Secunia validates and verifies vulnerability reports in many different
ways e.g. by downloading the software and performing comprehensive
tests, by reviewing source code, or by validating the credibility of
the source from which the vulnerability report was issued.
As a result, Secunia's database is the most correct and complete source
for recent vulnerability information available on the Internet.
SECURITY ADVISORIES:
Microsoft has released their monthly security bulletins,
which correct vulnerabilities in various products.
Users of Microsoft products are advised to visit Windows Update and
check for available updates.
Multiple browsers have been reported vulnerable to a spoofing issue
using IDN (International Domain Name).
The problem is caused due to an unintended result of the IDN
implementation, which allows using international characters in domain
names.
This can be exploited by registering domain names with certain
international characters that resembles other commonly used characters,
thereby causing the user to believe they are on a trusted site.
Secunia has constructed a test, which can be used to check if your
browser is affected by this issue.
Many products from Symantec and F-Secure have been reported vulnerable
to a buffer overflow vulnerability, which can be exploited by
malicious people to compromise a vulnerable system.
VIRUS ALERTS:
Secunia has not issued any virus alerts during the week.
This Weeks Top Ten Most Read Advisories:
1. [SA14163] Mozilla / Firefox / Camino IDN Spoofing Security Issue
2. [SA14179] Symantec Multiple Products UPX Parsing Engine Buffer
Overflow
3. [SA14164] Safari IDN Spoofing Security Issue
4. [SA14160] Mozilla / Firefox Three Vulnerabilities
5. [SA11165] Microsoft Internet Explorer Multiple Vulnerabilities
6. [SA14154] Opera IDN Spoofing Security Issue
7. [SA12889] Microsoft Internet Explorer Multiple Vulnerabilities
8. [SA14188] Mac OS X Finder Insecure File Creation Vulnerability
9. [SA14165] Netscape IDN Spoofing Security Issue
10. [SA13818] Opera "data:" URI Handler Spoofing Vulnerability
Vulnerabilities Summary Listing
Windows:
[SA14193] Microsoft Windows OLE / COM Two Vulnerabilities
[SA14190] Microsoft Windows Drag and Drop Vulnerability
[SA14177] Microsoft Office URL File Location Handling Buffer Overflow
[SA14174] Microsoft Various Products PNG Image Parsing Vulnerabilities
[SA14145] Foxmail Server "Mail From:" Buffer Overflow Vulnerability
[SA14209] VeriSign i-Nav Plug-In IDN Spoofing Security Issue
[SA14195] Microsoft Windows Hyperlink Object Library Buffer Overflow
[SA14187] RealArcade Two Vulnerabilities
[SA14172] ArGoSoft FTP Server Compressed Shortcut Upload Security
Bypass
[SA14169] 602LAN SUITE Webmail Arbitrary File Upload Vulnerability
[SA14161] ArGoSoft Mail Server Directory Traversal Vulnerabilities
[SA14146] RaidenHTTPD Relative Pathname Disclosure of Sensitive
Information
[SA14192] Microsoft Windows License Logging Service Buffer Overflow
[SA14206] Netscape Three Vulnerabilities
[SA14180] SharePoint Services Cross-Site Scripting and Spoofing
Vulnerability
[SA14134] LANChat Malformed Data Processing Denial of Service
[SA14144] Microsoft Outlook Web Access "owalogon.asp" Redirection
Weakness
[SA14189] Windows Anonymous Named Pipe Connection Information
Disclosure
UNIX/Linux:
[SA14167] Debian update for php3
[SA14156] Gentoo update for openmotif
[SA14149] SUSE Updates for Multiple Packages
[SA14140] Gentoo update for lesstif
[SA14241] Red Hat update for squirrelmail
[SA14229] Mandrake update for enscript
[SA14227] Mandrake update for python
[SA14223] Debian update for mailman
[SA14222] Red Hat update for mailman
[SA14220] HP-UX BIND Unspecified Denial of Service Vulnerability
