Internet Security Summary 0630
Internet Security Summary 0630
A vulnerability in various Mozilla basedbrowsers has been discovered, which can be exploited by malicious people to cause a DoS
(Denial of Service) or to compromise a user's system.
Please view the referenced Secunia advisories for additional details.
Top Ten Most Read Advisories:
1. [SA16764] Firefox IDN URL Domain Name Buffer Overflow
2. [SA16767] Mozilla IDN URL Domain Name Buffer Overflow
3. [SA16766] Netscape IDN URL Domain Name Buffer Overflow
4. [SA16747] Linux Kernel Multiple Vulnerabilities
5. [SA11762] Opera Browser Favicon Displaying Address Bar Spoofing
Vulnerability
6. [SA16480] Microsoft DDS Library Shape Control Code Execution
Vulnerability
7. [SA15601] Mozilla / Mozilla Firefox Frame Injection Vulnerability
8. [SA16560] Windows Registry Editor Utility String Concealment
Weakness
9. [SA16806] Linksys WRT54G Multiple Vulnerabilities
10. [SA12758] Microsoft Word Document Parsing Buffer Overflow
Vulnerabilities
4) Vulnerabilities Summary Listing
Windows:
[SA16778] Mall23 eCommerce "idPage" SQL Injection Vulnerability
[SA16824] Hosting Controller Unspecified Disclosure of Sensitive
Information
[SA16798] Handy Address Book Server SEARCHTEXT Cross-Site Scripting
[SA16792] WhatsUp Gold "map.asp" Cross-Site Scripting Vulnerability
[SA16742] COOL! Remote Control Denial of Service Vulnerability
UNIX/Linux:
[SA16815] Debian update for centericq
[SA16814] AzDGDatingLite "l" Local File Inclusion Vulnerability
[SA16797] Debian update for mozilla
[SA16784] Red Hat update for firefox
[SA16782] Red Hat update for mozilla
[SA16780] Fedora update for firefox
[SA16779] Fedora update for mozilla
[SA16772] Ubuntu update for
mozilla-browser/mozilla-firefox/mozilla-thunderbird
[SA16743] SGI Advanced Linux Environment Multiple Updates
[SA16828] Red Hat update for squid
[SA16811] Debian update for turqstat
[SA16810] Turquoise SuperStat Date Parser Buffer Overflow
[SA16808] Apple Mac OS X update for Java
[SA16807] Ubuntu update for squid
[SA16804] SUSE Updates for Multiple Packages
[SA16800] Gentoo update for python
[SA16789] Trustix update for multiple packages
[SA16783] GNU Mailutils imap4d "SEARCH" Format String Vulnerability
[SA16781] pam-per-user Cached PAM "subrequest" Vulnerability
[SA16771] Debian update for libapache-mod-ssl
[SA16769] SUSE update for apache2
[SA16768] Debian update for squid
[SA16763] UnixWare update for racoon
[SA16760] Mandriva update for squid
[SA16758] Red Hat update for pcre
[SA16754] Debian update for apache2
[SA16753] Mandriva update for apache2
[SA16752] Textbased MSN Client (TMSNC) Format String Vulnerability
[SA16751] OS/400 osp-cert Certificate Handling Vulnerabilities
[SA16748] Slackware update for mod_ssl
[SA16746] Fedora update for httpd
[SA16787] Debian update for tdiary
[SA16794] Slackware update for dhcpcd
[SA16774] rdiff-backup "restrict" Security Bypass Vulnerability
[SA16747] Linux Kernel Multiple Vulnerabilities
[SA16823] Debian update for common-lisp-controller
[SA16822] common-lisp-controller Cache Directory Privilege Escalation
[SA16821] Mandriva update for XFree86
[SA16817] LineControl Java Client Log Messages Password Disclosure
[SA16816] GNU Texinfo Insecure Temporary File Creation
[SA16812] Red Hat update for xorg-x11
[SA16803] Ubuntu update for xserver-xfree86/xserver-xorg
