========================================================================
The Secunia Weekly Advisory Summary
2005-09-08 - 2005-09-15
This week : 82 advisories
========================================================================
Table of Contents:
1.....................................................Word From Secunia
2....................................................This Week In Brief
3...............................This Weeks Top Ten Most Read Advisories
4.......................................Vulnerabilities Summary Listing
5.......................................Vulnerabilities Content Listing
========================================================================
1) Word From Secunia:
The Secunia staff is spending hours every day to assure you the best
and most reliable source for vulnerability information. Every single
vulnerability report is being validated and verified before a Secunia
advisory is written.
Secunia validates and verifies vulnerability reports in many different
ways e.g. by downloading the software and performing comprehensive
tests, by reviewing source code, or by validating the credibility of
the source from which the vulnerability report was issued.
As a result, Secunia's database is the most correct and complete source
for recent vulnerability information available on the Internet.
Secunia Online Vulnerability Database:
http://secunia.com/
========================================================================
2) This Week in Brief:
Tom Ferris has discovered a vulnerability in various Mozilla based
browsers, which can be exploited by malicious people to cause a DoS
(Denial of Service) or to compromise a user's system.
Please view the referenced Secunia advisories for additional details.
Reference:
http://secunia.com/SA16764
http://secunia.com/SA16766
http://secunia.com/SA16767
VIRUS ALERTS:
Secunia has not issued any virus alerts during the week.
========================================================================
3) This Weeks Top Ten Most Read Advisories:
1. [SA16764] Firefox IDN URL Domain Name Buffer Overflow
2. [SA16767] Mozilla IDN URL Domain Name Buffer Overflow
3. [SA16766] Netscape IDN URL Domain Name Buffer Overflow
4. [SA16747] Linux Kernel Multiple Vulnerabilities
5. [SA11762] Opera Browser Favicon Displaying Address Bar Spoofing
Vulnerability
6. [SA16480] Microsoft DDS Library Shape Control Code Execution
Vulnerability
7. [SA15601] Mozilla / Mozilla Firefox Frame Injection Vulnerability
8. [SA16560] Windows Registry Editor Utility String Concealment
Weakness
9. [SA16806] Linksys WRT54G Multiple Vulnerabilities
10. [SA12758] Microsoft Word Document Parsing Buffer Overflow
Vulnerabilities
========================================================================
4) Vulnerabilities Summary Listing
Windows:
[SA16778] Mall23 eCommerce "idPage" SQL Injection Vulnerability
[SA16824] Hosting Controller Unspecified Disclosure of Sensitive
Information
[SA16798] Handy Address Book Server SEARCHTEXT Cross-Site Scripting
[SA16792] WhatsUp Gold "map.asp" Cross-Site Scripting Vulnerability
[SA16742] COOL! Remote Control Denial of Service Vulnerability
UNIX/Linux:
[SA16815] Debian update for centericq
[SA16814] AzDGDatingLite "l" Local File Inclusion Vulnerability
[SA16797] Debian update for mozilla
[SA16784] Red Hat update for firefox
[SA16782] Red Hat update for mozilla
[SA16780] Fedora update for firefox
[SA16779] Fedora update for mozilla
[SA16772] Ubuntu update for
mozilla-browser/mozilla-firefox/mozilla-thunderbird
[SA16743] SGI Advanced Linux Environment Multiple Updates
[SA16828] Red Hat update for squid
[SA16811] Debian update for turqstat
[SA16810] Turquoise SuperStat Date Parser Buffer Overflow
[SA16808] Apple Mac OS X update for Java
[SA16807] Ubuntu update for squid
[SA16804] SUSE Updates for Multiple Packages
[SA16800] Gentoo update for python
[SA16789] Trustix update for multiple packages
[SA16783] GNU Mailutils imap4d "SEARCH" Format String Vulnerability
[SA16781] pam-per-user Cached PAM "subrequest" Vulnerability
