Secunia
[SA16869] Firefox Command Line URL Shell Command Injection
Critical: Extremely critical
Where: From remote
Impact: System access
Released: 2005-09-20
Peter Zelezny has discovered a vulnerability in Firefox, which can be
exploited by malicious people to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/16869/
[SA16846] Mozilla Command Line URL Shell Command Injection
Critical: Extremely critical
Where: From remote
Impact: System access
Released: 2005-09-21
A vulnerability has been discovered in Mozilla Suite, which can be
exploited by malicious people to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/16846/
[SA16895] Alkalay contribute "template" Shell Command Injection Vulnerability
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2005-09-21
sullo has discovered a vulnerability in Alkalay contribute, which can
be exploited by malicious people to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/16895/
[SA16894] HP OpenVMS Secure Web Browser Multiple Vulnerabilities
Critical: Highly critical
Where: From remote
Impact: Security Bypass, Cross Site Scripting, Spoofing, System access
Released: 2005-09-21
HP has acknowledged some vulnerabilities in OpenVMS running Secure Web
Browser, which can be exploited by malicious people to bypass certain
security restrictions, conduct cross-site scripting attacks, spoof the
contents of web sites, spoof dialog boxes, or compromise a user's
system.
Full Advisory:
http://secunia.com/advisories/16894/
[SA16887] Alkalay man-cgi "topic" Shell Command Injection Vulnerability
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2005-09-21
sullo has discovered a vulnerability in Alkalay man-cgi, which can be
exploited by malicious people to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/16887/
[SA16886] Alkalay notify "from" Shell Command Injection Vulnerability
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2005-09-21
sullo has discovered a vulnerability in Alkalay notify, which can be
exploited by malicious people to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/16886/
[SA16884] Mandriva update for clamav
Critical: Highly critical
Where: From remote
Impact: DoS, System access
Released: 2005-09-21
Mandriva has issued an update for clamav. This fixes two
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service), or potentially to compromise a vulnerable
system.
Full Advisory:
http://secunia.com/advisories/16884/
[SA16880] Alkalay nslookup Shell Command Injection Vulnerabilities
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2005-09-21
sullo has discovered some vulnerabilities in Alkalay nslookup, which
can be exploited by malicious people to compromise a vulnerable
system.
Full Advisory:
http://secunia.com/advisories/16880/
[SA16879] HP Tru64 UNIX libXpm Multiple Vulnerabilities
Critical: Highly critical
Where: From remote
Impact: DoS, System access
Released: 2005-09-21
HP has acknowledged some vulnerabilities in HP Tru64 UNIX, which can be
exploited by malicious people to cause a DoS (Denial of Service) or
compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/16879/
[SA16862] Gentoo update for clamav
Critical: Highly critical
Where: From remote
Impact: DoS, System access
Released: 2005-09-19
Gentoo has issued an update for clamav. This fixes two vulnerabilities,
which can be exploited by malicious people to cause a DoS (Denial of
Service), or potentially to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/16862/
[SA16848] ClamAV UPX and FSG Handling Vulnerabilities
Critical: Highly critical
Where: From remote
Impact: DoS, System access
Released: 2005-09-19
Two vulnerabilities have been reported in ClamAV, which can be
exploited by malicious people to cause a DoS (Denial of Service), or
potentially to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/16848/
[SA16844] Gentoo update for mozilla/mozilla-firefox
Critical: Highly critical
Where: From remote
Impact: DoS, System access
Released: 2005-09-19
Gentoo has issued an update for mozilla/mozilla-firefox. This fixes a
vulnerability, which can be exploited by malicious people to cause a
DoS (Denial of Service) or to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/16844/
[SA16834] SUSE update for evolution
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2005-09-16
SUSE has issued an update for evolution. This fixes some
vulnerabilities, which can be exploited by malicious people to
compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/16834/
[SA16892] Gentoo update for zebedee
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2005-09-21
Gentoo has issued an update for zebedee. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service).
Full Advisory:
http://secunia.com/advisories/16892/
[SA16872] Unixware update for Libtiff
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2005-09-20
SCO has issued an update for Libtiff. This fixes a vulnerability, which
potentially can be exploited by malicious people to compromise a
vulnerable system.
Full Advisory:
http://secunia.com/advisories/16872/
[SA16864] Gentoo update for apache/mod_ssl
Critical: Moderately critical
Where: From remote
Impact: Security Bypass, Privilege escalation
Released: 2005-09-19
Gentoo has issued an update for apache/mod_ssl. This fixes a security
issue and a vulnerability, which potentially can be exploited by
malicious people to bypass certain security restrictions, or by
malicious, local users to gain escalated privileges via a specially
crafted ".htaccess" file.