[SA16799] Red Hat update for XFree86
[SA16791] Gentoo update for xorg-x11
[SA16790] X11 Pixmap Creation Integer Overflow Vulnerability
[SA16777] XFree86 Pixmap Creation Integer Overflow Vulnerability
[SA16755] Red Hat update for exim
[SA16750] Ubuntu update for kernel
[SA16749] Slackware update for kdebase
[SA16745] Debian update for kdelibs
[SA16825] Fedora update for util-linux
[SA16795] Slackware update for util-linux
[SA16785] util-linux umount "-r" Re-Mounting Security Issue
[SA16765] Debian update for gcvs
Other:
[SA16761] Cisco CSS SSL Authentication Bypass Vulnerability
[SA16806] Linksys WRT54G Multiple Vulnerabilities
[SA16776] Ingate Firewall and SIParator Unspecified Cross-Site
Scripting
Cross Platform:
[SA16820] TWiki "rev" Shell Command Injection Vulnerability
[SA16767] Mozilla IDN URL Domain Name Buffer Overflow
[SA16766] Netscape IDN URL Domain Name Buffer Overflow
[SA16764] Firefox IDN URL Domain Name Buffer Overflow
[SA16826] Noah's Classified SQL Injection and Cross-Site Scripting
[SA16819] DeluxeBB SQL Injection Vulnerabilities
[SA16813] ATutor Password Reminder SQL Injection Vulnerability
[SA16802] Sun Java System Application Server JAR File Content
Disclosure
[SA16801] PHP-Nuke SQL Injection Vulnerabilities
[SA16796] Subscribe Me Pro "l" Parameter Directory Traversal
Vulnerability
[SA16793] Python PCRE Integer Overflow Vulnerability
[SA16788] Zebedee Denial of Service Vulnerability
[SA16786] Snort TCP SACK Option Handling Denial of Service
[SA16775] PunBB Multiple Vulnerabilities
[SA16773] Qt Library zlib Vulnerabilities
[SA16762] class-1 Forum Software File Extension SQL Injection
Vulnerability
[SA16757] Sun Java System Web Proxy Server Denial of Service
Vulnerabilities
[SA16756] mimicboard2 Script Insertion and Exposure of User
Credentials
[SA16830] IBM Lotus Domino "BaseTarget" and "Src" Cross-Site Scripting
[SA16744] Sawmill Error Message Cross-Site Scripting Vulnerability
5) Vulnerabilities Content Listing
Windows:
[SA16778] Mall23 eCommerce "idPage" SQL Injection Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
David Sopas Ferreira has reported a vulnerability in Mall23 eCommerce,
which can be exploited by malicious people to conduct SQL injection
attacks.
[SA16824] Hosting Controller Unspecified Disclosure of Sensitive
Information
Critical: Less critical
Where: From remote
Impact: Exposure of sensitive information
A vulnerability has been reported in Hosting Controller, which can be
exploited by malicious users to disclose sensitive information.
[SA16798] Handy Address Book Server SEARCHTEXT Cross-Site Scripting
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
fRoGGz has reported a vulnerability in Handy Address Book Server, which
can be exploited by malicious people to conduct cross-site scripting
attacks.
[SA16792] WhatsUp Gold "map.asp" Cross-Site Scripting Vulnerability
Critical: Less critical
Where: From local network
Impact: Cross Site Scripting
Dennis Rand has discovered a vulnerability in WhatsUp Gold, which can
be exploited by malicious people to conduct cross-site scripting
attacks.
[SA16742] COOL! Remote Control Denial of Service Vulnerability
Critical: Less critical
Where: From local network
Impact: DoS
basher13 has discovered a vulnerability in COOL! Remote Control, which
can be exploited by malicious people to cause a DoS (Denial of
Service).
