======================================================================== The Secunia Weekly Advisory Summary 2005-03-31 - 2005-04-07 This week : 58 advisories ======================================================================== Table of Contents: 1.....................................................Word From Secunia 2....................................................This Week In Brief 3...............................This Weeks Top Ten Most Read Advisories 4.......................................Vulnerabilities Summary Listing 5.......................................Vulnerabilities Content Listing ======================================================================== 1) Word From Secunia: Want a new IT Security job? Vacant positions at Secunia: http://secunia.com/secunia_vacancies/ ======================================================================== 2) This Week in Brief: A vulnerability has been discovered in various Mozilla based products, which can be exploited by malicious people to gain knowledge of potentially sensitive information. Secunia has constructed a test, which can be used to check if your browser is affected by this issue: http://secunia.com/mozilla_products_arbitrary_memory_exposure_test/ References: http://secunia.com/SA14804 http://secunia.com/SA14820 http://secunia.com/SA14821 VIRUS ALERTS: Secunia has not issued any virus alerts during the week. ======================================================================== 3) This Weeks Top Ten Most Read Advisories: 1. [SA14820] Mozilla Firefox JavaScript Engine Information Disclosure Vulnerability 2. [SA14821] Mozilla Suite JavaScript Engine Information Disclosure Vulnerability 3. [SA14792] PHP Multiple Vulnerabilities 4. [SA14654] Mozilla Firefox Three Vulnerabilities 5. [SA14804] Netscape JavaScript Engine Information Disclosure Vulnerability 6. [SA12758] Microsoft Word Document Parsing Buffer Overflow Vulnerability 7. [SA12889] Microsoft Internet Explorer Multiple Vulnerabilities 8. [SA14784] Cisco VPN Concentrator 3000 Series HTTPS Packet Denial of Service 9. [SA14745] MIT Kerberos Telnet Client Buffer Overflow Vulnerabilities 10. [SA14808] Windows Server 2003 Local Denial of Service Vulnerabilities ======================================================================== 4) Vulnerabilities Summary Listing Windows: [SA14812] MailEnable IMAP Buffer Overflow and SMTP Denial of Service [SA14809] Star Wars Jedi Knight: Jedi Academy Message Handling Buffer Overflow [SA14839] Active Auction House Cross-Site Scripting and SQL Injection [SA14833] ProductCart Cross-Site Scripting and SQL Injection Vulnerabilities [SA14825] Comersus Cart Username Script Insertion Vulnerability [SA14811] Quake3 Engine Denial of Service Vulnerability [SA14837] CA eTrust Intrusion Detection CPImportKey Denial of Service [SA14829] DameWare NT Utilities / Mini Remote Control Privilege Escalation [SA14790] BlueSoleil Object Push Service Directory Traversal Vulnerability [SA14813] Adobe Reader / Adobe Acrobat Local Files Detection and Denial of Service [SA14808] Windows Server 2003 Local Denial of Service Vulnerabilities UNIX/Linux: [SA14819] Red Hat update for tetex [SA14816] Debian update for imagemagick [SA14807] SGI Advanced Linux Environment Multiple Updates [SA14806] Gentoo update for sylpheed / sylpheed-claws [SA14800] Mandrake update for ImageMagick [SA14791] teTeX Multiple Image Decoder Parsing Vulnerabilities [SA14855] Ubuntu update for libapache2-mod-php4/php4-cgi [SA14845] Red Hat update for curl [SA14830] Gentoo update for dnsmasq [SA14828] Slackware update for php [SA14817] Debian update for krb5 [SA14805] Gentoo update for telnet-bsd [SA14798] Ubuntu update for kernel [SA14797] SUSE update for ipsec-tools [SA14796] Mandrake update for libexif [SA14794] Mandrake update for ipsec-tools [SA14792] PHP Multiple Vulnerabilities [SA14856] AIX Unspecified NIS Client System Compromise Vulnerability [SA14826] Debian update for remstats [SA14810] remstats Insecure Temporary File Creation and Arbitrary Command Execution [SA14834] Debian update for wu-ftpd [SA14803] Mandrake update for grip [SA14799] phpMyAdmin "convcharset" Cross-Site Scripting Vulnerability [SA14795] Mandrake update for htdig [SA14847] Fedora update for mysql [SA14846] Red Hat update for mysql-server [SA14822] Conectiva update for mysql [SA14842] FreeBSD sendfile Kernel Memory Disclosure