[SA16771] Debian update for libapache-mod-ssl
[SA16769] SUSE update for apache2
[SA16768] Debian update for squid
[SA16763] UnixWare update for racoon
[SA16760] Mandriva update for squid
[SA16758] Red Hat update for pcre
[SA16754] Debian update for apache2
[SA16753] Mandriva update for apache2
[SA16752] Textbased MSN Client (TMSNC) Format String Vulnerability
[SA16751] OS/400 osp-cert Certificate Handling Vulnerabilities
[SA16748] Slackware update for mod_ssl
[SA16746] Fedora update for httpd
[SA16787] Debian update for tdiary
[SA16794] Slackware update for dhcpcd
[SA16774] rdiff-backup "--restrict" Security Bypass Vulnerability
[SA16747] Linux Kernel Multiple Vulnerabilities
[SA16823] Debian update for common-lisp-controller
[SA16822] common-lisp-controller Cache Directory Privilege Escalation
[SA16821] Mandriva update for XFree86
[SA16817] LineControl Java Client Log Messages Password Disclosure
[SA16816] GNU Texinfo Insecure Temporary File Creation
[SA16812] Red Hat update for xorg-x11
[SA16803] Ubuntu update for xserver-xfree86/xserver-xorg
[SA16799] Red Hat update for XFree86
[SA16791] Gentoo update for xorg-x11
[SA16790] X11 Pixmap Creation Integer Overflow Vulnerability
[SA16777] XFree86 Pixmap Creation Integer Overflow Vulnerability
[SA16755] Red Hat update for exim
[SA16750] Ubuntu update for kernel
[SA16749] Slackware update for kdebase
[SA16745] Debian update for kdelibs
[SA16825] Fedora update for util-linux
[SA16795] Slackware update for util-linux
[SA16785] util-linux umount "-r" Re-Mounting Security Issue
[SA16765] Debian update for gcvs
Other:
[SA16761] Cisco CSS SSL Authentication Bypass Vulnerability
[SA16806] Linksys WRT54G Multiple Vulnerabilities
[SA16776] Ingate Firewall and SIParator Unspecified Cross-Site
Scripting
Cross Platform:
[SA16820] TWiki "rev" Shell Command Injection Vulnerability
[SA16767] Mozilla IDN URL Domain Name Buffer Overflow
[SA16766] Netscape IDN URL Domain Name Buffer Overflow
[SA16764] Firefox IDN URL Domain Name Buffer Overflow
[SA16826] Noah's Classified SQL Injection and Cross-Site Scripting
[SA16819] DeluxeBB SQL Injection Vulnerabilities
[SA16813] ATutor Password Reminder SQL Injection Vulnerability
[SA16802] Sun Java System Application Server JAR File Content
Disclosure
[SA16801] PHP-Nuke SQL Injection Vulnerabilities
[SA16796] Subscribe Me Pro "l" Parameter Directory Traversal
Vulnerability
[SA16793] Python PCRE Integer Overflow Vulnerability
[SA16788] Zebedee Denial of Service Vulnerability
[SA16786] Snort TCP SACK Option Handling Denial of Service
[SA16775] PunBB Multiple Vulnerabilities
[SA16773] Qt Library zlib Vulnerabilities
[SA16762] class-1 Forum Software File Extension SQL Injection
Vulnerability
[SA16757] Sun Java System Web Proxy Server Denial of Service
Vulnerabilities
[SA16756] mimicboard2 Script Insertion and Exposure of User
Credentials
[SA16830] IBM Lotus Domino "BaseTarget" and "Src" Cross-Site Scripting
[SA16744] Sawmill Error Message Cross-Site Scripting Vulnerability
========================================================================
5) Vulnerabilities Content Listing
Windows:--
[SA16778] Mall23 eCommerce "idPage" SQL Injection Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2005-09-12
David Sopas Ferreira has reported a vulnerability in Mall23 eCommerce,
which can be exploited by malicious people to conduct SQL injection
attacks.
Full Advisory:
http://secunia.com/advisories/16778/
--
[SA16824] Hosting Controller Unspecified Disclosure of Sensitive
Information
Critical: Less critical
Where: From remote
Impact: Exposure of sensitive information
Released: 2005-09-15
A vulnerability has been reported in Hosting Controller, which can be
exploited by malicious users to disclose sensitive information.
Full Advisory:
http://secunia.com/advisories/16824/
--
[SA16798] Handy Address Book Server SEARCHTEXT Cross-Site Scripting
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2005-09-13
fRoGGz has reported a vulnerability in Handy Address Book Server, which
can be exploited by malicious people to conduct cross-site scripting
attacks.