UNIX/Linux:
[SA16815] Debian update for centericq
Critical: Highly critical
Where: From remote
Impact: System access, DoS
Debian has issued an update for centericq. This fixes some
vulnerabilities, which potentially can be exploited by malicious people
to cause a DoS (Denial of Service) or compromise a vulnerable system.
[SA16814] AzDGDatingLite "l" Local File Inclusion Vulnerability
Critical: Highly critical
Where: From remote
Impact: Exposure of sensitive information, System access
rgod has reported a vulnerability in AzDGDatingLite, which can be
exploited by malicious people to disclose sensitive information and
compromise a vulnerable system.
[SA16797] Debian update for mozilla
Critical: Highly critical
Where: From remote
Impact: Security Bypass, Cross Site Scripting, Spoofing, System
access
Debian has issued an update for mozilla. This fixes some
vulnerabilities, which can be exploited by malicious people to bypass
certain security restrictions, conduct cross-site scripting and
spoofing attacks, and compromise a user's system.
[SA16784] Red Hat update for firefox
Critical: Highly critical
Where: From remote
Impact: DoS, System access
Red Hat has issued an update for firefox. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service) or to compromise a user's system.
[SA16782] Red Hat update for mozilla
Critical: Highly critical
Where: From remote
Impact: DoS, System access
Red hat has issued an update for mozilla. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service) or to compromise a user's system.
[SA16780] Fedora update for firefox
Critical: Highly critical
Where: From remote
Impact: DoS, System access
Fedora has issued an update for firefox. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service) or to compromise a user's system.
[SA16779] Fedora update for mozilla
Critical: Highly critical
Where: From remote
Impact: DoS, System access
Fedora has issued an update for mozilla. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service) or to compromise a user's system.
[SA16772] Ubuntu update for
mozilla-browser/mozilla-firefox/mozilla-thunderbird
Critical: Highly critical
Where: From remote
Impact: DoS, System access
Ubuntu has issued updates for mozilla-browser, mozilla-firefox and
mozilla-thunderbird. These fix a vulnerability, which can be exploited
by malicious people to cause a DoS (Denial of Service) and compromise a
user's system.
[SA16743] SGI Advanced Linux Environment Multiple Updates
Critical: Highly critical
Where: From remote
Impact: Security Bypass, Privilege escalation, DoS, System access
SGI has issued a patch for SGI Advanced Linux Environment, which fixes
multiple vulnerabilities in various packages.
[SA16828] Red Hat update for squid
Critical: Moderately critical
Where: From remote
Impact: Exposure of system information, Exposure of sensitive
information, DoS
Red Hat has issued an update for squid. This fixes some
vulnerabilities, which can be exploited by malicious people to gain
knowledge of potentially sensitive information and potentially cause a
DoS (Denial of Service).
[SA16811] Debian update for turqstat
Critical: Moderately critical
Where: From remote
Impact: System access
Debian has issued an update for turqstat. This fixes a vulnerability,
which potentially can be exploited by malicious people to compromise a
user's system.
[SA16810] Turquoise SuperStat Date Parser Buffer Overflow
Critical: Moderately critical
Where: From remote
Impact: System access
A vulnerability has been reported in Turquoise SuperStat, which
potentially can be exploited by malicious people to compromise a user's
system.
[SA16808] Apple Mac OS X update for Java
Critical: Moderately critical
Where: From remote
Impact: Hijacking, Security Bypass, Manipulation of data,
Privilege escalation
Some vulnerabilities have been reported in Java for Mac OS X, which can
be exploited by malicious, local users to manipulate certain data,
disclose sensitive information and gain escalated privileges, and by
malicious people to bypass certain security restrictions.
[SA16807] Ubuntu update for squid
Critical: Moderately critical
Where: From remote
Impact: DoS
Ubuntu has issued an update for squid. This fixes two vulnerabilities,
which potentially can be exploited by malicious people to cause a DoS
(Denial of Service).
