[ISN] Secunia Weekly Summary - Issue: 2005-18

InfoSec News isn at c4i.org
Thu May 5 05:28:39 EDT 2005


========================================================================

                  The Secunia Weekly Advisory Summary                  
                        2005-04-28 - 2005-05-05                        

                       This week : 69 advisories                       

========================================================================
Table of Contents:

1.....................................................Word From Secunia
2....................................................This Week In Brief
3...............................This Weeks Top Ten Most Read Advisories
4.......................................Vulnerabilities Summary Listing
5.......................................Vulnerabilities Content Listing

========================================================================
1) Word From Secunia:

Want a new IT Security job?

Vacant positions at Secunia:
http://secunia.com/secunia_vacancies/

========================================================================
2) This Week in Brief:

Netscape has been found vulnerable to a vulnerability, which was
first reported in Mozilla.

Currently, no solution is available from the vendor. Refer to
referenced Secunia advisory below for additional details.

Reference:
http://secunia.com/SA15135

--

Apple has released a security update for Mac OS X, which corrects 19
vulnerabilities.

Complete details about each issue can be found in referenced Secunia
advisory below.

References:
http://secunia.com/SA15227


VIRUS ALERTS:

During the last week, Secunia issued 1 MEDIUM RISK virus alert.
Please refer to the grouped virus profile below for more information:

Sober.P - MEDIUM RISK Virus Alert - 2005-05-02 22:55 GMT+1
http://secunia.com/virus_information/17688/sober.p/

========================================================================
3) This Weeks Top Ten Most Read Advisories:

1.  [SA15103] Netscape GIF Image Netscape Extension 2 Buffer Overflow
2.  [SA14654] Mozilla Firefox Three Vulnerabilities
3.  [SA14820] Mozilla Firefox JavaScript Engine Information Disclosure
              Vulnerability
4.  [SA15135] Netscape DOM Nodes Validation Vulnerability
5.  [SA15153] Symantec AntiVirus Products RAR Archive Virus Detection
              Bypass
6.  [SA12758] Microsoft Word Document Parsing Buffer Overflow
              Vulnerabilities
7.  [SA15064] Microsoft Windows Image Rendering Denial of Service
              Vulnerability
8.  [SA15023] Realplayer/RealOne RAM File Processing Buffer Overflow
              Vulnerability
9.  [SA14938] Mozilla Firefox Multiple Vulnerabilities
10. [SA12889] Microsoft Internet Explorer Multiple Vulnerabilities

========================================================================
4) Vulnerabilities Summary Listing

Windows:
[SA15192] GlobalScape Secure FTP Command Parsing Buffer Overflow
[SA15239] ASP Inline Corporate Calendar "Event_ID" SQL Injection
[SA15234] Mercur Messaging Multiple Vulnerabilities
[SA15214] MaxWebPortal Multiple SQL Injection Vulnerabilities
[SA15190] Ecomm Professional Guestbook "AdminPWD" SQL Injection
[SA15178] Ocean12 Mailing List Manager Pro SQL Injection Vulnerability
[SA15175] Golden FTP Server Pro Directory Traversal Vulnerability
[SA15173] enVivo!CMS SQL Injection Vulnerabilities
[SA15242] NetWin DMail Server Two Vulnerabilities
[SA15231] 602LAN SUITE Local File Detection and Denial of Service
[SA15230] 04WebServer Directory Traversal Vulnerability
[SA15171] ICUII Disclosure of Passwords
[SA15179] Kerio Products Password Brute Force and Denial of Service
[SA15184] NotJustBrowsing Disclosure of Lock Password