Full Advisory:
http://secunia.com/advisories/16798/
--
[SA16792] WhatsUp Gold "map.asp" Cross-Site Scripting Vulnerability
Critical: Less critical
Where: From local network
Impact: Cross Site Scripting
Released: 2005-09-12
Dennis Rand has discovered a vulnerability in WhatsUp Gold, which can
be exploited by malicious people to conduct cross-site scripting
attacks.
Full Advisory:
http://secunia.com/advisories/16792/
--
[SA16742] COOL! Remote Control Denial of Service Vulnerability
Critical: Less critical
Where: From local network
Impact: DoS
Released: 2005-09-12
basher13 has discovered a vulnerability in COOL! Remote Control, which
can be exploited by malicious people to cause a DoS (Denial of
Service).
Full Advisory:
http://secunia.com/advisories/16742/
UNIX/Linux:--
[SA16815] Debian update for centericq
Critical: Highly critical
Where: From remote
Impact: System access, DoS
Released: 2005-09-15
Debian has issued an update for centericq. This fixes some
vulnerabilities, which potentially can be exploited by malicious people
to cause a DoS (Denial of Service) or compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/16815/
--
[SA16814] AzDGDatingLite "l" Local File Inclusion Vulnerability
Critical: Highly critical
Where: From remote
Impact: Exposure of sensitive information, System access
Released: 2005-09-15
rgod has reported a vulnerability in AzDGDatingLite, which can be
exploited by malicious people to disclose sensitive information and
compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/16814/
--
[SA16797] Debian update for mozilla
Critical: Highly critical
Where: From remote
Impact: Security Bypass, Cross Site Scripting, Spoofing, System
access
Released: 2005-09-13
Debian has issued an update for mozilla. This fixes some
vulnerabilities, which can be exploited by malicious people to bypass
certain security restrictions, conduct cross-site scripting and
spoofing attacks, and compromise a user's system.
Full Advisory:
http://secunia.com/advisories/16797/
--
[SA16784] Red Hat update for firefox
Critical: Highly critical
Where: From remote
Impact: DoS, System access
Released: 2005-09-12
Red Hat has issued an update for firefox. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service) or to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/16784/
--
[SA16782] Red Hat update for mozilla
Critical: Highly critical
Where: From remote
Impact: DoS, System access
Released: 2005-09-12
Red hat has issued an update for mozilla. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service) or to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/16782/
--
[SA16780] Fedora update for firefox
Critical: Highly critical
Where: From remote
Impact: DoS, System access
Released: 2005-09-12
Fedora has issued an update for firefox. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service) or to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/16780/
--
[SA16779] Fedora update for mozilla
Critical: Highly critical
Where: From remote
Impact: DoS, System access
Released: 2005-09-12
Fedora has issued an update for mozilla. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service) or to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/16779/
--
[SA16772] Ubuntu update for
mozilla-browser/mozilla-firefox/mozilla-thunderbird
Critical: Highly critical
Where: From remote
Impact: DoS, System access
Released: 2005-09-12
Ubuntu has issued updates for mozilla-browser, mozilla-firefox and
mozilla-thunderbird. These fix a vulnerability, which can be exploited
by malicious people to cause a DoS (Denial of Service) and compromise a
user's system.
Full Advisory:
http://secunia.com/advisories/16772/
--
[SA16743] SGI Advanced Linux Environment Multiple Updates
Critical: Highly critical
Where: From remote
Impact: Security Bypass, Privilege escalation, DoS, System access
Released: 2005-09-08
SGI has issued a patch for SGI Advanced Linux Environment, which fixes
multiple vulnerabilities in various packages.
Full Advisory:
http://secunia.com/advisories/16743/
--
[SA16828] Red Hat update for squid
Critical: Moderately critical
Where: From remote
Impact: Exposure of system information, Exposure of sensitive
information, DoS
Released: 2005-09-15
Red Hat has issued an update for squid. This fixes some
vulnerabilities, which can be exploited by malicious people to gain
knowledge of potentially sensitive information and potentially cause a
DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/16828/
--
[SA16811] Debian update for turqstat
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2005-09-15
Debian has issued an update for turqstat. This fixes a vulnerability,
which potentially can be exploited by malicious people to compromise a
user's system.