[SA16804] SUSE Updates for Multiple Packages
Critical: Moderately critical
Where: From remote
Impact: Unknown, Exposure of sensitive information, DoS, System
access
SUSE has issued updates for multiple packages. These fix various
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service), gain knowledge of sensitive information and
potentially compromise a vulnerable system.
[SA16800] Gentoo update for python
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Gentoo has issued an update for python. This fixes a vulnerability,
which potentially can be exploited by malicious people to compromise a
vulnerable system.
[SA16789] Trustix update for multiple packages
Critical: Moderately critical
Where: From remote
Impact: Security Bypass, Privilege escalation, DoS
Trustix has issued updates for multiple packages. These fix some
vulnerabilities, which can be exploited malicious users to gain
escalated privileges or bypass certain security restrictions and by
malicious people to cause a DoS (Denial of Service) or potentially
bypass certain security restrictions.
[SA16783] GNU Mailutils imap4d "SEARCH" Format String Vulnerability
Critical: Moderately critical
Where: From remote
Impact: System access
A vulnerability has been reported in GNU Mailutils, which can be
exploited by malicious users to compromise a vulnerable system.
[SA16781] pam-per-user Cached PAM "subrequest" Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Security Bypass
A vulnerability has been reported in pam-per-user, which can be
exploited by malicious users to bypass certain security restrictions.
[SA16771] Debian update for libapache-mod-ssl
Critical: Moderately critical
Where: From remote
Impact: Security Bypass
Debian has issued an update for libapache-mod-ssl. This fixes a
security issue, which potentially can be exploited by malicious people
to bypass certain security restrictions.
[SA16769] SUSE update for apache2
Critical: Moderately critical
Where: From remote
Impact: Security Bypass, Privilege escalation, DoS
SUSE has issued an update for apache2. This fixes some vulnerabilities,
which can be exploited by malicious, local users to gain escalated
privileges and by malicious people to bypass certain security
restrictions and cause a DoS (Denial of Service).
[SA16768] Debian update for squid
Critical: Moderately critical
Where: From remote
Impact: DoS
Debian has issued an update for squid. This fixes some vulnerabilities,
which potentially can be exploited by malicious people to cause a DoS
(Denial of Service).
[SA16763] UnixWare update for racoon
Critical: Moderately critical
Where: From remote
Impact: DoS
SCO has issued an update for racoon. This fixes a vulnerability, which
can be exploited by malicious people to cause a DoS (Denial of
Service).
[SA16760] Mandriva update for squid
Critical: Moderately critical
Where: From remote
Impact: DoS
Mandriva has issued an update for squid. This fixes some
vulnerabilities, which potentially can be exploited by malicious people
to cause a DoS (Denial of Service).
[SA16758] Red Hat update for pcre
Critical: Moderately critical
Where: From remote
Impact: System access
Red Hat has issued an update for pcre. This fixes a vulnerability,
which potentially can be exploited by malicious people to compromise a
vulnerable system.
[SA16754] Debian update for apache2
Critical: Moderately critical
Where: From remote
Impact: Security Bypass, Cross Site Scripting, Manipulation of
data, DoS
Debian has issued an update for apache2. This fixes three
vulnerabilities and a security issue, which can be exploited by
malicious people to cause a DoS (Denial of Service), conduct HTTP
request smuggling attacks, and potentially bypass certain security
restrictions.
[SA16753] Mandriva update for apache2
Critical: Moderately critical
Where: From remote
Impact: Security Bypass, DoS
Mandriva has issued an update for apache2. This fixes a vulnerability
and a security issue, which can be exploited by malicious people to
cause a DoS (Denial of Service) and potentially bypass certain security
restrictions.
[SA16752] Textbased MSN Client (TMSNC) Format String Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Unknown
A vulnerability has been reported in TMSNC, with an unknown impact.
[SA16751] OS/400 osp-cert Certificate Handling Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Unknown
Some vulnerabilities have been reported in OS/400, with unknown
impacts.