[SA14215] Debian update for evolution
[SA14212] Ubuntu update for mailman
[SA14211] Mailman "private.py" Directory Traversal Vulnerability
[SA14208] SUSE update for squid
[SA14207] Gentoo update for pdftohtml
[SA14202] Gentoo update for python
[SA14196] Fedora update for emacs
[SA14194] Debian update for emacs20
[SA14191] Debian update for xemacs21
[SA14185] Ubuntu update for squid
[SA14182] Frox Deny ACL Security Bypass Vulnerability
[SA14178] UnixWare update for racoon
[SA14168] Ubuntu update for emacs21-bin-common
[SA14166] OmniWeb IDN Spoofing Security Issue
[SA14164] Safari IDN Spoofing Security Issue
[SA14162] KDE Applications IDN Spoofing Security Issue
[SA14158] Debian update for python2.2
[SA14150] Fedora update for python
[SA14148] GNU Emacs "popmail()" Format String Vulnerability
[SA14137] Ubuntu Postfix IPv6 Relaying Security Issue
[SA14133] Mozilla Application Suite "MSG_UnEscapeSearchUrl()" Buffer
Overflow
[SA14129] Ubuntu update for python
[SA14201] Avaya krb5 Two Vulnerabilities
[SA14132] HP CIFS Server Security Descriptor Parsing Integer Overflow
[SA14130] Sun Solaris Samba Integer Overflow Vulnerability
[SA14184] Fedora update for postgresql
[SA14170] UnixWare / OpenServer TCP Connection Reset Denial of Service
[SA14228] Mandrake update for squid
[SA14157] Debian update for squid
[SA14226] Mandrake update for mysql
[SA14218] Debian update for xview
[SA14213] XView "xv_parse_one()" Buffer Overflow Vulnerability
[SA14203] Mandrake update for perl
[SA14200] Avaya Various Products Kernel Vulnerabilities
[SA14199] Mandrake update for perl-DBI
[SA14198] IBM AIX auditselect Format String Vulnerability
[SA14188] Mac OS X Finder Insecure File Creation Vulnerability
[SA14186] Red Hat update for perl
[SA14176] SCO OpenServer "enable" Buffer Overflow Vulnerability
[SA14175] UnixWare update for foomatic-rip
[SA14173] IBM AIX chdev Format String Vulnerability
[SA14171] Gentoo update for postgresql
[SA14159] osh "iopen()" Buffer Overflow Vulnerability
[SA14152] Avaya PDS Multiple Privilege Escalation Vulnerabilities
[SA14151] Debian update for postgresql
[SA14139] Debian update for ncpfs
[SA14138] Ubuntu update for cpio
[SA14153] Avaya CMS UDP End Point Handling Denial of Service
Other:
[SA14136] Linksys PSUS4 Print Server HTTP POST Request Denial of
Service
Cross Platform:
[SA14216] F-Secure Multiple Products ARJ Archive Handling
Vulnerability
[SA14179] Symantec Multiple Products UPX Parsing Engine Buffer
Overflow
[SA14205] MyPHP Forum Multiple SQL Injection Vulnerabilities
[SA14181] xGB Administrative User Authentication Bypass Vulnerability
[SA14165] Netscape IDN Spoofing Security Issue
[SA14163] Mozilla / Firefox / Camino IDN Spoofing Security Issue
[SA14154] Opera IDN Spoofing Security Issue
[SA14143] Chipmunk Forum Multiple SQL Injection Vulnerabilities
[SA14142] CMScore Multiple SQL Injection Vulnerabilities
[SA14141] BXCP "show" Local File Inclusion Vulnerability
[SA14128] Python SimpleXMLRPCServer Library Module Vulnerability
[SA14183] BrightStor ARCserve Backup Discovery Service Buffer Overflow
[SA14160] Mozilla / Firefox Three Vulnerabilities
[SA14135] PowerDNS Traffic Handling Denial of Service Vulnerability
[SA14131] Claroline Add Course Script Insertion Vulnerability
[SA14204] Emdros MQL Parser Memory Leak Vulnerabilities
Vulnerabilities Content Listing
Windows:
[SA14193] Microsoft Windows OLE / COM Two Vulnerabilities
Critical: Highly critical
Where: From remote
Impact: Privilege escalation, System access
Released: 2005-02-08
Cesar Cerrudo has reported two vulnerabilities in Microsoft Windows,
which can be exploited by malicious, local users to gain escalated
privileges or by malicious people to compromise a vulnerable system.