Full Advisory:
http://secunia.com/advisories/16811/
--
[SA16810] Turquoise SuperStat Date Parser Buffer Overflow
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2005-09-15
A vulnerability has been reported in Turquoise SuperStat, which
potentially can be exploited by malicious people to compromise a user's
system.
Full Advisory:
http://secunia.com/advisories/16810/
--
[SA16808] Apple Mac OS X update for Java
Critical: Moderately critical
Where: From remote
Impact: Hijacking, Security Bypass, Manipulation of data,
Privilege escalation
Released: 2005-09-14
Some vulnerabilities have been reported in Java for Mac OS X, which can
be exploited by malicious, local users to manipulate certain data,
disclose sensitive information and gain escalated privileges, and by
malicious people to bypass certain security restrictions.
Full Advisory:
http://secunia.com/advisories/16808/
--
[SA16807] Ubuntu update for squid
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2005-09-13
Ubuntu has issued an update for squid. This fixes two vulnerabilities,
which potentially can be exploited by malicious people to cause a DoS
(Denial of Service).
Full Advisory:
http://secunia.com/advisories/16807/
--
[SA16804] SUSE Updates for Multiple Packages
Critical: Moderately critical
Where: From remote
Impact: Unknown, Exposure of sensitive information, DoS, System
access
Released: 2005-09-13
SUSE has issued updates for multiple packages. These fix various
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service), gain knowledge of sensitive information and
potentially compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/16804/
--
[SA16800] Gentoo update for python
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2005-09-13
Gentoo has issued an update for python. This fixes a vulnerability,
which potentially can be exploited by malicious people to compromise a
vulnerable system.
Full Advisory:
http://secunia.com/advisories/16800/
--
[SA16789] Trustix update for multiple packages
Critical: Moderately critical
Where: From remote
Impact: Security Bypass, Privilege escalation, DoS
Released: 2005-09-12
Trustix has issued updates for multiple packages. These fix some
vulnerabilities, which can be exploited malicious users to gain
escalated privileges or bypass certain security restrictions and by
malicious people to cause a DoS (Denial of Service) or potentially
bypass certain security restrictions.
Full Advisory:
http://secunia.com/advisories/16789/
--
[SA16783] GNU Mailutils imap4d "SEARCH" Format String Vulnerability
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2005-09-12
A vulnerability has been reported in GNU Mailutils, which can be
exploited by malicious users to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/16783/
--
[SA16781] pam-per-user Cached PAM "subrequest" Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Security Bypass
Released: 2005-09-13
A vulnerability has been reported in pam-per-user, which can be
exploited by malicious users to bypass certain security restrictions.
Full Advisory:
http://secunia.com/advisories/16781/
--
[SA16771] Debian update for libapache-mod-ssl
Critical: Moderately critical
Where: From remote
Impact: Security Bypass
Released: 2005-09-13
Debian has issued an update for libapache-mod-ssl. This fixes a
security issue, which potentially can be exploited by malicious people
to bypass certain security restrictions.
Full Advisory:
http://secunia.com/advisories/16771/
--
[SA16769] SUSE update for apache2
Critical: Moderately critical
Where: From remote
Impact: Security Bypass, Privilege escalation, DoS
Released: 2005-09-12
SUSE has issued an update for apache2. This fixes some vulnerabilities,
which can be exploited by malicious, local users to gain escalated
privileges and by malicious people to bypass certain security
restrictions and cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/16769/
--
[SA16768] Debian update for squid
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2005-09-13
Debian has issued an update for squid. This fixes some vulnerabilities,
which potentially can be exploited by malicious people to cause a DoS
(Denial of Service).
Full Advisory:
http://secunia.com/advisories/16768/
--
[SA16763] UnixWare update for racoon
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2005-09-09
SCO has issued an update for racoon. This fixes a vulnerability, which
can be exploited by malicious people to cause a DoS (Denial of
Service).
