Secunia Security Advisory m22
Secunia Security Advisory m22
1) Word From Secunia:
Monitor, Filter, and Manage Security Information
- Filtering and Management of Secunia advisories
- Overview, documentation, and detailed reports
- Alerting via email and SMS
2) This Week in Brief:
ADVISORIES:
Two vulnerabilities have been reported in Konqueror, which can be
exploited by malicious people to compromise a vulnerable system.
The vendor has issued patches, which can be found in the referenced
Secunia advisory below.
VIRUS ALERTS:
Secunia has not issued any virus alerts during the week.
3) This Weeks Top Ten Most Read Advisories:
1. [SA13482] Internet Explorer DHTML Edit ActiveX Control Cross-Site
Scripting
2. [SA13481] PHP Multiple Vulnerabilities
3. [SA13129] Mozilla / Mozilla Firefox Window Injection Vulnerability
4. [SA13471] Adobe Reader / Adobe Acrobat Multiple Vulnerabilities
5. [SA13251] Microsoft Internet Explorer Window Injection
Vulnerability
6. [SA12889] Microsoft Internet Explorer Two Vulnerabilities
7. [SA13239] phpBB Multiple Vulnerabilities
8. [SA12959] Internet Explorer HTML Elements Buffer Overflow
Vulnerability
9. [SA13269] Winamp "IN_CDDA.dll" Buffer Overflow Vulnerability
10. [SA13474] Adobe Acrobat Reader "mailListIsPdf()" Function Buffer
Overflow
4) Vulnerabilities Summary Listing
Windows:
[SA13621] SurgeMail Unspecified Webmail Security Issue
[SA13583] Crystal FTP Client "LIST" Buffer Overflow Vulnerability
[SA13571] ArGoSoft Mail Server Script Insertion Vulnerability
[SA13618] Citrix Metaframe XP Unspecified Buffer Overflow
Vulnerability
[SA13605] tlen URL Script Insertion Vulnerability
[SA13591] WinRAR Delete File Buffer Overflow Vulnerability
[SA13578] Windows Media Player ActiveX Control Two Vulnerabilities
[SA13567] Google Desktop Search Exposure of Local Search Results
[SA13569] GamePort Two Security Bypass Vulnerabilities
UNIX/Linux:
[SA13639] Red Hat update for acroread
[SA13636] KDE kpdf "doImage()" Buffer Overflow Vulnerability
[SA13629] Fedora update for libtiff
[SA13626] Mandrake update for kdelibs
[SA13622] Mandrake update for mplayer
[SA13614] Red Hat update for PHP
[SA13611] Fedora update for PHP
[SA13608] HP-UX FTP Server Debug Logging Buffer Overflow Vulnerability
[SA13607] LibTIFF Two Integer Overflow Vulnerabilities
[SA13602] xpdf "doImage()" Buffer Overflow Vulnerability
[SA13595] Red Hat update for XFree86
[SA13590] Mandrake update for ethereal
[SA13586] KDE Konqueror Java Sandbox Security Bypass Vulnerabilities
[SA13585] Gentoo update for mplayer
[SA13581] Red Hat update for XFree86
[SA13568] Mandrake update for php
[SA13562] Gentoo update for PHP
[SA13561] Gentoo update for Ethereal
[SA13559] Gentoo update for KDE kfax
[SA13557] Gentoo update for phpMyAdmin
[SA13542] NapShare "auto_filter_extern()" Function Buffer Overflow
Vulnerability
[SA13533] Bolthole Filter "save_embedded_address()" Function Buffer
Overflow
[SA13502] xine-lib "open_aiff_file()" Buffer Overflow Vulnerability
[SA13499] Gentoo update for acroread
[SA13635] Rpm Finder "web()" Buffer Overflow and Insecure File
Creation
[SA13624] Mandrake update for krb5
[SA13616] Gentoo update for mpg123
[SA13606] Gentoo update for Zwiki
[SA13584] Debian update for xzgv
[SA13580] Debian update for htget
[SA13579] htget Buffer Overflow Vulnerability
[SA13560] Gentoo update for kdelibs / kdebase
[SA13558] Gentoo update for abcm2ps
[SA13554] YAMT "id3tag_sort()" Function Vulnerability
[SA13553] xlreader "book_format_sql()" Buffer Overflow Vulnerability
[SA13552] Vilistextum "get_attr()" Buffer Overflow Vulnerability
[SA13551] vb2c "parse()" Buffer Overflow Vulnerability
[SA13550] UnRTF "process_font_table()" Buffer Overflow Vulnerability
[SA13548] rtf2latex2e "ReadFontTbl()" Buffer Overflow Vulnerability
[SA13547] Ringtone Tools "parse_emelody()" Function Buffer Overflow
[SA13546] pgn2web "process_moves()" Buffer Overflow Vulnerability
[SA13545] Pcal "getline()" and "get_holiday()" Buffer Overflow
Vulnerabilities
[SA13544] o3read "parse_html()" Function Buffer Overflow Vulnerability
[SA13541] Mesh Viewer "Mesh::type()" Function Buffer Overflow
Vulnerability
[SA13539] Junkie FTP Client Two Vulnerabilities
[SA13538] jpegtoavi "get_file_list_stdin()" Function Buffer Overflow
Vulnerability
[SA13537] jcabc2ps "switch_voice()" Buffer Overflow Vulnerability
[SA13536] IglooFTP File Manipulation Vulnerabilities
[SA13535] html2hdml "remove_quote()" Buffer Overflow Vulnerability
[SA13534] GREED "DownloadLoop()" Function Vulnerabilities
[SA13532] DXFscope DXF File Parsing Buffer Overflow Vulnerability
[SA13531] csv2xml "get_field_headers()" Buffer Overflow Vulnerability
[SA13530] Convex 3D "readObjectChunk()" Buffer Overflow Vulnerability
