Information Security News mailing list archives
Secunia Weekly Summary - Issue: 2004-6
From: InfoSec News <isn () c4i org>
Date: Fri, 6 Feb 2004 02:27:16 -0600 (CST)
========================================================================
The Secunia Weekly Advisory Summary
2004-01-29 - 2004-02-05
This week : 52 advisories
========================================================================
Table of Contents:
1.....................................................Word From Secunia
2....................................................This Week In Brief
3...............................This Weeks Top Ten Most Read Advisories
4.......................................Vulnerabilities Summary Listing
5.......................................Vulnerabilities Content Listing
========================================================================
1) Word From Secunia:
Secunia Advisory IDs
Every advisory issued by Secunia has an unique identifier: The Secunia
Advisory ID (SA ID). The SA IDs make it very easy to reference,
identify, and find Secunia advisories.
A Shortcut to Secunia Advisories
Finding Secunia Advisories using SA IDs is easily done at the Secunia
website; either by simply entering the SA ID in our search form placed
on the right side of every Secunia web page, or by entering the SA ID
directly after the domain when visiting the Secunia website e.g.
http://secunia.com/SA10736
In the Secunia Weekly Summary SA IDs are displayed in brackets e.g.
[SA10736]
========================================================================
2) This Week in Brief:
Microsoft has issued patches for Internet Explorer one week prior to
the scheduled release date. These fix three known vulnerabilities
including the URL spoofing vulnerability, which has been actively
exploited on the Internet the past 1½ month.
Reference: [SA10289], [SA10395] & [SA10765]
A hole in the wall. Check Point has issued patches for FireWall-1,
which fix serious vulnerabilities in the HTTP application proxy
functionality. These can be exploited by malicious people to compromise
a vulnerable firewall.
Reference: [SA10794]
RealNetworks has published patches for RealOne Player and RealPlayer,
which fix multiple vulnerabilities. The most serious of these can be
exploited by malicious people to compromise a user's system.
Reference: [SA10796]
TIP:
Finding Secunia advisories is easily done through the Secunia web site.
Simply enter the SA ID in the URL:
http://secunia.com/SA10736
========================================================================
3) This Weeks Top Ten Most Read Advisories:
1. [SA10736] Internet Explorer File Download Extension Spoofing
2. [SA10395] Internet Explorer URL Spoofing Vulnerability
3. [SA10708] Windows XP Malicious Folder Automatic Code Execution
Vulnerability
4. [SA9580] Microsoft Internet Explorer Multiple Vulnerabilities
5. [SA10765] Internet Explorer Travel Log Arbitrary Script Execution
Vulnerability
6. [SA10289] Internet Explorer System Compromise Vulnerabilities
7. [SA10523] Internet Explorer showHelp() Restriction Bypass
Vulnerability
8. [SA10706] Serv-U FTP Server "SITE CHMOD" Command Buffer Overflow
Vulnerability
9. [SA10755] Sun Solaris pfexec Privilege Escalation Vulnerability
10. [SA10746] Kerio Personal Firewall Privilege Escalation
Vulnerability
========================================================================
4) Vulnerabilities Summary Listing
Windows:
[SA10796] RealOne Player / RealPlayer Multiple Vulnerabilities
[SA10765] Internet Explorer Travel Log Arbitrary Script Execution
Vulnerability
[SA10781] Web Crossing "Content-Length" Header Denial of Service
Vulnerability
[SA10764] FirstClass Client File Extensions Restriction Bypass
[SA10747] DotNetNuke Multiple Vulnerabilities
[SA10793] RxGoogle Cross-Site Scripting Vulnerability
[SA10762] Application Access Server Long HTTP Request Denial of
Service
[SA10761] BaSoMail Server Multiple Connection Denial of Service
Vulnerability
[SA10758] SurgeFTP Web Interface URL Decoding Denial of Service
