LQ Security Report - May 8th 2004
May 3rd 2004
8 issues handled (SF) 1. Linux Kernel CPUFreq Proc Handler Integer Handling Vulnerabi... 2. Linux kernel i810 DRM driver Unspecified Vulnerability 3. Linux kernel Framebuffer Code Unspecified Vulnerability 4. PHPWebSite phpwsBB and phpwsContacts Modules Information Dis... 5. Linux kernel do_fork() Memory Leakage Vulnerability 6. HP Web Jetadmin Multiple Vulnerabilities 7. Veritas NetBackup Multiple Unspecified Local Memory Corrupti... 8. Linux Kernel Panic Function Call Undisclosed Buffer Overflow... May 4th 2004 50 out of 65 issues handled (ISS) Network Query Tool Nqt.php cross-site scripting Network Query Tool pqt.php script discloses path information Apache HTTP Server authentication modules memory corruption phpwsBB allows message label viewing phpwsContacts allows CSV file viewing MSMS Core ver.asp information disclosure Protector System blocker_querry.php path OpenBB multiple scripts SQL injection Protector System blocker_query.php cross-site OpenBB multiple scripts cross-site scripting OpenBB tags execute code Protector System GET SQL injection Protector System SQL filter bypass OpenBB myhome.php script allows attacker to obtain information OpenBB file upload Linux kernel i810 undisclosed issue Linux kernel framebuffer undisclosed issue IBM HTTP Server GSKIT denial of service Horde IMP database has default login eXtremail logging format string Video Gallery error message path disclosure Video Gallery SQL injection HP JetAdmin source disclosure HP JetAdmin path disclosure HP JetAdmin information disclosure HP JetAdmin weak encryption HP JetAdmin password replay HP JetAdmin password bypass HP JetAdmin allows attackers to write to cache.ini HP JetAdmin could allow attackers to execute programs paFileDB login.php path disclosure paFileDB pafiledb.php cross-site scripting Linux Kernel do_fork memory leak sysklogd denial of service Sesame servlets could allow unauthorized access to repository osCommerce Admin Access With Levels plug-in bypass JForum could allow unauthorized access to forums LHA multiple buffer overflows LHA directory traversal Linux rsync allows files to be written outside a module's path Midnight Commander allows local elevation of privileges MPlayer and xine-lib long URL buffer overflow MPlayer and xine-lib RTSP session buffer overflow MPlayer and xine-lib RTSP RDT buffer overflow Midnight Commander creates insecure files Midnight Commander format string libpng PNG image denial of service Moodle help.php cross-site scripting ReciPants ID SQL injection SquirrelMail compose.php script cross-site May 7th 2004 6 issues across 4 distros (LAW) libpng, libpng3 Out of bounds access vulnerability mc X-Chat LHA httpd rsync |
May 3rd 2004 (SF)
Security Focus
1. Linux Kernel CPUFreq Proc Handler Integer Handling Vulnerabi... BugTraq ID: 10201 Remote: No Date Published: Apr 23 2004 Relevant URL: http://www.securityfocus.com/bid/10201 Summary: A local integer handling vulnerability has been announced in the Linux kernel. It is reported that this vulnerability may be exploited by an unprivileged local user to obtain kernel memory contents. Additionally it is reported that a root user may exploit this issue to write to arbitrary regions of kernel memory, which may be a vulnerability in non-standard security enhanced systems where uid 0 does not have this privilege. The vulnerability presents itself due to integer handling errors in the proc handler for cpufreq. 