Secunia
[SA15236] Fedora update for kdelibs
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2005-05-03
Fedora has issued an update for kdelibs. This fixes a vulnerability,
which potentially can be exploited by malicious people to compromise a
vulnerable system.
Full Advisory:
http://secunia.com/advisories/15236/
[SA15227] Mac OS X Security Update Fixes Multiple Vulnerabilities
Critical: Highly critical
Where: From remote
Impact: Security Bypass, Spoofing, Exposure of sensitive
information, Privilege escalation, System access
Released: 2005-05-04
Apple has issued a security update for Mac OS X, which fixes various
vulnerabilities.
Full Advisory:
http://secunia.com/advisories/15227/
[SA15210] Slackware update for xine-lib
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2005-05-03
Slackware has issued an update for xine-lib. This fixes some
vulnerabilities, which potentially can be exploited by malicious people
to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/15210/
[SA15203] SUSE Updates for Multiple Packages
Critical: Highly critical
Where: From remote
Impact: DoS, System access
Released: 2005-05-02
SUSE has issued updates for multiple packages. These fix various
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service) and compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/15203/
[SA15202] Gentoo update for pound
Critical: Highly critical
Where: From remote
Impact: System access, DoS
Released: 2005-05-02
Gentoo has issued an update for pound. This fixes a vulnerability,
which potentially can be exploited by malicious people to compromise a
vulnerable system.
Full Advisory:
http://secunia.com/advisories/15202/
[SA15199] Ubuntu update for kdelibs
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2005-05-03
Ubuntu has issued an update for kdelibs. This fixes a vulnerability,
which potentially can be exploited by malicious people to compromise a
vulnerable system.
Full Advisory:
http://secunia.com/advisories/15199/
[SA15189] Mandriva update for xpm
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2005-05-02
Mandriva has issued an update for xpm. This fixes a vulnerability,
which potentially can be exploited by malicious people to compromise a
vulnerable system.
Full Advisory:
http://secunia.com/advisories/15189/
[SA15182] Red Hat update for php
Critical: Highly critical
Where: From remote
Impact: Security Bypass, DoS, System access
Released: 2005-04-29
Red Hat has issued an update for php. This fixes some vulnerabilities,
which can be exploited by malicious, local users to access files
outside the "open_basedir" root and by malicious people to cause a DoS
(Denial of Service) and potentially compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/15182/
[SA15180] Red Hat update for mozilla
Critical: Highly critical
Where: From remote
Impact: Cross Site Scripting, Spoofing, Manipulation of data,
Exposure of system information, Exposure of sensitive information,
Privilege escalation, System access, Security Bypass
Released: 2005-04-29
Red Hat has issued an update for mozilla. This fixes some
vulnerabilities, which can be exploited by malicious, local users to
gain knowledge of sensitive information and perform certain actions on
a vulnerable system with escalated privileges and by malicious people
to conduct spoofing and cross-site scripting attacks, disclose
sensitive and system information, bypass certain security restrictions,
trick users into downloading malicious files and compromise a user's
system.
Full Advisory:
http://secunia.com/advisories/15180/
[SA15243] Ubuntu update for cvs
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2005-05-04
Ubuntu has issued an update for cvs. This fixes a vulnerability, which
can be exploited by malicious people to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/15243/
[SA15238] Ubuntu update for kommander
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2005-05-04
Ubuntu has issued an update for kommander. This fixes a vulnerability,
which can be exploited by malicious people to compromise a user's
system.
Full Advisory:
http://secunia.com/advisories/15238/
[SA15225] Open WebMail Shell Command Injection Vulnerability
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2005-05-03
A vulnerability has been reported in Open WebMail, which can be
exploited by malicious users to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/15225/
[SA15211] Avaya Kerberos Telnet Client vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2005-05-02
Avaya has issued an update for krb5. This fixes two vulnerabilities,
which can be exploited by malicious people to compromise a user's
system.
