Results 1 to 3 of 3

Thread: Security Vulnerability Alerts for today

  1. #1
    Join Date
    Jul 2003
    Posts
    1,446
    Rep Power
    0

    Default Security Vulnerability Alerts for today

    1. GuppY

    Vendor: Duveau, Laurent

    An input validation vulnerability was reported in GuppY. A
    remote user can conduct cross-site scripting attacks.

    Impact: Disclosure of authentication information

    Alert: http://securitytracker.com/alerts/2003/Sep/1007847.html


    2. SSH Sentinel

    Vendor: SSH Communications

    A vulnerability was reported in SSH Sentinel from SSH
    Communications. A remote user may be able to cause the target
    system to crash.

    Impact: Denial of service via network

    Alert: http://securitytracker.com/alerts/2003/Sep/1007841.html


    3. OpenSSL

    Vendor: OpenSSL.org

    Several vulnerabilities were reported in the ASN.1 parsing code
    in OpenSSL. A remote user may be able to cause arbitrary code to
    be executed on a server application that uses OpenSSL.

    Impact: Denial of service via network

    Alert: http://securitytracker.com/alerts/2003/Sep/1007837.html


    4. webfs

    Vendor: Knorr, Gerd

    Two vulnerabilities were reported in the webfs HTTP server. In
    certain cases, a remote user can view files on the system. A local
    user can trigger a buffer overflow and potentially execute
    arbitrary code on the system.

    Impact: Disclosure of system information

    Alert: http://securitytracker.com/alerts/2003/Sep/1007835.html


    5. 1ASPCommerce

    Vendor: Web Helper Online

    CyberTalon reported a vulnerability in 1ASPCommerce. A remote
    user can gain administrative access on the application.

    Impact: User access via network

    Alert: http://securitytracker.com/alerts/2003/Sep/1007834.html


    6. mIRC

    Vendor: mIRC Co. Ltd.

    A buffer overflow was reported in the mIRC client. A remote
    IRC server can cause arbitrary code to be executed on the connected
    mIRC client.

    Impact: Execution of arbitrary code via network

    Alert: http://securitytracker.com/alerts/2003/Sep/1007831.html


    7. FreeStyle Chat Server

    Vendor: Hartmann, Gus and Keller, Peter

    Some buffer overflow vulnerabilities were reported in the
    Freesweep game software. A local user may be able to obtain
    elevated privileges on the system.

    Impact: Execution of arbitrary code via local system

    Alert: http://securitytracker.com/alerts/2003/Sep/1007829.html


    8. Geeklog

    Vendor: Geeklog

    Lorenzo Hernandez Garcia-Hierro reported several
    vulnerabilities in Geeklog. A remote user can inject SQL commands.
    A remote user can also conduct cross-site scripting attacks.

    Impact: Disclosure of authentication information

    Alert: http://securitytracker.com/alerts/2003/Sep/1007828.html


    9. Invision Power Board

    Vendor: Invision Power Services

    f3rm0r of Media Assasins reported a file permission
    vulnerability in Invision Power Board. A local user can modify a
    global configuration file.

    Impact: Execution of arbitrary code via local system

    Alert: http://securitytracker.com/alerts/2003/Sep/1007827.html



  2. #2
    Join Date
    Jul 2003
    Posts
    1,446
    Rep Power
    0

    Default Re: Security Vulnerability Alerts for today

    more vulnerability alerts :
    10. A-CART

    Vendor: alanward.net

    G00db0y from Zone-h Security Team reported an input validation
    vulnerability in A-CART. A remote user can conduct cross-site
    scripting attacks.

    Impact: Disclosure of authentication information

    Alert: http://securitytracker.com/alerts/2003/Sep/1007826.html


    11. Cisco PIX Firewall

    Vendor: Cisco

    A denial of service vulnerability was reported in the Cisco PIX
    firewall. A remote user can cause the firewall's pool of network
    address translation (NAT) addresses to become exhausted.

    Impact: Denial of service via network

    Alert: http://securitytracker.com/alerts/2003/Oct/1007877.html


    12. RaQ

    Vendor: Sun

    Lorenzo Hernandez Garcia-Hierro of NSRGroup reported some input
    validation vulnerabilities in the Sun Cobalt RaQ web-based control
    panel. A remote user can conduct cross-site scripting attacks
    against RaQ administrators.

    Impact: Disclosure of authentication information

    Alert: http://securitytracker.com/alerts/2003/Oct/1007876.html


    13. procfs

    Vendor: FreeBSD

    A vulnerability was reported in the FreeBSD kernel in procfs.
    A local user may be able to cause the system to crash. A local
    user may be able to view kernel memory, which could lead to
    privilege escalation.

