Secunia
[SA14346] Apple Mac OS X update for Java
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2005-02-23
Apple has acknowledged a vulnerability in Java for Mac OS X, which can
be exploited by malicious people to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/14346/
[SA14364] cURL/libcURL NTLM and Kerberos Authentication Buffer Overflows
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2005-02-22
infamous41md has reported two vulnerabilities in cURL/libcURL, which
can be exploited by malicious people to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/14364/
[SA14363] Gentoo update for putty
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2005-02-22
Gentoo has issued an update for putty. This fixes two vulnerabilities,
which can be exploited by malicious people to compromise a user's
system.
Full Advisory:
http://secunia.com/advisories/14363/
[SA14361] Gentoo update for gproftpd
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2005-02-21
Gentoo has issued an update for gproftpd. This fixes a vulnerability,
which can be exploited by malicious users to compromise a vulnerable
system.
Full Advisory:
http://secunia.com/advisories/14361/
[SA14352] SUSE Updates for Multiple Packages
Critical: Moderately critical
Where: From remote
Impact: Security Bypass, Manipulation of data, DoS, System access
Released: 2005-02-22
SUSE has issued updates for multiple packages. These fix various
vulnerabilities, which can be exploited to gain escalated privileges,
bypass certain security restrictions, enumerate valid users, overwrite
files, cause a DoS (Denial of Service), or potentially compromise a
vulnerable system.
Full Advisory:
http://secunia.com/advisories/14352/
[SA14340] GProftpd Log Parser Format String Vulnerability
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2005-02-21
Tavis Ormandy has reported a vulnerability in GProftpd, which can be
exploited by malicious users to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/14340/
[SA14331] Gentoo update for mc
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2005-02-18
Gentoo has issued an update for mc. This fixes multiple
vulnerabilities, which potentially can be exploited by malicious people
to cause a DoS (Denial of Service) or execute arbitrary code.
Full Advisory:
http://secunia.com/advisories/14331/
[SA14330] Astaro update for BIND
Critical: Moderately critical
Where: From remote
Impact: Unknown
Released: 2005-02-18
Full Advisory:
http://secunia.com/advisories/14330/
[SA14334] Fedora update for kdeedu
Critical: Moderately critical
Where: From local network
Impact: Privilege escalation, System access
Released: 2005-02-18
Fedora has issued an update for kdeedu. This fixes some
vulnerabilities, which can be exploited by malicious, local users to
gain escalated privileges and potentially by malicious people to
compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/14334/
[SA14376] Debian update for libapache-mod-python
Critical: Less critical
Where: From remote
Impact: Exposure of sensitive information
Released: 2005-02-23
Debian has issued an update for libapache-mod-python. This fixes a
vulnerability, which potentially can be exploited by malicious people
to disclose sensitive information.
Full Advisory:
http://secunia.com/advisories/14376/
[SA14375] SUSE update for squid
Critical: Less critical
Where: From remote
Impact: DoS
Released: 2005-02-23
SUSE has issued an update for squid. This fixes a vulnerability, which
can be exploited by malicious people to cause a DoS (Denial of
Service).
Full Advisory:
http://secunia.com/advisories/14375/
[SA14370] Fedora update for squid
Critical: Less critical
Where: From remote
Impact: DoS
Released: 2005-02-23
Fedora has issued an update for squid. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/14370/
[SA14368] Debian update for squid
Critical: Less critical
Where: From remote
Impact: DoS
Released: 2005-02-23
Debian has issued an update for squid. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/14368/
[SA14355] Red Hat update for imap
Critical: Less critical
Where: From remote
Impact: System access
Released: 2005-02-21
Red Hat has issued an update for imap. This fixes an older
vulnerability, which can be exploited by malicious people to compromise
a user's system.
Full Advisory:
http://secunia.com/advisories/14355/
[SA14354] glFTPd "SITE NFO" Directory Traversal Vulnerability
Critical: Less critical
Where: From remote
Impact: Exposure of system information, Exposure of sensitive information
Released: 2005-02-22
Paul Craig has reported a vulnerability in glFTPd, which can be
exploited by malicious users to detect the presence of local files and
disclose some system and sensitive information.
Full Advisory:
http://secunia.com/advisories/14354/
[SA14348] Tarantella Products User Account Enumeration Security Issue
Critical: Less critical
Where: From remote
Impact: Exposure of system information
Released: 2005-02-21
A security issue has been reported in Secure Global Desktop Enterprise
Edition and Tarantella Enterprise, which can be exploited by malicious
people to enumerate valid user accounts and disclose some system
information.
