Information Security News mailing list archives
Secunia Weekly Summary - Issue: 2004-8
From: InfoSec News <isn () c4i org>
Date: Mon, 23 Feb 2004 11:13:19 -0600 (CST)
========================================================================
The Secunia Weekly Advisory Summary
2004-02-12 - 2004-02-19
This week : 61 advisories
========================================================================
Table of Contents:
1.....................................................Word From Secunia
2....................................................This Week In Brief
3...............................This Weeks Top Ten Most Read Advisories
4.......................................Vulnerabilities Summary Listing
5.......................................Vulnerabilities Content Listing
========================================================================
1) Word From Secunia:
The Secunia staff is spending hours every day to assure you the best
and most reliable source for vulnerability information. Every single
vulnerability report is being validated and verified before a Secunia
advisory is written.
Secunia validates and verifies vulnerability reports in many different
ways e.g. by downloading the software and performing comprehensive
tests, by reviewing source code, or by validating the credibility of
the source from which the vulnerability report was issued.
As a result, Secunia's database is the most correct and complete source
for recent vulnerability information available on the Internet.
Secunia Online Vulnerability Database:
http://secunia.com/
========================================================================
2) This Week in Brief:
Security researcher Paul Starzetz has found a vulnerability in the
Linux Kernel, which can be exploited by unprivileged users to execute
code with kernel level privileges. This vulnerability affects the
latest kernel branches: 2.2.x, 2.4.x and 2.6.x.
Two other vulnerabilities have also been corrected in the Linux Kernel.
Reference: [SA10897], [SA10911] && [SA10912]
A vulnerability has been reported in eTrust Antivirus, which can be
exploited to avoid scanning of files attached in emails. A patch is
available from the vendor, see the referenced Secunia Advisory.
Reference: [SA10874]
Sophos Antivirus has been reported vulnerable to a Denial of Service
vulnerability. The vulnerability can be exploited by sending a
specially crafted email containing an unexpectedly terminated MIME
header to a vulnerable system.
Reference: [SA10855]
TIP:
Finding Secunia advisories is easily done through the Secunia web site.
Simply enter the SA ID in the URL:
http://secunia.com/SA10760
========================================================================
3) This Weeks Top Ten Most Read Advisories:
1. [SA10759] Microsoft Windows ASN.1 Library Integer Overflow
Vulnerabilities
2. [SA10760] Opera Browser File Download Extension Spoofing
3. [SA10395] Internet Explorer URL Spoofing Vulnerability
4. [SA10736] Internet Explorer File Download Extension Spoofing
5. [SA10796] RealOne Player / RealPlayer Multiple Vulnerabilities
6. [SA10706] Serv-U FTP Server "SITE CHMOD" Command Buffer Overflow
Vulnerability
7. [SA10900] Symantec AntiVirus Scan Engine Race Condition
Vulnerability
8. [SA10855] Sophos Anti-Virus MIME Header Handling Vulnerability
9. [SA10708] Windows XP Malicious Folder Automatic Code Execution
Vulnerability
10. [SA10820] Internet Explorer File Identification Variant
========================================================================
4) Vulnerabilities Summary Listing
Windows:
[SA10899] Purge and Purge Jihad Client Buffer Overflow Vulnerabilities
[SA10895] RobotFTP Server Buffer Overflow Vulnerability
[SA10880] IMail Server LDAP Daemon Buffer Overflow Vulnerability
[SA10920] Webstores 2000 SQL Injection and Cross Site Scripting
Vulnerabilities
[SA10898] ProductCart SQL Injection and Cross Site Scripting
Vulnerabilities
[SA10894] Sami HTTP Server Denial of Service Vulnerability
[SA10883] Sami FTP Server Invalid Command Argument Denial of Service