Full Advisory:
http://secunia.com/advisories/15211/
[SA15193] GnuTLS Record Packet Parsing Denial of Service Vulnerability
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2005-05-02
A vulnerability has been reported in GnuTLS, which potentially can be
exploited by malicious people to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/15193/
[SA15188] Red Hat update for kernel
Critical: Moderately critical
Where: From remote
Impact: Privilege escalation, DoS
Released: 2005-04-29
Red Hat has issued an update for the kernel. This fixes some
vulnerabilities, which can be exploited to gain escalated privileges or
cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/15188/
[SA15187] Red Hat update for kernel
Critical: Moderately critical
Where: From remote
Impact: DoS, Privilege escalation
Released: 2005-04-29
Red Hat has issued an update for the kernel. This fixes some
vulnerabilities, which can be exploited to gain escalated privileges or
cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/15187/
[SA15183] Fedora update for kdewebdev
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2005-04-29
Fedora has issued an update for kdewebdev. This fixes a vulnerability,
which can be exploited by malicious people to compromise a user's
system.
Full Advisory:
http://secunia.com/advisories/15183/
[SA15177] OpenBSD update for cvs
Critical: Moderately critical
Where: From remote
Impact: Unknown, DoS, System access
Released: 2005-04-29
OpenBSD has issued an update for cvs. This fixes some vulnerabilities,
which potentially can be exploited by malicious people to cause a DoS
(Denial of Service) and compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/15177/
[SA15172] Debian update for ethereal
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2005-04-29
Debian has issued an update for ethereal. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service) or compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/15172/
[SA15170] Debian update for prozilla
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2005-04-29
Debian has issued an update for prozilla. This fixes some
vulnerabilities, which can be exploited by malicious people to
compromise a user's system.
Full Advisory:
http://secunia.com/advisories/15170/
[SA15217] PostgreSQL Character Conversion and tsearch2 Module Vulnerabilities
Critical: Moderately critical
Where: From local network
Impact: Unknown, Privilege escalation, DoS
Released: 2005-05-04
Two vulnerabilities have been reported in PostgreSQL, which can be
exploited by malicious users to cause a DoS (Denial of Service) or
potentially gain escalated privileges.
Full Advisory:
http://secunia.com/advisories/15217/
[SA15240] MaraDNS Unspecified Random Number Generator Vulnerability
Critical: Less critical
Where: From remote
Impact: Unknown
Released: 2005-05-04
A vulnerability with an unknown impact has been reported in MaraDNS.
Full Advisory:
http://secunia.com/advisories/15240/
[SA15237] Fedora update for tcpdump
Critical: Less critical
Where: From remote
Impact: DoS
Released: 2005-05-03
Fedora has issued an update for tcpdump. This fixes some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/15237/
[SA15229] Debian update for smartlist
Critical: Less critical
Where: From remote
Impact: Security Bypass
Released: 2005-05-04
Debian has issued an update for smartlist. This fixes a vulnerability,
which can be exploited by malicious people to bypass certain security
restrictions.
Full Advisory:
http://secunia.com/advisories/15229/
[SA15221] SmartList confirm Add-On Arbitrary Addresses Subscribe
Critical: Less critical
Where: From remote
Impact: Security Bypass
Released: 2005-05-04
Jeroen van Wolffelaar has reported a vulnerability in the confirm
add-on for SmartList, which can be exploited by malicious people to
bypass certain security restrictions.
Full Advisory:
http://secunia.com/advisories/15221/
[SA15194] Gentoo update for horde
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2005-05-02
Gentoo has issued updates for horde, horde-vacation, horde-turba,
horde-passwd, horde-nag, horde-mnemo, horde-kronolith, horde-imp,
horde-accounts, horde-forwards and horde-chora. These fix a
vulnerability, which can be exploited by malicious people to conduct
cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/15194/
[SA15228] Ubuntu update for libnet-ssleay-perl
Critical: Less critical
Where: Local system
Impact: Manipulation of data
Released: 2005-05-04
Ubuntu has issued an update for libnet-ssleay-perl. This fixes a
vulnerability, which can be exploited by malicious, local users to
weaken certain cryptographic operations.
Full Advisory:
http://secunia.com/advisories/15228/
[SA15224] Mac OS X pty Permission Security Issue
Critical: Less critical
Where: Local system
Impact: Exposure of sensitive information
Released: 2005-05-04
Matt Johnston has discovered a security issue in Mac OS X, which can be
exploited by malicious, local users to gain knowledge of potentially
sensitive information.
