Secunia
[SA15777] SUSE update for java2
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2005-06-22
SUSE has issued an update for java2. This fixes two vulnerabilities,
which can be exploited by malicious people to compromise a user's
system.
Full Advisory:
http://secunia.com/advisories/15777/
[SA15755] Gentoo update for
sun-jdk/sun-jre-bin/blackdown-jdk/blackdown-jre
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2005-06-20
Gentoo has issued updates for sun-jdk, sun-jre-bin, blackdown-jdk, and
blackdown-jre. These fix a vulnerability, which can be exploited by
malicious people to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/15755/
[SA15753] Gentoo update for peercast
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2005-06-20
Gentoo has issued an update for peercast. This fixes a vulnerability,
which potentially can be exploited by malicious people to compromise a
vulnerable system.
Full Advisory:
http://secunia.com/advisories/15753/
[SA15750] Slackware update for sun-jdk/sun-jre
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2005-06-20
Slackware has issued an update for sun-jdk/sun-jre. This fixes two
vulnerabilities, which can be exploited by malicious people to
compromise a user's system.
Full Advisory:
http://secunia.com/advisories/15750/
[SA15772] Fedora update for ruby
Critical: Moderately critical
Where: From remote
Impact: Security Bypass
Released: 2005-06-22
Fedora has issued an update for ruby. This fixes a vulnerability, which
potentially can be exploited by malicious people to bypass certain
security restrictions.
Full Advisory:
http://secunia.com/advisories/15772/
[SA15766] Gentoo update for squirrelmail
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting
Released: 2005-06-22
Gentoo has issued an update for squirrelmail. This fixes several
vulnerabilities, which can be exploited by malicious people to conduct
cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/15766/
[SA15749] Sun ONE Messaging Server Unspecified Webmail Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting
Released: 2005-06-20
A vulnerability has been reported in Sun ONE Messaging Server, which
may be exploited by malicious people to conduct script insertion
attacks.
Full Advisory:
http://secunia.com/advisories/15749/
[SA15741] SUSE Updates for gpg2/telnet/unace/hord
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting, Exposure of system information,
System access
Released: 2005-06-20
SUSE has issued updates for gpg2, telnet, unace and horde. These fix
some vulnerabilities, which can be exploited by malicious people to
gain knowledge of various information, conduct cross-site scripting
attacks and compromise a user's system.
Full Advisory:
http://secunia.com/advisories/15741/
[SA15740] Yaws Source Code Disclosure Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Exposure of sensitive information
Released: 2005-06-17
M. Eiszner has reported a vulnerability in Yaws, which can be exploited
by malicious people to gain knowledge of potentially sensitive
information.
Full Advisory:
http://secunia.com/advisories/15740/
[SA15730] Red Hat update for mc
Critical: Moderately critical
Where: From remote
Impact: Unknown, Privilege escalation, DoS
Released: 2005-06-17
Red Hat has issued an update for mc. This fixes several
vulnerabilities, which potentially can be exploited by malicious people
to cause a DoS (Denial of Service) or compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/15730/
[SA15773] Ubuntu update for tcpdump
Critical: Less critical
Where: From remote
Impact: DoS
Released: 2005-06-22
Ubuntu has issued an update for tcpdump. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service).
Full Advisory:
http://secunia.com/advisories/15773/
[SA15770] cPanel cpsrvd.pl Cross-Site Scripting Vulnerability
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2005-06-22
A vulnerability has been discovered in cPanel, which can be exploited
by malicious people to conduct cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/15770/
[SA15768] Gentoo update for spamassassin/razor
Critical: Less critical
Where: From remote
Impact: DoS
Released: 2005-06-21
Gentoo has issued updates for spamassassin and razor. These fix a
vulnerability, which can be exploited by malicious people to cause a
DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/15768/
[SA15754] NanoBlogger Plugins Shell Command Injection Vulnerability
Critical: Less critical
Where: From remote
Impact: System access
Released: 2005-06-21
A vulnerability has been reported in NanoBlogger, which potentially can
be exploited by malicious people to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/15754/
[SA15751] Gentoo update for cpio
Critical: Less critical
Where: From remote
Impact: Security Bypass, Manipulation of data
Released: 2005-06-20
Gentoo has issued an update for cpio. This fixes a vulnerability, which
can be exploited by malicious people to cause files to be unpacked to
arbitrary locations on a user's system.