[SA13529] chbg "simplify_path()" Buffer Overflow Vulnerability
[SA13527] libbsb "bsb_open_header()" Buffer Overflow Vulnerability
[SA13526] asp2php Two Buffer Overflow Vulnerabilities
[SA13525] abctab2ps Two Buffer Overflow Vulnerabilities
[SA13524] abcpp "handle_directive()" Buffer Overflow Vulnerability
[SA13523] abcm2ps "put_words()" Buffer Overflow Vulnerability
[SA13522] abc2mtex "process_abc()" Buffer Overflow Vulnerability
[SA13520] Red Hat update for gd
[SA13517] SUSE update for file/phprojekt
[SA13516] tnftp File Name Verification Vulnerability
[SA13514] qwik-smtpd "HELO" Command Buffer Overflow Vulnerability
[SA13512] abc2midi Two Buffer Overflow Vulnerabilities
[SA13511] mpg123 "find_next_file()" Buffer Overflow Vulnerability
[SA13506] Red Hat update for libxml
[SA13497] Sun Java Messaging Server Webmail Script Insertion
Vulnerability
[SA13623] SUSE update for samba
[SA13615] Fedora update for samba
[SA13613] Red Hat update for samba
[SA13612] Fedora update for krb5
[SA13597] Red Hat update for nfs-utils
[SA13592] Kerberos V5 "libkadm5srv" Buffer Overflow Vulnerability
[SA13582] Trustix update for samba
[SA13573] Fedora update for CUPS
[SA13570] Gentoo update for Samba
[SA13540] LinPopUp "strexpand()" Function Buffer Overflow
Vulnerability
[SA13510] CUPS hpgltops and lppasswd Vulnerabilities
[SA13507] Red Hat update for samba
[SA13601] Fedora update for namazu
[SA13600] Namazu "namazu.cgi" Cross-Site Scripting Vulnerability
[SA13588] Mandrake update for aspell
[SA13587] Gentoo update for nasm
[SA13556] Email Sanitizer Unspecified MIME Denial of Service
Vulnerability
[SA13543] NASM "error()" Function Buffer Overflow Vulnerability
[SA13610] SuSE update for kernel
[SA13642] Docbook-to-Man Insecure Temporary File Creation
[SA13640] LPRng "lprng_certs.sh" Script Insecure Temporary File
Creation
[SA13633] Debian debmake Insecure Temporary Directory Creation
[SA13598] Red Hat update for rh-postgresql
[SA13594] Red Hat update for glibc
[SA13589] IBM AIX Multiple Privilege Escalation Vulnerabilities
[SA13575] Debian update for ethereal
[SA13572] Linux Kernel Multiple Vulnerabilities
[SA13565] HP-UX newgrp Privilege Escalation Vulnerability
[SA13528] changepassword Privilege Escalation Vulnerability
[SA13521] Debian update for cscope
[SA13519] Debian update for a2ps
[SA13505] Red Hat update for zip
[SA13503] Gentoo update for cscope
[SA13501] NetBSD "compat" Privilege Escalation Vulnerabilities
[SA13498] Gentoo update for vim/gvim
[SA13625] Mandrake update for logcheck
[SA13617] SUSE update for ncpfs
[SA13549] uml-utilities Ethernet Connection Drop Security Issue
Other:
Cross Platform:
[SA13632] Sybase ASE Three Unspecified Vulnerabilities
[SA13508] MPlayer Multiple Vulnerabilities
[SA13620] 2Bgal "id_album" SQL Injection Vulnerability
[SA13564] IMG2ASCII Unspecified Vulnerability
[SA13563] Kayako eSupport Cross-Site Scripting and SQL Injection
[SA13555] Yanf "get()" Buffer Overflow Vulnerability
[SA13518] Cosminexus Web Contents Generator Buffer Overflow
Vulnerability
[SA13515] Moodle Multiple Unspecified Security Issues
[SA13513] Ikonboard "st" and "keywords" SQL Injection Vulnerability
[SA13500] AtBas 2fax "expandtabs()" Buffer Overflow Vulnerability
[SA13619] PsychoStats "login" Cross-Site Scripting Vulnerability
[SA13576] PHPFormMail "output_html()" Cross-Site Scripting
Vulnerabilities
[SA13574] PHP-Nuke Workboard Module Cross-Site Scripting
[SA13566] PERL Crypt::ECB Module ASCII "0" Encoding Security Issue
[SA13504] 68 Designs Froogle Installation Security Issue
[SA13593] Symantec Brightmail AntiSpam Notifier Denial of Service
5) Vulnerabilities Content Listing
Windows:--
[SA13621] SurgeMail Unspecified Webmail Security Issue
Critical: Moderately critical
Where: From remote
Impact: Unknown
Released: -12-23
A security issue with an unknown impact has been reported in
SurgeMail.
--
[SA13583] Crystal FTP Client "LIST" Buffer Overflow Vulnerability
Critical: Moderately critical
Where: From remote
Impact: System access
Released: -12-20
Luca Ercoli has discovered a vulnerability in Crystal FTP, which can be
exploited by malicious people to compromise a user's system.
--
[SA13571] ArGoSoft Mail Server Script Insertion Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting
Released: -12-20
A vulnerability has been reported in ArGoSoft Mail Server, which can be
exploited by malicious people to conduct script insertion attacks.
--
[SA13618] Citrix Metaframe XP Unspecified Buffer Overflow
Vulnerability
Critical: Moderately critical
Where: From local network
Impact: System access
Released: -12-22
A vulnerability has been reported in Citrix Metaframe XP, which can be
exploited by malicious people to compromise a vulnerable system.
