and Manage Security Information
- Filtering and Management of Secunia advisories
- Overview, documentation, and detailed reports
- Alerting via email and SMS

Request Trial:
https://ca.secunia.com/?f=s

========================================================================
2) This Week in Brief:


ADVISORIES:

Two vulnerabilities have been reported in Konqueror, which can be
exploited by malicious people to compromise a vulnerable system.

The vendor has issued patches, which can be found in the referenced 
Secunia advisory below.

References:
http://secunia.com/SA13586/


VIRUS ALERTS:

Secunia has not issued any virus alerts during the week.

========================================================================
3) This Weeks Top Ten Most Read Advisories:

1.  [SA13482] Internet Explorer DHTML Edit ActiveX Control Cross-Site
              Scripting
2.  [SA13481] PHP Multiple Vulnerabilities
3.  [SA13129] Mozilla / Mozilla Firefox Window Injection Vulnerability
4.  [SA13471] Adobe Reader / Adobe Acrobat Multiple Vulnerabilities
5.  [SA13251] Microsoft Internet Explorer Window Injection
              Vulnerability
6.  [SA12889] Microsoft Internet Explorer Two Vulnerabilities
7.  [SA13239] phpBB Multiple Vulnerabilities
8.  [SA12959] Internet Explorer HTML Elements Buffer Overflow
              Vulnerability
9.  [SA13269] Winamp "IN_CDDA.dll" Buffer Overflow Vulnerability
10. [SA13474] Adobe Acrobat Reader "mailListIsPdf()" Function Buffer
              Overflow

========================================================================
4) Vulnerabilities Summary Listing

Windows:
[SA13621] SurgeMail Unspecified Webmail Security Issue
[SA13583] Crystal FTP Client "LIST" Buffer Overflow Vulnerability
[SA13571] ArGoSoft Mail Server Script Insertion Vulnerability
[SA13618] Citrix Metaframe XP Unspecified Buffer Overflow
Vulnerability
[SA13605] tlen URL Script Insertion Vulnerability
[SA13591] WinRAR Delete File Buffer Overflow Vulnerability
[SA13578] Windows Media Player ActiveX Control Two Vulnerabilities
[SA13567] Google Desktop Search Exposure of Local Search Results
[SA13569] GamePort Two Security Bypass Vulnerabilities

UNIX/Linux:
[SA13639] Red Hat update for acroread
[SA13636] KDE kpdf "doImage()" Buffer Overflow Vulnerability
[SA13629] Fedora update for libtiff
[SA13626] Mandrake update for kdelibs
[SA13622] Mandrake update for mplayer
[SA13614] Red Hat update for PHP
[SA13611] Fedora update for PHP
[SA13608] HP-UX FTP Server Debug Logging Buffer Overflow Vulnerability
[SA13607] LibTIFF Two Integer Overflow Vulnerabilities
[SA13602] xpdf "doImage()" Buffer Overflow Vulnerability
[SA13595] Red Hat update for XFree86
[SA13590] Mandrake update for ethereal
[SA13586] KDE Konqueror Java Sandbox Security Bypass Vulnerabilities
[SA13585] Gentoo update for mplayer
[SA13581] Red Hat update for XFree86
[SA13568] Mandrake update for php
[SA13562] Gentoo update for PHP
[SA13561] Gentoo update for Ethereal
[SA13559] Gentoo update for KDE kfax
[SA13557] Gentoo update for phpMyAdmin
[SA13542] NapShare "auto_filter_extern()" Function Buffer Overflow
Vulnerability
[SA13533] Bolthole Filter "save_embedded_address()" Function Buffer
Overflow
[SA13502] xine-lib "open_aiff_file()" Buffer Overflow Vulnerability
[SA13499] Gentoo update for acroread
[SA13635] Rpm Finder "web()" Buffer Overflow and Insecure File
Creation
[SA13624] Mandrake update for krb5
[SA13616] Gentoo update for mpg123
[SA13606] Gentoo update for Zwiki
[SA13584] Debian update for xzgv
[SA13580] Debian update for htget
[SA13579] htget Buffer Overflow Vulnerability
[SA13560] Gentoo update for kdelibs / kdebase
[SA13558] Gentoo update for abcm2ps
[SA13554] YAMT "id3tag_sort()" Function Vulnerability
[SA13553] xlreader "book_format_sql()" Buffer Overflow Vulnerability
[SA13552] Vilistextum "get_attr()" Buffer Overflow Vulnerability
[SA13551] vb2c "parse()" Buffer Overflow Vulnerability
[SA13550] UnRTF "process_font_table()" Buffer Overflow Vulnerability
[SA13548] rtf2latex2e "ReadFontTbl()" Buffer Overflow Vulnerability
[SA13547] Ringtone Tools "parse_emelody()" Function Buffer Overflow
[SA13546] pgn2web "process_moves()" Buffer Overflow Vulnerability
[SA13545] Pcal "getline()" and "get_holiday()" Buffer Overflow
Vulnerabilities
[SA13544] o3read "parse_html()" Function Buffer Overflow Vulnerability
[SA13541] Mesh Viewer "Mesh::type()" Function Buffer Overflow
Vulnerability
[SA13539] Junkie FTP Client Two Vulnerabilities
[SA13538] jpegtoavi "get_file_list_stdin()" Function Buffer Overflow
Vulnerability
[SA13537] jcabc2ps "switch_voice()" Buffer Overflow Vulnerability
[SA13536] IglooFTP File Manipulation Vulnerabilities
[SA13535] html2hdml "remove_quote()" Buffer Overflow Vulnerability
[SA13534] GREED "DownloadLoop()" Function Vulnerabilities
[SA13532] DXFscope DXF File Parsing Buffer Overflow Vulnerability
[SA13531] csv2xml "get_field_headers()" Buffer Overflow Vulnerability
[SA13530] Convex 3D "readObjectChunk()" Buffer Overflow Vulnerability
[SA13529] chbg "simplify_path()" Buffer Overflow Vulnerability
[SA13527] libbsb "bsb_open_header()" Buffer Overflow Vulnerability
[SA13526] asp2php Two Buffer Overflow Vulnerabilities
[SA13525] abctab2ps Two Buffer Overflow Vulnerabilities
[SA13524] abcpp "handle_directive()" Buffer Overflow Vulnerability
[SA13523] abcm2ps "put_words()" Buffer Overflow Vulnerability
[SA13522] abc2mtex "process_abc()" Buffer Overflow Vulnerability
[SA13520] Red Hat update for gd
[SA13517] SUSE update for file/phprojekt
[SA13516] tnftp File Name Verification Vulnerability
[SA13514] qwik-smtpd "HELO" Command Buffer Overflow Vulnerability
[SA13512] abc2midi Two Buffer Overflow Vulnerabilities
[SA13511] mpg123 "find_next_file()" Buffer Overflow Vulnerability
[SA13506] Red Hat update for libxml
[SA13497] Sun Java Messaging Server Webmail Script Insertion
Vulnerability
[SA13623] SUSE update for samba
[SA13615] Fedora update for samba
[SA13613] Red Hat update for samba
[SA13612] Fedora update for krb5
[SA13597] Red Hat update for nfs-utils
[SA13592] Kerberos V5 "libkadm5srv" Buffer Overflow Vulnerability
[SA13582] Trustix update for samba
[SA13573] Fedora update for CUPS
[SA13570] Gentoo update for Samba
[SA13540] LinPopUp "strexpand()" Function Buffer Overflow
Vulnerability
[SA13510] CUPS hpgltops and lppasswd Vulnerabilities
[SA13507] Red Hat update for samba
[SA13601] Fedora update for namazu
[SA13600] Namazu "namazu.cgi" Cross-Site Scripting Vulnerability
[SA13588] Mandrake update for aspell
[SA13587] Gentoo update for nasm
[SA13556] Email Sanitizer Unspecified MIME Denial of Service
Vulnerability
[SA13543] NASM "error()" Function Buffer Overflow Vulnerability
[SA13610] SuSE update for kernel
[SA13642] Docbook-to-Man Insecure Temporary File Creation
[SA13640] LPRng "lprng_certs.sh" Script Insecure Temporary File
Creation
[SA13633] Debian debmake Insecure Temporary Directory Creation
[SA13598] Red Hat update for rh-postgresql
[SA13594] Red Hat update for glibc
[SA13589] IBM AIX Multiple Privilege Escalation Vulnerabilities
[SA13575] Debian update for ethereal
[SA13572] Linux Kernel Multiple Vulnerabilities
[SA13565] HP-UX newgrp Privilege Escalation Vulnerability
[SA13528] changepassword Privilege Escalation Vulnerability
[SA13521] Debian update for cscope
[SA13519] Debian update for a2ps
[SA13505] Red Hat update for zip
[SA13503] Gentoo update for cscope
[SA13501] NetBSD "compat" Privilege Escalation Vulnerabilities
[SA13498] Gentoo update for vim/gvim
[SA13625] Mandrake update for logcheck
[SA13617] SUSE update for ncpfs
[SA13549] uml-utilities Ethernet Connection Drop Security Issue

