Secunia Part B
[SA15997] Debian update for ruby1.8
Critical: Moderately critical
Where: From remote
Impact: Security Bypass
Released: 2005-07-11
Debian has issued an update for ruby1.8. This fixes a vulnerability,
which potentially can be exploited by malicious people to bypass
certain security restrictions.
Full Advisory:
http://secunia.com/advisories/15997/
[SA15992] Debian update for cvs
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2005-07-08
Debian has issued an update for cvs. This fixes a vulnerability, which
can be exploited by malicious people to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/15992/
[SA15988] Affix Buffer Overflow and Shell Command Injection
Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2005-07-13
Kevin Finisterre has reported two vulnerabilities in Affix, which can
be exploited by malicious people to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/15988/
[SA16066] Gentoo update for bugzilla
Critical: Less critical
Where: From remote
Impact: Exposure of sensitive information
Released: 2005-07-14
Gentoo has issued an update for bugzilla. This fixes two
vulnerabilities, which can be exploited by malicious users to bypass
certain security restrictions and gain knowledge of sensitive
information.
Full Advisory:
http://secunia.com/advisories/16066/
[SA16037] SGI Advanced Linux Environment Multiple Updates
Critical: Less critical
Where: From remote
Impact: Security Bypass, Exposure of system information
Released: 2005-07-12
SGI has issued a patch for SGI Advanced Linux Environment. This fixes
multiple vulnerabilities, which can be exploited malicious people to
gain knowledge of system information, or by malicious, local users to
execute arbitrary commands with escalated privileges.
Full Advisory:
http://secunia.com/advisories/16037/
[SA16036] SGI Advanced Linux Environment Multiple Updates
Critical: Less critical
Where: From remote
Impact: Manipulation of data, DoS
Released: 2005-07-12
SGI has issued a patch for SGI Advanced Linux Environment. This fixes a
vulnerability, which potentially can be exploited by malicious users to
conduct SQL injection attacks or to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/16036/
[SA16035] SGI Advanced Linux Environment Multiple Updates
Critical: Less critical
Where: From remote
Impact: Spoofing, Exposure of system information, Exposure of
sensitive information, DoS
Released: 2005-07-12
SGI has issued a patch for SGI Advanced Linux Environment. This fixes
multiple vulnerabilities, which can be exploited malicious people to
gain knowledge of various information, cause a Denial of Service (DoS),
or spoof DNS lookups.
Full Advisory:
http://secunia.com/advisories/16035/
[SA16030] Debian update for gzip
Critical: Less critical
Where: From remote
Impact: System access
Released: 2005-07-12
Debian has issued an update for gzip. This fixes a vulnerability, which
potentially can be exploited by malicious people to compromise a user's
system.
Full Advisory:
http://secunia.com/advisories/16030/
[SA16021] Bugzilla Two Information Disclosure Vulnerabilities
Critical: Less critical
Where: From remote
Impact: Exposure of sensitive information
Released: 2005-07-11
Two vulnerabilities have been reported in Bugzilla, which can be
exploited by malicious users to bypass certain security restrictions
and gain knowledge of sensitive information.
Full Advisory:
http://secunia.com/advisories/16021/
[SA16019] Mandriva update for cpio
Critical: Less critical
Where: From remote
Impact: Security Bypass, Manipulation of data
Released: 2005-07-12
Mandriva has issued an update for cpio. This fixes a vulnerability,
which can be exploited by malicious people to cause files to be
unpacked to arbitrary locations on a user's system.
Full Advisory:
http://secunia.com/advisories/16019/
[SA16016] AIX ftpd Unspecified Denial of Service Vulnerability
Critical: Less critical
Where: From remote
Impact: DoS
Released: 2005-07-11
A vulnerability has been reported in AIX, which can be exploited by
malicious users to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/16016/
[SA16013] Mandriva update for leafnode
Critical: Less critical
Where: From remote
Impact: DoS
Released: 2005-07-12
Mandriva has issued an update for leafnode. This fixes two security
issues and a vulnerability, which can be exploited by malicious people
to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/16013/
[SA16010] Mandriva update for clamav
Critical: Less critical
Where: From remote
Impact: DoS
Released: 2005-07-12
Mandriva has issued an update for clamav. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service).
Full Advisory:
http://secunia.com/advisories/16010/
[SA15996] Debian update for gedit
Critical: Less critical
Where: From remote
Impact: System access
Released: 2005-07-12
Debian has issued an update for gedit. This fixes a vulnerability,
which potentially can be exploited by malicious people to compromise a
user's system.