Vulnerability
[SA10746] Kerio Personal Firewall Privilege Escalation Vulnerability
[SA10778] Crob FTP Server Directory Listing Vulnerability
UNIX/Linux:
[SA10801] OpenBSD IPv6 Traffic Handling Denial of Service
Vulnerability
[SA10791] Fedora update for mod_python
[SA10750] SGI IRIX Multiple Vulnerabilities
[SA10748] SuSE update for gaim
[SA10800] Red Hat update for mailman
[SA10792] Mandrake update for glibc
[SA10799] GNU Radius Denial of Service Vulnerability
[SA10798] Red Hat update for NetPBM
[SA10784] Red Hat update for kernel
[SA10782] Linux Kernel R128 Direct Render Infrastructure Privilege
Escalation
[SA10777] GNU libtool Insecure Temporary Directory Creation
Vulnerability
[SA10771] Red Hat update for NetPBM
[SA10756] FreeBSD mksnap_ffs Filesystem Flag Clearing Security Issue
[SA10755] Sun Solaris pfexec Privilege Escalation Vulnerability
[SA10752] inlook Insecure Default Permissions
[SA10774] HP TCP/IP Services for OpenVMS BIND Vulnerability
[SA10790] Debian update for crawl
[SA10788] Linley's Dungeon Crawl Environment Variable Handling Buffer
Overflows
[SA10773] Red Hat util-linux Login Program Information Leakage
Other:
[SA10780] Cisco 6000/6500/7600 Series Denial of Service Vulnerability
Cross Platform:
[SA10795] Check Point VPN-1 ISAKMP Buffer Overflow Vulnerability
[SA10794] Check Point FireWall-1 HTTP Parsing Format String
Vulnerabilities
[SA10783] X-Cart Multiple Vulnerabilities
[SA10776] Web Blog Arbitrary Command Execution Vulnerability
[SA10754] Kietu Arbitrary File Inclusion Vulnerability
[SA10753] PhpGedView Arbitrary File Inclusion Vulnerabilities
[SA10768] Les Commentaires Arbitrary File Inclusion Vulnerability
[SA10797] PHPX Multiple Vulnerabilities
[SA10786] ReviewPost PHP Pro SQL Injection Vulnerability
[SA10779] Aprox PHP Portal Arbitrary Local File Inclusion
Vulnerability
[SA10775] ChatterBox Invalid Request Handling Denial of Service
Vulnerability
[SA10770] Tunez Unspecified SQL Injection Vulnerabilities
[SA10769] phpMyAdmin "export.php" Directory Traversal Vulnerability
[SA10766] PhotoPost PHP Pro SQL Injection Vulnerability
[SA10763] Caravan Business Server Directory Traversal Vulnerability
[SA10757] PHP-Nuke SQL Injection Vulnerabilities
[SA10789] Apache mod_digest Cross Realm Replay Security Issue
[SA10785] BugPort Sensitive Information Exposure
[SA10749] Bodington Uploaded File Exposure Vulnerability
[SA10751] WWW::Form Potential Cross-Site Scripting Vulnerability
========================================================================
5) Vulnerabilities Content Listing
Windows:--
[SA10796] RealOne Player / RealPlayer Multiple Vulnerabilities
Critical: Highly critical
Where: From remote
Impact: Cross Site Scripting, System access
Released: 2004-02-05
Multiple vulnerabilities have been discovered in RealOne Player and
RealPlayer, where the most serious potentially can be exploited by
malicious people to compromise a vulnerable system.
Full Advisory:
http://www.secunia.com/advisories/10796/
--
[SA10765] Internet Explorer Travel Log Arbitrary Script Execution
Vulnerability
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2004-02-02
Microsoft has issued patches for Internet Explorer, which fix three
vulnerabilities. One of these can be exploited by malicious people to
compromise a user's system.
Full Advisory:
http://www.secunia.com/advisories/10765/
--
[SA10781] Web Crossing "Content-Length" Header Denial of Service
Vulnerability
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2004-02-04
Peter Winter-Smith has reported a vulnerability in Web Crossing, which
can be exploited by malicious people to cause a DoS (Denial of
Service).
Full Advisory:
http://www.secunia.com/advisories/10781/
--
[SA10764] FirstClass Client File Extensions Restriction Bypass
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2004-02-05
Richard Maudsley has reported a vulnerability in FirstClass Client
allowing malicious users to construct filenames, which can bypass
certain restrictions.