Vulnerability [SA14840] Trustix update for kernel [SA14836] SCO OpenServer nwclient Privilege Escalation Vulnerability [SA14835] SUSE update for kernel [SA14827] FreeBSD amd64 Direct Hardware Access Security Issue [SA14850] Fedora update for gaim [SA14849] Ubuntu update for gaim [SA14844] Red Hat update for gdk-pixbuf [SA14838] Ubuntu update for libgdk-pixbuf2/libgtk2.0-0 [SA14818] Red Hat update for gtk2 [SA14815] Gaim Multiple Denial of Service Weaknesses [SA14824] Ubuntu update for unshar Other: [SA14823] SonicWALL SOHO series Cross-Site Scripting and Script Injection Cross Platform: [SA14802] AlstraSoft EPay Pro Cross-Site Scripting and Arbitrary File Inclusion [SA14814] BakBone NetVault Buffer Overflow Vulnerabilities [SA14832] PayProCart Multiple Vulnerabilities [SA14821] Mozilla Suite JavaScript Engine Information Disclosure Vulnerability [SA14820] Mozilla Firefox JavaScript Engine Information Disclosure Vulnerability [SA14804] Netscape JavaScript Engine Information Disclosure Vulnerability [SA14793] MX Shop / MX Kart SQL Injection Vulnerabilities ======================================================================== 5) Vulnerabilities Content Listing Windows:-- [SA14812] MailEnable IMAP Buffer Overflow and SMTP Denial of Service Critical: Highly critical Where: From remote Impact: DoS, System access Released: 2005-04-04 Two vulnerabilities have been reported in MailEnable, which can be exploited by malicious people to cause a DoS (Denial of Service) and compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/14812/ -- [SA14809] Star Wars Jedi Knight: Jedi Academy Message Handling Buffer Overflow Critical: Highly critical Where: From remote Impact: System access Released: 2005-04-04 Luigi Auriemma has reported a vulnerability in Star Wars Jedi Knight: Jedi Academy, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/14809/ -- [SA14839] Active Auction House Cross-Site Scripting and SQL Injection Critical: Moderately critical Where: From remote Impact: Cross Site Scripting, Manipulation of data Released: 2005-04-06 Diabolic Crab has reported some vulnerabilities in Active Auction House, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks. Full Advisory: http://secunia.com/advisories/14839/ -- [SA14833] ProductCart Cross-Site Scripting and SQL Injection Vulnerabilities Critical: Moderately critical Where: From remote Impact: Cross Site Scripting, Manipulation of data Released: 2005-04-05 Diabolic Crab has reported some vulnerabilities in ProductCart, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks. Full Advisory: http://secunia.com/advisories/14833/ -- [SA14825] Comersus Cart Username Script Insertion Vulnerability Critical: Moderately critical Where: From remote Impact: Cross Site Scripting Released: 2005-04-05 Zinho has discovered a vulnerability in Comersus Cart, which can be exploited by malicious people to conduct script insertion attacks. Full Advisory: http://secunia.com/advisories/14825/ -- [SA14811] Quake3 Engine Denial of Service Vulnerability Critical: Less critical Where: From remote Impact: DoS Released: 2005-04-05 Luigi Auriemma has reported a vulnerability in the Quake3 Engine, which can be exploited by malicious people to conduct a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/14811/ -- [SA14837] CA eTrust Intrusion Detection CPImportKey Denial of Service Critical: Less critical Where: From local network Impact: DoS Released: 2005-04-06 A vulnerability has been reported in CA eTrust Intrusion Detection, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/14837/ -- [SA14829] DameWare NT Utilities / Mini Remote Control Privilege Escalation Critical: Less critical Where: From local network Impact: Privilege escalation Released: 2005-04-06 A vulnerability has been reported in DameWare NT Utilities and DameWare Mini Remote Control, which can be exploited by malicious users to gain escalated privileges. Full Advisory: http://secunia.com/advisories/14829/ -- [SA14790] BlueSoleil Object Push Service Directory Traversal Vulnerability Critical: Less critical Where: From local network Impact: Security Bypass Released: 2005-04-01 Kevin Finisterre has reported a vulnerability in BlueSoleil, which can be exploited by malicious users to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/14790/ -- [SA14813] Adobe Reader / Adobe Acrobat Local Files Detection and Denial