September 20th 2005
11 issues reported (SF)
1. KAudioCreator CDDB Arbitrary File Overwrite Vulnerability
2. XFree86 Pixmap Allocation Local Privilege Escalation Vulnerability
3. Snort PrintTcpOptions Remote Denial Of Service Vulnerability
4. Mark D. Roth PAM_Per_User Authentication Bypass Vulnerability
5. Util-Linux UMount Remounting Filesystem Option Clearing Vulnerability
6. Common-Lisp-Controller Cache Arbitrary Code Injection Vulnerability
7. SimpleCDR-X Insecure Temporary File Creation Vulnerability
8. GNOME Workstation Command Center Gwcc_out.TXT Insecure Temporary File Creation Vulnerability
9. PHP Session Handling Local Session Hijacking Vulnerability
10. SuSE YaST Local Buffer Overflow Vulnerability
11. Arc Insecure Temporary File Creation Vulnerability

September 22nd 2005
48 issues reported (SN)
[SA16869] Firefox Command Line URL Shell Command Injection
[SA16846] Mozilla Command Line URL Shell Command Injection
[SA16895] Alkalay contribute "template" Shell Command Injection Vulnerability
[SA16894] HP OpenVMS Secure Web Browser Multiple Vulnerabilities
[SA16887] Alkalay man-cgi "topic" Shell Command Injection Vulnerability
[SA16886] Alkalay notify "from" Shell Command Injection Vulnerability
[SA16884] Mandriva update for clamav
[SA16880] Alkalay nslookup Shell Command Injection Vulnerabilities
[SA16879] HP Tru64 UNIX libXpm Multiple Vulnerabilities
[SA16862] Gentoo update for clamav
[SA16848] ClamAV UPX and FSG Handling Vulnerabilities
[SA16844] Gentoo update for mozilla/mozilla-firefox
[SA16834] SUSE update for evolution
[SA16892] Gentoo update for zebedee
[SA16872] Unixware update for Libtiff
[SA16864] Gentoo update for apache/mod_ssl
[SA16858] Webmin / Usermin PAM Authentication Bypass Vulnerability
[SA16856] Gentoo update for mailutils
[SA16849] SUSE update for squid
[SA16876] Tofu Game Engine Arbitrary Python Code Execution Vulnerability
[SA16863] Gentoo workaround for py2play
[SA16855] Py2Play Game Engine Arbitrary Python Code Execution Vulnerability
[SA16888] PerlDiver "module" Cross-Site Scripting Vulnerability
[SA16893] HP Tru64 UNIX FTP Daemon Denial of Service Vulnerability
[SA16885] Mandriva update for cups
[SA16883] MasqMail Two Privilege Escalation Vulnerabilities
[SA16874] Sun Solaris "tl" Driver Denial of Service Vulnerability
[SA16866] Bacula Multiple Insecure Temporary File Creation Vulnerability
[SA16861] Trustix update for multiple packages
[SA16860] Fedora update for xorg-x11
[SA16850] Debian update for kdebase
[SA16845] Sun Solaris X11 Pixmap Creation Integer Overflow Vulnerability
[SA16842] Debian update for lm-sensors
[SA16835] SimpleCDR-X Insecure Temporary Image File Creation
[SA16875] Safari "data:" URI Handler Denial of Service Weakness
[SA16891] Gentoo update for util-linux
[SA16882] Mandriva update for util-linux
[SA16857] Ubuntu update for util-linux
[SA16841] Digital Scribe "username" SQL Injection
[SA16896] Zengaia Unspecified SQL Injection Vulnerability
[SA16881] Simplog SQL Injection Vulnerabilities
[SA16878] Land Down Under "Referer" SQL Injection Vulnerability
[SA16867] PHP Advanced Transfer Manager Multiple Vulnerabilities
[SA16859] Helpdesk software Hesk Authentication Bypass Vulnerability
[SA16853] NooToplist "o" SQL Injection Vulnerability
[SA16843] PHP-Nuke Unspecified wysiwyg Editor Vulnerabilities
[SA16873] vBulletin Multiple Vulnerabilities
[SA16868] phpBB Remote Avatar Information Disclosure Weakness

