Internet Security Summary 0603

scan pc for spyware or adware free

Internet Security Summary 0603

This Week:

infamous41md has reported four vulnerabilities in GNU Mailutils, which
can be exploited to cause a DoS (Denial of Service) or compromise a
vulnerable system.

Please refer to Secunia advisory below for additional details.

VIRUS ALERTS:

During the last week, Secunia issued 2 MEDIUM RISK virus alerts.
Please refer to the grouped virus profiles below for more information:

Mytob.CU - MEDIUM RISK Virus Alert - 2005-06-01 03:19 GMT+1

Mytob.bh - MEDIUM RISK Virus Alert - 2005-05-30 15:04 GMT+1


3) This Weeks Top Ten Most Read Advisories:

1. [SA15470] CA Multiple Products Vet Antivirus Engine Buffer Overflow
2. [SA15546] Microsoft Internet Explorer "window()" Denial of Service
Weakness
3. [SA15292] Mozilla Firefox Two Vulnerabilities
4. [SA15531] BIG-IP TCP Timestamp Denial of Service
5. [SA15528] Ubuntu update for mozilla-firefox
6. [SA15526] HP-UX ICMP Message Handling Denial of Service
7. [SA15525] HP-UX Unspecified Security Bypass Vulnerability
8. [SA15548] Nortel VPN Routers IKE Packet Handling Denial of Service
9. [SA14820] Mozilla Firefox JavaScript Engine Information Disclosure
Vulnerability
10. [SA15530] Fedora update for imagemagick


4) Vulnerabilities Summary Listing

Windows:
[SA15520] Terminator 3: War of the Machines Two Vulnerabilities
[SA15564] JiRo's Upload System "password" SQL Injection Vulnerability
[SA15560] NEXTWEB (i)Site Multiple Vulnerabilities
[SA15557] Hummingbird InetD Components Buffer Overflow Vulnerabilities
[SA15556] Stronghold 2 Nickname Denial of Service Vulnerability
[SA15515] ZonGG "password" SQL Injection Vulnerability
[SA15511] MaxWebPortal "memKey" SQL Injection Vulnerability
[SA15539] FutureSoft TFTP Server 2000 Directory Traversal and Buffer
Overflows
[SA15540] Hosting Controller "jresourceid" SQL Injection Vulnerability
[SA15546] Microsoft Internet Explorer "window()" Denial of Service
Weakness
[SA15522] SoftICE DbgMsg.sys Driver Denial of Service Vulnerability

UNIX/Linux:
[SA15579] Conectiva update for php4
[SA15529] Gentoo update for mailutils
[SA15528] Ubuntu update for mozilla-firefox
[SA15574] Red Hat update for gnutls
[SA15523] NewLife Blogger Unspecified SQL Injection Vulnerabilities
[SA15514] SGI IRIX update for telnet
[SA15513] Red Hat update for imagemagick
[SA15576] Red Hat update for postgresql
[SA15570] Mandriva update for postgresql
[SA15525] HP-UX Unspecified Security Bypass Vulnerability
[SA15578] Conectiva update for gftp
[SA15533] qmail Memory Corruption Vulnerability
[SA15526] HP-UX ICMP Message Handling Denial of Service
[SA15577] Red Hat update for openssl
[SA15575] Trustix update for binutils
[SA15554] Mandriva update for gdb
[SA15544] Fast n Furious DtDNS Updater Command Line Argument
Disclosure
[SA15527] Ubuntu update for binutils/binutils-multiarch
[SA15524] Ubuntu update for gdb
[SA15512] Red Hat update for kernel
[SA15530] Fedora update for imagemagick
[SA15542] Clam AntiVirus on Mac OS X Privilege Escalation
Vulnerability

Other:
[SA15541] PicoWebServer HTTP Request Processing Buffer Overflow
[SA15548] Nortel VPN Routers IKE Packet Handling Denial of Service
[SA15531] BIG-IP TCP Timestamp Denial of Service