Other:


Cross Platform:
[SA13632] Sybase ASE Three Unspecified Vulnerabilities
[SA13508] MPlayer Multiple Vulnerabilities
[SA13620] 2Bgal "id_album" SQL Injection Vulnerability
[SA13564] IMG2ASCII Unspecified Vulnerability
[SA13563] Kayako eSupport Cross-Site Scripting and SQL Injection
[SA13555] Yanf "get()" Buffer Overflow Vulnerability
[SA13518] Cosminexus Web Contents Generator Buffer Overflow
Vulnerability
[SA13515] Moodle Multiple Unspecified Security Issues
[SA13513] Ikonboard "st" and "keywords" SQL Injection Vulnerability
[SA13500] AtBas 2fax "expandtabs()" Buffer Overflow Vulnerability
[SA13619] PsychoStats "login" Cross-Site Scripting Vulnerability
[SA13576] PHPFormMail "output_html()" Cross-Site Scripting
Vulnerabilities
[SA13574] PHP-Nuke Workboard Module Cross-Site Scripting
[SA13566] PERL Crypt::ECB Module ASCII "0" Encoding Security Issue
[SA13504] 68 Designs Froogle Installation Security Issue
[SA13593] Symantec Brightmail AntiSpam Notifier Denial of Service

========================================================================
5) Vulnerabilities Content Listing

Windows:--

[SA13621] SurgeMail Unspecified Webmail Security Issue

Critical:    Moderately critical
Where:       From remote
Impact:      Unknown
Released:    2004-12-23

A security issue with an unknown impact has been reported in
SurgeMail.

Full Advisory:
http://secunia.com/advisories/13621/

 --

[SA13583] Crystal FTP Client "LIST" Buffer Overflow Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2004-12-20

Luca Ercoli has discovered a vulnerability in Crystal FTP, which can be
exploited by malicious people to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/13583/

 --

[SA13571] ArGoSoft Mail Server Script Insertion Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2004-12-20

A vulnerability has been reported in ArGoSoft Mail Server, which can be
exploited by malicious people to conduct script insertion attacks.

Full Advisory:
http://secunia.com/advisories/13571/

 --

[SA13618] Citrix Metaframe XP Unspecified Buffer Overflow
Vulnerability

Critical:    Moderately critical
Where:       From local network
Impact:      System access
Released:    2004-12-22

A vulnerability has been reported in Citrix Metaframe XP, which can be
exploited by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/13618/

 --

[SA13605] tlen URL Script Insertion Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2004-12-21

A vulnerability has been reported in tlen, allowing malicious people to
inject arbitrary script code.

