ammar_secret
12-25-2003, 08:50 PM
************************************************** *********************
December 15, 2003
O-039: CISCO FWSM Vulnerabilities
There are 2 vulnerabilities found in the Cisco Firewall Services Module (FWSM).
[Only registered and activated users can see links]
December 15, 2003
O-040: CISCO PIX Vulnerabilities
There are two vulnerabilities found in the CISCO PIX firewall.
[Only registered and activated users can see links]
December 15, 2003
O-041: Sun 'lpstat' Printing Vulnerability
Sun has found vulnerabilities that exist in the Solaris lpstat(1) command and
the libprint library.
[Only registered and activated users can see links]
December 16, 2003
O-042: Red Hat 'lftp' Buffer Overflow Vulnerability
A buffer overflow vulnerability was found in Red Hat 'lftp' packages.
[Only registered and activated users can see links]
December 22, 2003
O-043: Red Hat Updated Kernel Packages
Local users can gain read access to restricted file descriptors.
[Only registered and activated users can see links]
December 19, 2003
2003-12-19: Multiple PlatinumFTPServer Command Argument Format String
Vulnerabilities.
The issues occur likely due to incorrect usage of programming functions.
[Only registered and activated users can see links]
December 19, 2003
2003-12-19: PY Software Active Webcam Webserver Directory Traversal
Vulnerability.
It has been reported that Active Webcam webserver may be prone to a directory
traversal vulnerability.
[Only registered and activated users can see links]
December 19, 2003
2003-12-19: PY Software Active Webcam Webserver Cross-Site Scripting
Vulnerability.
A vulnerability has been reported to be present in the software that may allow a
remote attacker to execute HTML or script code in a user's browser.
[Only registered and activated users can see links]
December 19, 2003
2003-12-19: Openwares.org Internet Explorer Patch Buffer Overflow
Vulnerability.
Internet Explorer patch supplied by Openwares.org for the Multiple Browser URI
Display Obfuscation Weakness (BID 9182) may be prone to a buffer overflow.
[Only registered and activated users can see links]
December 19, 2003
2003-12-19: Kerio Personal Firewall Stealth Port Scan Unspecified Firewall
Bypassing Vulnerability.
A problem has been identified in the handling of specific types of system scans
by Kerio Personal Firewall.
[Only registered and activated users can see links]
December 19, 2003
2003-12-19: Xerox Xerox_MicroServer/Xerox11 Directory Traversal Vulnerability.
Xerox_MicroServer/Xerox11 may be prone to a directory traversal vulnerability.
[Only registered and activated users can see links]
December 19, 2003
2003-12-19: AOL Instant Messenger Buddy Icon Warning Denial Of Service
Vulnerability
AOL Instant Messenger (AIM) is prone to an issue that may allow malicious
parties to deny the availability of the service to other users.
[Only registered and activated users can see links]
December 19, 2003
2003-12-19: IBM AIX diag Unspecified Privilege Escalation Vulnerability.
IBM has released a security advisory stating that the diag utility is prone to
an unspecified vulnerability that may be potentially exploited to escalate
privileges.
[Only registered and activated users can see links]
December 19, 2003
2003-12-19: IBM AIX enq Local Format String Vulnerability.
IBM has released a security advisory stating that a local format string
vulnerability has been discovered in enq on AIX systems.
[Only registered and activated users can see links]
December 19, 2003
2003-12-19: SiteInteractive Subscribe Me Setup.PL Arbitrary Command Execution
Vulnerability.
SiteInteractive Subscribe Me setup.pl script lacks sufficient sanitization on
user-supplied URI parameters.
[Only registered and activated users can see links]
December 18, 2003
2003-12-18: Multiple ASPapp Portal Vulnerabilities.
ASPapp PortalApp, IntranetApp and ProjectApp have been reported prone to
multiple vulnerabilities.
[Only registered and activated users can see links]
December 18, 2003
2003-12-18: Autorank PHP Multiple SQL Injection Vulnerabilities.
which are exposed via various form-based input fields.
[Only registered and activated users can see links]
December 18, 2003
2003-12-18: laitcg Pop 3 Scan Renattach Malicious Attachment Scanning Bypass
Vulnerability.
Vulnerability that could allow malicious attachments to pass through to the
user.