--
[SA13605] tlen URL Script Insertion Vulnerability
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: -12-21
A vulnerability has been reported in tlen, allowing malicious people to
inject arbitrary script code.
--
[SA13591] WinRAR Delete File Buffer Overflow Vulnerability
Critical: Less critical
Where: From remote
Impact: System access
Released: -12-22
Vafa Khoshaein has discovered a vulnerability in WinRAR, which can be
exploited by malicious people to compromise a user's system.
--
[SA13578] Windows Media Player ActiveX Control Two Vulnerabilities
Critical: Less critical
Where: From remote
Impact: Manipulation of data, Exposure of system information,
Exposure of sensitive information
Released: -12-20
Arman Nayyeri has discovered two vulnerabilities in Microsoft Windows
Media Player, which can be exploited by malicious people to disclose
system information, and modify or disclose some sensitive information.
--
[SA13567] Google Desktop Search Exposure of Local Search Results
Critical: Less critical
Where: From remote
Impact: Exposure of sensitive information
Released: -12-21
A vulnerability has been reported in Google Desktop Search, which can
be exploited by malicious people to view local search results.
--
[SA13569] GamePort Two Security Bypass Vulnerabilities
Critical: Less critical
Where: Local system
Impact: Security Bypass
Released: -12-21
amoXi and Dr.vaXin have discovered two security issues in GamePort,
which can be exploited by malicious, local users to bypass some
security restrictions.
UNIX/Linux:--
[SA13639] Red Hat update for acroread
Critical: Highly critical
Where: From remote
Impact: System access
Released: -12-23
Red Hat has issued an update for acroread. This fixes a vulnerability,
which can be exploited by malicious people to compromise a user's
system.
--
[SA13636] KDE kpdf "doImage()" Buffer Overflow Vulnerability
Critical: Highly critical
Where: From remote
Impact: System access
Released: -12-23
The vendor has acknowledged a vulnerability in kpdf, which can be
exploited by malicious people to compromise a user's system.
--
[SA13629] Fedora update for libtiff
Critical: Highly critical
Where: From remote
Impact: System access
Released: -12-23
Fedora has issued an update for libtiff. This fixes a vulnerability,
which can be exploited by malicious people to compromise a vulnerable
system.
--
[SA13626] Mandrake update for kdelibs
Critical: Highly critical
Where: From remote
Impact: System access
Released: -12-23
MandrakeSoft has issued an update for kdelibs. This fixes a
vulnerability, which can be exploited by malicious people to compromise
a user's system.
--
[SA13622] Mandrake update for mplayer
Critical: Highly critical
Where: From remote
Impact: System access
Released: -12-23
MandrakeSoft has issued an update for mplayer. This fixes multiple
vulnerabilities, which can be exploited by malicious people to
compromise a user's system.
--
[SA13614] Red Hat update for PHP
Critical: Highly critical
Where: From remote
Impact: System access, DoS, Privilege escalation, Security Bypass
Released: -12-22
Red Hat has issued an update for PHP. This fixes some vulnerabilities,
which can be exploited to gain escalated privileges, bypass certain
security restrictions, gain knowledge of sensitive information, or
compromise a vulnerable system.
--
[SA13611] Fedora update for PHP
Critical: Highly critical
Where: From remote
Impact: System access, DoS, Privilege escalation, Security Bypass
Released: -12-22
Fedora has issued an update for PHP. This fixes some vulnerabilities,
which can be exploited to gain escalated privileges, bypass certain
security restrictions, gain knowledge of sensitive information, or
compromise a vulnerable system.
--
[SA13608] HP-UX FTP Server Debug Logging Buffer Overflow Vulnerability
Critical: Highly critical
Where: From remote
Impact: System access
Released: -12-22
iDEFENSE has reported a vulnerability in HP-UX, which can be exploited
by malicious people to compromise a vulnerable system.
--
[SA13607] LibTIFF Two Integer Overflow Vulnerabilities
Critical: Highly critical
Where: From remote
Impact: System access
Released: -12-22
infamous41md has reported two vulnerabilities in LibTIFF, which can be
exploited by malicious people to compromise a vulnerable system.
--
[SA13602] xpdf "doImage()" Buffer Overflow Vulnerability
Critical: Highly critical
Where: From remote
Impact: System access
Released: -12-22
A vulnerability has been reported in xpdf, which can be exploited by
malicious people to compromise a user's system.
--
[SA13595] Red Hat update for XFree86
Critical: Highly critical
Where: From remote
Impact: DoS, System access
Released: -12-21
Red Hat has issued an update for XFree86. This fixes some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service) or compromise a vulnerable system.
--
[SA13590] Mandrake update for ethereal
Critical: Highly critical
Where: From remote
Impact: DoS, System access
Released: -12-21
MandrakeSoft has issued an update for ethereal. This fixes some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service) and potentially compromise a vulnerable
system.
--
[SA13586] KDE Konqueror Java Sandbox Security Bypass Vulnerabilities
Critical: Highly critical
Where: From remote
Impact: System access
Released: -12-20
Two vulnerabilities have been reported in KDE Konqueror, which can be
exploited by malicious people to compromise a user's system.
--
[SA13585] Gentoo update for mplayer
Critical: Highly critical
Where: From remote
Impact: System access
Released: -12-21
Gentoo has issued an update for mplayer. This fixes multiple
vulnerabilities, which can be exploited by malicious people to
compromise a user's system.
--
[SA13581] Red Hat update for XFree86
Critical: Highly critical
Where: From remote
Impact: DoS, System access
Released: -12-20
Red Hat has issued an update for xfree86. This fixes some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service) or compromise a vulnerable system.
--
[SA13568] Mandrake update for php
Critical: Highly critical
Where: From remote
Impact: Security Bypass, Exposure of sensitive information,
Privilege escalation, System access
Released: -12-20
Mandrakesoft has issued an update for php. This fixes some
vulnerabilities, which can be exploited to gain escalated privileges,
bypass certain security restrictions, gain knowledge of sensitive
information, or compromise a vulnerable system.