Vulnerability
[SA10881] Vizer Web Server Invalid Request Denial of Service
Vulnerabilities
[SA10879] ASP Portal Multiple Vulnerabilities
[SA10874] eTrust Antivirus Zip Archive Virus Detection Bypass
Vulnerability
[SA10888] FTP Broker Connection Handling Denial of Service
Vulnerabilities
[SA10861] Macallan Mail Solution Web Interface Authentication Bypass
UNIX/Linux:
[SA10893] Sun Cobalt update for rsync
[SA10914] Mandrake update for metamail
[SA10910] Red Hat update for metamail
[SA10909] Slackware update for metamail
[SA10889] Fedora update for FreeRADIUS
[SA10865] Slackware update for mutt
[SA10906] Gentoo update for clamav
[SA10904] ShopCartCGI Directory Traversal Vulnerability
[SA10896] Red Hat update for PWLib
[SA10892] Sun Cobalt update for Iptables
[SA10890] Sun Cobalt update for gnupg
[SA10887] Fedora update for Gaim
[SA10886] Gentoo update for phpMyAdmin
[SA10882] Crob FTP Server Denial of Service Vulnerability
[SA10870] Red Hat update for PWLib
[SA10891] Sun Cobalt update for fileutils
[SA10917] SuSE update for kernel
[SA10916] Astaro update for kernel
[SA10915] Red Hat update for kernel
[SA10913] Debian update for kernel
[SA10912] Linux kernel ncpfs Privilege Escalation Vulnerability
[SA10907] Slackware update for kernel
[SA10900] Symantec AntiVirus Scan Engine Race Condition Vulnerability
[SA10897] Linux Kernel "mremap()" Missing Return Value Checking
Privilege Escalation
[SA10885] Gentoo update for kernel
[SA10877] Immunix update for XFree86
[SA10876] Mandrake update for XFree86
[SA10875] Fedora update for XFree86
[SA10873] Mandrake update for mailman
[SA10872] Red Hat update for XFree86
[SA10868] Red Hat update for XFree86
[SA10867] Mailmgr Insecure Temporary File Creation Vulnerabilities
[SA10866] Slackware update for XFree86
[SA10864] AIM Sniff Insecure Temporary File Creation Vulnerability
[SA10911] Linux Kernel Vicam USB Driver Insecure Userspace Access
[SA10871] OpenBSD update for XFree86
Other:
[SA10863] Ingate Firewall and SIParator OpenSSL Vulnerabilities
[SA10905] APC SmartSlot Web/SNMP Management Card Default Password
Cross Platform:
[SA10908] Metamail Message Parsing System Compromise Vulnerabilities
[SA10901] AllMyPHP Various Products Arbitrary File Inclusion
Vulnerabilities
[SA10919] Owls Workshop Arbitrary File Retrieval Vulnerabilities
[SA10902] Online Store Kit SQL Injection and Cross Site Scripting
Vulnerability
[SA10884] mnoGoSearch "UdmDocToTextBuf()" Buffer Overflow
Vulnerability
[SA10878] phpWebSite SQL Injection Vulnerabilities
[SA10869] PWLib H.323 Protocol Implementation Vulnerabilities
[SA10903] YaBB SE "quote" Parameter SQL Injection Vulnerability
[SA10862] phpCodeCabinet Cross-Site Scripting Vulnerabilities
========================================================================
5) Vulnerabilities Content Listing
Windows:--
[SA10899] Purge and Purge Jihad Client Buffer Overflow Vulnerabilities
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2004-02-17
Luigi Auriemma has discovered a vulnerability in Purge and Purge Jihad,
which can be exploited by malicious people to compromise a user's
system.
Full Advisory:
http://secunia.com/advisories/10899/
--
[SA10895] RobotFTP Server Buffer Overflow Vulnerability
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2004-02-17
gsicht has discovered a vulnerability in RobotFTP Server, which can be
exploited by malicious people to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/10895/
--
[SA10880] IMail Server LDAP Daemon Buffer Overflow Vulnerability
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2004-02-18
iDEFENSE has reported a vulnerability in IMail Server, which can be
exploited by malicious people to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/10880/
--
[SA10920] Webstores 2000 SQL Injection and Cross Site Scripting
Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting, Manipulation of data
Released: 2004-02-19
Nick Gudov has reported two vulnerabilities in Webstores 2000, allowing
malicious people to conduct Cross Site Scripting and SQL injection
attacks.
