[ISN] Secunia Weekly Summary - Issue: 2005-11

From: InfoSec News (isn@private)
Date: Thu Mar 17 2005 - 23:28:04 PST


========================================================================

                  The Secunia Weekly Advisory Summary                  
                        2005-03-10 - 2005-03-17                        

                       This week : 52 advisories                       

========================================================================
Table of Contents:

1.....................................................Word From Secunia
2....................................................This Week In Brief
3...............................This Weeks Top Ten Most Read Advisories
4.......................................Vulnerabilities Summary Listing
5.......................................Vulnerabilities Content Listing

========================================================================
1) Word From Secunia:

Want a new IT Security job?

Vacant positions at Secunia:
http://secunia.com/secunia_vacancies/

========================================================================
2) This Week in Brief:

A vulnerability has been reported in various Symantec gateway products,
which can be exploited by malicious people to poison the DNS cache.

The vendor has issued patches, please review Secunia advisory below
for additional details.

References:
http://secunia.com/SA14595


VIRUS ALERTS:

Secunia has not issued any virus alerts during the week.

========================================================================
3) This Weeks Top Ten Most Read Advisories:

1.  [SA14163] Mozilla Products IDN Spoofing Security Issue
2.  [SA14565] Firefox "Save Link As..." Status Bar Spoofing Weakness
3.  [SA14512] Microsoft Windows LAND Attack Denial of Service
4.  [SA14547] MySQL Two Vulnerabilities
5.  [SA12889] Microsoft Internet Explorer Multiple Vulnerabilities
6.  [SA12758] Microsoft Word Document Parsing Buffer Overflow
              Vulnerability
7.  [SA14568] Mozilla "Save Link Target As..." Status Bar Spoofing
              Weakness
8.  [SA14543] Microsoft Exchange Server 2003 Folder Handling Denial of
              Service
9.  [SA14567] Thunderbird "Save Link Target As..." Status Bar Spoofing
              Weakness
10. [SA14548] Linux Kernel "sys_epoll_wait()" Function Integer Overflow

========================================================================
4) Vulnerabilities Summary Listing

Windows:
[SA14580] aeNovo Database Disclosure of Sensitive Information
[SA14553] Active Webcam Denial of Service and Local File Detection
[SA14601] GoodTech Telnet Server Buffer Overflow Vulnerability
[SA14564] MySQL MS-DOS Device Names Denial of Service Vulnerability

UNIX/Linux:
[SA14597] Mandrake update for cyrus-sasl
[SA14574] Gentoo update for libexif
[SA14572] Gentoo update for xorg-x11
[SA14552] SUSE update for realplayer
[SA14606] Fedora update for sylpheed
[SA14603] Gentoo update for ringtonetools
[SA14596] Mandrake update for ethereal
[SA14594] Ubuntu update for kernel
[SA14587] Fedora update for ipsec-tools
[SA14586] IPsec-Tools ISAKMP Header Parsing Denial of Service
[SA14584] KAME Racoon ISAKMP Header Parsing Denial of Service
[SA14573] Gentoo update for ethereal
[SA14570] Linux Kernel PPP Server Denial of Service Vulnerability
[SA14598] Mandrake update for openslp
[SA14581] SUSE update for openslp
[SA14561] OpenSLP Buffer Overflow Vulnerabilities
[SA14593] Ubuntu update for mysql
[SA14582] Debian luxman Privilege Escalation Vulnerability
[SA14562] rxvt-unicode Terminal Input Buffer Overflow Vulnerability
[SA14563] Conectiva update for gaim
[SA14558] Red Hat update for gaim
[SA14591] KDE Desktop Communication Protocol Denial of Service
Vulnerability

Other:
[SA14557] Xerox MicroServer Web Server URL Handling Denial of Service
[SA14556] Xerox Document Centre Web Server Unauthorised Access
Vulnerability

