======================================================================== The Secunia Weekly Advisory Summary 2005-06-09 - 2005-06-16 This week : 73 advisories ======================================================================== Table of Contents: 1.....................................................Word From Secunia 2....................................................This Week In Brief 3...............................This Weeks Top Ten Most Read Advisories 4.......................................Vulnerabilities Summary Listing 5.......................................Vulnerabilities Content Listing ======================================================================== 1) Word From Secunia: The Secunia staff is spending hours every day to assure you the best and most reliable source for vulnerability information. Every single vulnerability report is being validated and verified before a Secunia advisory is written. Secunia validates and verifies vulnerability reports in many different ways e.g. by downloading the software and performing comprehensive tests, by reviewing source code, or by validating the credibility of the source from which the vulnerability report was issued. As a result, Secunia's database is the most correct and complete source for recent vulnerability information available on the Internet. Secunia Online Vulnerability Database: http://secunia.com/ ======================================================================== 2) This Week in Brief: Microsoft has released security bulletins for June, correcting vulnerabilities in various Microsoft products. All users of Microsoft products are advised to check Windows Update for available updates. Additional details about the vulnerabilities can be found in referenced Secunia advisories. Reference: http://secunia.com/SA15606 http://secunia.com/SA15669 http://secunia.com/SA15683 http://secunia.com/SA15689 http://secunia.com/SA15690 http://secunia.com/SA15693 http://secunia.com/SA15694 http://secunia.com/SA15695 http://secunia.com/SA15696 http://secunia.com/SA15697 -- Two vulnerabilities have been reported in Java Web Start and Sun Java Runtime Environment (JRE), which can be exploited by malicious people to compromise a user's system. More information and links to patches can be found in Secunia advisory below. Reference: http://secunia.com/SA15671 -- Apple has issued a security update for Mac OS X, which fixes various vulnerabilities. Refer to Secunia advisory below for details. Reference: http://secunia.com/SA15481 VIRUS ALERTS: Secunia has not issued any virus alerts during the week. ======================================================================== 3) This Weeks Top Ten Most Read Advisories: 1. [SA15601] Mozilla / Mozilla Firefox Frame Injection Vulnerability 2. [SA15671] Java Web Start / Sun JRE Sandbox Security Bypass Vulnerability 3. [SA11966] Internet Explorer Frame Injection Vulnerability 4. [SA15606] Internet Explorer Two Vulnerabilities 5. [SA14820] Mozilla Firefox JavaScript Engine Information Disclosure Vulnerability 6. [SA11978] Multiple Browsers Frame Injection Vulnerability 7. [SA15602] Camino Frame Injection Vulnerability 8. [SA15659] Adobe License Management Service Vulnerability 9. [SA15292] Mozilla Firefox Two Vulnerabilities 10. [SA15683] Microsoft Windows HTML Help Input Validation Vulnerability ======================================================================== 4) Vulnerabilities Summary Listing Windows: [SA15726] Bitrix Site Manager File Inclusion Vulnerability [SA15683] Microsoft Windows HTML Help Input Validation Vulnerability [SA15669] Microsoft Windows Step-by-Step Interactive Training Vulnerability [SA15697] Microsoft Outlook Web Access Script Insertion Vulnerability [SA15696] Microsoft Windows Web Client Service Vulnerability [SA15695] Microsoft Outlook Express News Reading Buffer Overflow [SA15689] Microsoft Agent Trusted Internet Content Spoofing Vulnerability [SA15677] Novell iManager OpenSSL Denial of Service Vulnerability [SA15676] Novell eDirectory MS-DOS Device Name Denial of Service [SA15694] Microsoft Windows Server Message Block Vulnerability [SA15659] Adobe License Management Service Vulnerability [SA15711] Finjan SurfinGate URL Encoded URL Filtering Bypass [SA15693] Microsoft ISA Server Two Vulnerabilities [SA15673] Symantec