Secunia
[SA12750] Mandrake update for xine-lib
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2004-10-07
MandrakeSoft has issued an update for xine-lib. This fixes multiple
vulnerabilities, which can be exploited by malicious people to
compromise a user's system.
Full Advisory:
http://secunia.com/advisories/12750/
[SA12747] SuSE update for mozilla
Critical: Highly critical
Where: From remote
Impact: Cross Site Scripting, Spoofing, Manipulation of data,
Exposure of sensitive information, DoS, System access
Released: 2004-10-07
SuSE has issued an update for mozilla. This fixes multiple
vulnerabilities, which can be exploited to cause a DoS (Denial of
Service), spoof content of websites, conduct cross-site scripting
attacks, access and modify sensitive information, or compromise a
vulnerable system.
Full Advisory:
http://secunia.com/advisories/12747/
[SA12745] HP VirtualVault / Webproxy mod_ssl Format String
Vulnerability
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2004-10-06
HP has confirmed a vulnerability in Apache affecting HP VirtualVault
and HP Webproxy, which potentially can be exploited by malicious people
to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/12745/
[SA12742] Mozilla Application Suite for Tru64 UNIX Multiple
Vulnerabilities
Critical: Highly critical
Where: From remote
Impact: Cross Site Scripting, Manipulation of data, Exposure of
sensitive information, System access
Released: 2004-10-06
HP has confirmed some vulnerabilities in the Mozilla Application Suite
for Tru64 UNIX, which can be exploited to conduct cross-site scripting
attacks, access and modify sensitive information, and compromise a
user's system.
Full Advisory:
http://secunia.com/advisories/12742/
[SA12741] Gentoo update for netkit-telnetd
Critical: Highly critical
Where: From remote
Impact: DoS, System access
Released: 2004-10-06
Gentoo has issued an update for netkit-telnetd. This fixes a
vulnerability, which can be exploited by malicious people to cause a
DoS (Denial of Service) and potentially compromise a vulnerable
system.
Full Advisory:
http://secunia.com/advisories/12741/
[SA12727] Red Hat update for XFree86
Critical: Highly critical
Where: From remote
Impact: Security Bypass, System access
Released: 2004-10-05
Red Hat has issued an update for XFree86. This fixes multiple
vulnerabilities, which potentially can be exploited by malicious people
to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/12727/
[SA12698] Red Hat update for mozilla
Critical: Highly critical
Where: From remote
Impact: Cross Site Scripting, Manipulation of data, Exposure of
sensitive information, System access
Released: 2004-10-01
Red Hat has issued an update for mozilla. This fixes multiple
vulnerabilities, which can be exploited to conduct cross-site scripting
attacks, access and modify sensitive information, and compromise a
user's system.
Full Advisory:
http://secunia.com/advisories/12698/
[SA12694] AIX Network Authentication Service Multiple Vulnerabilities
Critical: Highly critical
Where: From remote
Impact: DoS, System access
Released: 2004-10-01
IBM has acknowledged some vulnerabilities in IBM Network Authentication
Service for AIX, which can be exploited by malicious people to cause a
DoS (Denial of Service) or compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/12694/
[SA12690] Mac OS X Security Update Fixes Multiple Vulnerabilities
Critical: Highly critical
Where: From remote
Impact: Security Bypass, Exposure of system information, Exposure
of sensitive information, DoS, System access
Released: 2004-10-05
Apple has issued a security update for Mac OS X, which fixes various
vulnerabilities.
Full Advisory:
http://secunia.com/advisories/12690/
[SA12739] Gentoo update for PHP
Critical: Moderately critical
Where: From remote
Impact: Exposure of sensitive information, System access
Released: 2004-10-06
Gentoo has issued an update for PHP. This fixes two vulnerabilities,
which can be exploited by malicious people to disclose sensitive
information or potentially upload files to arbitrary locations.
Full Advisory:
http://secunia.com/advisories/12739/
[SA12725] Red Hat update for kdelibs/kdebase
Critical: Moderately critical
Where: From remote
Impact: Hijacking, Spoofing, Privilege escalation
Released: 2004-10-05
Red Hat has issued updates for kdelibs and kdebase. These fix multiple
vulnerabilities, which can be exploited to perform certain actions on a
vulnerable system with escalated privileges, spoof the content of
websites, or hijack sessions.