UNIX/Linux:
[SA15236] Fedora update for kdelibs
[SA15227] Mac OS X Security Update Fixes Multiple Vulnerabilities
[SA15210] Slackware update for xine-lib
[SA15203] SUSE Updates for Multiple Packages
[SA15202] Gentoo update for pound
[SA15199] Ubuntu update for kdelibs
[SA15189] Mandriva update for xpm
[SA15182] Red Hat update for php
[SA15180] Red Hat update for mozilla
[SA15243] Ubuntu update for cvs
[SA15238] Ubuntu update for kommander
[SA15225] Open WebMail Shell Command Injection Vulnerability
[SA15211] Avaya Kerberos Telnet Client vulnerabilities
[SA15193] GnuTLS Record Packet Parsing Denial of Service Vulnerability
[SA15188] Red Hat update for kernel
[SA15187] Red Hat update for kernel
[SA15183] Fedora update for kdewebdev
[SA15177] OpenBSD update for cvs
[SA15172] Debian update for ethereal
[SA15170] Debian update for prozilla
[SA15217] PostgreSQL Character Conversion and tsearch2 Module
Vulnerabilities
[SA15240] MaraDNS Unspecified Random Number Generator Vulnerability
[SA15237] Fedora update for tcpdump
[SA15229] Debian update for smartlist
[SA15221] SmartList confirm Add-On Arbitrary Addresses Subscribe
[SA15194] Gentoo update for horde
[SA15228] Ubuntu update for libnet-ssleay-perl
[SA15224] Mac OS X pty Permission Security Issue
[SA15207] Perl Net::SSLeay Module Entropy Source Manipulation
[SA15201] Cocktail Exposure of Administrator Password
[SA15198] Gentoo phpmyadmin Installation Script Insecure Permissions
[SA15197] Ce/Ceterm Privilege Escalation Vulnerabilities
[SA15196] ArcInfo Workstation Format String and Buffer Overflow
Vulnerabilities
[SA15191] Fedora update for Perl
[SA15186] Red Hat update for glibc
[SA15185] Mandriva update for perl
[SA15252] leafnode Two Denial of Service Issues
[SA15204] Linux Kernel Local Denial of Service Vulnerabilities

Other:
[SA15205] BIG-IP / 3-DNS ICMP Handling Denial of Service Vulnerability

Cross Platform:
[SA15216] osTicket Multiple Vulnerabilities
[SA15213] SitePanel Multiple Vulnerabilities
[SA15195] Mtp Target Format String and Denial of Service
Vulnerabilities
[SA15233] LibTomCrypt Unspecified ECC Signature Scheme Vulnerability
[SA15232] FishCart Cross-Site Scripting and SQL Injection
Vulnerabilities
[SA15220] PRADO Unspecified ViewState Data Vulnerability
[SA15219] Woltlab Burning Board JGS-Portal "id" SQL Injection
[SA15208] eSKUeL "ConfLangCookie" and "lang_config" Local File
Inclusion
[SA15206] BirdBlog BB Code Script Insertion Vulnerability
[SA15181] ViArt Shop Enterprise Cross-Site Scripting and Script
Insertion
[SA15226] OpenView Event Correlation Services Unspecified
Vulnerabilities
[SA15223] OpenView Network Node Manager Unspecified Vulnerabilities
[SA15218] Web Crossing "webx" Cross-Site Scripting Vulnerability
[SA15215] Symantec Products ICMP Handling Denial of Service
[SA15235] GraphicsMagick PNM Image Decoding Buffer Overflow
Vulnerability

========================================================================
5) Vulnerabilities Content Listing

Windows:--

[SA15192] GlobalScape Secure FTP Command Parsing Buffer Overflow

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2005-05-02

Mati Aharoni has reported a vulnerability in GlobalScape Secure FTP
Server, which can be exploited by malicious users to compromise a
vulnerable system.

Full Advisory:
http://secunia.com/advisories/15192/

 --

[SA15239] ASP Inline Corporate Calendar "Event_ID" SQL Injection

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2005-05-04

Zinho has reported a vulnerability in ASP Inline Corporate Calendar,
which can be exploited by malicious people to conduct SQL injection
attacks.

Full Advisory:
http://secunia.com/advisories/15239/

 --

[SA15234] Mercur Messaging Multiple Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data, Exposure of system information,
Exposure of sensitive information
Released:    2005-05-04

Dr_insane has reported some vulnerabilities in Mercur Messaging, which
can be exploited by malicious people to manipulate files and disclose
sensitive information.

Full Advisory:
http://secunia.com/advisories/15234/

 --

[SA15214] MaxWebPortal Multiple SQL Injection Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2005-05-03

Soroush Dalili and Crkchat has reported some vulnerabilities in
MaxWebPortal, which can be exploited by malicious people to conduct SQL
injection attacks.