--
[SA13562] Gentoo update for PHP
Critical: Highly critical
Where: From remote
Impact: System access, Privilege escalation, Exposure of sensitive
information, Security Bypass
Released: -12-20
Gentoo has issued an update for PHP. This fixes some vulnerabilities,
which can be exploited to gain escalated privileges, bypass certain
security restrictions, gain knowledge of sensitive information, or
compromise a vulnerable system.
--
[SA13561] Gentoo update for Ethereal
Critical: Highly critical
Where: From remote
Impact: DoS, System access
Released: -12-20
Gentoo has issued an update for Ethereal. This fixes some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service) and potentially compromise a vulnerable
system.
--
[SA13559] Gentoo update for KDE kfax
Critical: Highly critical
Where: From remote
Impact: DoS, System access
Released: -12-20
Gentoo has issued an update for KDE kfax. This fixes a vulnerability,
which potentially can be exploited by malicious people to compromise a
vulnerable system.
--
[SA13557] Gentoo update for phpMyAdmin
Critical: Highly critical
Where: From remote
Impact: System access, Exposure of sensitive information
Released: -12-20
Gentoo has issued an update for phpMyAdmin. This fixes two
vulnerabilities, which potentially can be exploited by malicious people
to compromise a vulnerable system and by malicious users to disclose
sensitive information.
--
[SA13542] NapShare "auto_filter_extern()" Function Buffer Overflow
Vulnerability
Critical: Highly critical
Where: From remote
Impact: System access
Released: -12-20
Bartlomiej Sieka has reported a vulnerability in NapShare, which can be
exploited by malicious people to compromise a user's system.
--
[SA13533] Bolthole Filter "save_embedded_address()" Function Buffer
Overflow
Critical: Highly critical
Where: From remote
Impact: System access
Released: -12-20
Ariel Berkman has reported a vulnerability in filter, which can be
exploited by malicious people to compromise a user's system.
--
[SA13502] xine-lib "open_aiff_file()" Buffer Overflow Vulnerability
Critical: Highly critical
Where: From remote
Impact: System access
Released: -12-17
Ariel Berkman has reported a vulnerability in xine-lib, which can be
exploited by malicious people to compromise a user's system.
--
[SA13499] Gentoo update for acroread
Critical: Highly critical
Where: From remote
Impact: System access
Released: -12-17
Gentoo has issued an update for acroread. This fixes a vulnerability,
which can be exploited by malicious people to compromise a user's
system.
--
[SA13635] Rpm Finder "web()" Buffer Overflow and Insecure File
Creation
Critical: Moderately critical
Where: From remote
Impact: Privilege escalation, System access
Released: -12-23
Two vulnerabilities have been reported in Rpm Finder, which can be
exploited by malicious people to compromise a user's system and by
malicious, local users to perform certain actions with escalated
privileges.
--
[SA13624] Mandrake update for krb5
Critical: Moderately critical
Where: From remote
Impact: System access
Released: -12-23
Mandrake has issued an update for krb5. This fixes a vulnerability,
which potentially can be exploited by malicious users to compromise a
vulnerable system.
--
[SA13616] Gentoo update for mpg123
Critical: Moderately critical
Where: From remote
Impact: System access
Released: -12-22
Gentoo has issued an update for mpg123. This fixes a vulnerability,
which can be exploited by malicious people to compromise a user's
system.
--
[SA13606] Gentoo update for Zwiki
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting
Released: -12-22
Gentoo has issued an update for Zwiki. This fixes a vulnerability,
which can be exploited by malicious people to conduct script insertion
attacks.
--
[SA13584] Debian update for xzgv
Critical: Moderately critical
Where: From remote
Impact: System access
Released: -12-21
Debian has issued an update for xzgv. This fixes multiple
vulnerabilities, which potentially can be exploited by malicious people
to compromise a vulnerable system.
--
[SA13580] Debian update for htget
Critical: Moderately critical
Where: From remote
Impact: System access
Released: -12-20
Debian has issued an update for htget. This fixes a vulnerability,
which can be exploited by malicious people to compromise a user's
system.
--
[SA13579] htget Buffer Overflow Vulnerability
Critical: Moderately critical
Where: From remote
Impact: System access
Released: -12-20
infamous41md has reported a vulnerability in htget, which can be
exploited by malicious people to compromise a user's system.
--
[SA13560] Gentoo update for kdelibs / kdebase
Critical: Moderately critical
Where: From remote
Impact: Exposure of sensitive information, Spoofing
Released: -12-20
Gentoo has issued updates for kdebase and kdelibs. These fix some
vulnerabilities, which can be exploited by malicious people to spoof
the content of websites.
--
[SA13558] Gentoo update for abcm2ps
Critical: Moderately critical
Where: From remote
Impact: System access
Released: -12-20
Gentoo has issued an update for abcm2ps. This fixes a vulnerability,
which can be exploited by malicious people to compromise a vulnerable
system.
--
[SA13554] YAMT "id3tag_sort()" Function Vulnerability
Critical: Moderately critical
Where: From remote
Impact: System access
Released: -12-20
Manigandan Radhakrishnan has reported a vulnerability in YAMT, which
can be exploited by malicious people to compromise a user's system.
--
[SA13553] xlreader "book_format_sql()" Buffer Overflow Vulnerability
Critical: Moderately critical
Where: From remote
Impact: System access
Released: -12-20
Tom Palarz and Kris Kubicki have reported a vulnerability in xlreader,
which can be exploited by malicious people to compromise a user's
system.