[SA14190] Microsoft Windows Drag and Drop Vulnerability
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2005-02-08
A vulnerability has been reported in Microsoft Windows, which can be
exploited by malicious people to compromise a user's system.
[SA14177] Microsoft Office URL File Location Handling Buffer Overflow
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2005-02-08
Rafel Ivgi has reported a vulnerability Microsoft Office XP, which can
be exploited by malicious people to compromise a user's system.
[SA14174] Microsoft Various Products PNG Image Parsing Vulnerabilities
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2005-02-08
Two vulnerabilities have been reported in various Microsoft products,
which can be exploited by malicious people to compromise a vulnerable
system.
[SA14145] Foxmail Server "Mail From:" Buffer Overflow Vulnerability
Critical: Highly critical
Where: From remote
Impact: DoS, System access
Released: 2005-02-08
Fortinet has reported a vulnerability in Foxmail Server, which can be
exploited by malicious people to cause a DoS (Denial of Service) and
potentially compromise a vulnerable system.
[SA14209] VeriSign i-Nav Plug-In IDN Spoofing Security Issue
Critical: Moderately critical
Where: From remote
Impact: Spoofing
Released: 2005-02-09
Eric Johanson has reported a security issue in i-Nav Plug-In, which can
be exploited by a malicious web site to spoof the URL displayed in the
address bar, SSL certificate, and status bar.
[SA14195] Microsoft Windows Hyperlink Object Library Buffer Overflow
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2005-02-08
Anna Hollingzworth has reported a vulnerability in Microsoft Windows,
which potentially can be exploited by malicious people to compromise a
vulnerable system.
[SA14187] RealArcade Two Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data, System access
Released: 2005-02-09
Luigi Auriemma has reported two vulnerabilities in RealArcade, which
can be exploited by malicious people delete arbitrary files or
compromise a user's system.
[SA14172] ArGoSoft FTP Server Compressed Shortcut Upload Security
Bypass
Critical: Moderately critical
Where: From remote
Impact: Security Bypass
Released: 2005-02-08
Remus Hociota has reported a vulnerability in ArGoSoft FTP Server,
which can be exploited by malicious users to bypass certain security
restrictions.
[SA14169] 602LAN SUITE Webmail Arbitrary File Upload Vulnerability
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2005-02-08
Tan Chew Keong has reported a vulnerability in 602LAN SUITE, which can
be exploited by malicious webmail users to compromise a vulnerable
system.
[SA14161] ArGoSoft Mail Server Directory Traversal Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data, Exposure of sensitive information,
System access
Released: 2005-02-09
Tan Chew Keong has reported some vulnerabilities in ArGoSoft Mail
Server, which can be exploited by malicious users to disclose and
manipulate sensitive information, and potentially compromise a user's
system.
[SA14146] RaidenHTTPD Relative Pathname Disclosure of Sensitive
Information
Critical: Moderately critical
Where: From remote
Impact: Exposure of sensitive information
Released: 2005-02-07
Donato Ferrante has reported a vulnerability in RaidenHTTPD, which can
be exploited by malicious people to disclose sensitive information.
[SA14192] Microsoft Windows License Logging Service Buffer Overflow
Critical: Moderately critical
Where: From local network
Impact: System access
Released: 2005-02-08
Kostya Kortchinsky has reported a vulnerability in some versions of
Microsoft Windows, which can be exploited by malicious people to
compromise a vulnerable system.
[SA14206] Netscape Three Vulnerabilities
Critical: Less critical
Where: From remote
Impact: Security Bypass, Cross Site Scripting, Manipulation of
data
Released: 2005-02-09
mikx has discovered three vulnerabilities in Netscape, which can be
exploited by malicious people to plant malware on a user's system,
conduct cross-site scripting attacks and bypass certain security
restrictions.
[SA14180] SharePoint Services Cross-Site Scripting and Spoofing
Vulnerability
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting, Spoofing, Manipulation of data
Released: 2005-02-08
A vulnerability has been reported in Windows SharePoint Services and
SharePoint Team Services, which can be exploited by malicious people to
conduct cross-site scripting attacks.
