Chirurgia endoscopică a hipofizei
"Standardul de aur" în chirurgia hipofizară îl reprezintă endoscopia transnazală transsfenoidală. Echipa NeuroHope este antrenată în unul din cele mai mari centre de chirurgie a hipofizei din Europa, Spitalul Foch din Paris, centrul în care a fost introdus pentru prima dată endoscopul în chirurgia transnazală a hipofizei, de către neurochirurgul francez Guiot. Pe lângă tumorile cu origine hipofizară, prin tehnicile endoscopice transnazale pot fi abordate numeroase alte patologii neurochirurgicale. www.neurohope.ro |
Weekly Security Alerts - Bulletin
Last Updated: Sep 25 2004 05:25, Started by
Bitch_in_Red
, Sep 17 2004 19:43
·
0
#1
Posted 17 September 2004 - 19:43
As putea furniza acest tip de informatie saptamanal.
Daca considerati ca nu este utila, va rog sa nu dati nici un reply si am sa opresc update-ul. Thank you & have a nice & safe weekend! Virus/Worms/Trojans: NEW MCID 3519 (SEVERITY 9.9) (RISK 2): W32.Spybot.DNC NEW MCID 3518 (SEVERITY 8.4) (RISK 2): W32.Randex.JC NEW MCID 3517 (SEVERITY 9.7) (RISK 2): W32.Spybot.DNB NEW MCID 3515 (SEVERITY 5.5) (RISK 1): W32.HLLW.Zusha NEW MCID 3514 (SEVERITY 7.3) (RISK 1): Backdoor.Nemog.C NEW MCID 3513 (SEVERITY 6) (RISK 1): W32.Sykel NEW MCID 3512 (SEVERITY 1) (RISK 1): Trojan.Kreol UPDATED MCID 3511 (SEVERITY 9.2) (RISK 2): Backdoor.Sdbot.MD NEW MCID 3510 (SEVERITY 9.6) (RISK 2): Backdoor.SDbot.MB NEW MCID 3509 (SEVERITY 8.4) (RISK 1): Backdoor.IRC.Lazz UPDATED MCID 3508 (SEVERITY 8.9) (RISK 2): W32.Mydoom.V@mm UPDATED MCID 3504 (SEVERITY 8.9) (RISK 2): W32.Mydoom.U1@mm NEW MCID 3520 (SEVERITY 9.6) (RISK 1): Backdoor.Sdbot.AA NEW MCID 3521 (SEVERITY 8.6) (RISK 2): W32.Alizado NEW MCID 3522 (SEVERITY 1) (RISK 1): Trojan.Webus NEW MCID 3523 (SEVERITY 4.5) (RISK 1): Trojan.Linux.Rooted NEW MCID 3524 (SEVERITY 6.6) (RISK 2): W32.Mydoom.W@mm NEW MCID 3526 (SEVERITY 9.4) (RISK 2): W32.Forbot.V NEW MCID 3533 (SEVERITY 8.5) (RISK 2): Backdoor.Sdbot.LY NEW MCID 3532 (SEVERITY 9.5) (RISK 2): W32.Mydoom.AB@mm NEW MCID 3531 (SEVERITY 4.8) (RISK 1): Backdoor.Agent.CO NEW MCID 3530 (SEVERITY 7.6) (RISK 2): VBS.Vabi@mm NEW MCID 3528 (SEVERITY 1) (RISK 1): Hacktool.IPCscan NEW MCID 3527 (SEVERITY 4.5) (RISK 1): Downloader.OO NEW MCID 3525 (SEVERITY 9.9) (RISK 2): W32.Spybot.CYM UPDATED MCID 3524 (SEVERITY 6.6) (RISK 2): W32.Mydoom.W@mm NEW MCID 3539 (SEVERITY 9.3) (RISK 2): Backdoor.Sdbot.PG NEW MCID 3538 (SEVERITY 5.8) (RISK 2): W32.Mydoom.Y@mm NEW MCID 3537 (SEVERITY 4.8) (RISK 1): Backdoor.Nemog.D NEW MCID 3535 (SEVERITY 8.7) (RISK 1): W32.Mexer.E@mm NEW MCID 3534 (SEVERITY 8.6) (RISK 1): Backdoor.Sdbot.AB UPDATED MCID 3532 (SEVERITY 9.5) (RISK 2): W32.Mydoom.AB@mm NEW MCID 3546 (SEVERITY 8.4) (RISK 2): Backdoor.Sdbot.PJ NEW MCID 3545 (SEVERITY 4.6) (RISK 1): Backdoor.CIM NEW MCID 3544 (SEVERITY 8.6) (RISK 2): Backdoor.Sdbot.PI NEW MCID 3543 (SEVERITY 9.5) (RISK 1): Backdoor.Sdbot.VQ NEW MCID 3541 (SEVERITY 8.7) (RISK 2): W32.Randex.JR NEW MCID 3540 (SEVERITY 4.6) (RISK 1): Trojan.Anits UPDATED MCID 3532 (SEVERITY 9.5) (RISK 2): W32.Mydoom.AB@mm Microsoft: UPDATED BID 11173 (SEVERITY 9.4) (URGENCY 7.8): Microsoft GDI+ Library JPEG Segment Length Integer Underflow Vulnerability UPDATED BID 11172 (SEVERITY 9.4) (URGENCY 7.8): Microsoft WordPerfect Converter Remote Buffer Overflow Vulnerability NEW BID 11186 (SEVERITY 6.7) (URGENCY 7.9): Multiple Browser Cross-Domain Cookie Injection Vulnerability UPDATED BID 11199 (SEVERITY 7.5) (URGENCY 7.4): IBM OEM Microsoft Windows XP And Windows XP SP1 Default Administration Account Vulnerability NEW BID 11200 (SEVERITY 5.6) (URGENCY 6.1): Microsoft Internet Explorer User Security Confirmation Bypass Vulnerability NEW BID 11202 (SEVERITY 6.1) (URGENCY 6.1): Microsoft Windows XP Explorer.EXE TIFF Image Denial of Service Vulnerability UNIX: UPDATED BID 11079 (SEVERITY 8.4) (URGENCY 7.2): MIT Kerberos 5 ASN.1 Decoder Denial Of Service Vulnerability UPDATED BID 11078 (SEVERITY 10) (URGENCY 8.2): MIT Kerberos 5 Multiple Double-Free Vulnerabilities UPDATED BID 10448 (SEVERITY 7) (URGENCY 6.3): MIT Kerberos 5 KRB5_AName_To_Localname Multiple Principal Name Buffer Overrun Vulnerabilities UPDATED BID 8986 (SEVERITY 7.5) (URGENCY 6.6): HP-UX Software Distributor Lang Environment Variable Local Buffer Overrun Vulnerability UPDATED BID 8985 (SEVERITY 7.5) (URGENCY 8): HP-UX NLSPATH Environment Variable Format String Vulnerability UPDATED BID 10781 (SEVERITY 7) (URGENCY 6.3): Samba Filename Mangling Method Buffer Overrun