September 23rd 2005
17 issues reported in 4 distros (LAW)
turqstat
centericq
lm-sensors
kdebase
python2.2
XFree86
dia
qt
Py2Play
Mailutils
Shorewall
Mozilla
Apache mod_ssl
ClamAV
Zebedee
util-linux
squid

Security Focus

1. KAudioCreator CDDB Arbitrary File Overwrite Vulnerability
BugTraq ID: 14805
Remote: Yes
Date Published: 2005-09-12
Relevant URL: http://www.securityfocus.com/bid/14805
Summary:
KAudioCreator is prone to an arbitrary file overwrite vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this vulnerability to overwrite arbitrary files in the security context of the user running the vulnerable application.

2. XFree86 Pixmap Allocation Local Privilege Escalation Vulnerability
BugTraq ID: 14807
Remote: No
Date Published: 2005-09-12
Relevant URL: http://www.securityfocus.com/bid/14807
Summary:
XFree86 is prone to a buffer overrun in its pixmap processing code. This issue can potentially result in arbitrary code execution and facilitate privileges escalation. It is possible that an attacker may gain superuser privileges by exploiting this issue.

3. Snort PrintTcpOptions Remote Denial Of Service Vulnerability
BugTraq ID: 14811
Remote: Yes
Date Published: 2005-09-12
Relevant URL: http://www.securityfocus.com/bid/14811
Summary:
Snort is reported prone to a remote denial of service vulnerability. The vulnerability is reported to exist in the 'PrintTcpOptions()' function of 'log.c', and is a result of a failure to sufficiently handle malicious TCP packets. A remote attacker may trigger this vulnerability to crash a remote Snort server and in doing so may prevent subsequent malicious attacks from being detected. It should be noted that the vulnerable code path is only executed when Snort is run with the '-v' (verbose) flag. Due to the performance penalty of running the Snort application in verbose mode, it is likely that most production installations of the application are not vulnerable to this issue. Update: Further messages have stated that other paths to the vulnerable code may be possible. Using the 'frag3' preprocessor, ASCII mode logging, the '-A fast' command-line option, and possibly other options may expose Snort to this vulnerability. Please see the referenced messages for further information.

4. Mark D. Roth PAM_Per_User Authentication Bypass Vulnerability
BugTraq ID: 14813
Remote: Yes
Date Published: 2005-09-12
Relevant URL: http://www.securityfocus.com/bid/14813
Summary:
Pam_per_user is prone to an authentication bypass vulnerability. This issue is due to a design error in the module. Successful exploitation could allow an unauthorized user to bypass authentication, allowing them to gain administrative access to affected computers. It should be noted that only certain executables that utilize PAM are vulnerable to this issue, due to the method of calling it. The 'login' program is identified as one program that may be exploited, but other programs may also be exploitable in conjunction with this module. This vulnerability affects pam_per_user versions prior to 0.4.

5. Util-Linux UMount Remounting Filesystem Option Clearing Vulnerability
BugTraq ID: 14816
Remote: No
Date Published: 2005-09-12
Relevant URL: http://www.securityfocus.com/bid/14816
Summary:
Util-linux is susceptible to a filesystem option clearing vulnerability. This issue is due to a design flaw that improperly clears mounted-filesystem options in certain circumstances. This vulnerability allows attackers to clear mounted-filesystem options, allowing them to execute setuid applications to gain elevated privileges. Other attacks are also possible.

6. Common-Lisp-Controller Cache Arbitrary Code Injection Vulnerability
BugTraq ID: 14829
Remote: No
Date Published: 2005-09-14
Relevant URL: http://www.securityfocus.com/bid/14829
Summary:
common-lisp-controller is prone to an arbitrary code injection vulnerability. Successful exploitation may facilitate privilege escalation; other attacks are also possible.

7. SimpleCDR-X Insecure Temporary File Creation Vulnerability
BugTraq ID: 14855
Remote: No
Date Published: 2005-09-15
Relevant URL: http://www.securityfocus.com/bid/14855
Summary:
SimpleCDR-X creates temporary files in an insecure manner. A local attacker would most likely take advantage of this vulnerability by creating a malicious symbolic link in a directory where the temporary files will be created. Exploitation would most likely result in loss of data or a denial of service if critical files are overwritten in the attack. Other attacks may also be possible. SimpleCDR-X 1.3.3 is reported to be vulnerable. Other versions may also be affected.

