New User? Need help? Click here to register for free! Registering removes the advertisements.

Computer Cops
image image image image image image image image
Donations
If you found this site helpful, please donate to help keep it online
Don't want to use PayPal? Try our physical address
image
Prime Choice
· Head Lines
· Advisories (All)
· Dnld of the Week!
· CCSP News Ltrs
· Find a Cure!

· Ian T's (AR 23)
· Marcia's (CO8)
· Bill G's (CO11)
· Paul's (AR 5)
· Robin's (AR 2)

· Ian T's Archive
· Marcia's Archive
· Bill G's Archive
· Paul's Archive
· Robin's Archive
image
Security Central
· Home
· Wireless
· Bookmarks
· CLSID
· Columbia
· Community
· Downloads
· Encyclopedia
· Feedback (send)
· Forums
· Gallery
· Giveaways
· HijackThis
· Journal
· Members List
· My Downloads
· PremChat
· Premium
· Private Messages
· Proxomitron
· Quizz
· RegChat
· Reviews
· Google Search
· Sections
· Software
· Statistics
· Stories Archive
· Submit News
· Surveys
· Top
· Topics
· Web Links
· Your Account
image
CCSP Toolkit
· Email Virus Scan
· UDP Port Scanner
· TCP Port Scanner
· Trojan TCP Scan
· Reveal Your IP
· Algorithms
· Whois
· nmap port scanner
· IPs Banned [?]
image
Survey
How much can you give to keep Computer Cops online?

$10 up to $25 per year?
$25 up to $50 per year?
$10 up to $25 per month?
$25 up to $50 per month?
More than $50 per year?
More than $50 per month?
One time only?
Other (please comment)



Results
Polls

Votes: 1015
Comments: 21
image
Translate
English German French
Italian Portuguese Spanish
Chinese Greek Russian
image
image cybsec: Weekly Summaries: The Secunia Weekly Advisory image
Cyber Security

The Secunia Weekly Advisory Summary





2004-03-11 - 2004-03-18
This week : 53 advisories

Table of Contents:

1.....................................................Word From Secunia
2....................................................This Week In Brief
3...............................This Weeks Top Ten Most Read Advisories
4.......................................Vulnerabilities Summary Listing
5.......................................Vulnerabilities Content Listing

========================================================================
1) Word From Secunia:

The Secunia staff is spending hours every day to assure you the best
and most reliable source for vulnerability information. Every single
vulnerability report is being validated and verified before a Secunia
advisory is written.

Secunia validates and verifies vulnerability reports in many different
ways e.g. by downloading the software and performing comprehensive
tests, by reviewing source code, or by validating the credibility of
the source from which the vulnerability report was issued.

As a result, Secunia's database is the most correct and complete source
for recent vulnerability information available on the Internet.

Secunia Online Vulnerability Database:
http://secunia.com/

========================================================================
2) This Week in Brief:

New OpenSSL packages have been released to address 3 different
vulnerabilities, which can be exploited to cause a Denial of Service
on vulnerable systems.

Many vendors have already updated their products. However, many other
vendors will propably also issue updates for their products within a
short time. Please refer to http://secunia.com for further information
regarding updates for your products.

The initial Secunia advisory regarding the vulnerabilities in OpenSSL
is referenced below.

Reference:
http://secunia.com/SA11139


A vulnerability was reported in the popular FTP client WS_FTP Pro,
which could be exploited by a malicious FTP server to compromise a
connected client.

Currently, no solution is available from the vendor.

Reference:
http://secunia.com/SA11136


Security Research Luigi Auriemma has reported a vulnerability in the
Unreal Engine from Epic Games. The Unreal Engine is used in many
multi player games from different vendors, many games may be affected
by this vulnerability. Please refer to referenced Secunia Advisory for
more information about possible affected games.

Reference:
http://secunia.com/SA11108

========================================================================
3) This Weeks Top Ten Most Read Advisories:

1. [SA10395] Internet Explorer URL Spoofing Vulnerability
2. [SA11111] cPanel Password Reset Command Injection Vulnerability
3. [SA11139] OpenSSL SSL/TLS Handshake Denial of Service
Vulnerabilities
4. [SA11046] Norton AntiVirus 2002 Virus Detection Bypass Issue
5. [SA10736] Internet Explorer File Download Extension Spoofing
6. [SA11127] SPIP forum.php3 PHP Code Injection Vulnerability
7. [SA11119] Novell Groupwise WebAccess Insecure Default Configuration
8. [SA11124] cPanel Login Command Injection Vulnerability
9. [SA11092] Apache mod_ssl HTTP Request Denial of Service
Vulnerability
10. [SA10706] Serv-U FTP Server SITE CHMOD Command Buffer Overflow
Vulnerability

========================================================================
4) Vulnerabilities Summary Listing

Windows:
[SA11159] GlobalSCAPE Secure FTP Server SITE Command Vulnerability
[SA11136] WS_FTP Pro Directory Listing Buffer Overflow Vulnerability
[SA11132] Macromedia ColdFusion MX / JRun SOAP Request Denial of
Service
[SA11120] AntiGen for Domino Encrypted Zip File Denial of Service
[SA11131] CA Unicenter TNG Daemons Buffer Overflow Vulnerabilities
[SA11143] IBM Lotus Domino Server Quick Console Cross-Site Scripting

UNIX/Linux:
[SA11124] cPanel Login Command Injection Vulnerability
[SA11155] Red Hat update for Mozilla
[SA11154] OpenBSD update for OpenSSL
[SA11153] Gentoo update for OpenSSL
[SA11152] Slackware update for OpenSSL
[SA11151] Debian update for OpenSSL
[SA11150] FreeBSD update for OpenSSL
[SA11149] Mandrake update for OpenSSL
[SA11148] EnGarde update for OpenSSL
[SA11147] Red Hat update for OpenSSL
[SA11146] SuSE update for OpenSSL
[SA11144] Red Hat update for OpenSSL
[SA11125] OpenPKG update for uudeview
[SA11103] Mandrake update for Mozilla
[SA11116] OpenBSD update for httpd
[SA11113] Chaogic Systems vHost Unspecified Cross-Site Scripting
Vulnerability
[SA11123] Macromedia Multiple Products Privilege Escalation
Vulnerability
[SA11117] Debian update for samba
[SA11115] Debian update for xitalk
[SA11114] xitalk Privilege Escalation Vulnerability
[SA11109] Debian update for Calife
[SA11107] Debian update for sysstat
[SA11106] Red Hat update for sysstat
[SA11105] Sysstat Insecure Temporary File Creation Vulnerability
[SA11137] Debian update for gdk-pixbuf
[SA11104] Red Hat update for nfs-utils

Other:
[SA11119] Novell Groupwise WebAccess Insecure Default Configuration

Cross Platform:
[SA11134] 4nAlbum Multiple Vulnerabilities
[SA11127] SPIP forum.php3 PHP Code Injection Vulnerability
[SA11118] Oracle Web Cache Unspecified Client Request Handling
Vulnerabilities
[SA11111] cPanel Password Reset Command Injection Vulnerability
[SA11108] Unreal Engine Class Name Format String Vulnerability
[SA11145] Cisco Multiple Products OpenSSL Denial of Service
Vulnerability
[SA11141] Fizmez Web Server Connection Denial of Service Vulnerability
[SA11140] Mambo Cross Site Scripting and SQL Injection Vulnerabilities
[SA11139] OpenSSL SSL/TLS Handshake Denial of Service Vulnerabilities
[SA11138] mod_security POST Request Processing Off-By-One
Vulnerability
[SA11133] 4nGuestbook x Parameter SQL Injection and Cross-Site
Scripting
[SA11130] Sun Java System Application Server SOAP Request Denial of
Service
[SA11122] Pegasi Web Server Directory Traversal and Cross-Site
Scripting
[SA11121] phpBB SQL Injection and Cross Site Scripting Vulnerabilities
[SA11112] CFWebstore SQL Injection and Cross-Site Scripting
Vulnerabilities
[SA11126] HP Web Based Management Anonymous Certificate Upload
Vulnerability
[SA11142] vBulletin Cross-Site Scripting Vulnerabilities
[SA11135] PHP-Nuke Cross Site Scripting Vulnerabilities
[SA11128] YaBB / YaBB SE Formatting Tag Cross-Site Scripting
Vulnerability
[SA11110] Emumail Webmail Cross Site Scripting Vulnerability

========================================================================
5) Vulnerabilities Content Listing

Windows:--

[SA11159] GlobalSCAPE Secure FTP Server SITE Command Vulnerability

Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2004-03-18

STORM has reported a vulnerability in GlobalSCAPE Secure FTP Server,
which can be exploited by malicious users to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/11159/

--

[SA11136] WS_FTP Pro Directory Listing Buffer Overflow Vulnerability

Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2004-03-17

A vulnerability has been reported in WS_FTP Pro, which can be exploited
by malicious people to cause a DoS (Denial-of-Service) on the
application and potentially compromise a user's system.

