1. GuppY
Vendor: Duveau, Laurent
An input validation vulnerability was reported in GuppY. A
remote user can conduct cross-site scripting attacks.
Impact: Disclosure of authentication information
Alert: http://securitytracker.com/alerts/2003/Sep/1007847.html
2. SSH Sentinel
Vendor: SSH Communications
A vulnerability was reported in SSH Sentinel from SSH
Communications. A remote user may be able to cause the target
system to crash.
Impact: Denial of service via network
Alert: http://securitytracker.com/alerts/2003/Sep/1007841.html
3. OpenSSL
Vendor: OpenSSL.org
Several vulnerabilities were reported in the ASN.1 parsing code
in OpenSSL. A remote user may be able to cause arbitrary code to
be executed on a server application that uses OpenSSL.
Impact: Denial of service via network
Alert: http://securitytracker.com/alerts/2003/Sep/1007837.html
4. webfs
Vendor: Knorr, Gerd
Two vulnerabilities were reported in the webfs HTTP server. In
certain cases, a remote user can view files on the system. A local
user can trigger a buffer overflow and potentially execute
arbitrary code on the system.
Impact: Disclosure of system information
Alert: http://securitytracker.com/alerts/2003/Sep/1007835.html
5. 1ASPCommerce
Vendor: Web Helper Online
CyberTalon reported a vulnerability in 1ASPCommerce. A remote
user can gain administrative access on the application.
Impact: User access via network
Alert: http://securitytracker.com/alerts/2003/Sep/1007834.html
6. mIRC
Vendor: mIRC Co. Ltd.
A buffer overflow was reported in the mIRC client. A remote
IRC server can cause arbitrary code to be executed on the connected
mIRC client.
Impact: Execution of arbitrary code via network
Alert: http://securitytracker.com/alerts/2003/Sep/1007831.html
7. FreeStyle Chat Server
Vendor: Hartmann, Gus and Keller, Peter
Some buffer overflow vulnerabilities were reported in the
Freesweep game software. A local user may be able to obtain
elevated privileges on the system.
Impact: Execution of arbitrary code via local system
Alert: http://securitytracker.com/alerts/2003/Sep/1007829.html
8. Geeklog
Vendor: Geeklog
Lorenzo Hernandez Garcia-Hierro reported several
vulnerabilities in Geeklog. A remote user can inject SQL commands.
A remote user can also conduct cross-site scripting attacks.
Impact: Disclosure of authentication information
Alert: http://securitytracker.com/alerts/2003/Sep/1007828.html
9. Invision Power Board
Vendor: Invision Power Services
f3rm0r of Media Assasins reported a file permission
vulnerability in Invision Power Board. A local user can modify a
global configuration file.
Impact: Execution of arbitrary code via local system
Alert: http://securitytracker.com/alerts/2003/Sep/1007827.html