Full Advisory:
http://secunia.com/advisories/14348/
[SA14347] Debian update for bidwatcher
Critical: Less critical
Where: From remote
Impact: System access
Released: 2005-02-21
Debian has issued an update for bidwatcher. This fixes a vulnerability,
which potentially can be exploited by malicious people to compromise a
user's system.
Full Advisory:
http://secunia.com/advisories/14347/
[SA14343] Ubuntu update for squid
Critical: Less critical
Where: From remote
Impact: DoS
Released: 2005-02-21
Ubuntu has issued an update for squid. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/14343/
[SA14341] Gentoo update for gftp
Critical: Less critical
Where: From remote
Impact: Security Bypass, Manipulation of data
Released: 2005-02-21
Gentoo has issued an update for gftp. This fixes a vulnerability, which
can be exploited by malicious people to conduct directory traversal attacks.
Full Advisory:
http://secunia.com/advisories/14341/
[SA14339] Gentoo update for squid
Critical: Less critical
Where: From remote
Impact: DoS
Released: 2005-02-21
Gentoo has issued an update for squid. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/14339/
[SA14332] Debian update for gftp
Critical: Less critical
Where: From remote
Impact: Security Bypass, Manipulation of data
Released: 2005-02-18
Debian has issued an update for gftp. This fixes a vulnerability, which
can be exploited by malicious people to conduct directory traversal attacks.
Full Advisory:
http://secunia.com/advisories/14332/
[SA14325] Mono ASP.NET Unicode Conversion Cross-Site Scripting
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2005-02-22
Andrey Rusyaev has discovered a vulnerability in Mono, which
potentially can be exploited by malicious people to conduct cross-site
scripting and script insertion attacks.
Full Advisory:
http://secunia.com/advisories/14325/
[SA14324] Bidwatcher eBay Format String Vulnerability
Critical: Less critical
Where: From remote
Impact: System access
Released: 2005-02-18
Ulf Härnhammar has reported a vulnerability in Bidwatcher, which
potentially can be exploited by malicious people to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/14324/
[SA14323] Mandrake update for kdelibs
Critical: Less critical
Where: From remote
Impact: Manipulation of data, Privilege escalation
Released: 2005-02-18
MandrakeSoft has issued an update for kdelibs. This fixes two
vulnerabilities, which can be exploited by malicious, local users to
perform certain actions on a vulnerable system with escalated
privileges and by malicious people to conduct FTP command injection
attacks.
Full Advisory:
http://secunia.com/advisories/14323/
[SA14320] Mandrake update for postgresql
Critical: Less critical
Where: From remote
Impact: Security Bypass, Privilege escalation, DoS
Released: 2005-02-18
MandrakeSoft has issued an update for postgresql. This fixes various
vulnerabilities, which can be exploited by malicious users to gain
escalated privileges, cause a DoS (Denial of Service), or bypass
certain security restrictions.
Full Advisory:
http://secunia.com/advisories/14320/
[SA14371] Fedora update for postgresql
Critical: Less critical
Where: From local network
Impact: Privilege escalation
Released: 2005-02-23
Fedora has issued an update for postgresql. This fixes some
vulnerabilities, which can be exploited by malicious users to gain
escalated privileges.
Full Advisory:
http://secunia.com/advisories/14371/
[SA14328] fallback-reboot Daemon Status Denial of Service Vulnerability
Critical: Less critical
Where: From local network
Impact: DoS
Released: 2005-02-22
A vulnerability has been reported in fallback-reboot, which potentially
can be exploited by malicious people to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/14328/
[SA14321] Ulog-php SQL Injection Vulnerabilities
Critical: Less critical
Where: From local network
Impact: Manipulation of data
Released: 2005-02-21
Some vulnerabilities have been reported in Ulog-php, which can be
exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/14321/
[SA14357] Red Hat update for cpio
Critical: Less critical
Where: Local system
Impact: Exposure of sensitive information, Manipulation of data
Released: 2005-02-21
Red Hat has issued an update for cpio. This fixes a vulnerability,
which can be exploited by malicious, local users to disclose and
manipulate information.
Full Advisory:
http://secunia.com/advisories/14357/
[SA14356] Red Hat update for vim
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2005-02-21
Red Hat has issued an update for vim. This fixes a vulnerability, which
can be exploited by malicious, local users to perform certain actions on
a vulnerable system with escalated privileges.