[Only registered and activated users can see links]
December 18, 2003
2003-12-18: Ethereal Q.931 Protocol Dissector Denial of Service Vulnerability.
Ethereal Q.931 protocol dissector is prone to remotely exploitable denial of
service vulnerability. This issue has been addressed with the release of
Ethereal 0.10.0.
[Only registered and activated users can see links]
December 18, 2003
2003-12-18: Ethereal SMB Protocol Dissector Denial of Service Vulnerability.
Ethereal SMB protocol dissector is prone to remotely exploitable denial of
service vulnerability. This issue has been addressed with the release of
Ethereal 0.10.0.
[Only registered and activated users can see links]
December 18, 2003
2003-12-18: Advanced Research Security Auditor Research Assistant Service
Banner HTML Injection Vulnerability.
The issue has been reported to exist due to a lack of sufficient sanitization
performed on banner data enumerated from remote services.
[Only registered and activated users can see links]
December 18, 2003
2003-12-18: SOLMETRA SPAW Editor spaw_control.class.PHP Remote PHP File Include
Vulnerability.
Vulnerability that may allow a remote attacker to include remote PHP scripts and
thereby execute arbitrary code.
[Only registered and activated users can see links]
December 18, 2003
2003-12-18: DUware DUportal Multiple Vulnerabilities.
Multiple vulnerabilities have been identified in the software that include file
include, cross-site scripting, and unauthorized access via changing the user and
administrative passwords.
[Only registered and activated users can see links]
December 18, 2003
2003-12-18: Botan Es_Unix Privilege Escalation Vulnerability.
Botan is prone to a privilege escalation vulnerability in the es_unix module on
Unix systems that do not support /dev/random.
[Only registered and activated users can see links]
December 18, 2003
2003-12-18: IBM DB2 Insecure DMS Directory Permissions Vulnerability.
Malicious local users could take advantage of this issue to delete or tamper
with files in these directories.
[Only registered and activated users can see links]
December 18, 2003
2003-12-18: ECW-Shop Cat Parameter Cross-Site Scripting Vulnerability.
ECW-Shop is prone to cross-site scripting attacks.
[Only registered and activated users can see links]
December 17, 2003
2003-12-17: Dizzy unix2tcp Unspecified Buffer Overflow Vulnerability.
May be prone to a buffer overflow condition, which may allow an attacker to gain
unauthorized access to a vulnerable system.
[Only registered and activated users can see links]
December 17, 2003
2003-12-17: osCommerce osCsid Parameter Cross-Site Scripting Vulnerability.
May be prone to a cross-site scripting vulnerability that may allow an attacker
to construct a malicious link containing HTML or script code that may be
rendered in a user's browser.
[Only registered and activated users can see links]
December 17, 2003
2003-12-17: GoAhead Webserver ASP Script File Source Code Disclosure
Vulnerability.
May result in the disclosure of ASP script files' source code.
[Only registered and activated users can see links]
December 17, 2003
2003-12-17: Ipswitch WS_FTP Server Resource Consumption Remote Denial Of
Service Vulnerability
WS_FTP Server has been reported prone to a resource consumption issue that may
lead to a denial of service.
[Only registered and activated users can see links]
December 17, 2003
2003-12-17: osCommerce SQL Injection Vulnerability.
One of the scripts included with osCommerce fails to validate user-supplied
input, rendering it vulnerable to a SQL injection attack.
[Only registered and activated users can see links]
December 16, 2003
2003-12-16: X Design sipd Remote Format String Vulnerability.
Sipd has been reported prone to a format string vulnerability that may be
triggered remotely.
[Only registered and activated users can see links]
December 16, 2003
2003-12-16: Michael Dean Double Choco Latte Multiple Module Remote File Include
Vulnerability.
May be prone to a file include vulnerability existing in mulitple modules.
[Only registered and activated users can see links]
December 16, 2003
2003-12-16: Dada Mail Unauthorized Mailing List Subscription Vulnerability.
May allow malicious parties to subscribe arbitrary e-mail.
[Only registered and activated users can see links]
December 16, 2003
2003-12-16: Dada Mail Blank List Password Authentication Bypass Weakness.
Dada Mail is prone to a weakness that may allow authentication bypass.
[Only registered and activated users can see links]
December 16, 2003
2003-12-16: MVDSV Quake Server Download Buffer Overrun Vulnerability.
This could permit execution of arbitrary code in the context of the server.