8. GNOME Workstation Command Center Gwcc_out.TXT Insecure Temporary
File Creation Vulnerability
BugTraq ID: 14857
Remote: No
Date Published: 2005-09-16
Relevant URL: http://www.securityfocus.com/bid/14857
Summary:
GNOME Workstation Command Center creates temporary files in an insecure manner. A local attacker would most likely take advantage of this vulnerability by creating a malicious symbolic link in a directory where the temporary files will be created. Exploitation would most likely result in loss of data or a denial of service if critical files are overwritten in the attack. Other attacks may also be possible. GNOME Workstation Command Center version 0.98 is reported to be vulnerable. Other earlier versions may also be affected.

9. PHP Session Handling Local Session Hijacking Vulnerability
BugTraq ID: 14858
Remote: No
Date Published: 2005-09-16
Relevant URL: http://www.securityfocus.com/bid/14858
Summary:
PHP is prone to a vulnerability that permits local hijacking of session variables. The problem presents itself in the way PHP stores session variables. This issue can be exploited to hijack the session variables of victim users of other PHP applications running on a system utilizing a vulnerable version of PHP. This issue is reported to effect the 3.x and 4.x versions of PHP; other versions may also be affected.

10. SuSE YaST Local Buffer Overflow Vulnerability
BugTraq ID: 14861
Remote: No
Date Published: 2005-09-16
Relevant URL: http://www.securityfocus.com/bid/14861
Summary:
SuSE YaST is affected by a local buffer overflow vulnerability. A local attacker may exploit this issue to execute arbitrary code with superuser privileges. SuSE Linux 9.3 is reported to be vulnerable. Other versions may be affected as well.

11. Arc Insecure Temporary File Creation Vulnerability
BugTraq ID: 14863
Remote: No
Date Published: 2005-09-16
Relevant URL: http://www.securityfocus.com/bid/14863
Summary:
ARC creates temporary files in an insecure manner. An attacker with local access could potentially exploit this issue to view files and obtain privileged information. The attacker may also perform symlink attacks, overwriting arbitrary files in the context of the affected application. Exploitation would most likely result in loss of confidentiality and theft of privileged information. Successful exploitation of a symlink attack may result in sensitive configuration files being overwritten. This may result in a denial of service; other attacks may also be possible. ARC 5.21j and earlier versions are reported to be vulnerable.

Secunia

[SA16869] Firefox Command Line URL Shell Command Injection
Critical: Extremely critical
Where: From remote
Impact: System access
Released: 2005-09-20
Peter Zelezny has discovered a vulnerability in Firefox, which can be
exploited by malicious people to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/16869/

[SA16846] Mozilla Command Line URL Shell Command Injection
Critical: Extremely critical
Where: From remote
Impact: System access
Released: 2005-09-21
A vulnerability has been discovered in Mozilla Suite, which can be
exploited by malicious people to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/16846/

[SA16895] Alkalay contribute "template" Shell Command Injection Vulnerability
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2005-09-21
sullo has discovered a vulnerability in Alkalay contribute, which can
be exploited by malicious people to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/16895/

[SA16894] HP OpenVMS Secure Web Browser Multiple Vulnerabilities
Critical: Highly critical
Where: From remote
Impact: Security Bypass, Cross Site Scripting, Spoofing, System access
Released: 2005-09-21
HP has acknowledged some vulnerabilities in OpenVMS running Secure Web
Browser, which can be exploited by malicious people to bypass certain
security restrictions, conduct cross-site scripting attacks, spoof the
contents of web sites, spoof dialog boxes, or compromise a user's
system.
Full Advisory:
http://secunia.com/advisories/16894/

[SA16887] Alkalay man-cgi "topic" Shell Command Injection Vulnerability
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2005-09-21
sullo has discovered a vulnerability in Alkalay man-cgi, which can be
exploited by malicious people to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/16887/

[SA16886] Alkalay notify "from" Shell Command Injection Vulnerability
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2005-09-21
sullo has discovered a vulnerability in Alkalay notify, which can be
exploited by malicious people to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/16886/