--
[SA13552] Vilistextum "get_attr()" Buffer Overflow Vulnerability
Critical: Moderately critical
Where: From remote
Impact: System access
Released: -12-20
Ariel Berkman has reported a vulnerability in Vilistextum, which can be
exploited by malicious people to compromise a user's system.
--
[SA13551] vb2c "parse()" Buffer Overflow Vulnerability
Critical: Moderately critical
Where: From remote
Impact: System access
Released: -12-20
Qiao Zhang has reported a vulnerability in vb2c, allowing malicious
people to compromise a vulnerable system.
--
[SA13550] UnRTF "process_font_table()" Buffer Overflow Vulnerability
Critical: Moderately critical
Where: From remote
Impact: System access
Released: -12-20
Yosef Klein and Limin Wang have reported a vulnerability in UnRTF,
which can be exploited by malicious people to compromise a user's
system.
--
[SA13548] rtf2latex2e "ReadFontTbl()" Buffer Overflow Vulnerability
Critical: Moderately critical
Where: From remote
Impact: System access
Released: -12-17
Limin Wang has reported a vulnerability in rtf2latex2e, allowing
malicious people to compromise a vulnerable system.
--
[SA13547] Ringtone Tools "parse_emelody()" Function Buffer Overflow
Critical: Moderately critical
Where: From remote
Impact: System access
Released: -12-20
Qiao Zhang has reported a vulnerability in Ringtone Tools, which can be
exploited by malicious people to compromise a user's system.
--
[SA13546] pgn2web "process_moves()" Buffer Overflow Vulnerability
Critical: Moderately critical
Where: From remote
Impact: System access
Released: -12-17
A vulnerability has been reported in pgn2web, allowing malicious people
to compromise a vulnerable system.
--
[SA13545] Pcal "getline()" and "get_holiday()" Buffer Overflow
Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: System access
Released: -12-20
Danny Lungstrom has reported two vulnerabilities in Pcal, which can be
exploited by malicious people to compromise a user's system.
--
[SA13544] o3read "parse_html()" Function Buffer Overflow Vulnerability
Critical: Moderately critical
Where: From remote
Impact: System access
Released: -12-20
Wiktor Kopec has reported a vulnerability in o3read, which can be
exploited by malicious people to compromise a user's system.
--
[SA13541] Mesh Viewer "Mesh::type()" Function Buffer Overflow
Vulnerability
Critical: Moderately critical
Where: From remote
Impact: System access
Released: -12-20
Mohammed Khan and Danny Lungstrom have reported a vulnerability in Mesh
Viewer, which can be exploited by malicious people to compromise a
user's system.
--
[SA13539] Junkie FTP Client Two Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data, System access
Released: -12-20
Yosef Klein has reported two vulnerabilities in Junkie, which can be
exploited by malicious people to manipulate files or compromise a
user's system.
--
[SA13538] jpegtoavi "get_file_list_stdin()" Function Buffer Overflow
Vulnerability
Critical: Moderately critical
Where: From remote
Impact: System access
Released: -12-20
James Longstreet has reported a vulnerability in jpegtoavi, which can
be exploited by malicious people to compromise a user's system.
--
[SA13537] jcabc2ps "switch_voice()" Buffer Overflow Vulnerability
Critical: Moderately critical
Where: From remote
Impact: System access
Released: -12-17
A vulnerability has been reported in jcabc2ps, allowing malicious
people to compromise a vulnerable system.
--
[SA13536] IglooFTP File Manipulation Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: -12-20
Two vulnerabilities have been reported in IglooFTP, which can be
exploited to substitute uploaded files or overwrite files on the user's
system.
--
[SA13535] html2hdml "remove_quote()" Buffer Overflow Vulnerability
Critical: Moderately critical
Where: From remote
Impact: System access
Released: -12-17
A vulnerability has been reported in html2hdml, allowing malicious
people to compromise a vulnerable system.
--
[SA13534] GREED "DownloadLoop()" Function Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: System access
Released: -12-20
Manigandan Radhakrishnan has reported two vulnerabilities in GREED,
which can be exploited by malicious people to compromise a user's
system.
--
[SA13532] DXFscope DXF File Parsing Buffer Overflow Vulnerability
Critical: Moderately critical
Where: From remote
Impact: System access
Released: -12-20
Ariel Berkman has reported a vulnerability in DXFscope, which can be
exploited by malicious people to compromise a user's system.
--
[SA13531] csv2xml "get_field_headers()" Buffer Overflow Vulnerability
Critical: Moderately critical
Where: From remote
Impact: System access
Released: -12-17
Limin Wang has reported a vulnerability in csv2xml, allowing malicious
people to compromise a vulnerable system.
--
[SA13530] Convex 3D "readObjectChunk()" Buffer Overflow Vulnerability
Critical: Moderately critical
Where: From remote
Impact: System access
Released: -12-17
Ariel Berkman has reported a vulnerability in Convex 3D, allowing
malicious people to compromise a vulnerable system.
--
[SA13529] chbg "simplify_path()" Buffer Overflow Vulnerability
Critical: Moderately critical
Where: From remote
Impact: System access
Released: -12-17
Danny Lungstrom has reported a vulnerability in chbg, allowing
malicious people to compromise a vulnerable system.
--
[SA13527] libbsb "bsb_open_header()" Buffer Overflow Vulnerability
Critical: Moderately critical
Where: From remote
Impact: System access
Released: -12-17
A vulnerability has been reported in libbsb, allowing malicious people
to compromise a vulnerable system.
--
[SA13526] asp2php Two Buffer Overflow Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: System access
Released: -12-17
Qiao Zhang has reported two vulnerabilities in asp2php, allowing
malicious people to compromise a vulnerable system.
--
[SA13525] abctab2ps Two Buffer Overflow Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: System access
Released: -12-17
Limin Wang has reported two vulnerabilities in abctab2ps, allowing
malicious people to compromise a vulnerable system.