2. Linux kernel i810 DRM driver Unspecified Vulnerability BugTraq ID: 10210 Remote: No Date Published: Apr 22 2004 Relevant URL: http://www.securityfocus.com/bid/10210 Summary: An unspecified vulnerability has been identified in the Linux kernel that may allow an attacker to potentially cause a denial of service vulnerability or gain elevated privileges. Due to a lack of details, further information cannot be provided at the moment. This BID will be updated as more information becomes available. This issue has been identified in kernel version 2.4.22. 3. Linux kernel Framebuffer Code Unspecified Vulnerability BugTraq ID: 10211 Remote: No Date Published: Apr 22 2004 Relevant URL: http://www.securityfocus.com/bid/10211 Summary: An unspecified vulnerability has been identified in the Linux kernel. This vulnerability was reported in a security advisory (FEDORA-2004-111) issued by RedHat for the Fedora operating system. It has been reported that the issue exists in the framebuffer code accessing userspace directly instead of using correct interfaces. The impact of this issue cannot be confirmed at the moment due to a lack of information. This issue has been identified in kernel version 2.4.22. 4. PHPWebSite phpwsBB and phpwsContacts Modules Information Dis... BugTraq ID: 10220 Remote: Yes Date Published: Apr 26 2004 Relevant URL: http://www.securityfocus.com/bid/10220 Summary: It has been reported that phpwsBB and phpwsContacts modules for phpWebSite are prone to a vulnerability that could allow an attacker to gather sensitive information. Due to a lack of details, further information cannot be provided at the moment. This BID will be updated as more information becomes available. phpwsBB version 0.9.1 and phpwsContacts version 0.8.2 and prior versions are reported to be affected by this issue. 5. Linux kernel do_fork() Memory Leakage Vulnerability BugTraq ID: 10221 Remote: No Date Published: Apr 26 2004 Relevant URL: http://www.securityfocus.com/bid/10221 Summary: It has been reported that the Linux kernel may be prone to a memory leakage vulnerability. The issue exists because memory is allocate for child processes but never freed. This issue has been identified in kernel versions 2.4 and 2.6. 6. HP Web Jetadmin Multiple Vulnerabilities BugTraq ID: 10224 Remote: Yes Date Published: Apr 27 2004 Relevant URL: http://www.securityfocus.com/bid/10224 Summary: Multiple vulnerabilities have been identified in the application that may allow remote attackers to disclose sensitive information, carry out denial of service attacks, and gain unauthorized access to a vulnerable server. These issues are reported to affect HP Web JetAdmin 6.5 and prior, however, version 7.0 may be affected by most of these issues as well. 7. Veritas NetBackup Multiple Unspecified Local Memory Corrupti... BugTraq ID: 10226 Remote: No Date Published: Apr 27 2004 Relevant URL: http://www.securityfocus.com/bid/10226 Summary: Multiple unspecified local buffer overrun and format string vulnerabilities have been reported to exist in various setuid Veritas NetBackup binaries. These issues may be exploited to execute arbitrary code with root privileges. It should be noted that these issues are confirmed to exist and be exploitable on Linux platforms, however, releases of the software on other Unix-based platforms are also believed to be similarly affected. It is also not known at this point which specific NetBackup releases or distributions are affected. 8. Linux Kernel Panic Function Call Undisclosed Buffer Overflow... BugTraq ID: 10233 Remote: No Date Published: Apr 29 2004 Relevant URL: http://www.securityfocus.com/bid/10233 Summary: The panic() function call of the Linux kernel has been reported prone to a buffer overflow vulnerability. The exact details of the overflow are currently unspecified, however it has been reported that this issue cannot be exploited. Other reports suggest that the issue may be exploited to reveal portions of kernel memory space. |