Vulnerability Applications/Programs: UPDATED BID 10871 (SEVERITY 10) (URGENCY 9.6): Oracle Multiple Unspecified Vulnerabilities UPDATED BID 10875 (SEVERITY 8.3) (URGENCY 7.1): Mozilla Browser/Thunderbird SendUIDL POP3 Message Handling Remote Heap Overflow Vulnerability UPDATED BID 11169 (SEVERITY 7.8) (URGENCY 6.8): Mozilla Browser Non-ASCII Hostname Heap Overflow Vulnerability UPDATED BID 11171 (SEVERITY 7.2) (URGENCY 6.4): Mozilla Browser BMP Image Decoding Multiple Integer Overflow Vulnerabilities UPDATED BID 11174 (SEVERITY 7.2) (URGENCY 6.4): Mozilla Browser Vcard Handling Remote Buffer Overflow Vulnerability UPDATED BID 11177 (SEVERITY 8.3) (URGENCY 8.5): Mozilla/Firefox Browsers URI Drag And Drop Cross-Domain Scripting Vulnerability UPDATED BID 11179 (SEVERITY 7.8) (URGENCY 8.2): Mozilla/Firefox Browsers Unauthorized Clipboard Contents Disclosure UPDATED BID 11181 (SEVERITY 7.5) (URGENCY 7.6): McAfee VirusScan System Scan Local Privilege Escalation Vulnerability NEW BID 11188 (SEVERITY 8.4) (URGENCY 7.2): HP Web Jetadmin Unspecified Arbitrary Command Execution Vulnerability UPDATED BID 9973 (SEVERITY 7.9) (URGENCY 8.6): HP Web Jetadmin Remote Arbitrary Command Execution Vulnerability UPDATED BID 11120 (SEVERITY 7.6) (URGENCY 6.6): Oracle Database 9i SQL Command Buffer Overflow Vulnerability UPDATED BID 11100 (SEVERITY 9) (URGENCY 7.6): Oracle Database Server dbms_system.ksdwrt Remote Buffer Overflow Vulnerability UPDATED BID 11099 (SEVERITY 6.8) (URGENCY 7.9): Oracle Database Server ctxsys.driload Access Validation Vulnerability UPDATED BID 11091 (SEVERITY 8.5) (URGENCY 7.2): Oracle 10g Database DBMS_SCHEDULER Remote Command Execution Vulnerability Hardware/Firmware: None Muliple Vendor/Multiple Platform/Other: NEW BID 11154 (SEVERITY 5.3) (URGENCY 6.9): Apache mod_ssl Remote Denial of Service Vulnerability UPDATED BID 9571 (SEVERITY 6.4) (URGENCY 5.9): Apache mod_digest Client-Supplied Nonce Verification Vulnerability UPDATED BID 9921 (SEVERITY 6.2) (URGENCY 5.7): Apache Connection Blocking Denial Of Service Vulnerability UPDATED BID 9930 (SEVERITY 6.1) (URGENCY 7.5): Apache Error Log Escape Sequence Injection Vulnerability UPDATED BID 9829 (SEVERITY 6.9) (URGENCY 8): Apache Mod_Access Access Control Rule Bypass Vulnerability UPDATED BID 10508 (SEVERITY 7.8) (URGENCY 8.2): Apache Mod_Proxy Remote Negative Content-Length Buffer Overflow Vulnerability UPDATED BID 11094 (SEVERITY 7.8) (URGENCY 6.8): Apache mod_ssl Denial Of Service Vulnerability (twice) UPDATED BID 11154 (SEVERITY 5.3) (URGENCY 6.9): Apache mod_ssl Remote Denial of Service Vulnerability UPDATED BID 11182 (SEVERITY 5) (URGENCY 5): Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability UPDATED BID 11185 (SEVERITY 4.8) (URGENCY 6.6): Apache Mod_DAV LOCK Denial Of Service Vulnerability (twice) UPDATED BID 11187 (SEVERITY 10) (URGENCY 7.2): Apache Web Server Remote IPv6 Buffer Overflow Vulnerability UPDATED BID 11154 (SEVERITY 5.3) (URGENCY 6.9): Apache mod_ssl Remote Denial of Service Vulnerability |
#2
Posted 19 September 2004 - 23:08
Lady_in_Red,
Cred ca e interesanta lista asta pentru cine vrea sa aiba o imagine de ansamblu si sa stie cat de repede ar trebui sa ia masuri. Poti preciza sursa ? Si eventual modul cum se calculeaza coeficientii de risc, urgenta, etc ? |
#3
Posted 20 September 2004 - 14:14
@cryo:
imi pare rau, dar nu pot preciza sursa; chiar daca as preciza-o nu ai avea accces la ea - sorry. Cat despre modul in care se calculeaza coeficientii de risc, urgenta, iar nu iti pot da informatii exacte, dar am convingerea ca sunt specificate de catre producatorii respectivi de software/hardware, iar in cazul virusilor de catre McAfee. Am senzatia ca acesti indici sunt folositori marilor corporatii pentru a lua masurile de protectie adecvate specificului lor precum si pentru a stabili prioritatile in aplicarea diferitelor update-uri. Dupa cum probabil stii nu poti aplica update-uri asupra masinilor care servesc aplicatii publice, fara certitudinea ca acestea nu vor fi afectate sau trebuie decis care risc este mai mic si pe care ti-l asumi temporar... |
#4
Posted 20 September 2004 - 14:31
Lady_in_Red, on Sep 20 2004, 15:14, said: @cryo: imi pare rau, dar nu pot preciza sursa; chiar daca as preciza-o nu ai avea accces la ea - sorry. Vroiam sa stiu cat e de incredere si din curiozitate. Thanks |
#5
Posted 24 September 2004 - 20:27
...probabil ca este ultimul post avand in vedere ca nu pare a fi util iar unii au dubii cu privire la sursa...