Full Advisory:
http://secunia.com/advisories/16864/
[SA16858] Webmin / Usermin PAM Authentication Bypass Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Security Bypass
Released: 2005-09-20
Keigo Yamazaki has reported a vulnerability in Webmin and Usermin,
which can be exploited by malicious people to bypass certain security
restrictions.
Full Advisory:
http://secunia.com/advisories/16858/
[SA16856] Gentoo update for mailutils
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2005-09-19
Gentoo has issued an update for mailutils. This fixes a vulnerability,
which can be exploited by malicious users to compromise a vulnerable
system.
Full Advisory:
http://secunia.com/advisories/16856/
[SA16849] SUSE update for squid
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2005-09-16
SUSE has issued an update for squid. This fixes two vulnerabilities,
which potentially can be exploited by malicious people to cause a DoS
(Denial of Service).
Full Advisory:
http://secunia.com/advisories/16849/
[SA16876] Tofu Game Engine Arbitrary Python Code Execution Vulnerability
Critical: Moderately critical
Where: From local network
Impact: System access
Released: 2005-09-20
Arc Riley has reported a vulnerability in Tofu, which can be exploited
by malicious people to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/16876/
[SA16863] Gentoo workaround for py2play
Critical: Moderately critical
Where: From local network
Impact: System access
Released: 2005-09-19
Gentoo has published a workaround for py2play. This fixes a
vulnerability, which can be exploited by malicious people to compromise
a user's system.
Full Advisory:
http://secunia.com/advisories/16863/
[SA16855] Py2Play Game Engine Arbitrary Python Code Execution Vulnerability
Critical: Moderately critical
Where: From local network
Impact: System access
Released: 2005-09-19
Arc Riley has reported a vulnerability in Py2Play, which can be
exploited by malicious people to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/16855/
[SA16888] PerlDiver "module" Cross-Site Scripting Vulnerability
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2005-09-21
Donnie Werner has reported a vulnerability in PerlDiver, which can be
exploited by malicious people to conduct cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/16888/
[SA16893] HP Tru64 UNIX FTP Daemon Denial of Service Vulnerability
Critical: Less critical
Where: From local network
Impact: DoS
Released: 2005-09-21
A vulnerability has been reported in HP Tru64 UNIX, which can be
exploited by malicious users to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/16893/
[SA16885] Mandriva update for cups
Critical: Less critical
Where: From local network
Impact: Security Bypass
Released: 2005-09-21
Mandriva has issued an update for cups. This fixes a vulnerability,
which can be exploited by malicious users to bypass certain security
restrictions.
Full Advisory:
http://secunia.com/advisories/16885/
[SA16883] MasqMail Two Privilege Escalation Vulnerabilities
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2005-09-21
Jens Steube has reported two vulnerabilities in MasqMail, which
potentially can be exploited by malicious, local users to gain
escalated privileges.
Full Advisory:
http://secunia.com/advisories/16883/
[SA16874] Sun Solaris "tl" Driver Denial of Service Vulnerability
Critical: Less critical
Where: Local system
Impact: DoS
Released: 2005-09-20
A vulnerability has been reported in Solaris, which can be exploited by
malicious, local users to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/16874/
[SA16866] Bacula Multiple Insecure Temporary File Creation Vulnerability
Critical: Less critical
Where: Local system
Impact: Exposure of sensitive information, Privilege escalation
Released: 2005-09-20
Eric Romang has reported some vulnerabilities in bacula, which can be
exploited by malicious, local users to perform certain actions on a
vulnerable system with escalated privileges, or to disclose certain
sensitive information.
Full Advisory:
http://secunia.com/advisories/16866/
[SA16861] Trustix update for multiple packages
Critical: Less critical
Where: Local system
Impact: Exposure of sensitive information, Privilege escalation, DoS
Released: 2005-09-19
Trustix has issued updates for multiple packages. These fix some
vulnerabilities, which potentially can be exploited by malicious, local
users to disclose certain sensitive information, cause a DoS (Denial of
Service), and gain escalated privileges.
Full Advisory:
http://secunia.com/advisories/16861/
[SA16860] Fedora update for xorg-x11
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2005-09-19
Fedora has issued an update for xorg-x11. This fixes a vulnerability,
which potentially can be exploited by malicious, local users to gain
escalated privileges.
Full Advisory:
http://secunia.com/advisories/16860/
[SA16850] Debian update for kdebase
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2005-09-19
Debian has issued an update for kdebase. This fixes a vulnerability,
which potentially can be exploited by malicious, local users to gain
escalated privileges.
Full Advisory:
http://secunia.com/advisories/16850/
[SA16845] Sun Solaris X11 Pixmap Creation Integer Overflow Vulnerability
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2005-09-16
Sun Microsystems has acknowledged a vulnerability in Solaris, which
potentially can be exploited by malicious, local users to gain
escalated privileges.