May 4th 2004 (ISS)
Internet Security Systems
Date Reported: 04/23/2004 Brief Description: Network Query Tool Nqt.php cross-site scripting Risk Factor: Medium Attack Type: Network Based Platforms: Network Query Tool 1.6, Unix Any version Vulnerability: nqt-nqtphp-xss X-Force URL: http://xforce.iss.net/xforce/xfdb/15929 Date Reported: 04/23/2004 Brief Description: Network Query Tool pqt.php script discloses path information Risk Factor: Low Attack Type: Network Based Platforms: Network Query Tool 1.6, Unix Any version Vulnerability: nqt-nqtphp-path-disclosure X-Force URL: http://xforce.iss.net/xforce/xfdb/15957 Date Reported: 04/24/2004 Brief Description: Apache HTTP Server authentication modules memory corruption Risk Factor: High Attack Type: Network Based Platforms: Apache HTTP Server 1.3.29 and earlier, Linux Any version, Unix Any version Vulnerability: apache-auth-memory-corruption X-Force URL: http://xforce.iss.net/xforce/xfdb/15958 Date Reported: 04/26/2004 Brief Description: phpwsBB allows message label viewing Risk Factor: Medium Attack Type: Network Based Platforms: Any operating system Any version, phpwsBB prior to 0.9.2 Vulnerability: phpwsbb-message-label-viewing X-Force URL: http://xforce.iss.net/xforce/xfdb/15959 Date Reported: 04/26/2004 Brief Description: phpwsContacts allows CSV file viewing Risk Factor: Medium Attack Type: Network Based Platforms: Any operating system Any version, phpwsContacts prior to 0.8.3 Vulnerability: phpwscontacts-csv-file-viewing X-Force URL: http://xforce.iss.net/xforce/xfdb/15960 Date Reported: 04/26/2004 Brief Description: MSMS Core ver.asp information disclosure Risk Factor: Medium Attack Type: Network Based Platforms: Any operating system Any version, MSMS Core 0.2.4a and earlier Vulnerability: msms-ver-info-disclosure X-Force URL: http://xforce.iss.net/xforce/xfdb/15962 Date Reported: 04/23/2004 Brief Description: Protector System blocker_querry.php path disclosure Risk Factor: Low Attack Type: Network Based Platforms: Any operating system Any version, Protector System 1.15.b1 Vulnerability: protector-blockerquery-path-disclosure X-Force URL: http://xforce.iss.net/xforce/xfdb/15963 Date Reported: 04/25/2004 Brief Description: OpenBB multiple scripts SQL injection Risk Factor: Medium Attack Type: Network Based Platforms: Linux Any version, OpenBB 1.06 and earlier, Unix Any version, Windows Any version Vulnerability: openbb-multiplescripts-sql-injection X-Force URL: http://xforce.iss.net/xforce/xfdb/15964 Date Reported: 04/23/2004 Brief Description: Protector System blocker_query.php cross-site scripting Risk Factor: Medium Attack Type: Network Based Platforms: Any operating system Any version, Protector System 1.15.b1 Vulnerability: protector-blockerquery-xss X-Force URL: http://xforce.iss.net/xforce/xfdb/15965 Date Reported: 04/25/2004 Brief Description: OpenBB multiple scripts cross-site scripting Risk Factor: Medium Attack Type: Network Based Platforms: Linux Any version, OpenBB 1.06 and earlier, Unix Any version, Windows Any version Vulnerability: openbb-multiple-scripts-xss X-Force URL: http://xforce.iss.net/xforce/xfdb/15966 Date Reported: 04/25/2004 Brief Description: OpenBB tags execute code Risk Factor: High Attack Type: Network Based Platforms: Linux Any version, OpenBB 1.06 and earlier, Unix Any version, Windows Any version Vulnerability: openbb-tags-execute-code X-Force URL: http://xforce.iss.net/xforce/xfdb/15967 Date Reported: 04/23/2004 Brief Description: Protector System GET SQL injection Risk Factor: Medium Attack Type: Network Based Platforms: Any operating system Any