Secunia
[SA12630] Conectiva update for qt3
Critical: Highly critical
Where: From remote
Impact: DoS, System access
Released: 2004-09-23
Conectiva has issued an update for qt3. This fixes a vulnerability,
which potentially can be exploited by malicious people to compromise a
vulnerable system.
Full Advisory:
http://secunia.com/advisories/12630/
[SA12629] Gentoo update for xine-lib
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2004-09-23
Gentoo has issued an update for xine-lib. This fixes some
vulnerabilities, which can be exploited by malicious people to
compromise a user's system.
Full Advisory:
http://secunia.com/advisories/12629/
[SA12628] Mandrake update for mpg123
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2004-09-23
MandrakeSoft has issued an update for mpg123. This fixes two
vulnerabilities, which can be exploited by malicious people to
compromise a user's system.
Full Advisory:
http://secunia.com/advisories/12628/
[SA12625] Mandrake update for ImageMagick
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2004-09-23
MandrakeSoft has issued an update for ImageMagick. This fixes some
vulnerabilities, which can be exploited by malicious people to
compromise a user's system.
Full Advisory:
http://secunia.com/advisories/12625/
[SA12623] Debian update for imlib2
Critical: Highly critical
Where: From remote
Impact: System access, DoS
Released: 2004-09-23
Debian has issued an update for imlib2. This fixes a vulnerability,
which potentially can be exploited by malicious people to compromise a
user's system.
Full Advisory:
http://secunia.com/advisories/12623/
[SA12615] Gentoo update for gtk+ / gdk-pixbuf
Critical: Highly critical
Where: From remote
Impact: DoS, System access
Released: 2004-09-22
Gentoo has issued updates for gdk-pixbuf and gtk+. These fix multiple
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service) and potentially compromise a vulnerable
system.
Full Advisory:
http://secunia.com/advisories/12615/
[SA12608] Debian netkit-telnet-ssl Buffer Overflow Vulnerability
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2004-09-21
A very old vulnerability reportedly still affects the netkit-telnet-ssl
package for Debian Linux, which can be exploited by malicious people to
compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/12608/
[SA12607] Gentoo update for Mozilla/Firefox/Thunderbird/Epiphany
Critical: Highly critical
Where: From remote
Impact: Cross Site Scripting, Manipulation of data, Exposure of
sensitive information, System access
Released: 2004-09-21
Gentoo has issued updates for Mozilla, Firefox, Thunderbird, and
Epiphany. These fix multiple vulnerabilities, which potentially can be
exploited by malicious people to conduct cross-site scripting attacks,
access and modify sensitive information, and compromise a user's
system.
Full Advisory:
http://secunia.com/advisories/12607/
[SA12602] xine-lib Multiple Buffer Overflow Vulnerabilities
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2004-09-20
Multiple vulnerabilities have been reported in xine-lib, which can be
exploited by malicious people to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/12602/
[SA12599] Sun Java Enterprise System NSS Library Vulnerability
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2004-09-20
Sun has acknowledged a vulnerability in the NSS library included with
Sun Java Enterprise System, which can be exploited by malicious people
to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/12599/
[SA12598] FreeBSD update for CVS
Critical: Highly critical
Where: From remote
Impact: Exposure of system information, DoS, System access
Released: 2004-09-21
FreeBSD has issued an update for CVS. This fixes multiple
vulnerabilities, which can be exploited by malicious users to cause a
DoS (Denial of Service), compromise a vulnerable system, or gain
knowledge of certain system information.
Full Advisory:
http://secunia.com/advisories/12598/
[SA12588] SuSE update for gtk2 and gdk-pixbuf
Critical: Highly critical
Where: From remote
Impact: DoS, System access
Released: 2004-09-17
SuSE has issued updates for gdk-pixbuf and gtk2. These fix multiple
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service) and potentially compromise a vulnerable
system.
Full Advisory:
http://secunia.com/advisories/12588/
[SA12586] Debian update for gtk+2.0
Critical: Highly critical
Where: From remote
Impact: DoS, System access
Released: 2004-09-17
Debian has issued an update for gtk+2.0. This fixes multiple
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service) and potentially compromise a vulnerable
system.