Cross Platform:
[SA15537] PowerDownload "incdir" File Inclusion Vulnerability
[SA15536] PeerCast URL Format String Vulnerability
[SA15519] C'Nedra "READ_TCP_STRING()" Buffer Overflow Vulnerability
[SA15510] PHP Poll Creator "relativer_pfad" File Inclusion
Vulnerability
[SA15569] Calendarix Advanced SQL Injection Vulnerabilities
[SA15558] I-Man File Attachments Upload Vulnerability
[SA15555] Qualiteam X-Cart Gold SQL Injection Vulnerabilities
[SA15552] MyBulletinBoard Multiple Vulnerabilities
[SA15550] ezUserManager Script Insertion and SQL Injection
[SA15538] FreeStyle Wiki Attachments Script Insertion Vulnerability
[SA15535] Ettercap "curses_msg()" Format String Vulnerability
[SA15534] phpThumb() "src" Exposure of Sensitive Information
[SA15532] NPDS Multiple Vulnerabilities
[SA15521] Hosting Controller "UserProfile.asp" Authentication Bypass
[SA15517] WordPress "cat_ID" SQL Injection Vulnerability
[SA15516] PHPstat "check" Authentication Bypass Vulnerability
[SA15562] Symantec Brightmail AntiSpam Static Database Password
[SA15547] Jaws "term" Cross-Site Scripting Vulnerability
[SA15543] PHPMailer "Data()" Denial of Service Vulnerability
[SA15518] NikoSoft WebMail Unspecified Cross-Site Scripting
Vulnerability
[SA15545] Invision Power Board Privilege Escalation Vulnerability


5) Vulnerabilities Content Listing

Windows:

[SA15520] Terminator 3: War of the Machines Two Vulnerabilities

Critical: Highly critical
Where: From remote
Impact: DoS, System access

Luigi Auriemma has reported two vulnerabilities in Terminator 3: War of
the Machines, which can be exploited by malicious people to cause a DoS
(Denial of Service) and potentially compromise a vulnerable system.

[SA15564] JiRo's Upload System "password" SQL Injection Vulnerability

Critical: Moderately critical
Where: From remote
Impact: Manipulation of data

Romty has reported a vulnerability in JiRo's Upload System, which can
be exploited by malicious people to conduct SQL injection attacks.

[SA15560] NEXTWEB (i)Site Multiple Vulnerabilities

Critical: Moderately critical
Where: From remote
Impact: Manipulation of data, Exposure of sensitive information,
DoS

Trash-80 has reported some vulnerabilities in NEXTWEB (i)Site, which
can be exploited by malicious people to cause a DoS (Denial of
Service), conduct SQL injection attacks and disclose sensitive
information.

[SA15557] Hummingbird InetD Components Buffer Overflow Vulnerabilities

Critical: Moderately critical
Where: From remote
Impact: DoS, System access

Two vulnerabilities have been reported in Hummingbird InetD, which can
be exploited by malicious people to cause a DoS (Denial of Service) and
potentially compromise a vulnerable system.

[SA15556] Stronghold 2 Nickname Denial of Service Vulnerability

Critical: Moderately critical
Where: From remote
Impact: DoS

Luigi Auriemma has reported a vulnerability in Stronghold 2, which can
be exploited by malicious people to cause a DoS (Denial of Service).

[SA15515] ZonGG "password" SQL Injection Vulnerability

Critical: Moderately critical
Where: From remote
Impact: Manipulation of data

Romty has reported a vulnerability in ZonGG, which can be exploited by
malicious people to conduct SQL injection attacks.

[SA15511] MaxWebPortal "memKey" SQL Injection Vulnerability

Critical: Moderately critical
Where: From remote
Impact: Manipulation of data

Soroush Dalili has reported a vulnerability in MaxWebPortal, which can
be exploited by malicious people to conduct SQL injection attacks.

[SA15539] FutureSoft TFTP Server 2000 Directory Traversal and Buffer
Overflows

Critical: Moderately critical
Where: From local network
Impact: Exposure of system information, Exposure of sensitive
information, System access

Tan Chew Keong has reported some vulnerabilities in TFTP Server 2000,
which can be exploited by malicious people to gain knowledge of
sensitive information or compromise a vulnerable system.

[SA15540] Hosting Controller "jresourceid" SQL Injection Vulnerability

Critical: Less critical
Where: From remote
Impact: Manipulation of data

Soroush Dalili has reported a vulnerability in Hosting Controller,
which can be exploited by malicious users to conduct SQL injection
attacks.

[SA15546] Microsoft Internet Explorer "window()" Denial of Service
Weakness

Critical: Not critical
Where: From remote
Impact: DoS

Benjamin Tobias Franz has discovered a weakness in Internet Explorer,
which can be exploited by malicious people to cause a DoS (Denial of
Service).

[SA15522] SoftICE DbgMsg.sys Driver Denial of Service Vulnerability

Critical: Not critical
Where: Local system
Impact: DoS

Piotr Bania has reported a vulnerability in SoftICE, which can be
exploited by malicious, local users to cause a DoS (Denial of
Service).