Cross Platform:
[SA14600] PHPOpenChat "sourcedir" File Inclusion Vulnerability
[SA14577] VoteBox "VoteBoxPath" File Inclusion Vulnerability
[SA14566] holaCMS "vote_filename" Directory Traversal Vulnerability
[SA14559] WEBInsta Limbo "absolute_path" File Inclusion Vulnerability
[SA14602] ZPanel "uname" SQL Injection and Security Bypass
[SA14595] Symantec Products Unspecified DNS Cache Poisoning
Vulnerability
[SA14590] paBox "posticon" Script Insertion Vulnerability
[SA14583] SimpGB "quote" SQL Injection Vulnerability
[SA14579] Spinworks Application Server Web Server Denial of Service
[SA14578] UBB.threads "Number" SQL Injection Vulnerability
[SA14576] PhotoPost PHP Pro Multiple Vulnerabilities
[SA14555] LimeWire Gnutella Disclosure of Sensitive Information
[SA14599] phpMyAdmin "_" Wildcard Permissions Security Bypass
[SA14592] phpPgAds / phpAdsNew "refresh" Cross-Site Scripting
Vulnerability
[SA14589] WebSphere Commerce Private Information Disclosure
[SA14554] Phorum Script Insertion Vulnerabilities
[SA14588] Cosminexus Server Component Container Tomcat Denial of
Service
[SA14575] MaxDB Web Agent Denial of Service Vulnerabilities
[SA14569] Apache Tomcat AJP12 Protocol Denial of Service Vulnerability
[SA14607] Novell iChain miniFTP Server Brute Force Weakness
[SA14568] Mozilla "Save Link Target As..." Status Bar Spoofing
Weakness
[SA14567] Thunderbird "Save Link Target As..." Status Bar Spoofing
Weakness
[SA14565] Firefox "Save Link As..." Status Bar Spoofing Weakness
[SA14560] Citrix MetaFrame Password Manager Secondary Password
Disclosure

========================================================================
5) Vulnerabilities Content Listing

Windows:--

[SA14580] aeNovo Database Disclosure of Sensitive Information

Critical:    Moderately critical
Where:       From remote
Impact:      Exposure of sensitive information
Released:    2005-03-14

farhad koosha has reported a security issue in aeNovo, which can be
exploited by malicious people to disclose sensitive information.

Full Advisory:
http://secunia.com/advisories/14580/

 --

[SA14553] Active Webcam Denial of Service and Local File Detection

Critical:    Moderately critical
Where:       From remote
Impact:      Exposure of system information, DoS
Released:    2005-03-10

Sowhat has reported two vulnerabilities and a weakness in Active
Webcam, which can be exploited by malicious people to cause a DoS
(Denial of Service) and detect the presence of local files.

Full Advisory:
http://secunia.com/advisories/14553/

 --

[SA14601] GoodTech Telnet Server Buffer Overflow Vulnerability

Critical:    Moderately critical
Where:       From local network
Impact:      System access
Released:    2005-03-16

Komrade has reported a vulnerability in GoodTech Telnet Server, which
can be exploited by malicious people to compromise a vulnerable
system.

Full Advisory:
http://secunia.com/advisories/14601/

 --

[SA14564] MySQL MS-DOS Device Names Denial of Service Vulnerability

Critical:    Not critical
Where:       From local network
Impact:      DoS
Released:    2005-03-14

Luca Ercoli has reported a vulnerability in MySQL, which can be
exploited by malicious users to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/14564/


UNIX/Linux:--

[SA14597] Mandrake update for cyrus-sasl

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2005-03-16

MandrakeSoft has issued an update for cyrus-sasl. This fixes a
vulnerability, which can be exploited by malicious people to compromise
a vulnerable system.

Full Advisory:
http://secunia.com/advisories/14597/

 --

[SA14574] Gentoo update for libexif

Critical:    Highly critical
Where:       From remote
Impact:      System access, DoS
Released:    2005-03-14

Gentoo has issued an update for libexif. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service) or compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/14574/

 --

[SA14572] Gentoo update for xorg-x11

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2005-03-14

Gentoo has issued an update for xorg-x11. This fixes a vulnerability,
which potentially can be exploited by malicious people to compromise a
vulnerable system.

Full Advisory:
http://secunia.com/advisories/14572/

 --

[SA14552] SUSE update for realplayer

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2005-03-10

SUSE has issued an update for realplayer. This fixes two
vulnerabilities, which can be exploited by malicious people to
compromise a user's system.

Full Advisory:
http://secunia.com/advisories/14552/

 --

[SA14606] Fedora update for sylpheed

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2005-03-16

Fedora has issued an update for sylpheed. This fixes a vulnerability,
which potentially can be exploited by malicious people to compromise a
user's system.

Full Advisory:
http://secunia.com/advisories/14606/

 --

[SA14603] Gentoo update for ringtonetools

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2005-03-16

Gentoo has issued an update for ringtonetools. This fixes a
vulnerability, which can be exploited by malicious people to compromise
a user's system.