Full Advisory:
http://secunia.com/advisories/12586/
[SA12583] Mandrake update for XFree86
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2004-09-17
MandrakeSoft has issued an update for XFree86. This fixes multiple
vulnerabilities, which potentially can be exploited by malicious people
to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/12583/
[SA12579] SuSE update for XFree86
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2004-09-18
SuSE has issued an update for XFree86. This fixes multiple
vulnerabilities, which potentially can be exploited by malicious people
to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/12579/
[SA12575] Apple Mac OS X Security Update Fixes iChat Vulnerability
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2004-09-17
Apple has issued a security update for Mac OS X iChat client. This
fixes a vulnerability, which can be exploited by malicious people to
compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/12575/
[SA12574] OpenBSD update for Xpm
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2004-09-17
OpenBSD has issued an update for Xpm. This fixes multiple
vulnerabilities, which potentially can be exploited by malicious people
to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/12574/
[SA12573] Debian update for imlib
Critical: Highly critical
Where: From remote
Impact: DoS, System access
Released: 2004-09-16
Debian has issued an update for imlib. This fixes a vulnerability,
which potentially can be exploited by malicious people to compromise a
user's system.
Full Advisory:
http://secunia.com/advisories/12573/
[SA12568] Red Hat update for gtk2
Critical: Highly critical
Where: From remote
Impact: DoS, System access
Released: 2004-09-16
Red Hat has issued an update for gtk2. This fixes multiple
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service) and potentially compromise a vulnerable
system.
Full Advisory:
http://secunia.com/advisories/12568/
[SA12565] Gentoo update for mpg123
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2004-09-16
Gentoo has issued an update for mpg123. This fixes a vulnerability,
which can be exploited by malicious people to compromise a user's
system.
Full Advisory:
http://secunia.com/advisories/12565/
[SA12564] Debian update for gdk-pixbuf
Critical: Highly critical
Where: From remote
Impact: System access, DoS
Released: 2004-09-16
Debian has issued an update for gdk-pixbuf. This fixes multiple
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service) and potentially compromise a vulnerable
system.
Full Advisory:
http://secunia.com/advisories/12564/
[SA12563] Debian update for imagemagick
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2004-09-20
Debian has issued an update for ImageMagick. This fixes a
vulnerability, which potentially can be exploited by malicious people
to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/12563/
[SA12619] Gentoo update for freeradius
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2004-09-23
Gentoo has issued an update for freeradius. This fixes multiple
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/12619/
[SA12614] Debian update for lukemftpd
Critical: Moderately critical
Where: From remote
Impact: Privilege escalation, System access
Released: 2004-09-22
Debian has issued an update for lukemftpd. This fixes some
vulnerabilities, which potentially can be exploited by malicious users
to gain escalated privileges or compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/12614/
[SA12592] Debian update for wv
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2004-09-21
Debian has issued an update for wv. This fixes a vulnerability, which
potentially can be exploited by malicious people to compromise a user's
system.
Full Advisory:
http://secunia.com/advisories/12592/
[SA12582] Gentoo update for snipsnap
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting
Released: 2004-09-20
Gentoo has issued an update for snipsnap. This fixes a vulnerability,
which can be exploited by malicious people to conduct script insertion
and cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/12582/
[SA12570] FreeRADIUS Multiple Unspecified Denial of Service
Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2004-09-20
Multiple unspecified vulnerabilities have been reported in FreeRADIUS,
which can be exploited by malicious people to cause a DoS (Denial of
Service).
Full Advisory:
http://secunia.com/advisories/12570/
[SA12562] Gentoo update for heimdal
Critical: Moderately critical
Where: From remote
Impact: System access, Privilege escalation
Released: 2004-09-16
Gentoo has issued an update for heimdal. This fixes some
vulnerabilities, which potentially can be exploited by malicious users
to gain escalated privileges or compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/12562/
[SA12584] sdd Unspecified RMT Client Vulnerability
Critical: Moderately critical
Where: From local network
Impact: Unknown
Released: 2004-09-18
A vulnerability with an unknown impact has been reported in sdd.
Full Advisory:
http://secunia.com/advisories/12584/
[SA12624] Conectiva update for spamassassin
Critical: Less critical
Where: From remote
Impact: DoS
Released: 2004-09-23
Connectiva has issued an update for spamassassin. This fixes a
vulnerability, which can be exploited by malicious people to cause a
DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/12624/
[SA12577] Gentoo update for apache2 and mod_dav
Critical: Less critical
Where: From remote
Impact: Privilege escalation, DoS
Released: 2004-09-17
Gentoo has issued updates for apache2 and mod_dav. These fix multiple
vulnerabilities, which can be exploited to cause a DoS (Denial of
Service) or gain escalated privileges.