Full Advisory:
http://secunia.com/advisories/15751/
[SA15729] Red Hat update for bzip2
Critical: Less critical
Where: From remote
Impact: Security Bypass, Manipulation of data, DoS
Released: 2005-06-17
Red Hat has issued an update for bzip2. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service).
Full Advisory:
http://secunia.com/advisories/15729/
[SA15728] Fedora update for spamassassin
Critical: Less critical
Where: From remote
Impact: DoS
Released: 2005-06-17
Fedora has issued an update for spamassassin. This fixes a
vulnerability, which can be exploited by malicious people to cause a
DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/15728/
[SA15774] Ubuntu update for sudo
Critical: Less critical
Where: Local system
Impact: Security Bypass
Released: 2005-06-22
Ubuntu has issued an update for sudo. This fixes a vulnerability, which
can be exploited by malicious, local users to execute arbitrary commands
with escalated privileges.
Full Advisory:
http://secunia.com/advisories/15774/
[SA15771] Fedora update for sudo
Critical: Less critical
Where: Local system
Impact: Security Bypass
Released: 2005-06-22
Fedora has issued an update for sudo. This fixes a vulnerability, which
can be exploited by malicious, local users to execute arbitrary commands
with escalated privileges.
Full Advisory:
http://secunia.com/advisories/15771/
[SA15763] Novell NetMail File Ownership Security Issue
Critical: Less critical
Where: Local system
Impact: Manipulation of data
Released: 2005-06-21
A security issue has been reported in NetMail, which can be exploited
by malicious, local users to delete or replace the NetMail binaries.
Full Advisory:
http://secunia.com/advisories/15763/
[SA15759] Slackware update for sudo
Critical: Less critical
Where: Local system
Impact: Security Bypass
Released: 2005-06-22
Slackware has issued an update for sudo. This fixes a vulnerability,
which can be exploited by malicious, local users to execute arbitrary
commands with escalated privileges.
Full Advisory:
http://secunia.com/advisories/15759/
[SA15748] OpenBSD update for sudo
Critical: Less critical
Where: Local system
Impact: Security Bypass
Released: 2005-06-21
OpenBSD has issued an update for sudo. This fixes a vulnerability,
which can be exploited by malicious, local users to execute arbitrary
commands with escalated privileges.
Full Advisory:
http://secunia.com/advisories/15748/
[SA15744] Sudo Arbitrary Command Execution Vulnerability
Critical: Less critical
Where: Local system
Impact: Security Bypass
Released: 2005-06-21
A vulnerability has been reported in sudo, which can be exploited by
malicious, local users to execute arbitrary commands.
Full Advisory:
http://secunia.com/advisories/15744/
[SA15760] Avaya Products Telnet Client Information Disclosure Weakness
Critical: Not critical
Where: From remote
Impact: Exposure of system information
Released: 2005-06-21
Avaya has acknowledged a weakness in the telnet client included in
certain products, which can be exploited by malicious people to gain
knowledge of certain system information.
Full Advisory:
http://secunia.com/advisories/15760/
[SA15731] Red Hat update for gaim
Critical: Not critical
Where: From remote
Impact: DoS
Released: 2005-06-17
Red Hat has issued an update for gaim. This fixes two weaknesses, which
can be exploited by malicious people to cause a DoS (Denial of
Service).
Full Advisory:
http://secunia.com/advisories/15731/
[SA15767] Ruby XMLRPC Server Arbitrary Command Execution
Critical: Moderately critical
Where: From remote
Impact: Security Bypass
Released: 2005-06-22
Nobuhiro IMAI has reported a vulnerability in Ruby, which potentially
can be exploited by malicious people to bypass certain security
restrictions.