[SA16884] Mandriva update for clamav
Critical: Highly critical
Where: From remote
Impact: DoS, System access
Released: 2005-09-21
Mandriva has issued an update for clamav. This fixes two
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service), or potentially to compromise a vulnerable
system.
Full Advisory:
http://secunia.com/advisories/16884/

[SA16880] Alkalay nslookup Shell Command Injection Vulnerabilities
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2005-09-21
sullo has discovered some vulnerabilities in Alkalay nslookup, which
can be exploited by malicious people to compromise a vulnerable
system.
Full Advisory:
http://secunia.com/advisories/16880/

[SA16879] HP Tru64 UNIX libXpm Multiple Vulnerabilities
Critical: Highly critical
Where: From remote
Impact: DoS, System access
Released: 2005-09-21
HP has acknowledged some vulnerabilities in HP Tru64 UNIX, which can be
exploited by malicious people to cause a DoS (Denial of Service) or
compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/16879/

[SA16862] Gentoo update for clamav
Critical: Highly critical
Where: From remote
Impact: DoS, System access
Released: 2005-09-19
Gentoo has issued an update for clamav. This fixes two vulnerabilities,
which can be exploited by malicious people to cause a DoS (Denial of
Service), or potentially to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/16862/

[SA16848] ClamAV UPX and FSG Handling Vulnerabilities
Critical: Highly critical
Where: From remote
Impact: DoS, System access
Released: 2005-09-19
Two vulnerabilities have been reported in ClamAV, which can be
exploited by malicious people to cause a DoS (Denial of Service), or
potentially to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/16848/

[SA16844] Gentoo update for mozilla/mozilla-firefox
Critical: Highly critical
Where: From remote
Impact: DoS, System access
Released: 2005-09-19
Gentoo has issued an update for mozilla/mozilla-firefox. This fixes a
vulnerability, which can be exploited by malicious people to cause a
DoS (Denial of Service) or to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/16844/

[SA16834] SUSE update for evolution
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2005-09-16
SUSE has issued an update for evolution. This fixes some
vulnerabilities, which can be exploited by malicious people to
compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/16834/

[SA16892] Gentoo update for zebedee
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2005-09-21
Gentoo has issued an update for zebedee. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service).
Full Advisory:
http://secunia.com/advisories/16892/

[SA16872] Unixware update for Libtiff
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2005-09-20
SCO has issued an update for Libtiff. This fixes a vulnerability, which
potentially can be exploited by malicious people to compromise a
vulnerable system.
Full Advisory:
http://secunia.com/advisories/16872/

[SA16864] Gentoo update for apache/mod_ssl
Critical: Moderately critical
Where: From remote
Impact: Security Bypass, Privilege escalation
Released: 2005-09-19
Gentoo has issued an update for apache/mod_ssl. This fixes a security
issue and a vulnerability, which potentially can be exploited by
malicious people to bypass certain security restrictions, or by
malicious, local users to gain escalated privileges via a specially
crafted ".htaccess" file.
Full Advisory:
http://secunia.com/advisories/16864/

[SA16858] Webmin / Usermin PAM Authentication Bypass Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Security Bypass
Released: 2005-09-20
Keigo Yamazaki has reported a vulnerability in Webmin and Usermin,
which can be exploited by malicious people to bypass certain security
restrictions.
Full Advisory:
http://secunia.com/advisories/16858/

[SA16856] Gentoo update for mailutils
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2005-09-19
Gentoo has issued an update for mailutils. This fixes a vulnerability,
which can be exploited by malicious users to compromise a vulnerable
system.
Full Advisory:
http://secunia.com/advisories/16856/

[SA16849] SUSE update for squid
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2005-09-16
SUSE has issued an update for squid. This fixes two vulnerabilities,
which potentially can be exploited by malicious people to cause a DoS
(Denial of Service).
Full Advisory:
http://secunia.com/advisories/16849/

[SA16876] Tofu Game Engine Arbitrary Python Code Execution Vulnerability
Critical: Moderately critical
Where: From local network
Impact: System access
Released: 2005-09-20
Arc Riley has reported a vulnerability in Tofu, which can be exploited
by malicious people to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/16876/