Full Advisory:
http://www.secunia.com/advisories/10764/
--
[SA10747] DotNetNuke Multiple Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting, Manipulation of data, Exposure of
sensitive information
Released: 2004-01-29
Ferruh Mavituna has reported multiple vulnerabilities in DotNetNuke,
allowing malicious people to see database credentials, and conduct
Cross Site Scripting and SQL injection attacks.
Full Advisory:
http://www.secunia.com/advisories/10747/
--
[SA10793] RxGoogle Cross-Site Scripting Vulnerability
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2004-02-05
Shaun Colley has reported a vulnerability in RxGoogle, allowing
malicious people to conduct Cross-Site Scripting attacks.
Full Advisory:
http://www.secunia.com/advisories/10793/
--
[SA10762] Application Access Server Long HTTP Request Denial of
Service
Critical: Less critical
Where: From remote
Impact: DoS
Released: 2004-02-02
Dr_insane has reported a vulnerability in A-A-S Application Access
Server allowing malicious, authenticated users to cause a DoS (Denial
of Service).
Full Advisory:
http://www.secunia.com/advisories/10762/
--
[SA10761] BaSoMail Server Multiple Connection Denial of Service
Vulnerability
Critical: Less critical
Where: From remote
Impact: DoS
Released: 2004-02-02
Dr_insane has reported a vulnerability in BaSoMail Server, allowing
malicious people to cause a Denial of Service.
Full Advisory:
http://www.secunia.com/advisories/10761/
--
[SA10758] SurgeFTP Web Interface URL Decoding Denial of Service
Vulnerability
Critical: Less critical
Where: From remote
Impact: DoS
Released: 2004-02-02
Dr_insane has discovered a vulnerability in SurgeFTP, which can be
exploited by malicious people to cause a DoS (Denial of Service).
Full Advisory:
http://www.secunia.com/advisories/10758/
--
[SA10746] Kerio Personal Firewall Privilege Escalation Vulnerability
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2004-01-29
Tuneld.com has reported a vulnerability in Kerio Personal Firewall,
allowing malicious, local users to escalate their privileges.
Full Advisory:
http://www.secunia.com/advisories/10746/
--
[SA10778] Crob FTP Server Directory Listing Vulnerability
Critical: Not critical
Where: From remote
Impact: Exposure of system information
Released: 2004-02-04
Zero_X has reported a vulnerability in Crob FTP Server, which can be
exploited by malicious users to disclose directory information.
Full Advisory:
http://www.secunia.com/advisories/10778/
UNIX/Linux:--
[SA10801] OpenBSD IPv6 Traffic Handling Denial of Service
Vulnerability
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2004-02-05
Georgi Guninski has reported a vulnerability in OpenBSD, which can be
exploited by malicious people to cause a DoS (Denial of Service) on a
vulnerable system.
Full Advisory:
http://www.secunia.com/advisories/10801/
--
[SA10791] Fedora update for mod_python
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2004-02-04
Red Hat has issued updated packages for mod_python. These fix a
vulnerability, which can be exploited by malicious people to cause a
Denial of Service.
Full Advisory:
http://www.secunia.com/advisories/10791/
--
[SA10750] SGI IRIX Multiple Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Security Bypass, Privilege escalation, System access
Released: 2004-01-30
SGI has acknowledged multiple, older vulnerabilities in IRIX. These can
be exploited by malicious users to compromise a vulnerable system or
escalate their privileges.
Full Advisory:
http://www.secunia.com/advisories/10750/
--
[SA10748] SuSE update for gaim
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2004-01-29
SuSE has issued updated packages for gaim. These fix multiple
vulnerabilities, which potentially can be exploited by malicious people
to compromise a user's system.
Full Advisory:
http://www.secunia.com/advisories/10748/
--
[SA10800] Red Hat update for mailman
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2004-02-05
Red Hat has issued updated packages for mailman. These fix two
vulnerabilities, which can be exploited by malicious people to conduct
cross-site scripting attacks.