[Only registered and activated users can see links]
December 15, 2003
O-039: CISCO FWSM Vulnerabilities
There are 2 vulnerabilities found in the Cisco Firewall Services Module (FWSM).
[Only registered and activated users can see links]
December 15, 2003
O-040: CISCO PIX Vulnerabilities
There are two vulnerabilities found in the CISCO PIX firewall.
[Only registered and activated users can see links]
December 15, 2003
O-041: Sun 'lpstat' Printing Vulnerability
Sun has found vulnerabilities that exist in the Solaris lpstat(1) command and
the libprint library.
[Only registered and activated users can see links]
December 16, 2003
O-042: Red Hat 'lftp' Buffer Overflow Vulnerability
A buffer overflow vulnerability was found in Red Hat 'lftp' packages.
[Only registered and activated users can see links]
December 22, 2003
O-043: Red Hat Updated Kernel Packages
Local users can gain read access to restricted file descriptors.
[Only registered and activated users can see links]
December 19, 2003
2003-12-19: Multiple PlatinumFTPServer Command Argument Format String
Vulnerabilities.
The issues occur likely due to incorrect usage of programming functions.
[Only registered and activated users can see links]
December 19, 2003
2003-12-19: PY Software Active Webcam Webserver Directory Traversal
Vulnerability.
It has been reported that Active Webcam webserver may be prone to a directory
traversal vulnerability.
[Only registered and activated users can see links]
December 19, 2003
2003-12-19: PY Software Active Webcam Webserver Cross-Site Scripting
Vulnerability.
A vulnerability has been reported to be present in the software that may allow a
remote attacker to execute HTML or script code in a user's browser.
[Only registered and activated users can see links]
December 19, 2003
2003-12-19: Openwares.org Internet Explorer Patch Buffer Overflow
Vulnerability.
Internet Explorer patch supplied by Openwares.org for the Multiple Browser URI
Display Obfuscation Weakness (BID 9182) may be prone to a buffer overflow.
[Only registered and activated users can see links]
December 19, 2003
2003-12-19: Kerio Personal Firewall Stealth Port Scan Unspecified Firewall
Bypassing Vulnerability.
A problem has been identified in the handling of specific types of system scans
by Kerio Personal Firewall.
[Only registered and activated users can see links]
December 19, 2003
2003-12-19: Xerox Xerox_MicroServer/Xerox11 Directory Traversal Vulnerability.
Xerox_MicroServer/Xerox11 may be prone to a directory traversal vulnerability.
[Only registered and activated users can see links]
December 19, 2003
2003-12-19: AOL Instant Messenger Buddy Icon Warning Denial Of Service
Vulnerability
AOL Instant Messenger (AIM) is prone to an issue that may allow malicious
parties to deny the availability of the service to other users.
[Only registered and activated users can see links]
December 19, 2003
2003-12-19: IBM AIX diag Unspecified Privilege Escalation Vulnerability.
IBM has released a security advisory stating that the diag utility is prone to
an unspecified vulnerability that may be potentially exploited to escalate
privileges.
[Only registered and activated users can see links]
December 19, 2003
2003-12-19: IBM AIX enq Local Format String Vulnerability.
IBM has released a security advisory stating that a local format string
vulnerability has been discovered in enq on AIX systems.
[Only registered and activated users can see links]
December 19, 2003
2003-12-19: SiteInteractive Subscribe Me Setup.PL Arbitrary Command Execution
Vulnerability.
SiteInteractive Subscribe Me setup.pl script lacks sufficient sanitization on
user-supplied URI parameters.
[Only registered and activated users can see links]
December 18, 2003
2003-12-18: Multiple ASPapp Portal Vulnerabilities.
ASPapp PortalApp, IntranetApp and ProjectApp have been reported prone to
multiple vulnerabilities.
[Only registered and activated users can see links]
December 18, 2003
2003-12-18: Autorank PHP Multiple SQL Injection Vulnerabilities.
which are exposed via various form-based input fields.
[Only registered and activated users can see links]
December 18, 2003
2003-12-18: laitcg Pop 3 Scan Renattach Malicious Attachment Scanning Bypass
Vulnerability.
Vulnerability that could allow malicious attachments to pass through to the
user.
[Only registered and activated users can see links]
December 18, 2003
2003-12-18: Ethereal Q.931 Protocol Dissector Denial of Service Vulnerability.