[SA16863] Gentoo workaround for py2play
Critical: Moderately critical
Where: From local network
Impact: System access
Released: 2005-09-19
Gentoo has published a workaround for py2play. This fixes a
vulnerability, which can be exploited by malicious people to compromise
a user's system.
Full Advisory:
http://secunia.com/advisories/16863/

[SA16855] Py2Play Game Engine Arbitrary Python Code Execution Vulnerability
Critical: Moderately critical
Where: From local network
Impact: System access
Released: 2005-09-19
Arc Riley has reported a vulnerability in Py2Play, which can be
exploited by malicious people to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/16855/

[SA16888] PerlDiver "module" Cross-Site Scripting Vulnerability
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2005-09-21
Donnie Werner has reported a vulnerability in PerlDiver, which can be
exploited by malicious people to conduct cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/16888/

[SA16893] HP Tru64 UNIX FTP Daemon Denial of Service Vulnerability
Critical: Less critical
Where: From local network
Impact: DoS
Released: 2005-09-21
A vulnerability has been reported in HP Tru64 UNIX, which can be
exploited by malicious users to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/16893/

[SA16885] Mandriva update for cups
Critical: Less critical
Where: From local network
Impact: Security Bypass
Released: 2005-09-21
Mandriva has issued an update for cups. This fixes a vulnerability,
which can be exploited by malicious users to bypass certain security
restrictions.
Full Advisory:
http://secunia.com/advisories/16885/

[SA16883] MasqMail Two Privilege Escalation Vulnerabilities
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2005-09-21
Jens Steube has reported two vulnerabilities in MasqMail, which
potentially can be exploited by malicious, local users to gain
escalated privileges.
Full Advisory:
http://secunia.com/advisories/16883/

[SA16874] Sun Solaris "tl" Driver Denial of Service Vulnerability
Critical: Less critical
Where: Local system
Impact: DoS
Released: 2005-09-20
A vulnerability has been reported in Solaris, which can be exploited by
malicious, local users to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/16874/

[SA16866] Bacula Multiple Insecure Temporary File Creation Vulnerability
Critical: Less critical
Where: Local system
Impact: Exposure of sensitive information, Privilege escalation
Released: 2005-09-20
Eric Romang has reported some vulnerabilities in bacula, which can be
exploited by malicious, local users to perform certain actions on a
vulnerable system with escalated privileges, or to disclose certain
sensitive information.
Full Advisory:
http://secunia.com/advisories/16866/

[SA16861] Trustix update for multiple packages
Critical: Less critical
Where: Local system
Impact: Exposure of sensitive information, Privilege escalation, DoS
Released: 2005-09-19
Trustix has issued updates for multiple packages. These fix some
vulnerabilities, which potentially can be exploited by malicious, local
users to disclose certain sensitive information, cause a DoS (Denial of
Service), and gain escalated privileges.
Full Advisory:
http://secunia.com/advisories/16861/

[SA16860] Fedora update for xorg-x11
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2005-09-19
Fedora has issued an update for xorg-x11. This fixes a vulnerability,
which potentially can be exploited by malicious, local users to gain
escalated privileges.
Full Advisory:
http://secunia.com/advisories/16860/

[SA16850] Debian update for kdebase
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2005-09-19
Debian has issued an update for kdebase. This fixes a vulnerability,
which potentially can be exploited by malicious, local users to gain
escalated privileges.
Full Advisory:
http://secunia.com/advisories/16850/

[SA16845] Sun Solaris X11 Pixmap Creation Integer Overflow Vulnerability
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2005-09-16
Sun Microsystems has acknowledged a vulnerability in Solaris, which
potentially can be exploited by malicious, local users to gain
escalated privileges.
Full Advisory:
http://secunia.com/advisories/16845/

[SA16842] Debian update for lm-sensors
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2005-09-16
Debian has issued an update for lm-sensors. This fixes a vulnerability,
which can be exploited by malicious, local users to perform certain
actions on a vulnerable system with escalated privileges.
Full Advisory:
http://secunia.com/advisories/16842/

[SA16835] SimpleCDR-X Insecure Temporary Image File Creation
Critical: Less critical
Where: Local system
Impact: Exposure of sensitive information
Released: 2005-09-16
Jonas Thambert has reported a security issue in SimpleCDR-X, which can
be exploited by malicious, local users to gain access to sensitive
information.
Full Advisory:
http://secunia.com/advisories/16835/