Full Advisory:
http://www.secunia.com/advisories/10800/
--
[SA10792] Mandrake update for glibc
Critical: Less critical
Where: From remote
Impact: DoS
Released: 2004-02-05
MandrakeSoft has released an updated package for glibc. This fixes an
old vulnerability, which can be exploited by malicious people to cause
a DoS (Denial of Service) on a vulnerable system.
Full Advisory:
http://www.secunia.com/advisories/10792/
--
[SA10799] GNU Radius Denial of Service Vulnerability
Critical: Less critical
Where: From local network
Impact: DoS
Released: 2004-02-05
iDEFENSE has reported a vulnerability in GNU Radius, allowing malicious
people to cause a Denial of Service.
Full Advisory:
http://www.secunia.com/advisories/10799/
--
[SA10798] Red Hat update for NetPBM
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2004-02-05
Red Hat has issued updated packages for netpbm. These fix a
vulnerability, allowing malicious users to escalate their privileges on
a vulnerable system.
Full Advisory:
http://www.secunia.com/advisories/10798/
--
[SA10784] Red Hat update for kernel
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2004-02-04
Red Hat has issued updated packages for the kernel. These fix various
vulnerabilities, which potentially can be exploited by malicious, local
users to gain escalated privileges.
Full Advisory:
http://www.secunia.com/advisories/10784/
--
[SA10782] Linux Kernel R128 Direct Render Infrastructure Privilege
Escalation
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2004-02-04
Alan Cox has discovered a vulnerability in the Linux kernel, which can
be exploited by malicious, local users to gain escalated privileges.
Full Advisory:
http://www.secunia.com/advisories/10782/
--
[SA10777] GNU libtool Insecure Temporary Directory Creation
Vulnerability
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2004-02-03
Stefan Nordhausen has reported a vulnerability in libtool, which
potentially can be exploited by malicious, local users to gain
escalated privileges.
Full Advisory:
http://www.secunia.com/advisories/10777/
--
[SA10771] Red Hat update for NetPBM
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2004-02-03
Red Hat has issued updated packages for netpbm. These fix a
vulnerability, allowing malicious users to escalate their privileges on
a vulnerable system.
Full Advisory:
http://www.secunia.com/advisories/10771/
--
[SA10756] FreeBSD mksnap_ffs Filesystem Flag Clearing Security Issue
Critical: Less critical
Where: Local system
Impact: Security Bypass
Released: 2004-02-02
Kimura Fuyuki and Wiktor Niesiobedzki have discovered a security issue
in FreeBSD, which potentially can set insecure permissions on a file
system.
Full Advisory:
http://www.secunia.com/advisories/10756/
--
[SA10755] Sun Solaris pfexec Privilege Escalation Vulnerability
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2004-01-30
Sun has reported a vulnerability in Solaris, which can be exploited by
malicious, local users to gain escalated privileges.
Full Advisory:
http://www.secunia.com/advisories/10755/
--
[SA10752] inlook Insecure Default Permissions
Critical: Less critical
Where: Local system
Impact: Exposure of sensitive information
Released: 2004-01-30
A vulnerability has been identified in inlook, which can be exploited
by malicious, local users to gain knowledge of sensitive information.
Full Advisory:
http://www.secunia.com/advisories/10752/
--
[SA10774] HP TCP/IP Services for OpenVMS BIND Vulnerability
Critical: Not critical
Where: From local network
Impact: DoS
Released: 2004-02-03
HP has acknowledged that TCP/IP for OpenVMS BIND 8 software is affected
by a vulnerability, which allows malicious people to poison the DNS
cache.
Full Advisory:
http://www.secunia.com/advisories/10774/
--
[SA10790] Debian update for crawl
Critical: Not critical
Where: Local system
Impact: Privilege escalation
Released: 2004-02-04
Debian has issued updated packages for crawl. These fix multiple
vulnerabilities, which can be exploited by malicious, local users to
gain privileges as the "games" group.
Full Advisory:
http://www.secunia.com/advisories/10790/
--
[SA10788] Linley's Dungeon Crawl Environment Variable Handling Buffer
Overflows
Critical: Not critical
Where: Local system
Impact: Privilege escalation
Released: 2004-02-04
Steve Kemp has reported multiple vulnerabilities in Linley's Dungeon
Crawl, which potentially can be exploited by malicious, local users to
gain escalated privileges.