[SA16748] Slackware update for mod_ssl
Critical: Moderately critical
Where: From remote
Impact: Security Bypass
Slackware has issued an update for mod_ssl. This fixes a vulnerability
which potentially can be exploited by malicious people to bypass
certain security restrictions.
[SA16746] Fedora update for httpd
Critical: Moderately critical
Where: From remote
Impact: Security Bypass, DoS
Fedora has issued an update for httpd. This fixes a vulnerability and a
security issue, which can be exploited by malicious people to cause a
DoS (Denial of Service) and potentially bypass certain security
restrictions.
[SA16787] Debian update for tdiary
Critical: Less critical
Where: From remote
Impact: Hijacking
Debian has issued an update for tdiary. This fixes a vulnerability,
which can be exploited by malicious people to conduct cross-site
request forgery attacks.
[SA16794] Slackware update for dhcpcd
Critical: Less critical
Where: From local network
Impact: DoS
Slackware has issued an update for dhcpcd. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service).
[SA16774] rdiff-backup "restrict" Security Bypass Vulnerability
Critical: Less critical
Where: From local network
Impact: Security Bypass
A vulnerability has been reported in rdiff-backup, which can be
exploited by malicious users to bypass certain security restrictions.
[SA16747] Linux Kernel Multiple Vulnerabilities
Critical: Less critical
Where: From local network
Impact: Exposure of sensitive information, Privilege escalation,
DoS
Some vulnerabilities have been reported in the Linux kernel, which
potentially can be exploited by malicious, local users to disclose
certain sensitive information, cause a DoS (Denial of Service) and gain
escalated privileges, or by malicious people to cause a DoS.
[SA16823] Debian update for common-lisp-controller
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Debian has issued an update for common-lisp-controller. This fixes a
vulnerability, which can be exploited by malicious, local users to gain
escalated privileges.
[SA16822] common-lisp-controller Cache Directory Privilege Escalation
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Francois-Rene Rideau has reported a vulnerability in
common-lisp-controller, which can be exploited by malicious, local
users to gain escalated privileges.
[SA16821] Mandriva update for XFree86
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Mandriva has issued an update for XFree86. This fixes a vulnerability,
which potentially can be exploited by malicious, local users to gain
escalated privileges.
[SA16817] LineControl Java Client Log Messages Password Disclosure
Critical: Less critical
Where: Local system
Impact: Exposure of sensitive information
A vulnerability has been reported in LineControl Java Client, which can
be exploited by malicious, local users to disclose certain sensitive
information.
[SA16816] GNU Texinfo Insecure Temporary File Creation
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Frank Lichtenheld has reported a vulnerability in texindex, which can
be exploited by malicious, local users to perform certain actions on a
vulnerable system with escalated privileges.
[SA16812] Red Hat update for xorg-x11
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Red Hat has issued an update for xorg-x11. This fixes a vulnerability,
which potentially can be exploited by malicious, local users to gain
escalated privileges.
[SA16803] Ubuntu update for xserver-xfree86/xserver-xorg
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Ubuntu has issued updates for xserver-xfree86 and xserver-xorg. These
fix a vulnerability, which potentially can be exploited by malicious,
local users to gain escalated privileges.
[SA16799] Red Hat update for XFree86
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Red Hat has issued an update for XFree86. This fixes a vulnerability,
which potentially can be exploited by malicious, local users to gain
escalated privileges.
[SA16791] Gentoo update for xorg-x11
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Gentoo has issued an update for xorg-x11. This fixes a vulnerability,
which potentially can be exploited by malicious, local users to gain
escalated privileges.
[SA16790] X11 Pixmap Creation Integer Overflow Vulnerability
Critical: Less critical
Where: Local system
Impact: Privilege escalation
A vulnerability has been reported in X11, which potentially can be
exploited by malicious, local users to gain escalated privileges.