[SA16875] Safari "data:" URI Handler Denial of Service Weakness
Critical: Not critical
Where: From remote
Impact: DoS
Released: 2005-09-20
Jonathan Rockway has discovered a weakness in Safari, which can be
exploited by malicious people to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/16875/

[SA16891] Gentoo update for util-linux
Critical: Not critical
Where: Local system
Impact: Privilege escalation
Released: 2005-09-21
Gentoo has issued an update for util-linux. This fixes a security
issue, which potentially can be exploited by malicious, local users to
gain escalated privileges.
Full Advisory:
http://secunia.com/advisories/16891/

[SA16882] Mandriva update for util-linux
Critical: Not critical
Where: Local system
Impact: Privilege escalation
Released: 2005-09-21
Mandriva has issued an update for util-linux. This fixes a security
issue, which potentially can be exploited by malicious, local users to
gain escalated privileges.
Full Advisory:
http://secunia.com/advisories/16882/

[SA16857] Ubuntu update for util-linux
Critical: Not critical
Where: Local system
Impact: Privilege escalation
Released: 2005-09-19
Ubuntu has issued an update for util-linux. This fixes a vulnerability,
which potentially can be exploited by malicious, local users to gain
escalated privileges.
Full Advisory:
http://secunia.com/advisories/16857/

[SA16841] Digital Scribe "username" SQL Injection
Critical: Highly critical
Where: From remote
Impact: Security Bypass, Manipulation of data, System access
Released: 2005-09-16
rgod has discovered a vulnerability in Digital Scribe, which can be
exploited by malicious people to conduct SQL injection attacks and
compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/16841/

[SA16896] Zengaia Unspecified SQL Injection Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2005-09-21
A vulnerability has been reported in Zengaia, which can be exploited by
malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/16896/

[SA16881] Simplog SQL Injection Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2005-09-21
r0ut3r has discovered some vulnerabilities in Simplog, which can be
exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/16881/

[SA16878] Land Down Under "Referer" SQL Injection Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2005-09-21
A vulnerability has been discovered in Land Down Under, which can be
exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/16878/

[SA16867] PHP Advanced Transfer Manager Multiple Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting, Exposure of system information,
Exposure of sensitive information
Released: 2005-09-20
rgod has discovered some vulnerabilities and a security issue in PHP
Advanced Transfer Manager, which can be exploited by malicious people
to disclose system and sensitive information, and to conduct cross-site
scripting attacks.
Full Advisory:
http://secunia.com/advisories/16867/

[SA16859] Helpdesk software Hesk Authentication Bypass Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Security Bypass, Exposure of system information
Released: 2005-09-20
OS2A has reported a vulnerability in Helpdesk software Hesk, which can
be exploited by malicious people to bypass certain security
restrictions.
Full Advisory:
http://secunia.com/advisories/16859/

[SA16853] NooToplist "o" SQL Injection Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2005-09-19
David Sopas Ferreira has reported a vulnerability in NooToplist, which
can be exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/16853/

[SA16843] PHP-Nuke Unspecified wysiwyg Editor Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Unknown
Released: 2005-09-16
Some potential vulnerabilities have been reported in PHP-Nuke with
unknown impacts .
Full Advisory:
http://secunia.com/advisories/16843/

[SA16873] vBulletin Multiple Vulnerabilities
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting, Manipulation of data, System access
Released: 2005-09-20
Thomas Waldegger has reported some vulnerabilities in vBulletin, which
can be exploited by malicious users to conduct SQL injection attacks
and potentially compromise a vulnerable system, and by malicious people
to conduct cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/16873/

[SA16868] phpBB Remote Avatar Information Disclosure Weakness
Critical: Not critical
Where: From remote
Impact: Exposure of system information
Released: 2005-09-21
A weakness has been discovered in phpBB, which can be exploited by
malicious people to disclose certain system information.
Full Advisory:
http://secunia.com/advisories/16868/

Linux Advisory Watch

Distribution: Debian

* Debian: New turqstat packages fix buffer overflow
15th, September, 2005
Updated package.
http://www.linuxsecurity.com/content/view/120389