Full Advisory:
http://secunia.com/advisories/15214/

 --

[SA15190] Ecomm Professional Guestbook "AdminPWD" SQL Injection

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2005-04-29

A vulnerability has been reported in Ecomm Professional Guestbook,
which can be exploited by malicious people to conduct SQL injection
attacks.

Full Advisory:
http://secunia.com/advisories/15190/

 --

[SA15178] Ocean12 Mailing List Manager Pro SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2005-04-29

Zinho has reported a vulnerability in Ocean12 Mailing List Manager Pro,
which can be exploited by malicious people to conduct SQL injection
attacks.

Full Advisory:
http://secunia.com/advisories/15178/

 --

[SA15175] Golden FTP Server Pro Directory Traversal Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass, Exposure of system information, Exposure
of sensitive information
Released:    2005-05-03

Lachlan. H has reported a vulnerability in Golden FTP Server Pro, which
can be exploited by malicious users to access arbitrary files on a
vulnerable system.

Full Advisory:
http://secunia.com/advisories/15175/

 --

[SA15173] enVivo!CMS SQL Injection Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2005-04-29

Diabolic Crab has reported some vulnerabilities in enVivo!CMS, which
can be exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/15173/

 --

[SA15242] NetWin DMail Server Two Vulnerabilities

Critical:    Less critical
Where:       From remote
Impact:      Security Bypass, System access
Released:    2005-05-04

Tan Chew Keong has reported two vulnerabilities in NetWin DMail Server,
which can be exploited by malicious people to bypass certain security
restrictions or potentially compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/15242/

 --

[SA15231] 602LAN SUITE Local File Detection and Denial of Service

Critical:    Less critical
Where:       From remote
Impact:      Exposure of system information, DoS
Released:    2005-05-03

Dr_insane has discovered a vulnerability in 602LAN SUITE, which can be
exploited by malicious people to detect the presence of local files and
cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/15231/

 --

[SA15230] 04WebServer Directory Traversal Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Security Bypass, Exposure of sensitive information
Released:    2005-05-03

Dr_insane has discovered a vulnerability in 04WebServer, which can be
exploited by malicious people to gain knowledge of sensitive
information.

Full Advisory:
http://secunia.com/advisories/15230/

 --

[SA15171] ICUII Disclosure of Passwords

Critical:    Less critical
Where:       Local system
Impact:      Exposure of sensitive information
Released:    2005-04-29

Kozan has discovered a security issue in ICUII, which can be exploited
by malicious, local users to disclose sensitive information.

Full Advisory:
http://secunia.com/advisories/15171/

 --

[SA15179] Kerio Products Password Brute Force and Denial of Service

Critical:    Not critical
Where:       From local network
Impact:      Brute force, DoS
Released:    2005-05-02

Javier Munoz has reported two weaknesses in Kerio WinRoute Firewall,
Kerio MailServer and Kerio Personal Firewall, which can be exploited by
malicious people to potentially cause a DoS (Denial of Service) and
brute force passwords.

Full Advisory:
http://secunia.com/advisories/15179/

 --

[SA15184] NotJustBrowsing Disclosure of Lock Password

Critical:    Not critical
Where:       Local system
Impact:      Exposure of sensitive information
Released:    2005-05-02

Kozan has discovered a security issue in NotJustBrowsing, which can be
exploited by malicious, local users to disclose sensitive information.

Full Advisory:
http://secunia.com/advisories/15184/


UNIX/Linux:--

[SA15236] Fedora update for kdelibs

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2005-05-03

Fedora has issued an update for kdelibs. This fixes a vulnerability,
which potentially can be exploited by malicious people to compromise a
vulnerable system.

Full Advisory:
http://secunia.com/advisories/15236/

 --

[SA15227] Mac OS X Security Update Fixes Multiple Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      Security Bypass, Spoofing, Exposure of sensitive
information, Privilege escalation, System access
Released:    2005-05-04

Apple has issued a security update for Mac OS X, which fixes various
vulnerabilities.

