Secunia
[SA13163] Gentoo update for pavuk
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2004-11-11
Gentoo has issued an update for pavuk. This fixes some vulnerabilities,
which can be exploited by malicious people to compromise a vulnerable
system.
Full Advisory:
http://secunia.com/advisories/13163/
--
[SA13128] Conectiva update for libtiff3
Critical: Highly critical
Where: From remote
Impact: DoS, System access
Released: 2004-11-08
Conectiva has issued an update for libtiff3. This fixes some
vulnerabilities, which can be exploited by malicious people to
compromise a vulnerable system or cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/13128/
--
[SA13127] Conectiva update for xpdf
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2004-11-08
Conectiva has issued an update for xpdf. This fixes some
vulnerabilities, which potentially can be exploited by malicious
people to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/13127/
--
[SA13125] Debian update for freeamp
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2004-11-08
Debian has issued an update for freeamp. This fixes a vulnerability,
which can be exploited by malicious people to compromise a user's
system.
Full Advisory:
http://secunia.com/advisories/13125/
--
[SA13120] Pavuk Multiple Buffer Overflow Vulnerabilities
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2004-11-08
Multiple vulnerabilities have been reported in Pavuk, which can be
exploited by malicious people to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/13120/
--
[SA13119] IBM Tivoli Access Manager for e-business Kerberos
Vulnerabilities
Critical: Highly critical
Where: From remote
Impact: DoS, System access
Released: 2004-11-08
IBM has acknowledged some vulnerabilities in IBM Tivoli Access Manager
for e-business, which can be exploited by malicious people to cause a
DoS (Denial of Service) or compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/13119/
--
[SA13118] Gentoo update for kaffeine/gxine
Critical: Highly critical
Where: From remote
Impact: DoS, System access
Released: 2004-11-08
Gentoo has issued updates for kaffeine and gxine. These fix a
vulnerability, which can be exploited by malicious people to cause a
DoS (Denial of Service) or potentially compromise a user's system.
Full Advisory:
http://secunia.com/advisories/13118/
--
[SA13117] gxine "http_open()" Buffer Overflow Vulnerability
Critical: Highly critical
Where: From remote
Impact: DoS, System access
Released: 2004-11-08
A vulnerability has been reported in gxine, which can be exploited by
malicious people to cause a DoS (Denial of Service) or potentially
compromise a user's system.
Full Advisory:
http://secunia.com/advisories/13117/
--
[SA13115] Trustix update for apache
Critical: Highly critical
Where: From remote
Impact: Privilege escalation, DoS, System access
Released: 2004-11-08
Trustix has issued an update for apache. This fixes some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service) and potentially compromise a vulnerable
system, and by malicious, local users to gain escalated privileges.
Full Advisory:
http://secunia.com/advisories/13115/
--
[SA13109] Kaffeine Player "http_open()" Buffer Overflow
Vulnerability
Critical: Highly critical
Where: From remote
Impact: DoS, System access
Released: 2004-11-08
KF has reported a vulnerability in Kaffeine Player, which can be
exploited by malicious people to cause a DoS (Denial of Service) or
potentially compromise a user's system.
Full Advisory:
http://secunia.com/advisories/13109/
--
[SA13107] Gentoo update for zgv
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2004-11-08
Gentoo has issued an update for zgv. This fixes multiple
vulnerabilities, which potentially can be exploited by malicious
people to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/13107/
--
[SA13106] Gentoo update for imagemagick
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2004-11-08
Gentoo has issued an update for imagemagick. This fixes a
vulnerability, which potentially can be exploited by malicious people
to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/13106/
--
[SA13101] Conectiva update for gaim
Critical: Highly critical
Where: From remote
Impact: DoS, System access
Released: 2004-11-05
Conectiva has issued an update for gaim. This fixes multiple
vulnerabilities, which can be exploited by malicious people to
compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/13101/
--
[SA13098] Mandrake update for xorg-x11
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2004-11-05
MandrakeSoft has issued an update for xorg-x11. This fixes multiple
vulnerabilities, which potentially can be exploited by malicious
people to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/13098/
--
[SA13154] Debian update for libgd2
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2004-11-10
Debian has issued an update for libgd2. This fixes a vulnerability,
which potentially can be exploited by malicious people to compromise a
vulnerable system.
