Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Secunia vulnerability reports

  • Please log in to reply
1 reply to this topic

#1 Enthusiast


  • Members
  • 5,898 posts
  • Location:Florida, USA
  • Local time:03:48 AM

Posted 11 August 2005 - 11:01 AM

Part of an email sent me from Secunia
Secunia monitors vulnerabilities in more than 5000 products, e.g.:
Internet Explorer | Mozilla Firefox | Opera

2) This Week in Brief:

Microsoft has released their monthly security updates, which corrects
several vulnerabilities in various Microsoft products.

All users of Microsoft products are advised to check Windows Update for
available security updates.

Additional details can be found in referenced Secunia advisories below.



Secunia has not issued any virus alerts during the week.

3) This Weeks Top Ten Most Read Advisories:

1. [SA16373] Internet Explorer Three Vulnerabilities
2. [SA16105] Skype "skype_profile.jpg" Insecure Temporary File
3. [SA15601] Mozilla / Mozilla Firefox Frame Injection Vulnerability
4. [SA16298] Linux Kernel xfrm Array Indexing Overflow Vulnerability
5. [SA15870] Opera Download Dialog Spoofing Vulnerability
6. [SA16372] Microsoft Windows Plug-and-Play Service Buffer Overflow
7. [SA12758] Microsoft Word Document Parsing Buffer Overflow
8. [SA15756] Opera Image Dragging Vulnerability
9. [SA16210] Microsoft Windows Unspecified USB Device Driver
10. [SA16071] Windows Remote Desktop Protocol Denial of Service

4) Vulnerabilities Summary Listing

[SA16373] Internet Explorer Three Vulnerabilities
[SA16364] Lasso Professional Auth Tag Security Bypass Vulnerability
[SA16372] Microsoft Windows Plug-and-Play Service Buffer Overflow
[SA16356] Microsoft Windows Print Spooler Service Buffer Overflow
[SA16354] Microsoft Windows Telephony Service Vulnerability
[SA16344] EMC Navisphere Manager Directory Traversal and Directory
[SA16368] Microsoft Windows Two Kerberos Vulnerabilities

[SA16387] Red Hat update for gaim
[SA16384] Red Hat update for gaim
[SA16379] Gaim Away Message Buffer Overflow and Denial of Service
[SA16363] Ubuntu update for ekg/libgadu3
[SA16341] Conectiva update for krb5
[SA16331] Mandriva update for ethereal
[SA16358] Red Hat update for ruby
[SA16349] Trustix update for multiple packages
[SA16336] Gentoo update for netpbm
[SA16391] Red Hat update for cups
[SA16390] Fedora update for kdegraphics
[SA16385] Ubuntu update for xpdf/kpdf
[SA16383] Red Hat update for xpdf/kdegraphics
[SA16380] CUPS xpdf Temporary File Writing Denial of Service
[SA16374] Xpdf Temporary File Writing Denial of Service
[SA16370] VegaDNS "message" Cross-Site Scripting Vulnerability
[SA16362] cPanel Password Change Privilege Escalation Security Issue
[SA16334] Ubuntu update for apache2
[SA16382] Red Hat update for ucd-snmp
[SA16367] Sun Solaris printd Daemon Arbitrary File Deletion
[SA16381] Red Hat update for sysreport
[SA16360] Gentoo update for heartbeat
[SA16359] FFTW fftw-wisdom-to-conf.in Insecure Temporary File Creation
[SA16345] Lantonix Secure Console Server Multiple Vulnerabilities
[SA16343] Inkscape ps2epsi.sh Insecure Temporary File Creation
[SA16335] Conectiva update for heartbeat
[SA16355] Linux Kernel Keyring Management Denial of Service
[SA16352] Wine winelauncher.in Insecure Temporary File Creation
[SA16328] Red Hat update for dump


Cross Platform:
[SA16386] WordPress "cache_lastpostdate" PHP Code Insertion
[SA16347] SysCP Two Vulnerabilities
[SA16346] Comdev eCommerce File Inclusion Vulnerability
[SA16342] Gravity Board X Multiple Vulnerabilities
[SA16339] XOOPS PHPMailer and XML-RPC Vulnerabilities
[SA16330] Flatnuke Multiple Vulnerabilities
[SA16388] PHlyMail Unspecified Login Bypass Vulnerability
[SA16375] XMB Forum Server Set Variable Overwrite and SQL Injection
[SA16369] Open Bulletin Board SQL Injection Vulnerabilities
[SA16366] MyFAQ Multiple Scripts SQL Injection Vulnerability
[SA16361] PHPSiteStats Unspecified Login Bypass Vulnerability
[SA16353] PHPLite Calendar Express Two Vulnerabilities
[SA16351] phpIncludes News System SQL Injection Vulnerability
[SA16371] FunkBoard Multiple Cross-Site Scripting Vulnerabilities
[SA16365] Chipmunk Forum "fontcolor" Cross-Site Scripting
[SA16357] e107 HTML / TXT Attachment Script Insertion Vulnerability
[SA16348] Invision Power Board HTML / TXT Attachment Script Insertion
[SA16338] Jax LinkLists Cross-Site Scripting and Information
[SA16337] Jax Guestbook Cross-Site Scripting and Information
[SA16333] Jax Calendar Cross-Site Scripting Vulnerability
[SA16332] Jax Newsletter Cross-Site Scripting and Information
[SA16329] tDiary Cross-Site Request Forgery Vulnerability

5) Vulnerabilities Content Listing


[SA16373] Internet Explorer Three Vulnerabilities

Critical: Highly critical
Where: From remote
Impact: Cross Site Scripting
Released: 2005-08-09

Three vulnerabilities have been reported in Internet Explorer, which
can be exploited by malicious people to conduct cross-site scripting
attacks or compromise a user's system.
Full Advisory:

You can explore further at

What is interesting is that contrary to popular Microsoft hater's beliefs, mozilla and linux have significant vulnerabilities as well. It is a problem not limited to IE or Windows.

BC AdBot (Login to Remove)


#2 jgweed


  • Members
  • 28,473 posts
  • Gender:Male
  • Location:Chicago, Il.
  • Local time:03:48 AM

Posted 11 August 2005 - 12:09 PM

3. [SA15601] Mozilla / Mozilla Firefox Frame Injection Vulnerability

Comment: this was fixed in FF 1.05 and Mozilla 1.7.10

I am not sure what all this means, other than suggesting the obvious that vulnerabilities exist everywhere. From the list, it is difficult to understand the significance of the vulnerabilites, whether they have had proof of concepts published, or have actually been exploited, so I am not quite sure what is proved here.

Whereof one cannot speak, thereof one should be silent.

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users