pcAnywhere Privilege Escalation Vulnerability [SA15690] Microsoft Telnet Client Information Disclosure Weakness UNIX/Linux: [SA15679] SUSE update for bzip2/gaim/pound [SA15663] Pico Server Directory Traversal and Buffer Overflow [SA15661] Gentoo update for libextractor [SA15652] WebHints Shell Command Injection Vulnerability [SA15651] libextractor Multiple Vulnerabilities [SA15715] Avaya telnet Two Vulnerabilities [SA15714] Avaya Multiple Ethereal Vulnerabilities [SA15706] SUSE update for opera [SA15692] Trustix update for multiple packages [SA15680] Conectiva update for cvs [SA15664] Gentoo update for ettercap [SA15656] FreeBSD update for bind9 [SA15700] ViRobot Linux Server Cookie Overflow Vulnerability [SA15685] Conectiva update for openslp [SA15720] Mandriva update for tcpdump [SA15719] Mandriva update for gedit [SA15716] Avaya Products xloadimage Vulnerability [SA15712] Avaya tcpdump Denial of Service Vulnerabilities [SA15707] Red Hat update for squid [SA15703] Mandriva update for rsh [SA15699] Avaya Various Products PHP Vulnerabilities [SA15691] Gentoo update for MediaWiki [SA15688] Red Hat update for tcpdump [SA15687] Red Hat update for squid [SA15686] Red Hat update for gftp [SA15684] Red Hat update for mikmod [SA15682] Red Hat update for gzip [SA15675] Red Hat update for sysreport [SA15667] Gentoo update for gedit [SA15662] Red Hat update for gedit [SA15655] FreeBSD update for gzip [SA15650] Fedora update for tcpdump [SA15646] FreeBSD update for tcpdump [SA15645] Ubuntu update for gedit [SA15665] Gentoo update for lutelwall [SA15647] LutelWall Insecure Temporary File Creation [SA15713] Red Hat update for telnet [SA15709] Kerberos V5 Telnet Client Information Disclosure Weakness [SA15702] Mandriva update for gaim [SA15701] Ubuntu update for gaim [SA15681] Gentoo update for gaim [SA15672] Slackware update for gaim [SA15649] Ubuntu update for gaim [SA15717] Avaya Various Products sharutils Vulnerabilities [SA15668] Gentoo update for shtool/ocaml-mysql [SA15666] ocaml-mysql Insecure Temporary File Creation Other: Cross Platform: [SA15678] e107 eTrace Plugin Shell Command Injection Vulnerability [SA15671] Java Web Start / Sun JRE Sandbox Security Bypass Vulnerability [SA15658] Ovidentia FX "babInstallPath" File Inclusion Vulnerability [SA15657] Siteframe "LOCAL_PATH" File Inclusion Vulnerability [SA15653] e107 ePing Plugin Shell Command Injection Vulnerability [SA15710] Mambo "user_rating" SQL Injection Vulnerability [SA15708] Annuaire 1Two Cross-Site Scripting and Script Insertion [SA15660] Invision Gallery Two SQL Injection Vulnerabilities [SA15670] osCommerce HTTP Response Splitting Vulnerabilities [SA15654] Macromedia Products Privilege Escalation Vulnerability [SA15698] Adobe Reader / Adobe Acrobat Local File Detection Weakness [SA15648] gaim Two Denial of Service Weaknesses ======================================================================== 5) Vulnerabilities Content Listing Windows:-- [SA15726] Bitrix Site Manager File Inclusion Vulnerability Critical: Highly critical Where: From remote Impact: Exposure of system information, System access Released: 2005-06-16 D_BuG has discovered a vulnerability in Bitrix Site Manager, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/15726/ -- [SA15683] Microsoft Windows HTML Help Input Validation Vulnerability Critical: Highly critical Where: From remote Impact: System access Released: 2005-06-14 A vulnerability has been reported in Microsoft Windows, which can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/15683/ -- [SA15669] Microsoft Windows Step-by-Step Interactive Training Vulnerability Critical: Highly critical Where: From remote Impact: System access Released: 2005-06-14 iDEFENSE Labs has reported a vulnerability in Microsoft Windows, which can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/15669/ -- [SA15697] Microsoft Outlook Web Access Script Insertion Vulnerability Critical: Moderately critical Where: From remote Impact: Cross Site Scripting Released: 2005-06-14 Gaël Delalleau has reported a vulnerability in Microsoft Exchange Server, which can be exploited by malicious people to conduct script insertion attacks. Full Advisory: http://secunia.com/advisories/15697/ -- [SA15696] Microsoft Windows Web Client Service Vulnerability Critical: Moderately critical Where: From remote