[SA14134] LANChat Malformed Data Processing Denial of Service
Critical: Less critical
Where: From local network
Impact: DoS
Released: 2005-02-04
Donato Ferrante has reported a vulnerability in LANChat Pro Revival,
which can be exploited by malicious people to cause a DoS (Denial of
Service).
[SA14144] Microsoft Outlook Web Access "owalogon.asp" Redirection
Weakness
Critical: Not critical
Where: From remote
Impact: Security Bypass
Released: 2005-02-08
Donnie Werner has reported a weakness in Microsoft Outlook Web Access
(OWA), which potentially can be exploited by malicious people to
conduct phishing attacks.
[SA14189] Windows Anonymous Named Pipe Connection Information
Disclosure
Critical: Not critical
Where: From local network
Impact: Exposure of system information
Released: 2005-02-08
Jean-Baptiste Marchand has reported a weakness in Microsoft Windows XP,
which can be exploited by malicious people to gain knowledge of certain
system information.
[SA14156] Gentoo update for openmotif
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2005-02-07
Gentoo has issued an update for openmotif. This fixes multiple
vulnerabilities, which potentially can be exploited by malicious people
to compromise a user's system.
[SA14149] SUSE Updates for Multiple Packages
Critical: Highly critical
Where: From remote
Impact: Unknown, Security Bypass, Cross Site Scripting, Spoofing,
Exposure of sensitive information, Privilege escalation, DoS, System
access
Released: 2005-02-07
SUSE has issued updates for multiple packages. These fix various
vulnerabilities, where some has an unknown impacts, and others can be
exploited to cause a DoS (Denial of Service), perform spoofing and
cross-site scripting attacks, disclose sensitive information, perform
certain actions with escalated privileges, or compromise a vulnerable
system.
[SA14140] Gentoo update for lesstif
Critical: Highly critical
Where: From remote
Impact: DoS, System access
Released: 2005-02-07
Gentoo has issued an update for lesstif. This fixes some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service) or compromise a vulnerable system.
[SA14241] Red Hat update for squirrelmail
Critical: Moderately critical
Where: From remote
Impact: Exposure of sensitive information, Cross Site Scripting
Released: 2005-02-11
Red Hat has issued an update for squirrelmail. This fixes three
vulnerabilities, which can be exploited by malicious people to gain
knowledge of sensitive information or conduct cross-site scripting
attacks.
[SA14229] Mandrake update for enscript
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2005-02-11
MandrakeSoft has issued an update for enscript. This fixes some
vulnerabilities, which potentially can be exploited by malicious people
to compromise a vulnerable system.
[SA14227] Mandrake update for python
Critical: Moderately critical
Where: From remote
Impact: Security Bypass, Manipulation of data, Exposure of
sensitive information, System access
Released: 2005-02-11
MandrakeSoft has issued an update for python. This fixes a
vulnerability, which can be exploited by malicious people to bypass
certain security restrictions.
[SA14223] Debian update for mailman
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting, Exposure of sensitive information
Released: 2005-02-11
Debian has issued an update for mailman. This fixes two
vulnerabilities, which can be exploited by malicious people to conduct
cross-site scripting attacks and disclose sensitive information.
[SA14222] Red Hat update for mailman
Critical: Moderately critical
Where: From remote
Impact: Exposure of sensitive information
Released: 2005-02-11
Red Hat has issued an update for mailman. This fixes a vulnerability,
which can be exploited by malicious people to disclose sensitive
information.
[SA14220] HP-UX BIND Unspecified Denial of Service Vulnerability
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2005-02-10
A vulnerability has been reported in HP-UX, which can be exploited by
malicious people to cause a DoS (Denial of Service).
[SA14215] Debian update for evolution
Critical: Moderately critical
Where: From remote
Impact: Privilege escalation, System access
Released: 2005-02-10
Debian has issued an update for evolution. This fixes a vulnerability,
which can be exploited by malicious, local users to gain escalated
privileges and by malicious people to compromise a user's system.
[SA14212] Ubuntu update for mailman
Critical: Moderately critical
Where: From remote
Impact: Exposure of sensitive information
Released: 2005-02-10
Ubuntu has issued an update for mailman. This fixes a vulnerability,
which can be exploited by malicious people to disclose sensitive
information.