Full Advisory:
http://secunia.com/advisories/10920/
--
[SA10898] ProductCart SQL Injection and Cross Site Scripting
Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Security Bypass
Released: 2004-02-17
Nick Gudov has identified two vulnerabilities in ProductCart, allowing
malicious people to conduct SQL injection and Cross Site Scripting
attacks.
Full Advisory:
http://secunia.com/advisories/10898/
--
[SA10894] Sami HTTP Server Denial of Service Vulnerability
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2004-02-17
badpack3t has discovered a vulnerability in Sami HTTP Server, which can
be exploited by malicious people to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/10894/
--
[SA10883] Sami FTP Server Invalid Command Argument Denial of Service
Vulnerability
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2004-02-16
intuit has reported a vulnerability in Sami FTP Server, allowing
malicious users to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/10883/
--
[SA10881] Vizer Web Server Invalid Request Denial of Service
Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2004-02-18
Donato Ferrante has reported some vulnerabilities in Vizer Web Server,
which can be exploited by malicious people to cause a DoS (Denial of
Service).
Full Advisory:
http://secunia.com/advisories/10881/
--
[SA10879] ASP Portal Multiple Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Security Bypass, Cross Site Scripting
Released: 2004-02-16
Manuel López has identified multiple vulnerabilities in ASP Portal,
allowing malicious people to conduct SQL injection and Cross Site
Scripting attacks.
Full Advisory:
http://secunia.com/advisories/10879/
--
[SA10874] eTrust Antivirus Zip Archive Virus Detection Bypass
Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Security Bypass
Released: 2004-02-16
A vulnerability has been reported in eTrust Antivirus 7.0, allowing
malware to bypass the virus detection.
Full Advisory:
http://secunia.com/advisories/10874/
--
[SA10888] FTP Broker Connection Handling Denial of Service
Vulnerabilities
Critical: Less critical
Where: From local network
Impact: DoS
Released: 2004-02-18
Two vulnerabilities have been reported in FTP Broker, which can be
exploited by malicious people to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/10888/
--
[SA10861] Macallan Mail Solution Web Interface Authentication Bypass
Critical: Not critical
Where: From remote
Impact: Security Bypass
Released: 2004-02-12
Ziv Kamir has reported a security issue in Macallan Mail Solution,
which can be exploited by malicious people to bypass certain security
mechanisms.
Full Advisory:
http://secunia.com/advisories/10861/
UNIX/Linux:--
[SA10893] Sun Cobalt update for rsync
Critical: Extremely critical
Where: From remote
Impact: System access
Released: 2004-02-17
Sun has issued updated packages for rsync. These fix a vulnerability,
which can be exploited by malicious people to compromise a vulnerable
system.
Full Advisory:
http://secunia.com/advisories/10893/
--
[SA10914] Mandrake update for metamail
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2004-02-19
MandrakeSoft has issued updated packages for metamail. These fix some
vulnerabilities, which can be exploited by malicious people to
compromise a user's system.
Full Advisory:
http://secunia.com/advisories/10914/
--
[SA10910] Red Hat update for metamail
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2004-02-18
Red Hat has issued updated packages for metamail. These fix some
vulnerabilities, which can be exploited by malicious people to
compromise a user's system.
Full Advisory:
http://secunia.com/advisories/10910/
--
[SA10909] Slackware update for metamail
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2004-02-18
Slackware has issued updated packages for metamail. These fix some
vulnerabilities, which can be exploited by malicious people to
compromise a user's system.
Full Advisory:
http://secunia.com/advisories/10909/
--
[SA10889] Fedora update for FreeRADIUS
Critical: Highly critical
Where: From remote
Impact: System access, DoS
Released: 2004-02-17
Red Hat has issued an updated version of FreeRADIUS. This fixes two
vulnerabilities, which can be exploited to cause a DoS (Denial of
Service) and potentially compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/10889/
--
[SA10865] Slackware update for mutt
Critical: Highly critical
Where: From remote
Impact: DoS, System access
Released: 2004-02-13
Slackware has issued updated packages for mutt. These fix a
vulnerability which can be exploited to crash the mail client or
potentially compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/10865/
--
[SA10906] Gentoo update for clamav
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2004-02-18
Gentoo has issued an update for clamav. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service).