Full Advisory:
http://secunia.com/advisories/14603/

 --

[SA14596] Mandrake update for ethereal

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2005-03-16

MandrakeSoft has issued an update for ethereal. This fixes some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service) and potentially compromise a vulnerable
system.

Full Advisory:
http://secunia.com/advisories/14596/

 --

[SA14594] Ubuntu update for kernel

Critical:    Moderately critical
Where:       From remote
Impact:      Exposure of sensitive information, Privilege escalation,
DoS
Released:    2005-03-16

Ubuntu has issued an update for the kernel. This fixes multiple
vulnerabilities, which can be exploited disclose kernel memory, gain
escalated privileges or cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/14594/

 --

[SA14587] Fedora update for ipsec-tools

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2005-03-15

Fedora has issued an update for ipsec-tools. This fixes a
vulnerability, which can be exploited by malicious people to cause a
DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/14587/

 --

[SA14586] IPsec-Tools ISAKMP Header Parsing Denial of Service

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2005-03-15

A vulnerability has been reported in IPsec-Tools, which can be
exploited by malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/14586/

 --

[SA14584] KAME Racoon ISAKMP Header Parsing Denial of Service

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2005-03-15

Sebastian Krahmer has reported a vulnerability in KAME Racoon, which
can be exploited by malicious people to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/14584/

 --

[SA14573] Gentoo update for ethereal

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2005-03-14

Gentoo has issued an update for ethereal. This fixes multiple
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service) or potentially compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/14573/

 --

[SA14570] Linux Kernel PPP Server Denial of Service Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2005-03-16

Ben Martel and Stephen Blackheath have reported a vulnerability in the
Linux kernel, which can be exploited by malicious people to cause a DoS
(Denial of Service).

Full Advisory:
http://secunia.com/advisories/14570/

 --

[SA14598] Mandrake update for openslp

Critical:    Moderately critical
Where:       From local network
Impact:      System access
Released:    2005-03-16

MandrakeSoft has issued an update for openslp. This fixes some
vulnerabilities, which can be exploited by malicious people to
compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/14598/

 --

[SA14581] SUSE update for openslp

Critical:    Moderately critical
Where:       From local network
Impact:      System access
Released:    2005-03-15

SUSE has issued an update for openslp. This fixes some vulnerabilities,
which can be exploited by malicious people to compromise a vulnerable
system.

Full Advisory:
http://secunia.com/advisories/14581/

 --

[SA14561] OpenSLP Buffer Overflow Vulnerabilities

Critical:    Moderately critical
Where:       From local network
Impact:      System access
Released:    2005-03-15

SUSE Security Team has reported some vulnerabilities in OpenSLP, which
can be exploited by malicious people to compromise a vulnerable
system.

Full Advisory:
http://secunia.com/advisories/14561/

 --

[SA14593] Ubuntu update for mysql

Critical:    Less critical
Where:       From local network
Impact:      Privilege escalation, System access
Released:    2005-03-16

Ubuntu has issued an update for mysql. This fixes some vulnerabilities,
which potentially can be exploited by malicious users to compromise a
vulnerable system and by malicious, local users to perform certain
actions on a vulnerable system with escalated privileges.

Full Advisory:
http://secunia.com/advisories/14593/

 --

[SA14582] Debian luxman Privilege Escalation Vulnerability

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2005-03-15

Debian has issued an update for luxman. This fixes a vulnerability,
which potentially can be exploited by malicious, local users to gain
escalated privileges.

Full Advisory:
http://secunia.com/advisories/14582/

 --

[SA14562] rxvt-unicode Terminal Input Buffer Overflow Vulnerability

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2005-03-15

A vulnerability has been reported in rxvt-unicode, which potentially
can be exploited by malicious, local users to gain escalated
privileges.