si nici nu vreau sa subliniez ca Unix ar fi la fel de vulnerabil ca Microsoft! Security Alerts posted Sept 17-24, 2004 Virus/Worms/Trojans: NEW MCID 3552 (SEVERITY 9.1) (RISK 3): W32.Beagle.BA@mm NEW MCID 3551 (SEVERITY 9.5) (RISK 2): W32.Randex.KZ NEW MCID 3549 (SEVERITY 8.7) (RISK 1): W32.Sndog@mm UPDATED MCID 3538 (SEVERITY 5.8) (RISK 2): W32.Mydoom.Y@mm NEW MCID 3547 (SEVERITY 2.8) (RISK 1): PWSteal.Ibank NEW MCID 3548 (SEVERITY 5.5) (RISK 1): W32.Pahac@mm NEW MCID 3555 (SEVERITY 9.5) (RISK 2): Backdoor.Sdbot.PK NEW MCID 3554 (SEVERITY 4.6) (RISK 1): W32.Sokeven.D UPDATED MCID 3552 (SEVERITY 9.1) (RISK 2): W32.Beagle.BA@mm NEW MCID 3562 (SEVERITY 9) (RISK 2): W32.Forbot.AG NEW MCID 3561 (SEVERITY 6.7) (RISK 1): W32.Myfip.C NEW MCID 3560 (SEVERITY 10) (RISK 2): W32.Gaobot.XI NEW MCID 3558 (SEVERITY 8.4) (RISK 1): W32.Randin NEW MCID 3557 (SEVERITY 9.6) (RISK 1): W32.Donk.S NEW MCID 3556 (SEVERITY 4.6) (RISK 2): W32.Snone.A NEW MCID 3570 (SEVERITY 3.7) (RISK 1): PWSteal.Revcuss.B NEW MCID 3569 (SEVERITY 3.7) (RISK 1): PWSteal.Revcuss.A NEW MCID 3568 (SEVERITY 4.9) (RISK 1): Backdoor.Reign.Z NEW MCID 3567 (SEVERITY 6.6) (RISK 1): Trojan.Upchan NEW MCID 3566 (SEVERITY 6.5) (RISK 1): VBS.Themis NEW MCID 3565 (SEVERITY 10) (RISK 2): W32.Gaobot.XJ NEW MCID 3564 (SEVERITY 10) (RISK 2): W32.Randex.KJ NEW MCID 3563 (SEVERITY 4.5) (RISK 1): Java.Binny.A UPDATED MCID 3554 (SEVERITY 4.8) (RISK 1): W32.Sokeven NEW MCID 3574 (SEVERITY 8.9) (RISK 2): W32.Korgo.AB NEW MCID 3572 (SEVERITY 9.5) (RISK 2): W32.Gaobot.MX UPDATED MCID 3571 (SEVERITY 3.7) (RISK 1): PWSteal.Revcuss.C UPDATED MCID 3570 (SEVERITY 3.7) (RISK 1): PWSteal.Revcuss.B Microsoft: NEW BID 11218 (SEVERITY 4.8) (URGENCY 3.8): Microsoft Windows CE KDatastruct Information Disclosure Vulnerability UPDATED BID 11173 (SEVERITY 9.4) (URGENCY 7.8): Microsoft GDI+ Library JPEG Segment Length Integer Underflow Vulnerability (4 times) UNIX: UPDATED BID 3064 (SEVERITY 10) (URGENCY 8.9): Multiple Vendor Telnetd Buffer Overflow Vulnerability UPDATED BID 2561 (SEVERITY 4.9) (URGENCY 6.3): Solaris Xsun HOME Buffer Overflow Vulnerability UPDATED BID 10448 (SEVERITY 7) (URGENCY 6.3): MIT Kerberos 5 KRB5_AName_To_Localname Multiple Principal Name Buffer Overrun Vulnerabilities Applications/Programs: NEW BID 11210 (SEVERITY 6.7) (URGENCY 5.1): Google Toolbar About.HTML HTML Injection Vulnerability UPDATED BID 11181 (SEVERITY 7.5) (URGENCY 7.6): McAfee VirusScan System Scan Local Privilege Escalation Vulnerability UPDATED BID 11177 (SEVERITY 8.3) (URGENCY 8.5): Mozilla/Firefox Browsers URI Drag And Drop Cross-Domain Scripting Vulnerability UPDATED BID 11174 (SEVERITY 7.2) (URGENCY 6.4): Mozilla Browser Vcard Handling Remote Buffer Overflow Vulnerability (twice) UPDATED BID 11171 (SEVERITY 7.2) (URGENCY 6.4): Mozilla Browser BMP Image Decoding Multiple Integer Overflow Vulnerabilities (twice) UPDATED BID 11169 (SEVERITY 7.8) (URGENCY 6.8): Mozilla Browser Non-ASCII Hostname Heap Overflow Vulnerability (twice) UPDATED BID 11015 (SEVERITY 10) (URGENCY 8.2): Mozilla Network Security Services Library Remote Heap Overflow Vulnerability UPDATED BID 10875 (SEVERITY 8.3) (URGENCY 7.1): Mozilla Browser/Thunderbird SendUIDL POP3 Message Handling Remote Heap Overflow Vulnerability (twice) UPDATED BID 11179 (SEVERITY 7.8) (URGENCY 8.2): Mozilla/Firefox Browsers Unauthorized Clipboard Contents Disclosure UPDATED BID 11245 (SEVERITY 7.8) (URGENCY 8.6): Macromedia JRun Multiple Remote Vulnerabilities Hardware/Firmware: None Muliple Vendor/Multiple Platform/Other: UPDATED BID 8911 (SEVERITY 5.9) (URGENCY 5.5): Apache Web Server Multiple Module Local Buffer Overflow Vulnerability UPDATED BID 5033 (SEVERITY 10) (URGENCY 9.6): Apache Chunked-Encoding Memory Corruption Vulnerability UPDATED BID 11239 (SEVERITY 6.4) (URGENCY 6.7): Apache Satisfy Directive Access Control Bypass Vulnerability UPDATED BID 11187 (SEVERITY 10) (URGENCY 7.2): Apache Web Server Remote IPv6 Buffer Overflow Vulnerability UPDATED BID 11185 (SEVERITY 4.8) (URGENCY 6.6): Apache Mod_DAV LOCK Denial Of Service Vulnerability UPDATED BID 11182 (SEVERITY 5) (URGENCY 5): Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability UPDATED BID 11154 (SEVERITY 5.3) (URGENCY 6.9): Apache mod_ssl Remote Denial of Service Vulnerability UPDATED BID 11094 (SEVERITY 7.8) (URGENCY 6.8): Apache mod_ssl Denial Of Service Vulnerability UPDATED BID 10619 (SEVERITY 7.8) (URGENCY 6.8): Apache ap_escape_html Memory Allocation Denial Of Service Vulnerability UPDATED BID 10508 (SEVERITY 7.8) (URGENCY 8.2): Apache Mod_Proxy Remote Negative Content-Length Buffer Overflow Vulnerability UPDATED BID 9930 (SEVERITY 6.1) (URGENCY 7.5): Apache Error Log Escape Sequence Injection Vulnerability UPDATED BID 9921 (SEVERITY 6.2) (URGENCY 5.7): Apache Connection Blocking Denial Of Service Vulnerability UPDATED BID 9829 (SEVERITY 6.9) (URGENCY 8): Apache Mod_Access Access Control Rule Bypass Vulnerability UPDATED BID 9571 (SEVERITY 6.4) (URGENCY 5.9): Apache mod_digest Client-Supplied Nonce Verification Vulnerability ----------------------------------------------------- Nota: twice inseamna ca alerta respectiva a fost semnalata de 2 ori in cursul saptamanii |
#6
Posted 24 September 2004 - 20:44
Lady_in_Red, mi s-ar parea utila in cazul vulnerabilitatilor si versiunea de program afectata. apache-ul e mare, telnetd e de asemeni mare... de ex. vulnerabil apache<=2.0.51, apache<=1.3.30 etc.
in rest... multumesc pt snapshot ! |
#7
Posted 24 September 2004 - 20:49
Imi pare rau dar nu eu "compilez" lista. Si nici nu stiu despre ce versiuni este vorba. Dar sunt convinsa ca daca te duci la vendor's site poti obtine informatii cu privire la vulnerabilitatea in cauza si poti afla si ce versiuni sunt afectate.
|
#8
Posted 24 September 2004 - 20:56
Lady_in_Red, on Sep 24 2004, 21:49, said: Imi pare rau dar nu eu "compilez" lista. Si nici nu stiu despre ce versiuni este vorba. Dar sunt convinsa ca daca te duci la vendor's site poti obtine informatii cu privire la vulnerabilitatea in cauza si poti afla si ce versiuni sunt afectate. exact, asta facusem acum citeva zile... apache-ul era in vizor, mai e si zone-h, si isc.org... la apache si zone-h nu aparuse nimic despre apache... anyway, e buna lista... te face mai paranoia...! |