Impact: Privilege escalation, System access Released: 2005-06-14 Mark Litchfield has reported a vulnerability in Microsoft Windows, which can be exploited by malicious, local users to gain escalated privileges and by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/15696/ -- [SA15695] Microsoft Outlook Express News Reading Buffer Overflow Critical: Moderately critical Where: From remote Impact: System access Released: 2005-06-14 A vulnerability has been reported in Microsoft Outlook Express, which can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/15695/ -- [SA15689] Microsoft Agent Trusted Internet Content Spoofing Vulnerability Critical: Moderately critical Where: From remote Impact: Spoofing Released: 2005-06-14 A vulnerability has been reported in Microsoft Windows, which can be exploited by malicious people to spoof certain information and potentially trick a user into installing a malicious program. Full Advisory: http://secunia.com/advisories/15689/ -- [SA15677] Novell iManager OpenSSL Denial of Service Vulnerability Critical: Moderately critical Where: From remote Impact: DoS Released: 2005-06-13 Dennis Rand has reported a vulnerability in Novell iManager, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/15677/ -- [SA15676] Novell eDirectory MS-DOS Device Name Denial of Service Critical: Moderately critical Where: From remote Impact: DoS Released: 2005-06-13 Dennis Rand has reported a vulnerability in Novell eDirectory, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/15676/ -- [SA15694] Microsoft Windows Server Message Block Vulnerability Critical: Moderately critical Where: From local network Impact: System access Released: 2005-06-14 A vulnerability has been reported in Microsoft Windows, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/15694/ -- [SA15659] Adobe License Management Service Vulnerability Critical: Moderately critical Where: From local network Impact: System access Released: 2005-06-12 A vulnerability has been reported in some Adobe products, which can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/15659/ -- [SA15711] Finjan SurfinGate URL Encoded URL Filtering Bypass Critical: Less critical Where: From remote Impact: Security Bypass Released: 2005-06-15 Daniel Schroeter has reported a vulnerability in Finjan SurfinGate, which can be exploited by malicious people to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/15711/ -- [SA15693] Microsoft ISA Server Two Vulnerabilities Critical: Less critical Where: From remote Impact: Security Bypass, Manipulation of data Released: 2005-06-14 Two vulnerabilities have been reported in Microsoft ISA Server 2000, which can be exploited by malicious people to manipulate contents in the web cache or bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/15693/ -- [SA15673] Symantec pcAnywhere Privilege Escalation Vulnerability Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2005-06-12 A vulnerability has been reported in pcAnywhere, which can be exploited by malicious, local users to gain escalated privileges. Full Advisory: http://secunia.com/advisories/15673/ -- [SA15690] Microsoft Telnet Client Information Disclosure Weakness Critical: Not critical Where: From remote Impact: Exposure of system information Released: 2005-06-14 Gaël Delalleau has reported a weakness in Microsoft Windows, which can be exploited by malicious people to gain knowledge of various information. Full Advisory: http://secunia.com/advisories/15690/ UNIX/Linux:-- [SA15679] SUSE update for bzip2/gaim/pound Critical: Highly critical Where: From remote Impact: DoS, System access Released: 2005-06-12 SUSE has issued updates for bzip2, gaim, and pound. These fix some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/15679/ -- [SA15663] Pico Server Directory Traversal and Buffer Overflow Critical: Highly critical Where: From remote Impact: Security Bypass, Exposure of sensitive information, System access Released: 2005-06-13 Raphaël Rigo has reported some vulnerabilities in Pico Server, which can be exploited by malicious people to disclose sensitive information, bypass certain security restrictions and potentially compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/15663/ -- [SA15661] Gentoo update for libextractor Critical: Highly critical Where: From remote Impact: System access Released: 2005-06-10 Gentoo has issued an update for libextractor. This fixes some vulnerabilities, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/15661/ -- [SA15652] WebHints Shell Command Injection Vulnerability Critical: Highly critical Where: From remote Impact: System access Released: 2005-06-13 blahplok has reported a vulnerability in WebHints, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/15652/ -- [SA15651] libextractor Multiple Vulnerabilities Critical: Highly critical Where: From remote Impact: System access Released: 2005-06-10 A vulnerability has been reported in libextractor, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/15651/ -- [SA15715] Avaya telnet Two Vulnerabilities Critical: Moderately critical Where: From remote Impact: System access Released: 2005-06-15 Avaya has acknowledged two vulnerabilities in telnet, which can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/15715/ -- [SA15714] Avaya Multiple Ethereal Vulnerabilities Critical: Moderately critical Where: From remote Impact: DoS, System access Released: 2005-06-15 Avaya has acknowledged some vulnerabilities in Ethereal included in some products, which can be exploited by malicious people to cause a DoS (Denial of Service) or compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/15714/ -- [SA15706] SUSE update for opera Critical: Moderately critical Where: From remote Impact: Spoofing Released: 2005-06-16 SUSE has issued an update for opera. This fixes a security issue and a vulnerability, which can be exploited by a malicious web site to spoof the URL displayed in the address bar, SSL certificate, and status bar, and by malicious people to trick users into executing malicious files. Full Advisory: http://secunia.com/advisories/15706/ -- [SA15692] Trustix update for multiple packages Critical: Moderately critical Where: From remote Impact: Exposure of sensitive information, System access Released: 2005-06-14 Trustix has issued various updated packages. These fix some vulnerabilities, which can be exploited by malicious, local users to gain knowledge of sensitive information, or by malicious people to cause a DoS (Denial of Service) or compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/15692/ -- [SA15680] Conectiva update for cvs Critical: Moderately critical Where: From remote Impact: System access Released: 2005-06-13 Conectiva has issued an update for cvs. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/15680/ -- [SA15664] Gentoo update for ettercap Critical: Moderately critical Where: From remote Impact: System access Released: 2005-06-12 Gentoo has issued an update for ettercap. This fixes a vulnerability, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/15664/ -- [SA15656] FreeBSD update for bind9 Critical: Moderately critical Where: From remote Impact: DoS Released: 2005-06-10 FreeBSD has issued an update for bind9. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/15656/ -- [SA15700] ViRobot Linux Server Cookie Overflow Vulnerability Critical: Moderately critical Where: From local network Impact: System access Released: 2005-06-15 Kevin Finisterre has discovered a vulnerability in ViRobot Linux Server, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/15700/ -- [SA15685] Conectiva update for openslp Critical: Moderately critical Where: From local network Impact: System access Released: 2005-06-13 Conectiva has issued an update for openslp. This fixes some vulnerabilities, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/15685/ -- [SA15720] Mandriva update for tcpdump Critical: Less critical Where: From remote Impact: DoS Released: 2005-06-16 Mandriva has issued an update for tcpdump. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/15720/ -- [SA15719] Mandriva update for gedit Critical: Less critical Where: From remote Impact: System access Released: 2005-06-16 Mandriva has issued an update for gedit. This fixes a vulnerability, which potentially can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/15719/ -- [SA15716] Avaya Products xloadimage Vulnerability Critical: Less critical Where: From remote Impact: System access Released: 2005-06-15 Avaya has acknowledged a vulnerability in xloadimage, which potentially can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/15716/ -- [SA15712] Avaya tcpdump Denial of Service Vulnerabilities Critical: Less critical Where: From remote Impact: DoS Released: 2005-06-15 Avaya has acknowledged some vulnerabilities in tcpdump, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/15712/ -- [SA15707] Red Hat update for squid Critical: Less critical Where: From remote Impact: Security Bypass, Spoofing, Exposure of sensitive information, DoS Released: 2005-06-15 Red Hat has issued an update for squid. This fixes a security issue and two vulnerabilities, which can be exploited by malicious people to disclose sensitive information, spoof DNS lookups and cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/15707/ -- [SA15703] Mandriva update for rsh Critical: Less critical Where: From remote Impact: Manipulation of data Released: 2005-06-15 Mandriva has issued an update for rsh. This fixes a vulnerability, which potentially can be exploited by malicious people to overwrite arbitrary files on a user's system. Full Advisory: http://secunia.com/advisories/15703/ -- [SA15699] Avaya Various Products PHP Vulnerabilities Critical: Less critical Where: From remote Impact: Security Bypass, DoS, System access Released: 2005-06-15 Avaya has acknowledged some vulnerabilities in various products, which can be exploited by malicious, local users to access files outside the "open_basedir" root, and by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/15699/ -- [SA15691] Gentoo update for MediaWiki Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2005-06-14 Gentoo has issued an update for MediaWiki. This fixes a vulnerability, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/15691/ -- [SA15688] Red Hat update for tcpdump Critical: Less critical Where: From remote Impact: DoS Released: 2005-06-14 Red Hat has issued an update for tcpdump. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/15688/ -- [SA15687] Red Hat update for squid Critical: Less critical Where: From remote Impact: Security Bypass, Spoofing, DoS Released: 2005-06-14 Red Hat has issued an update for squid. This fixes some vulnerabilities, which can be exploited by malicious people to spoof DNS lookups and cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/15687/ -- [SA15686] Red Hat update for gftp Critical: Less critical Where: From remote Impact: Security Bypass, Manipulation of data Released: 2005-06-14 Red Hat has issued an update for gftp. This fixes a vulnerability, which can be exploited by malicious people to conduct directory traversal attacks. Full Advisory: http://secunia.com/advisories/15686/ -- [SA15684] Red Hat update for mikmod Critical: Less critical Where: From remote Impact: System access Released: 2005-06-14 Red Hat has issued an update for mikmod. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/15684/ -- [SA15682] Red Hat update for gzip Critical: Less critical Where: From remote Impact: Security Bypass, Manipulation of data Released: 2005-06-14 Red Hat has issued an update for gzip. This fixes a vulnerability, which potentially can be exploited by malicious people to extract files to arbitrary directories on a user's system. Full Advisory: http://secunia.com/advisories/15682/ -- [SA15675] Red Hat update for sysreport Critical: Less critical Where: From remote Impact: Exposure of sensitive information Released: 2005-06-14 Red Hat has issued an update for sysreport. This fixes a security issue, which may disclose sensitive information to malicious people. Full Advisory: http://secunia.com/advisories/15675/ -- [SA15667] Gentoo update for gedit Critical: Less critical Where: From remote Impact: System access Released: 2005-06-12 Gentoo has issued an update for gedit. This fixes a vulnerability, which potentially can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/15667/ -- [SA15662] Red Hat update for gedit Critical: Less critical Where: From remote Impact: System access Released: 2005-06-14 Red Hat has issued an update for gedit. This fixes a vulnerability, which potentially can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/15662/ -- [SA15655] FreeBSD update for gzip Critical: Less critical Where: From remote Impact: System access Released: 2005-06-10 FreeBSD has issued an update for gzip. This fixes a vulnerability, which potentially can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/15655/ -- [SA15650] Fedora update for tcpdump Critical: Less critical Where: From remote Impact: DoS Released: 2005-06-10 Fedora has issued an update for tcpdump. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/15650/ -- [SA15646] FreeBSD update for tcpdump Critical: Less critical Where: From remote Impact: DoS Released: 2005-06-10 FreeBSD has issued an update for tcpdump. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/15646/ -- [SA15645] Ubuntu update for gedit Critical: Less critical Where: From remote Impact: System access Released: 2005-06-10 Ubuntu has issued an update for gedit. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/15645/ -- [SA15665] Gentoo update for lutelwall Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2005-06-13 Gentoo has issued an update for lutelwall. This fixes a vulnerability, which can be exploited by malicious, local users to perform certain actions on a vulnerable system with escalated privileges. Full Advisory: http://secunia.com/advisories/15665/ -- [SA15647] LutelWall Insecure Temporary File Creation Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2005-06-13 Eric Romang has reported a vulnerability in LutelWall, which can be exploited by malicious, local users to perform certain actions on a vulnerable system with escalated privileges. Full Advisory: http://secunia.com/advisories/15647/ -- [SA15713] Red Hat update for telnet Critical: Not critical Where: From remote Impact: Exposure of system information Released: 2005-06-15 Red Hat has issued an update for telnet. This fixes a weakness, which can be exploited by malicious people to gain knowledge of certain system information. Full Advisory: http://secunia.com/advisories/15713/ -- [SA15709] Kerberos V5 Telnet Client Information Disclosure Weakness Critical: Not critical Where: From remote Impact: Exposure of system information Released: 2005-06-15 Gaël Delalleau has reported a weakness in Kerberos V5, which can be exploited by malicious people to gain knowledge of various information. Full Advisory: http://secunia.com/advisories/15709/ -- [SA15702] Mandriva update for gaim Critical: Not critical Where: From remote Impact: DoS Released: 2005-06-15 Mandriva has issued an update for gaim. This fixes two weaknesses, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/15702/ -- [SA15701] Ubuntu update for gaim Critical: Not critical Where: From remote Impact: DoS Released: 2005-06-16 Ubuntu has issued an update for gaim. This fixes a weakness in the processing of malformed MSN message, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/15701/ -- [SA15681] Gentoo update for gaim Critical: Not critical Where: From remote Impact: DoS Released: 2005-06-13 Gentoo has issued an update for gaim. This fixes two weaknesses, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/15681/ -- [SA15672] Slackware update for gaim Critical: Not critical Where: From remote Impact: DoS Released: 2005-06-14 Slackware has issued an update for gaim. This fixes two weaknesses, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/15672/ -- [SA15649] Ubuntu update for gaim Critical: Not critical Where: From remote Impact: DoS Released: 2005-06-10 Ubuntu has issued an update for gaim. This fixes a weakness, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/15649/ -- [SA15717] Avaya Various Products sharutils Vulnerabilities Critical: Not critical Where: Local system Impact: Privilege escalation Released: 2005-06-15 Avaya has acknowledged some vulnerabilities in sharutils included in various products, which potentially can be exploited by malicious, local users to conduct certain actions on a vulnerable system with escalated privileges. Full Advisory: http://secunia.com/advisories/15717/ -- [SA15668] Gentoo update for shtool/ocaml-mysql Critical: Not critical Where: Local system Impact: Privilege escalation Released: 2005-06-13 Gentoo has issued updates for shtool and ocaml-mysql. These fix a vulnerability, which can be exploited by malicious, local users to perform certain actions on a vulnerable system with escalated privileges. Full Advisory: http://secunia.com/advisories/15668/ -- [SA15666] ocaml-mysql Insecure Temporary File Creation Critical: Not critical Where: Local system Impact: Privilege escalation Released: 2005-06-13 A vulnerability has been reported in ocaml-mysql, which