Full Advisory:
http://secunia.com/advisories/15227/

 --

[SA15210] Slackware update for xine-lib

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2005-05-03

Slackware has issued an update for xine-lib. This fixes some
vulnerabilities, which potentially can be exploited by malicious people
to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/15210/

 --

[SA15203] SUSE Updates for Multiple Packages

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2005-05-02

SUSE has issued updates for multiple packages. These fix various
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service) and compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/15203/

 --

[SA15202] Gentoo update for pound

Critical:    Highly critical
Where:       From remote
Impact:      System access, DoS
Released:    2005-05-02

Gentoo has issued an update for pound. This fixes a vulnerability,
which potentially can be exploited by malicious people to compromise a
vulnerable system.

Full Advisory:
http://secunia.com/advisories/15202/

 --

[SA15199] Ubuntu update for kdelibs

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2005-05-03

Ubuntu has issued an update for kdelibs. This fixes a vulnerability,
which potentially can be exploited by malicious people to compromise a
vulnerable system.

Full Advisory:
http://secunia.com/advisories/15199/

 --

[SA15189] Mandriva update for xpm

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2005-05-02

Mandriva has issued an update for xpm. This fixes a vulnerability,
which potentially can be exploited by malicious people to compromise a
vulnerable system.

Full Advisory:
http://secunia.com/advisories/15189/

 --

[SA15182] Red Hat update for php

Critical:    Highly critical
Where:       From remote
Impact:      Security Bypass, DoS, System access
Released:    2005-04-29

Red Hat has issued an update for php. This fixes some vulnerabilities,
which can be exploited by malicious, local users to access files
outside the "open_basedir" root and by malicious people to cause a DoS
(Denial of Service) and potentially compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/15182/

 --

[SA15180] Red Hat update for mozilla

Critical:    Highly critical
Where:       From remote
Impact:      Cross Site Scripting, Spoofing, Manipulation of data,
Exposure of system information, Exposure of sensitive information,
Privilege escalation, System access, Security Bypass
Released:    2005-04-29

Red Hat has issued an update for mozilla. This fixes some
vulnerabilities, which can be exploited by malicious, local users to
gain knowledge of sensitive information and perform certain actions on
a vulnerable system with escalated privileges and by malicious people
to conduct spoofing and cross-site scripting attacks, disclose
sensitive and system information, bypass certain security restrictions,
trick users into downloading malicious files and compromise a user's
system.

Full Advisory:
http://secunia.com/advisories/15180/

 --

[SA15243] Ubuntu update for cvs

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2005-05-04

Ubuntu has issued an update for cvs. This fixes a vulnerability, which
can be exploited by malicious people to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/15243/

 --

[SA15238] Ubuntu update for kommander

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2005-05-04

Ubuntu has issued an update for kommander. This fixes a vulnerability,
which can be exploited by malicious people to compromise a user's
system.

Full Advisory:
http://secunia.com/advisories/15238/

 --

[SA15225] Open WebMail Shell Command Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2005-05-03

A vulnerability has been reported in Open WebMail, which can be
exploited by malicious users to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/15225/

 --

[SA15211] Avaya Kerberos Telnet Client vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2005-05-02

Avaya has issued an update for krb5. This fixes two vulnerabilities,
which can be exploited by malicious people to compromise a user's
system.

Full Advisory:
http://secunia.com/advisories/15211/

 --

[SA15193] GnuTLS Record Packet Parsing Denial of Service Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2005-05-02

A vulnerability has been reported in GnuTLS, which potentially can be
exploited by malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/15193/

 --

[SA15188] Red Hat update for kernel

Critical:    Moderately critical
Where:       From remote
Impact:      Privilege escalation, DoS
Released:    2005-04-29

Red Hat has issued an update for the kernel. This fixes some
vulnerabilities, which can be exploited to gain escalated privileges or
cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/15188/

 --

[SA15187] Red Hat update for kernel

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, Privilege escalation
Released:    2005-04-29

Red Hat has issued an update for the kernel. This fixes some
vulnerabilities, which can be exploited to gain escalated privileges or
cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/15187/

 --

[SA15183] Fedora update for kdewebdev

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2005-04-29

Fedora has issued an update for kdewebdev. This fixes a vulnerability,
which can be exploited by malicious people to compromise a user's
system.