Ethereal Q.931 protocol dissector is prone to remotely exploitable denial of
service vulnerability. This issue has been addressed with the release of
Ethereal 0.10.0.
[Only registered and activated users can see links]
December 18, 2003
2003-12-18: Ethereal SMB Protocol Dissector Denial of Service Vulnerability.
Ethereal SMB protocol dissector is prone to remotely exploitable denial of
service vulnerability. This issue has been addressed with the release of
Ethereal 0.10.0.
[Only registered and activated users can see links]
December 18, 2003
2003-12-18: Advanced Research Security Auditor Research Assistant Service
Banner HTML Injection Vulnerability.
The issue has been reported to exist due to a lack of sufficient sanitization
performed on banner data enumerated from remote services.
[Only registered and activated users can see links]
December 18, 2003
2003-12-18: SOLMETRA SPAW Editor spaw_control.class.PHP Remote PHP File Include
Vulnerability.
Vulnerability that may allow a remote attacker to include remote PHP scripts and
thereby execute arbitrary code.
[Only registered and activated users can see links]
December 18, 2003
2003-12-18: DUware DUportal Multiple Vulnerabilities.
Multiple vulnerabilities have been identified in the software that include file
include, cross-site scripting, and unauthorized access via changing the user and
administrative passwords.
[Only registered and activated users can see links]
December 18, 2003
2003-12-18: Botan Es_Unix Privilege Escalation Vulnerability.
Botan is prone to a privilege escalation vulnerability in the es_unix module on
Unix systems that do not support /dev/random.
[Only registered and activated users can see links]
December 18, 2003
2003-12-18: IBM DB2 Insecure DMS Directory Permissions Vulnerability.
Malicious local users could take advantage of this issue to delete or tamper
with files in these directories.
[Only registered and activated users can see links]
December 18, 2003
2003-12-18: ECW-Shop Cat Parameter Cross-Site Scripting Vulnerability.
ECW-Shop is prone to cross-site scripting attacks.
[Only registered and activated users can see links]
December 17, 2003
2003-12-17: Dizzy unix2tcp Unspecified Buffer Overflow Vulnerability.
May be prone to a buffer overflow condition, which may allow an attacker to gain
unauthorized access to a vulnerable system.
[Only registered and activated users can see links]
December 17, 2003
2003-12-17: osCommerce osCsid Parameter Cross-Site Scripting Vulnerability.
May be prone to a cross-site scripting vulnerability that may allow an attacker
to construct a malicious link containing HTML or script code that may be
rendered in a user's browser.
[Only registered and activated users can see links]
December 17, 2003
2003-12-17: GoAhead Webserver ASP Script File Source Code Disclosure
Vulnerability.
May result in the disclosure of ASP script files' source code.
[Only registered and activated users can see links]
December 17, 2003
2003-12-17: Ipswitch WS_FTP Server Resource Consumption Remote Denial Of
Service Vulnerability
WS_FTP Server has been reported prone to a resource consumption issue that may
lead to a denial of service.
[Only registered and activated users can see links]
December 17, 2003
2003-12-17: osCommerce SQL Injection Vulnerability.
One of the scripts included with osCommerce fails to validate user-supplied
input, rendering it vulnerable to a SQL injection attack.
[Only registered and activated users can see links]
December 16, 2003
2003-12-16: X Design sipd Remote Format String Vulnerability.
Sipd has been reported prone to a format string vulnerability that may be
triggered remotely.
[Only registered and activated users can see links]
December 16, 2003
2003-12-16: Michael Dean Double Choco Latte Multiple Module Remote File Include
Vulnerability.
May be prone to a file include vulnerability existing in mulitple modules.
[Only registered and activated users can see links]
December 16, 2003
2003-12-16: Dada Mail Unauthorized Mailing List Subscription Vulnerability.
May allow malicious parties to subscribe arbitrary e-mail.
[Only registered and activated users can see links]
December 16, 2003
2003-12-16: Dada Mail Blank List Password Authentication Bypass Weakness.
Dada Mail is prone to a weakness that may allow authentication bypass.
[Only registered and activated users can see links]
December 16, 2003
2003-12-16: MVDSV Quake Server Download Buffer Overrun Vulnerability.
This could permit execution of arbitrary code in the context of the server.
[Only registered and activated users can see links]