Full Advisory:
http://secunia.com/advisories/13154/
--
[SA13152] Debian update for libgd1
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2004-11-10
Debian has issued an update for libgd1. This fixes a vulnerability,
which potentially can be exploited by malicious people to compromise a
vulnerable system.
Full Advisory:
http://secunia.com/advisories/13152/
--
[SA13149] BNC IRC proxy "getnickuserhost()" Buffer Overflow
Vulnerability
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2004-11-10
Leon Juranic has reported a vulnerability in BNC IRC proxy, which can
be exploited by malicious people to cause a DoS (Denial of Service)
and potentially compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/13149/
--
[SA13105] Gentoo update for gallery
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting, Manipulation of data
Released: 2004-11-08
Gentoo has issued an update for gallery. This fixes some
vulnerabilities, which can be exploited by malicious people to conduct
script insertion attacks.
Full Advisory:
http://secunia.com/advisories/13105/
--
[SA13103] Sophos MailMonitor Unspecified Email Processing
Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Unknown
Released: 2004-11-05
A vulnerability with an unknown impact has been reported in Sophos
MailMonitor.
Full Advisory:
http://secunia.com/advisories/13103/
--
[SA13097] Mandrake update for libxml/libxml2
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2004-11-05
MandrakeSoft has issued updates for libxml and libxml2. These fix some
vulnerabilities, which potentially can be exploited by malicious
people to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/13097/
--
[SA13112] Debian update for dhcp
Critical: Moderately critical
Where: From local network
Impact: System access
Released: 2004-11-08
Debian has issued an update for dhcp. This fixes a vulnerability,
which potentially can be exploited by malicious people to compromise a
vulnerable system.
Full Advisory:
http://secunia.com/advisories/13112/
--
[SA13100] DHCP Logging Functions Format String Vulnerability
Critical: Moderately critical
Where: From local network
Impact: System access
Released: 2004-11-08
infamous41md has reported a vulnerability in ISC DHCP, which
potentially can be exploited by malicious people to compromise a
vulnerable system.
Full Advisory:
http://secunia.com/advisories/13100/
--
[SA13162] Fedora update for ruby
Critical: Less critical
Where: From remote
Impact: Exposure of sensitive information, DoS
Released: 2004-11-11
Fedora has issued an update for ruby. This fixes two vulnerabilities,
which can be exploited by malicious people to cause a DoS (Denial of
Service) and by malicious, local users to potentially gain knowledge
of sensitive information.
Full Advisory:
http://secunia.com/advisories/13162/
--
[SA13158] Gentoo update for apache
Critical: Less critical
Where: From remote
Impact: DoS
Released: 2004-11-10
Gentoo has issued an update for apache. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service).
Full Advisory:
http://secunia.com/advisories/13158/
--
[SA13141] Mandrake update for ruby
Critical: Less critical
Where: From remote
Impact: Exposure of sensitive information, DoS
Released: 2004-11-09
MandrakeSoft has issued an update for ruby. This fixes two
vulnerabilities, which potentially can be exploited to gain knowledge
of sensitive information or cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/13141/
--
[SA13133] Debian update for ruby
Critical: Less critical
Where: From remote
Impact: DoS
Released: 2004-11-08
Debian has issued an update for ruby. This fixes a vulnerability,which
can be exploited by malicious people to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/13133/
--
[SA13123] Ruby "cgi.rb" Denial of Service Vulnerability
Critical: Less critical
Where: From remote
Impact: DoS
Released: 2004-11-08
A vulnerability has been reported in Ruby, which can be exploited by
malicious people to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/13123/
--
[SA13102] Conectiva update for apache
Critical: Less critical
Where: From remote
Impact: Security Bypass
Released: 2004-11-05
Conectiva has issued an update for apache. This fixes a security issue,
which can be exploited by malicious people to bypass certain security
restrictions.
Full Advisory:
http://secunia.com/advisories/13102/
--
[SA13096] Mandrake update for iptables
Critical: Less critical
Where: From remote
Impact:
Released: 2004-11-05
MandrakeSoft has issued an update for iptables. This fixes a security
issue, where iptables under some circumstances fails to load required
modules.