#10
Posted 25 September 2004 - 05:21
http://secunia.com/g...vir&graph=virus
1. Win32.Netsky.P@mm (14.08%) 2. Win32.Parite.B (7.14%) 3. Win32.Mabutu.A@mm (5.96%) 4. Win32.NetSky.D@mm (5.08%) 5. Win32.P2P.SpyBot.Gen (4.6%) 6. Win32.Netsky.B@mm (4.44%) 7. Win32.Bagle.AA@mm (3.77%) 8. Win32.Netsky.C@mm (2.95%) 9. Win32.Netsky.AA@mm (2.42%) 10. Win32.Jeefo.A (2.4%) http://secunia.com/l...0_virus_alerts/ ahhh... si un mic test pt IE http://secunia.com/i...ing_test_popup/ |
|
#11
Posted 25 September 2004 - 05:25
si pt al 3-lea post.... nu ma injurati
Secunia Weekly Summary - Issue: 2004-39 ======================================================================== The Secunia Weekly Advisory Summary 2004-09-16 - 2004-09-23 This week : 70 advisories ======================================================================== Table of Contents: 1.....................................................Word From Secunia 2....................................................This Week In Brief 3...............................This Weeks Top Ten Most Read Advisories 4.......................................Vulnerabilities Summary Listing 5.......................................Vulnerabilities Content Listing ======================================================================== 1) Word From Secunia: Secunia has implemented new features at Secunia.com SECUNIA ADVISORIES NOW INCLUDE "Solution Status": In addition to the extensive information Secunia advisories already include, Secunia has added a new parameter: "Solution Status". This simply means that all Secunia advisories, including older advisories, now include the current "Solution Status" of a advisory, i.e. if the vendor has released a patch or not. IMPROVED PRODUCT PAGES: The improved product pages now include a detailed listing of all Secunia advisories affecting each product. The listings include a clear indication of the "Solution Status" each advisory has ("Unpatched", "Vendor patch", "Vendor workaround", or "Partial fix"). View the following for examples: Opera 7: http://secunia.com/product/761/ Internet Explorer 6: http://secunia.com/product/11/ Mozilla Firefox: http://secunia.com/product/3256/ EXTRA STATISTICS: Each product page also includes a new pie graph, displaying the "Solution Status" for all Secunia advisories affecting each product in a given period. View the following for an example: Internet Explorer 6: http://secunia.com/p...istics_solution FEEDBACK SYSTEM: To make it easier to provide feedback to the Secunia staff, we have made an online feedback form. Enter your inquiry and it will immediately be sent to the appropriate Secunia department. Ideas, suggestions, and other feedback is most welcome Secunia Feedback Form: http://secunia.com/contact_form/ ======================================================================== 2) This Week in Brief: ADVISORIES: Chris Evans has found several image related vulnerabilities in GdkPixbuf and libXpm, which can be exploited to compromise vulnerable systems. Many Linux distributions have already issued updated packages addressing these vulnerabilities. Please view secunia.com for information about updated packages. Reference: http://secunia.com/SA12549 http://secunia.com/SA12542 -- Two vulnerabilities have been reported in PHP, which can be exploited to expose system information or to upload files in arbitrary locations. However, in order to upload files in arbitrary locations, PHP has to be used in a special way. Updated versions of PHP are available in the CVS repository. Please refer to the Secunia advisory below for details. Reference: http://secunia.com/SA12560 -- Apple has issued a security update for iChat, which addresses a vulnerability that can be exploited to compromise a vulnerable system. Please read Secunia advisory below for details about the update. Reference: http://secunia.com/SA12575 VIRUS ALERTS: Secunia has not issued any virus alerts during the last week. ======================================================================== 3) This Weeks Top Ten Most Read Advisories: 1. [SA12526] Mozilla Multiple Vulnerabilities 2. [SA12528] Microsoft Multiple Products JPEG Processing Buffer Overflow Vulnerability 3. [SA12304] Internet Explorer Address Bar Spoofing Vulnerability 4. [SA12580] Mozilla / Mozilla Firefox Cross-Domain Cookie Injection Vulnerability 5. [SA12542] GdkPixbuf Multiple Image Decoding Vulnerabilities 6. [SA12321] Microsoft Internet Explorer Drag and Drop Vulnerability 7. [SA12581] Internet Explorer Cross-Domain Cookie Injection Vulnerability 8. [SA12535] Netscape Multiple Vulnerabilities 9. [SA11978] Multiple Browsers Frame Injection Vulnerability 10. [SA12575] Apple Mac OS X Security Update Fixes iChat Vulnerability ======================================================================== 4) Vulnerabilities Summary Listing Windows: [SA12616] Emulive Server4 Security Bypass and Denial of Service Vulnerabilities [SA12589] Lords of the Realm III Username Handling Denial of Service [SA12587] WebIntelligence Document Deletion and Cross-Site Scripting Vulnerabilities [SA12578] Whatsup Gold Reserved DOS Device Name HTTP Request Denial of Service [SA12611] VP-ASP Shopping Cart Database Connection Denial of Service [SA12595] DNS4Me Web Server Cross-Site Scripting and Denial of Service [SA12581] Internet Explorer Cross-Domain Cookie Injection Vulnerability [SA12612] Pop Messenger Invalid Character Denial of Service Vulnerability [SA12585] Pigeon Server Login Denial of Service Vulnerability UNIX/Linux: [SA12630] Conectiva update for qt3 [SA12629] Gentoo update for xine-lib [SA12628] Mandrake update for mpg123 [SA12625] Mandrake update for ImageMagick [SA12623] Debian update for imlib2 [SA12615] Gentoo update for gtk+ / gdk-pixbuf [SA12608] Debian netkit-telnet-ssl Buffer Overflow Vulnerability [SA12607] Gentoo update for Mozilla/Firefox/Thunderbird/Epiphany [SA12602] xine-lib Multiple Buffer Overflow Vulnerabilities [SA12599] Sun Java Enterprise System NSS Library Vulnerability [SA12598] FreeBSD update for CVS [SA12588] SuSE update for gtk2 and gdk-pixbuf [SA12586] Debian update for gtk+2.0 [SA12583] Mandrake update for XFree86 [SA12579] SuSE update for XFree86 [SA12575] Apple Mac OS X Security Update Fixes iChat Vulnerability [SA12574] OpenBSD update for Xpm [SA12573] Debian update for imlib [SA12568] Red Hat update for gtk2 [SA12565] Gentoo update for mpg123 [SA12564] Debian update for gdk-pixbuf [SA12563] Debian update for imagemagick [SA12619] Gentoo update for freeradius [SA12614] Debian update for lukemftpd [SA12592] Debian update for wv [SA12582] Gentoo update for snipsnap [SA12570] FreeRADIUS Multiple Unspecified Denial of Service Vulnerabilities [SA12562] Gentoo update for heimdal [SA12584] sdd Unspecified RMT Client Vulnerability [SA12624] Conectiva update for spamassassin [SA12577] Gentoo update for apache2 and mod_dav [SA12576] Gentoo update for phpGroupWare [SA12572] Fedora update for apr-util [SA12632] Red Hat redhat-config-nfs Incorrect Share Permissions Security Issue [SA12631] Red Hat update for samba [SA12626] Slackware update for CUPS [SA12617] OpenBSD Radius Authentication "login_radius" Security Bypass [SA12603] Gentoo update for CUPS [SA12571] Red Hat update for CUPS [SA12566] Debian update for cupsys [SA12627] Mandrake update for webmin [SA12610] Fedora update for foomatic [SA12600] RsyncX Privilege Escalation Vulnerabilities [SA12596] sudo Arbitrary File Reading Vulnerability [SA12594] getmail Privilege Escalation Vulnerability [SA12591] Gentoo update for foomatic [SA12567] Mandrake update for printer-drivers Other: [SA12601] SMC Broadband Routers Session Handling Security Bypass Cross Platform: [SA12633] Apache "Satisfy" Directive Access Control Bypass Security Issue [SA12606] TUTOS SQL Injection and Cross-Site Scripting Vulnerabilities [SA12597] ReMOSitory "filecatid" SQL Injection Vulnerability [SA12593] YaBB Cross-Site Scripting and Security Bypass Vulnerabilities [SA12590] Snitz Forums 2000 HTTP Response Splitting Vulnerability [SA12569] SnipSnap HTTP Response Splitting Vulnerability [SA12561] MyServer Directory Traversal Vulnerability [SA12560] PHP Memory Leak and Arbitrary File Location Upload Vulnerabilities [SA12621] Subversion "mod_authz_svn" Unreadable Path Information Disclosure [SA12609] YaBB Input Validation Vulnerabilities [SA12580] Mozilla / Mozilla Firefox Cross-Domain Cookie Injection Vulnerability [SA12604] Symantec ON Command CCM Default Database Administrator Accounts [SA12620] CA UniCenter Management Portal Username Disclosure Weakness ======================================================================== 5) Vulnerabilities Content Listing Windows:-- [SA12616] Emulive Server4 Security Bypass and Denial of Service Vulnerabilities Critical: Moderately critical Where: From remote Impact: Security Bypass, DoS Released: 2004-09-22 James Bercegay has reported a vulnerability in Emulive Server4, which can be exploited by malicious people to bypass certain security restrictions and cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/12616/ -- [SA12589] Lords of the Realm III Username Handling Denial of Service Critical: Moderately critical Where: From remote Impact: DoS Released: 2004-09-20 Luigi Auriemma has reported a vulnerability in Lords of the Realm III, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/12589/ -- [SA12587] WebIntelligence Document Deletion and Cross-Site Scripting Vulnerabilities Critical: Moderately critical Where: From remote Impact: Security Bypass, Cross Site Scripting Released: 2004-09-18 Corsaire has reported two vulnerabilities in WebIntelligence, which can be exploited by malicious people to delete sensitive information and conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/12587/ -- [SA12578] Whatsup Gold Reserved DOS Device Name HTTP Request Denial of Service Critical: Moderately critical Where: From remote Impact: DoS Released: 2004-09-18 A vulnerability has been reported in WhatsUp Gold, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/12578/ -- [SA12611] VP-ASP Shopping Cart Database Connection Denial of Service Critical: Less critical Where: From remote Impact: DoS Released: 2004-09-22 A vulnerability has been reported in VP-ASP, which can be exploited by malicious users to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/12611/ -- [SA12595] DNS4Me Web Server Cross-Site Scripting and Denial of Service Critical: Less critical Where: From remote Impact: Cross Site Scripting, DoS Released: 2004-09-20 James Bercegay has reported two vulnerabilities in DNS4Me Web Server, which can be exploited by malicious people to conduct cross-site scripting attacks and cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/12595/ -- [SA12581] Internet Explorer Cross-Domain Cookie Injection Vulnerability Critical: Less critical Where: From remote Impact: Hijacking Released: 2004-09-18 WESTPOINT has reported a vulnerability in Internet Explorer, which potentially can be exploited by malicious people to conduct session fixation attacks. Full Advisory: http://secunia.com/advisories/12581/ -- [SA12612] Pop Messenger Invalid Character Denial of Service Vulnerability Critical: Less critical Where: From local network Impact: DoS Released: 2004-09-22 Luigi Auriemma has reported a vulnerability in Pop Messenger, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/12612/ -- [SA12585] Pigeon Server Login Denial of Service Vulnerability Critical: Less critical Where: From local network Impact: DoS Released: 2004-09-17 Luigi Auriemma has reported a vulnerability in Pigeon Server, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/12585/ UNIX/Linux:-- [SA12630] Conectiva update for qt3 Critical: Highly critical Where: From remote Impact: DoS, System access Released: 2004-09-23 Conectiva has issued an update for qt3. This fixes a vulnerability, which potentially can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/12630/ -- [SA12629] Gentoo update for xine-lib Critical: Highly critical Where: From remote Impact: System access Released: 2004-09-23 Gentoo has issued an update for xine-lib. This fixes some vulnerabilities, which can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/12629/ -- [SA12628] Mandrake update for mpg123 Critical: Highly critical Where: From remote Impact: System access Released: 2004-09-23 MandrakeSoft has issued an update for mpg123. This fixes two vulnerabilities, which can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/12628/ -- [SA12625] Mandrake update for ImageMagick Critical: Highly critical Where: From remote Impact: System access Released: 2004-09-23 MandrakeSoft has issued an update for ImageMagick. This fixes some vulnerabilities, which can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/12625/ -- [SA12623] Debian update for imlib2 Critical: Highly critical Where: From remote Impact: System access, DoS Released: 2004-09-23 Debian has issued an update for imlib2. This fixes a vulnerability, which potentially can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/12623/ -- [SA12615] Gentoo update for gtk+ / gdk-pixbuf Critical: Highly critical Where: From remote Impact: DoS, System access Released: 2004-09-22 Gentoo has issued updates for gdk-pixbuf and gtk+. These fix multiple vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/12615/ -- [SA12608] Debian netkit-telnet-ssl Buffer Overflow Vulnerability Critical: Highly critical Where: From remote Impact: System access Released: 2004-09-21 A very old vulnerability reportedly still affects the netkit-telnet-ssl package for Debian Linux, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/12608/ -- [SA12607] Gentoo update for Mozilla/Firefox/Thunderbird/Epiphany Critical: Highly critical Where: From remote Impact: Cross Site Scripting, Manipulation of data, Exposure of sensitive information, System access Released: 2004-09-21 Gentoo has issued updates for Mozilla, Firefox, Thunderbird, and Epiphany. These fix multiple vulnerabilities, which potentially can be exploited by malicious people to conduct cross-site scripting attacks, access and modify sensitive information, and compromise a user's system. Full Advisory: http://secunia.com/advisories/12607/ -- [SA12602] xine-lib Multiple Buffer Overflow Vulnerabilities Critical: Highly critical Where: From remote Impact: System access Released: 2004-09-20 Multiple vulnerabilities have been reported in xine-lib, which can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/12602/ -- [SA12599] Sun Java Enterprise System NSS Library Vulnerability Critical: Highly critical Where: From remote Impact: System access Released: 2004-09-20 Sun has acknowledged a vulnerability in the NSS library included with Sun Java Enterprise System, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/12599/ -- [SA12598] FreeBSD update for CVS Critical: Highly critical Where: From remote Impact: Exposure of system information, DoS, System access Released: 2004-09-21 FreeBSD has issued an update for CVS. This fixes multiple vulnerabilities, which can be exploited by malicious users to cause a DoS (Denial of Service), compromise a vulnerable system, or gain knowledge of certain system information. Full Advisory: http://secunia.com/advisories/12598/ -- [SA12588] SuSE update for gtk2 and gdk-pixbuf Critical: Highly critical Where: From remote Impact: DoS, System access Released: 2004-09-17 SuSE has issued updates for gdk-pixbuf and gtk2. These fix multiple vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/12588/ -- [SA12586] Debian update for gtk+2.0 Critical: Highly critical Where: From remote Impact: DoS, System access Released: 2004-09-17 Debian has issued an update for gtk+2.0. This fixes multiple vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/12586/ -- [SA12583] Mandrake update for XFree86 Critical: Highly critical Where: From remote Impact: System access Released: 2004-09-17 MandrakeSoft has issued an update for XFree86. This fixes multiple vulnerabilities, which potentially can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/12583/ -- [SA12579] SuSE update for XFree86 Critical: Highly critical Where: From remote Impact: System access Released: 2004-09-18 SuSE has issued an update for XFree86. This fixes multiple vulnerabilities, which potentially can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/12579/ -- [SA12575] Apple Mac OS X Security Update Fixes iChat Vulnerability Critical: Highly critical Where: From remote Impact: System access Released: 2004-09-17 Apple has issued a security update for Mac OS X iChat client. This fixes a vulnerability, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/12575/ -- [SA12574] OpenBSD update for Xpm Critical: Highly critical Where: From remote Impact: System access Released: 2004-09-17 OpenBSD has issued an update for Xpm. This fixes multiple vulnerabilities, which potentially can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/12574/ -- [SA12573] Debian update for imlib Critical: Highly critical Where: From remote Impact: DoS, System access Released: 2004-09-16 Debian has issued an update for imlib. This fixes a vulnerability, which potentially can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/12573/ -- [SA12568] Red Hat update for gtk2 Critical: Highly critical Where: From remote Impact: DoS, System access Released: 2004-09-16 Red Hat has issued an update for gtk2. This fixes multiple vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/12568/ -- [SA12565] Gentoo update for mpg123 Critical: Highly critical Where: From remote Impact: System access Released: 2004-09-16 Gentoo has issued an update for mpg123. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/12565/ -- [SA12564] Debian update for gdk-pixbuf Critical: Highly critical Where: From remote Impact: System access, DoS Released: 2004-09-16 Debian has issued an update for gdk-pixbuf. This fixes multiple vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/12564/ -- [SA12563] Debian update for imagemagick Critical: Highly critical Where: From remote Impact: System access Released: 2004-09-20 Debian has issued an update for ImageMagick. This fixes a vulnerability, which potentially can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/12563/ -- [SA12619] Gentoo update for freeradius Critical: Moderately critical Where: From remote Impact: DoS Released: 2004-09-23 Gentoo has issued an update for freeradius. This fixes multiple vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/12619/ -- [SA12614] Debian update for lukemftpd Critical: Moderately critical Where: From remote Impact: Privilege escalation, System access Released: 2004-09-22 Debian has issued an update for lukemftpd. This fixes some vulnerabilities, which potentially can be exploited by malicious users to gain escalated privileges or compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/12614/ -- [SA12592] Debian update for wv Critical: Moderately critical Where: From remote Impact: System access Released: 2004-09-21 Debian has issued an update for wv. This fixes a vulnerability, which potentially can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/12592/ -- [SA12582] Gentoo update for snipsnap Critical: Moderately critical Where: From remote Impact: Cross Site Scripting Released: 2004-09-20 Gentoo has issued an update for snipsnap. This fixes a vulnerability, which can be exploited by malicious people to conduct script insertion and cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/12582/ -- [SA12570] FreeRADIUS Multiple Unspecified Denial of Service Vulnerabilities Critical: Moderately critical Where: From remote Impact: DoS Released: 2004-09-20 Multiple unspecified vulnerabilities have been reported in FreeRADIUS, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/12570/ -- [SA12562] Gentoo update for heimdal Critical: Moderately critical Where: From remote Impact: System access, Privilege escalation Released: 2004-09-16 Gentoo has issued an update for heimdal. This fixes some vulnerabilities, which potentially can be exploited by malicious users to gain escalated privileges or compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/12562/ -- [SA12584] sdd Unspecified RMT Client Vulnerability Critical: Moderately critical Where: From local network Impact: Unknown Released: 2004-09-18 A vulnerability with an unknown impact has been reported in sdd. Full Advisory: http://secunia.com/advisories/12584/ -- [SA12624] Conectiva update for spamassassin Critical: Less critical Where: From remote Impact: DoS Released: 2004-09-23 Connectiva has issued an update for spamassassin. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/12624/ -- [SA12577] Gentoo update for apache2 and mod_dav Critical: Less critical Where: From remote Impact: Privilege escalation, DoS Released: 2004-09-17 Gentoo has issued updates for apache2 and mod_dav. These fix multiple vulnerabilities, which can be exploited to cause a DoS (Denial of Service) or gain escalated privileges. Full Advisory: http://secunia.com/advisories/12577/ -- [SA12576] Gentoo update for phpGroupWare Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2004-09-17 Gentoo has issued an update for phpGroupWare. This fixes a vulnerability, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/12576/ -- [SA12572] Fedora update for apr-util Critical: Less critical Where: From remote Impact: DoS Released: 2004-09-16 Fedora has issued an update for apr-util. This fixes a vulnerability which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/12572/ -- [SA12632] Red Hat redhat-config-nfs Incorrect Share Permissions Security Issue Critical: Less critical Where: From local network Impact: Security Bypass Released: 2004-09-23 John Buswell has reported a security issue in redhat-config-nfs, which may result in users having more permissions than expected on exported resources. Full Advisory: http://secunia.com/advisories/12632/ -- [SA12631] Red Hat update for samba Critical: Less critical Where: From local network Impact: DoS Released: 2004-09-23 Red Hat has issued an update for samba. This fixes two vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/12631/ -- [SA12626] Slackware update for CUPS Critical: Less critical Where: From local network Impact: DoS Released: 2004-09-23 Slackware has issued an update for CUPS. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/12626/ -- [SA12617] OpenBSD Radius Authentication "login_radius" Security Bypass Critical: Less critical Where: From local network Impact: Security Bypass Released: 2004-09-22 Eilko Bos has reported a vulnerability in OpenBSD, which can be exploited by malicious people to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/12617/ -- [SA12603] Gentoo update for CUPS Critical: Less critical Where: From local network Impact: DoS Released: 2004-09-21 Gentoo has issued an update for CUPS. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/12603/ -- [SA12571] Red Hat update for CUPS Critical: Less critical Where: From local network Impact: DoS Released: 2004-09-16 Red Hat has issued an update for CUPS. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/12571/ -- [SA12566] Debian update for cupsys Critical: Less critical Where: From local network Impact: DoS Released: 2004-09-16 Debian has issued an update for cupsys. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/12566/ -- [SA12627] Mandrake update for webmin Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2004-09-23 MandrakeSoft has issued an update for webmin. This fixes a vulnerability, which potentially can be exploited by malicious, local user to perform certain actions on a system with escalated privileges. Full Advisory: http://secunia.com/advisories/12627/ -- [SA12610] Fedora update for foomatic Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2004-09-22 Fedora has issued an update for foomatic. This fixes a vulnerability, which can be exploited by malicious, local users to gain escalated privileges. Full Advisory: http://secunia.com/advisories/12610/ -- [SA12600] RsyncX Privilege Escalation Vulnerabilities Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2004-09-20 Matt Johnston has reported two vulnerabilities in RsyncX, which can be exploited by malicious, local users to gain escalated privileges. Full Advisory: http://secunia.com/advisories/12600/ -- [SA12596] sudo Arbitrary File Reading Vulnerability Critical: Less critical Where: Local system Impact: Exposure of sensitive information Released: 2004-09-20 Reznic Valery has reported a vulnerability in sudo, which can be exploited by malicious, local users to read arbitrary