Full Advisory:
http://secunia.com/advisories/15183/

 --

[SA15177] OpenBSD update for cvs

Critical:    Moderately critical
Where:       From remote
Impact:      Unknown, DoS, System access
Released:    2005-04-29

OpenBSD has issued an update for cvs. This fixes some vulnerabilities,
which potentially can be exploited by malicious people to cause a DoS
(Denial of Service) and compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/15177/

 --

[SA15172] Debian update for ethereal

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2005-04-29

Debian has issued an update for ethereal. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service) or compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/15172/

 --

[SA15170] Debian update for prozilla

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2005-04-29

Debian has issued an update for prozilla. This fixes some
vulnerabilities, which can be exploited by malicious people to
compromise a user's system.

Full Advisory:
http://secunia.com/advisories/15170/

 --

[SA15217] PostgreSQL Character Conversion and tsearch2 Module
Vulnerabilities

Critical:    Moderately critical
Where:       From local network
Impact:      Unknown, Privilege escalation, DoS
Released:    2005-05-04

Two vulnerabilities have been reported in PostgreSQL, which can be
exploited by malicious users to cause a DoS (Denial of Service) or
potentially gain escalated privileges.

Full Advisory:
http://secunia.com/advisories/15217/

 --

[SA15240] MaraDNS Unspecified Random Number Generator Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Unknown
Released:    2005-05-04

A vulnerability with an unknown impact has been reported in MaraDNS.

Full Advisory:
http://secunia.com/advisories/15240/

 --

[SA15237] Fedora update for tcpdump

Critical:    Less critical
Where:       From remote
Impact:      DoS
Released:    2005-05-03

Fedora has issued an update for tcpdump. This fixes some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/15237/

 --

[SA15229] Debian update for smartlist

Critical:    Less critical
Where:       From remote
Impact:      Security Bypass
Released:    2005-05-04

Debian has issued an update for smartlist. This fixes a vulnerability,
which can be exploited by malicious people to bypass certain security
restrictions.

Full Advisory:
http://secunia.com/advisories/15229/

 --

[SA15221] SmartList confirm Add-On Arbitrary Addresses Subscribe

Critical:    Less critical
Where:       From remote
Impact:      Security Bypass
Released:    2005-05-04

Jeroen van Wolffelaar has reported a vulnerability in the confirm
add-on for SmartList, which can be exploited by malicious people to
bypass certain security restrictions.

Full Advisory:
http://secunia.com/advisories/15221/

 --

[SA15194] Gentoo update for horde

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2005-05-02

Gentoo has issued updates for horde, horde-vacation, horde-turba,
horde-passwd, horde-nag, horde-mnemo, horde-kronolith, horde-imp,
horde-accounts, horde-forwards and horde-chora. These fix a
vulnerability, which can be exploited by malicious people to conduct
cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/15194/

 --

[SA15228] Ubuntu update for libnet-ssleay-perl

Critical:    Less critical
Where:       Local system
Impact:      Manipulation of data
Released:    2005-05-04

Ubuntu has issued an update for libnet-ssleay-perl. This fixes a
vulnerability, which can be exploited by malicious, local users to
weaken certain cryptographic operations.

Full Advisory:
http://secunia.com/advisories/15228/

 --

[SA15224] Mac OS X pty Permission Security Issue

Critical:    Less critical
Where:       Local system
Impact:      Exposure of sensitive information
Released:    2005-05-04

Matt Johnston has discovered a security issue in Mac OS X, which can be
exploited by malicious, local users to gain knowledge of potentially
sensitive information.

Full Advisory:
http://secunia.com/advisories/15224/

 --

[SA15207] Perl Net::SSLeay Module Entropy Source Manipulation

Critical:    Less critical
Where:       Local system
Impact:      Manipulation of data
Released:    2005-05-04

Javier Fernandez-Sanguino Pena has reported a vulnerability in the
Net::SSLeay module for Perl, which can be exploited by malicious, local
users to weaken certain cryptographic operations.