Full Advisory:
http://www.secunia.com/advisories/10788/
--
[SA10773] Red Hat util-linux Login Program Information Leakage
Critical: Not critical
Where: Local system
Impact: Exposure of system information, Exposure of sensitive
information
Released: 2004-02-03
Red Hat has issued updated packages for util-linux. These fix a
vulnerability, which potentially could disclose information to users.
Full Advisory:
http://www.secunia.com/advisories/10773/
Other:--
[SA10780] Cisco 6000/6500/7600 Series Denial of Service Vulnerability
Critical: Less critical
Where: From local network
Impact: DoS
Released: 2004-02-04
Cisco has reported a vulnerability in Cisco 6000/6500/7600 network
devices, which can be exploited by malicious people to cause a Denial
of Service.
Full Advisory:
http://www.secunia.com/advisories/10780/
Cross Platform:--
[SA10795] Check Point VPN-1 ISAKMP Buffer Overflow Vulnerability
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2004-02-05
Mark Dowd and Neel Mehta of ISS X-Force has discovered a vulnerability
in Check Point VPN-1 Server and VPN clients, which can be exploited by
malicious people to compromise a vulnerable system.
Full Advisory:
http://www.secunia.com/advisories/10795/
--
[SA10794] Check Point FireWall-1 HTTP Parsing Format String
Vulnerabilities
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2004-02-05
Mark Dowd of ISS X-Force has discovered multiple vulnerabilities in
Check Point FireWall-1, which can be exploited by malicious people to
compromise a vulnerable firewall.
Full Advisory:
http://www.secunia.com/advisories/10794/
--
[SA10783] X-Cart Multiple Vulnerabilities
Critical: Highly critical
Where: From remote
Impact: Exposure of sensitive information, System access
Released: 2004-02-04
Philip has reported three vulnerabilities in X-Cart, where the most
serious can be exploited by malicious people to compromise a vulnerable
system.
Full Advisory:
http://www.secunia.com/advisories/10783/
--
[SA10776] Web Blog Arbitrary Command Execution Vulnerability
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2004-02-03
ActualMInd has reported a vulnerability in Web Blog, allowing malicious
people to compromise a vulnerable system.
Full Advisory:
http://www.secunia.com/advisories/10776/
--
[SA10754] Kietu Arbitrary File Inclusion Vulnerability
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2004-01-30
Himeur Nourredine has reported a vulnerability in Kietu, allowing
malicious people to compromise a vulnerable system.
Full Advisory:
http://www.secunia.com/advisories/10754/
--
[SA10753] PhpGedView Arbitrary File Inclusion Vulnerabilities
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2004-01-30
Cedric Cochin has identified two vulnerabilities in PhpGedView,
allowing malicious people to compromise a vulnerable system.
Full Advisory:
http://www.secunia.com/advisories/10753/
--
[SA10768] Les Commentaires Arbitrary File Inclusion Vulnerability
Critical: Moderately critical
Where:
Impact:
Released: 2004-02-03
Himeur Nourredine has identified two vulnerabilities in Les
Commentaires, allowing malicious people to compromise a vulnerable
system.
Full Advisory:
http://www.secunia.com/advisories/10768/
--
[SA10797] PHPX Multiple Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting, ID Spoofing
Released: 2004-02-05
Manuel López has reported multiple vulnerabilities in PHPX, allowing
malicious people to conduct cross-site scripting attacks and hijack
accounts.
Full Advisory:
http://www.secunia.com/advisories/10797/
--
[SA10786] ReviewPost PHP Pro SQL Injection Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Exposure of sensitive information, Exposure of system
information, Manipulation of data
Released: 2004-02-04
G00db0y has reported a vulnerability in ReviewPost PHP Pro, allowing
malicious people to view or manipulate data.
Full Advisory:
http://www.secunia.com/advisories/10786/
--
[SA10779] Aprox PHP Portal Arbitrary Local File Inclusion
Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Exposure of sensitive information
Released: 2004-02-04
Zero_X has reported a vulnerability in Aprox PHP Portal, allowing
malicious people to view the contents of arbitrary local files.