Full Advisory:
http://secunia.com/advisories/16763/
--
[SA16760] Mandriva update for squid
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2005-09-13
Mandriva has issued an update for squid. This fixes some
vulnerabilities, which potentially can be exploited by malicious people
to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/16760/
--
[SA16758] Red Hat update for pcre
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2005-09-09
Red Hat has issued an update for pcre. This fixes a vulnerability,
which potentially can be exploited by malicious people to compromise a
vulnerable system.
Full Advisory:
http://secunia.com/advisories/16758/
--
[SA16754] Debian update for apache2
Critical: Moderately critical
Where: From remote
Impact: Security Bypass, Cross Site Scripting, Manipulation of
data, DoS
Released: 2005-09-09
Debian has issued an update for apache2. This fixes three
vulnerabilities and a security issue, which can be exploited by
malicious people to cause a DoS (Denial of Service), conduct HTTP
request smuggling attacks, and potentially bypass certain security
restrictions.
Full Advisory:
http://secunia.com/advisories/16754/
--
[SA16753] Mandriva update for apache2
Critical: Moderately critical
Where: From remote
Impact: Security Bypass, DoS
Released: 2005-09-09
Mandriva has issued an update for apache2. This fixes a vulnerability
and a security issue, which can be exploited by malicious people to
cause a DoS (Denial of Service) and potentially bypass certain security
restrictions.
Full Advisory:
http://secunia.com/advisories/16753/
--
[SA16752] Textbased MSN Client (TMSNC) Format String Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Unknown
Released: 2005-09-12
A vulnerability has been reported in TMSNC, with an unknown impact.
Full Advisory:
http://secunia.com/advisories/16752/
--
[SA16751] OS/400 osp-cert Certificate Handling Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Unknown
Released: 2005-09-09
Some vulnerabilities have been reported in OS/400, with unknown
impacts.
Full Advisory:
http://secunia.com/advisories/16751/
--
[SA16748] Slackware update for mod_ssl
Critical: Moderately critical
Where: From remote
Impact: Security Bypass
Released: 2005-09-09
Slackware has issued an update for mod_ssl. This fixes a vulnerability
which potentially can be exploited by malicious people to bypass
certain security restrictions.
Full Advisory:
http://secunia.com/advisories/16748/
--
[SA16746] Fedora update for httpd
Critical: Moderately critical
Where: From remote
Impact: Security Bypass, DoS
Released: 2005-09-08
Fedora has issued an update for httpd. This fixes a vulnerability and a
security issue, which can be exploited by malicious people to cause a
DoS (Denial of Service) and potentially bypass certain security
restrictions.
Full Advisory:
http://secunia.com/advisories/16746/
--
[SA16787] Debian update for tdiary
Critical: Less critical
Where: From remote
Impact: Hijacking
Released: 2005-09-13
Debian has issued an update for tdiary. This fixes a vulnerability,
which can be exploited by malicious people to conduct cross-site
request forgery attacks.
Full Advisory:
http://secunia.com/advisories/16787/
--
[SA16794] Slackware update for dhcpcd
Critical: Less critical
Where: From local network
Impact: DoS
Released: 2005-09-13
Slackware has issued an update for dhcpcd. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service).
Full Advisory:
http://secunia.com/advisories/16794/
--
[SA16774] rdiff-backup "--restrict" Security Bypass Vulnerability
Critical: Less critical
Where: From local network
Impact: Security Bypass
Released: 2005-09-12
A vulnerability has been reported in rdiff-backup, which can be
exploited by malicious users to bypass certain security restrictions.
Full Advisory:
http://secunia.com/advisories/16774/
--
[SA16747] Linux Kernel Multiple Vulnerabilities
Critical: Less critical
Where: From local network
Impact: Exposure of sensitive information, Privilege escalation,
DoS
Released: 2005-09-09
Some vulnerabilities have been reported in the Linux kernel, which
potentially can be exploited by malicious, local users to disclose
certain sensitive information, cause a DoS (Denial of Service) and gain
escalated privileges, or by malicious people to cause a DoS.
Full Advisory:
http://secunia.com/advisories/16747/
--
[SA16823] Debian update for common-lisp-controller
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2005-09-14
Debian has issued an update for common-lisp-controller. This fixes a
vulnerability, which can be exploited by malicious, local users to gain
escalated privileges.