Full Advisory:
http://secunia.com/advisories/15207/

 --

[SA15201] Cocktail Exposure of Administrator Password

Critical:    Less critical
Where:       Local system
Impact:      Exposure of sensitive information
Released:    2005-05-02

sonderling has reported a security issue in Cocktail, which can be
exploited by malicious, local users to disclose sensitive information.

Full Advisory:
http://secunia.com/advisories/15201/

 --

[SA15198] Gentoo phpmyadmin Installation Script Insecure Permissions

Critical:    Less critical
Where:       Local system
Impact:      Exposure of sensitive information
Released:    2005-05-02

A security issue has been reported in phpmyadmin, which can be
exploited by malicious, local users to disclose sensitive information.

Full Advisory:
http://secunia.com/advisories/15198/

 --

[SA15197] Ce/Ceterm Privilege Escalation Vulnerabilities

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2005-05-02

Kevin Finisterre has reported some vulnerabilities in Ce/Ceterm, which
potentially can be exploited by malicious, local users to gain
escalated privileges.

Full Advisory:
http://secunia.com/advisories/15197/

 --

[SA15196] ArcInfo Workstation Format String and Buffer Overflow
Vulnerabilities

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2005-05-02

Kevin Finisterre has reported some vulnerabilities in ArcInfo
Workstation, which can be exploited by malicious, local users to gain
escalated privileges.

Full Advisory:
http://secunia.com/advisories/15196/

 --

[SA15191] Fedora update for Perl

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2005-05-03

Fedora has issued an update for perl. This fixes some vulnerabilities,
which can be exploited by malicious, local users to gain escalated
privileges.

Full Advisory:
http://secunia.com/advisories/15191/

 --

[SA15186] Red Hat update for glibc

Critical:    Less critical
Where:       Local system
Impact:      Exposure of system information, Privilege escalation
Released:    2005-04-29

Red Hat has issued an update for glibc. This fixes some
vulnerabilities, which can be exploited by malicious, local users to
gain knowledge of some system information or perform certain actions on
a vulnerable system with escalated privileges.

Full Advisory:
http://secunia.com/advisories/15186/

 --

[SA15185] Mandriva update for perl

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2005-05-02

Mandriva has issued an update for perl. This fixes a vulnerability,
which potentially can be exploited by malicious, local users to gain
escalated privileges.

Full Advisory:
http://secunia.com/advisories/15185/

 --

[SA15252] leafnode Two Denial of Service Issues

Critical:    Not critical
Where:       From remote
Impact:      DoS
Released:    2005-05-05

Two issues have been reported in leafnode, which can be exploited by
malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/15252/

 --

[SA15204] Linux Kernel Local Denial of Service Vulnerabilities

Critical:    Not critical
Where:       Local system
Impact:      DoS
Released:    2005-05-02

Two vulnerabilities have been reported in the Linux Kernel, which can
be exploited by malicious, local users to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/15204/


Other:--

[SA15205] BIG-IP / 3-DNS ICMP Handling Denial of Service Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      DoS
Released:    2005-05-02

F5 Networks has acknowledged a vulnerability in BIG-IP and 3-DNS, which
can be exploited by malicious people to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/15205/


Cross Platform:--

[SA15216] osTicket Multiple Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      Cross Site Scripting, Manipulation of data, Exposure of
sensitive information, System access
Released:    2005-05-03

James Bercegay has reported some vulnerabilities in osTicket, which can
be exploited by malicious users to conduct SQL injection attacks, and by
malicious people to conduct cross-site scripting and script insertion
attacks, disclose sensitive information and compromise a vulnerable
system.

Full Advisory:
http://secunia.com/advisories/15216/

 --

[SA15213] SitePanel Multiple Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      Cross Site Scripting, Manipulation of data, Exposure of
sensitive information, System access
Released:    2005-05-03

James Bercegay has reported some vulnerabilities in SitePanel, which
can be exploited by malicious people to conduct cross-site scripting
attacks, disclose sensitive information and compromise a vulnerable
system.