Full Advisory:
http://secunia.com/advisories/15996/
[SA16072] Fedora update for net-snmp
Critical: Less critical
Where: From local network
Impact: Privilege escalation, DoS
Released: 2005-07-14
Fedora has issued an update for net-snmp. This fixes two
vulnerabilities, which can be exploited by malicious users to cause a
DoS (Denial of Service) or by malicious, local users to perform certain
actions on a vulnerable system with escalated privileges.
Full Advisory:
http://secunia.com/advisories/16072/
[SA16046] Mandriva update for dhcpcd
Critical: Less critical
Where: From local network
Impact: DoS
Released: 2005-07-13
Mandriva has issued an update for dhcpcd. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service).
Full Advisory:
http://secunia.com/advisories/16046/
[SA16032] Debian update for squid
Critical: Less critical
Where: From local network
Impact: Spoofing
Released: 2005-07-12
Debian has issued an update for squid. This fixes a vulnerability,
which can be exploited by malicious people to spoof DNS lookups.
Full Advisory:
http://secunia.com/advisories/16032/
[SA16006] SGI ProPack arrayd Privilege Escalation Vulnerability
Critical: Less critical
Where: From local network
Impact: Privilege escalation
Released: 2005-07-12
A vulnerability has been reported arrayd, which can be exploited by
malicious users to gain escalated privileges.
Full Advisory:
http://secunia.com/advisories/16006/
[SA15984] Debian update for dhcpcd
Critical: Less critical
Where: From local network
Impact: DoS
Released: 2005-07-11
Debian has issued an update for dhcpcd. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service).
Full Advisory:
http://secunia.com/advisories/15984/
[SA15982] dhcpcd Denial of Service Vulnerability
Critical: Less critical
Where: From local network
Impact: DoS
Released: 2005-07-11
A vulnerability has been reported in dhcpcd, which can be exploited by
malicious people to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/15982/
[SA16053] Debian update for centericq
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2005-07-13
Debian has issued an update for centericq. This fixes a vulnerability,
which can be exploited by malicious, local users to perform certain
actions on a vulnerable system with escalated privileges.
Full Advisory:
http://secunia.com/advisories/16053/
[SA16040] xpvm "xpvm.tcl" Insecure Temporary File Creation
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2005-07-12
Eric Romang has reported a vulnerability in xpvm, which can be
exploited by malicious, local users to perform certain actions on a
vulnerable system with escalated privileges.
Full Advisory:
http://secunia.com/advisories/16040/
[SA16039] Heartbeat Multiple Insecure Temporary File Creation
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2005-07-12
Eric Romang has reported a vulnerability in heartbeat, which can be
exploited by malicious, local users to perform certain actions on a
vulnerable system with escalated privileges.
Full Advisory:
http://secunia.com/advisories/16039/
[SA16038] SMS "mpl.sh" Insecure Temporary File Creation
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2005-07-12
Eric Romang has reported a vulnerability in sms, which can be exploited
by malicious, local users to perform certain actions on a vulnerable
system with escalated privileges.
Full Advisory:
http://secunia.com/advisories/16038/
[SA16024] Debian update for fuse
Critical: Less critical
Where: Local system
Impact: Exposure of sensitive information
Released: 2005-07-11
Debian has issued an update for fuse. This fixes a vulnerability, which
can be exploited by malicious, local users to disclose potentially
sensitive information.
Full Advisory:
http://secunia.com/advisories/16024/
[SA15989] Backup Manager Unspecified Insecure Temporary File Creation
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2005-07-11
A vulnerability has been reported in Backup Manager, which potentially
can be exploited by malicious, local users to perform certain actions
on a vulnerable system with escalated privileges.
Full Advisory:
http://secunia.com/advisories/15989/
[SA15980] Linux Kernel IA32 Compatibility "execve()" Buffer Overflow
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2005-07-11
Ilja van Sprundel has reported a vulnerability in the Linux kernel,
which can be exploited by malicious, local users to cause a DoS (Denial
of Service) or potentially gain escalated privileges.
Full Advisory:
http://secunia.com/advisories/15980/
[SA15977] Elmo "stats_dump()" Insecure Temporary File Creation
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2005-07-12
Eric Romang has reported a vulnerability in Elmo, which can be
exploited by malicious, local users to perform certain actions on a
vulnerable system with escalated privileges.