Full Advisory:
http://secunia.com/advisories/13096/
--
[SA13165] Mandrake update for samba
Critical: Less critical
Where: From local network
Impact: DoS
Released: 2004-11-11
MandrakeSoft has issued an update for samba. This fixes a
vulnerability, which can be exploited by malicious users to cause a
DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/13165/
--
[SA13146] up-imapproxy "IMAP_Line_Read()" Denial of Service Vulnerability
Critical: Less critical
Where: From local network
Impact: Exposure of sensitive information, DoS
Released: 2004-11-10
Timo Sirainen has reported a vulnerability in up-imapproxy, which can
be exploited by malicious people to cause a DoS (Denial of Service) or
potentially leak sensitive information from other connections.
Full Advisory:
http://secunia.com/advisories/13146/
--
[SA13139] Samba Wildcard Filename Matching Denial of Service Vulnerability
Critical: Less critical
Where: From local network
Impact: DoS
Released: 2004-11-09
Karol Wiesek has reported a vulnerability in Samba, which can be
exploited by malicious users to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/13139/
--
[SA13166] Mandrake update for speedtouch
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2004-11-11
MandrakeSoft has issued an update for speedtouch. This fixes a
vulnerability, which potentially can be exploited by malicious, local
users to gain escalated privileges.
Full Advisory:
http://secunia.com/advisories/13166/
--
[SA13157] Gentoo update for mtink
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2004-11-10
Gentoo has issued an update for mtink. This fixes a vulnerability,
which potentially can be exploited by malicious, local users to perform
certain actions on a vulnerable system with escalated privileges.
Full Advisory:
http://secunia.com/advisories/13157/
--
[SA13151] mtink Insecure Temporary File Creation
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2004-11-10
Tavis Ormandy has reported a vulnerability in mtink, which can be
exploited by malicious, local users to perform certain actions on a
vulnerable system with escalated privileges.
Full Advisory:
http://secunia.com/advisories/13151/
--
[SA13150] Gentoo update for zip
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2004-11-10
Gentoo has issued an update for zip. This fixes a vulnerability, which
potentially can be exploited by malicious, local users to gain
escalated privileges.
Full Advisory:
http://secunia.com/advisories/13150/
--
[SA13140] Fedora update for zip
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2004-11-09
Fedora has issued an update for zip. This fixes a vulnerability, which
potentially can be exploited by malicious, local users to gain
escalated privileges.
Full Advisory:
http://secunia.com/advisories/13140/
--
[SA13132] Debian update for gzip
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2004-11-08
Debian has issued an update for gzip. This fixes some vulnerabilities,
which can be exploited by malicious, local users to perform certain
actions on a vulnerable system with escalated privileges.
Full Advisory:
http://secunia.com/advisories/13132/
--
[SA13131] gzip Various Scripts Insecure Temporary File Creation
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2004-11-08
Some vulnerabilities have been reported in gzip, which can be exploited
by malicious, local users to perform certain actions on a vulnerable
system with escalated privileges.
Full Advisory:
http://secunia.com/advisories/13131/
--
[SA13130] Samhain Database Update Code Buffer Overflow Vulnerability
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2004-11-09
A vulnerability has been reported in Samhain, which can be exploited by
malicious, local users to gain escalated privileges.
Full Advisory:
http://secunia.com/advisories/13130/
--
[SA13126] Linux Kernel ELF Binary Loader Setuid File Handling
Vulnerabilities
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2004-11-10
Paul Starzetz has reported some vulnerabilities in the Linux kernel,
which potentially can be exploited by malicious, local users to gain
escalated privileges.
Full Advisory:
http://secunia.com/advisories/13126/
--
[SA13122] Gentoo update for openssl/groff
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2004-11-08
Gentoo has issued updates for openssl and groff. These fix some
vulnerabilities, which can be exploited by malicious, local users to
perform certain actions on a vulnerable system with escalated
privileges.
Full Advisory:
http://secunia.com/advisories/13122/
--
[SA13121] Debian update for shadow
Critical: Less critical
Where: Local system
Impact: Security Bypass
Released: 2004-11-08
Debian has issued an update for shadow. This fixes a vulnerability,
which can be exploited by malicious, local users to bypass certain
security restrictions.