of Service Critical: Not critical Where: From remote Impact: Exposure of system information, DoS Released: 2005-04-04 Two weaknesses have been reported in Adobe Reader and Adobe Acrobat, which can be exploited by malicious people to enumerate files on a user's system or crash the application. Full Advisory: http://secunia.com/advisories/14813/ -- [SA14808] Windows Server 2003 Local Denial of Service Vulnerabilities Critical: Not critical Where: Local system Impact: DoS Released: 2005-04-05 Two vulnerabilities have been reported in Microsoft Windows Server 2003, which can be exploited by malicious, local users to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/14808/ UNIX/Linux:-- [SA14819] Red Hat update for tetex Critical: Highly critical Where: From remote Impact: DoS, System access Released: 2005-04-04 Red Hat has issued an update for tetex. This fixes multiple vulnerabilities, which potentially can be exploited by malicious people to cause a DoS (Denial of Service) or compromise a user's system. Full Advisory: http://secunia.com/advisories/14819/ -- [SA14816] Debian update for imagemagick Critical: Highly critical Where: From remote Impact: System access Released: 2005-04-04 Debian has issued an update for imagemagick. This fixes some vulnerabilities, which potentially can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/14816/ -- [SA14807] SGI Advanced Linux Environment Multiple Updates Critical: Highly critical Where: From remote Impact: Security Bypass, Cross Site Scripting, Spoofing, DoS, System access Released: 2005-04-06 SGI has issued a patch for SGI Advanced Linux Environment. This fixes multiple vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions, conduct cross-site scripting and spoofing attacks, cause a DoS (Denial of Service), and compromise a user's system. Full Advisory: http://secunia.com/advisories/14807/ -- [SA14806] Gentoo update for sylpheed / sylpheed-claws Critical: Highly critical Where: From remote Impact: System access Released: 2005-04-04 Gentoo has issued updates for sylpheed and sylpheed-claws. These fix a vulnerability, which potentially can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/14806/ -- [SA14800] Mandrake update for ImageMagick Critical: Highly critical Where: From remote Impact: System access Released: 2005-04-04 MandrakeSoft has issued an update for ImageMagick. This fixes some vulnerabilities, which potentially can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/14800/ -- [SA14791] teTeX Multiple Image Decoder Parsing Vulnerabilities Critical: Highly critical Where: From remote Impact: DoS, System access Released: 2005-04-04 Some vulnerabilities have been reported in tetex, which potentially can be exploited by malicious people to cause a DoS (Denial of Service) or compromise a user's system. Full Advisory: http://secunia.com/advisories/14791/ -- [SA14855] Ubuntu update for libapache2-mod-php4/php4-cgi Critical: Moderately critical Where: From remote Impact: DoS Released: 2005-04-06 Ubuntu has issued updates for libapache2-mod-php4 and php4-cgi. These fix two vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/14855/ -- [SA14845] Red Hat update for curl Critical: Moderately critical Where: From remote Impact: System access Released: 2005-04-06 Red Hat has issued an update for curl. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/14845/ -- [SA14830] Gentoo update for dnsmasq Critical: Moderately critical Where: From remote Impact: Spoofing, Manipulation of data, DoS Released: 2005-04-05 Gentoo has issued an update for dnsmasq. This fixes two vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) or poison the DNS cache. Full Advisory: http://secunia.com/advisories/14830/ -- [SA14828] Slackware update for php Critical: Moderately critical Where: From remote Impact: Unknown, DoS Released: 2005-04-06 Slackware has issued an update for php. This fixes some vulnerabilities, where some have an unknown impact and others can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/14828/ -- [SA14817] Debian update for krb5 Critical: Moderately critical Where: From remote Impact: System access Released: 2005-04-04 Debian has issued an update for krb5. This fixes two vulnerabilities, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/14817/ -- [SA14805] Gentoo update for telnet-bsd Critical: Moderately critical Where: From remote