[SA14211] Mailman "private.py" Directory Traversal Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Exposure of sensitive information
Released: 2005-02-10
John Cartwright has reported a vulnerability in Mailman, which can be
exploited by malicious people to disclose sensitive information.
[SA14208] SUSE update for squid
Critical: Moderately critical
Where: From remote
Impact: Unknown, Security Bypass, DoS, System access
Released: 2005-02-11
SUSE has issued an update for squid, which fixes multiple
vulnerabilities. One has an unknown impact, and others can be exploited
to bypass certain security restrictions, cause a DoS (Denial of
Service), or potentially compromise a vulnerable system.
[SA14207] Gentoo update for pdftohtml
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2005-02-10
Gentoo has issued an update for pdftohtml. This fixes a vulnerability,
which potentially can be exploited by malicious people to compromise a
user's system.
[SA14202] Gentoo update for python
Critical: Moderately critical
Where: From remote
Impact: Security Bypass, Manipulation of data, Exposure of
sensitive information, System access
Released: 2005-02-09
Gentoo has issued an update for python. This fixes a vulnerability,
which can be exploited by malicious people to bypass certain security
restrictions.
[SA14196] Fedora update for emacs
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2005-02-09
Fedora has issued an update for emacs. This fixes a vulnerability,
which can be exploited by malicious people to compromise a user's
system.
[SA14194] Debian update for emacs20
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2005-02-09
Debian has issued an update for emacs20. This fixes a vulnerability,
which can be exploited by malicious people to compromise a user's
system.
[SA14191] Debian update for xemacs21
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2005-02-09
Debian has issued an update for xemacs21. This fixes a vulnerability,
which can be exploited by malicious people to compromise a user's
system.
[SA14185] Ubuntu update for squid
Critical: Moderately critical
Where: From remote
Impact: Unknown, Security Bypass, DoS
Released: 2005-02-08
Ubuntu has issued an update for squid, which fixes various
vulnerabilities. One has an unknown impact, and others can be exploited
by malicious people to bypass certain security restrictions and cause a
DoS (Denial of Service).
[SA14182] Frox Deny ACL Security Bypass Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Security Bypass
Released: 2005-02-08
A vulnerability has been reported in Frox, which can be exploited by
malicious people to bypass certain security restrictions.
[SA14178] UnixWare update for racoon
Critical: Moderately critical
Where: From remote
Impact: Hijacking, Security Bypass, Manipulation of data, DoS
Released: 2005-02-08
SCO has issued an update for racoon. This fixes multiple
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service), establish unauthorised connections, bypass
certain security restrictions, and conduct MitM (Man-in-the-Middle)
attacks.
[SA14168] Ubuntu update for emacs21-bin-common
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2005-02-08
Ubuntu has issued an update for emacs21-bin-common. This fixes a
vulnerability, which can be exploited by malicious people to compromise
a user's system.
[SA14166] OmniWeb IDN Spoofing Security Issue
Critical: Moderately critical
Where: From remote
Impact: Spoofing
Released: 2005-02-07
Eric Johanson has reported a security issue in OmniWeb, which can be
exploited by a malicious web site to spoof the URL displayed in the
address bar, SSL certificate, and status bar.
[SA14164] Safari IDN Spoofing Security Issue
Critical: Moderately critical
Where: From remote
Impact: Spoofing
Released: 2005-02-07
Eric Johanson has reported a security issue in Safari, which can be
exploited by a malicious web site to spoof the URL displayed in the
address bar, SSL certificate, and status bar.
[SA14162] KDE Applications IDN Spoofing Security Issue
Critical: Moderately critical
Where: From remote
Impact: Spoofing
Released: 2005-02-07
Eric Johanson has reported a security issue in Konqueror, which can be
exploited by a malicious web site to spoof the URL displayed in the
address bar and status bar.
[SA14158] Debian update for python2.2
Critical: Moderately critical
Where: From remote
Impact: Security Bypass, Manipulation of data, Exposure of
sensitive information, System access
Released: 2005-02-07
Debian has issued an update for python2.2. This fixes a vulnerability,
which can be exploited by malicious people to bypass certain security
restrictions.