Full Advisory:
http://secunia.com/advisories/16823/
--
[SA16822] common-lisp-controller Cache Directory Privilege Escalation
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2005-09-14
Francois-Rene Rideau has reported a vulnerability in
common-lisp-controller, which can be exploited by malicious, local
users to gain escalated privileges.
Full Advisory:
http://secunia.com/advisories/16822/
--
[SA16821] Mandriva update for XFree86
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2005-09-14
Mandriva has issued an update for XFree86. This fixes a vulnerability,
which potentially can be exploited by malicious, local users to gain
escalated privileges.
Full Advisory:
http://secunia.com/advisories/16821/
--
[SA16817] LineControl Java Client Log Messages Password Disclosure
Critical: Less critical
Where: Local system
Impact: Exposure of sensitive information
Released: 2005-09-14
A vulnerability has been reported in LineControl Java Client, which can
be exploited by malicious, local users to disclose certain sensitive
information.
Full Advisory:
http://secunia.com/advisories/16817/
--
[SA16816] GNU Texinfo Insecure Temporary File Creation
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2005-09-15
Frank Lichtenheld has reported a vulnerability in texindex, which can
be exploited by malicious, local users to perform certain actions on a
vulnerable system with escalated privileges.
Full Advisory:
http://secunia.com/advisories/16816/
--
[SA16812] Red Hat update for xorg-x11
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2005-09-14
Red Hat has issued an update for xorg-x11. This fixes a vulnerability,
which potentially can be exploited by malicious, local users to gain
escalated privileges.
Full Advisory:
http://secunia.com/advisories/16812/
--
[SA16803] Ubuntu update for xserver-xfree86/xserver-xorg
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2005-09-13
Ubuntu has issued updates for xserver-xfree86 and xserver-xorg. These
fix a vulnerability, which potentially can be exploited by malicious,
local users to gain escalated privileges.
Full Advisory:
http://secunia.com/advisories/16803/
--
[SA16799] Red Hat update for XFree86
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2005-09-13
Red Hat has issued an update for XFree86. This fixes a vulnerability,
which potentially can be exploited by malicious, local users to gain
escalated privileges.
Full Advisory:
http://secunia.com/advisories/16799/
--
[SA16791] Gentoo update for xorg-x11
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2005-09-13
Gentoo has issued an update for xorg-x11. This fixes a vulnerability,
which potentially can be exploited by malicious, local users to gain
escalated privileges.
Full Advisory:
http://secunia.com/advisories/16791/
--
[SA16790] X11 Pixmap Creation Integer Overflow Vulnerability
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2005-09-13
A vulnerability has been reported in X11, which potentially can be
exploited by malicious, local users to gain escalated privileges.
Full Advisory:
http://secunia.com/advisories/16790/
--
[SA16777] XFree86 Pixmap Creation Integer Overflow Vulnerability
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2005-09-13
Luke Hutchison has reported a vulnerability in XFree86, which
potentially can be exploited by malicious, local users to gain
escalated privileges.
Full Advisory:
http://secunia.com/advisories/16777/
--
[SA16755] Red Hat update for exim
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2005-09-09
Red Hat has issued an update for exim. This fixes a vulnerability,
which potentially can be exploited by malicious, local users to gain
escalated privileges.
Full Advisory:
http://secunia.com/advisories/16755/
--
[SA16750] Ubuntu update for kernel
Critical: Less critical
Where: Local system
Impact: Security Bypass, Exposure of sensitive information,
Privilege escalation, DoS
Released: 2005-09-09
Ubuntu has issued an update for kernel. This fixes some
vulnerabilities, which can be exploited by malicious, local users to
disclose certain sensitive information, cause a DoS (Denial of
Service), bypass certain security restrictions and gain escalated
privileges.
Full Advisory:
http://secunia.com/advisories/16750/
--
[SA16749] Slackware update for kdebase
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2005-09-09
Slackware has issued an update for kdebase. This fixes a vulnerability,
which potentially can be exploited by malicious, local users to gain
escalated privileges.
Full Advisory:
http://secunia.com/advisories/16749/
--
[SA16745] Debian update for kdelibs
Critical: Less critical
Where: Local system
Impact: Exposure of sensitive information
Released: 2005-09-08
Debian has issued an update for kdelibs. This fixes a security issue,
which can be exploited by malicious, local users to gain knowledge of
certain information.