[SA16777] XFree86 Pixmap Creation Integer Overflow Vulnerability
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Luke Hutchison has reported a vulnerability in XFree86, which
potentially can be exploited by malicious, local users to gain
escalated privileges.
[SA16755] Red Hat update for exim
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Red Hat has issued an update for exim. This fixes a vulnerability,
which potentially can be exploited by malicious, local users to gain
escalated privileges.
[SA16750] Ubuntu update for kernel
Critical: Less critical
Where: Local system
Impact: Security Bypass, Exposure of sensitive information,
Privilege escalation, DoS
Ubuntu has issued an update for kernel. This fixes some
vulnerabilities, which can be exploited by malicious, local users to
disclose certain sensitive information, cause a DoS (Denial of
Service), bypass certain security restrictions and gain escalated
privileges.
[SA16749] Slackware update for kdebase
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Slackware has issued an update for kdebase. This fixes a vulnerability,
which potentially can be exploited by malicious, local users to gain
escalated privileges.
[SA16745] Debian update for kdelibs
Critical: Less critical
Where: Local system
Impact: Exposure of sensitive information
Debian has issued an update for kdelibs. This fixes a security issue,
which can be exploited by malicious, local users to gain knowledge of
certain information.
[SA16825] Fedora update for util-linux
Critical: Not critical
Where: Local system
Impact: Privilege escalation
Fedora has issued an update for util-linux. This fixes a vulnerability,
which potentially can be exploited by malicious, local users to gain
escalated privileges.
[SA16795] Slackware update for util-linux
Critical: Not critical
Where: Local system
Impact: Privilege escalation
Slackware has issued an update for util-linux. This fixes a security
issue, which potentially can be exploited by malicious, local users to
gain escalated privileges.
[SA16785] util-linux umount "-r" Re-Mounting Security Issue
Critical: Not critical
Where: Local system
Impact: Privilege escalation
David Watson has reported a security issue in util-linux, which
potentially can be exploited by malicious, local users to gain
escalated privileges.
[SA16765] Debian update for gcvs
Critical: Not critical
Where: Local system
Impact: Privilege escalation
Debian has issued an update for gcvs. This fixes a security issue,
which potentially can be exploited by malicious, local users to perform
certain actions on a vulnerable system with escalated privileges.
Other:
[SA16761] Cisco CSS SSL Authentication Bypass Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Security Bypass
A vulnerability has been reported in Cisco CSS (Content Services
Switch), which can be exploited by malicious users to bypass certain
security restrictions.
[SA16806] Linksys WRT54G Multiple Vulnerabilities
Critical: Moderately critical
Where: From local network
Impact: Security Bypass, DoS, System access
Greg MacManus has reported some vulnerabilities in WRT54G, which can be
exploited malicious people to bypass certain security restrictions,
cause a DoS (Denial of Service), or compromise a vulnerable system.
[SA16776] Ingate Firewall and SIParator Unspecified Cross-Site
Scripting
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
A vulnerability has been reported in Ingate Firewall and Ingate
SIParator, which can be exploited by malicious people to conduct
cross-site scripting attacks.
Cross Platform:
[SA16820] TWiki "rev" Shell Command Injection Vulnerability
Critical: Highly critical
Where: From remote
Impact: System access
A vulnerability has been reported in TWiki, which can be exploited by
malicious people to compromise a vulnerable system.
[SA16767] Mozilla IDN URL Domain Name Buffer Overflow
Critical: Highly critical
Where: From remote
Impact: DoS, System access
A vulnerability has been discovered in Mozilla Suite, which can be
exploited by malicious people to cause a DoS (Denial of Service) or to
compromise a user's system.
[SA16766] Netscape IDN URL Domain Name Buffer Overflow
Critical: Highly critical
Where: From remote
Impact: DoS, System access
A vulnerability has been discovered in Netscape, which can be exploited
by malicious people to cause a DoS (Denial of Service) or to compromise
a user's system.