Full Advisory:
http://secunia.com/advisories/10906/
--
[SA10904] ShopCartCGI Directory Traversal Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Exposure of sensitive information
Released: 2004-02-17
G00db0y has reported a vulnerability in ShopCartCGI, allowing malicious
people to view arbitrary files.
Full Advisory:
http://secunia.com/advisories/10904/
--
[SA10896] Red Hat update for PWLib
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2004-02-18
Red Hat has issued updated packages for pwlib. These fix some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/10896/
--
[SA10892] Sun Cobalt update for Iptables
Critical: Moderately critical
Where: From remote
Impact:
Released: 2004-02-17
Full Advisory:
http://secunia.com/advisories/10892/
--
[SA10890] Sun Cobalt update for gnupg
Critical: Moderately critical
Where: From remote
Impact: Exposure of sensitive information, ID Spoofing
Released: 2004-02-17
Sun has issued updated packages for gnupg. These fix a vulnerability,
which exposes the private key when using El-Gamal type 20 keys.
Full Advisory:
http://secunia.com/advisories/10890/
--
[SA10887] Fedora update for Gaim
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2004-02-17
Red Hat has issued updated packages for gaim. These fix multiple
vulnerabilities, which potentially can be exploited by malicious people
to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/10887/
--
[SA10886] Gentoo update for phpMyAdmin
Critical: Moderately critical
Where: From remote
Impact: Exposure of system information, Exposure of sensitive
information
Released: 2004-02-17
Gentoo has issued updates for phpMyAdmin. These fix a vulnerability
allowing malicious people to see sensitive information.
Full Advisory:
http://secunia.com/advisories/10886/
--
[SA10882] Crob FTP Server Denial of Service Vulnerability
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2004-02-16
gsicht has reported a vulnerability in Crob FTP Server, allowing
malicious people to cause a Denial of Service.
Full Advisory:
http://secunia.com/advisories/10882/
--
[SA10870] Red Hat update for PWLib
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2004-02-13
Red Hat has issued updated packages for pwlib. These fix some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/10870/
--
[SA10891] Sun Cobalt update for fileutils
Critical: Less critical
Where: From remote
Impact: DoS
Released: 2004-02-17
Sun has issued updated packages for fileutils. These fix two
vulnerabilities in the "ls" program, which can be exploited by
malicious users to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/10891/
--
[SA10917] SuSE update for kernel
Critical: Less critical
Where: Local system
Impact: Security Bypass, Privilege escalation, DoS
Released: 2004-02-19
SuSE has issued updated packages for the kernel. These fix various
vulnerabilities, which can be exploited by malicious, local users to
gain escalated privileges.
Full Advisory:
http://secunia.com/advisories/10917/
--
[SA10916] Astaro update for kernel
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2004-02-19
Astaro has issued an updated package for the kernel. This fixes a
vulnerability, which can be exploited by malicious, local users to gain
escalated privileges.
Full Advisory:
http://secunia.com/advisories/10916/
--
[SA10915] Red Hat update for kernel
Critical: Less critical
Where: Local system
Impact: Security Bypass, Privilege escalation, DoS
Released: 2004-02-19
Red Hat has issued updated packages for the kernel. These fix various
vulnerabilities, which can be exploited by malicious people to gain
escalated privileges.
Full Advisory:
http://secunia.com/advisories/10915/
--
[SA10913] Debian update for kernel
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2004-02-18
Debian has issued updated packages for the kernel. These fix some
vulnerabilities, which can be exploited by malicious users to escalate
their privileges.
Full Advisory:
http://secunia.com/advisories/10913/
--
[SA10912] Linux kernel ncpfs Privilege Escalation Vulnerability
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2004-02-19
Arjan van de Ven has discovered a vulnerability in the Linux kernel,
allowing malicious, local users to gain escalated privileges on a
vulnerable system.
Full Advisory:
http://secunia.com/advisories/10912/
--
[SA10907] Slackware update for kernel
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2004-02-18
Slackware has issued updated packages for the kernel. These fix a
vulnerability, which can be exploited by malicious, local users to gain
escalated privileges.