--
[SA13524] abcpp "handle_directive()" Buffer Overflow Vulnerability
Critical: Moderately critical
Where: From remote
Impact: System access
Released: -12-17
Yosef Klein has reported a vulnerability in abcpp, allowing malicious
people to compromise a vulnerable system.
--
[SA13523] abcm2ps "put_words()" Buffer Overflow Vulnerability
Critical: Moderately critical
Where: From remote
Impact: System access
Released: -12-17
Limin Wang has reported a vulnerability in abcm2ps, allowing malicious
people to compromise a vulnerable system.
--
[SA13522] abc2mtex "process_abc()" Buffer Overflow Vulnerability
Critical: Moderately critical
Where: From remote
Impact: System access
Released: -12-17
Limin Wang has reported a vulnerability in abc2mtex, allowing malicious
people to compromise a vulnerable system.
--
[SA13520] Red Hat update for gd
Critical: Moderately critical
Where: From remote
Impact: System access
Released: -12-17
Red Hat has issued an update for gd. This fixes some vulnerabilities,
which potentially can be exploited by malicious people to compromise a
vulnerable system.
--
[SA13517] SUSE update for file/phprojekt
Critical: Moderately critical
Where: From remote
Impact: Security Bypass, System access
Released: -12-17
SUSE has issued updates for file and phprojekt. These fix two
vulnerabilities, which can be exploited by malicious people to bypass
certain security restrictions or potentially compromise a user's
system.
--
[SA13516] tnftp File Name Verification Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data, System access
Released: -12-17
Yosef Klein has reported a vulnerability in tnftp, allowing malicious
people to overwrite local files.
--
[SA13514] qwik-smtpd "HELO" Command Buffer Overflow Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Security Bypass
Released: -12-17
Jonathan Rockway has reported a vulnerability in qwik-smtpd, which can
be exploited by malicious people to relay mail.
--
[SA13512] abc2midi Two Buffer Overflow Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: System access
Released: -12-17
Limin Wang has reported two vulnerabilities in abc2midi, allowing
malicious people to compromise a vulnerable system.
--
[SA13511] mpg123 "find_next_file()" Buffer Overflow Vulnerability
Critical: Moderately critical
Where: From remote
Impact: System access
Released: -12-17
Bartlomiej Sieka has reported a vulnerability in mpg123, which can be
exploited by malicious people to compromise a user's system.
--
[SA13506] Red Hat update for libxml
Critical: Moderately critical
Where: From remote
Impact: System access
Released: -12-17
Red Hat has issued an update for libxml. This fixes multiple
vulnerabilities, which potentially can be exploited by malicious people
to compromise a vulnerable system.
--
[SA13497] Sun Java Messaging Server Webmail Script Insertion
Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting
Released: -12-16
A vulnerability has been reported in iPlanet Messaging Server / Sun ONE
Messaging Server, which can be exploited by malicious people to conduct
script insertion attacks.
--
[SA13623] SUSE update for samba
Critical: Moderately critical
Where: From local network
Impact: System access
Released: -12-23
SUSE has issued an update for samba. This fixes a vulnerability, which
can be exploited by malicious users to compromise a vulnerable system.
--
[SA13615] Fedora update for samba
Critical: Moderately critical
Where: From local network
Impact: System access
Released: -12-22
Fedora has issued an update for samba. This fixes a vulnerability,
which can be exploited by malicious users to compromise a vulnerable
system.
--
[SA13613] Red Hat update for samba
Critical: Moderately critical
Where: From local network
Impact: System access
Released: -12-22
Red Hat has issued an update for samba. This fixes a vulnerability,
which can be exploited by malicious users to compromise a vulnerable
system.
--
[SA13612] Fedora update for krb5
Critical: Moderately critical
Where: From local network
Impact: Privilege escalation, System access
Released: -12-22
Fedora has issued an update for krb5. This fixes two vulnerabilities,
which can be exploited by malicious, local users to perform certain
actions on a vulnerable system with escalated privileges and
potentially by malicious users to compromise a vulnerable system.
--
[SA13597] Red Hat update for nfs-utils
Critical: Moderately critical
Where: From local network
Impact: DoS, System access
Released: -12-21
Red Hat has issued an update for nfs-utils. This fixes some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service) or potentially compromise a vulnerable system.
--
[SA13592] Kerberos V5 "libkadm5srv" Buffer Overflow Vulnerability
Critical: Moderately critical
Where: From local network
Impact: System access
Released: -12-21
Michael Tautschnig has reported a vulnerability in Kerberos V5, which
potentially can be exploited by malicious users to compromise a
vulnerable system.
--
[SA13582] Trustix update for samba
Critical: Moderately critical
Where: From local network
Impact: System access
Released: -12-20
Trustix has issued an update for samba. This fixes a vulnerability,
which can be exploited by malicious users to compromise a vulnerable
system.
--
[SA13573] Fedora update for CUPS
Critical: Moderately critical
Where: From local network
Impact: Manipulation of data, DoS, System access
Released: -12-20
Fedora has issued an update for CUPS. This fixes two vulnerabilities,
which can be exploited by malicious users to manipulate certain files,
cause a DoS (Denial of Service), or compromise a vulnerable system.
--
[SA13570] Gentoo update for Samba
Critical: Moderately critical
Where: From local network
Impact: System access
Released: -12-20
Gentoo has issued an update for samba. This fixes a vulnerability,
which can be exploited by malicious users to compromise a vulnerable
system.
--
[SA13540] LinPopUp "strexpand()" Function Buffer Overflow
Vulnerability
Critical: Moderately critical
Where: From local network
Impact: System access
Released: -12-20
Stephen Dranger has reported a vulnerability in LinPopUp, which can be
exploited by malicious people to compromise a user's system.