version, Protector System 1.15.b1 Vulnerability: protector-get-sql-injection X-Force URL: http://xforce.iss.net/xforce/xfdb/15968 Date Reported: 04/23/2004 Brief Description: Protector System SQL filter bypass Risk Factor: Medium Attack Type: Network Based Platforms: Any operating system Any version, Protector System 1.15.b1 Vulnerability: protector-sql-filter-bypass X-Force URL: http://xforce.iss.net/xforce/xfdb/15969 Date Reported: 04/25/2004 Brief Description: OpenBB myhome.php script allows attacker to obtain information Risk Factor: Medium Attack Type: Network Based Platforms: Linux Any version, OpenBB 1.06 and earlier, Unix Any version, Windows Any version Vulnerability: openbb-myhomephp-obtain-information X-Force URL: http://xforce.iss.net/xforce/xfdb/15970 Date Reported: 04/25/2004 Brief Description: OpenBB file upload Risk Factor: Medium Attack Type: Network Based Platforms: Linux Any version, OpenBB 1.06 and earlier, Unix Any version, Windows Any version Vulnerability: openbb-file-upload X-Force URL: http://xforce.iss.net/xforce/xfdb/15971 Date Reported: 04/22/2004 Brief Description: Linux kernel i810 undisclosed issue Risk Factor: High Attack Type: Host Based Platforms: Fedora Core 1, Linux kernel 2.4.22 Vulnerability: linux-i810 X-Force URL: http://xforce.iss.net/xforce/xfdb/15972 Date Reported: 04/22/2004 Brief Description: Linux kernel framebuffer undisclosed issue Risk Factor: Medium Attack Type: Host Based Platforms: Fedora Core 1, Linux kernel 2.4.22, Mandrake Linux 10.0, Mandrake Linux 9.1, Mandrake Linux 9.2, Mandrake Linux Corporate Server 2.1, Mandrake Multi Network Firewall 8.2 Vulnerability: linux-framebuffer X-Force URL: http://xforce.iss.net/xforce/xfdb/15974 Date Reported: 04/26/2004 Brief Description: IBM HTTP Server GSKIT denial of service Risk Factor: Low Attack Type: Network Based Platforms: AIX Any version, HP-UX Any version, IBM HTTP Server 1.3.12.x, IBM HTTP Server 1.3.19.x, IBM HTTP Server 1.3.26.x, IBM HTTP Server 1.3.28, IBM HTTP Server 2.0.42.x, IBM HTTP Server 2.0.47, Linux Any version, Solaris Any version, Windows 2000 Any version, Windows NT Any version Vulnerability: ibm-http-gskit-dos X-Force URL: http://xforce.iss.net/xforce/xfdb/15975 Date Reported: 04/25/2004 Brief Description: Horde IMP database has default login Risk Factor: High Attack Type: Network Based Platforms: Horde any version, Linux Any version Vulnerability: imp-database-default-login X-Force URL: http://xforce.iss.net/xforce/xfdb/15976 Date Reported: 04/26/2004 Brief Description: eXtremail logging format string Risk Factor: High Attack Type: Network Based Platforms: eXtremail 1.5.9, Unix Any version Vulnerability: extremail-logging-format-string X-Force URL: http://xforce.iss.net/xforce/xfdb/15977 Date Reported: 04/26/2004 Brief Description: Video Gallery error message path disclosure Risk Factor: Low Attack Type: Network Based Platforms: Any operating system Any version, Video Gallery 0.1 Beta 5 Vulnerability: video-gallery-error-path-disclosure X-Force URL: http://xforce.iss.net/xforce/xfdb/15978 Date Reported: 04/26/2004 Brief Description: Video Gallery SQL injection Risk Factor: Medium Attack Type: Network Based Platforms: Any operating system Any version, Video Gallery 0.1 Beta 5 Vulnerability: video-gallery-sql-injection X-Force URL: http://xforce.iss.net/xforce/xfdb/15979 Date Reported: 04/27/2004 Brief Description: HP JetAdmin source disclosure Risk Factor: Medium Attack Type: Network Based Platforms: Any operating system Any version, HP JetAdmin 6.2 and earlier, HP JetAdmin 6.5, HP JetAdmin 7.0 Vulnerability: hp-jetadmin-source-disclosure X-Force URL: http://xforce.iss.net/xforce/xfdb/15980 Date Reported: 04/27/2004 