Full Advisory:
http://www.secunia.com/advisories/10779/
--
[SA10775] ChatterBox Invalid Request Handling Denial of Service
Vulnerability
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2004-02-03
Donato Ferrante has reported a vulnerability in ChatterBox, which can
be exploited by malicious people to cause a Denial of Service.
Full Advisory:
http://www.secunia.com/advisories/10775/
--
[SA10770] Tunez Unspecified SQL Injection Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data, Exposure of system information,
Exposure of sensitive information
Released: 2004-02-03
Multiple vulnerabilities have been identified in Tunez, potentially
allowing malicious people to conduct SQL injection attacks.
Full Advisory:
http://www.secunia.com/advisories/10770/
--
[SA10769] phpMyAdmin "export.php" Directory Traversal Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Exposure of system information, Exposure of sensitive
information
Released: 2004-02-03
Cedric Cochin has discovered a vulnerability in phpMyAdmin, allowing
malicious people to gain knowledge of sensitive information.
Full Advisory:
http://www.secunia.com/advisories/10769/
--
[SA10766] PhotoPost PHP Pro SQL Injection Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Security Bypass
Released: 2004-02-03
G00db0y has reported a vulnerability in PhotoPost PHP Pro, allowing
malicious people to view or manipulate data.
Full Advisory:
http://www.secunia.com/advisories/10766/
--
[SA10763] Caravan Business Server Directory Traversal Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Exposure of sensitive information
Released: 2004-02-02
Dr_insane has reported a vulnerability in Caravan Business Server,
allowing malicious people to view arbitrary files.
Full Advisory:
http://www.secunia.com/advisories/10763/
--
[SA10757] PHP-Nuke SQL Injection Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Security Bypass
Released: 2004-02-02
Germain Randaxhe has reported multiple vulnerabilities in PHP-Nuke,
which can be exploited by malicious people to view and manipulate
sensitive data.
Full Advisory:
http://www.secunia.com/advisories/10757/
--
[SA10789] Apache mod_digest Cross Realm Replay Security Issue
Critical: Less critical
Where: From remote
Impact: Security Bypass, ID Spoofing
Released: 2004-02-04
Dirk-Willem van Gulik has identified a security issue in Apache
mod_digest, which potentially can be exploited by malicious people to
gain unauthorised access to other websites.
Full Advisory:
http://www.secunia.com/advisories/10789/
--
[SA10785] BugPort Sensitive Information Exposure
Critical: Less critical
Where: From remote
Impact: Exposure of system information, Exposure of sensitive
information
Released: 2004-02-04
Paul Harris has identified a vulnerability in BugReport, allowing
malicious people to gain knowledge of sensitive information.
Full Advisory:
http://www.secunia.com/advisories/10785/
--
[SA10749] Bodington Uploaded File Exposure Vulnerability
Critical: Less critical
Where: From remote
Impact: Exposure of sensitive information
Released: 2004-01-30
A vulnerability has been identified in Bodington, allowing malicious
people to view uploaded files.
Full Advisory:
http://www.secunia.com/advisories/10749/
--
[SA10751] WWW::Form Potential Cross-Site Scripting Vulnerability
Critical: Not critical
Where: From remote
Impact: Cross Site Scripting
Released: 2004-01-30
Shlomi Fish has reported a security issue in WWW::Form, potentially
allowing malicious people to conduct cross-site scripting attacks.
Full Advisory:
http://www.secunia.com/advisories/10751/
========================================================================
Secunia recommends that you verify all advisories you receive,
by clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only use
those supplied by the vendor.
Definitions: (Criticality, Where etc.)
http://www.secunia.com/about_secunia_advisories/
Subscribe:
http://www.secunia.com/secunia_weekly_summary/
Contact details:
Web : http://www.secunia.com/
E-mail : support () secunia com
Tel : +45 70 20 51 44
Fax : +45 70 20 51 45
========================================================================
-
ISN is currently hosted by Attrition.org
To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.
Current thread:
- Secunia Weekly Summary - Issue: 2004-6 InfoSec News (Feb 06)