[SA14150] Fedora update for python
Critical: Moderately critical
Where: From remote
Impact: Security Bypass, Manipulation of data, Exposure of
sensitive information, System access
Released: 2005-02-07
Fedora has issued an update for python. This fixes a vulnerability,
which can be exploited by malicious people to bypass certain security
restrictions.
[SA14148] GNU Emacs "popmail()" Format String Vulnerability
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2005-02-08
A vulnerability has been reported in GNU Emacs, which can be exploited
by malicious people to compromise a user's system.
[SA14137] Ubuntu Postfix IPv6 Relaying Security Issue
Critical: Moderately critical
Where: From remote
Impact: Security Bypass
Released: 2005-02-04
Ubuntu has issued an update for postfix. This fixes a security issue,
which can be exploited by malicious people to use a vulnerable system
as an open relay.
[SA14133] Mozilla Application Suite "MSG_UnEscapeSearchUrl()" Buffer
Overflow
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2005-02-04
HP has confirmed a vulnerability in Mozilla Application Suite for Tru64
UNIX, which can be exploited by malicious people to cause a DoS (Denial
of Service) and potentially compromise a user's system.
[SA14129] Ubuntu update for python
Critical: Moderately critical
Where: From remote
Impact: Security Bypass, Manipulation of data, Exposure of
sensitive information, System access
Released: 2005-02-04
Ubuntu has issued updates for python2.2 and python2.3. These fix a
vulnerability, which can be exploited by malicious people to bypass
certain security restrictions.
[SA14201] Avaya krb5 Two Vulnerabilities
Critical: Moderately critical
Where: From local network
Impact: Privilege escalation, System access
Released: 2005-02-10
Avaya has acknowledged some vulnerabilities in krb5, which can be
exploited by malicious, local users to perform certain actions on a
vulnerable system with escalated privileges and by malicious users to
potentially compromise a vulnerable system.
[SA14132] HP CIFS Server Security Descriptor Parsing Integer Overflow
Critical: Moderately critical
Where: From local network
Impact: System access
Released: 2005-02-04
HP has acknowledged a vulnerability in CIFS Server, which can be
exploited by malicious users to compromise a vulnerable system.
[SA14130] Sun Solaris Samba Integer Overflow Vulnerability
Critical: Moderately critical
Where: From local network
Impact: System access
Released: 2005-02-04
Sun has acknowledged a vulnerability in Solaris, which can be exploited
by malicious users to compromise a vulnerable system.
[SA14184] Fedora update for postgresql
Critical: Less critical
Where: From remote
Impact: Unknown, Security Bypass, Privilege escalation
Released: 2005-02-08
Fedora has issued an update for postgresql. This fixes various
vulnerabilities, where some have an unknown impact and others can be
exploited by malicious users to gain escalated privileges or bypass
certain security restrictions.
[SA14170] UnixWare / OpenServer TCP Connection Reset Denial of Service
Critical: Less critical
Where: From remote
Impact: DoS
Released: 2005-02-08
SCO has acknowledged a vulnerability in UnixWare and OpenServer, which
can be exploited by malicious people to reset established TCP
connections on a vulnerable system.
[SA14228] Mandrake update for squid
Critical: Less critical
Where: From local network
Impact: Security Bypass, DoS
Released: 2005-02-11
MandrakeSoft has issued an update for squid. This fixes a vulnerability
and a security issue, which can be exploited by malicious users to
bypass certain security restrictions and by malicious people to cause a
DoS (Denial of Service).
[SA14157] Debian update for squid
Critical: Less critical
Where: From local network
Impact: Security Bypass, DoS
Released: 2005-02-07
Debian has issued an update for squid. This fixes some vulnerabilities,
which can be exploited by malicious people to bypass certain security
restrictions or cause a DoS (Denial of Service).
[SA14226] Mandrake update for mysql
Critical: Less critical
Where: Local system
Impact: Manipulation of data, Exposure of sensitive information,
Privilege escalation
Released: 2005-02-11
MandrakeSoft has issued an update for mysql. This fixes a
vulnerability, which can be exploited by malicious, local users to
perform certain actions on a vulnerable system with escalated
privileges.