UNIX/Linux:

[SA15579] Conectiva update for php4

Critical: Highly critical
Where: From remote
Impact: Unknown, DoS, System access

Conectiva has issued an update for php4. This fixes some
vulnerabilities, where some have an unknown impact and others can be
exploited by malicious people to cause a DoS (Denial of Service) and
potentially compromise a vulnerable system.

[SA15529] Gentoo update for mailutils

Critical: Highly critical
Where: From remote
Impact: DoS, System access

Gentoo has issued an update for mailutils. This fixes some
vulnerabilities, which can be exploited to cause a DoS (Denial of
Service) or compromise a vulnerable system.

[SA15528] Ubuntu update for mozilla-firefox

Critical: Highly critical
Where: From remote
Impact: Cross Site Scripting, System access

Ubuntu has issued an update for mozilla-firefox. This fixes two
vulnerabilities, which can be exploited by malicious people to conduct
cross-site scripting attacks and compromise a user's system.

[SA15574] Red Hat update for gnutls

Critical: Moderately critical
Where: From remote
Impact: DoS

Red Hat has issued an update for gnutls. This fixes a vulnerability,
which potentially can be exploited by malicious people to cause a DoS
(Denial of Service).

[SA15523] NewLife Blogger Unspecified SQL Injection Vulnerabilities

Critical: Moderately critical
Where: From remote
Impact: Manipulation of data

Some vulnerabilities have been reported in NewLife Blogger, which can
be exploited to conduct SQL injection attacks.

[SA15514] SGI IRIX update for telnet

Critical: Moderately critical
Where: From remote
Impact: System access

SGI has issued an update for telnet. This fixes two vulnerabilities,
which can be exploited by malicious people to compromise a user's
system.

[SA15513] Red Hat update for imagemagick

Critical: Moderately critical
Where: From remote
Impact: DoS, System access

Red Hat has issued an update for imagemagick. This fixes a
vulnerability, which can be exploited by malicious people to cause a
DoS (Denial of Service) or potentially compromise a user's system.

[SA15576] Red Hat update for postgresql

Critical: Moderately critical
Where: From local network
Impact: Unknown, Privilege escalation, DoS

Red Hat has released an update for postgresql. This fixes two
vulnerabilities, which can be exploited by malicious users to cause a
DoS (Denial of Service) or potentially gain escalated privileges.

[SA15570] Mandriva update for postgresql

Critical: Moderately critical
Where: From local network
Impact: Unknown, Privilege escalation, DoS

Mandriva has issued an update for postgresql. This fixes two
vulnerabilities, which can be exploited by malicious users to cause a
DoS (Denial of Service) or potentially gain escalated privileges.

[SA15525] HP-UX Unspecified Security Bypass Vulnerability

Critical: Moderately critical
Where: From local network
Impact: Security Bypass

A vulnerability has been reported in HP-UX, which potentially can be
exploited by malicious people to bypass certain security restrictions.

[SA15578] Conectiva update for gftp

Critical: Less critical
Where: From remote
Impact: Security Bypass, Manipulation of data

Conectiva has issued an update for gftp. This fixes a vulnerability,
which can be exploited by malicious people to conduct directory
traversal attacks.

[SA15533] qmail Memory Corruption Vulnerability

Critical: Less critical
Where: From remote
Impact: DoS, System access

Georgi Guninski has reported a vulnerability in qmail, which can be
exploited by malicious people to compromise a vulnerable system.

[SA15526] HP-UX ICMP Message Handling Denial of Service

Critical: Less critical
Where: From remote
Impact: DoS

HP has acknowledged a vulnerability in HP-UX, which can be exploited by
malicious people to cause a DoS (Denial of Service).

[SA15577] Red Hat update for openssl

Critical: Less critical
Where: Local system
Impact: Exposure of sensitive information, Privilege escalation

Red Hat has issued an update for openssl. This fixes two
vulnerabilities, which can be exploited by malicious, local users to
gain knowledge of sensitive information or perform certain actions with
escalated privileges.

[SA15575] Trustix update for binutils

Critical: Less critical
Where: Local system
Impact: Privilege escalation

Trustix has issued an update for binutils. This fixes a vulnerability,
which potentially can be exploited by malicious, local users to gain
escalated privileges.

[SA15554] Mandriva update for gdb

Critical: Less critical
Where: Local system
Impact: Privilege escalation

Mandriva has issued an update for gdb. This fixes two vulnerabilities,
which potentially can be exploited by malicious, local users to gain
escalated privileges.