potentially can be exploited by malicious, local users to perform certain actions on a vulnerable system with escalated privileges. Full Advisory: http://secunia.com/advisories/15666/ Other: Cross Platform:-- [SA15678] e107 eTrace Plugin Shell Command Injection Vulnerability Critical: Highly critical Where: From remote Impact: System access Released: 2005-06-13 Oliver has reported a vulnerability in the eTrace plugin for e107, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/15678/ -- [SA15671] Java Web Start / Sun JRE Sandbox Security Bypass Vulnerability Critical: Highly critical Where: From remote Impact: System access Released: 2005-06-14 Two vulnerabilities have been reported in Java Web Start and Sun Java Runtime Environment (JRE), which can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/15671/ -- [SA15658] Ovidentia FX "babInstallPath" File Inclusion Vulnerability Critical: Highly critical Where: From remote Impact: System access Released: 2005-06-10 Status-x has reported a vulnerability in Ovidentia FX, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/15658/ -- [SA15657] Siteframe "LOCAL_PATH" File Inclusion Vulnerability Critical: Highly critical Where: From remote Impact: System access Released: 2005-06-10 PRI[l has reported a vulnerability in Siteframe, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/15657/ -- [SA15653] e107 ePing Plugin Shell Command Injection Vulnerability Critical: Highly critical Where: From remote Impact: System access Released: 2005-06-10 m00fd1 has reported a vulnerability in the ePing plugin for e107, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/15653/ -- [SA15710] Mambo "user_rating" SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2005-06-15 pokleyzz has reported a vulnerability in Mambo, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/15710/ -- [SA15708] Annuaire 1Two Cross-Site Scripting and Script Insertion Critical: Moderately critical Where: From remote Impact: Cross Site Scripting Released: 2005-06-15 Sylvain Thual has reported some vulnerabilities in Annuaire 1Two, which can be exploited by malicious people to conduct cross-site scripting and script insertion attacks. Full Advisory: http://secunia.com/advisories/15708/ -- [SA15660] Invision Gallery Two SQL Injection Vulnerabilities Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2005-06-10 James Bercegay has reported two vulnerabilities in Invision Gallery, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/15660/ -- [SA15670] osCommerce HTTP Response Splitting Vulnerabilities Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2005-06-13 James Bercegay has reported some vulnerabilities in osCommerce, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/15670/ -- [SA15654] Macromedia Products Privilege Escalation Vulnerability Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2005-06-10 A vulnerability has been reported in various Macromedia products, which potentially can be exploited by malicious, local users to gain escalated privileges. Full Advisory: http://secunia.com/advisories/15654/ -- [SA15698] Adobe Reader / Adobe Acrobat Local File Detection Weakness Critical: Not critical Where: From remote Impact: Exposure of system information Released: 2005-06-15 A weakness has been reported in Adobe Reader and Adobe Acrobat, which can be exploited by malicious people to gain knowledge of certain system information. Full Advisory: http://secunia.com/advisories/15698/ -- [SA15648] gaim Two Denial of Service Weaknesses Critical: Not critical Where: From remote Impact: DoS Released: 2005-06-10 Two weaknesses have been reported in gaim, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/15648/ ======================================================================== Secunia recommends that you verify all advisories you receive, by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Subscribe: http://secunia.com/secunia_weekly_summary/ Contact details: Web : http://secunia.com/ E-mail : support@private Tel : +45 70 20 51 44 Fax : +45 70 20 51 45 _________________________________________ Attend the Black Hat Briefings and Training, Las Vegas July 23-28 - 2,000+ international security experts, 10 tracks, no vendor pitches. www.blackhat.com
This archive was generated by hypermail 2.1.3 : Thu Jun 16 2005 - 22:58:40 PDT