Impact: System access Released: 2005-04-04 Gentoo has issued an update for telnet-bsd. This fixes two vulnerabilities, which can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/14805/ -- [SA14798] Ubuntu update for kernel Critical: Moderately critical Where: From remote Impact: Hijacking, Exposure of system information, Exposure of sensitive information, Privilege escalation, DoS, System access Released: 2005-04-04 Ubuntu has issued an update for the kernel. This fixes multiple vulnerabilities, which can be exploited to disclose information, cause a DoS (Denial of Service), gain escalated privileges, or potentially compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/14798/ -- [SA14797] SUSE update for ipsec-tools Critical: Moderately critical Where: From remote Impact: DoS Released: 2005-04-01 SUSE has issued an update for ipsec-tools. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/14797/ -- [SA14796] Mandrake update for libexif Critical: Moderately critical Where: From remote Impact: DoS, System access Released: 2005-04-01 Mandrakesoft has issued an update for libexif. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/14796/ -- [SA14794] Mandrake update for ipsec-tools Critical: Moderately critical Where: From remote Impact: DoS Released: 2005-04-01 MandrakeSoft has issued an update for ipsec-tools. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/14794/ -- [SA14792] PHP Multiple Vulnerabilities Critical: Moderately critical Where: From remote Impact: Unknown, DoS Released: 2005-04-01 Multiple vulnerabilities have been reported in PHP, where some have an unknown impact and others can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/14792/ -- [SA14856] AIX Unspecified NIS Client System Compromise Vulnerability Critical: Moderately critical Where: From local network Impact: Privilege escalation, System access Released: 2005-04-06 A vulnerability has been reported in AIX, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/14856/ -- [SA14826] Debian update for remstats Critical: Moderately critical Where: From local network Impact: Privilege escalation, System access Released: 2005-04-05 Debian has issued an update for remstats. This fixes two vulnerabilities, which can be exploited by malicious, local users to perform certain actions on a vulnerable system with escalated privileges and by malicious people to potentially compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/14826/ -- [SA14810] remstats Insecure Temporary File Creation and Arbitrary Command Execution Critical: Moderately critical Where: From local network Impact: Privilege escalation, System access Released: 2005-04-05 Jens Steube has reported two vulnerabilities in remstats, which can be exploited by malicious, local users to perform certain actions on a vulnerable system with escalated privileges, and by malicious people to potentially compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/14810/ -- [SA14834] Debian update for wu-ftpd Critical: Less critical Where: From remote Impact: DoS Released: 2005-04-05 Debian has issued an update for wu-ftpd. This fixes two vulnerabilities, which can be exploited by malicious users to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/14834/ -- [SA14803] Mandrake update for grip Critical: Less critical Where: From remote Impact: System access Released: 2005-04-04 MandrakeSoft has issued an update for grip. This fixes a vulnerability, which potentially can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/14803/ -- [SA14799] phpMyAdmin "convcharset" Cross-Site Scripting Vulnerability Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2005-04-04 Oriol Torrent Santiago has reported a vulnerability in phpMyAdmin, allowing malicious people to conduct cross-site scripting attack. Full Advisory: http://secunia.com/advisories/14799/ -- [SA14795] Mandrake update for htdig Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2005-04-01 Mandrakesoft has issued an update for htdig. This fixes a vulnerability, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/14795/ -- [SA14847] Fedora update for mysql Critical: Less critical Where: From local network Impact: Privilege escalation, System access Released: 2005-04-06 Fedora has issued an update for mysql. This fixes two vulnerabilities, which potentially can be exploited by malicious users to compromise a vulnerable system and by malicious, local users to perform certain actions on a vulnerable system with escalated privileges. Full Advisory: http://secunia.com/advisories/14847/ -- [SA14846] Red Hat update for mysql-server Critical: Less critical Where: From local network Impact: Privilege escalation, System access Released: 2005-04-06 Red Hat has issued an update for mysql-server. This fixes two vulnerabilities, which potentially can be exploited by malicious users to compromise a vulnerable system and by malicious, local users to perform certain actions on a vulnerable system with escalated privileges. Full Advisory: http://secunia.com/advisories/14846/ -- [SA14822] Conectiva update for mysql Critical: Less critical Where: From local network Impact: Privilege escalation, System access Released: 2005-04-05 Conectiva has issued an update for mysql. This fixes two vulnerabilities, which potentially can be exploited by malicious users to compromise a vulnerable system and by malicious, local users to perform certain actions on a vulnerable system with escalated privileges. Full Advisory: http://secunia.com/advisories/14822/ -- [SA14842] FreeBSD sendfile Kernel Memory Disclosure Vulnerability Critical: Less critical Where: Local system Impact: Exposure of system information, Exposure of sensitive information Released: 2005-04-06 Sven Berkvens and Marc Olzheim have reported a vulnerability in FreeBSD, which can be exploited by malicious, local users to gain knowledge of sensitive information. Full Advisory: http://secunia.com/advisories/14842/ -- [SA14840] Trustix update for kernel Critical: Less critical Where: Local system Impact: Exposure of system information, Exposure of sensitive information, Privilege escalation, DoS Released: 2005-04-06 Trustix has issued an update for kernel. This fixes multiple vulnerabilities, which can be exploited by malicious, local users to disclose information, cause a DoS (Denial of Service), or gain escalated privileges. Full Advisory: http://secunia.com/advisories/14840/ -- [SA14836] SCO OpenServer nwclient Privilege Escalation Vulnerability Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2005-04-06 Pasquale Minervini has reported a vulnerability in SCO OpenServer, which can be exploited by malicious, local users to gain escalated privileges. Full Advisory: http://secunia.com/advisories/14836/ -- [SA14835] SUSE update for kernel Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2005-04-05 SUSE has issued an update for the kernel. This fixes a vulnerability, which can be exploited by malicious, local users to gain escalated privileges. Full Advisory: http://secunia.com/advisories/14835/ -- [SA14827] FreeBSD amd64 Direct Hardware Access Security Issue Critical: Less critical Where: Local system Impact: Security Bypass Released: 2005-04-06 Jari Kirma has reported a security issue in FreeBSD, which can be exploited by malicious, local users to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/14827/ -- [SA14850] Fedora update for gaim Critical: Not critical Where: From remote Impact: DoS Released: 2005-04-06 Fedora has issued an update for gaim. This fixes three weaknesses, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/14850/ -- [SA14849] Ubuntu update for gaim Critical: Not critical Where: From remote Impact: DoS Released: 2005-04-06 Ubuntu has issued an update for gaim. This fixes two weaknesses, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/14849/ -- [SA14844] Red Hat update for gdk-pixbuf Critical: Not critical Where: From remote Impact: DoS Released: 2005-04-06 Red Hat has issued an update for gdk-pixbuf. This fixes a vulnerability, which can be exploited by malicious people to crash certain applications on a vulnerable system. Full Advisory: http://secunia.com/advisories/14844/ -- [SA14838] Ubuntu update for libgdk-pixbuf2/libgtk2.0-0 Critical: Not critical Where: From remote Impact: DoS Released: 2005-04-06 Ubuntu has issued updates for libgdk-pixbuf2 and libgtk2.0-0. These fix a vulnerability, which can be exploited by malicious people to crash certain applications on a vulnerable system. Full Advisory: http://secunia.com/advisories/14838/ -- [SA14818] Red Hat update for gtk2 Critical: Not critical Where: From remote Impact: DoS Released: 2005-04-04 Red Hat has issued an update for gtk2. This fixes a vulnerability, which can be exploited by malicious people