Full Advisory:
http://secunia.com/advisories/15977/
[SA16059] Mozilla Multiple Vulnerabilities
Critical: Highly critical
Where: From remote
Impact: Security Bypass, Cross Site Scripting, System access
Released: 2005-07-13
Multiple vulnerabilities have been reported in Mozilla Suite, which can
be exploited by malicious people to bypass certain security
restrictions, conduct cross-site scripting attacks and compromise a
user's system.
Full Advisory:
http://secunia.com/advisories/16059/
[SA16049] Yawp "_Yawp[conf_path]" File Inclusion Vulnerability
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2005-07-13
Stefan Esser has reported a vulnerability in Yawp, which can be
exploited by malicious people to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/16049/
[SA16043] Firefox Multiple Vulnerabilities
Critical: Highly critical
Where: From remote
Impact: Security Bypass, Cross Site Scripting, System access
Released: 2005-07-13
Multiple vulnerabilities have been reported in Firefox, which can be
exploited by malicious people to bypass certain security restrictions,
conduct cross-site scripting attacks, and compromise a user's system.
Full Advisory:
http://secunia.com/advisories/16043/
[SA16031] iPhotoAlbum File Inclusion Vulnerabilities
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2005-07-12
V4mu has discovered two vulnerabilities in iPhotoAlbum, which can be
exploited by malicious people to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/16031/
[SA16022] SPiD "lang_path" File Inclusion Vulnerability
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2005-07-11
V4mu has discovered a vulnerability in SPiD, which can be exploited by
malicious people to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/16022/
[SA16011] PPA "config[ppa_root_path]" File Inclusion Vulnerability
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2005-07-12
V4mu has reported a vulnerability in PPA, which can be exploited by
malicious people to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/16011/
[SA16009] Squito Gallery "photoroot" File Inclusion Vulnerability
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2005-07-12
V4mu has discovered a vulnerability in Squito Gallery, which can be
exploited by malicious people to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/16009/
[SA16001] phpWebSite PEAR XML_RPC PHP Code Execution
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2005-07-11
A vulnerability has been reported in phpWebSite, which can be exploited
by malicious people to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/16001/
[SA15994] phpSecurePages "cfgProgDir" File Inclusion Vulnerability
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2005-07-08
Status-x has discovered a vulnerability in phpSecurePages, which can be
exploited by malicious people to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/15994/
[SA15990] PunBB SQL Injection and PHP Code Execution Vulnerabilities
Critical: Highly critical
Where: From remote
Impact: Security Bypass, Manipulation of data, System access
Released: 2005-07-08
Stefan Esser has reported some vulnerabilities in PunBB, which can be
exploited by malicious people to conduct SQL injection attacks and
compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/15990/
[SA16028] Moodle Unspecified Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Unknown
Released: 2005-07-12
Some potential vulnerabilities with unknown impacts have been reported
in Moodle.
Full Advisory:
http://secunia.com/advisories/16028/
[SA16003] DownloadProtect "file" Disclosure of Sensitive Information
Critical: Moderately critical
Where: From remote
Impact: Exposure of sensitive information
Released: 2005-07-11
A vulnerability has been reported in DownloadProtect, which can be
exploited by malicious people to disclose sensitive information.
Full Advisory:
http://secunia.com/advisories/16003/
[SA15991] Oracle Products Multiple Unspecified Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Unknown, Manipulation of data, Exposure of sensitive
information
Released: 2005-07-13
47 vulnerabilities have been reported in various Oracle products. Some
have an unknown impact, and others can be exploited to gain knowledge
of sensitive information or to manipulate data.
Full Advisory:
http://secunia.com/advisories/15991/
[SA15976] Id Board free "f" SQL Injection Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2005-07-11
Defa has discovered a vulnerability in Id Board free, which can be
exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/15976/
[SA16062] Mozilla Thunderbird XBL Controls Script Execution Vulnerability
Critical: Less critical
Where: From remote
Impact: Security Bypass
Released: 2005-07-13
moz_bug_r_a4 has reported a vulnerability in Thunderbird, which can be
exploited by malicious people to bypass certain security restrictions.
Full Advisory:
http://secunia.com/advisories/16062/
[SA15983] Blog Torrent User Credentials Disclosure Security Issue
Critical: Less critical
Where: From remote
Impact: Exposure of sensitive information
Released: 2005-07-12
LazyCrs and pjphem have reported a security issue in Blog Torrent,
which can be exploit by malicious people to gain knowledge of sensitive
information.
Full Advisory:
http://secunia.com/advisories/15983/