======================================================================== The Secunia Weekly Advisory Summary 2004-12-16 - 2004-12-23 This week : 131 advisories ======================================================================== Table of Contents: 1.....................................................Word From Secunia 2....................................................This Week In Brief 3...............................This Weeks Top Ten Most Read Advisories 4.......................................Vulnerabilities Summary Listing 5.......................................Vulnerabilities Content Listing ======================================================================== 1) Word From Secunia: Monitor, Filter, and Manage Security Information - Filtering and Management of Secunia advisories - Overview, documentation, and detailed reports - Alerting via email and SMS Request Trial: https://ca.secunia.com/?f=s ======================================================================== 2) This Week in Brief: ADVISORIES: Two vulnerabilities have been reported in Konqueror, which can be exploited by malicious people to compromise a vulnerable system. The vendor has issued patches, which can be found in the referenced Secunia advisory below. References: http://secunia.com/SA13586/ VIRUS ALERTS: Secunia has not issued any virus alerts during the week. ======================================================================== 3) This Weeks Top Ten Most Read Advisories: 1. [SA13482] Internet Explorer DHTML Edit ActiveX Control Cross-Site Scripting 2. [SA13481] PHP Multiple Vulnerabilities 3. [SA13129] Mozilla / Mozilla Firefox Window Injection Vulnerability 4. [SA13471] Adobe Reader / Adobe Acrobat Multiple Vulnerabilities 5. [SA13251] Microsoft Internet Explorer Window Injection Vulnerability 6. [SA12889] Microsoft Internet Explorer Two Vulnerabilities 7. [SA13239] phpBB Multiple Vulnerabilities 8. [SA12959] Internet Explorer HTML Elements Buffer Overflow Vulnerability 9. [SA13269] Winamp "IN_CDDA.dll" Buffer Overflow Vulnerability 10. [SA13474] Adobe Acrobat Reader "mailListIsPdf()" Function Buffer Overflow ======================================================================== 4) Vulnerabilities Summary Listing Windows: [SA13621] SurgeMail Unspecified Webmail Security Issue [SA13583] Crystal FTP Client "LIST" Buffer Overflow Vulnerability [SA13571] ArGoSoft Mail Server Script Insertion Vulnerability [SA13618] Citrix Metaframe XP Unspecified Buffer Overflow Vulnerability [SA13605] tlen URL Script Insertion Vulnerability [SA13591] WinRAR Delete File Buffer Overflow Vulnerability [SA13578] Windows Media Player ActiveX Control Two Vulnerabilities [SA13567] Google Desktop Search Exposure of Local Search Results [SA13569] GamePort Two Security Bypass Vulnerabilities UNIX/Linux: [SA13639] Red Hat update for acroread [SA13636] KDE kpdf "doImage()" Buffer Overflow Vulnerability [SA13629] Fedora update for libtiff [SA13626] Mandrake update for kdelibs [SA13622] Mandrake update for mplayer [SA13614] Red Hat update for PHP [SA13611] Fedora update for PHP [SA13608] HP-UX FTP Server Debug Logging Buffer Overflow Vulnerability [SA13607] LibTIFF Two Integer Overflow Vulnerabilities [SA13602] xpdf "doImage()" Buffer Overflow Vulnerability [SA13595] Red Hat update for XFree86 [SA13590] Mandrake update for ethereal [SA13586] KDE Konqueror Java Sandbox Security Bypass Vulnerabilities [SA13585] Gentoo update for mplayer [SA13581] Red Hat update for XFree86 [SA13568] Mandrake update for php [SA13562] Gentoo update for PHP [SA13561] Gentoo update for Ethereal [SA13559] Gentoo update for KDE kfax [SA13557] Gentoo update for phpMyAdmin [SA13542] NapShare "auto_filter_extern()" Function Buffer Overflow Vulnerability [SA13533] Bolthole Filter "save_embedded_address()" Function Buffer Overflow [SA13502] xine-lib "open_aiff_file()" Buffer Overflow Vulnerability [SA13499] Gentoo update for acroread [SA13635] Rpm Finder "web()" Buffer Overflow and Insecure File Creation [SA13624] Mandrake update for krb5 [SA13616] Gentoo update for mpg123 [SA13606] Gentoo update for Zwiki [SA13584] Debian update for xzgv [SA13580] Debian update for htget [SA13579] htget Buffer Overflow Vulnerability [SA13560] Gentoo update for kdelibs / kdebase [SA13558] Gentoo update for abcm2ps [SA13554] YAMT "id3tag_sort()" Function Vulnerability [SA13553] xlreader "book_format_sql()" Buffer Overflow Vulnerability [SA13552] Vilistextum "get_attr()" Buffer Overflow Vulnerability [SA13551] vb2c "parse()" Buffer Overflow Vulnerability [SA13550] UnRTF "process_font_table()" Buffer Overflow Vulnerability [SA13548] rtf2latex2e "ReadFontTbl()" Buffer Overflow Vulnerability [SA13547] Ringtone Tools "parse_emelody()" Function Buffer Overflow [SA13546] pgn2web "process_moves()" Buffer Overflow Vulnerability [SA13545] Pcal "getline()" and "get_holiday()" Buffer Overflow Vulnerabilities [SA13544] o3read "parse_html()" Function Buffer Overflow Vulnerability [SA13541] Mesh Viewer "Mesh::type()" Function Buffer Overflow Vulnerability [SA13539] Junkie FTP Client Two Vulnerabilities [SA13538] jpegtoavi "get_file_list_stdin()" Function Buffer Overflow Vulnerability [SA13537] jcabc2ps "switch_voice()" Buffer Overflow Vulnerability [SA13536] IglooFTP File Manipulation Vulnerabilities [SA13535] html2hdml "remove_quote()" Buffer Overflow Vulnerability [SA13534] GREED "DownloadLoop()" Function Vulnerabilities [SA13532] DXFscope DXF File Parsing Buffer Overflow Vulnerability [SA13531] csv2xml "get_field_headers()" Buffer Overflow Vulnerability [SA13530] Convex 3D "readObjectChunk()" Buffer Overflow Vulnerability [SA13529] chbg "simplify_path()" Buffer Overflow Vulnerability [SA13527] libbsb "bsb_open_header()" Buffer Overflow Vulnerability [SA13526] asp2php Two Buffer Overflow Vulnerabilities [SA13525] abctab2ps Two Buffer Overflow Vulnerabilities [SA13524] abcpp "handle_directive()" Buffer Overflow Vulnerability [SA13523] abcm2ps "put_words()" Buffer Overflow Vulnerability [SA13522] abc2mtex "process_abc()" Buffer Overflow Vulnerability [SA13520] Red Hat update for gd [SA13517] SUSE update for file/phprojekt [SA13516] tnftp File Name Verification Vulnerability [SA13514] qwik-smtpd "HELO" Command Buffer Overflow Vulnerability [SA13512] abc2midi Two Buffer Overflow Vulnerabilities [SA13511] mpg123 "find_next_file()" Buffer Overflow Vulnerability [SA13506] Red Hat update for libxml [SA13497] Sun Java Messaging Server Webmail Script Insertion Vulnerability [SA13623] SUSE update for samba [SA13615] Fedora update for samba [SA13613] Red Hat update for samba [SA13612] Fedora update for krb5 [SA13597] Red Hat update for nfs-utils [SA13592] Kerberos V5 "libkadm5srv" Buffer Overflow Vulnerability [SA13582] Trustix update for samba [SA13573] Fedora update for CUPS [SA13570] Gentoo update for Samba [SA13540] LinPopUp "strexpand()" Function Buffer Overflow Vulnerability [SA13510] CUPS hpgltops and lppasswd Vulnerabilities [SA13507] Red Hat update for samba [SA13601] Fedora update for namazu [SA13600] Namazu "namazu.cgi" Cross-Site Scripting Vulnerability [SA13588] Mandrake update for aspell [SA13587] Gentoo update for nasm [SA13556] Email Sanitizer Unspecified MIME Denial of Service Vulnerability [SA13543] NASM "error()" Function Buffer Overflow Vulnerability [SA13610] SuSE update for kernel [SA13642] Docbook-to-Man Insecure Temporary File Creation [SA13640] LPRng "lprng_certs.sh" Script Insecure Temporary File Creation [SA13633] Debian debmake Insecure Temporary Directory Creation [SA13598] Red Hat update for rh-postgresql [SA13594] Red Hat update for glibc [SA13589] IBM AIX Multiple Privilege Escalation Vulnerabilities [SA13575] Debian update for ethereal [SA13572] Linux Kernel Multiple Vulnerabilities [SA13565] HP-UX newgrp Privilege Escalation Vulnerability [SA13528] changepassword Privilege Escalation Vulnerability [SA13521] Debian update for cscope [SA13519] Debian update for a2ps [SA13505] Red Hat update for zip [SA13503] Gentoo update for cscope [SA13501] NetBSD "compat" Privilege Escalation Vulnerabilities [SA13498] Gentoo update for vim/gvim [SA13625] Mandrake update for logcheck [SA13617] SUSE update for ncpfs [SA13549] uml-utilities Ethernet Connection Drop Security Issue Other: Cross Platform: [SA13632] Sybase ASE Three Unspecified Vulnerabilities [SA13508] MPlayer Multiple Vulnerabilities [SA13620] 2Bgal "id_album" SQL Injection Vulnerability [SA13564] IMG2ASCII Unspecified Vulnerability [SA13563] Kayako eSupport Cross-Site Scripting and SQL Injection [SA13555] Yanf "get()" Buffer Overflow Vulnerability [SA13518] Cosminexus Web Contents Generator Buffer Overflow Vulnerability [SA13515] Moodle Multiple Unspecified Security Issues [SA13513] Ikonboard "st" and "keywords" SQL Injection Vulnerability [SA13500] AtBas 2fax "expandtabs()" Buffer Overflow Vulnerability [SA13619] PsychoStats "login" Cross-Site Scripting Vulnerability [SA13576] PHPFormMail "output_html()" Cross-Site Scripting Vulnerabilities [SA13574] PHP-Nuke Workboard Module Cross-Site Scripting [SA13566] PERL Crypt::ECB Module ASCII "0" Encoding Security Issue [SA13504] 68 Designs Froogle Installation Security Issue [SA13593] Symantec Brightmail AntiSpam Notifier Denial of Service ======================================================================== 5) Vulnerabilities Content Listing Windows:-- [SA13621] SurgeMail Unspecified Webmail Security Issue Critical: Moderately critical Where: From remote Impact: Unknown Released: 2004-12-23 A security issue with an unknown impact has been reported in SurgeMail. Full Advisory: http://secunia.com/advisories/13621/ -- [SA13583] Crystal FTP Client "LIST" Buffer Overflow Vulnerability Critical: Moderately critical Where: From remote Impact: System access Released: 2004-12-20 Luca Ercoli has discovered a vulnerability in Crystal FTP, which can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/13583/ -- [SA13571] ArGoSoft Mail Server Script Insertion Vulnerability Critical: Moderately critical Where: From remote Impact: Cross Site Scripting Released: 2004-12-20 A vulnerability has been reported in ArGoSoft Mail Server, which can be exploited by malicious people to conduct script insertion attacks. Full Advisory: http://secunia.com/advisories/13571/ -- [SA13618] Citrix Metaframe XP Unspecified Buffer Overflow Vulnerability Critical: Moderately critical Where: From local network Impact: System access Released: 2004-12-22 A vulnerability has been reported in Citrix Metaframe XP, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/13618/ -- [SA13605] tlen URL Script Insertion Vulnerability Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2004-12-21 A vulnerability has been reported in tlen, allowing malicious people to inject arbitrary script code. Full Advisory: http://secunia.com/advisories/13605/ -- [SA13591] WinRAR Delete File Buffer Overflow Vulnerability Critical: Less critical Where: From remote Impact: System access Released: 2004-12-22 Vafa Khoshaein has discovered a vulnerability in WinRAR, which can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/13591/ -- [SA13578] Windows Media Player ActiveX Control Two Vulnerabilities Critical: Less critical Where: From remote Impact: Manipulation of data, Exposure of system information, Exposure of sensitive information Released: 2004-12-20 Arman Nayyeri has discovered two vulnerabilities in Microsoft Windows Media Player, which can be exploited by malicious people to disclose system information, and modify or disclose some sensitive information. Full Advisory: http://secunia.com/advisories/13578/ -- [SA13567] Google Desktop Search Exposure of Local Search Results Critical: Less critical Where: From remote Impact: Exposure of sensitive information Released: 2004-12-21 A vulnerability has been reported in Google Desktop Search, which can be exploited by malicious people to view local search results. Full Advisory: http://secunia.com/advisories/13567/ -- [SA13569] GamePort Two Security Bypass Vulnerabilities Critical: Less critical Where: Local system Impact: Security Bypass Released: 2004-12-21 amoXi and Dr.vaXin have discovered two security issues in GamePort, which can be exploited by malicious, local users to bypass some security restrictions. Full Advisory: http://secunia.com/advisories/13569/ UNIX/Linux:-- [SA13639] Red Hat update for acroread Critical: Highly critical Where: From remote Impact: System access Released: 2004-12-23 Red Hat has issued an update for acroread. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/13639/ -- [SA13636] KDE kpdf "doImage()" Buffer Overflow Vulnerability Critical: Highly critical Where: From remote Impact: System access Released: 2004-12-23 The vendor has acknowledged a vulnerability in kpdf, which can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/13636/ -- [SA13629] Fedora update for libtiff Critical: Highly critical Where: From remote Impact: System access Released: 2004-12-23 Fedora has issued an update for libtiff. This fixes a vulnerability, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/13629/ -- [SA13626] Mandrake update for kdelibs Critical: Highly critical Where: From remote Impact: System access Released: 2004-12-23 MandrakeSoft has issued an update for kdelibs. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/13626/ -- [SA13622] Mandrake update for mplayer Critical: Highly critical Where: From remote Impact: System access Released: 2004-12-23 MandrakeSoft has issued an update for mplayer. This fixes multiple vulnerabilities, which can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/13622/ -- [SA13614] Red Hat update for PHP Critical: Highly critical Where: From remote Impact: System access, DoS, Privilege escalation, Security Bypass Released: 2004-12-22 Red Hat has issued an update for PHP. This fixes some vulnerabilities, which can be exploited to gain escalated privileges, bypass certain security restrictions, gain knowledge of sensitive information, or compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/13614/ -- [SA13611] Fedora update for PHP Critical: Highly critical Where: From remote Impact: System access, DoS, Privilege escalation, Security Bypass Released: 2004-12-22 Fedora has issued an update for PHP. This fixes some vulnerabilities, which can be exploited to gain escalated privileges, bypass certain security restrictions, gain knowledge of sensitive information, or compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/13611/ -- [SA13608] HP-UX FTP Server Debug Logging Buffer Overflow Vulnerability Critical: Highly critical Where: From remote Impact: System access Released: 2004-12-22 iDEFENSE has reported a vulnerability in HP-UX, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/13608/ -- [SA13607] LibTIFF Two Integer Overflow Vulnerabilities Critical: Highly critical Where: From remote Impact: System access Released: 2004-12-22 infamous41md has reported two vulnerabilities in LibTIFF, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/13607/ -- [SA13602] xpdf "doImage()" Buffer Overflow Vulnerability Critical: Highly critical Where: From remote Impact: System access Released: 2004-12-22 A vulnerability has been reported in xpdf, which can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/13602/ -- [SA13595] Red Hat update for XFree86 Critical: Highly critical Where: From remote Impact: DoS, System access Released: 2004-12-21 Red Hat has issued an update for XFree86. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) or compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/13595/ -- [SA13590] Mandrake update for ethereal Critical: Highly critical Where: From remote Impact: DoS, System access Released: 2004-12-21 MandrakeSoft has issued an update for ethereal. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/13590/ -- [SA13586] KDE Konqueror Java Sandbox Security Bypass Vulnerabilities Critical: Highly critical Where: From remote Impact: System access Released: 2004-12-20 Two vulnerabilities have been reported in KDE Konqueror, which can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/13586/ -- [SA13585] Gentoo update for mplayer Critical: Highly critical Where: From remote Impact: System access Released: 2004-12-21 Gentoo has issued an update for mplayer. This fixes multiple vulnerabilities, which can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/13585/ -- [SA13581] Red Hat update for XFree86 Critical: Highly critical Where: From remote Impact: DoS, System access Released: 2004-12-20 Red Hat has issued an update for xfree86. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) or compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/13581/ -- [SA13568] Mandrake update for php Critical: Highly critical Where: From remote Impact: Security Bypass, Exposure of sensitive information, Privilege escalation, System access Released: 2004-12-20 Mandrakesoft has issued an update for php. This fixes some vulnerabilities, which can be exploited to gain escalated privileges, bypass certain security restrictions, gain knowledge of sensitive information, or compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/13568/ -- [SA13562] Gentoo update for PHP Critical: Highly critical Where: From remote Impact: System access, Privilege escalation, Exposure of sensitive information, Security Bypass Released: 2004-12-20 Gentoo has issued an update for PHP. This fixes some vulnerabilities, which can be exploited to gain escalated privileges, bypass certain security restrictions, gain knowledge of sensitive information, or compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/13562/ -- [SA13561] Gentoo update for Ethereal Critical: Highly critical Where: From remote Impact: DoS, System access Released: 2004-12-20 Gentoo has issued an update for Ethereal. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/13561/ -- [SA13559] Gentoo update for KDE kfax Critical: Highly critical Where: From remote Impact: DoS, System access Released: 2004-12-20 Gentoo has issued an update for KDE kfax. This fixes a vulnerability, which potentially can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/13559/ -- [SA13557] Gentoo update for phpMyAdmin Critical: Highly critical Where: From remote Impact: System access, Exposure of sensitive information Released: 2004-12-20 Gentoo has issued an update for phpMyAdmin. This fixes two vulnerabilities, which potentially can be exploited by malicious people to compromise a vulnerable system and by malicious users to disclose sensitive information. Full Advisory: http://secunia.com/advisories/13557/ -- [SA13542] NapShare "auto_filter_extern()" Function Buffer Overflow Vulnerability Critical: Highly critical Where: From remote Impact: System access Released: 2004-12-20 Bartlomiej Sieka has reported a vulnerability in NapShare, which can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/13542/ -- [SA13533] Bolthole Filter "save_embedded_address()" Function Buffer Overflow Critical: Highly critical Where: From remote Impact: System access Released: 2004-12-20 Ariel Berkman has reported a vulnerability in filter, which can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/13533/ -- [SA13502] xine-lib "open_aiff_file()" Buffer Overflow Vulnerability Critical: Highly critical Where: From remote Impact: System access Released: 2004-12-17 Ariel Berkman has reported a vulnerability in xine-lib, which can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/13502/ -- [SA13499] Gentoo update for acroread Critical: Highly critical Where: From remote Impact: System access Released: 2004-12-17 Gentoo has issued an update for acroread. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/13499/ -- [SA13635] Rpm Finder "web()" Buffer Overflow and Insecure File Creation Critical: Moderately critical Where: From remote Impact: Privilege escalation, System access Released: 2004-12-23 Two vulnerabilities have been reported in Rpm Finder, which can be exploited by malicious people to compromise a user's system and by malicious, local users to perform certain actions with escalated privileges. Full Advisory: http://secunia.com/advisories/13635/ -- [SA13624] Mandrake update for krb5 Critical: Moderately critical Where: From remote Impact: System access Released: 2004-12-23 Mandrake has issued an update for krb5. This fixes a vulnerability, which potentially can be exploited by malicious users to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/13624/ -- [SA13616] Gentoo update for mpg123 Critical: Moderately critical Where: From remote Impact: System access Released: 2004-12-22 Gentoo has issued an update for mpg123. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/13616/ -- [SA13606] Gentoo update for Zwiki Critical: Moderately critical Where: From remote Impact: Cross Site Scripting Released: 2004-12-22 Gentoo has issued an update for Zwiki. This fixes a vulnerability, which can be exploited by malicious people to conduct script insertion attacks. Full Advisory: http://secunia.com/advisories/13606/ -- [SA13584] Debian update for xzgv Critical: Moderately critical Where: From remote Impact: System access Released: 2004-12-21 Debian has issued an update for xzgv. This fixes multiple vulnerabilities, which potentially can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/13584/ -- [SA13580] Debian update for htget Critical: Moderately critical Where: From remote Impact: System access Released: 2004-12-20 Debian has issued an update for htget. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/13580/ -- [SA13579] htget Buffer Overflow Vulnerability Critical: Moderately critical Where: From remote Impact: System access Released: 2004-12-20 infamous41md has reported a vulnerability in htget, which can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/13579/ -- [SA13560] Gentoo update for kdelibs / kdebase Critical: Moderately critical Where: From remote Impact: Exposure of sensitive information, Spoofing Released: 2004-12-20 Gentoo has issued updates for kdebase and kdelibs. These fix some vulnerabilities, which can be exploited by malicious people to spoof the content of websites. Full Advisory: http://secunia.com/advisories/13560/ -- [SA13558] Gentoo update for abcm2ps Critical: Moderately critical Where: From remote Impact: System access Released: 2004-12-20 Gentoo has issued an update for abcm2ps. This fixes a vulnerability, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/13558/ -- [SA13554] YAMT "id3tag_sort()" Function Vulnerability Critical: Moderately critical Where: From remote Impact: System access Released: 2004-12-20 Manigandan Radhakrishnan has reported a vulnerability in YAMT, which can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/13554/ -- [SA13553] xlreader "book_format_sql()" Buffer Overflow Vulnerability Critical: Moderately critical Where: From remote Impact: System access Released: 2004-12-20 Tom Palarz and Kris Kubicki have reported a vulnerability in xlreader, which can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/13553/ -- [SA13552] Vilistextum "get_attr()" Buffer Overflow Vulnerability Critical: Moderately critical Where: From remote Impact: System access Released: 2004-12-20 Ariel Berkman has reported a vulnerability in Vilistextum, which can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/13552/ -- [SA13551] vb2c "parse()" Buffer Overflow Vulnerability Critical: Moderately critical Where: From remote Impact: System access Released: 2004-12-20 Qiao Zhang has reported a vulnerability in vb2c, allowing malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/13551/ -- [SA13550] UnRTF "process_font_table()" Buffer Overflow Vulnerability Critical: Moderately critical Where: From remote Impact: System access Released: 2004-12-20 Yosef Klein and Limin Wang have reported a vulnerability in UnRTF, which can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/13550/ -- [SA13548] rtf2latex2e "ReadFontTbl()" Buffer Overflow Vulnerability Critical: Moderately critical Where: From remote Impact: System access Released: 2004-12-17 Limin Wang has reported a vulnerability in rtf2latex2e, allowing malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/13548/ -- [SA13547] Ringtone Tools "parse_emelody()" Function Buffer Overflow Critical: Moderately critical Where: From remote Impact: System access Released: 2004-12-20 Qiao Zhang has reported a vulnerability in Ringtone Tools, which can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/13547/ -- [SA13546] pgn2web "process_moves()" Buffer Overflow Vulnerability Critical: Moderately critical Where: From remote Impact: System access Released: 2004-12-17 A vulnerability has been reported in pgn2web, allowing malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/13546/ -- [SA13545] Pcal "getline()" and "get_holiday()" Buffer Overflow Vulnerabilities Critical: Moderately critical Where: From remote Impact: System access Released: 2004-12-20 Danny Lungstrom has reported two vulnerabilities in Pcal, which can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/13545/ -- [SA13544] o3read "parse_html()" Function Buffer Overflow Vulnerability Critical: Moderately critical Where: From remote Impact: System access Released: 2004-12-20 Wiktor Kopec has reported a vulnerability in o3read, which can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/13544/ -- [SA13541] Mesh Viewer "Mesh::type()" Function Buffer Overflow Vulnerability Critical: Moderately critical Where: From remote Impact: System access Released: 2004-12-20 Mohammed Khan and Danny Lungstrom have reported a vulnerability in Mesh Viewer, which can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/13541/ -- [SA13539] Junkie FTP Client Two Vulnerabilities Critical: Moderately critical Where: From remote Impact: Manipulation of data, System access Released: 2004-12-20 Yosef Klein has reported two vulnerabilities in Junkie, which can be exploited by malicious people to manipulate files or compromise a user's system. Full Advisory: http://secunia.com/advisories/13539/ -- [SA13538] jpegtoavi "get_file_list_stdin()" Function Buffer Overflow Vulnerability Critical: Moderately critical Where: From remote Impact: System access Released: 2004-12-20 James Longstreet has reported a vulnerability in jpegtoavi, which can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/13538/ -- [SA13537] jcabc2ps "switch_voice()" Buffer Overflow Vulnerability Critical: Moderately critical Where: From remote Impact: System access Released: 2004-12-17 A vulnerability has been reported in jcabc2ps, allowing malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/13537/ -- [SA13536] IglooFTP File Manipulation Vulnerabilities Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2004-12-20 Two vulnerabilities have been reported in IglooFTP, which can be exploited to substitute uploaded files or overwrite files on the user's system. Full Advisory: http://secunia.com/advisories/13536/ -- [SA13535] html2hdml "remove_quote()" Buffer Overflow Vulnerability Critical: Moderately critical Where: From remote Impact: System access Released: 2004-12-17 A vulnerability has been reported in html2hdml, allowing malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/13535/ -- [SA13534] GREED "DownloadLoop()" Function Vulnerabilities Critical: Moderately critical Where: From remote Impact: System access Released: 2004-12-20 Manigandan Radhakrishnan has reported two vulnerabilities in GREED, which can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/13534/ -- [SA13532] DXFscope DXF File Parsing Buffer Overflow Vulnerability Critical: Moderately critical Where: From remote Impact: System access Released: 2004-12-20 Ariel Berkman has reported a vulnerability in DXFscope, which can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/13532/ -- [SA13531] csv2xml "get_field_headers()" Buffer Overflow Vulnerability Critical: Moderately critical Where: From remote Impact: System access Released: 2004-12-17 Limin Wang has reported a vulnerability in csv2xml, allowing malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/13531/ -- [SA13530] Convex 3D "readObjectChunk()" Buffer Overflow Vulnerability Critical: Moderately critical Where: From remote Impact: System access Released: 2004-12-17 Ariel Berkman has reported a vulnerability in Convex 3D, allowing malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/13530/ -- [SA13529] chbg "simplify_path()" Buffer Overflow Vulnerability Critical: Moderately critical Where: From remote Impact: System access Released: 2004-12-17 Danny Lungstrom has reported a vulnerability in chbg, allowing malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/13529/ -- [SA13527] libbsb "bsb_open_header()" Buffer Overflow Vulnerability Critical: Moderately critical Where: From remote Impact: System access Released: 2004-12-17 A vulnerability has been reported in libbsb, allowing malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/13527/ -- [SA13526] asp2php Two Buffer Overflow Vulnerabilities Critical: Moderately critical Where: From remote Impact: System access Released: 2004-12-17 Qiao Zhang has reported two vulnerabilities in asp2php, allowing malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/13526/ -- [SA13525] abctab2ps Two Buffer Overflow Vulnerabilities Critical: Moderately critical Where: From remote Impact: System access Released: 2004-12-17 Limin Wang has reported two vulnerabilities in abctab2ps, allowing malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/13525/ -- [SA13524] abcpp "handle_directive()" Buffer Overflow Vulnerability Critical: Moderately critical Where: From remote Impact: System access Released: 2004-12-17 Yosef Klein has reported a vulnerability in abcpp, allowing malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/13524/ -- [SA13523] abcm2ps "put_words()" Buffer Overflow Vulnerability Critical: Moderately critical Where: From remote Impact: System access Released: 2004-12-17 Limin Wang has reported a vulnerability in abcm2ps, allowing malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/13523/ -- [SA13522] abc2mtex "process_abc()" Buffer Overflow Vulnerability Critical: Moderately critical Where: From remote Impact: System access Released: 2004-12-17 Limin Wang has reported a vulnerability in abc2mtex, allowing malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/13522/ -- [SA13520] Red Hat update for gd Critical: Moderately critical Where: From remote Impact: System access Released: 2004-12-17 Red Hat has issued an update for gd. This fixes some vulnerabilities, which potentially can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/13520/ -- [SA13517] SUSE update for file/phprojekt Critical: Moderately critical Where: From remote Impact: Security Bypass, System access Released: 2004-12-17 SUSE has issued updates for file and phprojekt. These fix two vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions or potentially compromise a user's system. Full Advisory: http://secunia.com/advisories/13517/ -- [SA13516] tnftp File Name Verification Vulnerability Critical: Moderately critical Where: From remote Impact: Manipulation of data, System access Released: 2004-12-17 Yosef Klein has reported a vulnerability in tnftp, allowing malicious people to overwrite local files. Full Advisory: http://secunia.com/advisories/13516/ -- [SA13514] qwik-smtpd "HELO" Command Buffer Overflow Vulnerability Critical: Moderately critical Where: From remote Impact: Security Bypass Released: 2004-12-17 Jonathan Rockway has reported a vulnerability in qwik-smtpd, which can be exploited by malicious people to relay mail. Full Advisory: http://secunia.com/advisories/13514/ -- [SA13512] abc2midi Two Buffer