files. Full Advisory: http://secunia.com/advisories/12596/ -- [SA12594] getmail Privilege Escalation Vulnerability Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2004-09-20 David Watson has reported a vulnerability in getmail, which can be exploited by malicious, local users to gain escalated privileges. Full Advisory: http://secunia.com/advisories/12594/ -- [SA12591] Gentoo update for foomatic Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2004-09-21 Gentoo has issued an update for foomatic. This fixes a vulnerability, which can be exploited by malicious, local users to gain escalated privileges. Full Advisory: http://secunia.com/advisories/12591/ -- [SA12567] Mandrake update for printer-drivers Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2004-09-16 MandrakeSoft has issued an update for printer-drivers. This fixes a vulnerability, which can be exploited by malicious, local users to gain escalated privileges. Full Advisory: http://secunia.com/advisories/12567/ Other:-- [SA12601] SMC Broadband Routers Session Handling Security Bypass Critical: Less critical Where: From local network Impact: Security Bypass Released: 2004-09-20 Jimmy Scott has reported a vulnerability in SMC broadband routers, which can be exploited by malicious people to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/12601/ Cross Platform:-- [SA12633] Apache "Satisfy" Directive Access Control Bypass Security Issue Critical: Moderately critical Where: From remote Impact: Security Bypass Released: 2004-09-23 A security issue has been reported in Apache, which may allow malicious people to bypass configured access controls. Full Advisory: http://secunia.com/advisories/12633/ -- [SA12606] TUTOS SQL Injection and Cross-Site Scripting Vulnerabilities Critical: Moderately critical Where: From remote Impact: Cross Site Scripting, Manipulation of data Released: 2004-09-21 Joxean Koret has reported some vulnerabilities, which can be exploited to conduct SQL injection and cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/12606/ -- [SA12597] ReMOSitory "filecatid" SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2004-09-20 khoai has reported a vulnerability in the ReMOSitory add-on for Mambo, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/12597/ -- [SA12593] YaBB Cross-Site Scripting and Security Bypass Vulnerabilities Critical: Moderately critical Where: From remote Impact: Security Bypass, Cross Site Scripting Released: 2004-09-21 GulfTech Security has discovered two vulnerabilities in YaBB, which can be exploited by malicious people to conduct cross-site scripting attacks and bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/12593/ -- [SA12590] Snitz Forums 2000 HTTP Response Splitting Vulnerability Critical: Moderately critical Where: From remote Impact: Cross Site Scripting Released: 2004-09-20 Maestro has reported a vulnerability in Snitz Forums 2000, which can be exploited by malicious people to conduct script insertion and cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/12590/ -- [SA12569] SnipSnap HTTP Response Splitting Vulnerability Critical: Moderately critical Where: From remote Impact: Cross Site Scripting Released: 2004-09-20 Maestro De-Seguridad has reported a vulnerability has been reported in SnipSnap, which can be exploited by malicious people to conduct script insertion and cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/12569/ -- [SA12561] MyServer Directory Traversal Vulnerability Critical: Moderately critical Where: From remote Impact: Exposure of system information, Exposure of sensitive information Released: 2004-09-16 Arnaud Jacques has reported a vulnerability in MyServer, which can be exploited by malicious people to access sensitive information. Full Advisory: http://secunia.com/advisories/12561/ -- [SA12560] PHP Memory Leak and Arbitrary File Location Upload Vulnerabilities Critical: Moderately critical Where: From remote Impact: Exposure of sensitive information, System access Released: 2004-09-18 Two vulnerabilities have been reported in PHP, which can be exploited by malicious people to disclose sensitive information or potentially compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/12560/ -- [SA12621] Subversion "mod_authz_svn" Unreadable Path Information Disclosure Critical: Less critical Where: From remote Impact: Exposure of system information, Exposure of sensitive information Released: 2004-09-23 A security issue has been reported in Subversion, which can be exploited by malicious people to disclose potentially sensitive information. Full Advisory: http://secunia.com/advisories/12621/ -- [SA12609] YaBB Input Validation Vulnerabilities Critical: Less critical Where: From remote Impact: Cross Site Scripting, Manipulation of data Released: 2004-09-22 Two vulnerabilities have been reported in YaBB, which can be exploited to conduct cross-site scripting attacks and manipulate certain files. Full Advisory: http://secunia.com/advisories/12609/ -- [SA12580] Mozilla / Mozilla Firefox Cross-Domain Cookie Injection Vulnerability Critical: Less critical Where: From remote Impact: Hijacking Released: 2004-09-18 WESTPOINT has reported a vulnerability in Mozilla / Mozilla Firefox, which potentially can be exploited by malicious people to conduct session fixation attacks. Full Advisory: http://secunia.com/advisories/12580/ -- [SA12604] Symantec ON Command CCM Default Database Administrator Accounts Critical: Less critical Where: From local network Impact: Security Bypass Released: 2004-09-22 Jonas Olsson has reported a security issue in ON Command CCM, which can be exploited by malicious people to access sensitive information. Full Advisory: http://secunia.com/advisories/12604/ -- [SA12620] CA UniCenter Management Portal Username Disclosure Weakness Critical: Not critical Where: From local network Impact: Exposure of system information Released: 2004-09-22 Thomas Adams has reported a weakness in UniCenter Management Portal, which can be exploited by malicious people to disclose system information. Full Advisory: http://secunia.com/advisories/12620/ |
Anunturi
▶ 0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users