[SA15544] Fast n Furious DtDNS Updater Command Line Argument
Disclosure

Critical: Less critical
Where: Local system
Impact: Exposure of sensitive information

A security issue has been reported in Fast n Furious DtDNS Updater,
which may disclose sensitive information to malicious, local users.

[SA15527] Ubuntu update for binutils/binutils-multiarch

Critical: Less critical
Where: Local system
Impact: Privilege escalation

Ubuntu has issued updates for binutils and binutils-multiarch. These
fix a vulnerability, which potentially can be exploited by malicious,
local users to gain escalated privileges.

[SA15524] Ubuntu update for gdb

Critical: Less critical
Where: Local system
Impact: Privilege escalation

Ubuntu has issued an update for gdb. This fixes two vulnerabilities,
which potentially can be exploited by malicious, local users to gain
escalated privileges.

[SA15512] Red Hat update for kernel

Critical: Less critical
Where: Local system
Impact: Exposure of sensitive information, Privilege escalation,
Security Bypass

Red Hat has issued an update for the kernel. This fixes some
vulnerabilities, which can be exploited by malicious, local users to
gain knowledge of potentially sensitive information and gain escalated
privileges.

[SA15530] Fedora update for imagemagick

Critical: Not critical
Where: From remote
Impact: DoS

Fedora has issued an update for imagemagick. This fixes a weakness,
which can be exploited by malicious people to cause a DoS (Denial of
Service).

[SA15542] Clam AntiVirus on Mac OS X Privilege Escalation
Vulnerability

Critical: Not critical
Where: Local system
Impact: Privilege escalation

Tim Morgan and Kevin Amorin have reported a vulnerability in Clam
AntiVirus, which potentially can be exploited by malicious, local users
to gain escalated privileges.

Other:

[SA15541] PicoWebServer HTTP Request Processing Buffer Overflow

Critical: Highly critical
Where: From remote
Impact: System access

Dennis Elser has reported a vulnerability in PicoWebServer, which can
be exploited by malicious people to compromise a vulnerable system.

[SA15548] Nortel VPN Routers IKE Packet Handling Denial of Service

Critical: Moderately critical
Where: From remote
Impact: DoS

NTA-Monitor has reported a vulnerability in Nortel VPN Routers, which
can be exploited by malicious people to cause a DoS (Denial of
Service).

[SA15531] BIG-IP TCP Timestamp Denial of Service

Critical: Less critical
Where: From remote
Impact: DoS

F5 Networks has acknowledged a vulnerability in BIG-IP, which can be
exploited by malicious people to cause a DoS (Denial of Service) on an
active TCP session.

Cross Platform:

[SA15537] PowerDownload "incdir" File Inclusion Vulnerability

Critical: Highly critical
Where: From remote
Impact: System access

SoulBlack Security Research has discovered a vulnerability in
PowerDownload, which can be exploited by malicious people to compromise
a vulnerable system.

[SA15536] PeerCast URL Format String Vulnerability

Critical: Highly critical
Where: From remote
Impact: System access

James Bercegay has reported a vulnerability in PeerCast, which
potentially can be exploited by malicious people to compromise a
vulnerable system.

[SA15519] C'Nedra "READ_TCP_STRING()" Buffer Overflow Vulnerability

Critical: Highly critical
Where: From remote
Impact: System access

Luigi Auriemma has reported a vulnerability in C'Nedra, which can be
exploited by malicious people to compromise a vulnerable system.

[SA15510] PHP Poll Creator "relativer_pfad" File Inclusion
Vulnerability

Critical: Highly critical
Where: From remote
Impact: System access

rash ilusion has reported a vulnerability in PHP Poll Creator, which
can be exploited by malicious people to compromise a vulnerable
system.

[SA15569] Calendarix Advanced SQL Injection Vulnerabilities

Critical: Moderately critical
Where: From remote
Impact: Manipulation of data

DarkBicho has discovered some vulnerabilities in Calendarix Advanced,
which can be exploited by malicious people to conduct SQL injection
attacks.

[SA15558] I-Man File Attachments Upload Vulnerability

Critical: Moderately critical
Where: From remote
Impact: System access

A vulnerability has been reported in I-Man, which can be exploited by
malicious users to compromise a vulnerable system.

[SA15555] Qualiteam X-Cart Gold SQL Injection Vulnerabilities

Critical: Moderately critical
Where: From remote
Impact: Manipulation of data

Censored has reported some vulnerabilities in Qualiteam X-Cart Gold,
which can be exploited by malicious people to conduct SQL injection
attacks.