    Impact: Denial of service via local system

    Alert: http://securitytracker.com/alerts/2003/Oct/1007875.html


    14. Windows Kernel

    Vendor: Microsoft

    A denial of service vulnerability was reported in the Microsoft
    Windows operating system in the PostThreadMessage() API. A local
    user can terminate arbitrary processes in certain cases.

    Impact: Denial of service via local system

    Alert: http://securitytracker.com/alerts/2003/Oct/1007874.html


    15. FortiGate

    Vendor: Fortinet

    Several vulnerabilities were reported in the FortiGate
    firewall. A remote user may be able to obtain an administrator's
    username and password to gain access the firewall.

    Impact: Disclosure of authentication information

    Alert: http://securitytracker.com/alerts/2003/Oct/1007872.html


    16. FreeBSD Kernel

    Vendor: FreeBSD

    An integer overflow vulnerability was reported in the FreeBSD
    operating system kernel in the readv(2) system call. A local user
    can cause the kernel to crash. A local user may be able to gain
    read and write access to files on the system to obtain elevated
    privileges.

    Impact: Denial of service via local system

    Alert: http://securitytracker.com/alerts/2003/Oct/1007868.html


    17. ScreenOS (NetScreen)

    Vendor: NetScreen

    A vulnerability was reported in NetScreen's ScreenOS. In
    certain cases, NetScreen firewall/VPN appliances that act as DHCP
    servers may leak sensitive information to remote users, including
    passwords.

    Impact: Disclosure of authentication information

    Alert: http://securitytracker.com/alerts/2003/Oct/1007867.html


    18. MPNews PRO

    Vendor: Mutant Penguin Software

    GamaSec reported a directory traversal vulnerability in the
    MPNews PRO news server. A remote user can view files located
    outside of the root document directory.

    Impact: Disclosure of system information

    Alert: http://securitytracker.com/alerts/2003/Oct/1007866.html


    19. MPWeb PRO

    Vendor: Mutant Penguin Software

    Gamasec reported a directory traversal vulnerability in the
    MPWeb PRO web server. A remote user can view files located outside
    of the web document directory.

    Impact: Disclosure of system information

    Alert: http://securitytracker.com/alerts/2003/Oct/1007865.html



  3. #3
    Join Date
    Jul 2003
    Posts
    1,446
    Rep Power
    0

    Default Re: Security Vulnerability Alerts for today

    20. Overture

    Vendor: Overture Services, Inc.

    Nataniel Baiao reported an input validation vulnerability in
    Overture's search pages. A remote user can conduct cross-site
    scripting attacks.

    Impact: Disclosure of authentication information

    Alert: http://securitytracker.com/alerts/2003/Oct/1007864.html


    21. Novell Distributed Print Services (NDPS)

    Vendor: Novell

    A vulnerability was reported in the Novell Distributed Print
    Services (NDPS). A remote user can view NDPS Broker statistics.

    Impact: Disclosure of system information

    Alert: http://securitytracker.com/alerts/2003/Oct/1007863.html


    22. Everyfind

    Vendor: Atrise Software Co.

    An input validation vulnerability was reported in Atrise
    Everyfind search engine feature. A remote user can conduct
    cross-site scripting attacks.

    Impact: Disclosure of authentication information

    Alert: http://securitytracker.com/alerts/2003/Oct/1007861.html


    23. DB2

    Vendor: IBM

    Some buffer overflow vulnerabilities were reported in IBM's DB2
    database in the processing of the LOAD and INVOKE commands. A
    remote authenticated user with certain privileges can execute
    arbitrary code on the target system.

    Impact: Execution of arbitrary code via network

    Alert: http://securitytracker.com/alerts/2003/Oct/1007855.html


    24. winShadow

    Vendor: OmniCom Technologies

    Several vulnerabilities were reported in winShadow. A remote
    user can execute arbitrary code on the target client and can cause
    the target server to crash.

    Impact: Denial of service via network

    Alert: http://securitytracker.com/alerts/2003/Oct/1007854.html


    25. SSH

    Vendor: SSH Communications

    A vulnerability was reported in SSH Secure Shell in the
    decoding of ASN.1 BER/DER-encoded packets. A remote user can cause
    the target SSH process (and potentially the target host) to crash.

    Impact: Denial of service via network

    Alert: http://securitytracker.com/alerts/2003/Oct/1007851.html


    26. Kernel

    Vendor: IBM

    A vulnerability was reported in the IBM AIX operating system in
    the getipnodebyname() API. A remote or local user can create
    denial of service conditions.

    Impact: Denial of service via local system

    Alert: http://securitytracker.com/alerts/2003/Oct/1007849.html




Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •