Jump to content

SUBIECTE NOI
« 1 / 5 »
RSS
Telefonul Oppo a74 mi-a blocat ca...

A inviat Mudava

Import china alibaba

Facultate
 Vouchere de vacanta

Cand One United nu mai vand isi v...

Mandolina feliat legume

Atestat consilier de siguranta
 alarma auto Autowatch 346 RLI

Ce se intampla cu actualii tineri...

Descifrare reteta

Zapp fix
 Rulment pt diferential 4motion

Lipire filtru la baterie ikea

Meserias nu mai vine sa termine l...

Soferii prinsi bauti sau drogati ...
 

Weekly Security Alerts - Bulletin

- - - - -
  • Please log in to reply
10 replies to this topic

#1
Bitch_in_Red

Bitch_in_Red

    Senior Member

  • Grup: Senior Members
  • Posts: 3,271
  • Înscris: 07.05.2004
As putea furniza acest tip de informatie saptamanal.
Daca considerati ca nu este utila, va rog sa nu dati nici un reply si am sa opresc update-ul.
Thank you & have a nice & safe weekend!


Virus/Worms/Trojans:
NEW MCID 3519 (SEVERITY 9.9)  (RISK 2): W32.Spybot.DNC
NEW MCID 3518 (SEVERITY 8.4)  (RISK 2): W32.Randex.JC
NEW MCID 3517 (SEVERITY 9.7)  (RISK 2): W32.Spybot.DNB
NEW MCID 3515 (SEVERITY 5.5)  (RISK 1): W32.HLLW.Zusha
NEW MCID 3514 (SEVERITY 7.3)  (RISK 1): Backdoor.Nemog.C
NEW MCID 3513 (SEVERITY 6)  (RISK 1): W32.Sykel
NEW MCID 3512 (SEVERITY 1)  (RISK 1): Trojan.Kreol
UPDATED MCID 3511 (SEVERITY 9.2)  (RISK 2): Backdoor.Sdbot.MD
NEW MCID 3510 (SEVERITY 9.6)  (RISK 2): Backdoor.SDbot.MB
NEW MCID 3509 (SEVERITY 8.4)  (RISK 1): Backdoor.IRC.Lazz
UPDATED MCID 3508 (SEVERITY 8.9)  (RISK 2): W32.Mydoom.V@mm
UPDATED MCID 3504 (SEVERITY 8.9)  (RISK 2): W32.Mydoom.U1@mm
NEW MCID 3520 (SEVERITY 9.6)  (RISK 1): Backdoor.Sdbot.AA
NEW MCID 3521 (SEVERITY 8.6)  (RISK 2): W32.Alizado
NEW MCID 3522 (SEVERITY 1)  (RISK 1): Trojan.Webus
NEW MCID 3523 (SEVERITY 4.5)  (RISK 1): Trojan.Linux.Rooted
NEW MCID 3524 (SEVERITY 6.6)  (RISK 2): W32.Mydoom.W@mm
NEW MCID 3526 (SEVERITY 9.4)  (RISK 2): W32.Forbot.V
NEW MCID 3533 (SEVERITY 8.5)  (RISK 2): Backdoor.Sdbot.LY
NEW MCID 3532 (SEVERITY 9.5)  (RISK 2): W32.Mydoom.AB@mm
NEW MCID 3531 (SEVERITY 4.8)  (RISK 1): Backdoor.Agent.CO
NEW MCID 3530 (SEVERITY 7.6)  (RISK 2): VBS.Vabi@mm
NEW MCID 3528 (SEVERITY 1)  (RISK 1): Hacktool.IPCscan
NEW MCID 3527 (SEVERITY 4.5)  (RISK 1): Downloader.OO
NEW MCID 3525 (SEVERITY 9.9)  (RISK 2): W32.Spybot.CYM
UPDATED MCID 3524 (SEVERITY 6.6)  (RISK 2): W32.Mydoom.W@mm
NEW MCID 3539 (SEVERITY 9.3)  (RISK 2): Backdoor.Sdbot.PG
NEW MCID 3538 (SEVERITY 5.8)  (RISK 2): W32.Mydoom.Y@mm
NEW MCID 3537 (SEVERITY 4.8)  (RISK 1): Backdoor.Nemog.D
NEW MCID 3535 (SEVERITY 8.7)  (RISK 1): W32.Mexer.E@mm
NEW MCID 3534 (SEVERITY 8.6)  (RISK 1): Backdoor.Sdbot.AB
UPDATED MCID 3532 (SEVERITY 9.5)  (RISK 2): W32.Mydoom.AB@mm
NEW MCID 3546 (SEVERITY 8.4)  (RISK 2): Backdoor.Sdbot.PJ
NEW MCID 3545 (SEVERITY 4.6)  (RISK 1): Backdoor.CIM
NEW MCID 3544 (SEVERITY 8.6)  (RISK 2): Backdoor.Sdbot.PI
NEW MCID 3543 (SEVERITY 9.5)  (RISK 1): Backdoor.Sdbot.VQ
NEW MCID 3541 (SEVERITY 8.7)  (RISK 2): W32.Randex.JR
NEW MCID 3540 (SEVERITY 4.6)  (RISK 1): Trojan.Anits
UPDATED MCID 3532 (SEVERITY 9.5)  (RISK 2): W32.Mydoom.AB@mm

Microsoft:
UPDATED BID 11173 (SEVERITY 9.4)  (URGENCY 7.8): Microsoft GDI+ Library JPEG Segment Length Integer Underflow Vulnerability
UPDATED BID 11172 (SEVERITY 9.4)  (URGENCY 7.8): Microsoft WordPerfect Converter Remote Buffer Overflow Vulnerability
NEW BID 11186 (SEVERITY 6.7)  (URGENCY 7.9): Multiple Browser Cross-Domain Cookie Injection Vulnerability
UPDATED BID 11199 (SEVERITY 7.5)  (URGENCY 7.4): IBM OEM Microsoft Windows XP And Windows XP SP1 Default Administration Account Vulnerability
NEW BID 11200 (SEVERITY 5.6)  (URGENCY 6.1): Microsoft Internet Explorer User Security Confirmation Bypass Vulnerability
NEW BID 11202 (SEVERITY 6.1)  (URGENCY 6.1): Microsoft Windows XP Explorer.EXE TIFF Image Denial of Service Vulnerability

UNIX:
UPDATED BID 11079 (SEVERITY 8.4)  (URGENCY 7.2): MIT Kerberos 5 ASN.1 Decoder Denial Of Service Vulnerability
UPDATED BID 11078 (SEVERITY 10)  (URGENCY 8.2): MIT Kerberos 5 Multiple Double-Free Vulnerabilities
UPDATED BID 10448 (SEVERITY 7)  (URGENCY 6.3): MIT Kerberos 5 KRB5_AName_To_Localname Multiple Principal Name Buffer Overrun Vulnerabilities
UPDATED BID 8986 (SEVERITY 7.5)  (URGENCY 6.6): HP-UX Software Distributor Lang Environment Variable Local Buffer Overrun Vulnerability
UPDATED BID 8985 (SEVERITY 7.5)  (URGENCY 8): HP-UX NLSPATH Environment Variable Format String Vulnerability
UPDATED BID 10781 (SEVERITY 7)  (URGENCY 6.3): Samba Filename Mangling Method Buffer Overrun Vulnerability

Applications/Programs:
UPDATED BID 10871 (SEVERITY 10)  (URGENCY 9.6): Oracle Multiple Unspecified Vulnerabilities
UPDATED BID 10875 (SEVERITY 8.3)  (URGENCY 7.1): Mozilla Browser/Thunderbird SendUIDL POP3 Message Handling Remote Heap Overflow Vulnerability
UPDATED BID 11169 (SEVERITY 7.8)  (URGENCY 6.8): Mozilla Browser Non-ASCII Hostname Heap Overflow Vulnerability
UPDATED BID 11171 (SEVERITY 7.2)  (URGENCY 6.4): Mozilla Browser BMP Image Decoding Multiple Integer Overflow Vulnerabilities
UPDATED BID 11174 (SEVERITY 7.2)  (URGENCY 6.4): Mozilla Browser Vcard Handling Remote Buffer Overflow Vulnerability
UPDATED BID 11177 (SEVERITY 8.3)  (URGENCY 8.5): Mozilla/Firefox Browsers URI Drag And Drop Cross-Domain Scripting Vulnerability
UPDATED BID 11179 (SEVERITY 7.8)  (URGENCY 8.2): Mozilla/Firefox Browsers Unauthorized Clipboard Contents Disclosure
UPDATED BID 11181 (SEVERITY 7.5)  (URGENCY 7.6): McAfee VirusScan System Scan Local Privilege Escalation Vulnerability
NEW BID 11188 (SEVERITY 8.4)  (URGENCY 7.2): HP Web Jetadmin Unspecified Arbitrary Command Execution Vulnerability
UPDATED BID 9973 (SEVERITY 7.9)  (URGENCY 8.6): HP Web Jetadmin Remote Arbitrary Command Execution Vulnerability
UPDATED BID 11120 (SEVERITY 7.6)  (URGENCY 6.6): Oracle Database 9i SQL Command Buffer Overflow Vulnerability
UPDATED BID 11100 (SEVERITY 9)  (URGENCY 7.6): Oracle Database Server dbms_system.ksdwrt Remote Buffer Overflow Vulnerability
UPDATED BID 11099 (SEVERITY 6.8)  (URGENCY 7.9): Oracle Database Server ctxsys.driload Access Validation Vulnerability
UPDATED BID 11091 (SEVERITY 8.5)  (URGENCY 7.2): Oracle 10g Database DBMS_SCHEDULER Remote Command Execution Vulnerability

Hardware/Firmware:
None

Muliple Vendor/Multiple Platform/Other:
NEW BID 11154 (SEVERITY 5.3)  (URGENCY 6.9): Apache mod_ssl Remote Denial of Service Vulnerability
UPDATED BID 9571 (SEVERITY 6.4)  (URGENCY 5.9): Apache mod_digest Client-Supplied Nonce Verification Vulnerability
UPDATED BID 9921 (SEVERITY 6.2)  (URGENCY 5.7): Apache Connection Blocking Denial Of Service Vulnerability
UPDATED BID 9930 (SEVERITY 6.1)  (URGENCY 7.5): Apache Error Log Escape Sequence Injection Vulnerability
UPDATED BID 9829 (SEVERITY 6.9)  (URGENCY 8): Apache Mod_Access Access Control Rule Bypass Vulnerability
UPDATED BID 10508 (SEVERITY 7.8)  (URGENCY 8.2): Apache Mod_Proxy Remote Negative Content-Length Buffer Overflow Vulnerability
UPDATED BID 11094 (SEVERITY 7.8)  (URGENCY 6.8): Apache mod_ssl Denial Of Service Vulnerability (twice)
UPDATED BID 11154 (SEVERITY 5.3)  (URGENCY 6.9): Apache mod_ssl Remote Denial of Service Vulnerability
UPDATED BID 11182 (SEVERITY 5)  (URGENCY 5): Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
UPDATED BID 11185 (SEVERITY 4.8)  (URGENCY 6.6): Apache Mod_DAV LOCK Denial Of Service Vulnerability (twice)
UPDATED BID 11187 (SEVERITY 10)  (URGENCY 7.2): Apache Web Server Remote IPv6 Buffer Overflow Vulnerability
UPDATED BID 11154 (SEVERITY 5.3)  (URGENCY 6.9): Apache mod_ssl Remote Denial of Service Vulnerability


:vampire:

#2
Daisuke

Daisuke

    Moderator

  • Grup: Senior Members
  • Posts: 2,173
  • Înscris: 19.01.2004
Lady_in_Red,

Cred ca e interesanta lista asta pentru cine vrea sa aiba o imagine de ansamblu si sa stie cat de repede ar trebui sa ia masuri.
Poti preciza sursa ? Si eventual modul cum se calculeaza coeficientii de risc, urgenta, etc ?

#3
Bitch_in_Red

Bitch_in_Red

    Senior Member

  • Grup: Senior Members
  • Posts: 3,271
  • Înscris: 07.05.2004
@cryo:
imi pare rau, dar nu pot preciza sursa; chiar daca as preciza-o nu ai avea accces la ea - sorry.
Cat despre modul in care se calculeaza coeficientii de risc, urgenta, iar nu iti pot da informatii exacte, dar am convingerea ca sunt specificate de catre producatorii respectivi de software/hardware, iar in cazul virusilor de catre McAfee.
Am senzatia ca acesti indici sunt folositori marilor corporatii pentru a lua masurile de protectie adecvate specificului lor precum si pentru a stabili prioritatile in aplicarea diferitelor update-uri. Dupa cum probabil stii nu poti aplica update-uri asupra masinilor care servesc aplicatii publice, fara certitudinea ca acestea nu vor fi afectate sau trebuie decis care risc este mai mic si pe care ti-l asumi temporar...

:vampire:

#4
Daisuke

Daisuke

    Moderator

  • Grup: Senior Members
  • Posts: 2,173
  • Înscris: 19.01.2004

Lady_in_Red, on Sep 20 2004, 15:14, said:

@cryo:
imi pare rau, dar nu pot preciza sursa; chiar daca as preciza-o nu ai avea accces la ea - sorry.

Vroiam sa stiu cat e de incredere si din curiozitate.

Thanks :)

#5
Bitch_in_Red

Bitch_in_Red

    Senior Member

  • Grup: Senior Members
  • Posts: 3,271
  • Înscris: 07.05.2004
...probabil ca este ultimul post avand in vedere ca nu pare a fi util iar unii au dubii cu privire la sursa...
si nici nu vreau sa subliniez ca Unix ar fi la fel de vulnerabil ca Microsoft!


Security Alerts posted Sept 17-24, 2004

Virus/Worms/Trojans:
NEW MCID 3552 (SEVERITY 9.1)  (RISK 3): W32.Beagle.BA@mm
NEW MCID 3551 (SEVERITY 9.5)  (RISK 2): W32.Randex.KZ
NEW MCID 3549 (SEVERITY 8.7)  (RISK 1): W32.Sndog@mm
UPDATED MCID 3538 (SEVERITY 5.8)  (RISK 2): W32.Mydoom.Y@mm
NEW MCID 3547 (SEVERITY 2.8)  (RISK 1): PWSteal.Ibank
NEW MCID 3548 (SEVERITY 5.5)  (RISK 1): W32.Pahac@mm
NEW MCID 3555 (SEVERITY 9.5)  (RISK 2): Backdoor.Sdbot.PK
NEW MCID 3554 (SEVERITY 4.6)  (RISK 1): W32.Sokeven.D
UPDATED MCID 3552 (SEVERITY 9.1)  (RISK 2): W32.Beagle.BA@mm
NEW MCID 3562 (SEVERITY 9)  (RISK 2): W32.Forbot.AG
NEW MCID 3561 (SEVERITY 6.7)  (RISK 1): W32.Myfip.C
NEW MCID 3560 (SEVERITY 10)  (RISK 2): W32.Gaobot.XI
NEW MCID 3558 (SEVERITY 8.4)  (RISK 1): W32.Randin
NEW MCID 3557 (SEVERITY 9.6)  (RISK 1): W32.Donk.S
NEW MCID 3556 (SEVERITY 4.6)  (RISK 2): W32.Snone.A
NEW MCID 3570 (SEVERITY 3.7)  (RISK 1): PWSteal.Revcuss.B
NEW MCID 3569 (SEVERITY 3.7)  (RISK 1): PWSteal.Revcuss.A
NEW MCID 3568 (SEVERITY 4.9)  (RISK 1): Backdoor.Reign.Z
NEW MCID 3567 (SEVERITY 6.6)  (RISK 1): Trojan.Upchan
NEW MCID 3566 (SEVERITY 6.5)  (RISK 1): VBS.Themis
NEW MCID 3565 (SEVERITY 10)  (RISK 2): W32.Gaobot.XJ
NEW MCID 3564 (SEVERITY 10)  (RISK 2): W32.Randex.KJ
NEW MCID 3563 (SEVERITY 4.5)  (RISK 1): Java.Binny.A
UPDATED MCID 3554 (SEVERITY 4.8)  (RISK 1): W32.Sokeven
NEW MCID 3574 (SEVERITY 8.9)  (RISK 2): W32.Korgo.AB
NEW MCID 3572 (SEVERITY 9.5)  (RISK 2): W32.Gaobot.MX
UPDATED MCID 3571 (SEVERITY 3.7)  (RISK 1): PWSteal.Revcuss.C
UPDATED MCID 3570 (SEVERITY 3.7)  (RISK 1): PWSteal.Revcuss.B

Microsoft:
NEW BID 11218 (SEVERITY 4.8)  (URGENCY 3.8): Microsoft Windows CE KDatastruct Information Disclosure Vulnerability
UPDATED BID 11173 (SEVERITY 9.4)  (URGENCY 7.8): Microsoft GDI+ Library JPEG Segment Length Integer Underflow Vulnerability (4 times)

UNIX:
UPDATED BID 3064 (SEVERITY 10)  (URGENCY 8.9): Multiple Vendor Telnetd Buffer Overflow Vulnerability
UPDATED BID 2561 (SEVERITY 4.9)  (URGENCY 6.3): Solaris Xsun HOME Buffer Overflow Vulnerability
UPDATED BID 10448 (SEVERITY 7)  (URGENCY 6.3): MIT Kerberos 5 KRB5_AName_To_Localname Multiple Principal Name Buffer Overrun Vulnerabilities

Applications/Programs:
NEW BID 11210 (SEVERITY 6.7)  (URGENCY 5.1): Google Toolbar About.HTML HTML Injection Vulnerability
UPDATED BID 11181 (SEVERITY 7.5)  (URGENCY 7.6): McAfee VirusScan System Scan Local Privilege Escalation Vulnerability
UPDATED BID 11177 (SEVERITY 8.3)  (URGENCY 8.5): Mozilla/Firefox Browsers URI Drag And Drop Cross-Domain Scripting Vulnerability
UPDATED BID 11174 (SEVERITY 7.2)  (URGENCY 6.4): Mozilla Browser Vcard Handling Remote Buffer Overflow Vulnerability (twice)
UPDATED BID 11171 (SEVERITY 7.2)  (URGENCY 6.4): Mozilla Browser BMP Image Decoding Multiple Integer Overflow Vulnerabilities (twice)
UPDATED BID 11169 (SEVERITY 7.8)  (URGENCY 6.8): Mozilla Browser Non-ASCII Hostname Heap Overflow Vulnerability (twice)
UPDATED BID 11015 (SEVERITY 10)  (URGENCY 8.2): Mozilla Network Security Services Library Remote Heap Overflow Vulnerability
UPDATED BID 10875 (SEVERITY 8.3)  (URGENCY 7.1): Mozilla Browser/Thunderbird SendUIDL POP3 Message Handling Remote Heap Overflow Vulnerability (twice)
UPDATED BID 11179 (SEVERITY 7.8)  (URGENCY 8.2): Mozilla/Firefox Browsers Unauthorized Clipboard Contents Disclosure
UPDATED BID 11245 (SEVERITY 7.8)  (URGENCY 8.6): Macromedia JRun Multiple Remote Vulnerabilities

Hardware/Firmware:
None

Muliple Vendor/Multiple Platform/Other:
UPDATED BID 8911 (SEVERITY 5.9)  (URGENCY 5.5): Apache Web Server Multiple Module Local Buffer Overflow Vulnerability
UPDATED BID 5033 (SEVERITY 10)  (URGENCY 9.6): Apache Chunked-Encoding Memory Corruption Vulnerability
UPDATED BID 11239 (SEVERITY 6.4)  (URGENCY 6.7): Apache Satisfy Directive Access Control Bypass Vulnerability
UPDATED BID 11187 (SEVERITY 10)  (URGENCY 7.2): Apache Web Server Remote IPv6 Buffer Overflow Vulnerability
UPDATED BID 11185 (SEVERITY 4.8)  (URGENCY 6.6): Apache Mod_DAV LOCK Denial Of Service Vulnerability
UPDATED BID 11182 (SEVERITY 5)  (URGENCY 5): Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
UPDATED BID 11154 (SEVERITY 5.3)  (URGENCY 6.9): Apache mod_ssl Remote Denial of Service Vulnerability
UPDATED BID 11094 (SEVERITY 7.8)  (URGENCY 6.8): Apache mod_ssl Denial Of Service Vulnerability
UPDATED BID 10619 (SEVERITY 7.8)  (URGENCY 6.8): Apache ap_escape_html Memory Allocation Denial Of Service Vulnerability
UPDATED BID 10508 (SEVERITY 7.8)  (URGENCY 8.2): Apache Mod_Proxy Remote Negative Content-Length Buffer Overflow Vulnerability
UPDATED BID 9930 (SEVERITY 6.1)  (URGENCY 7.5): Apache Error Log Escape Sequence Injection Vulnerability
UPDATED BID 9921 (SEVERITY 6.2)  (URGENCY 5.7): Apache Connection Blocking Denial Of Service Vulnerability
UPDATED BID 9829 (SEVERITY 6.9)  (URGENCY 8): Apache Mod_Access Access Control Rule Bypass Vulnerability
UPDATED BID 9571 (SEVERITY 6.4)  (URGENCY 5.9): Apache mod_digest Client-Supplied Nonce Verification Vulnerability
-----------------------------------------------------

Nota: twice inseamna ca alerta respectiva a fost semnalata de 2 ori in cursul saptamanii

:vampire:

#6
cianura

cianura

    Senior Member

  • Grup: Senior Members
  • Posts: 2,754
  • Înscris: 19.01.2004
Lady_in_Red, mi s-ar parea utila in cazul vulnerabilitatilor si versiunea de program afectata. apache-ul e mare, telnetd e de asemeni mare... de ex. vulnerabil apache<=2.0.51, apache<=1.3.30 etc.

in rest... multumesc pt snapshot !

#7
Bitch_in_Red

Bitch_in_Red

    Senior Member

  • Grup: Senior Members
  • Posts: 3,271
  • Înscris: 07.05.2004
Imi pare rau dar nu eu "compilez" lista. Si nici nu stiu despre ce versiuni este vorba. Dar sunt convinsa ca daca te duci la vendor's site poti obtine informatii cu privire la vulnerabilitatea in cauza si poti afla si ce versiuni sunt afectate.

#8
cianura

cianura

    Senior Member

  • Grup: Senior Members
  • Posts: 2,754
  • Înscris: 19.01.2004

Lady_in_Red, on Sep 24 2004, 21:49, said:

Imi pare rau dar nu eu "compilez" lista. Si nici nu stiu despre ce versiuni este vorba. Dar sunt convinsa ca daca te duci la vendor's site poti obtine informatii cu privire la vulnerabilitatea in cauza si poti afla si ce versiuni sunt afectate.

<{POST_SNAPBACK}>


exact, asta facusem acum citeva zile... apache-ul era in vizor, mai e si zone-h, si isc.org... la apache si zone-h nu aparuse nimic despre apache... anyway, e buna lista... te face mai paranoia...! :)

#9
raiiar

raiiar

    Senior Member

  • Grup: Senior Members
  • Posts: 2,568
  • Înscris: 30.11.2002
secunia.com cianura, dar banuiesc ca stiai deja.

#10
raiiar

raiiar

    Senior Member

  • Grup: Senior Members
  • Posts: 2,568
  • Înscris: 30.11.2002
http://secunia.com/g...vir&graph=virus

1. Win32.Netsky.P@mm (14.08%)
2. Win32.Parite.B (7.14%)
3. Win32.Mabutu.A@mm (5.96%)
4. Win32.NetSky.D@mm (5.08%)
5. Win32.P2P.SpyBot.Gen (4.6%)
6. Win32.Netsky.B@mm (4.44%)
7. Win32.Bagle.AA@mm (3.77%)
8. Win32.Netsky.C@mm (2.95%)
9. Win32.Netsky.AA@mm (2.42%)
10. Win32.Jeefo.A (2.4%)

http://secunia.com/l...0_virus_alerts/

ahhh... si un mic test pt IE

http://secunia.com/i...ing_test_popup/

#11
raiiar

raiiar

    Senior Member

  • Grup: Senior Members
  • Posts: 2,568
  • Înscris: 30.11.2002
si pt al 3-lea post....    nu ma injurati

Secunia Weekly Summary - Issue: 2004-39


========================================================================

                  The Secunia Weekly Advisory Summary                  
                        2004-09-16 - 2004-09-23                        

                       This week : 70 advisories                      

========================================================================
Table of Contents:

1.....................................................Word From Secunia
2....................................................This Week In Brief
3...............................This Weeks Top Ten Most Read Advisories
4.......................................Vulnerabilities Summary Listing
5.......................................Vulnerabilities Content Listing

========================================================================
1) Word From Secunia:

Secunia has implemented new features at Secunia.com


SECUNIA ADVISORIES NOW INCLUDE "Solution Status":
In addition to the extensive information Secunia advisories already
include, Secunia has added a new parameter: "Solution Status". This
simply means that all Secunia advisories, including older advisories,
now include the current "Solution Status" of a advisory, i.e. if the
vendor has released a patch or not.


IMPROVED PRODUCT PAGES:
The improved product pages now include a detailed listing of all
Secunia advisories affecting each product. The listings include a clear
indication of the "Solution Status" each advisory has ("Unpatched",
"Vendor patch", "Vendor workaround", or "Partial fix"). View the
following for examples:

Opera 7:
http://secunia.com/product/761/

Internet Explorer 6:
http://secunia.com/product/11/

Mozilla Firefox:
http://secunia.com/product/3256/


EXTRA STATISTICS:
Each product page also includes a new pie graph, displaying the
"Solution Status" for all Secunia advisories affecting each product in
a given period. View the following for an example:

Internet Explorer 6:
http://secunia.com/p...istics_solution


FEEDBACK SYSTEM:
To make it easier to provide feedback to the Secunia staff, we have
made an online feedback form. Enter your inquiry and it will
immediately be sent to the appropriate Secunia department.

Ideas, suggestions, and other feedback is most welcome

Secunia Feedback Form:
http://secunia.com/contact_form/


========================================================================
2) This Week in Brief:


ADVISORIES:

Chris Evans has found several image related vulnerabilities in
GdkPixbuf and libXpm, which can be exploited to compromise vulnerable
systems.

Many Linux distributions have already issued updated packages
addressing these vulnerabilities.

Please view secunia.com for information about updated packages.

Reference:
http://secunia.com/SA12549
http://secunia.com/SA12542

--

Two vulnerabilities have been reported in PHP, which can be exploited
to expose system information or to upload files in arbitrary locations.

However, in order to upload files in arbitrary locations, PHP has to be
used in a special way.

Updated versions of PHP are available in the CVS repository. Please
refer to the Secunia advisory below for details.

Reference:
http://secunia.com/SA12560

--

Apple has issued a security update for iChat, which addresses a
vulnerability that can be exploited to compromise a vulnerable system.

Please read Secunia advisory below for details about the update.

Reference:
http://secunia.com/SA12575


VIRUS ALERTS:

Secunia has not issued any virus alerts during the last week.


========================================================================
3) This Weeks Top Ten Most Read Advisories:


1.  [SA12526] Mozilla Multiple Vulnerabilities
2.  [SA12528] Microsoft Multiple Products JPEG Processing Buffer
              Overflow Vulnerability
3.  [SA12304] Internet Explorer Address Bar Spoofing Vulnerability
4.  [SA12580] Mozilla / Mozilla Firefox Cross-Domain Cookie Injection
              Vulnerability
5.  [SA12542] GdkPixbuf Multiple Image Decoding Vulnerabilities
6.  [SA12321] Microsoft Internet Explorer Drag and Drop Vulnerability
7.  [SA12581] Internet Explorer Cross-Domain Cookie Injection
              Vulnerability
8.  [SA12535] Netscape Multiple Vulnerabilities
9.  [SA11978] Multiple Browsers Frame Injection Vulnerability
10. [SA12575] Apple Mac OS X Security Update Fixes iChat Vulnerability


========================================================================
4) Vulnerabilities Summary Listing

Windows:
[SA12616] Emulive Server4 Security Bypass and Denial of Service
Vulnerabilities
[SA12589] Lords of the Realm III Username Handling Denial of Service
[SA12587] WebIntelligence Document Deletion and Cross-Site Scripting
Vulnerabilities
[SA12578] Whatsup Gold Reserved DOS Device Name HTTP Request Denial of
Service
[SA12611] VP-ASP Shopping Cart Database Connection Denial of Service
[SA12595] DNS4Me Web Server Cross-Site Scripting and Denial of Service
[SA12581] Internet Explorer Cross-Domain Cookie Injection
Vulnerability
[SA12612] Pop Messenger Invalid Character Denial of Service
Vulnerability
[SA12585] Pigeon Server Login Denial of Service Vulnerability

UNIX/Linux:
[SA12630] Conectiva update for qt3
[SA12629] Gentoo update for xine-lib
[SA12628] Mandrake update for mpg123
[SA12625] Mandrake update for ImageMagick
[SA12623] Debian update for imlib2
[SA12615] Gentoo update for gtk+ / gdk-pixbuf
[SA12608] Debian netkit-telnet-ssl Buffer Overflow Vulnerability
[SA12607] Gentoo update for Mozilla/Firefox/Thunderbird/Epiphany
[SA12602] xine-lib Multiple Buffer Overflow Vulnerabilities
[SA12599] Sun Java Enterprise System NSS Library Vulnerability
[SA12598] FreeBSD update for CVS
[SA12588] SuSE update for gtk2 and gdk-pixbuf
[SA12586] Debian update for gtk+2.0
[SA12583] Mandrake update for XFree86
[SA12579] SuSE update for XFree86
[SA12575] Apple Mac OS X Security Update Fixes iChat Vulnerability
[SA12574] OpenBSD update for Xpm
[SA12573] Debian update for imlib
[SA12568] Red Hat update for gtk2
[SA12565] Gentoo update for mpg123
[SA12564] Debian update for gdk-pixbuf
[SA12563] Debian update for imagemagick
[SA12619] Gentoo update for freeradius
[SA12614] Debian update for lukemftpd
[SA12592] Debian update for wv
[SA12582] Gentoo update for snipsnap
[SA12570] FreeRADIUS Multiple Unspecified Denial of Service
Vulnerabilities
[SA12562] Gentoo update for heimdal
[SA12584] sdd Unspecified RMT Client Vulnerability
[SA12624] Conectiva update for spamassassin
[SA12577] Gentoo update for apache2 and mod_dav
[SA12576] Gentoo update for phpGroupWare
[SA12572] Fedora update for apr-util
[SA12632] Red Hat redhat-config-nfs Incorrect Share Permissions
Security Issue
[SA12631] Red Hat update for samba
[SA12626] Slackware update for CUPS
[SA12617] OpenBSD Radius Authentication "login_radius" Security Bypass
[SA12603] Gentoo update for CUPS
[SA12571] Red Hat update for CUPS
[SA12566] Debian update for cupsys
[SA12627] Mandrake update for webmin
[SA12610] Fedora update for foomatic
[SA12600] RsyncX Privilege Escalation Vulnerabilities
[SA12596] sudo Arbitrary File Reading Vulnerability
[SA12594] getmail Privilege Escalation Vulnerability
[SA12591] Gentoo update for foomatic
[SA12567] Mandrake update for printer-drivers

Other:
[SA12601] SMC Broadband Routers Session Handling Security Bypass

Cross Platform:
[SA12633] Apache "Satisfy" Directive Access Control Bypass Security
Issue
[SA12606] TUTOS SQL Injection and Cross-Site Scripting Vulnerabilities
[SA12597] ReMOSitory "filecatid" SQL Injection Vulnerability
[SA12593] YaBB Cross-Site Scripting and Security Bypass
Vulnerabilities
[SA12590] Snitz Forums 2000 HTTP Response Splitting Vulnerability
[SA12569] SnipSnap HTTP Response Splitting Vulnerability
[SA12561] MyServer Directory Traversal Vulnerability
[SA12560] PHP Memory Leak and Arbitrary File Location Upload
Vulnerabilities
[SA12621] Subversion "mod_authz_svn" Unreadable Path Information
Disclosure
[SA12609] YaBB Input Validation Vulnerabilities
[SA12580] Mozilla / Mozilla Firefox Cross-Domain Cookie Injection
Vulnerability
[SA12604] Symantec ON Command CCM Default Database Administrator
Accounts
[SA12620] CA UniCenter Management Portal Username Disclosure Weakness

========================================================================
5) Vulnerabilities Content Listing

Windows:--

[SA12616] Emulive Server4 Security Bypass and Denial of Service
Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass, DoS
Released:    2004-09-22

James Bercegay has reported a vulnerability in Emulive Server4, which
can be exploited by malicious people to bypass certain security
restrictions and cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/12616/

--

[SA12589] Lords of the Realm III Username Handling Denial of Service

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2004-09-20

Luigi Auriemma has reported a vulnerability in Lords of the Realm III,
which can be exploited by malicious people to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/12589/

--

[SA12587] WebIntelligence Document Deletion and Cross-Site Scripting
Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass, Cross Site Scripting
Released:    2004-09-18

Corsaire has reported two vulnerabilities in WebIntelligence, which can
be exploited by malicious people to delete sensitive information and
conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/12587/

--

[SA12578] Whatsup Gold Reserved DOS Device Name HTTP Request Denial of
Service

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2004-09-18

A vulnerability has been reported in WhatsUp Gold, which can be
exploited by malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/12578/

--

[SA12611] VP-ASP Shopping Cart Database Connection Denial of Service

Critical:    Less critical
Where:       From remote
Impact:      DoS
Released:    2004-09-22

A vulnerability has been reported in VP-ASP, which can be exploited by
malicious users to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/12611/

--

[SA12595] DNS4Me Web Server Cross-Site Scripting and Denial of Service

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting, DoS
Released:    2004-09-20

James Bercegay has reported two vulnerabilities in DNS4Me Web Server,
which can be exploited by malicious people to conduct cross-site
scripting attacks and cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/12595/

--

[SA12581] Internet Explorer Cross-Domain Cookie Injection
Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Hijacking
Released:    2004-09-18

WESTPOINT has reported a vulnerability in Internet Explorer, which
potentially can be exploited by malicious people to conduct session
fixation attacks.

Full Advisory:
http://secunia.com/advisories/12581/

--

[SA12612] Pop Messenger Invalid Character Denial of Service
Vulnerability

Critical:    Less critical
Where:       From local network
Impact:      DoS
Released:    2004-09-22

Luigi Auriemma has reported a vulnerability in Pop Messenger, which can
be exploited by malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/12612/

--

[SA12585] Pigeon Server Login Denial of Service Vulnerability

Critical:    Less critical
Where:       From local network
Impact:      DoS
Released:    2004-09-17

Luigi Auriemma has reported a vulnerability in Pigeon Server, which can
be exploited by malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/12585/


UNIX/Linux:--

[SA12630] Conectiva update for qt3

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2004-09-23

Conectiva has issued an update for qt3. This fixes a vulnerability,
which potentially can be exploited by malicious people to compromise a
vulnerable system.

Full Advisory:
http://secunia.com/advisories/12630/

--

[SA12629] Gentoo update for xine-lib

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2004-09-23

Gentoo has issued an update for xine-lib. This fixes some
vulnerabilities, which can be exploited by malicious people to
compromise a user's system.

Full Advisory:
http://secunia.com/advisories/12629/

--

[SA12628] Mandrake update for mpg123

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2004-09-23

MandrakeSoft has issued an update for mpg123. This fixes two
vulnerabilities, which can be exploited by malicious people to
compromise a user's system.

Full Advisory:
http://secunia.com/advisories/12628/

--

[SA12625] Mandrake update for ImageMagick

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2004-09-23

MandrakeSoft has issued an update for ImageMagick. This fixes some
vulnerabilities, which can be exploited by malicious people to
compromise a user's system.

Full Advisory:
http://secunia.com/advisories/12625/

--

[SA12623] Debian update for imlib2

Critical:    Highly critical
Where:       From remote
Impact:      System access, DoS
Released:    2004-09-23

Debian has issued an update for imlib2. This fixes a vulnerability,
which potentially can be exploited by malicious people to compromise a
user's system.

Full Advisory:
http://secunia.com/advisories/12623/

--

[SA12615] Gentoo update for gtk+ / gdk-pixbuf

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2004-09-22

Gentoo has issued updates for gdk-pixbuf and gtk+. These fix multiple
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service) and potentially compromise a vulnerable
system.

Full Advisory:
http://secunia.com/advisories/12615/

--

[SA12608] Debian netkit-telnet-ssl Buffer Overflow Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2004-09-21

A very old vulnerability reportedly still affects the netkit-telnet-ssl
package for Debian Linux, which can be exploited by malicious people to
compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/12608/

--

[SA12607] Gentoo update for Mozilla/Firefox/Thunderbird/Epiphany

Critical:    Highly critical
Where:       From remote
Impact:      Cross Site Scripting, Manipulation of data, Exposure of
sensitive information, System access
Released:    2004-09-21

Gentoo has issued updates for Mozilla, Firefox, Thunderbird, and
Epiphany. These fix multiple vulnerabilities, which potentially can be
exploited by malicious people to conduct cross-site scripting attacks,
access and modify sensitive information, and compromise a user's
system.

Full Advisory:
http://secunia.com/advisories/12607/

--

[SA12602] xine-lib Multiple Buffer Overflow Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2004-09-20

Multiple vulnerabilities have been reported in xine-lib, which can be
exploited by malicious people to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/12602/

--

[SA12599] Sun Java Enterprise System NSS Library Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2004-09-20

Sun has acknowledged a vulnerability in the NSS library included with
Sun Java Enterprise System, which can be exploited by malicious people
to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/12599/

--

[SA12598] FreeBSD update for CVS

Critical:    Highly critical
Where:       From remote
Impact:      Exposure of system information, DoS, System access
Released:    2004-09-21

FreeBSD has issued an update for CVS. This fixes multiple
vulnerabilities, which can be exploited by malicious users to cause a
DoS (Denial of Service), compromise a vulnerable system, or gain
knowledge of certain system information.

Full Advisory:
http://secunia.com/advisories/12598/

--

[SA12588] SuSE update for gtk2 and gdk-pixbuf

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2004-09-17

SuSE has issued updates for gdk-pixbuf and gtk2. These fix multiple
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service) and potentially compromise a vulnerable
system.

Full Advisory:
http://secunia.com/advisories/12588/

--

[SA12586] Debian update for gtk+2.0

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2004-09-17

Debian has issued an update for gtk+2.0. This fixes multiple
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service) and potentially compromise a vulnerable
system.

Full Advisory:
http://secunia.com/advisories/12586/

--

[SA12583] Mandrake update for XFree86

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2004-09-17

MandrakeSoft has issued an update for XFree86. This fixes multiple
vulnerabilities, which potentially can be exploited by malicious people
to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/12583/

--

[SA12579] SuSE update for XFree86

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2004-09-18

SuSE has issued an update for XFree86. This fixes multiple
vulnerabilities, which potentially can be exploited by malicious people
to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/12579/

--

[SA12575] Apple Mac OS X Security Update Fixes iChat Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2004-09-17

Apple has issued a security update for Mac OS X iChat client. This
fixes a vulnerability, which can be exploited by malicious people to
compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/12575/

--

[SA12574] OpenBSD update for Xpm

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2004-09-17

OpenBSD has issued an update for Xpm. This fixes multiple
vulnerabilities, which potentially can be exploited by malicious people
to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/12574/

--

[SA12573] Debian update for imlib

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2004-09-16

Debian has issued an update for imlib. This fixes a vulnerability,
which potentially can be exploited by malicious people to compromise a
user's system.

Full Advisory:
http://secunia.com/advisories/12573/

--

[SA12568] Red Hat update for gtk2

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2004-09-16

Red Hat has issued an update for gtk2. This fixes multiple
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service) and potentially compromise a vulnerable
system.

Full Advisory:
http://secunia.com/advisories/12568/

--

[SA12565] Gentoo update for mpg123

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2004-09-16

Gentoo has issued an update for mpg123. This fixes a vulnerability,
which can be exploited by malicious people to compromise a user's
system.

Full Advisory:
http://secunia.com/advisories/12565/

--

[SA12564] Debian update for gdk-pixbuf

Critical:    Highly critical
Where:       From remote
Impact:      System access, DoS
Released:    2004-09-16

Debian has issued an update for gdk-pixbuf. This fixes multiple
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service) and potentially compromise a vulnerable
system.

Full Advisory:
http://secunia.com/advisories/12564/

--

[SA12563] Debian update for imagemagick

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2004-09-20

Debian has issued an update for ImageMagick. This fixes a
vulnerability, which potentially can be exploited by malicious people
to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/12563/

--

[SA12619] Gentoo update for freeradius

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2004-09-23

Gentoo has issued an update for freeradius. This fixes multiple
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/12619/

--

[SA12614] Debian update for lukemftpd

Critical:    Moderately critical
Where:       From remote
Impact:      Privilege escalation, System access
Released:    2004-09-22

Debian has issued an update for lukemftpd. This fixes some
vulnerabilities, which potentially can be exploited by malicious users
to gain escalated privileges or compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/12614/

--

[SA12592] Debian update for wv

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2004-09-21

Debian has issued an update for wv. This fixes a vulnerability, which
potentially can be exploited by malicious people to compromise a user's
system.

Full Advisory:
http://secunia.com/advisories/12592/

--

[SA12582] Gentoo update for snipsnap

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2004-09-20

Gentoo has issued an update for snipsnap. This fixes a vulnerability,
which can be exploited by malicious people to conduct script insertion
and cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/12582/

--

[SA12570] FreeRADIUS Multiple Unspecified Denial of Service
Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2004-09-20

Multiple unspecified vulnerabilities have been reported in FreeRADIUS,
which can be exploited by malicious people to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/12570/

--

[SA12562] Gentoo update for heimdal

Critical:    Moderately critical
Where:       From remote
Impact:      System access, Privilege escalation
Released:    2004-09-16

Gentoo has issued an update for heimdal. This fixes some
vulnerabilities, which potentially can be exploited by malicious users
to gain escalated privileges or compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/12562/

--

[SA12584] sdd Unspecified RMT Client Vulnerability

Critical:    Moderately critical
Where:       From local network
Impact:      Unknown
Released:    2004-09-18

A vulnerability with an unknown impact has been reported in sdd.

Full Advisory:
http://secunia.com/advisories/12584/

--

[SA12624] Conectiva update for spamassassin

Critical:    Less critical
Where:       From remote
Impact:      DoS
Released:    2004-09-23

Connectiva has issued an update for spamassassin. This fixes a
vulnerability, which can be exploited by malicious people to cause a
DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/12624/

--

[SA12577] Gentoo update for apache2 and mod_dav

Critical:    Less critical
Where:       From remote
Impact:      Privilege escalation, DoS
Released:    2004-09-17

Gentoo has issued updates for apache2 and mod_dav. These fix multiple
vulnerabilities, which can be exploited to cause a DoS (Denial of
Service) or gain escalated privileges.

Full Advisory:
http://secunia.com/advisories/12577/

--

[SA12576] Gentoo update for phpGroupWare

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2004-09-17

Gentoo has issued an update for phpGroupWare. This fixes a
vulnerability, which can be exploited by malicious people to conduct
cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/12576/

--

[SA12572] Fedora update for apr-util

Critical:    Less critical
Where:       From remote
Impact:      DoS
Released:    2004-09-16

Fedora has issued an update for apr-util. This fixes a vulnerability
which can be exploited by malicious people to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/12572/

--

[SA12632] Red Hat redhat-config-nfs Incorrect Share Permissions
Security Issue

Critical:    Less critical
Where:       From local network
Impact:      Security Bypass
Released:    2004-09-23

John Buswell has reported a security issue in redhat-config-nfs, which
may result in users having more permissions than expected on exported
resources.

Full Advisory:
http://secunia.com/advisories/12632/

--

[SA12631] Red Hat update for samba

Critical:    Less critical
Where:       From local network
Impact:      DoS
Released:    2004-09-23

Red Hat has issued an update for samba. This fixes two vulnerabilities,
which can be exploited by malicious people to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/12631/

--

[SA12626] Slackware update for CUPS

Critical:    Less critical
Where:       From local network
Impact:      DoS
Released:    2004-09-23

Slackware has issued an update for CUPS. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/12626/

--

[SA12617] OpenBSD Radius Authentication "login_radius" Security Bypass

Critical:    Less critical
Where:       From local network
Impact:      Security Bypass
Released:    2004-09-22

Eilko Bos has reported a vulnerability in OpenBSD, which can be
exploited by malicious people to bypass certain security restrictions.

Full Advisory:
http://secunia.com/advisories/12617/

--

[SA12603] Gentoo update for CUPS

Critical:    Less critical
Where:       From local network
Impact:      DoS
Released:    2004-09-21

Gentoo has issued an update for CUPS. This fixes a vulnerability, which
can be exploited by malicious people to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/12603/

--

[SA12571] Red Hat update for CUPS

Critical:    Less critical
Where:       From local network
Impact:      DoS
Released:    2004-09-16

Red Hat has issued an update for CUPS. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/12571/

--

[SA12566] Debian update for cupsys

Critical:    Less critical
Where:       From local network
Impact:      DoS
Released:    2004-09-16

Debian has issued an update for cupsys. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/12566/

--

[SA12627] Mandrake update for webmin

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2004-09-23

MandrakeSoft has issued an update for webmin. This fixes a
vulnerability, which potentially can be exploited by malicious, local
user to perform certain actions on a system with escalated privileges.

Full Advisory:
http://secunia.com/advisories/12627/

--

[SA12610] Fedora update for foomatic

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2004-09-22

Fedora has issued an update for foomatic. This fixes a vulnerability,
which can be exploited by malicious, local users to gain escalated
privileges.

Full Advisory:
http://secunia.com/advisories/12610/

--

[SA12600] RsyncX Privilege Escalation Vulnerabilities

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2004-09-20

Matt Johnston has reported two vulnerabilities in RsyncX, which can be
exploited by malicious, local users to gain escalated privileges.

Full Advisory:
http://secunia.com/advisories/12600/

--

[SA12596] sudo Arbitrary File Reading Vulnerability

Critical:    Less critical
Where:       Local system
Impact:      Exposure of sensitive information
Released:    2004-09-20

Reznic Valery has reported a vulnerability in sudo, which can be
exploited by malicious, local users to read arbitrary files.

Full Advisory:
http://secunia.com/advisories/12596/

--

[SA12594] getmail Privilege Escalation Vulnerability

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2004-09-20

David Watson has reported a vulnerability in getmail, which can be
exploited by malicious, local users to gain escalated privileges.

Full Advisory:
http://secunia.com/advisories/12594/

--

[SA12591] Gentoo update for foomatic

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2004-09-21

Gentoo has issued an update for foomatic. This fixes a vulnerability,
which can be exploited by malicious, local users to gain escalated
privileges.

Full Advisory:
http://secunia.com/advisories/12591/

--

[SA12567] Mandrake update for printer-drivers

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2004-09-16

MandrakeSoft has issued an update for printer-drivers. This fixes a
vulnerability, which can be exploited by malicious, local users to gain
escalated privileges.

Full Advisory:
http://secunia.com/advisories/12567/


Other:--

[SA12601] SMC Broadband Routers Session Handling Security Bypass

Critical:    Less critical
Where:       From local network
Impact:      Security Bypass
Released:    2004-09-20

Jimmy Scott has reported a vulnerability in SMC broadband routers,
which can be exploited by malicious people to bypass certain security
restrictions.

Full Advisory:
http://secunia.com/advisories/12601/


Cross Platform:--

[SA12633] Apache "Satisfy" Directive Access Control Bypass Security
Issue

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass
Released:    2004-09-23

A security issue has been reported in Apache, which may allow malicious
people to bypass configured access controls.

Full Advisory:
http://secunia.com/advisories/12633/

--

[SA12606] TUTOS SQL Injection and Cross-Site Scripting Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting, Manipulation of data
Released:    2004-09-21

Joxean Koret has reported some vulnerabilities, which can be exploited
to conduct SQL injection and cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/12606/

--

[SA12597] ReMOSitory "filecatid" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2004-09-20

khoai has reported a vulnerability in the ReMOSitory add-on for Mambo,
which can be exploited by malicious people to conduct SQL injection
attacks.

Full Advisory:
http://secunia.com/advisories/12597/

--

[SA12593] YaBB Cross-Site Scripting and Security Bypass
Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass, Cross Site Scripting
Released:    2004-09-21

GulfTech Security has discovered two vulnerabilities in YaBB, which can
be exploited by malicious people to conduct cross-site scripting attacks
and bypass certain security restrictions.

Full Advisory:
http://secunia.com/advisories/12593/

--

[SA12590] Snitz Forums 2000 HTTP Response Splitting Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2004-09-20

Maestro has reported a vulnerability in Snitz Forums 2000, which can be
exploited by malicious people to conduct script insertion and cross-site
scripting attacks.

Full Advisory:
http://secunia.com/advisories/12590/

--

[SA12569] SnipSnap HTTP Response Splitting Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2004-09-20

Maestro De-Seguridad has reported a vulnerability has been reported in
SnipSnap, which can be exploited by malicious people to conduct script
insertion and cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/12569/

--

[SA12561] MyServer Directory Traversal Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Exposure of system information, Exposure of sensitive
information
Released:    2004-09-16

Arnaud Jacques has reported a vulnerability in MyServer, which can be
exploited by malicious people to access sensitive information.

Full Advisory:
http://secunia.com/advisories/12561/

--

[SA12560] PHP Memory Leak and Arbitrary File Location Upload
Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Exposure of sensitive information, System access
Released:    2004-09-18

Two vulnerabilities have been reported in PHP, which can be exploited
by malicious people to disclose sensitive information or potentially
compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/12560/

--

[SA12621] Subversion "mod_authz_svn" Unreadable Path Information
Disclosure

Critical:    Less critical
Where:       From remote
Impact:      Exposure of system information, Exposure of sensitive
information
Released:    2004-09-23

A security issue has been reported in Subversion, which can be
exploited by malicious people to disclose potentially sensitive
information.

Full Advisory:
http://secunia.com/advisories/12621/

--

[SA12609] YaBB Input Validation Vulnerabilities

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting, Manipulation of data
Released:    2004-09-22

Two vulnerabilities have been reported in YaBB, which can be exploited
to conduct cross-site scripting attacks and manipulate certain files.

Full Advisory:
http://secunia.com/advisories/12609/

--

[SA12580] Mozilla / Mozilla Firefox Cross-Domain Cookie Injection
Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Hijacking
Released:    2004-09-18

WESTPOINT has reported a vulnerability in Mozilla / Mozilla Firefox,
which potentially can be exploited by malicious people to conduct
session fixation attacks.

Full Advisory:
http://secunia.com/advisories/12580/

--

[SA12604] Symantec ON Command CCM Default Database Administrator
Accounts

Critical:    Less critical
Where:       From local network
Impact:      Security Bypass
Released:    2004-09-22

Jonas Olsson has reported a security issue in ON Command CCM, which can
be exploited by malicious people to access sensitive information.

Full Advisory:
http://secunia.com/advisories/12604/

--

[SA12620] CA UniCenter Management Portal Username Disclosure Weakness

Critical:    Not critical
Where:       From local network
Impact:      Exposure of system information
Released:    2004-09-22

Thomas Adams has reported a weakness in UniCenter Management Portal,
which can be exploited by malicious people to disclose system
information.

Full Advisory:
http://secunia.com/advisories/12620/

Anunturi

Chirurgia endoscopică a hipofizei Chirurgia endoscopică a hipofizei

"Standardul de aur" în chirurgia hipofizară îl reprezintă endoscopia transnazală transsfenoidală.

Echipa NeuroHope este antrenată în unul din cele mai mari centre de chirurgie a hipofizei din Europa, Spitalul Foch din Paris, centrul în care a fost introdus pentru prima dată endoscopul în chirurgia transnazală a hipofizei, de către neurochirurgul francez Guiot. Pe lângă tumorile cu origine hipofizară, prin tehnicile endoscopice transnazale pot fi abordate numeroase alte patologii neurochirurgicale.

www.neurohope.ro

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Forumul Softpedia foloseste "cookies" pentru a imbunatati experienta utilizatorilor Accept
Pentru detalii si optiuni legate de cookies si datele personale, consultati Politica de utilizare cookies si Politica de confidentialitate