Full Advisory:
http://secunia.com/advisories/10907/
--
[SA10900] Symantec AntiVirus Scan Engine Race Condition Vulnerability
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2004-02-17
Dr. Peter Bieringer has reported a vulnerability in Symantec AntiVirus
Scan Engine, which can be exploited by malicious, local users to
perform certain actions on a vulnerable system with escalated
privileges.
Full Advisory:
http://secunia.com/advisories/10900/
--
[SA10897] Linux Kernel "mremap()" Missing Return Value Checking
Privilege Escalation
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2004-02-18
Paul Starzetz has reported a vulnerability in the Linux kernel, which
can be exploited by malicious, local users to gain escalated privileges
on a vulnerable system.
Full Advisory:
http://secunia.com/advisories/10897/
--
[SA10885] Gentoo update for kernel
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2004-02-17
Gentoo has issued updated kernel packages. These fix a vulnerability,
allowing malicious users to escalate their privileges through a
vulnerability in the 32-bit ptrace emulation.
Full Advisory:
http://secunia.com/advisories/10885/
--
[SA10877] Immunix update for XFree86
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2004-02-16
Immunix has issued updated packages for XFree86. These fix some
vulnerabilities, which potentially can be exploited by malicious, local
users to escalate their privileges on a vulnerable system.
Full Advisory:
http://secunia.com/advisories/10877/
--
[SA10876] Mandrake update for XFree86
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2004-02-16
MandrakeSoft has issued updated packages for XFree86. These fix some
vulnerabilities, which potentially can be exploited by malicious, local
users to escalate their privileges on a vulnerable system.
Full Advisory:
http://secunia.com/advisories/10876/
--
[SA10875] Fedora update for XFree86
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2004-02-16
Red Hat has issued updated packages for XFree86. These fix some
vulnerabilities, which potentially can be exploited by malicious, local
users to escalate their privileges on a vulnerable system.
Full Advisory:
http://secunia.com/advisories/10875/
--
[SA10873] Mandrake update for mailman
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2004-02-16
MandrakeSoft has issued updated packages for mailman. These fix three
vulnerabilities, which can be exploited by malicious people to conduct
cross-site scripting attacks or crash the mailman process.
Full Advisory:
http://secunia.com/advisories/10873/
--
[SA10872] Red Hat update for XFree86
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2004-02-16
Red Hat has issued updated packages for XFree86. These fix some
vulnerabilities, which potentially can be exploited by malicious, local
users to escalate their privileges on a vulnerable system.
Full Advisory:
http://secunia.com/advisories/10872/
--
[SA10868] Red Hat update for XFree86
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2004-02-13
Red Hat has issued updated packages for XFree86. These fix some
vulnerabilities, which potentially can be exploited by malicious, local
users to escalate their privileges on a vulnerable system.
Full Advisory:
http://secunia.com/advisories/10868/
--
[SA10867] Mailmgr Insecure Temporary File Creation Vulnerabilities
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2004-02-13
Marco van Berkum has reported some vulnerabilities in mailmgr, which
can be exploited by malicious, local users to perform certain actions
on a vulnerable system with escalated privileges.
Full Advisory:
http://secunia.com/advisories/10867/
--
[SA10866] Slackware update for XFree86
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2004-02-13
Slackware has issued an update for XFree86. This fixes a vulnerability,
which potentially can be exploited by malicious users to escalate their
privileges on a vulnerable system.
Full Advisory:
http://secunia.com/advisories/10866/
--
[SA10864] AIM Sniff Insecure Temporary File Creation Vulnerability
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2004-02-12
A vulnerability has been identified in AIM Sniff, allowing malicious,
local users to escalate their privileges.
Full Advisory:
http://secunia.com/advisories/10864/
--
[SA10911] Linux Kernel Vicam USB Driver Insecure Userspace Access
Critical: Not critical
Where: Local system
Impact: Security Bypass, DoS
Released: 2004-02-19
A vulnerability has been reported in the Linux kernel, which can be
exploited by malicious, local users to cause a DoS (Denial of
Service).