Full Advisory:
http://secunia.com/advisories/12725/
[SA12699] Red Hat update for squid
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2004-10-01
Red Hat has issued an update for squid. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service).
Full Advisory:
http://secunia.com/advisories/12699/
[SA12743] Debian update for libapache-mod-dav
Critical: Less critical
Where: From remote
Impact: DoS
Released: 2004-10-06
Debian has issued an update for libapache-mod-dav. This fixes a
vulnerability, which can be exploited by malicious people to cause a
DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/12743/
[SA12700] Red Hat update for spamassassin
Critical: Less critical
Where: From remote
Impact: DoS
Released: 2004-10-01
Red Hat has issued an update for spamassassin. This fixes a
vulnerability, which can be exploited by malicious people to cause a
DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/12700/
[SA12688] Gentoo update for subversion
Critical: Less critical
Where: From remote
Impact: Exposure of system information, Exposure of sensitive
information
Released: 2004-09-30
Gentoo has issued an update for subversion. This fixes a security
issue, which can be exploited by malicious people to disclose
potentially sensitive information.
Full Advisory:
http://secunia.com/advisories/12688/
[SA12754] Fedora update for squid
Critical: Less critical
Where: From local network
Impact: DoS
Released: 2004-10-07
Fedora has issued an update for squid. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service).
Full Advisory:
http://secunia.com/advisories/12754/
[SA12748] Debian update for samba
Critical: Less critical
Where: From local network
Impact: Security Bypass
Released: 2004-10-07
Debian has issued an update for samba. This fixes a vulnerability,
which can be exploited by malicious users to access arbitrary files and
directories.
Full Advisory:
http://secunia.com/advisories/12748/
[SA12735] SuSE update for samba
Critical: Less critical
Where: From local network
Impact: Security Bypass
Released: 2004-10-05
SuSE has issued an update for samba. This fixes a vulnerability, which
can be exploited by malicious users to access arbitrary files and
directories.
Full Advisory:
http://secunia.com/advisories/12735/
[SA12726] Red Hat update for samba
Critical: Less critical
Where: From local network
Impact: Security Bypass
Released: 2004-10-05
Red Hat has issued an update for samba. This fixes a vulnerability,
which can be exploited by malicious users to access arbitrary files and
directories.
Full Advisory:
http://secunia.com/advisories/12726/
[SA12718] Mandrake update for samba
Critical: Less critical
Where: From local network
Impact: Security Bypass
Released: 2004-10-04
MandrakeSoft has issued an update for samba. This fixes a
vulnerability, which can be exploited by malicious users to access
arbitrary files and directories.
Full Advisory:
http://secunia.com/advisories/12718/
[SA12711] distcc IP-based Access Control Rules Security Bypass
Critical: Less critical
Where: From local network
Impact: Security Bypass
Released: 2004-10-04
A vulnerability has been reported in distcc, which potentially can be
exploited by malicious people to bypass certain security restrictions.
Full Advisory:
http://secunia.com/advisories/12711/
[SA12707] Trustix update for samba
Critical: Less critical
Where: From local network
Impact: Security Bypass
Released: 2004-10-01
Trustix has issued an update for samba. This fixes a vulnerability,
which can be exploited by malicious users to access arbitrary files and
directories.
Full Advisory:
http://secunia.com/advisories/12707/
[SA12696] Samba Arbitrary File Access Vulnerability
Critical: Less critical
Where: From local network
Impact: Security Bypass
Released: 2004-10-01
Karol Wiesek has reported a vulnerability in Samba, which can be
exploited by malicious users to access arbitrary files and
directories.
Full Advisory:
http://secunia.com/advisories/12696/
[SA12746] Debian update for net-acct
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2004-10-06
Debian has issued an update for net-acct. This fixes a vulnerability,
which can be exploited by malicious, local users to perform certain
actions on a vulnerable system with escalated privileges.
Full Advisory:
http://secunia.com/advisories/12746/
[SA12744] Sun Solaris update for gzip
Critical: Less critical
Where: Local system
Impact: Manipulation of data, Exposure of sensitive information
Released: 2004-10-06
Sun has issued an updated for gzip. This fixes a vulnerability, which
can be exploited by malicious, local users to access sensitive
information.