Full Advisory:
http://secunia.com/advisories/13605/

 --

[SA13591] WinRAR Delete File Buffer Overflow Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      System access
Released:    2004-12-22

Vafa Khoshaein has discovered a vulnerability in WinRAR, which can be
exploited by malicious people to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/13591/

 --

[SA13578] Windows Media Player ActiveX Control Two Vulnerabilities

Critical:    Less critical
Where:       From remote
Impact:      Manipulation of data, Exposure of system information,
Exposure of sensitive information
Released:    2004-12-20

Arman Nayyeri has discovered two vulnerabilities in Microsoft Windows
Media Player, which can be exploited by malicious people to disclose
system information, and modify or disclose some sensitive information.

Full Advisory:
http://secunia.com/advisories/13578/

 --

[SA13567] Google Desktop Search Exposure of Local Search Results

Critical:    Less critical
Where:       From remote
Impact:      Exposure of sensitive information
Released:    2004-12-21

A vulnerability has been reported in Google Desktop Search, which can
be exploited by malicious people to view local search results.

Full Advisory:
http://secunia.com/advisories/13567/

 --

[SA13569] GamePort Two Security Bypass Vulnerabilities

Critical:    Less critical
Where:       Local system
Impact:      Security Bypass
Released:    2004-12-21

amoXi and Dr.vaXin have discovered two security issues in GamePort,
which can be exploited by malicious, local users to bypass some
security restrictions.

Full Advisory:
http://secunia.com/advisories/13569/


UNIX/Linux:--

[SA13639] Red Hat update for acroread

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2004-12-23

Red Hat has issued an update for acroread. This fixes a vulnerability,
which can be exploited by malicious people to compromise a user's
system.

Full Advisory:
http://secunia.com/advisories/13639/

 --

[SA13636] KDE kpdf "doImage()" Buffer Overflow Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2004-12-23

The vendor has acknowledged a vulnerability in kpdf, which can be
exploited by malicious people to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/13636/

 --

[SA13629] Fedora update for libtiff

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2004-12-23

Fedora has issued an update for libtiff. This fixes a vulnerability,
which can be exploited by malicious people to compromise a vulnerable
system.

Full Advisory:
http://secunia.com/advisories/13629/

 --

[SA13626] Mandrake update for kdelibs

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2004-12-23

MandrakeSoft has issued an update for kdelibs. This fixes a
vulnerability, which can be exploited by malicious people to compromise
a user's system.

Full Advisory:
http://secunia.com/advisories/13626/

 --

[SA13622] Mandrake update for mplayer

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2004-12-23

MandrakeSoft has issued an update for mplayer. This fixes multiple
vulnerabilities, which can be exploited by malicious people to
compromise a user's system.

Full Advisory:
http://secunia.com/advisories/13622/

 --

[SA13614] Red Hat update for PHP

Critical:    Highly critical
Where:       From remote
Impact:      System access, DoS, Privilege escalation, Security Bypass
Released:    2004-12-22

Red Hat has issued an update for PHP. This fixes some vulnerabilities,
which can be exploited to gain escalated privileges, bypass certain
security restrictions, gain knowledge of sensitive information, or
compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/13614/

 --

[SA13611] Fedora update for PHP

Critical:    Highly critical
Where:       From remote
Impact:      System access, DoS, Privilege escalation, Security Bypass
Released:    2004-12-22

Fedora has issued an update for PHP. This fixes some vulnerabilities,
which can be exploited to gain escalated privileges, bypass certain
security restrictions, gain knowledge of sensitive information, or
compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/13611/

 --

[SA13608] HP-UX FTP Server Debug Logging Buffer Overflow Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2004-12-22

iDEFENSE has reported a vulnerability in HP-UX, which can be exploited
by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/13608/

 --

[SA13607] LibTIFF Two Integer Overflow Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2004-12-22

infamous41md has reported two vulnerabilities in LibTIFF, which can be
exploited by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/13607/

 --

[SA13602] xpdf "doImage()" Buffer Overflow Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2004-12-22

A vulnerability has been reported in xpdf, which can be exploited by
malicious people to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/13602/

 --

[SA13595] Red Hat update for XFree86

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2004-12-21

Red Hat has issued an update for XFree86. This fixes some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service) or compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/13595/

 --

[SA13590] Mandrake update for ethereal

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2004-12-21

MandrakeSoft has issued an update for ethereal. This fixes some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service) and potentially compromise a vulnerable
system.

Full Advisory:
http://secunia.com/advisories/13590/

 --

[SA13586] KDE Konqueror Java Sandbox Security Bypass Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2004-12-20

Two vulnerabilities have been reported in KDE Konqueror, which can be
exploited by malicious people to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/13586/

 --

[SA13585] Gentoo update for mplayer

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2004-12-21

Gentoo has issued an update for mplayer. This fixes multiple
vulnerabilities, which can be exploited by malicious people to
compromise a user's system.

Full Advisory:
http://secunia.com/advisories/13585/

 --

[SA13581] Red Hat update for XFree86

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2004-12-20

Red Hat has issued an update for xfree86. This fixes some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service) or compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/13581/

 --

[SA13568] Mandrake update for php

Critical:    Highly critical
Where:       From remote
Impact:      Security Bypass, Exposure of sensitive information,
Privilege escalation, System access
Released:    2004-12-20

Mandrakesoft has issued an update for php. This fixes some
vulnerabilities, which can be exploited to gain escalated privileges,
bypass certain security restrictions, gain knowledge of sensitive
information, or compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/13568/

 --

[SA13562] Gentoo update for PHP

Critical:    Highly critical
Where:       From remote
Impact:      System access, Privilege escalation, Exposure of sensitive
information, Security Bypass
Released:    2004-12-20

Gentoo has issued an update for PHP. This fixes some vulnerabilities,
which can be exploited to gain escalated privileges, bypass certain
security restrictions, gain knowledge of sensitive information, or
compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/13562/

 --

[SA13561] Gentoo update for Ethereal

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2004-12-20

Gentoo has issued an update for Ethereal. This fixes some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service) and potentially compromise a vulnerable
system.