to crash certain applications on a vulnerable system. Full Advisory: http://secunia.com/advisories/14818/ -- [SA14815] Gaim Multiple Denial of Service Weaknesses Critical: Not critical Where: From remote Impact: DoS Released: 2005-04-06 Three weaknesses have been reported in Gaim, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/14815/ -- [SA14824] Ubuntu update for unshar Critical: Not critical Where: Local system Impact: Privilege escalation Released: 2005-04-05 Ubuntu has issued an update for unshar. This fixes a vulnerability, which potentially can be exploited by malicious, local users to conduct certain actions on a vulnerable system with escalated privileges. Full Advisory: http://secunia.com/advisories/14824/ Other:-- [SA14823] SonicWALL SOHO series Cross-Site Scripting and Script Injection Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2005-04-05 Oliver Karow has reported two vulnerabilities in SonicWALL SOHO series, which can be exploited by malicious people to conduct cross-site scripting and script insertion attacks. Full Advisory: http://secunia.com/advisories/14823/ Cross Platform:-- [SA14802] AlstraSoft EPay Pro Cross-Site Scripting and Arbitrary File Inclusion Critical: Highly critical Where: From remote Impact: Cross Site Scripting, System access Released: 2005-04-04 Diabolic Crab has reported some vulnerabilities in AlstraSoft EPay Pro, which can be exploited by malicious people to conduct cross-site scripting attacks and compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/14802/ -- [SA14814] BakBone NetVault Buffer Overflow Vulnerabilities Critical: Highly critical Where: From local network Impact: System access Released: 2005-04-05 class101 has reported some vulnerabilities in BakBone NetVault, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/14814/ -- [SA14832] PayProCart Multiple Vulnerabilities Critical: Moderately critical Where: From remote Impact: Security Bypass, Cross Site Scripting, Exposure of sensitive information Released: 2005-04-05 Diabolic Crab has reported some vulnerabilities in PayProCart, which can be exploited by malicious people to conduct cross-site scripting attacks, disclose sensitive information, and bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/14832/ -- [SA14821] Mozilla Suite JavaScript Engine Information Disclosure Vulnerability Critical: Moderately critical Where: From remote Impact: Exposure of system information, Exposure of sensitive information Released: 2005-04-04 A vulnerability has been discovered in Mozilla Suite, which can be exploited by malicious people to gain knowledge of potentially sensitive information. Full Advisory: http://secunia.com/advisories/14821/ -- [SA14820] Mozilla Firefox JavaScript Engine Information Disclosure Vulnerability Critical: Moderately critical Where: From remote Impact: Exposure of system information, Exposure of sensitive information Released: 2005-04-04 A vulnerability has been discovered in Mozilla Firefox, which can be exploited by malicious people to gain knowledge of potentially sensitive information. Full Advisory: http://secunia.com/advisories/14820/ -- [SA14804] Netscape JavaScript Engine Information Disclosure Vulnerability Critical: Moderately critical Where: From remote Impact: Exposure of system information, Exposure of sensitive information Released: 2005-04-05 A vulnerability has been discovered in Netscape, which can be exploited by malicious people to gain knowledge of potentially sensitive information. Full Advisory: http://secunia.com/advisories/14804/ -- [SA14793] MX Shop / MX Kart SQL Injection Vulnerabilities Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2005-04-01 Diabolic Crab has reported some vulnerabilities in MX Shop and MX Kart, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/14793/ ======================================================================== Secunia recommends that you verify all advisories you receive, by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Subscribe: http://secunia.com/secunia_weekly_summary/ Contact details: Web : http://secunia.com/ E-mail : support@private Tel : +45 70 20 51 44 Fax : +45 70 20 51 45 _________________________________________ Network Security - http://www.auditmypc.com Free vulnerability test - How secure is your computer?
This archive was generated by hypermail 2.1.3 : Fri Apr 08 2005 - 02:11:06 PDT