Full Advisory:
http://secunia.com/advisories/12744/
[SA12737] Fedora update for cups
Critical: Less critical
Where: Local system
Impact: Exposure of sensitive information
Released: 2004-10-06
Fedora has issued an update for cups. This fixes a vulnerability, which
can be exploited by malicious, local users to gain knowledge of
sensitive information.
Full Advisory:
http://secunia.com/advisories/12737/
[SA12736] CUPS Logfile User Credentials Disclosure
Critical: Less critical
Where: Local system
Impact: Exposure of sensitive information
Released: 2004-10-06
Gary Smith has reported a vulnerability in CUPS, which can be exploited
by malicious, local users to gain knowledge of sensitive information.
Full Advisory:
http://secunia.com/advisories/12736/
[SA12724] Slackware update for getmail
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2004-10-05
Slackware has issued an update for getmail. This fixes a vulnerability,
which can be exploited by malicious, local users to gain escalated
privileges.
Full Advisory:
http://secunia.com/advisories/12724/
[SA12723] Gentoo update for netpbm
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2004-10-05
Gentoo has issued an update for netpbm. This fixes a vulnerability,
which can be exploited by malicious, local users to escalate their
privileges on a vulnerable system.
Full Advisory:
http://secunia.com/advisories/12723/
[SA12722] FreeBSD syscons Kernel Memory Disclosure Vulnerability
Critical: Less critical
Where: Local system
Impact: Exposure of system information, Exposure of sensitive
information
Released: 2004-10-05
Christer Oberg has reported a vulnerability in FreeBSD, which can be
exploited by malicious, local users to gain knowledge of sensitive
information.
Full Advisory:
http://secunia.com/advisories/12722/
[SA12705] Debian freenet6 Insecure Configuration File Permissions
Critical: Less critical
Where: Local system
Impact: Exposure of sensitive information
Released: 2004-10-01
Debian has issued an update for freenet6. This fixes a security issue,
which can be exploited by malicious, local users to access sensitive
information.
Full Advisory:
http://secunia.com/advisories/12705/
[SA12701] Red Hat update for ruby
Critical: Less critical
Where: Local system
Impact: Exposure of sensitive information
Released: 2004-10-01
Red Hat has issued an update for ruby. This fixes a vulnerability,
which potentially can be exploited by malicious, local users to gain
knowledge of sensitive information.
Full Advisory:
http://secunia.com/advisories/12701/
[SA12697] Trustix Linux Multiple Packages Insecure Temporary File
Handling
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2004-10-01
Trustix has issued updates for multiple packages. These fix some
vulnerabilities, which can be exploited by malicious, local users to
perform certain actions on a vulnerable system with escalated
privileges.
Full Advisory:
http://secunia.com/advisories/12697/
[SA12716] spider "read_file()" Potential Privilege Escalation
Vulnerability
Critical: Not critical
Where: Local system
Impact: Privilege escalation
Released: 2004-10-04
Emuadmin Security Team has reported a vulnerability in spider, which
potentially can be exploited by malicious, local users to gain
escalated privileges.
Full Advisory:
http://secunia.com/advisories/12716/
Cross Platform:--
[SA12738] PHPLinks SQL Injection and Arbitrary Local File Inclusion
Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data, Exposure of system information,
Exposure of sensitive information
Released: 2004-10-06
LSS Security Team has discovered two vulnerabilities in PHPLinks, which
can be exploited by malicious people to conduct SQL injection attacks
and execute arbitrary local PHP scripts.
Full Advisory:
http://secunia.com/advisories/12738/
[SA12732] AWS MySQLguest Script Insertion Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting
Released: 2004-10-05
BliZZard has reported a vulnerability in AWS MySQLguest, which can be
exploited by malicious people to conduct script insertion attacks.
Full Advisory:
http://secunia.com/advisories/12732/
[SA12730] BugPort Unspecified Attachment Handling Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Unknown
Released: 2004-10-05
Eduardo Correia has reported a vulnerability with an unknown impact in
BugPort.
Full Advisory:
http://secunia.com/advisories/12730/
[SA12721] Real Estate Management Software Unspecified Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Unknown
Released: 2004-10-05
Some unspecified vulnerabilities with unknown impacts have been
reported in Real Estate Management Software.
Full Advisory:
http://secunia.com/advisories/12721/
[SA12720] Online Recruitment Agency Unspecified Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Unknown
Released: 2004-10-05
Some vulnerabilities with an unknown impact have been reported in
Online Recruitment Agency.