Full Advisory:
http://secunia.com/advisories/11136/

--

[SA11132] Macromedia ColdFusion MX / JRun SOAP Request Denial of
Service

Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2004-03-16

Amit Klein has discovered a vulnerability in ColdFusion MX and JRun,
which can be exploited by malicious people to cause a DoS
(Denial-of-Service).

Full Advisory:
http://secunia.com/advisories/11132/

--

[SA11120] AntiGen for Domino Encrypted Zip File Denial of Service

Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2004-03-15

A vulnerability has been reported in AntiGen for Domino, which can be
exploited by malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/11120/

--

[SA11131] CA Unicenter TNG Daemons Buffer Overflow Vulnerabilities

Critical: Moderately critical
Where: From local network
Impact: System access
Released: 2004-03-16

Dave Aitel of Immunity has reported some vulnerabilities in CA
Unicenter TNG, which can be exploited by malicious people to compromise
a vulnerable system.

Full Advisory:
http://secunia.com/advisories/11131/

--

[SA11143] IBM Lotus Domino Server Quick Console Cross-Site Scripting

Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2004-03-17

Dr_insane has reported a vulnerability in IBM Lotus Domino, which can
be exploited by malicious people to conduct cross-site scripting
attacks.

Full Advisory:
http://secunia.com/advisories/11143/


UNIX/Linux:--

[SA11124] cPanel Login Command Injection Vulnerability

Critical: Highly critical
Where: From remote
Impact: System access
Released: 2004-03-15

Arab VieruZ has reported a vulnerability in cPanel, allowing malicious
people to execute certain system commands on a vulnerable system.

Full Advisory:
http://secunia.com/advisories/11124/

--

[SA11155] Red Hat update for Mozilla

Critical: Moderately critical
Where: From remote
Impact: Security Bypass, Cross Site Scripting, DoS, System access
Released: 2004-03-18

Red Hat has issued updated packages for mozilla, which fixes various
vulnerabilities.

Full Advisory:
http://secunia.com/advisories/11155/

--

[SA11154] OpenBSD update for OpenSSL

Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2004-03-18

OpenBSD has issued a patch for OpenSSL. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS
(Denial-of-Service).

Full Advisory:
http://secunia.com/advisories/11154/

--

[SA11153] Gentoo update for OpenSSL

Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2004-03-18

Gentoo has issued updated packages for OpenSSL. These fix three
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial-of-Service).

Full Advisory:
http://secunia.com/advisories/11153/

--

[SA11152] Slackware update for OpenSSL

Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2004-03-18

Slackware has issued updated packages for OpenSSL. These fix two
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial-of-Service).

Full Advisory:
http://secunia.com/advisories/11152/

--

[SA11151] Debian update for OpenSSL

Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2004-03-18

Debian has issued updated packages for OpenSSL. These fix two
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial-of-Service).

Full Advisory:
http://secunia.com/advisories/11151/

--

[SA11150] FreeBSD update for OpenSSL

Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2004-03-18

FreeBSD has issued a patch for OpenSSL. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS
(Denial-of-Service).

Full Advisory:
http://secunia.com/advisories/11150/

--

[SA11149] Mandrake update for OpenSSL

Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2004-03-18

MandrakeSoft has issued updated packages for OpenSSL. These fix two
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial-of-Service).

Full Advisory:
http://secunia.com/advisories/11149/

--

[SA11148] EnGarde update for OpenSSL

Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2004-03-18

Guardian Digital has issued updated packages for OpenSSL. These fix two
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial-of-Service).

Full Advisory:
http://secunia.com/advisories/11148/

--

[SA11147] Red Hat update for OpenSSL

Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2004-03-18

Red Hat has issued updated packages for OpenSSL. These fix three
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial-of-Service).

Full Advisory:
http://secunia.com/advisories/11147/

--

[SA11146] SuSE update for OpenSSL

Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2004-03-18

SuSE has issued updated packages for OpenSSL. These fix two
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial-of-Service).

Full Advisory:
http://secunia.com/advisories/11146/

--

[SA11144] Red Hat update for OpenSSL

Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2004-03-17

Red Hat has issued updated packages for OpenSSL. These fix two
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial-of-Service).

Full Advisory:
http://secunia.com/advisories/11144/

--

[SA11125] OpenPKG update for uudeview

Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2004-03-15

OpenPKG has issued updated packages for uudeview. These fix a
vulnerability, which potentially can be exploited by malicious people
to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/11125/

--

[SA11103] Mandrake update for Mozilla

Critical: Moderately critical
Where: From remote
Impact: Security Bypass, Exposure of sensitive information, DoS,
System access
Released: 2004-03-11

MandrakeSoft has issued updated packages for Mozilla. These fix various
older vulnerabilities, which can be exploited by malicious people to
disclose users' proxy server credentials, bypass certain cookie path
restrictions, cause a DoS (Denial of Service), and potentially
compromise a user's system.

Full Advisory:
http://secunia.com/advisories/11103/

--

[SA11116] OpenBSD update for httpd

Critical: Less critical
Where: From remote
Impact: Security Bypass
Released: 2004-03-15

OpenBSD has issued patches for httpd. These fix a vulnerability, which
can be exploited by malicious people to bypass certain restrictions on
sparc64 systems.

Full Advisory:
http://secunia.com/advisories/11116/

--

[SA11113] Chaogic Systems vHost Unspecified Cross-Site Scripting
Vulnerability

Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2004-03-12

An unspecified vulnerability has been reported in Chaogic Systems
vHost, which can be exploited by malicious people to conduct
cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/11113/

--

[SA11123] Macromedia Multiple Products Privilege Escalation
Vulnerability

Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2004-03-15

Chris Irvine has discovered a vulnerability in Macromedia MX 2004
products, which can be exploited by malicious, local users to escalate
their privileges.

Full Advisory:
http://secunia.com/advisories/11123/

--

[SA11117] Debian update for samba

Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2004-03-15

Debian has issued updated packages for Samba. These fix a
vulnerability, which can be exploited by malicious, local users to gain
escalated privileges.

Full Advisory:
http://secunia.com/advisories/11117/

--

[SA11115] Debian update for xitalk

Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2004-03-12

Debian has issued updated packages for xitalk. These fix a
vulnerability, which can be exploited by malicious, local users to gain
group utmp privileges on a vulnerable system.

Full Advisory:
http://secunia.com/advisories/11115/

--

[SA11114] xitalk Privilege Escalation Vulnerability

Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2004-03-12

Steve Kemp has reported a vulnerability in xitalk, which can be
exploited by malicious, local users to gain escalated privileges.

Full Advisory:
http://secunia.com/advisories/11114/

--

[SA11109] Debian update for Calife

Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2004-03-12

Debian has issued updated packages for Calife. These fix a
vulnerability, which potentially can be exploited by malicious, local
users to escalate their privileges on a vulnerable system.

Full Advisory:
http://secunia.com/advisories/11109/

--

[SA11107] Debian update for sysstat

Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2004-03-11

Debian has issued updated packages for sysstat. These fix a
vulnerability, which can be exploited by malicious, local users to gain
escalated privileges.

Full Advisory:
http://secunia.com/advisories/11107/

--

[SA11106] Red Hat update for sysstat

Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2004-03-11

Red Hat has issued updated packages for sysstat. These fix a
vulnerability, allowing malicious local users to escalate their
privileges.

Full Advisory:
http://secunia.com/advisories/11106/

--

[SA11105] Sysstat Insecure Temporary File Creation Vulnerability

Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2004-03-11

A vulnerability has been discovered in sysstat, which can be exploited
by malicious, local users to escalate their privileges.

Full Advisory:
http://secunia.com/advisories/11105/

--

[SA11137] Debian update for gdk-pixbuf

Critical: Not critical
Where: From remote
Impact: DoS
Released: 2004-03-16

Debian has issued updated packages for gdk-pixbuf. These fix a
vulnerability, which can be exploited by malicious people to crash
certain applications like Evolution on a vulnerable system.

Full Advisory:
http://secunia.com/advisories/11137/

--

[SA11104] Red Hat update for nfs-utils

Critical: Not critical
Where: From local network
Impact: DoS
Released: 2004-03-11

Red Hat has issued updated packages for nfs-utils. These fix a
vulnerability, which can be exploited by malicious people to crash
rpc.mountd.

Full Advisory:
http://secunia.com/advisories/11104/


Other:--

[SA11119] Novell Groupwise WebAccess Insecure Default Configuration

Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2004-03-15

A security issue has been reported in GroupWise 6 and 6.5 WebAccess,
which potentially can be exploited by malicious people to gain
unauthorised access to a vulnerable server.

Full Advisory:
http://secunia.com/advisories/11119/


Cross Platform:--

[SA11134] 4nAlbum Multiple Vulnerabilities

Critical: Highly critical
Where: From remote
Impact: Cross Site Scripting, Manipulation of data, Exposure of
sensitive information, System access
Released: 2004-03-16

Janek Vind waraxe has reported some vulnerabilities in 4nAlbum, where
the most critical can be exploited by malicious people to compromise a
vulnerable system.

Full Advisory:
http://secunia.com/advisories/11134/

--

[SA11127] SPIP forum.php3 PHP Code Injection Vulnerability

Critical: Highly critical
Where: From remote
Impact: System access
Released: 2004-03-15

SIMON Baptiste has discovered a vulnerability in SPIP, allowing
malicious people to inject arbitrary PHP code.

Full Advisory:
http://secunia.com/advisories/11127/

--

[SA11118] Oracle Web Cache Unspecified Client Request Handling
Vulnerabilities

Critical: Highly critical
Where: From remote
Impact:
Released: 2004-03-15

Oracle has reported that multiple vulnerabilities have been discovered
in Oracle Web Cache.

Full Advisory:
http://secunia.com/advisories/11118/

--

[SA11111] cPanel Password Reset Command Injection Vulnerability

Critical: Highly critical
Where: From remote
Impact: System access
Released: 2004-03-12

Arab VieruZ has discovered a vulnerability in cPanel, allowing
malicious people to execute certain system commands on a vulnerable
system.

Full Advisory:
http://secunia.com/advisories/11111/

--

[SA11108] Unreal Engine Class Name Format String Vulnerability

Critical: Highly critical
Where: From remote
Impact: System access
Released: 2004-03-11

Luigi Auriemma has reported a vulnerability in the Unreal engine, which
can be exploited by malicious people to cause a DoS (Denial of Service)
and potentially compromise a vulnerable server.

Full Advisory:
http://secunia.com/advisories/11108/

--

[SA11145] Cisco Multiple Products OpenSSL Denial of Service
Vulnerability

Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2004-03-17

Cisco has confirmed a vulnerability in various products, which can be
exploited by malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/11145/

--

[SA11141] Fizmez Web Server Connection Denial of Service Vulnerability

Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2004-03-17

Donato Ferrante has reported a vulnerability in Fizmez Web Server,
which can be exploited by malicious people to cause a DoS
(Denial-of-Service).

Full Advisory:
http://secunia.com/advisories/11141/

--

[SA11140] Mambo Cross Site Scripting and SQL Injection Vulnerabilities

Critical: Moderately critical
Where: From remote
Impact: Exposure of system information, Exposure of sensitive
information, Manipulation of data, Cross Site Scripting
Released: 2004-03-17

JeiAr has discovered some vulnerabilities in Mambo, allowing malicious
people to conduct SQL injection and Cross Site Scripting attacks.

Full Advisory:
http://secunia.com/advisories/11140/

--

[SA11139] OpenSSL SSL/TLS Handshake Denial of Service Vulnerabilities

Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2004-03-17

Three vulnerabilities have been discovered in OpenSSL, which can be
exploited by malicious people to cause a DoS (Denial-of-Service).

Full Advisory:
http://secunia.com/advisories/11139/

--

[SA11138] mod_security POST Request Processing Off-By-One
Vulnerability

Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2004-03-17

Evgeny Legerov has discovered a vulnerability in mod_security, which
can be exploited by malicious people to cause a DoS (Denial-of-Service)
and potentially compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/11138/

--

[SA11133] 4nGuestbook x Parameter SQL Injection and Cross-Site
Scripting

Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2004-03-16

Janek Vind waraxe has reported a vulnerability in 4nGuestbook,
allowing malicious people to conduct SQL injection and Cross Site
Scripting attacks.

Full Advisory:
http://secunia.com/advisories/11133/

--

[SA11130] Sun Java System Application Server SOAP Request Denial of
Service

Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2004-03-16

Amit Klein has discovered a vulnerability in Sun Java System
Application Server, which can be exploited by malicious people to cause
a DoS (Denial-of-Service).

Full Advisory:
http://secunia.com/advisories/11130/

--

[SA11122] Pegasi Web Server Directory Traversal and Cross-Site
Scripting

Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting, Exposure of system information,
Exposure of sensitive information
Released: 2004-03-15

Donato Ferrante has discovered some vulnerabilities in Pegasi Web
Server, which can be exploited to conduct cross-site scripting and
directory traversal attacks.

Full Advisory:
http://secunia.com/advisories/11122/

--

[SA11121] phpBB SQL Injection and Cross Site Scripting Vulnerabilities

Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting, Manipulation of data
Released: 2004-03-15

Some vulnerabilities have been reported in phpBB, allowing malicious
people to conduct Cross Site Scripting and SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/11121/

--

[SA11112] CFWebstore SQL Injection and Cross-Site Scripting
Vulnerabilities

Critical: Moderately critical
Where: From remote
Impact: Security Bypass, Cross Site Scripting, Manipulation of
data, Exposure of system information, Exposure of sensitive
information
Released: 2004-03-12

Nick Gudov has reported some vulnerabilities in CFWebstore, which can
be exploited by malicious people to conduct cross-site scripting and
SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/11112/

--

[SA11126] HP Web Based Management Anonymous Certificate Upload
Vulnerability

Critical: Moderately critical
Where: From local network
Impact: System access
Released: 2004-03-15

Dave Aitel has discovered a vulnerability in HP HTTP server, allowing
malicious people to gain access to administrative functions.

Full Advisory:
http://secunia.com/advisories/11126/

--

[SA11142] vBulletin Cross-Site Scripting Vulnerabilities

Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2004-03-17

JeiAr has reported some vulnerabilities in vBulletin, which can be
exploited by malicious people to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/11142/

--

[SA11135] PHP-Nuke Cross Site Scripting Vulnerabilities

Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2004-03-16

Janek Vind waraxe has reported some vulnerabilities in PHP-Nuke,
allowing malicious people to conduct Cross Site Scripting attacks.

Full Advisory:
http://secunia.com/advisories/11135/

--

[SA11128] YaBB / YaBB SE Formatting Tag Cross-Site Scripting
Vulnerability

Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2004-03-16

Cheng Peng Su has reported a vulnerability in YaBB and YaBB SE,
allowing malicious people to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/11128/

--

[SA11110] Emumail Webmail Cross Site Scripting Vulnerability

Critical: Less critical
Where: From remote
Impact: Cross Site Scripting, Exposure of sensitive information
Released: 2004-03-12

Dr_insane has reported some vulnerabilities in Emumail Webmail,
allowing malicious people to conduct Cross Site Scripting attacks and
see the installation path.

Full Advisory:
http://secunia.com/advisories/11110/



========================================================================

Secunia recommends that you verify all advisories you receive,
by clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only use
those supplied by the vendor.

Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/

Subscribe:
http://secunia.com/secunia_weekly_summary/

Contact details:
Web : http://secunia.com/
E-mail : [email protected]
Tel : +45 70 20 51 44
Fax : +45 70 20 51 45

Posted on Thursday, 18 March 2004 @ 11:08:25 EST by phoenix22
image

 
Login
Nickname

Password

· New User? ·
Click here to create a registered account.
image
Related Links
· TrackBack (0)
· Linux.com
· IBM
· PHP HomePage
· MandrakeSoft
· Red Hat
· Debian GNU/Linux
· Slackware
· FreeBSD
· Linux Games
· Microsoft
· PHP-Nuke
· SuSE
· HotScripts
· Apache Web Server
· W3 Consortium
· Oracle
· Mozilla
· Hewlett Packard
· More about Cyber Security
· News by phoenix22


Most read story about Cyber Security:
Booby Trapped software!

image
Article Rating
Average Score: 4
Votes: 1


Please take a second and vote for this article:

Bad
Regular
Good
Very Good
Excellent


image
Options

Printer Friendly Page  Printer Friendly Page

image
"Login" | Login/Create an Account | 0 comments
Threshold
The comments are owned by the poster. We aren't responsible for their content.

No Comments Allowed for Anonymous, please register