Overflow Vulnerabilities Critical: Moderately critical Where: From remote Impact: System access Released: 2004-12-17 Limin Wang has reported two vulnerabilities in abc2midi, allowing malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/13512/ -- [SA13511] mpg123 "find_next_file()" Buffer Overflow Vulnerability Critical: Moderately critical Where: From remote Impact: System access Released: 2004-12-17 Bartlomiej Sieka has reported a vulnerability in mpg123, which can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/13511/ -- [SA13506] Red Hat update for libxml Critical: Moderately critical Where: From remote Impact: System access Released: 2004-12-17 Red Hat has issued an update for libxml. This fixes multiple vulnerabilities, which potentially can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/13506/ -- [SA13497] Sun Java Messaging Server Webmail Script Insertion Vulnerability Critical: Moderately critical Where: From remote Impact: Cross Site Scripting Released: 2004-12-16 A vulnerability has been reported in iPlanet Messaging Server / Sun ONE Messaging Server, which can be exploited by malicious people to conduct script insertion attacks. Full Advisory: http://secunia.com/advisories/13497/ -- [SA13623] SUSE update for samba Critical: Moderately critical Where: From local network Impact: System access Released: 2004-12-23 SUSE has issued an update for samba. This fixes a vulnerability, which can be exploited by malicious users to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/13623/ -- [SA13615] Fedora update for samba Critical: Moderately critical Where: From local network Impact: System access Released: 2004-12-22 Fedora has issued an update for samba. This fixes a vulnerability, which can be exploited by malicious users to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/13615/ -- [SA13613] Red Hat update for samba Critical: Moderately critical Where: From local network Impact: System access Released: 2004-12-22 Red Hat has issued an update for samba. This fixes a vulnerability, which can be exploited by malicious users to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/13613/ -- [SA13612] Fedora update for krb5 Critical: Moderately critical Where: From local network Impact: Privilege escalation, System access Released: 2004-12-22 Fedora has issued an update for krb5. This fixes two vulnerabilities, which can be exploited by malicious, local users to perform certain actions on a vulnerable system with escalated privileges and potentially by malicious users to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/13612/ -- [SA13597] Red Hat update for nfs-utils Critical: Moderately critical Where: From local network Impact: DoS, System access Released: 2004-12-21 Red Hat has issued an update for nfs-utils. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/13597/ -- [SA13592] Kerberos V5 "libkadm5srv" Buffer Overflow Vulnerability Critical: Moderately critical Where: From local network Impact: System access Released: 2004-12-21 Michael Tautschnig has reported a vulnerability in Kerberos V5, which potentially can be exploited by malicious users to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/13592/ -- [SA13582] Trustix update for samba Critical: Moderately critical Where: From local network Impact: System access Released: 2004-12-20 Trustix has issued an update for samba. This fixes a vulnerability, which can be exploited by malicious users to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/13582/ -- [SA13573] Fedora update for CUPS Critical: Moderately critical Where: From local network Impact: Manipulation of data, DoS, System access Released: 2004-12-20 Fedora has issued an update for CUPS. This fixes two vulnerabilities, which can be exploited by malicious users to manipulate certain files, cause a DoS (Denial of Service), or compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/13573/ -- [SA13570] Gentoo update for Samba Critical: Moderately critical Where: From local network Impact: System access Released: 2004-12-20 Gentoo has issued an update for samba. This fixes a vulnerability, which can be exploited by malicious users to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/13570/ -- [SA13540] LinPopUp "strexpand()" Function Buffer Overflow Vulnerability Critical: Moderately critical Where: From local network Impact: System access Released: 2004-12-20 Stephen Dranger has reported a vulnerability in LinPopUp, which can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/13540/ -- [SA13510] CUPS hpgltops and lppasswd Vulnerabilities Critical: Moderately critical Where: From local network Impact: Manipulation of data, DoS, System access Released: 2004-12-17 Two vulnerabilities have been reported in CUPS, which can be exploited by malicious users to manipulate certain files, cause a DoS (Denial of Service), or compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/13510/ -- [SA13507] Red Hat update for samba Critical: Moderately critical Where: From local network Impact: System access Released: 2004-12-17 Red Hat has issued an update for samba. This fixes a vulnerability, which can be exploited by malicious users to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/13507/ -- [SA13601] Fedora update for namazu Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2004-12-21 Fedora has issued an update for namazu. This fixes a vulnerability, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/13601/ -- [SA13600] Namazu "namazu.cgi" Cross-Site Scripting Vulnerability Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2004-12-21 A vulnerability has been reported in Namazu, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/13600/ -- [SA13588] Mandrake update for aspell Critical: Less critical Where: From remote Impact: System access Released: 2004-12-21 MandrakeSoft has issued an update for aspell. This fixes a vulnerability, which potentially can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/13588/ -- [SA13587] Gentoo update for nasm Critical: Less critical Where: From remote Impact: System access Released: 2004-12-20 Gentoo has issued an update for nasm. This fixes a vulnerability, which potentially can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/13587/ -- [SA13556] Email Sanitizer Unspecified MIME Denial of Service Vulnerability Critical: Less