Brief Description: HP JetAdmin path disclosure Risk Factor: Low Attack Type: Network Based Platforms: Any operating system Any version, HP JetAdmin 6.2 and earlier, HP JetAdmin 6.5, HP JetAdmin 7.0 Vulnerability: hp-jetadmin-path-disclosure X-Force URL: http://xforce.iss.net/xforce/xfdb/15981 Date Reported: 04/27/2004 Brief Description: HP JetAdmin information disclosure Risk Factor: Medium Attack Type: Network Based Platforms: Any operating system Any version, HP JetAdmin 6.2 and earlier, HP JetAdmin 6.5, HP JetAdmin 7.0 Vulnerability: hp-jetadmin-view-framework X-Force URL: http://xforce.iss.net/xforce/xfdb/15982 Date Reported: 04/27/2004 Brief Description: HP JetAdmin weak encryption Risk Factor: Medium Attack Type: Network Based Platforms: Any operating system Any version, HP JetAdmin 6.2 and earlier, HP JetAdmin 6.5, HP JetAdmin 7.0 Vulnerability: hp-jetadmin-weak-encryption X-Force URL: http://xforce.iss.net/xforce/xfdb/15984 Date Reported: 04/27/2004 Brief Description: HP JetAdmin password replay Risk Factor: Medium Attack Type: Network Based Platforms: Any operating system Any version, HP JetAdmin 6.2 and earlier, HP JetAdmin 6.5, HP JetAdmin 7.0 Vulnerability: hp-admin-password-replay X-Force URL: http://xforce.iss.net/xforce/xfdb/15985 Date Reported: 04/27/2004 Brief Description: HP JetAdmin password bypass Risk Factor: Medium Attack Type: Network Based Platforms: Any operating system Any version, HP JetAdmin 6.2 and earlier, HP JetAdmin 6.5, HP JetAdmin 7.0 Vulnerability: hp-jetadmin-password-bypass X-Force URL: http://xforce.iss.net/xforce/xfdb/15986 Date Reported: 04/27/2004 Brief Description: HP JetAdmin allows attackers to write to cache.ini Risk Factor: Medium Attack Type: Network Based Platforms: Any operating system Any version, HP JetAdmin 6.2 and earlier, HP JetAdmin 6.5, HP JetAdmin 7.0 Vulnerability: hp-jetadmin-cache-write X-Force URL: http://xforce.iss.net/xforce/xfdb/15988 Date Reported: 04/27/2004 Brief Description: HP JetAdmin could allow attackers to execute programs Risk Factor: High Attack Type: Network Based Platforms: Any operating system Any version, HP JetAdmin 6.2 and earlier, HP JetAdmin 6.5, HP JetAdmin 7.0 Vulnerability: hp-jetadmin-program-execution X-Force URL: http://xforce.iss.net/xforce/xfdb/15989 Date Reported: 04/27/2004 Brief Description: paFileDB login.php path disclosure Risk Factor: Low Attack Type: Network Based Platforms: Linux Any version, paFileDB 3.1, Unix Any version, Windows Any version Vulnerability: pafiledb-loginphp-path-disclosure X-Force URL: http://xforce.iss.net/xforce/xfdb/15990 Date Reported: 04/27/2004 Brief Description: paFileDB pafiledb.php cross-site scripting Risk Factor: Medium Attack Type: Network Based Platforms: Linux Any version, paFileDB 3.1, Unix Any version, Windows Any version Vulnerability: pafiledb-pafiledbphp-xss X-Force URL: http://xforce.iss.net/xforce/xfdb/15992 Date Reported: 04/22/2004 Brief Description: Linux Kernel do_fork memory leak Risk Factor: Medium Attack Type: Host Based Platforms: Fedora Core 1, Linux kernel 2.4, Linux kernel 2.6, Mandrake Linux 10.0, Mandrake Linux 9.1, Mandrake Linux 9.2, Mandrake Linux Corporate Server 2.1, Mandrake Multi Network Firewall 8.2 Vulnerability: linux-dofork-memory-leak X-Force URL: http://xforce.iss.net/xforce/xfdb/16002 Date Reported: 04/28/2004 Brief Description: sysklogd denial of service Risk Factor: Low Attack Type: Network Based Platforms: Mandrake Linux 10.0, Mandrake Linux 9.1, Mandrake Linux 9.2, Mandrake Linux Corporate Server 2.1, Mandrake Multi Network Firewall 8.2 Vulnerability: sysklogd-dos X-Force URL: http://xforce.iss.net/xforce/xfdb/16003 Date Reported: 04/29/2004 Brief