Full Advisory:
http://secunia.com/advisories/12720/
[SA12709] yappa-ng Unspecified "Show Random Image" Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Unknown
Released: 2004-10-04
Georg Ragaz has reported a vulnerability with an unknown impact in
yappa-ng.
Full Advisory:
http://secunia.com/advisories/12709/
[SA12708] Mozilla Firefox Download Directory File Deletion
Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2004-10-04
Alex Vincent has reported a vulnerability in Mozilla Firefox, which can
be exploited by malicious people to delete files on a user's system.
Full Advisory:
http://secunia.com/advisories/12708/
[SA12704] Silent Storm Portal Cross-Site Scripting and Security Bypass
Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting, Manipulation of data
Released: 2004-10-01
R00tCr4ck has reported two vulnerabilities in Silent Storm Portal,
which can be exploited by malicious people to conduct cross-site
scripting attacks and bypass certain security restrictions.
Full Advisory:
http://secunia.com/advisories/12704/
[SA12703] IBM Trading Partner Interchange Arbitrary File Access
Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Exposure of system information, Exposure of sensitive
information
Released: 2004-10-05
A vulnerability has been reported in Trading Partner Interchange, which
can be exploited by malicious people to access arbitrary files
Full Advisory:
http://secunia.com/advisories/12703/
[SA12695] w-Agora Multiple Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting, Manipulation of data
Released: 2004-10-01
Positive Technologies has reported some vulnerabilities in w-Agora,
which can be exploited by malicious people to conduct SQL injection and
cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/12695/
[SA12691] bBlog "p" SQL Injection Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2004-10-01
James McGlinn has reported a vulnerability in bBlog, which can be
exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/12691/
[SA12733] DB2 Universal Database Multiple Vulnerabilities
Critical: Moderately critical
Where: From local network
Impact: Unknown, Security Bypass, DoS, System access
Released: 2004-10-06
Multiple vulnerabilities have been reported in DB2 Universal Database,
where some of the vulnerabilities can be exploited to compromise a
vulnerable system.
Full Advisory:
http://secunia.com/advisories/12733/
[SA12740] Invision Power Board Referer Header Cross-Site Scripting
Vulnerability
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2004-10-06
Alexander Antipov has reported a vulnerability in Invision Power Board,
which can be exploited by malicious people to conduct cross-site
scripting attacks.
Full Advisory:
http://secunia.com/advisories/12740/
[SA12729] My Blog Unspecified Cross-Site Scripting Vulnerabilities
Critical: Less critical
Where: From remote
Impact: Unknown, Cross Site Scripting
Released: 2004-10-05
Some vulnerabilities have been reported in My Blog, which can be
exploited by malicious people to conduct cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/12729/
[SA12728] Online-Bookmarks Security Bypass Vulnerability
Critical: Less critical
Where: From remote
Impact: Security Bypass
Released: 2004-10-05
A vulnerability has been reported in Online-Bookmarks, which can be
exploited by malicious people to bypass certain security restrictions.
Full Advisory:
http://secunia.com/advisories/12728/
[SA12715] Xerces-C++ XML Parser Denial of Service Vulnerability
Critical: Less critical
Where: From remote
Impact: DoS
Released: 2004-10-04
Amit Klein has reported a vulnerability in Xerces-C++, which can be
exploited by malicious people to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/12715/
[SA12693] Macromedia ColdFusion MX Security Bypass Vulnerability
Critical: Less critical
Where: From remote
Impact: Security Bypass
Released: 2004-10-04
Eric Lackey has reported a vulnerability in ColdFusion MX, which can be
exploited by malicious, authenticated users to bypass certain security
restrictions.
Full Advisory:
http://secunia.com/advisories/12693/
[SA12692] MediaWiki "raw" Page Output Mode Cross-Site Scripting
Vulnerability
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2004-10-01
A vulnerability has been reported in MediaWiki, which can be exploited
by malicious people to conduct cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/12692/
[SA12756] MaxDB Web Agent "Server" Field Denial of Service
Vulnerability
Critical: Less critical
Where: From local network
Impact: DoS
Released: 2004-10-07
Patrik Karlsson has reported a vulnerability in MaxDB, which can be
exploited by malicious people to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/12756/