critical Where: From remote Impact: DoS Released: 2004-12-20 A vulnerability has been reported in Email Sanitizer, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/13556/ -- [SA13543] NASM "error()" Function Buffer Overflow Vulnerability Critical: Less critical Where: From remote Impact: System access Released: 2004-12-17 Jonathan Rockway has reported a vulnerability in NASM, which can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/13543/ -- [SA13610] SuSE update for kernel Critical: Less critical Where: From local network Impact: Unknown, Exposure of sensitive information, Privilege escalation, DoS Released: 2004-12-22 SUSE has issued an update for the kernel. This fixes multiple vulnerabilities, which can be exploited to cause a DoS (Denial of Service), gain knowledge of sensitive information, or gain escalated privileges. Full Advisory: http://secunia.com/advisories/13610/ -- [SA13642] Docbook-to-Man Insecure Temporary File Creation Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2004-12-23 Javier Fernández-Sanguino Peña has reported a vulnerability in Docbook-to-Man, which can be exploited by malicious, local users to perform certain actions on a vulnerable system with escalated privileges. Full Advisory: http://secunia.com/advisories/13642/ -- [SA13640] LPRng "lprng_certs.sh" Script Insecure Temporary File Creation Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2004-12-23 Javier Fernández-Sanguino Peña has reported a vulnerability in LPRng, which can be exploited by malicious, local users to perform certain actions on a vulnerable system with escalated privileges. Full Advisory: http://secunia.com/advisories/13640/ -- [SA13633] Debian debmake Insecure Temporary Directory Creation Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2004-12-23 Javier Fernández-Sanguino Peña has reported a vulnerability in debmake, which can be exploited by malicious, local users to perform certain actions on a vulnerable system with escalated privileges. Full Advisory: http://secunia.com/advisories/13633/ -- [SA13598] Red Hat update for rh-postgresql Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2004-12-21 Red Hat has issued an update for rh-postgresql. This fixes a vulnerability, which can be exploited by malicious, local users to perform certain actions on a vulnerable system with escalated privileges. Full Advisory: http://secunia.com/advisories/13598/ -- [SA13594] Red Hat update for glibc Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2004-12-21 Red Hat has issued an update for glibc. This fixes a vulnerability, which can be exploited by malicious, local users to perform certain actions on a vulnerable system with escalated privileges. Full Advisory: http://secunia.com/advisories/13594/ -- [SA13589] IBM AIX Multiple Privilege Escalation Vulnerabilities Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2004-12-21 Four vulnerabilities have been reported in AIX, which can be exploited by malicious, local users to gain escalated privileges. Full Advisory: http://secunia.com/advisories/13589/ -- [SA13575] Debian update for ethereal Critical: Less critical Where: Local system Impact: DoS Released: 2004-12-21 Debian has issued an update for ethereal. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/13575/ -- [SA13572] Linux Kernel Multiple Vulnerabilities Critical: Less critical Where: Local system Impact: Exposure of sensitive information, DoS Released: 2004-12-22 Multiple vulnerabilities have been reported in the Linux Kernel, which can be exploited by malicious, local users to cause a DoS (Denial of Service) or gain knowledge of potentially sensitive information. Full Advisory: http://secunia.com/advisories/13572/ -- [SA13565] HP-UX newgrp Privilege Escalation Vulnerability Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2004-12-20 A vulnerability has been reported in HP-UX, which can be exploited by malicious, local users to gain escalated privileges. Full Advisory: http://secunia.com/advisories/13565/ -- [SA13528] changepassword Privilege Escalation Vulnerability Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2004-12-17 Ariel Berkman has reported a vulnerability in changepassword, allowing malicious, local users to escalate their privileges. Full Advisory: http://secunia.com/advisories/13528/ -- [SA13521] Debian update for cscope Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2004-12-17 Debian has issued an update for cscope. This fixes a vulnerability, which potentially can be exploited by malicious, local users to perform certain actions on a vulnerable system with escalated privileges. Full Advisory: http://secunia.com/advisories/13521/ -- [SA13519] Debian update for a2ps Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2004-12-20 Debian has issued an update for a2ps. This fixes a vulnerability, which potentially can be exploited by malicious, local users to gain escalated privileges. Full Advisory: http://secunia.com/advisories/13519/ -- [SA13505] Red Hat update for zip Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2004-12-17 Red Hat has issued an update for zip. This fixes a vulnerability, which potentially can be exploited by malicious, local users to gain escalated privileges. Full Advisory: http://secunia.com/advisories/13505/ -- [SA13503] Gentoo update for cscope Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2004-12-17 Gentoo has issued an update for cscope. This fixes a vulnerability, which potentially can be exploited by malicious, local users to perform certain actions on a vulnerable system with escalated privileges. Full Advisory: http://secunia.com/advisories/13503/ -- [SA13501] NetBSD "compat" Privilege Escalation Vulnerabilities Critical: Less critical Where: Local system Impact: Privilege escalation, DoS Released: 2004-12-17 Evgeny Demidov has reported some vulnerabilities in NetBSD, which can be exploited by malicious, local users to cause a DoS (Denial of Service) and potentially gain escalated privileges. Full Advisory: http://secunia.com/advisories/13501/ -- [SA13498] Gentoo update for vim/gvim Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2004-12-16 Gentoo has issued updates for vim and gvim. These fix some vulnerabilities, which can be exploited by malicious, local users to gain escalated privileges. Full Advisory: http://secunia.com/advisories/13498/ -- [SA13625] Mandrake update for logcheck Critical: Not critical Where: Local system Impact: Privilege escalation Released: 2004-12-23 MandrakeSoft has issued updated packages for logcheck. These fix a security issue, which potentially can be exploited by malicious, local users to escalate their privileges. Full Advisory: http://secunia.com/advisories/13625/ -- [SA13617] SUSE update for ncpfs Critical: Not critical Where: Local system Impact: DoS Released: 2004-12-22 SUSE has issued an update for ncpfs. This fixes a potential vulnerability, which can be exploited by malicious, local users. Full Advisory: http://secunia.com/advisories/13617/ -- [SA13549] uml-utilities Ethernet Connection Drop Security Issue Critical: Not critical Where: Local system Impact: DoS Released: 2004-12-20 Danny Lungstrom has reported a security issue in uml-utilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/13549/ Other: Cross Platform:-- [SA13632] Sybase ASE Three Unspecified Vulnerabilities Critical: Highly critical Where: From remote Impact: Unknown Released: 2004-12-23 NGSSoftware has reported three vulnerabilities with unknown impacts in Sybase ASE. Full Advisory: http://secunia.com/advisories/13632/ -- [SA13508] MPlayer Multiple Vulnerabilities Critical: Highly critical Where: From remote Impact: System access Released: 2004-12-17 Multiple vulnerabilities have been reported in MPlayer, which can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/13508/ -- [SA13620] 2Bgal "id_album" SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2004-12-23 Romain Le Guen has reported a vulnerability in 2Bgal, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/13620/ -- [SA13564] IMG2ASCII Unspecified Vulnerability Critical: Moderately critical Where: From remote Impact: Unknown Released: 2004-12-20 A vulnerability with an unknown impact has been reported in IMG2ASCII. Full Advisory: http://secunia.com/advisories/13564/ -- [SA13563] Kayako eSupport Cross-Site Scripting and SQL Injection Critical: Moderately critical Where: From remote Impact: Cross Site Scripting, Manipulation of data Released: 2004-12-20 James Bercegay has reported some vulnerabilities in Kayako eSupport, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks. Full Advisory: http://secunia.com/advisories/13563/ -- [SA13555] Yanf "get()" Buffer Overflow Vulnerability Critical: Moderately critical Where: From remote Impact: System access Released: 2004-12-20 Ariel Berkman has reported a vulnerability in Yanf, which can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/13555/ -- [SA13518] Cosminexus Web Contents Generator Buffer Overflow Vulnerability Critical: Moderately critical Where: From remote Impact: System access Released: 2004-12-17 The vendor has acknowledged a vulnerability in Cosminexus Web Contents Generator (Macromedia JRun), which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/13518/ -- [SA13515] Moodle Multiple Unspecified Security Issues Critical: Moderately critical Where: From remote Impact: Unknown, Security Bypass, Exposure of sensitive information Released: 2004-12-17 Multiple security issues have been reported in Moodle. Some of these can potentially be exploited by malicious people to disclose sensitive information and bypass certain security restrictions, and others have unknown impacts. Full Advisory: http://secunia.com/advisories/13515/ -- [SA13513] Ikonboard "st" and "keywords" SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2004-12-17 Positive Technologies has reported a vulnerability in Ikonboard, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/13513/ -- [SA13500] AtBas 2fax "expandtabs()" Buffer Overflow Vulnerability Critical: Moderately critical Where: From remote Impact: System access Released: 2004-12-17 Ariel Berkman has discovered a vulnerability in AtBas 2fax, potentially allowing malicious people to gain system access. Full Advisory: http://secunia.com/advisories/13500/ -- [SA13619] PsychoStats "login" Cross-Site Scripting Vulnerability Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2004-12-23 James Bercegay has reported a vulnerability in PsychoStats, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/13619/ -- [SA13576] PHPFormMail "output_html()" Cross-Site Scripting Vulnerabilities Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2004-12-20 Some vulnerabilities have been reported in PHPFormMail, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/13576/ -- [SA13574] PHP-Nuke Workboard Module Cross-Site Scripting Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2004-12-20 Lostmon has reported two vulnerabilities in the Workboard module for PHP-Nuke, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/13574/ -- [SA13566] PERL Crypt::ECB Module ASCII "0" Encoding Security Issue Critical: Less critical Where: From remote Impact: Security Bypass Released: 2004-12-21 Bennett R. Samowich has discovered a security issue in Crypt::ECB, which makes it easier for malicious people to brute force passwords. Full Advisory: http://secunia.com/advisories/13566/ -- [SA13504] 68 Designs Froogle Installation Security Issue Critical: Less critical Where: From remote Impact: Security Bypass Released: 2004-12-17 Lostmon has reported a security issue in 68 Designs Froogle, which potentially can be exploited by malicious people to gain administrative privileges. Full Advisory: http://secunia.com/advisories/13504/ -- [SA13593] Symantec Brightmail AntiSpam Notifier Denial of Service Critical: Not critical Where: From remote Impact: DoS Released: 2004-12-21 A weakness has been reported in Symantec Brightmail AntiSpam, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/13593/ ======================================================================== Secunia recommends that you verify all advisories you receive, by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Subscribe: http://secunia.com/secunia_weekly_summary/ Contact details: Web : http://secunia.com/ E-mail : support@private Tel : +45 70 20 51 44 Fax : +45 70 20 51 45 ======================================================================== _________________________________________ Open Source Vulnerability Database (OSVDB) Everything is Vulnerable - http://www.osvdb.org/
This archive was generated by hypermail 2.1.3 : Fri Dec 24 2004 - 02:03:56 PST