Full Advisory:
http://secunia.com/advisories/13121/
--
[SA13108] Gentoo Portage/Gentoolkit Insecure Temporary File Creation
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2004-11-08
Gentoo has issued updates for Portage and Gentoolkit. These fix some
vulnerabilities, which potentially can be exploited by malicious, local
users to perform certain actions on a vulnerable system with escalated
privileges.
Full Advisory:
http://secunia.com/advisories/13108/
--
[SA13099] Gentoo update for shadow
Critical: Less critical
Where: Local system
Impact: Security Bypass
Released: 2004-11-05
Gentoo has issued an update for shadow. This fixes a vulnerability,
which can be exploited by malicious, local users to bypass certain
security restrictions.
Full Advisory:
http://secunia.com/advisories/13099/
--
[SA13095] Mandrake update for shadow-utils
Critical: Less critical
Where: Local system
Impact: Security Bypass
Released: 2004-11-05
MandrakeSoft has issued an update for shadow-utils. This fixes a
vulnerability, which can be exploited by malicious, local users to
bypass certain security restrictions.
Full Advisory:
http://secunia.com/advisories/13095/
---
[SA13155] SquirrelMail Encoded Headers Script Insertion Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting
Released: 2004-11-11
Joost Pol has reported a vulnerability in SquirrelMail, which can be
exploited by malicious people to conduct script insertion attacks.
Full Advisory:
http://secunia.com/advisories/13155/
--
[SA13144] Mozilla Firefox Multiple Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Security Bypass, Exposure of system information, Exposure
of sensitive information, Privilege escalation, DoS
Released: 2004-11-10
Details have been released about several vulnerabilities in Mozilla
Firefox. These can potentially be exploited to detect the presence of
local files, cause a DoS (Denial of Service), disclose sensitive
information, spoof the file download dialog, and gain escalated
privileges.
Full Advisory:
http://secunia.com/advisories/13144/
--
[SA13136] Nucleus Unspecified Cross-Site Scripting and SQL Injection
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting, Manipulation of data
Released: 2004-11-09
Positive Technologies has reported some vulnerabilities in Nucleus,
which can be exploited by malicious people to conduct cross-site
scripting and SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/13136/
--
[SA13135] SQLgrey Postfix greylisting service Unspecified SQL
Injection
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2004-11-09
A vulnerability has been reported in SQLgrey Postfix greylisting
service, which can be exploited by malicious people to conduct SQL
injection attacks.
Full Advisory:
http://secunia.com/advisories/13135/
--
[SA13110] eGroupWare Unspecified "JiNN" Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Unknown
Released: 2004-11-08
A vulnerability with an unknown impact has been reported in
eGroupWare.
Full Advisory:
http://secunia.com/advisories/13110/
--
[SA13104] JAF CMS Arbitrary Local File Inclusion Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Exposure of sensitive information
Released: 2004-11-08
y3dips has reported a vulnerability in JAF CMS, which can be exploited
by malicious people to disclose sensitive information.
Full Advisory:
http://secunia.com/advisories/13104/
--
[SA13143] RealVNC Multiple Connections Denial of Service Vulnerability
Critical: Less critical
Where: From remote
Impact: DoS
Released: 2004-11-09
A vulnerability has been discovered in RealVNC, which can be exploited
by malicious people to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/13143/
--
[SA13142] Sun Java JRE DNS Denial of Service Vulnerability
Critical: Less critical
Where: From remote
Impact: DoS
Released: 2004-11-09
Kurt Huwig has discovered a vulnerability in Sun Java JRE, which
potentially can be exploited by malicious people to cause a DoS
(Denial of Service).
Full Advisory:
http://secunia.com/advisories/13142/
--
[SA13111] Mantis Information Disclosure Vulnerabilities
Critical: Less critical
Where: From remote
Impact: Exposure of sensitive information
Released: 2004-11-08
Two vulnerabilities have been reported in Mantis, which can be
exploited by malicious users to gain knowledge of potentially
sensitive information.
Full Advisory:
http://secunia.com/advisories/13111/