Full Advisory:
http://secunia.com/advisories/15213/

 --

[SA15195] Mtp Target Format String and Denial of Service
Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2005-05-02

Luigi Auriemma has reported two vulnerabilities in Mtp Target, which
can be exploited to malicious people to cause a DoS (Denial of Service)
or compromise a user's system.

Full Advisory:
http://secunia.com/advisories/15195/

 --

[SA15233] LibTomCrypt Unspecified ECC Signature Scheme Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Unknown
Released:    2005-05-04

A vulnerability with an unknown impact has been reported in
LibTomCrypt.

Full Advisory:
http://secunia.com/advisories/15233/

 --

[SA15232] FishCart Cross-Site Scripting and SQL Injection
Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting, Manipulation of data
Released:    2005-05-04

Diabolic Crab has reported some vulnerabilities in FishCart, which can
be exploited by malicious people to conduct cross-site scripting and
SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/15232/

 --

[SA15220] PRADO Unspecified ViewState Data Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Unknown
Released:    2005-05-04

A vulnerability with an unknown impact has been reported in PRADO.

Full Advisory:
http://secunia.com/advisories/15220/

 --

[SA15219] Woltlab Burning Board JGS-Portal "id" SQL Injection

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2005-05-03

[R] has reported a vulnerability in the JGS-Portal module for Woltlab
Burning Board, which can be exploited by malicious people to conduct
SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/15219/

 --

[SA15208] eSKUeL "ConfLangCookie" and "lang_config" Local File
Inclusion

Critical:    Moderately critical
Where:       From remote
Impact:      Exposure of sensitive information
Released:    2005-05-04

Gerardo Di Giacomo has reported two vulnerabilities in eSKUeL, which
can be exploited by malicious people to disclose sensitive
information.

Full Advisory:
http://secunia.com/advisories/15208/

 --

[SA15206] BirdBlog BB Code Script Insertion Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2005-05-03

A vulnerability has been reported in BirdBlog, which potentially can be
exploited by malicious people to conduct script insertion attacks.

Full Advisory:
http://secunia.com/advisories/15206/

 --

[SA15181] ViArt Shop Enterprise Cross-Site Scripting and Script
Insertion

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2005-05-02

Lostmon has reported some vulnerabilities in ViArt Shop Enterprise,
which can be exploited by malicious people to conduct cross-site
scripting and script insertion attacks.

Full Advisory:
http://secunia.com/advisories/15181/

 --

[SA15226] OpenView Event Correlation Services Unspecified
Vulnerabilities

Critical:    Moderately critical
Where:       From local network
Impact:      DoS, System access
Released:    2005-05-03

Some vulnerabilities have been reported in OpenView Event Correlation
Services, which can be exploited by malicious people to cause a DoS
(Denial of Service) or compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/15226/

 --

[SA15223] OpenView Network Node Manager Unspecified Vulnerabilities

Critical:    Moderately critical
Where:       From local network
Impact:      DoS, System access
Released:    2005-05-03

Some vulnerabilities have been reported in HP OpenView Network Node
Manager (OV NNM), which can be exploited by malicious people to cause a
DoS (Denial of Service) or compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/15223/

 --

[SA15218] Web Crossing "webx" Cross-Site Scripting Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2005-05-03

Dr_insane has reported a vulnerability in Web Crossing, which can be
exploited by malicious people to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/15218/

 --

[SA15215] Symantec Products ICMP Handling Denial of Service

Critical:    Less critical
Where:       From remote
Impact:      DoS
Released:    2005-05-03

Symantec has acknowledged some security issues in various products,
which can be exploited by malicious people to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/15215/

 --

[SA15235] GraphicsMagick PNM Image Decoding Buffer Overflow
Vulnerability

Critical:    Not critical
Where:       From remote
Impact:      DoS
Released:    2005-05-03

A vulnerability has been reported in GraphicsMagick, which can be
exploited by malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/15235/



========================================================================

Secunia recommends that you verify all advisories you receive,
by clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only use
those supplied by the vendor.

Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/

Subscribe:
http://secunia.com/secunia_weekly_summary/

Contact details:
Web	: http://secunia.com/
E-mail	: support at secunia.com
Tel	: +45 70 20 51 44
Fax	: +45 70 20 51 45





More information about the ISN mailing list