Description: Sesame servlets could allow unauthorized access to repository Risk Factor: Medium Attack Type: Network Based Platforms: Any operating system Any version, Sesame prior to 1.0.1 Vulnerability: sesame-servlets-repository-access X-Force URL: http://xforce.iss.net/xforce/xfdb/16006 Date Reported: 04/29/2004 Brief Description: osCommerce Admin Access With Levels plug-in bypass security Risk Factor: Medium Attack Type: Network Based Platforms: Linux Any version, osCommerce 1.5.1, Unix Any version, Windows Any version Vulnerability: oscommerce-plugin-bypass-security X-Force URL: http://xforce.iss.net/xforce/xfdb/16009 Date Reported: 04/28/2004 Brief Description: JForum could allow unauthorized access to forums Risk Factor: Medium Attack Type: Network Based Platforms: Any operating system Any version, JForum prior to RC3 Vulnerability: jforum-forum-gain-access X-Force URL: http://xforce.iss.net/xforce/xfdb/16010 Date Reported: 04/30/2004 Brief Description: LHA multiple buffer overflows Risk Factor: High Attack Type: Network Based Platforms: LHA Any version, Linux Any version, Red Hat Linux 9, Unix Any version Vulnerability: lha-multiple-bo X-Force URL: http://xforce.iss.net/xforce/xfdb/16012 Date Reported: 04/30/2004 Brief Description: LHA directory traversal Risk Factor: Medium Attack Type: Network Based Platforms: LHA Any version, Linux Any version, Red Hat Linux 9, Unix Any version Vulnerability: lha-directory-traversal X-Force URL: http://xforce.iss.net/xforce/xfdb/16013 Date Reported: 04/30/2004 Brief Description: Linux rsync allows files to be written outside a module's path Risk Factor: Medium Attack Type: Network Based Platforms: Debian Linux 3.0, Linux Any version, rsync prior to 2.6.1, Trustix Secure Enterprise Linux 2, Secure Linux 1.5, Trustix Secure Linux 2.0, Trustix Secure Linux 2.1 Vulnerability: rsync-write-files X-Force URL: http://xforce.iss.net/xforce/xfdb/16014 Date Reported: 04/30/2004 Brief Description: Midnight Commander allows local elevation of privileges Risk Factor: High Attack Type: Host Based Platforms: Debian Linux 3.0, Linux Any version, Mandrake Linux 10.0, Mandrake Linux 9.1, Mandrake Linux 9.2, Mandrake Linux Corporate Server 2.1, Midnight Commander 4.x, Unix Any version Vulnerability: midnight-commander-local-privileges X-Force URL: http://xforce.iss.net/xforce/xfdb/16016 Date Reported: 04/30/2004 Brief Description: MPlayer and xine-lib long URL buffer overflow Risk Factor: High Attack Type: Network Based Platforms: Linux Any version, MPlayer 1.0pre1 - pre3try2, Unix Any version, xine-lib 1-beta1 - 1-rc3c Vulnerability: mplayer-long-url-bo X-Force URL: http://xforce.iss.net/xforce/xfdb/16017 Date Reported: 04/30/2004 Brief Description: MPlayer and xine-lib RTSP session buffer overflow Risk Factor: High Attack Type: Network Based Platforms: Linux Any version, MPlayer 1.0pre1 - pre3try2, Unix Any version, xine-lib 1-beta1 - 1-rc3c Vulnerability: mplayer-rtsp-session-bo X-Force URL: http://xforce.iss.net/xforce/xfdb/16018 Date Reported: 04/30/2004 Brief Description: MPlayer and xine-lib RTSP RDT buffer overflow Risk Factor: High Attack Type: Network Based Platforms: Linux Any version, MPlayer 1.0pre1 - pre3try2, Unix Any version, xine-lib 1-beta1 - 1-rc3c Vulnerability: mplayer-rtsp-rdt-bo X-Force URL: http://xforce.iss.net/xforce/xfdb/16019 Date Reported: 04/30/2004 Brief Description: Midnight Commander creates insecure files Risk Factor: High Attack Type: Host Based Platforms: Debian Linux 3.0, Linux Any version, Mandrake Linux 10.0, Mandrake Linux 9.1, Mandrake Linux 9.2, Mandrake Linux Corporate Server 2.1, Midnight Commander 4.x, Red Hat Linux 9, Unix Any version Vulnerability: midnight-commander-insecure-files X-Force URL: http://xforce.iss.net/xforce/xfdb/16020 Date Reported: 04/30/2004 Brief Description: Midnight Commander format string Risk Factor: High Attack Type: Host Based Platforms: Debian Linux 3.0, Linux Any version, Mandrake Linux 10.0, Mandrake Linux 9.1, Mandrake Linux 9.2, Mandrake Linux Corporate Server 2.1, Midnight Commander 4.x, Red Hat Linux 9, Unix Any version Vulnerability: midnight-commander-format-string X-Force URL: http://xforce.iss.net/xforce/xfdb/16021 Date Reported: 04/30/2004 Brief Description: libpng PNG image denial of service Risk Factor: Low Attack Type: Network Based Platforms: Debian Linux 3.0, libpng Any version, Mandrake Linux 10.0, Mandrake Linux 9.1, Mandrake Linux 9.2, Mandrake Linux Corporate Server 2.1, Mandrake Multi Network Firewall 8.2, Trustix Secure Enterprise Linux 2, Trustix Secure Linux 2.0, Trustix Secure Linux 2.1 Vulnerability: libpng-png-dos X-Force URL: http://xforce.iss.net/xforce/xfdb/16022 Date Reported: 04/30/2004 Brief Description: Moodle help.php cross-site scripting Risk Factor: Medium Attack Type: Network Based Platforms: Any operating system Any version, Moodle prior to 1.3 Vulnerability: moodle-help-xss X-Force URL: http://xforce.iss.net/xforce/xfdb/16023 Date Reported: 04/30/2004 Brief Description: ReciPants ID SQL injection Risk Factor: Medium Attack Type: Network Based Platforms: Any operating system Any version, ReciPants prior to 1.2 Vulnerability: recipants-id-sql-injection X-Force URL: http://xforce.iss.net/xforce/xfdb/16024 Date Reported: 04/29/2004 Brief Description: SquirrelMail compose.php script cross-site scripting Risk Factor: Medium Attack Type: Network Based Platforms: Linux Any version, SquirrelMail 1.4.2, Unix Any version Vulnerability: squirrel-composephp-xss X-Force URL: http://xforce.iss.net/xforce/xfdb/16025 |
May 7th 2004 (LAW)
Linux Advisory Watch
Distribution: Debian 4/30/2004 - libpng, libpng3 Out of bounds access vulnerability This problem could cause the program to crash if a defective or intentionally prepared PNG image file is handled by libpng. http://www.linuxsecurity.com/advisor...sory-4292.html Distribution: Mandrake 4/30/2004 - mc Multiple vulnerabilities Several vulnerabilities in Midnight Commander were found by Jacub Jelinek. http://www.linuxsecurity.com/advisor...sory-4296.html 4/30/2004 - libpng Out of bounds access vulnerability Bug could potentially lead to a DoS (Denial of Service) condition in a daemon that uses libpng to process PNG imagaes. http://www.linuxsecurity.com/advisor...sory-4297.html Distribution: Red Hat 4/30/2004 - X-Chat Buffer overflow vulnerability Out of bounds access vulnerability An updated X-Chat package fixes a vulnerability which could be exploited by a malicious Socks-5 proxy is now available. http://www.linuxsecurity.com/advisor...sory-4293.html 4/30/2004 - LHA Multiple vulnerabilities Ulf Harnhammar discovered two stack buffer overflows and two directory traversal flaws in LHA. http://www.linuxsecurity.com/advisor...sory-4294.html 4/30/2004 - httpd Denial of service vulnerability Updated httpd packages are now available that fix a denial of service vulnerability in mod_ssl and include various other bug fixes. http://www.linuxsecurity.com/advisor...sory-4295.html Distribution: Trustix 4/30/2004 - rsync Path escape vulnerability Please either enable chroot or upgrade to 2.6.1. http://www.linuxsecurity.com/advisor...sory-4298.html 4/30/2004 - libpng, proftpd Multiple vulnerabilities Path escape vulnerability Patches for a DoS using libpng and a ACL escape for proftpd. http://www.linuxsecurity.com/advisor...sory-4299.html |
All times are GMT -5. The time now is 12:28 PM. |