Full Advisory:
http://secunia.com/advisories/16745/
--
[SA16825] Fedora update for util-linux
Critical: Not critical
Where: Local system
Impact: Privilege escalation
Released: 2005-09-15
Fedora has issued an update for util-linux. This fixes a vulnerability,
which potentially can be exploited by malicious, local users to gain
escalated privileges.
Full Advisory:
http://secunia.com/advisories/16825/
--
[SA16795] Slackware update for util-linux
Critical: Not critical
Where: Local system
Impact: Privilege escalation
Released: 2005-09-13
Slackware has issued an update for util-linux. This fixes a security
issue, which potentially can be exploited by malicious, local users to
gain escalated privileges.
Full Advisory:
http://secunia.com/advisories/16795/
--
[SA16785] util-linux umount "-r" Re-Mounting Security Issue
Critical: Not critical
Where: Local system
Impact: Privilege escalation
Released: 2005-09-13
David Watson has reported a security issue in util-linux, which
potentially can be exploited by malicious, local users to gain
escalated privileges.
Full Advisory:
http://secunia.com/advisories/16785/
--
[SA16765] Debian update for gcvs
Critical: Not critical
Where: Local system
Impact: Privilege escalation
Released: 2005-09-09
Debian has issued an update for gcvs. This fixes a security issue,
which potentially can be exploited by malicious, local users to perform
certain actions on a vulnerable system with escalated privileges.
Full Advisory:
http://secunia.com/advisories/16765/
Other:--
[SA16761] Cisco CSS SSL Authentication Bypass Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Security Bypass
Released: 2005-09-09
A vulnerability has been reported in Cisco CSS (Content Services
Switch), which can be exploited by malicious users to bypass certain
security restrictions.
Full Advisory:
http://secunia.com/advisories/16761/
--
[SA16806] Linksys WRT54G Multiple Vulnerabilities
Critical: Moderately critical
Where: From local network
Impact: Security Bypass, DoS, System access
Released: 2005-09-14
Greg MacManus has reported some vulnerabilities in WRT54G, which can be
exploited malicious people to bypass certain security restrictions,
cause a DoS (Denial of Service), or compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/16806/
--
[SA16776] Ingate Firewall and SIParator Unspecified Cross-Site
Scripting
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2005-09-12
A vulnerability has been reported in Ingate Firewall and Ingate
SIParator, which can be exploited by malicious people to conduct
cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/16776/
Cross Platform:--
[SA16820] TWiki "rev" Shell Command Injection Vulnerability
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2005-09-15
A vulnerability has been reported in TWiki, which can be exploited by
malicious people to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/16820/
--
[SA16767] Mozilla IDN URL Domain Name Buffer Overflow
Critical: Highly critical
Where: From remote
Impact: DoS, System access
Released: 2005-09-09
A vulnerability has been discovered in Mozilla Suite, which can be
exploited by malicious people to cause a DoS (Denial of Service) or to
compromise a user's system.
Full Advisory:
http://secunia.com/advisories/16767/
--
[SA16766] Netscape IDN URL Domain Name Buffer Overflow
Critical: Highly critical
Where: From remote
Impact: DoS, System access
Released: 2005-09-09
A vulnerability has been discovered in Netscape, which can be exploited
by malicious people to cause a DoS (Denial of Service) or to compromise
a user's system.
Full Advisory:
http://secunia.com/advisories/16766/
--
[SA16764] Firefox IDN URL Domain Name Buffer Overflow
Critical: Highly critical
Where: From remote
Impact: DoS, System access
Released: 2005-09-09
Tom Ferris has discovered a vulnerability in Firefox, which can be
exploited by malicious people to cause a DoS (Denial of Service) or to
compromise a user's system.