Full Advisory:
http://secunia.com/advisories/14562/

 --

[SA14563] Conectiva update for gaim

Critical:    Not critical
Where:       From remote
Impact:      DoS
Released:    2005-03-15

Conectiva has issued an update for gaim. This fixes three weaknesses,
which can be exploited by malicious people to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/14563/

 --

[SA14558] Red Hat update for gaim

Critical:    Not critical
Where:       From remote
Impact:      DoS
Released:    2005-03-11

Red Hat has issued an update for gaim. This fixes three weaknesses,
which can be exploited by malicious people to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/14558/

 --

[SA14591] KDE Desktop Communication Protocol Denial of Service
Vulnerability

Critical:    Not critical
Where:       Local system
Impact:      DoS
Released:    2005-03-16

Sebastian Krahmer has reported a vulnerability in KDE, which can be
exploited by malicious, local users to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/14591/


Other:--

[SA14557] Xerox MicroServer Web Server URL Handling Denial of Service

Critical:    Less critical
Where:       From local network
Impact:      DoS
Released:    2005-03-11

A vulnerability has been reported in Xerox Document Centre, which can
be exploited by malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/14557/

 --

[SA14556] Xerox Document Centre Web Server Unauthorised Access
Vulnerability

Critical:    Less critical
Where:       From local network
Impact:      Security Bypass
Released:    2005-03-11

A vulnerability has been reported in Xerox Document Centre, which can
be exploited by malicious people to bypass certain security
restrictions.

Full Advisory:
http://secunia.com/advisories/14556/


Cross Platform:--

[SA14600] PHPOpenChat "sourcedir" File Inclusion Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2005-03-16

Mafia_Boy has reported a vulnerability in PHPOpenChat, which can be
exploited by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/14600/

 --

[SA14577] VoteBox "VoteBoxPath" File Inclusion Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2005-03-15

SmOk3 has reported a vulnerability in VoteBox, which can be exploited
by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/14577/

 --

[SA14566] holaCMS "vote_filename" Directory Traversal Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2005-03-14

Virginity has reported a vulnerability in holaCMS, which can be
exploited by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/14566/

 --

[SA14559] WEBInsta Limbo "absolute_path" File Inclusion Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2005-03-11

Fidel Costa has discovered a vulnerability in WEBInsta Limbo, which can
be exploited by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/14559/

 --

[SA14602] ZPanel "uname" SQL Injection and Security Bypass

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass, Manipulation of data
Released:    2005-03-16

Mikhail has reported a vulnerability and a security issue in ZPanel,
which can be exploited by malicious people to conduct SQL injection
attacks and bypass certain security restrictions.

Full Advisory:
http://secunia.com/advisories/14602/

 --

[SA14595] Symantec Products Unspecified DNS Cache Poisoning
Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Spoofing, Manipulation of data
Released:    2005-03-16

A vulnerability has been reported in various Symantec gateway products,
which can be exploited by malicious people to poison the DNS cache.

Full Advisory:
http://secunia.com/advisories/14595/

 --

[SA14590] paBox "posticon" Script Insertion Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2005-03-15

Rift has discovered a vulnerability in paBox, which can be exploited by
malicious people to conduct script insertion attacks.

Full Advisory:
http://secunia.com/advisories/14590/

 --

[SA14583] SimpGB "quote" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2005-03-15

Alexander Müller has reported a vulnerability in SimpGB, which can be
exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/14583/

 --

[SA14579] Spinworks Application Server Web Server Denial of Service

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2005-03-14

Dr_insane has discovered a vulnerability in Spinworks Application
Server, which can be exploited by malicious people to cause a DoS
(Denial of Service).

Full Advisory:
http://secunia.com/advisories/14579/

 --

[SA14578] UBB.threads "Number" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2005-03-14

ADZ Security Team has reported a vulnerability in UBB.threads, which
can be exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/14578/

 --

[SA14576] PhotoPost PHP Pro Multiple Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass, Cross Site Scripting, Manipulation of
data
Released:    2005-03-14

Igor Franchuk has reported some vulnerabilities in PhotoPost PHP Pro,
which can be exploited to conduct script insertion and SQL injection
attacks, bypass certain security restrictions and manipulate
potentially sensitive information.

Full Advisory:
http://secunia.com/advisories/14576/

 --

[SA14555] LimeWire Gnutella Disclosure of Sensitive Information

Critical:    Moderately critical
Where:       From remote
Impact:      Exposure of sensitive information
Released:    2005-03-15

Kevin Walsh has reported two vulnerabilities in LimeWire, which can be
exploited by malicious people to disclose sensitive information.

Full Advisory:
http://secunia.com/advisories/14555/

 --

[SA14599] phpMyAdmin "_" Wildcard Permissions Security Bypass

Critical:    Less critical
Where:       From remote
Impact:      Security Bypass
Released:    2005-03-16

A vulnerability has been reported in phpMyAdmin, which can be exploited
by malicious users to bypass certain security restrictions.