--
[SA13510] CUPS hpgltops and lppasswd Vulnerabilities
Critical: Moderately critical
Where: From local network
Impact: Manipulation of data, DoS, System access
Released: -12-17
Two vulnerabilities have been reported in CUPS, which can be exploited
by malicious users to manipulate certain files, cause a DoS (Denial of
Service), or compromise a vulnerable system.
--
[SA13507] Red Hat update for samba
Critical: Moderately critical
Where: From local network
Impact: System access
Released: -12-17
Red Hat has issued an update for samba. This fixes a vulnerability,
which can be exploited by malicious users to compromise a vulnerable
system.
--
[SA13601] Fedora update for namazu
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: -12-21
Fedora has issued an update for namazu. This fixes a vulnerability,
which can be exploited by malicious people to conduct cross-site
scripting attacks.
--
[SA13600] Namazu "namazu.cgi" Cross-Site Scripting Vulnerability
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: -12-21
A vulnerability has been reported in Namazu, which can be exploited by
malicious people to conduct cross-site scripting attacks.
--
[SA13588] Mandrake update for aspell
Critical: Less critical
Where: From remote
Impact: System access
Released: -12-21
MandrakeSoft has issued an update for aspell. This fixes a
vulnerability, which potentially can be exploited by malicious people
to compromise a user's system.
--
[SA13587] Gentoo update for nasm
Critical: Less critical
Where: From remote
Impact: System access
Released: -12-20
Gentoo has issued an update for nasm. This fixes a vulnerability, which
potentially can be exploited by malicious people to compromise a user's
system.
--
[SA13556] Email Sanitizer Unspecified MIME Denial of Service
Vulnerability
Critical: Less critical
Where: From remote
Impact: DoS
Released: -12-20
A vulnerability has been reported in Email Sanitizer, which can be
exploited by malicious people to cause a DoS (Denial of Service).
--
[SA13543] NASM "error()" Function Buffer Overflow Vulnerability
Critical: Less critical
Where: From remote
Impact: System access
Released: -12-17
Jonathan Rockway has reported a vulnerability in NASM, which can be
exploited by malicious people to compromise a user's system.
--
[SA13610] SuSE update for kernel
Critical: Less critical
Where: From local network
Impact: Unknown, Exposure of sensitive information, Privilege
escalation, DoS
Released: -12-22
SUSE has issued an update for the kernel. This fixes multiple
vulnerabilities, which can be exploited to cause a DoS (Denial of
Service), gain knowledge of sensitive information, or gain escalated
privileges.
--
[SA13642] Docbook-to-Man Insecure Temporary File Creation
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: -12-23
Javier Fernández-Sanguino Peña has reported a vulnerability in
Docbook-to-Man, which can be exploited by malicious, local users to
perform certain actions on a vulnerable system with escalated
privileges.
--
[SA13640] LPRng "lprng_certs.sh" Script Insecure Temporary File
Creation
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: -12-23
Javier Fernández-Sanguino Peña has reported a vulnerability in LPRng,
which can be exploited by malicious, local users to perform certain
actions on a vulnerable system with escalated privileges.
--
[SA13633] Debian debmake Insecure Temporary Directory Creation
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: -12-23
Javier Fernández-Sanguino Peña has reported a vulnerability in debmake,
which can be exploited by malicious, local users to perform certain
actions on a vulnerable system with escalated privileges.
--
[SA13598] Red Hat update for rh-postgresql
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: -12-21
Red Hat has issued an update for rh-postgresql. This fixes a
vulnerability, which can be exploited by malicious, local users to
perform certain actions on a vulnerable system with escalated
privileges.
--
[SA13594] Red Hat update for glibc
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: -12-21
Red Hat has issued an update for glibc. This fixes a vulnerability,
which can be exploited by malicious, local users to perform certain
actions on a vulnerable system with escalated privileges.
--
[SA13589] IBM AIX Multiple Privilege Escalation Vulnerabilities
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: -12-21
Four vulnerabilities have been reported in AIX, which can be exploited
by malicious, local users to gain escalated privileges.
--
[SA13575] Debian update for ethereal
Critical: Less critical
Where: Local system
Impact: DoS
Released: -12-21
Debian has issued an update for ethereal. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service).
--
[SA13572] Linux Kernel Multiple Vulnerabilities
Critical: Less critical
Where: Local system
Impact: Exposure of sensitive information, DoS
Released: -12-22
Multiple vulnerabilities have been reported in the Linux Kernel, which
can be exploited by malicious, local users to cause a DoS (Denial of
Service) or gain knowledge of potentially sensitive information.
--
[SA13565] HP-UX newgrp Privilege Escalation Vulnerability
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: -12-20
A vulnerability has been reported in HP-UX, which can be exploited by
malicious, local users to gain escalated privileges.
--
[SA13528] changepassword Privilege Escalation Vulnerability
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: -12-17
Ariel Berkman has reported a vulnerability in changepassword, allowing
malicious, local users to escalate their privileges.
--
[SA13521] Debian update for cscope
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: -12-17
Debian has issued an update for cscope. This fixes a vulnerability,
which potentially can be exploited by malicious, local users to perform
certain actions on a vulnerable system with escalated privileges.
--
[SA13519] Debian update for a2ps
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: -12-20
Debian has issued an update for a2ps. This fixes a vulnerability, which
potentially can be exploited by malicious, local users to gain escalated
privileges.
--
[SA13505] Red Hat update for zip
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: -12-17
Red Hat has issued an update for zip. This fixes a vulnerability, which
potentially can be exploited by malicious, local users to gain escalated
privileges.
--
[SA13503] Gentoo update for cscope
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: -12-17
Gentoo has issued an update for cscope. This fixes a vulnerability,
which potentially can be exploited by malicious, local users to perform
certain actions on a vulnerable system with escalated privileges.