[SA16764] Firefox IDN URL Domain Name Buffer Overflow
Critical: Highly critical
Where: From remote
Impact: DoS, System access
Tom Ferris has discovered a vulnerability in Firefox, which can be
exploited by malicious people to cause a DoS (Denial of Service) or to
compromise a user's system.
[SA16826] Noah's Classified SQL Injection and Cross-Site Scripting
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting, Manipulation of data
trueend5 has discovered two vulnerabilities in Noah's Classified, which
can be exploited by malicious people to conduct cross-site scripting and
SQL injection attacks.
[SA16819] DeluxeBB SQL Injection Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
abducter has discovered some vulnerabilities in DeluxeBB, which can be
exploited by malicious people to conduct SQL injection attacks.
[SA16813] ATutor Password Reminder SQL Injection Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
rgod has discovered a vulnerability in ATutor, which can be exploited
by malicious people to conduct SQL injection attacks.
[SA16802] Sun Java System Application Server JAR File Content
Disclosure
Critical: Moderately critical
Where: From remote
Impact: Exposure of sensitive information
A vulnerability has been reported in Sun Java System Application
Server, which can be exploited by malicious people to disclose certain
sensitive information.
[SA16801] PHP-Nuke SQL Injection Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Robin Verton has discovered some vulnerabilities in PHP-Nuke, which can
be exploited by malicious people to conduct SQL injection attacks.
[SA16796] Subscribe Me Pro "l" Parameter Directory Traversal
Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Exposure of sensitive information
ShoCK FX has reported a vulnerability in Subscribe Me Professional,
which can be exploited by malicious people to gain knowledge of
sensitive information.
[SA16793] Python PCRE Integer Overflow Vulnerability
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
A vulnerability has been reported in Python, which potentially can be
exploited by malicious people to compromise a vulnerable system.
[SA16788] Zebedee Denial of Service Vulnerability
Critical: Moderately critical
Where: From remote
Impact: DoS
A vulnerability has been reported in Zebedee, which can be exploited by
malicious people to cause a DoS (Denial of Service).
[SA16786] Snort TCP SACK Option Handling Denial of Service
Critical: Moderately critical
Where: From remote
Impact: DoS
Alejandro Hernandez Hernandez has reported a vulnerability in Snort,
which can be exploited by malicious people to cause a DoS (Denial of
Service).
[SA16775] PunBB Multiple Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting, Manipulation of data
Some vulnerabilities have been reported in PunBB, which can be
exploited by malicious people to conduct SQL injection and script
insertion attacks.
[SA16773] Qt Library zlib Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Some vulnerabilities have been reported in Qt, which can be exploited
by malicious people to cause a DoS (Denial of Service) or potentially
compromise a user's system.
[SA16762] class-1 Forum Software File Extension SQL Injection
Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Security Bypass, Manipulation of data
rgod has discovered a vulnerability in class-1 Forum Software, which
can be exploited by malicious people to conduct SQL injection attacks.
[SA16757] Sun Java System Web Proxy Server Denial of Service
Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: DoS
Three vulnerabilities have been reported in Sun Java System Web Proxy
Server, which can be exploited by malicious people to cause a DoS
(Denial of Service).
[SA16756] mimicboard2 Script Insertion and Exposure of User
Credentials
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting, Exposure of sensitive information
Donnie Werner has reported a vulnerability and a security issue in
mimicboard2, which can be exploited by malicious people to conduct
script insertion attacks and disclose sensitive information.
[SA16830] IBM Lotus Domino "BaseTarget" and "Src" Cross-Site Scripting
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Two vulnerabilities have been reported in Lotus Domino, which can be
exploited by malicious people to conduct cross-site scripting attacks.
[SA16744] Sawmill Error Message Cross-Site Scripting Vulnerability
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
NTA Monitor has reported a vulnerability in Sawmill, which can be
exploited by malicious people to conduct cross-site scripting attacks.