Full Advisory:
http://secunia.com/advisories/15224/
[SA15207] Perl Net::SSLeay Module Entropy Source Manipulation
Critical: Less critical
Where: Local system
Impact: Manipulation of data
Released: 2005-05-04
Javier Fernandez-Sanguino Pena has reported a vulnerability in the
Net::SSLeay module for Perl, which can be exploited by malicious, local
users to weaken certain cryptographic operations.
Full Advisory:
http://secunia.com/advisories/15207/
[SA15201] Cocktail Exposure of Administrator Password
Critical: Less critical
Where: Local system
Impact: Exposure of sensitive information
Released: 2005-05-02
sonderling has reported a security issue in Cocktail, which can be
exploited by malicious, local users to disclose sensitive information.
Full Advisory:
http://secunia.com/advisories/15201/
[SA15198] Gentoo phpmyadmin Installation Script Insecure Permissions
Critical: Less critical
Where: Local system
Impact: Exposure of sensitive information
Released: 2005-05-02
A security issue has been reported in phpmyadmin, which can be
exploited by malicious, local users to disclose sensitive information.
Full Advisory:
http://secunia.com/advisories/15198/
[SA15197] Ce/Ceterm Privilege Escalation Vulnerabilities
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2005-05-02
Kevin Finisterre has reported some vulnerabilities in Ce/Ceterm, which
potentially can be exploited by malicious, local users to gain
escalated privileges.
Full Advisory:
http://secunia.com/advisories/15197/
[SA15196] ArcInfo Workstation Format String and Buffer Overflow Vulnerabilities
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2005-05-02
Kevin Finisterre has reported some vulnerabilities in ArcInfo
Workstation, which can be exploited by malicious, local users to gain
escalated privileges.
Full Advisory:
http://secunia.com/advisories/15196/
[SA15191] Fedora update for Perl
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2005-05-03
Fedora has issued an update for perl. This fixes some vulnerabilities,
which can be exploited by malicious, local users to gain escalated
privileges.
Full Advisory:
http://secunia.com/advisories/15191/
[SA15186] Red Hat update for glibc
Critical: Less critical
Where: Local system
Impact: Exposure of system information, Privilege escalation
Released: 2005-04-29
Red Hat has issued an update for glibc. This fixes some
vulnerabilities, which can be exploited by malicious, local users to
gain knowledge of some system information or perform certain actions on
a vulnerable system with escalated privileges.
Full Advisory:
http://secunia.com/advisories/15186/
[SA15185] Mandriva update for perl
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2005-05-02
Mandriva has issued an update for perl. This fixes a vulnerability,
which potentially can be exploited by malicious, local users to gain
escalated privileges.
Full Advisory:
http://secunia.com/advisories/15185/
[SA15252] leafnode Two Denial of Service Issues
Critical: Not critical
Where: From remote
Impact: DoS
Released: 2005-05-05
Two issues have been reported in leafnode, which can be exploited by
malicious people to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/15252/
[SA15204] Linux Kernel Local Denial of Service Vulnerabilities
Critical: Not critical
Where: Local system
Impact: DoS
Released: 2005-05-02
Two vulnerabilities have been reported in the Linux Kernel, which can
be exploited by malicious, local users to cause a DoS (Denial of
Service).
Full Advisory:
http://secunia.com/advisories/15204/
[SA15216] osTicket Multiple Vulnerabilities
Critical: Highly critical
Where: From remote
Impact: Cross Site Scripting, Manipulation of data, Exposure of
sensitive information, System access
Released: 2005-05-03
James Bercegay has reported some vulnerabilities in osTicket, which can
be exploited by malicious users to conduct SQL injection attacks, and by
malicious people to conduct cross-site scripting and script insertion
attacks, disclose sensitive information and compromise a vulnerable
system.
Full Advisory:
http://secunia.com/advisories/15216/
[SA15213] SitePanel Multiple Vulnerabilities
Critical: Highly critical
Where: From remote
Impact: Cross Site Scripting, Manipulation of data, Exposure of
sensitive information, System access
Released: 2005-05-03
James Bercegay has reported some vulnerabilities in SitePanel, which
can be exploited by malicious people to conduct cross-site scripting
attacks, disclose sensitive information and compromise a vulnerable
system.