[SA15552] MyBulletinBoard Multiple Vulnerabilities

Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting, Manipulation of data

Some vulnerabilities have been reported in MyBulletinBoard (MyBB),
which can be exploited by malicious people to conduct cross-site
scripting, script insertion and SQL injection attacks.

[SA15550] ezUserManager Script Insertion and SQL Injection

Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting, Manipulation of data

Some vulnerabilities have been reported in ezUserManager, which can be
exploited by malicious people to conduct script insertion and SQL
injection attacks.

[SA15538] FreeStyle Wiki Attachments Script Insertion Vulnerability

Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting

A vulnerability has been reported in FreeStyle Wiki and FSWikiLite,
which can be exploited by malicious people to conduct script insertion
attacks.

[SA15535] Ettercap "curses_msg()" Format String Vulnerability

Critical: Moderately critical
Where: From remote
Impact: System access

A vulnerability has been reported in Ettercap, which can be exploited
by malicious people to compromise a vulnerable system.

[SA15534] phpThumb() "src" Exposure of Sensitive Information

Critical: Moderately critical
Where: From remote
Impact: Exposure of sensitive information

A vulnerability has been reported in phpThumb(), which can be exploited
by malicious people to disclose sensitive information.

[SA15532] NPDS Multiple Vulnerabilities

Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting, Manipulation of data

NoSP and Romano has reported some vulnerabilities in NPDS, which can be
exploited by malicious people to conduct cross-site scripting, script
insertion and SQL injection attacks.

[SA15521] Hosting Controller "UserProfile.asp" Authentication Bypass

Critical: Moderately critical
Where: From remote
Impact: Security Bypass

A vulnerability has been reported in Hosting Controller, which can be
exploited by malicious people to bypass certain security restrictions.

[SA15517] WordPress "cat_ID" SQL Injection Vulnerability

Critical: Moderately critical
Where: From remote
Impact: Manipulation of data

A vulnerability has been reported in WordPress, which can be exploited
by malicious people to conduct SQL injection attacks.

[SA15516] PHPstat "check" Authentication Bypass Vulnerability

Critical: Moderately critical
Where: From remote
Impact: Security Bypass

SoulBlack Security Research has discovered a vulnerability in PHPstat,
which can be exploited by malicious people to bypass certain security
restrictions.

[SA15562] Symantec Brightmail AntiSpam Static Database Password

Critical: Moderately critical
Where: From local network
Impact: Security Bypass

A security issue has been reported in Symantec Brightmail AntiSpam,
which can be exploited by malicious people to bypass security
restrictions.

[SA15547] Jaws "term" Cross-Site Scripting Vulnerability

Critical: Less critical
Where: From remote
Impact: Cross Site Scripting

Paulino Calderon has reported a vulnerability in Jaws, which can be
exploited by malicious people to conduct cross-site scripting attacks.

[SA15543] PHPMailer "Data()" Denial of Service Vulnerability

Critical: Less critical
Where: From remote
Impact: DoS

Mariano Nuņez Di Croce has reported a vulnerability in PHPMailer, which
can be exploited by malicious people to cause a DoS (Denial of
Service).

[SA15518] NikoSoft WebMail Unspecified Cross-Site Scripting
Vulnerability

Critical: Less critical
Where: From remote
Impact: Cross Site Scripting

A vulnerability has been reported in NikoSoft WebMail, which
potentially can be exploited by malicious people to conduct cross-site
scripting attacks.

[SA15545] Invision Power Board Privilege Escalation Vulnerability

Critical: Not critical
Where: From remote
Impact: Privilege escalation

Rapigator has reported a vulnerability in Invision Power Board, which
can be exploited by malicious users to gain escalated privileges.


Internet Security News Home

WorldsLargestNetwork.com




Scan Your PC for Spyware Free

PC Speed Boost

Create Website Easily

Computer Monitoring Software

Internet Education

Anti Spy Software

Stop Pop Ups

Pop-up Eliminator

Adware Removal

Computer Virus Software

Free Scan Spyware Remover

IT Training

Security Software

Security Solutions

Software Protection

Speed Up PC

Virus Protection

Web Safety

Adware Remover and Spyware Protection

Animated Desktop Characters

Anti Virus Software

Audioexam Study Guides in Mp3 Format

Internet Privacy

Detection Connection

Investigate Anyone or Anything

Password Protection Software

Securing Privacy

Spyware Remover





Best of the Web 1 | Best of the Web 2 | Best of the Web 3 | Best of the Web 4


Worlds Largest Network

Active © 2006; WorldsLargestNetwork.com ; Rights Reserved