Full Advisory:
http://secunia.com/advisories/12577/
[SA12576] Gentoo update for phpGroupWare
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2004-09-17
Gentoo has issued an update for phpGroupWare. This fixes a
vulnerability, which can be exploited by malicious people to conduct
cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/12576/
[SA12572] Fedora update for apr-util
Critical: Less critical
Where: From remote
Impact: DoS
Released: 2004-09-16
Fedora has issued an update for apr-util. This fixes a vulnerability
which can be exploited by malicious people to cause a DoS (Denial of
Service).
Full Advisory:
http://secunia.com/advisories/12572/
[SA12632] Red Hat redhat-config-nfs Incorrect Share Permissions
Security Issue
Critical: Less critical
Where: From local network
Impact: Security Bypass
Released: 2004-09-23
John Buswell has reported a security issue in redhat-config-nfs, which
may result in users having more permissions than expected on exported
resources.
Full Advisory:
http://secunia.com/advisories/12632/
[SA12631] Red Hat update for samba
Critical: Less critical
Where: From local network
Impact: DoS
Released: 2004-09-23
Red Hat has issued an update for samba. This fixes two vulnerabilities,
which can be exploited by malicious people to cause a DoS (Denial of
Service).
Full Advisory:
http://secunia.com/advisories/12631/
[SA12626] Slackware update for CUPS
Critical: Less critical
Where: From local network
Impact: DoS
Released: 2004-09-23
Slackware has issued an update for CUPS. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service).
Full Advisory:
http://secunia.com/advisories/12626/
[SA12617] OpenBSD Radius Authentication "login_radius" Security Bypass
Critical: Less critical
Where: From local network
Impact: Security Bypass
Released: 2004-09-22
Eilko Bos has reported a vulnerability in OpenBSD, which can be
exploited by malicious people to bypass certain security restrictions.
Full Advisory:
http://secunia.com/advisories/12617/
[SA12603] Gentoo update for CUPS
Critical: Less critical
Where: From local network
Impact: DoS
Released: 2004-09-21
Gentoo has issued an update for CUPS. This fixes a vulnerability, which
can be exploited by malicious people to cause a DoS (Denial of
Service).
Full Advisory:
http://secunia.com/advisories/12603/
[SA12571] Red Hat update for CUPS
Critical: Less critical
Where: From local network
Impact: DoS
Released: 2004-09-16
Red Hat has issued an update for CUPS. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service).
Full Advisory:
http://secunia.com/advisories/12571/
[SA12566] Debian update for cupsys
Critical: Less critical
Where: From local network
Impact: DoS
Released: 2004-09-16
Debian has issued an update for cupsys. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service).
Full Advisory:
http://secunia.com/advisories/12566/
[SA12627] Mandrake update for webmin
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2004-09-23
MandrakeSoft has issued an update for webmin. This fixes a
vulnerability, which potentially can be exploited by malicious, local
user to perform certain actions on a system with escalated privileges.
Full Advisory:
http://secunia.com/advisories/12627/
[SA12610] Fedora update for foomatic
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2004-09-22
Fedora has issued an update for foomatic. This fixes a vulnerability,
which can be exploited by malicious, local users to gain escalated
privileges.
Full Advisory:
http://secunia.com/advisories/12610/
[SA12600] RsyncX Privilege Escalation Vulnerabilities
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2004-09-20
Matt Johnston has reported two vulnerabilities in RsyncX, which can be
exploited by malicious, local users to gain escalated privileges.
Full Advisory:
http://secunia.com/advisories/12600/
[SA12596] sudo Arbitrary File Reading Vulnerability
Critical: Less critical
Where: Local system
Impact: Exposure of sensitive information
Released: 2004-09-20
Reznic Valery has reported a vulnerability in sudo, which can be
exploited by malicious, local users to read arbitrary files.
Full Advisory:
http://secunia.com/advisories/12596/
[SA12594] getmail Privilege Escalation Vulnerability
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2004-09-20
David Watson has reported a vulnerability in getmail, which can be
exploited by malicious, local users to gain escalated privileges.
Full Advisory:
http://secunia.com/advisories/12594/
[SA12591] Gentoo update for foomatic
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2004-09-21
Gentoo has issued an update for foomatic. This fixes a vulnerability,
which can be exploited by malicious, local users to gain escalated
privileges.
Full Advisory:
http://secunia.com/advisories/12591/
[SA12567] Mandrake update for printer-drivers
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2004-09-16
MandrakeSoft has issued an update for printer-drivers. This fixes a
vulnerability, which can be exploited by malicious, local users to gain
escalated privileges.