Full Advisory:
http://secunia.com/advisories/13561/

 --

[SA13559] Gentoo update for KDE kfax

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2004-12-20

Gentoo has issued an update for KDE kfax. This fixes a vulnerability,
which potentially can be exploited by malicious people to compromise a
vulnerable system.

Full Advisory:
http://secunia.com/advisories/13559/

 --

[SA13557] Gentoo update for phpMyAdmin

Critical:    Highly critical
Where:       From remote
Impact:      System access, Exposure of sensitive information
Released:    2004-12-20

Gentoo has issued an update for phpMyAdmin. This fixes two
vulnerabilities, which potentially can be exploited by malicious people
to compromise a vulnerable system and by malicious users to disclose
sensitive information.

Full Advisory:
http://secunia.com/advisories/13557/

 --

[SA13542] NapShare "auto_filter_extern()" Function Buffer Overflow
Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2004-12-20

Bartlomiej Sieka has reported a vulnerability in NapShare, which can be
exploited by malicious people to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/13542/

 --

[SA13533] Bolthole Filter "save_embedded_address()" Function Buffer
Overflow

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2004-12-20

Ariel Berkman has reported a vulnerability in filter, which can be
exploited by malicious people to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/13533/

 --

[SA13502] xine-lib "open_aiff_file()" Buffer Overflow Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2004-12-17

Ariel Berkman has reported a vulnerability in xine-lib, which can be
exploited by malicious people to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/13502/

 --

[SA13499] Gentoo update for acroread

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2004-12-17

Gentoo has issued an update for acroread. This fixes a vulnerability,
which can be exploited by malicious people to compromise a user's
system.

Full Advisory:
http://secunia.com/advisories/13499/

 --

[SA13635] Rpm Finder "web()" Buffer Overflow and Insecure File
Creation

Critical:    Moderately critical
Where:       From remote
Impact:      Privilege escalation, System access
Released:    2004-12-23

Two vulnerabilities have been reported in Rpm Finder, which can be
exploited by malicious people to compromise a user's system and by
malicious, local users to perform certain actions with escalated
privileges.

Full Advisory:
http://secunia.com/advisories/13635/

 --

[SA13624] Mandrake update for krb5

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2004-12-23

Mandrake has issued an update for krb5. This fixes a vulnerability,
which potentially can be exploited by malicious users to compromise a
vulnerable system.

Full Advisory:
http://secunia.com/advisories/13624/

 --

[SA13616] Gentoo update for mpg123

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2004-12-22

Gentoo has issued an update for mpg123. This fixes a vulnerability,
which can be exploited by malicious people to compromise a user's
system.

Full Advisory:
http://secunia.com/advisories/13616/

 --

[SA13606] Gentoo update for Zwiki

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2004-12-22

Gentoo has issued an update for Zwiki. This fixes a vulnerability,
which can be exploited by malicious people to conduct script insertion
attacks.

Full Advisory:
http://secunia.com/advisories/13606/

 --

[SA13584] Debian update for xzgv

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2004-12-21

Debian has issued an update for xzgv. This fixes multiple
vulnerabilities, which potentially can be exploited by malicious people
to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/13584/

 --

[SA13580] Debian update for htget

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2004-12-20

Debian has issued an update for htget. This fixes a vulnerability,
which can be exploited by malicious people to compromise a user's
system.

Full Advisory:
http://secunia.com/advisories/13580/

 --

[SA13579] htget Buffer Overflow Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2004-12-20

infamous41md has reported a vulnerability in htget, which can be
exploited by malicious people to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/13579/

 --

[SA13560] Gentoo update for kdelibs / kdebase

Critical:    Moderately critical
Where:       From remote
Impact:      Exposure of sensitive information, Spoofing
Released:    2004-12-20

Gentoo has issued updates for kdebase and kdelibs. These fix some
vulnerabilities, which can be exploited by malicious people to spoof
the content of websites.

Full Advisory:
http://secunia.com/advisories/13560/

 --

[SA13558] Gentoo update for abcm2ps

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2004-12-20

Gentoo has issued an update for abcm2ps. This fixes a vulnerability,
which can be exploited by malicious people to compromise a vulnerable
system.

Full Advisory:
http://secunia.com/advisories/13558/

 --

[SA13554] YAMT "id3tag_sort()" Function Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2004-12-20

Manigandan Radhakrishnan has reported a vulnerability in YAMT, which
can be exploited by malicious people to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/13554/

 --

[SA13553] xlreader "book_format_sql()" Buffer Overflow Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2004-12-20

Tom Palarz and Kris Kubicki have reported a vulnerability in xlreader,
which can be exploited by malicious people to compromise a user's
system.

Full Advisory:
http://secunia.com/advisories/13553/

 --

[SA13552] Vilistextum "get_attr()" Buffer Overflow Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2004-12-20

Ariel Berkman has reported a vulnerability in Vilistextum, which can be
exploited by malicious people to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/13552/

 --

[SA13551] vb2c "parse()" Buffer Overflow Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2004-12-20

Qiao Zhang has reported a vulnerability in vb2c, allowing malicious
people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/13551/

 --

[SA13550] UnRTF "process_font_table()" Buffer Overflow Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2004-12-20

Yosef Klein and Limin Wang have reported a vulnerability in UnRTF,
which can be exploited by malicious people to compromise a user's
system.