Full Advisory:
http://secunia.com/advisories/10911/
--
[SA10871] OpenBSD update for XFree86
Critical: Not critical
Where: Local system
Impact: DoS
Released: 2004-02-16
OpenBSD Project has issued patches, which fix some vulnerabilities in
XFree86. These can be exploited by malicious, local users to crash the
X server on a vulnerable system.
Full Advisory:
http://secunia.com/advisories/10871/
Other:--
[SA10863] Ingate Firewall and SIParator OpenSSL Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2004-02-12
Ingate has acknowledged some OpenSSL vulnerabilities in their Ingate
Firewall and SIParator products, which can be exploited by malicious
people to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/10863/
--
[SA10905] APC SmartSlot Web/SNMP Management Card Default Password
Critical: Moderately critical
Where: From local network
Impact: System access
Released: 2004-02-18
Dave Tarbatt has reported a security issue in APC SmartSlot Web/SNMP
Management Card, allowing malicious people to log into the device.
Full Advisory:
http://secunia.com/advisories/10905/
Cross Platform:--
[SA10908] Metamail Message Parsing System Compromise Vulnerabilities
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2004-02-18
Ulf Härnhammar has discovered some vulnerabilities in Metamail, which
can be exploited by malicious people to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/10908/
--
[SA10901] AllMyPHP Various Products Arbitrary File Inclusion
Vulnerabilities
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2004-02-17
Mad_Skater has identified multiple vulnerabilities in AllMyGuests,
AllMyLinks, and AllMyVisitors, allowing malicious people to compromise
a vulnerable system.
Full Advisory:
http://secunia.com/advisories/10901/
--
[SA10919] Owls Workshop Arbitrary File Retrieval Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Exposure of sensitive information
Released: 2004-02-19
G00db0y has reported vulnerabilities in Owls, allowing malicious people
to retrieve arbitrary files.
Full Advisory:
http://secunia.com/advisories/10919/
--
[SA10902] Online Store Kit SQL Injection and Cross Site Scripting
Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Security Bypass
Released: 2004-02-17
David Sopas Ferreira has reported a vulnerability in Online Store Kit,
allowing malicious people to conduct SQL injection and Cross Site
Scripting attacks.
Full Advisory:
http://secunia.com/advisories/10902/
--
[SA10884] mnoGoSearch "UdmDocToTextBuf()" Buffer Overflow
Vulnerability
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2004-02-16
Frank Denis has reported a vulnerability in mnoGoSearch, which
potentially can be exploited by malicious people to cause a DoS (Denial
of Service) or compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/10884/
--
[SA10878] phpWebSite SQL Injection Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data, Exposure of system information,
Exposure of sensitive information
Released: 2004-02-16
David Sopas Ferreira has identified some vulnerabilities in phpWebSite,
allowing malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/10878/
--
[SA10869] PWLib H.323 Protocol Implementation Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2004-02-13
The OpenH323 Project has acknowledged some vulnerabilities in PWLib,
which can be exploited by malicious people to cause a DoS (Denial of
Service).
Full Advisory:
http://secunia.com/advisories/10869/
--
[SA10903] YaBB SE "quote" Parameter SQL Injection Vulnerability
Critical: Less critical
Where: From remote
Impact: Security Bypass
Released: 2004-02-17
BackSpace has reported a vulnerability in YaBB SE, allowing malicious
users to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/10903/
--
[SA10862] phpCodeCabinet Cross-Site Scripting Vulnerabilities
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2004-02-12
Yao-Wen has discovered some vulnerabilities in phpCodeCabinet, allowing
malicious people to conduct cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/10862/
========================================================================
Secunia recommends that you verify all advisories you receive,
by clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only use
those supplied by the vendor.
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Subscribe:
http://secunia.com/secunia_weekly_summary/
Contact details:
Web : http://secunia.com/
E-mail : support () secunia com
Tel : +45 70 20 51 44
Fax : +45 70 20 51 45
========================================================================
-
ISN is currently hosted by Attrition.org
To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.
Current thread:
- Secunia Weekly Summary - Issue: 2004-8 InfoSec News (Feb 23)