Full Advisory:
http://secunia.com/advisories/15213/
[SA15195] Mtp Target Format String and Denial of Service Vulnerabilities
Critical: Highly critical
Where: From remote
Impact: DoS, System access
Released: 2005-05-02
Luigi Auriemma has reported two vulnerabilities in Mtp Target, which
can be exploited to malicious people to cause a DoS (Denial of Service)
or compromise a user's system.
Full Advisory:
http://secunia.com/advisories/15195/
[SA15233] LibTomCrypt Unspecified ECC Signature Scheme Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Unknown
Released: 2005-05-04
A vulnerability with an unknown impact has been reported in LibTomCrypt.
Full Advisory:
http://secunia.com/advisories/15233/
[SA15232] FishCart Cross-Site Scripting and SQL Injection Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting, Manipulation of data
Released: 2005-05-04
Diabolic Crab has reported some vulnerabilities in FishCart, which can
be exploited by malicious people to conduct cross-site scripting and
SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/15232/
[SA15220] PRADO Unspecified ViewState Data Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Unknown
Released: 2005-05-04
A vulnerability with an unknown impact has been reported in PRADO.
Full Advisory:
http://secunia.com/advisories/15220/
[SA15219] Woltlab Burning Board JGS-Portal "id" SQL Injection
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2005-05-03
[R] has reported a vulnerability in the JGS-Portal module for Woltlab
Burning Board, which can be exploited by malicious people to conduct
SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/15219/
[SA15208] eSKUeL "ConfLangCookie" and "lang_config" Local File Inclusion
Critical: Moderately critical
Where: From remote
Impact: Exposure of sensitive information
Released: 2005-05-04
Gerardo Di Giacomo has reported two vulnerabilities in eSKUeL, which
can be exploited by malicious people to disclose sensitive
information.
Full Advisory:
http://secunia.com/advisories/15208/
[SA15206] BirdBlog BB Code Script Insertion Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting
Released: 2005-05-03
A vulnerability has been reported in BirdBlog, which potentially can be
exploited by malicious people to conduct script insertion attacks.
Full Advisory:
http://secunia.com/advisories/15206/
[SA15181] ViArt Shop Enterprise Cross-Site Scripting and Script Insertion
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting
Released: 2005-05-02
Lostmon has reported some vulnerabilities in ViArt Shop Enterprise,
which can be exploited by malicious people to conduct cross-site
scripting and script insertion attacks.
Full Advisory:
http://secunia.com/advisories/15181/
[SA15226] OpenView Event Correlation Services Unspecified Vulnerabilities
Critical: Moderately critical
Where: From local network
Impact: DoS, System access
Released: 2005-05-03
Some vulnerabilities have been reported in OpenView Event Correlation
Services, which can be exploited by malicious people to cause a DoS
(Denial of Service) or compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/15226/
[SA15223] OpenView Network Node Manager Unspecified Vulnerabilities
Critical: Moderately critical
Where: From local network
Impact: DoS, System access
Released: 2005-05-03
Some vulnerabilities have been reported in HP OpenView Network Node
Manager (OV NNM), which can be exploited by malicious people to cause a
DoS (Denial of Service) or compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/15223/
[SA15218] Web Crossing "webx" Cross-Site Scripting Vulnerability
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2005-05-03
Dr_insane has reported a vulnerability in Web Crossing, which can be
exploited by malicious people to conduct cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/15218/
[SA15215] Symantec Products ICMP Handling Denial of Service
Critical: Less critical
Where: From remote
Impact: DoS
Released: 2005-05-03
Symantec has acknowledged some security issues in various products,
which can be exploited by malicious people to cause a DoS (Denial of
Service).
Full Advisory:
http://secunia.com/advisories/15215/
[SA15235] GraphicsMagick PNM Image Decoding Buffer Overflow Vulnerability
Critical: Not critical
Where: From remote
Impact: DoS
Released: 2005-05-03
A vulnerability has been reported in GraphicsMagick, which can be
exploited by malicious people to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/15235/