Full Advisory:
http://secunia.com/advisories/13550/

 --

[SA13548] rtf2latex2e "ReadFontTbl()" Buffer Overflow Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2004-12-17

Limin Wang has reported a vulnerability in rtf2latex2e, allowing
malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/13548/

 --

[SA13547] Ringtone Tools "parse_emelody()" Function Buffer Overflow

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2004-12-20

Qiao Zhang has reported a vulnerability in Ringtone Tools, which can be
exploited by malicious people to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/13547/

 --

[SA13546] pgn2web "process_moves()" Buffer Overflow Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2004-12-17

A vulnerability has been reported in pgn2web, allowing malicious people
to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/13546/

 --

[SA13545] Pcal "getline()" and "get_holiday()" Buffer Overflow
Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2004-12-20

Danny Lungstrom has reported two vulnerabilities in Pcal, which can be
exploited by malicious people to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/13545/

 --

[SA13544] o3read "parse_html()" Function Buffer Overflow Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2004-12-20

Wiktor Kopec has reported a vulnerability in o3read, which can be
exploited by malicious people to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/13544/

 --

[SA13541] Mesh Viewer "Mesh::type()" Function Buffer Overflow
Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2004-12-20

Mohammed Khan and Danny Lungstrom have reported a vulnerability in Mesh
Viewer, which can be exploited by malicious people to compromise a
user's system.

Full Advisory:
http://secunia.com/advisories/13541/

 --

[SA13539] Junkie FTP Client Two Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data, System access
Released:    2004-12-20

Yosef Klein has reported two vulnerabilities in Junkie, which can be
exploited by malicious people to manipulate files or compromise a
user's system.

Full Advisory:
http://secunia.com/advisories/13539/

 --

[SA13538] jpegtoavi "get_file_list_stdin()" Function Buffer Overflow
Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2004-12-20

James Longstreet has reported a vulnerability in jpegtoavi, which can
be exploited by malicious people to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/13538/

 --

[SA13537] jcabc2ps "switch_voice()" Buffer Overflow Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2004-12-17

A vulnerability has been reported in jcabc2ps, allowing malicious
people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/13537/

 --

[SA13536] IglooFTP File Manipulation Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2004-12-20

Two vulnerabilities have been reported in IglooFTP, which can be
exploited to substitute uploaded files or overwrite files on the user's
system.

Full Advisory:
http://secunia.com/advisories/13536/

 --

[SA13535] html2hdml "remove_quote()" Buffer Overflow Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2004-12-17

A vulnerability has been reported in html2hdml, allowing malicious
people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/13535/

 --

[SA13534] GREED "DownloadLoop()" Function Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2004-12-20

Manigandan Radhakrishnan has reported two vulnerabilities in GREED,
which can be exploited by malicious people to compromise a user's
system.

Full Advisory:
http://secunia.com/advisories/13534/

 --

[SA13532] DXFscope DXF File Parsing Buffer Overflow Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2004-12-20

Ariel Berkman has reported a vulnerability in DXFscope, which can be
exploited by malicious people to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/13532/

 --

[SA13531] csv2xml "get_field_headers()" Buffer Overflow Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2004-12-17

Limin Wang has reported a vulnerability in csv2xml, allowing malicious
people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/13531/

 --

[SA13530] Convex 3D "readObjectChunk()" Buffer Overflow Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2004-12-17

Ariel Berkman has reported a vulnerability in Convex 3D, allowing
malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/13530/

 --

[SA13529] chbg "simplify_path()" Buffer Overflow Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2004-12-17

Danny Lungstrom has reported a vulnerability in chbg, allowing
malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/13529/

 --

[SA13527] libbsb "bsb_open_header()" Buffer Overflow Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2004-12-17

A vulnerability has been reported in libbsb, allowing malicious people
to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/13527/

 --

[SA13526] asp2php Two Buffer Overflow Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2004-12-17

Qiao Zhang has reported two vulnerabilities in asp2php, allowing
malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/13526/

 --

[SA13525] abctab2ps Two Buffer Overflow Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2004-12-17

Limin Wang has reported two vulnerabilities in abctab2ps, allowing
malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/13525/

 --

[SA13524] abcpp "handle_directive()" Buffer Overflow Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2004-12-17

Yosef Klein has reported a vulnerability in abcpp, allowing malicious
people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/13524/

 --

[SA13523] abcm2ps "put_words()" Buffer Overflow Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2004-12-17

Limin Wang has reported a vulnerability in abcm2ps, allowing malicious
people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/13523/

 --

[SA13522] abc2mtex "process_abc()" Buffer Overflow Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2004-12-17

Limin Wang has reported a vulnerability in abc2mtex, allowing malicious
people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/13522/

 --

[SA13520] Red Hat update for gd

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2004-12-17

Red Hat has issued an update for gd. This fixes some vulnerabilities,
which potentially can be exploited by malicious people to compromise a
vulnerable system.

Full Advisory:
http://secunia.com/advisories/13520/

 --

[SA13517] SUSE update for file/phprojekt

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass, System access
Released:    2004-12-17

SUSE has issued updates for file and phprojekt. These fix two
vulnerabilities, which can be exploited by malicious people to bypass
certain security restrictions or potentially compromise a user's
system.

Full Advisory:
http://secunia.com/advisories/13517/

 --

[SA13516] tnftp File Name Verification Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data, System access
Released:    2004-12-17

Yosef Klein has reported a vulnerability in tnftp, allowing malicious
people to overwrite local files.

Full Advisory:
http://secunia.com/advisories/13516/

 --

[SA13514] qwik-smtpd "HELO" Command Buffer Overflow Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass
Released:    2004-12-17

Jonathan Rockway has reported a vulnerability in qwik-smtpd, which can
be exploited by malicious people to relay mail.