Full Advisory:
http://secunia.com/advisories/12567/
Other:
[SA12601] SMC Broadband Routers Session Handling Security Bypass
Critical: Less critical
Where: From local network
Impact: Security Bypass
Released: 2004-09-20
Jimmy Scott has reported a vulnerability in SMC broadband routers,
which can be exploited by malicious people to bypass certain security
restrictions.
Full Advisory:
http://secunia.com/advisories/12601/
Cross Platform:
[SA12633] Apache "Satisfy" Directive Access Control Bypass Security
Issue
Critical: Moderately critical
Where: From remote
Impact: Security Bypass
Released: 2004-09-23
A security issue has been reported in Apache, which may allow malicious
people to bypass configured access controls.
Full Advisory:
http://secunia.com/advisories/12633/
[SA12606] TUTOS SQL Injection and Cross-Site Scripting Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting, Manipulation of data
Released: 2004-09-21
Joxean Koret has reported some vulnerabilities, which can be exploited
to conduct SQL injection and cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/12606/
[SA12597] ReMOSitory "filecatid" SQL Injection Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2004-09-20
khoai has reported a vulnerability in the ReMOSitory add-on for Mambo,
which can be exploited by malicious people to conduct SQL injection
attacks.
Full Advisory:
http://secunia.com/advisories/12597/
[SA12593] YaBB Cross-Site Scripting and Security Bypass
Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Security Bypass, Cross Site Scripting
Released: 2004-09-21
GulfTech Security has discovered two vulnerabilities in YaBB, which can
be exploited by malicious people to conduct cross-site scripting attacks
and bypass certain security restrictions.
Full Advisory:
http://secunia.com/advisories/12593/
[SA12590] Snitz Forums 2000 HTTP Response Splitting Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting
Released: 2004-09-20
Maestro has reported a vulnerability in Snitz Forums 2000, which can be
exploited by malicious people to conduct script insertion and cross-site
scripting attacks.
Full Advisory:
http://secunia.com/advisories/12590/
[SA12569] SnipSnap HTTP Response Splitting Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting
Released: 2004-09-20
Maestro De-Seguridad has reported a vulnerability has been reported in
SnipSnap, which can be exploited by malicious people to conduct script
insertion and cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/12569/
[SA12561] MyServer Directory Traversal Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Exposure of system information, Exposure of sensitive
information
Released: 2004-09-16
Arnaud Jacques has reported a vulnerability in MyServer, which can be
exploited by malicious people to access sensitive information.
Full Advisory:
http://secunia.com/advisories/12561/
[SA12560] PHP Memory Leak and Arbitrary File Location Upload
Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Exposure of sensitive information, System access
Released: 2004-09-18
Two vulnerabilities have been reported in PHP, which can be exploited
by malicious people to disclose sensitive information or potentially
compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/12560/
[SA12621] Subversion "mod_authz_svn" Unreadable Path Information
Disclosure
Critical: Less critical
Where: From remote
Impact: Exposure of system information, Exposure of sensitive
information
Released: 2004-09-23
A security issue has been reported in Subversion, which can be
exploited by malicious people to disclose potentially sensitive
information.
Full Advisory:
http://secunia.com/advisories/12621/
[SA12609] YaBB Input Validation Vulnerabilities
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting, Manipulation of data
Released: 2004-09-22
Two vulnerabilities have been reported in YaBB, which can be exploited
to conduct cross-site scripting attacks and manipulate certain files.
Full Advisory:
http://secunia.com/advisories/12609/
[SA12580] Mozilla / Mozilla Firefox Cross-Domain Cookie Injection
Vulnerability
Critical: Less critical
Where: From remote
Impact: Hijacking
Released: 2004-09-18
WESTPOINT has reported a vulnerability in Mozilla / Mozilla Firefox,
which potentially can be exploited by malicious people to conduct
session fixation attacks.
Full Advisory:
http://secunia.com/advisories/12580/
[SA12604] Symantec ON Command CCM Default Database Administrator
Accounts
Critical: Less critical
Where: From local network
Impact: Security Bypass
Released: 2004-09-22
Jonas Olsson has reported a security issue in ON Command CCM, which can
be exploited by malicious people to access sensitive information.
Full Advisory:
http://secunia.com/advisories/12604/
[SA12620] CA UniCenter Management Portal Username Disclosure Weakness
Critical: Not critical
Where: From local network
Impact: Exposure of system information
Released: 2004-09-22
Thomas Adams has reported a weakness in UniCenter Management Portal,
which can be exploited by malicious people to disclose system
information.
Full Advisory:
http://secunia.com/advisories/12620/