--
[SA13501] NetBSD "compat" Privilege Escalation Vulnerabilities
Critical: Less critical
Where: Local system
Impact: Privilege escalation, DoS
Released: -12-17
Evgeny Demidov has reported some vulnerabilities in NetBSD, which can
be exploited by malicious, local users to cause a DoS (Denial of
Service) and potentially gain escalated privileges.
--
[SA13498] Gentoo update for vim/gvim
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: -12-16
Gentoo has issued updates for vim and gvim. These fix some
vulnerabilities, which can be exploited by malicious, local users to
gain escalated privileges.
--
[SA13625] Mandrake update for logcheck
Critical: Not critical
Where: Local system
Impact: Privilege escalation
Released: -12-23
MandrakeSoft has issued updated packages for logcheck. These fix a
security issue, which potentially can be exploited by malicious, local
users to escalate their privileges.
--
[SA13617] SUSE update for ncpfs
Critical: Not critical
Where: Local system
Impact: DoS
Released: -12-22
SUSE has issued an update for ncpfs. This fixes a potential
vulnerability, which can be exploited by malicious, local users.
--
[SA13549] uml-utilities Ethernet Connection Drop Security Issue
Critical: Not critical
Where: Local system
Impact: DoS
Released: -12-20
Danny Lungstrom has reported a security issue in uml-utilities, which
can be exploited by malicious, local users to cause a DoS (Denial of
Service).
Other:
Cross Platform:--
[SA13632] Sybase ASE Three Unspecified Vulnerabilities
Critical: Highly critical
Where: From remote
Impact: Unknown
Released: -12-23
NGSSoftware has reported three vulnerabilities with unknown impacts in
Sybase ASE.
--
[SA13508] MPlayer Multiple Vulnerabilities
Critical: Highly critical
Where: From remote
Impact: System access
Released: -12-17
Multiple vulnerabilities have been reported in MPlayer, which can be
exploited by malicious people to compromise a user's system.
--
[SA13620] 2Bgal "id_album" SQL Injection Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: -12-23
Romain Le Guen has reported a vulnerability in 2Bgal, which can be
exploited by malicious people to conduct SQL injection attacks.
--
[SA13564] IMG2ASCII Unspecified Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Unknown
Released: -12-20
A vulnerability with an unknown impact has been reported in IMG2ASCII.
--
[SA13563] Kayako eSupport Cross-Site Scripting and SQL Injection
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting, Manipulation of data
Released: -12-20
James Bercegay has reported some vulnerabilities in Kayako eSupport,
which can be exploited by malicious people to conduct cross-site
scripting and SQL injection attacks.
--
[SA13555] Yanf "get()" Buffer Overflow Vulnerability
Critical: Moderately critical
Where: From remote
Impact: System access
Released: -12-20
Ariel Berkman has reported a vulnerability in Yanf, which can be
exploited by malicious people to compromise a user's system.
--
[SA13518] Cosminexus Web Contents Generator Buffer Overflow
Vulnerability
Critical: Moderately critical
Where: From remote
Impact: System access
Released: -12-17
The vendor has acknowledged a vulnerability in Cosminexus Web Contents
Generator (Macromedia JRun), which can be exploited by malicious people
to compromise a vulnerable system.
--
[SA13515] Moodle Multiple Unspecified Security Issues
Critical: Moderately critical
Where: From remote
Impact: Unknown, Security Bypass, Exposure of sensitive
information
Released: -12-17
Multiple security issues have been reported in Moodle. Some of these
can potentially be exploited by malicious people to disclose sensitive
information and bypass certain security restrictions, and others have
unknown impacts.
--
[SA13513] Ikonboard "st" and "keywords" SQL Injection Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: -12-17
Positive Technologies has reported a vulnerability in Ikonboard, which
can be exploited by malicious people to conduct SQL injection attacks.
--
[SA13500] AtBas 2fax "expandtabs()" Buffer Overflow Vulnerability
Critical: Moderately critical
Where: From remote
Impact: System access
Released: -12-17
Ariel Berkman has discovered a vulnerability in AtBas 2fax, potentially
allowing malicious people to gain system access.
--
[SA13619] PsychoStats "login" Cross-Site Scripting Vulnerability
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: -12-23
James Bercegay has reported a vulnerability in PsychoStats, which can
be exploited by malicious people to conduct cross-site scripting
attacks.
--
[SA13576] PHPFormMail "output_html()" Cross-Site Scripting
Vulnerabilities
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: -12-20
Some vulnerabilities have been reported in PHPFormMail, which can be
exploited by malicious people to conduct cross-site scripting attacks.
--
[SA13574] PHP-Nuke Workboard Module Cross-Site Scripting
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: -12-20
Lostmon has reported two vulnerabilities in the Workboard module for
PHP-Nuke, which can be exploited by malicious people to conduct
cross-site scripting attacks.
--
[SA13566] PERL Crypt::ECB Module ASCII "0" Encoding Security Issue
Critical: Less critical
Where: From remote
Impact: Security Bypass
Released: -12-21
Bennett R. Samowich has discovered a security issue in Crypt::ECB,
which makes it easier for malicious people to brute force passwords.
--
[SA13504] 68 Designs Froogle Installation Security Issue
Critical: Less critical
Where: From remote
Impact: Security Bypass
Released: -12-17
Lostmon has reported a security issue in 68 Designs Froogle, which
potentially can be exploited by malicious people to gain administrative
privileges.
--
[SA13593] Symantec Brightmail AntiSpam Notifier Denial of Service
Critical: Not critical
Where: From remote
Impact: DoS
Released: -12-21
A weakness has been reported in Symantec Brightmail AntiSpam, which can
be exploited by malicious people to cause a DoS (Denial of Service).
|
