Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Secunia vulnerability reports


  • Please log in to reply
1 reply to this topic

#1 Enthusiast

Enthusiast

  • Members
  • 5,898 posts
  • OFFLINE
  •  
  • Location:Florida, USA
  • Local time:08:20 PM

Posted 11 August 2005 - 11:01 AM

Part of an email sent me from Secunia
Secunia monitors vulnerabilities in more than 5000 products, e.g.:
Internet Explorer | Mozilla Firefox | Opera
http://secunia.com/

================================================
2) This Week in Brief:

Microsoft has released their monthly security updates, which corrects
several vulnerabilities in various Microsoft products.

All users of Microsoft products are advised to check Windows Update for
available security updates.

Additional details can be found in referenced Secunia advisories below.

Reference:
http://secunia.com/SA16373
http://secunia.com/SA16372
http://secunia.com/SA16368
http://secunia.com/SA16356
http://secunia.com/SA16354


VIRUS ALERTS:

Secunia has not issued any virus alerts during the week.

========================================================================
3) This Weeks Top Ten Most Read Advisories:

1. [SA16373] Internet Explorer Three Vulnerabilities
2. [SA16105] Skype "skype_profile.jpg" Insecure Temporary File
Creation
3. [SA15601] Mozilla / Mozilla Firefox Frame Injection Vulnerability
4. [SA16298] Linux Kernel xfrm Array Indexing Overflow Vulnerability
5. [SA15870] Opera Download Dialog Spoofing Vulnerability
6. [SA16372] Microsoft Windows Plug-and-Play Service Buffer Overflow
7. [SA12758] Microsoft Word Document Parsing Buffer Overflow
Vulnerabilities
8. [SA15756] Opera Image Dragging Vulnerability
9. [SA16210] Microsoft Windows Unspecified USB Device Driver
Vulnerability
10. [SA16071] Windows Remote Desktop Protocol Denial of Service
Vulnerability

========================================================================
4) Vulnerabilities Summary Listing

Windows:
[SA16373] Internet Explorer Three Vulnerabilities
[SA16364] Lasso Professional Auth Tag Security Bypass Vulnerability
[SA16372] Microsoft Windows Plug-and-Play Service Buffer Overflow
[SA16356] Microsoft Windows Print Spooler Service Buffer Overflow
Vulnerability
[SA16354] Microsoft Windows Telephony Service Vulnerability
[SA16344] EMC Navisphere Manager Directory Traversal and Directory
Listing
[SA16368] Microsoft Windows Two Kerberos Vulnerabilities

UNIX/Linux:
[SA16387] Red Hat update for gaim
[SA16384] Red Hat update for gaim
[SA16379] Gaim Away Message Buffer Overflow and Denial of Service
[SA16363] Ubuntu update for ekg/libgadu3
[SA16341] Conectiva update for krb5
[SA16331] Mandriva update for ethereal
[SA16358] Red Hat update for ruby
[SA16349] Trustix update for multiple packages
[SA16336] Gentoo update for netpbm
[SA16391] Red Hat update for cups
[SA16390] Fedora update for kdegraphics
[SA16385] Ubuntu update for xpdf/kpdf
[SA16383] Red Hat update for xpdf/kdegraphics
[SA16380] CUPS xpdf Temporary File Writing Denial of Service
[SA16374] Xpdf Temporary File Writing Denial of Service
[SA16370] VegaDNS "message" Cross-Site Scripting Vulnerability
[SA16362] cPanel Password Change Privilege Escalation Security Issue
[SA16334] Ubuntu update for apache2
[SA16382] Red Hat update for ucd-snmp
[SA16367] Sun Solaris printd Daemon Arbitrary File Deletion
Vulnerability
[SA16381] Red Hat update for sysreport
[SA16360] Gentoo update for heartbeat
[SA16359] FFTW fftw-wisdom-to-conf.in Insecure Temporary File Creation
[SA16345] Lantonix Secure Console Server Multiple Vulnerabilities
[SA16343] Inkscape ps2epsi.sh Insecure Temporary File Creation
[SA16335] Conectiva update for heartbeat
[SA16355] Linux Kernel Keyring Management Denial of Service
Vulnerabilities
[SA16352] Wine winelauncher.in Insecure Temporary File Creation
[SA16328] Red Hat update for dump

Other:


Cross Platform:
[SA16386] WordPress "cache_lastpostdate" PHP Code Insertion
[SA16347] SysCP Two Vulnerabilities
[SA16346] Comdev eCommerce File Inclusion Vulnerability
[SA16342] Gravity Board X Multiple Vulnerabilities
[SA16339] XOOPS PHPMailer and XML-RPC Vulnerabilities
[SA16330] Flatnuke Multiple Vulnerabilities
[SA16388] PHlyMail Unspecified Login Bypass Vulnerability
[SA16375] XMB Forum Server Set Variable Overwrite and SQL Injection
[SA16369] Open Bulletin Board SQL Injection Vulnerabilities
[SA16366] MyFAQ Multiple Scripts SQL Injection Vulnerability
[SA16361] PHPSiteStats Unspecified Login Bypass Vulnerability
[SA16353] PHPLite Calendar Express Two Vulnerabilities
[SA16351] phpIncludes News System SQL Injection Vulnerability
[SA16371] FunkBoard Multiple Cross-Site Scripting Vulnerabilities
[SA16365] Chipmunk Forum "fontcolor" Cross-Site Scripting
Vulnerability
[SA16357] e107 HTML / TXT Attachment Script Insertion Vulnerability
[SA16348] Invision Power Board HTML / TXT Attachment Script Insertion
[SA16338] Jax LinkLists Cross-Site Scripting and Information
Disclosure
[SA16337] Jax Guestbook Cross-Site Scripting and Information
Disclosure
[SA16333] Jax Calendar Cross-Site Scripting Vulnerability
[SA16332] Jax Newsletter Cross-Site Scripting and Information
Disclosure
[SA16329] tDiary Cross-Site Request Forgery Vulnerability

========================================================================
5) Vulnerabilities Content Listing

Windows:--

[SA16373] Internet Explorer Three Vulnerabilities

Critical: Highly critical
Where: From remote
Impact: Cross Site Scripting
Released: 2005-08-09

Three vulnerabilities have been reported in Internet Explorer, which
can be exploited by malicious people to conduct cross-site scripting
attacks or compromise a user's system.
Full Advisory:
http://secunia.com/advisories/16373

You can explore further at
http://secunia.com/

What is interesting is that contrary to popular Microsoft hater's beliefs, mozilla and linux have significant vulnerabilities as well. It is a problem not limited to IE or Windows.

BC AdBot (Login to Remove)

 


#2 jgweed

jgweed

  • Staff Emeritus
  • 28,473 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chicago, Il.
  • Local time:08:20 PM

Posted 11 August 2005 - 12:09 PM

3. [SA15601] Mozilla / Mozilla Firefox Frame Injection Vulnerability

Comment: this was fixed in FF 1.05 and Mozilla 1.7.10

I am not sure what all this means, other than suggesting the obvious that vulnerabilities exist everywhere. From the list, it is difficult to understand the significance of the vulnerabilites, whether they have had proof of concepts published, or have actually been exploited, so I am not quite sure what is proved here.

Regards,
John
Whereof one cannot speak, thereof one should be silent.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users