Full Advisory:
http://secunia.com/advisories/14356/
[SA14345] IBM AIX Perl Interpreter Privilege Escalation Vulnerabilities
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2005-02-21
IBM has acknowledged two vulnerabilities in the perl interpreter in
AIX. These can be exploited by malicious, local users to gain escalated
privileges.
Full Advisory:
http://secunia.com/advisories/14345/
[SA14338] Sun Solaris kcms_configure Arbitrary File Manipulation Vulnerability
Critical: Less critical
Where: Local system
Impact: Manipulation of data
Released: 2005-02-22
A vulnerability has been reported in Sun Solaris, which can be
exploited by malicious, local users to manipulate the contents of
arbitrary files.
Full Advisory:
http://secunia.com/advisories/14338/
[SA14374] Fedora update for gaim
Critical: Not critical
Where: From remote
Impact: DoS
Released: 2005-02-23
Fedora has issued an update for gaim. This fixes two weaknesses, which
can be exploited by malicious people to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/14374/
[SA14322] Gaim Two Denial of Service Weaknesses
Critical: Not critical
Where: From remote
Impact: DoS
Released: 2005-02-18
Two weaknesses have been reported in Gaim, which can be exploited by
malicious people to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/14322/
[SA14337] Mambo "GLOBALS['mosConfig_absolute_path']" File Inclusion
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2005-02-21
A vulnerability has been reported in Mambo, which can be exploited by
malicious people to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/14337/
[SA14369] iGeneric iG Shop SQL Injection Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2005-02-23
John Cobb has reported some vulnerabilities in iG Shop, which can be
exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/14369/
[SA14362] phpBB Avatar Functions Information Disclosure and Deletion
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data, Exposure of sensitive information
Released: 2005-02-22
AnthraX101 has reported two vulnerabilities in phpBB, which can be
exploited by malicious users to disclose and delete sensitive
information.
Full Advisory:
http://secunia.com/advisories/14362/
[SA14359] unace Directory Traversal and Buffer Overflow Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2005-02-23
Ulf Härnhammar has discovered some vulnerabilities in unace, which can
be exploited by malicious people to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/14359/
[SA14351] Biz Mail Form Open Mail Relay Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Security Bypass
Released: 2005-02-22
Jason Frisvold has reported a vulnerability in Biz Mail Form, which can
be exploited by malicious people to use it as an open mail relay.
Full Advisory:
http://secunia.com/advisories/14351/
[SA14342] IRM LDAP Login Security Bypass Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Security Bypass
Released: 2005-02-21
Fulvio Civitareale has reported a vulnerability in IRM, which can be
exploited by malicious people to bypass certain security restrictions.
Full Advisory:
http://secunia.com/advisories/14342/
[SA14336] Batik Squiggle Browser Unspecified Security Bypass
Critical: Moderately critical
Where: From remote
Impact: Security Bypass
Released: 2005-02-22
A vulnerability has been reported in Batik, which can be exploited by
malicious people to bypass certain security restrictions.
Full Advisory:
http://secunia.com/advisories/14336/
[SA14333] PuTTY Two Integer Overflow Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2005-02-21
Gaël Delalleau has reported two vulnerabilities in PuTTY, which can be
exploited by malicious people to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/14333/
[SA14326] vBulletin "template" PHP Code Injection Vulnerability
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2005-02-22
pokleyzz has reported a vulnerability in vBulletin, which potentially
can be exploited by malicious users to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/14326/
[SA14319] WebCalendar "webcalendar_session" SQL Injection
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2005-02-18
Michael Scovetta has reported a vulnerability in WebCalendar, which can
be exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/14319/
[SA14327] Arkeia Backup Client Type 77 Request Processing Buffer Overflow
Critical: Moderately critical
Where: From local network
Impact: System access
Released: 2005-02-21
John Doe has reported a vulnerability in Arkeia, which can be exploited
by malicious people to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/14327/
[SA14360] MediaWiki Multiple Vulnerabilities
Critical: Less critical
Where: From remote
Impact: Security Bypass, Cross Site Scripting, Manipulation of data
Released: 2005-02-22
Some vulnerabilities have been reported in MediaWiki, which can be
exploited by malicious users to delete arbitrary files, and by
malicious people to conduct cross-site scripting attacks and bypass
certain security restrictions.
Full Advisory:
http://secunia.com/advisories/14360/
[SA14329] Invision Power Board SML Codes Script Insertion Vulnerability
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2005-02-21
Daniel A. has reported a vulnerability in Invision Power Board, which
potentially can be exploited by malicious users to conduct script
insertion attacks.
Full Advisory:
http://secunia.com/advisories/14329/