Full Advisory:
http://secunia.com/advisories/16764/
--
[SA16826] Noah's Classified SQL Injection and Cross-Site Scripting
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting, Manipulation of data
Released: 2005-09-15
trueend5 has discovered two vulnerabilities in Noah's Classified, which
can be exploited by malicious people to conduct cross-site scripting and
SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/16826/
--
[SA16819] DeluxeBB SQL Injection Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2005-09-15
abducter has discovered some vulnerabilities in DeluxeBB, which can be
exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/16819/
--
[SA16813] ATutor Password Reminder SQL Injection Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2005-09-15
rgod has discovered a vulnerability in ATutor, which can be exploited
by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/16813/
--
[SA16802] Sun Java System Application Server JAR File Content
Disclosure
Critical: Moderately critical
Where: From remote
Impact: Exposure of sensitive information
Released: 2005-09-14
A vulnerability has been reported in Sun Java System Application
Server, which can be exploited by malicious people to disclose certain
sensitive information.
Full Advisory:
http://secunia.com/advisories/16802/
--
[SA16801] PHP-Nuke SQL Injection Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2005-09-13
Robin Verton has discovered some vulnerabilities in PHP-Nuke, which can
be exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/16801/
--
[SA16796] Subscribe Me Pro "l" Parameter Directory Traversal
Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Exposure of sensitive information
Released: 2005-09-14
ShoCK FX has reported a vulnerability in Subscribe Me Professional,
which can be exploited by malicious people to gain knowledge of
sensitive information.
Full Advisory:
http://secunia.com/advisories/16796/
--
[SA16793] Python PCRE Integer Overflow Vulnerability
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2005-09-13
A vulnerability has been reported in Python, which potentially can be
exploited by malicious people to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/16793/
--
[SA16788] Zebedee Denial of Service Vulnerability
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2005-09-12
A vulnerability has been reported in Zebedee, which can be exploited by
malicious people to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/16788/
--
[SA16786] Snort TCP SACK Option Handling Denial of Service
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2005-09-13
Alejandro Hernandez Hernandez has reported a vulnerability in Snort,
which can be exploited by malicious people to cause a DoS (Denial of
Service).
Full Advisory:
http://secunia.com/advisories/16786/
--
[SA16775] PunBB Multiple Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting, Manipulation of data
Released: 2005-09-12
Some vulnerabilities have been reported in PunBB, which can be
exploited by malicious people to conduct SQL injection and script
insertion attacks.
Full Advisory:
http://secunia.com/advisories/16775/
--
[SA16773] Qt Library zlib Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2005-09-12
Some vulnerabilities have been reported in Qt, which can be exploited
by malicious people to cause a DoS (Denial of Service) or potentially
compromise a user's system.
Full Advisory:
http://secunia.com/advisories/16773/
--
[SA16762] class-1 Forum Software File Extension SQL Injection
Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Security Bypass, Manipulation of data
Released: 2005-09-09
rgod has discovered a vulnerability in class-1 Forum Software, which
can be exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/16762/
--
[SA16757] Sun Java System Web Proxy Server Denial of Service
Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2005-09-09
Three vulnerabilities have been reported in Sun Java System Web Proxy
Server, which can be exploited by malicious people to cause a DoS
(Denial of Service).
Full Advisory:
http://secunia.com/advisories/16757/
--
[SA16756] mimicboard2 Script Insertion and Exposure of User
Credentials
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting, Exposure of sensitive information
Released: 2005-09-09
Donnie Werner has reported a vulnerability and a security issue in
mimicboard2, which can be exploited by malicious people to conduct
script insertion attacks and disclose sensitive information.
Full Advisory:
http://secunia.com/advisories/16756/
--
[SA16830] IBM Lotus Domino "BaseTarget" and "Src" Cross-Site Scripting
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2005-09-15
Two vulnerabilities have been reported in Lotus Domino, which can be
exploited by malicious people to conduct cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/16830/
--
[SA16744] Sawmill Error Message Cross-Site Scripting Vulnerability
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2005-09-09
NTA Monitor has reported a vulnerability in Sawmill, which can be
exploited by malicious people to conduct cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/16744/
========================================================================
Secunia recommends that you verify all advisories you receive,
by clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only use
those supplied by the vendor.
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Subscribe:
http://secunia.com/secunia_weekly_summary/
Contact details:
Web : http://secunia.com/
E-mail : support@private
Tel : +45 70 20 51 44
Fax : +45 70 20 51 45
_________________________________________
Attend ToorCon
Sept 16-18th, 2005
Convention Center
San Diego, California
www.toorcon.org
This archive was generated by hypermail 2.1.3 : Fri Sep 16 2005 - 02:14:14 PDT