Full Advisory:
http://secunia.com/advisories/16845/
[SA16842] Debian update for lm-sensors
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2005-09-16
Debian has issued an update for lm-sensors. This fixes a vulnerability,
which can be exploited by malicious, local users to perform certain
actions on a vulnerable system with escalated privileges.
Full Advisory:
http://secunia.com/advisories/16842/
[SA16835] SimpleCDR-X Insecure Temporary Image File Creation
Critical: Less critical
Where: Local system
Impact: Exposure of sensitive information
Released: 2005-09-16
Jonas Thambert has reported a security issue in SimpleCDR-X, which can
be exploited by malicious, local users to gain access to sensitive
information.
Full Advisory:
http://secunia.com/advisories/16835/
[SA16875] Safari "data:" URI Handler Denial of Service Weakness
Critical: Not critical
Where: From remote
Impact: DoS
Released: 2005-09-20
Jonathan Rockway has discovered a weakness in Safari, which can be
exploited by malicious people to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/16875/
[SA16891] Gentoo update for util-linux
Critical: Not critical
Where: Local system
Impact: Privilege escalation
Released: 2005-09-21
Gentoo has issued an update for util-linux. This fixes a security
issue, which potentially can be exploited by malicious, local users to
gain escalated privileges.
Full Advisory:
http://secunia.com/advisories/16891/
[SA16882] Mandriva update for util-linux
Critical: Not critical
Where: Local system
Impact: Privilege escalation
Released: 2005-09-21
Mandriva has issued an update for util-linux. This fixes a security
issue, which potentially can be exploited by malicious, local users to
gain escalated privileges.
Full Advisory:
http://secunia.com/advisories/16882/
[SA16857] Ubuntu update for util-linux
Critical: Not critical
Where: Local system
Impact: Privilege escalation
Released: 2005-09-19
Ubuntu has issued an update for util-linux. This fixes a vulnerability,
which potentially can be exploited by malicious, local users to gain
escalated privileges.
Full Advisory:
http://secunia.com/advisories/16857/
[SA16841] Digital Scribe "username" SQL Injection
Critical: Highly critical
Where: From remote
Impact: Security Bypass, Manipulation of data, System access
Released: 2005-09-16
rgod has discovered a vulnerability in Digital Scribe, which can be
exploited by malicious people to conduct SQL injection attacks and
compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/16841/
[SA16896] Zengaia Unspecified SQL Injection Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2005-09-21
A vulnerability has been reported in Zengaia, which can be exploited by
malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/16896/
[SA16881] Simplog SQL Injection Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2005-09-21
r0ut3r has discovered some vulnerabilities in Simplog, which can be
exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/16881/
[SA16878] Land Down Under "Referer" SQL Injection Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2005-09-21
A vulnerability has been discovered in Land Down Under, which can be
exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/16878/
[SA16867] PHP Advanced Transfer Manager Multiple Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting, Exposure of system information,
Exposure of sensitive information
Released: 2005-09-20
rgod has discovered some vulnerabilities and a security issue in PHP
Advanced Transfer Manager, which can be exploited by malicious people
to disclose system and sensitive information, and to conduct cross-site
scripting attacks.
Full Advisory:
http://secunia.com/advisories/16867/
[SA16859] Helpdesk software Hesk Authentication Bypass Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Security Bypass, Exposure of system information
Released: 2005-09-20
OS2A has reported a vulnerability in Helpdesk software Hesk, which can
be exploited by malicious people to bypass certain security
restrictions.
Full Advisory:
http://secunia.com/advisories/16859/
[SA16853] NooToplist "o" SQL Injection Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2005-09-19
David Sopas Ferreira has reported a vulnerability in NooToplist, which
can be exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/16853/
[SA16843] PHP-Nuke Unspecified wysiwyg Editor Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Unknown
Released: 2005-09-16
Some potential vulnerabilities have been reported in PHP-Nuke with
unknown impacts .
Full Advisory:
http://secunia.com/advisories/16843/
[SA16873] vBulletin Multiple Vulnerabilities
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting, Manipulation of data, System access
Released: 2005-09-20
Thomas Waldegger has reported some vulnerabilities in vBulletin, which
can be exploited by malicious users to conduct SQL injection attacks
and potentially compromise a vulnerable system, and by malicious people
to conduct cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/16873/
[SA16868] phpBB Remote Avatar Information Disclosure Weakness
Critical: Not critical
Where: From remote
Impact: Exposure of system information
Released: 2005-09-21
A weakness has been discovered in phpBB, which can be exploited by
malicious people to disclose certain system information.
Full Advisory:
http://secunia.com/advisories/16868/