[SA14218] Debian update for xview
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2005-02-10
Debian has issued an update for xview. This fixes a vulnerability,
which potentially can be exploited by malicious, local users to gain
escalated privileges.
[SA14213] XView "xv_parse_one()" Buffer Overflow Vulnerability
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2005-02-10
Erik Sjölund has reported a vulnerability in XView, which potentially
can be exploited by malicious, local users to gain escalated
privileges.
[SA14203] Mandrake update for perl
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2005-02-09
MandrakeSoft has issued an update for perl. This fixes some
vulnerabilities, which can be exploited by malicious, local users to
gain escalated privileges.
[SA14200] Avaya Various Products Kernel Vulnerabilities
Critical: Less critical
Where: Local system
Impact: Privilege escalation, DoS
Released: 2005-02-09
Avaya has acknowledged some vulnerabilities in various products, which
can be exploited by malicious, local users to cause a DoS (Denial of
Service) or gain escalated privileges.
[SA14199] Mandrake update for perl-DBI
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2005-02-09
MandrakeSoft has issued an update for perl-DBI. This fixes a
vulnerability, which can be exploited by malicious, local users to
perform certain actions on a vulnerable system with escalated
privileges.
[SA14198] IBM AIX auditselect Format String Vulnerability
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2005-02-09
iDEFENSE has reported a vulnerability in IBM AIX, which can be
exploited by malicious, local users to gain escalated privileges.
[SA14188] Mac OS X Finder Insecure File Creation Vulnerability
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2005-02-08
vade79 has discovered a vulnerability in Finder, which can be exploited
by malicious, local users to perform certain actions on a vulnerable
system with escalated privileges.
[SA14186] Red Hat update for perl
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2005-02-08
Red Hat has issued an update for perl. This fixes two vulnerabilities,
which can be exploited by malicious, local users to gain escalated
privileges.
[SA14176] SCO OpenServer "enable" Buffer Overflow Vulnerability
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2005-02-08
A vulnerability has been reported in OpenServer, which can be exploited
by malicious, local users to gain escalated privileges.
[SA14175] UnixWare update for foomatic-rip
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2005-02-08
SCO has issued an update for foomatic-rip. This fixes a vulnerability,
which can be exploited by malicious, local users to gain escalated
privileges.
[SA14173] IBM AIX chdev Format String Vulnerability
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2005-02-08
iDEFENSE has reported a vulnerability in AIX, which can be exploited by
malicious, local users to gain escalated privileges.
[SA14171] Gentoo update for postgresql
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2005-02-08
Gentoo has issued an update for postgresql. This fixes a vulnerability,
which can be exploited by malicious, local users to gain escalated
privileges.
[SA14159] osh "iopen()" Buffer Overflow Vulnerability
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2005-02-08
Charles Stevenson has reported a vulnerability in osh, which can be
exploited by malicious, local users to gain escalated privileges.
[SA14152] Avaya PDS Multiple Privilege Escalation Vulnerabilities
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2005-02-07
Avaya has acknowledged some vulnerabilities in PDS, which can be
exploited by malicious, local users to gain escalated privileges.
[SA14151] Debian update for postgresql
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2005-02-07
Debian has issued an update for postgresql. This fixes a vulnerability,
which can be exploited by malicious, local users to gain escalated
privileges.
[SA14139] Debian update for ncpfs
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2005-02-04
Debian has issued an update for ncpfs. This fixes a vulnerability,
which can be exploited by malicious, local users to perform certain
actions on a vulnerable system with escalated privileges.
[SA14138] Ubuntu update for cpio
Critical: Less critical
Where: Local system
Impact: Manipulation of data, Exposure of sensitive information
Released: 2005-02-04
Ubuntu has issued an update for cpio. This fixes a vulnerability, which
can be exploited by malicious, local users to disclose and manipulate
information.
[SA14153] Avaya CMS UDP End Point Handling Denial of Service
Critical: Not critical
Where: Local system
Impact: DoS
Released: 2005-02-07
Avaya has acknowledged a vulnerability in CMS, which potentially can be
exploited by malicious, local users to cause a DoS (Denial of Service).