* Debian: New centericq packages fix several vulnerabilities
15th, September, 2005
Updated package.
http://www.linuxsecurity.com/content/view/120392

* Debian: New lm-sensors packages fix insecure temporary file
15th, September, 2005
Updated package.
http://www.linuxsecurity.com/content/view/120395

* Debian: New kdebase packages fix local root vulnerability
16th, September, 2005
Updated package.
http://www.linuxsecurity.com/content/view/120399

* Debian: New python2.2 packages fix arbitrary code execution
22nd, September, 2005
Updated package.
http://www.linuxsecurity.com/content/view/120425

* Debian: New XFree86 packages fix arbitrary code execution
22nd, September, 2005
Updated package.
http://www.linuxsecurity.com/content/view/120426


Distribution: Fedora

* Fedora Core 4 Update: dia-0.94-12.fc4
16th, September, 2005
Updated package.
http://www.linuxsecurity.com/content/view/120400

* Fedora Core 4 Update: qt-3.3.4-15.4
16th, September, 2005
Updated package.
http://www.linuxsecurity.com/content/view/120401


Distribution: Gentoo

* Gentoo: Py2Play Remote execution of arbitrary Python
17th, September, 2005
A design error in Py2Play allows attackers to execute arbitrary code.
http://www.linuxsecurity.com/content/view/120402

* Gentoo: Mailutils Format string vulnerability in imap4d
17th, September, 2005
The imap4d server contains a vulnerability allowing an authenticated
user to execute arbitrary code with the privileges of the imap4d
process.
http://www.linuxsecurity.com/content/view/120403

* Gentoo: Shorewall Security policy bypass
17th, September, 2005
A vulnerability in Shorewall allows clients authenticated by MAC
address filtering to bypass all other security rules.
http://www.linuxsecurity.com/content/view/120404

* Gentoo: Mozilla Suite, Mozilla Firefox Buffer overflow
18th, September, 2005
Mozilla Suite and Firefox are vulnerable to a buffer overflow that
might be exploited to execute arbitrary code.
http://www.linuxsecurity.com/content/view/120405

* Gentoo: Apache, mod_ssl Multiple vulnerabilities
19th, September, 2005
mod_ssl and Apache are vulnerable to a restriction bypass and a
potential local privilege escalation.
http://www.linuxsecurity.com/content/view/120408

* Gentoo: Clam AntiVirus Multiple vulnerabilities
19th, September, 2005
Clam AntiVirus is subject to vulnerabilities ranging from Denial of
Service to execution of arbitrary code when handling compressed
executables.
http://www.linuxsecurity.com/content/view/120409

* Gentoo: Apache, mod_ssl Multiple vulnerabilities
19th, September, 2005
mod_ssl and Apache are vulnerable to a restriction bypass and a
potential local privilege escalation.
http://www.linuxsecurity.com/content/view/120411

* Gentoo: Shorewall Security policy bypass
19th, September, 2005
A vulnerability in Shorewall allows clients authenticated by MAC
address filtering to bypass all other security rules.
http://www.linuxsecurity.com/content/view/120412

* Gentoo: Zebedee Denial of Service vulnerability
20th, September, 2005
A bug in Zebedee allows a remote attacker to perform a Denial of
Service attack.
http://www.linuxsecurity.com/content/view/120417

* Gentoo: util-linux umount command validation error
20th, September, 2005
A command validation error in umount can lead to an escalation of
privileges.
http://www.linuxsecurity.com/content/view/120418


Distribution: Red Hat

* RedHat: Important: XFree86 security update
15th, September, 2005
This update has been rated as having important security impact by the
Red Hat Security Response Team.
http://www.linuxsecurity.com/content/view/120390

* RedHat: Important: squid security update
15th, September, 2005
An updated Squid package that fixes security issues is now available.
This update has been rated as having important security impact by the
Red Hat Security Response Team.
http://www.linuxsecurity.com/content/view/120391

* RedHat: Important: mod_ssl security update
15th, September, 2005
An updated mod_ssl package for Apache that corrects a security issue
is now available. This update has been rated as having important
security impact by the Red Hat Security Response Team.
http://www.linuxsecurity.com/content/view/120396