Full Advisory:
http://secunia.com/advisories/13514/

 --

[SA13512] abc2midi Two Buffer Overflow Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2004-12-17

Limin Wang has reported two vulnerabilities in abc2midi, allowing
malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/13512/

 --

[SA13511] mpg123 "find_next_file()" Buffer Overflow Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2004-12-17

Bartlomiej Sieka has reported a vulnerability in mpg123, which can be
exploited by malicious people to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/13511/

 --

[SA13506] Red Hat update for libxml

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2004-12-17

Red Hat has issued an update for libxml. This fixes multiple
vulnerabilities, which potentially can be exploited by malicious people
to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/13506/

 --

[SA13497] Sun Java Messaging Server Webmail Script Insertion
Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2004-12-16

A vulnerability has been reported in iPlanet Messaging Server / Sun ONE
Messaging Server, which can be exploited by malicious people to conduct
script insertion attacks.

Full Advisory:
http://secunia.com/advisories/13497/

 --

[SA13623] SUSE update for samba

Critical:    Moderately critical
Where:       From local network
Impact:      System access
Released:    2004-12-23

SUSE has issued an update for samba. This fixes a vulnerability, which
can be exploited by malicious users to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/13623/

 --

[SA13615] Fedora update for samba

Critical:    Moderately critical
Where:       From local network
Impact:      System access
Released:    2004-12-22

Fedora has issued an update for samba. This fixes a vulnerability,
which can be exploited by malicious users to compromise a vulnerable
system.

Full Advisory:
http://secunia.com/advisories/13615/

 --

[SA13613] Red Hat update for samba

Critical:    Moderately critical
Where:       From local network
Impact:      System access
Released:    2004-12-22

Red Hat has issued an update for samba. This fixes a vulnerability,
which can be exploited by malicious users to compromise a vulnerable
system.

Full Advisory:
http://secunia.com/advisories/13613/

 --

[SA13612] Fedora update for krb5

Critical:    Moderately critical
Where:       From local network
Impact:      Privilege escalation, System access
Released:    2004-12-22

Fedora has issued an update for krb5. This fixes two vulnerabilities,
which can be exploited by malicious, local users to perform certain
actions on a vulnerable system with escalated privileges and
potentially by malicious users to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/13612/

 --

[SA13597] Red Hat update for nfs-utils

Critical:    Moderately critical
Where:       From local network
Impact:      DoS, System access
Released:    2004-12-21

Red Hat has issued an update for nfs-utils. This fixes some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service) or potentially compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/13597/

 --

[SA13592] Kerberos V5 "libkadm5srv" Buffer Overflow Vulnerability

Critical:    Moderately critical
Where:       From local network
Impact:      System access
Released:    2004-12-21

Michael Tautschnig has reported a vulnerability in Kerberos V5, which
potentially can be exploited by malicious users to compromise a
vulnerable system.

Full Advisory:
http://secunia.com/advisories/13592/

 --

[SA13582] Trustix update for samba

Critical:    Moderately critical
Where:       From local network
Impact:      System access
Released:    2004-12-20

Trustix has issued an update for samba. This fixes a vulnerability,
which can be exploited by malicious users to compromise a vulnerable
system.

Full Advisory:
http://secunia.com/advisories/13582/

 --

[SA13573] Fedora update for CUPS

Critical:    Moderately critical
Where:       From local network
Impact:      Manipulation of data, DoS, System access
Released:    2004-12-20

Fedora has issued an update for CUPS. This fixes two vulnerabilities,
which can be exploited by malicious users to manipulate certain files,
cause a DoS (Denial of Service), or compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/13573/

 --

[SA13570] Gentoo update for Samba

Critical:    Moderately critical
Where:       From local network
Impact:      System access
Released:    2004-12-20

Gentoo has issued an update for samba. This fixes a vulnerability,
which can be exploited by malicious users to compromise a vulnerable
system.

Full Advisory:
http://secunia.com/advisories/13570/

 --

[SA13540] LinPopUp "strexpand()" Function Buffer Overflow
Vulnerability

Critical:    Moderately critical
Where:       From local network
Impact:      System access
Released:    2004-12-20

Stephen Dranger has reported a vulnerability in LinPopUp, which can be
exploited by malicious people to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/13540/

 --

[SA13510] CUPS hpgltops and lppasswd Vulnerabilities

Critical:    Moderately critical
Where:       From local network
Impact:      Manipulation of data, DoS, System access
Released:    2004-12-17

Two vulnerabilities have been reported in CUPS, which can be exploited
by malicious users to manipulate certain files, cause a DoS (Denial of
Service), or compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/13510/

 --

[SA13507] Red Hat update for samba

Critical:    Moderately critical
Where:       From local network
Impact:      System access
Released:    2004-12-17

Red Hat has issued an update for samba. This fixes a vulnerability,
which can be exploited by malicious users to compromise a vulnerable
system.

Full Advisory:
http://secunia.com/advisories/13507/

 --

[SA13601] Fedora update for namazu

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2004-12-21

Fedora has issued an update for namazu. This fixes a vulnerability,
which can be exploited by malicious people to conduct cross-site
scripting attacks.

Full Advisory:
http://secunia.com/advisories/13601/

 --

[SA13600] Namazu "namazu.cgi" Cross-Site Scripting Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2004-12-21

A vulnerability has been reported in Namazu, which can be exploited by
malicious people to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/13600/

 --

[SA13588] Mandrake update for aspell

Critical:    Less critical
Where:       From remote
Impact:      System access
Released:    2004-12-21

MandrakeSoft has issued an update for aspell. This fixes a
vulnerability, which potentially can be exploited by malicious people
to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/13588/

 --

[SA13587] Gentoo update for nasm

Critical:    Less critical
Where:       From remote
Impact:      System access
Released:    2004-12-20

Gentoo has issued an update for nasm. This fixes a vulnerability, which
potentially can be exploited by malicious people to compromise a user's
system.