[SA14179] Symantec Multiple Products UPX Parsing Engine Buffer
Overflow
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2005-02-09
ISS X-Force has reported a vulnerability in multiple Symantec products,
which can be exploited by malicious people to compromise a vulnerable
system.
[SA14205] MyPHP Forum Multiple SQL Injection Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2005-02-10
foster GHC has reported some vulnerabilities in MyPHP Forum, which can
be exploited by malicious people to conduct SQL injection attacks.
[SA14181] xGB Administrative User Authentication Bypass Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Security Bypass
Released: 2005-02-08
Albania Security Clan has reported a vulnerability in xGB, which can be
exploited by malicious people to bypass the user authentication and gain
administrative access.
[SA14165] Netscape IDN Spoofing Security Issue
Critical: Moderately critical
Where: From remote
Impact: Spoofing
Released: 2005-02-07
Eric Johanson has reported a security issue in Netscape, which can be
exploited by a malicious web site to spoof the URL displayed in the
address bar, SSL certificate, and status bar.
[SA14163] Mozilla / Firefox / Camino IDN Spoofing Security Issue
Critical: Moderately critical
Where: From remote
Impact: Spoofing
Released: 2005-02-07
Eric Johanson has reported a security issue in Mozilla / Firefox /
Camino, which can be exploited by a malicious web site to spoof the URL
displayed in the address bar, SSL certificate, and status bar.
[SA14154] Opera IDN Spoofing Security Issue
Critical: Moderately critical
Where: From remote
Impact: Spoofing
Released: 2005-02-07
Eric Johanson has reported a security issue in Opera, which can be
exploited by a malicious web site to spoof the URL displayed in the
address bar, SSL certificate, and status bar.
[SA14143] Chipmunk Forum Multiple SQL Injection Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2005-02-07
GHC vision has reported some vulnerabilities in Chipmunk Forum, which
can be exploited by malicious people to conduct SQL injection attacks.
[SA14142] CMScore Multiple SQL Injection Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2005-02-07
GHC vision has reported some vulnerabilities in CMScore, which can be
exploited by malicious people to conduct SQL injection attacks.
[SA14141] BXCP "show" Local File Inclusion Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Exposure of sensitive information
Released: 2005-02-07
Majest has reported a vulnerability in BXCP, which can be exploited by
malicious people to disclose sensitive information.
[SA14128] Python SimpleXMLRPCServer Library Module Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Security Bypass, Manipulation of data, Exposure of
sensitive information, System access
Released: 2005-02-04
Graham Dumpleton has reported a vulnerability in Python, which can be
exploited by malicious people to bypass certain security restrictions.
[SA14183] BrightStor ARCserve Backup Discovery Service Buffer Overflow
Critical: Moderately critical
Where: From local network
Impact: System access
Released: 2005-02-08
Patrik Karlsson has reported a vulnerability in BrightStor
ARCserve/Enterprise Backup, which can be exploited by malicious people
to compromise a vulnerable system.
[SA14160] Mozilla / Firefox Three Vulnerabilities
Critical: Less critical
Where: From remote
Impact: Security Bypass, Cross Site Scripting, Manipulation of
data
Released: 2005-02-08
mikx has discovered three vulnerabilities in Mozilla and Firefox, which
can be exploited by malicious people to plant malware on a user's
system, conduct cross-site scripting attacks and bypass certain
security restrictions.
[SA14135] PowerDNS Traffic Handling Denial of Service Vulnerability
Critical: Less critical
Where: From remote
Impact: DoS
Released: 2005-02-04
A vulnerability has been reported in PowerDNS, which can be exploited
by malicious people to cause a DoS (Denial of Service).
[SA14131] Claroline Add Course Script Insertion Vulnerability
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2005-02-04
Yiannis Girod has reported a vulnerability in Claroline, which can be
exploited by malicious users to conduct script insertion attacks.
[SA14204] Emdros MQL Parser Memory Leak Vulnerabilities
Critical: Less critical
Where: From local network
Impact: DoS
Released: 2005-02-09
Some vulnerabilities have been reported in Emdros, which potentially
can be exploited by malicious users to cause a DoS (Denial of
Service).
© 2008; SpywareUninstaller.com Group Project; All Rights Reserved.