Full Advisory:
http://secunia.com/advisories/15767/
[SA15758] MercuryBoard "User-Agent" SQL Injection Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2005-06-22
4yka has reported a vulnerability in MercuryBoard, which can be
exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/15758/
[SA15752] Trac Arbitrary File Upload/Download Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data, Exposure of sensitive information,
System access
Released: 2005-06-20
Stefan Esser has reported a vulnerability in Trac, which can be
exploited by malicious users to disclose sensitive information and
potentially compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/15752/
[SA15735] XAMPP "lang.php" Script Insertion and Information Disclosure
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting, Exposure of sensitive information
Released: 2005-06-17
A vulnerability has been reported in XAMPP, which can be exploited by
malicious people to disclose potentially sensitive information and
conduct script insertion attacks.
Full Advisory:
http://secunia.com/advisories/15735/
[SA15732] Ultimate PHP Board Cross-Site Scripting and User Credentials Exposure
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting, Exposure of sensitive information
Released: 2005-06-17
Alberto Trivero has reported some vulnerabilities and a security issue
in Ultimate PHP Board, which can be exploited by malicious people to
conduct cross-site scripting attacks and disclose sensitive
information.
Full Advisory:
http://secunia.com/advisories/15732/
[SA15775] Gentoo update for tor
Critical: Less critical
Where: From remote
Impact: Exposure of sensitive information
Released: 2005-06-22
Gentoo has issued an update for tor. This fixes a vulnerability, which
potentially can be exploited by malicious people to disclose sensitive
information.
Full Advisory:
http://secunia.com/advisories/15775/
[SA15764] Tor Disclosure of Sensitive Information
Critical: Less critical
Where: From remote
Impact: Exposure of sensitive information
Released: 2005-06-22
A vulnerability has been reported in Tor, which potentially can be
exploited by malicious people to disclose sensitive information.
Full Advisory:
http://secunia.com/advisories/15764/
[SA15739] Razor-agents Denial of Service Vulnerabilities
Critical: Less critical
Where: From remote
Impact: DoS
Released: 2005-06-17
Two vulnerabilities have been reported in Razor-agents, which can be
exploited by malicious people to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/15739/
[SA15738] Contelligent Preview Privilege Escalation Vulnerability
Critical: Less critical
Where: From remote
Impact: Privilege escalation
Released: 2005-06-17
A vulnerability has been reported in Contelligent, which can be
exploited by malicious users to gain escalated privileges.
Full Advisory:
http://secunia.com/advisories/15738/
[SA15737] ajax-spell Cross-Site Scripting Vulnerability
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2005-06-17
A vulnerability has been reported in ajax-spell, which can be exploited
by malicious people to conduct cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/15737/
[SA15736] amaroK Web Frontend Exposure of User Credentials
Critical: Less critical
Where: From remote
Impact: Exposure of sensitive information
Released: 2005-06-17
A security issue has been reported in the amaroK Web Frontend plugin
for amaroK, which can be exploited by malicious people to disclose
potentially sensitive information.
Full Advisory:
http://secunia.com/advisories/15736/
[SA15742] RealVNC Information Disclosure Weakness
Critical: Not critical
Where: From remote
Impact: Exposure of system information
Released: 2005-06-20
class101 has reported a weakness in RealVNC, which can be exploited by
malicious people to gain knowledge of various system information.
Full Advisory:
http://secunia.com/advisories/15742/
[SA15733] e107 Administrator Account Enumeration Weakness
Critical: Not critical
Where: From remote
Impact: Exposure of system information
Released: 2005-06-17
Marc Ruef has discovered a weakness in e107, which can be exploited by
malicious people to identify valid administrator accounts.
Full Advisory:
http://secunia.com/advisories/15733/
[SA15746] JBoss "org.jboss.web.WebServer" Information Disclosure
Critical: Not critical
Where: From local network
Impact: Exposure of system information
Released: 2005-06-20
Marc Schoenefeld has reported a weakness in JBoss, which can be
exploited by malicious people to disclose system information.
Full Advisory:
http://secunia.com/advisories/15746/