Full Advisory:
http://secunia.com/advisories/13587/

 --

[SA13556] Email Sanitizer Unspecified MIME Denial of Service
Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      DoS
Released:    2004-12-20

A vulnerability has been reported in Email Sanitizer, which can be
exploited by malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/13556/

 --

[SA13543] NASM "error()" Function Buffer Overflow Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      System access
Released:    2004-12-17

Jonathan Rockway has reported a vulnerability in NASM, which can be
exploited by malicious people to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/13543/

 --

[SA13610] SuSE update for kernel

Critical:    Less critical
Where:       From local network
Impact:      Unknown, Exposure of sensitive information, Privilege
escalation, DoS
Released:    2004-12-22

SUSE has issued an update for the kernel. This fixes multiple
vulnerabilities, which can be exploited to cause a DoS (Denial of
Service), gain knowledge of sensitive information, or gain escalated
privileges.

Full Advisory:
http://secunia.com/advisories/13610/

 --

[SA13642] Docbook-to-Man Insecure Temporary File Creation

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2004-12-23

Javier Fernández-Sanguino Peña has reported a vulnerability in
Docbook-to-Man, which can be exploited by malicious, local users to
perform certain actions on a vulnerable system with escalated
privileges.

Full Advisory:
http://secunia.com/advisories/13642/

 --

[SA13640] LPRng "lprng_certs.sh" Script Insecure Temporary File
Creation

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2004-12-23

Javier Fernández-Sanguino Peña has reported a vulnerability in LPRng,
which can be exploited by malicious, local users to perform certain
actions on a vulnerable system with escalated privileges.

Full Advisory:
http://secunia.com/advisories/13640/

 --

[SA13633] Debian debmake Insecure Temporary Directory Creation

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2004-12-23

Javier Fernández-Sanguino Peña has reported a vulnerability in debmake,
which can be exploited by malicious, local users to perform certain
actions on a vulnerable system with escalated privileges.

Full Advisory:
http://secunia.com/advisories/13633/

 --

[SA13598] Red Hat update for rh-postgresql

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2004-12-21

Red Hat has issued an update for rh-postgresql. This fixes a
vulnerability, which can be exploited by malicious, local users to
perform certain actions on a vulnerable system with escalated
privileges.

Full Advisory:
http://secunia.com/advisories/13598/

 --

[SA13594] Red Hat update for glibc

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2004-12-21

Red Hat has issued an update for glibc. This fixes a vulnerability,
which can be exploited by malicious, local users to perform certain
actions on a vulnerable system with escalated privileges.

Full Advisory:
http://secunia.com/advisories/13594/

 --

[SA13589] IBM AIX Multiple Privilege Escalation Vulnerabilities

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2004-12-21

Four vulnerabilities have been reported in AIX, which can be exploited
by malicious, local users to gain escalated privileges.

Full Advisory:
http://secunia.com/advisories/13589/

 --

[SA13575] Debian update for ethereal

Critical:    Less critical
Where:       Local system
Impact:      DoS
Released:    2004-12-21

Debian has issued an update for ethereal. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/13575/

 --

[SA13572] Linux Kernel Multiple Vulnerabilities

Critical:    Less critical
Where:       Local system
Impact:      Exposure of sensitive information, DoS
Released:    2004-12-22

Multiple vulnerabilities have been reported in the Linux Kernel, which
can be exploited by malicious, local users to cause a DoS (Denial of
Service) or gain knowledge of potentially sensitive information.

Full Advisory:
http://secunia.com/advisories/13572/

 --

[SA13565] HP-UX newgrp Privilege Escalation Vulnerability

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2004-12-20

A vulnerability has been reported in HP-UX, which can be exploited by
malicious, local users to gain escalated privileges.

Full Advisory:
http://secunia.com/advisories/13565/

 --

[SA13528] changepassword Privilege Escalation Vulnerability

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2004-12-17

Ariel Berkman has reported a vulnerability in changepassword, allowing
malicious, local users to escalate their privileges.

Full Advisory:
http://secunia.com/advisories/13528/

 --

[SA13521] Debian update for cscope

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2004-12-17

Debian has issued an update for cscope. This fixes a vulnerability,
which potentially can be exploited by malicious, local users to perform
certain actions on a vulnerable system with escalated privileges.

Full Advisory:
http://secunia.com/advisories/13521/

 --

[SA13519] Debian update for a2ps

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2004-12-20

Debian has issued an update for a2ps. This fixes a vulnerability, which
potentially can be exploited by malicious, local users to gain escalated
privileges.

Full Advisory:
http://secunia.com/advisories/13519/

 --

[SA13505] Red Hat update for zip

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2004-12-17

Red Hat has issued an update for zip. This fixes a vulnerability, which
potentially can be exploited by malicious, local users to gain escalated
privileges.

Full Advisory:
http://secunia.com/advisories/13505/

 --

[SA13503] Gentoo update for cscope

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2004-12-17

Gentoo has issued an update for cscope. This fixes a vulnerability,
which potentially can be exploited by malicious, local users to perform
certain actions on a vulnerable system with escalated privileges.

Full Advisory:
http://secunia.com/advisories/13503/

 --

[SA13501] NetBSD "compat" Privilege Escalation Vulnerabilities

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation, DoS
Released:    2004-12-17

Evgeny Demidov has reported some vulnerabilities in NetBSD, which can
be exploited by malicious, local users to cause a DoS (Denial of
Service) and potentially gain escalated privileges.

Full Advisory:
http://secunia.com/advisories/13501/

 --

[SA13498] Gentoo update for vim/gvim

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2004-12-16

Gentoo has issued updates for vim and gvim. These fix some
vulnerabilities, which can be exploited by malicious, local users to
gain escalated privileges.