Full Advisory:
http://secunia.com/advisories/14599/

 --

[SA14592] phpPgAds / phpAdsNew "refresh" Cross-Site Scripting
Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2005-03-15

Maksymilian Arciemowicz has reported a vulnerability in phpPgAds and
phpAdsNew, which can be exploited by malicious people to conduct
cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/14592/

 --

[SA14589] WebSphere Commerce Private Information Disclosure

Critical:    Less critical
Where:       From remote
Impact:      Exposure of sensitive information
Released:    2005-03-15

A security issue has been reported in WebSphere Commerce, which may
result in sensitive information being disclosed to malicious people.

Full Advisory:
http://secunia.com/advisories/14589/

 --

[SA14554] Phorum Script Insertion Vulnerabilities

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2005-03-11

Jon Oberheide has reported some vulnerabilities in Phorum, which can be
exploited by malicious users to conduct script insertion attacks.

Full Advisory:
http://secunia.com/advisories/14554/

 --

[SA14588] Cosminexus Server Component Container Tomcat Denial of
Service

Critical:    Less critical
Where:       From local network
Impact:      DoS
Released:    2005-03-15

The vendor has acknowledged a vulnerability in Cosminexus Server
Component Container and Cosminexus Server Component Container for Java,
which can be exploited by malicious people to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/14588/

 --

[SA14575] MaxDB Web Agent Denial of Service Vulnerabilities

Critical:    Less critical
Where:       From local network
Impact:      DoS
Released:    2005-03-15

Some vulnerabilities have been reported in MaxDB, which can be
exploited by malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/14575/

 --

[SA14569] Apache Tomcat AJP12 Protocol Denial of Service Vulnerability

Critical:    Less critical
Where:       From local network
Impact:      DoS
Released:    2005-03-15

Hitachi Incident Response Team has reported a vulnerability in Tomcat,
which can be exploited by malicious people to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/14569/

 --

[SA14607] Novell iChain miniFTP Server Brute Force Weakness

Critical:    Not critical
Where:       From remote
Impact:      Brute force
Released:    2005-03-16

Francisco Amato has reported a weakness in Novell iChain, which can be
exploited by malicious people to potentially brute force a user's
password.

Full Advisory:
http://secunia.com/advisories/14607/

 --

[SA14568] Mozilla "Save Link Target As..." Status Bar Spoofing
Weakness

Critical:    Not critical
Where:       From remote
Impact:      Spoofing
Released:    2005-03-14

bitlance winter has discovered a weakness in Mozilla, which can be
exploited by malicious people to trick users into saving malicious
files by obfuscating URLs.

Full Advisory:
http://secunia.com/advisories/14568/

 --

[SA14567] Thunderbird "Save Link Target As..." Status Bar Spoofing
Weakness

Critical:    Not critical
Where:       From remote
Impact:      Spoofing
Released:    2005-03-14

bitlance winter has discovered a weakness in Thunderbird, which can be
exploited by malicious people to trick users into saving malicious
files by obfuscating URLs.

Full Advisory:
http://secunia.com/advisories/14567/

 --

[SA14565] Firefox "Save Link As..." Status Bar Spoofing Weakness

Critical:    Not critical
Where:       From remote
Impact:      Spoofing
Released:    2005-03-14

bitlance winter has discovered a weakness in Firefox, which can be
exploited by malicious people to trick users into saving malicious
files by obfuscating URLs.

Full Advisory:
http://secunia.com/advisories/14565/

 --

[SA14560] Citrix MetaFrame Password Manager Secondary Password
Disclosure

Critical:    Not critical
Where:       From local network
Impact:      Security Bypass, Exposure of sensitive information
Released:    2005-03-16

A security issue has been reported in MetaFrame Password Manager, which
can be exploited by malicious users to gain knowledge of potentially
sensitive information.

Full Advisory:
http://secunia.com/advisories/14560/



========================================================================

Secunia recommends that you verify all advisories you receive,
by clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only use
those supplied by the vendor.

Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/

Subscribe:
http://secunia.com/secunia_weekly_summary/

Contact details:
Web	: http://secunia.com/
E-mail	: support@private
Tel	: +45 70 20 51 44
Fax	: +45 70 20 51 45




_________________________________________
Bellua Cyber Security Asia 2005 -
http://www.bellua.com/bcs2005



This archive was generated by hypermail 2.1.3 : Fri Mar 18 2005 - 01:12:50 PST