Full Advisory:
http://secunia.com/advisories/13498/

 --

[SA13625] Mandrake update for logcheck

Critical:    Not critical
Where:       Local system
Impact:      Privilege escalation
Released:    2004-12-23

MandrakeSoft has issued updated packages for logcheck. These fix a
security issue, which potentially can be exploited by malicious, local
users to escalate their privileges.

Full Advisory:
http://secunia.com/advisories/13625/

 --

[SA13617] SUSE update for ncpfs

Critical:    Not critical
Where:       Local system
Impact:      DoS
Released:    2004-12-22

SUSE has issued an update for ncpfs. This fixes a potential
vulnerability, which can be exploited by malicious, local users.

Full Advisory:
http://secunia.com/advisories/13617/

 --

[SA13549] uml-utilities Ethernet Connection Drop Security Issue

Critical:    Not critical
Where:       Local system
Impact:      DoS
Released:    2004-12-20

Danny Lungstrom has reported a security issue in uml-utilities, which
can be exploited by malicious, local users to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/13549/


Other:


Cross Platform:--

[SA13632] Sybase ASE Three Unspecified Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      Unknown
Released:    2004-12-23

NGSSoftware has reported three vulnerabilities with unknown impacts in
Sybase ASE.

Full Advisory:
http://secunia.com/advisories/13632/

 --

[SA13508] MPlayer Multiple Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2004-12-17

Multiple vulnerabilities have been reported in MPlayer, which can be
exploited by malicious people to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/13508/

 --

[SA13620] 2Bgal "id_album" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2004-12-23

Romain Le Guen has reported a vulnerability in 2Bgal, which can be
exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/13620/

 --

[SA13564] IMG2ASCII Unspecified Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Unknown
Released:    2004-12-20

A vulnerability with an unknown impact has been reported in IMG2ASCII.

Full Advisory:
http://secunia.com/advisories/13564/

 --

[SA13563] Kayako eSupport Cross-Site Scripting and SQL Injection

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting, Manipulation of data
Released:    2004-12-20

James Bercegay has reported some vulnerabilities in Kayako eSupport,
which can be exploited by malicious people to conduct cross-site
scripting and SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/13563/

 --

[SA13555] Yanf "get()" Buffer Overflow Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2004-12-20

Ariel Berkman has reported a vulnerability in Yanf, which can be
exploited by malicious people to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/13555/

 --

[SA13518] Cosminexus Web Contents Generator Buffer Overflow
Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2004-12-17

The vendor has acknowledged a vulnerability in Cosminexus Web Contents
Generator (Macromedia JRun), which can be exploited by malicious people
to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/13518/

 --

[SA13515] Moodle Multiple Unspecified Security Issues

Critical:    Moderately critical
Where:       From remote
Impact:      Unknown, Security Bypass, Exposure of sensitive
information
Released:    2004-12-17

Multiple security issues have been reported in Moodle. Some of these
can potentially be exploited by malicious people to disclose sensitive
information and bypass certain security restrictions, and others have
unknown impacts.

Full Advisory:
http://secunia.com/advisories/13515/

 --

[SA13513] Ikonboard "st" and "keywords" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2004-12-17

Positive Technologies has reported a vulnerability in Ikonboard, which
can be exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/13513/

 --

[SA13500] AtBas 2fax "expandtabs()" Buffer Overflow Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2004-12-17

Ariel Berkman has discovered a vulnerability in AtBas 2fax, potentially
allowing malicious people to gain system access.

Full Advisory:
http://secunia.com/advisories/13500/

 --

[SA13619] PsychoStats "login" Cross-Site Scripting Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2004-12-23

James Bercegay has reported a vulnerability in PsychoStats, which can
be exploited by malicious people to conduct cross-site scripting
attacks.

Full Advisory:
http://secunia.com/advisories/13619/

 --

[SA13576] PHPFormMail "output_html()" Cross-Site Scripting
Vulnerabilities

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2004-12-20

Some vulnerabilities have been reported in PHPFormMail, which can be
exploited by malicious people to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/13576/

 --

[SA13574] PHP-Nuke Workboard Module Cross-Site Scripting

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2004-12-20

Lostmon has reported two vulnerabilities in the Workboard module for
PHP-Nuke, which can be exploited by malicious people to conduct
cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/13574/

 --

[SA13566] PERL Crypt::ECB Module ASCII "0" Encoding Security Issue

Critical:    Less critical
Where:       From remote
Impact:      Security Bypass
Released:    2004-12-21

Bennett R. Samowich has discovered a security issue in Crypt::ECB,
which makes it easier for malicious people to brute force passwords.

Full Advisory:
http://secunia.com/advisories/13566/

 --

[SA13504] 68 Designs Froogle Installation Security Issue

Critical:    Less critical
Where:       From remote
Impact:      Security Bypass
Released:    2004-12-17

Lostmon has reported a security issue in 68 Designs Froogle, which
potentially can be exploited by malicious people to gain administrative
privileges.

Full Advisory:
http://secunia.com/advisories/13504/

 --

[SA13593] Symantec Brightmail AntiSpam Notifier Denial of Service

Critical:    Not critical
Where:       From remote
Impact:      DoS
Released:    2004-12-21

A weakness has been reported in Symantec Brightmail AntiSpam, which can
be exploited by malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/13593/



========================================================================

Secunia recommends that you verify all advisories you receive,
by clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only use
those supplied by the vendor.

Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/

Subscribe:
http://secunia.com/secunia_weekly_summary/

Contact details:
Web	: http://secunia.com/
E-mail	: support@private
Tel	: +45 70 20 51 44
Fax	: +45 70 20 51 45

========================================================================




_________________________________________
Open Source Vulnerability Database (OSVDB) Everything is Vulnerable - http://www.osvdb.org/



This archive was generated by hypermail 2.1.3 : Fri Dec 24 2004 - 02:03:56 PST