Patch 113579-03 that was released for Solaris 9 in mid-February introduces a security bug that affects anyone running a NIS server.
af8a27c3a62be7c3fb127a4bfe17fa95641a3d58ac90fc99d916bb9d731edc1d
Debian Security Advisory DSA 488-1 - Christian Jaeger reported a bug in logcheck which could potentially be exploited by a local user to overwrite files with root privileges. logcheck utilized a temporary directory under /var/tmp without taking security precautions. While this directory is created when logcheck is installed, and while it exists there is no vulnerability, if at any time this directory is removed, the potential for exploitation exists.
0847d476372853d07fab312a6d3a8a545b2f8c1634ced2c0ed2d79f678c6ea79
XChat versions 2.0.8 through 1.8.0 are vulnerable to a boundary error condition in their SOCKS-5 proxy code. Successful exploitation can lead to a complete system compromise.
d5f20b76db2c8dc08bf4e18ba72b64835cbb45e7648c299108cb57c4fec1bc1e
Zaep AntiSpam 2.0 is susceptible to cross site scripting vulnerabilities.
3e7e4f123c4943e9bd523542e9c492ae9d9114fb2b02ef17bbd39fbb62c40969
BitDefender's online scanning service has Active-X related flaws that allow an attacker to run arbitrary code server side.
b99278bb29477cd2c8b3b823340d554551425884717cdd650dc007d6d6ad6370
phpBB versions 2.0.8a and below suffer from an IP spoofing vulnerability that allows a malicious user to post messages and have them be tied to forged IP addresses.
012ac3015749c388d7244a46e4409b068cea07bc7316faa1b7af96cede0be17e
A critical SQL injection bug exists in Phorum version 3.4.7 that allows a remote attacker to view sensitive data. The problem code lies in userlogin.php.
9a6afe98513c69946e7f30f31b5b192c8e6123e0b8371ba1df208f890ff5610d
Format string bugs exist in neon versions 0.19.0 and below when ne_set_error is changed from taking a single char to taking printf-style varargs. Release 0.24.5 fixes this problem.
493de778dca786fb58573a1e349e7d80a8466d1d46c151285d7ceeb5d82f3d28
Norton Antivirus is susceptible to a nested file manual scan bypass attack.
ca93438b7c9ea3dc6ec50a2867da283a445c246f3149cf5a65d2c644ba088113
Secunia Security Advisory SA11394 - A vulnerability in WIKINDX allows remote attackers the ability to read the configuration file.
ee342545e2df7fd12434bdc4d699fb5898e616061e3500f5199f9bdce38ebf41
Secunia Security Advisory SA11367 - Subversion versions 0.x to 1.x are reportedly affected by some vulnerabilities, which potentially can be exploited by malicious people to compromise a vulnerable system.
b54ff37cbaf0637ed2490a2f37b5ef05279d4058f159713993eb18cb5a926975
Secunia Security Advisory SA11396 - The SCT Campus Pipeline attachment script has a vulnerability that allows for a cross site scripting attack.
a04a37084472dc5e42132b2098cf642069be0c7055f61266e861f2c2a0693dcb
ColdFusion MX versions 6.0 and below suffer from a denial of service vulnerability when memory usage gets saturated due to an oversized string being returned as part of an error message.
619d02fdd2afd7d22cc8e5417214549294b00a682f1dafc88add6159e988ecf4
The chpasswd binary plugin version 3.x that comes with SquirrelMail is susceptible to a buffer overflow.
51bed8c4cf3edfac90f26c1ed8d63cd3bf848fa26f97b3022a5c47a95bfe5974
Debian Security Advisory DSA 483-1 - The scripts mysqld_multi and mysqlbug in MySQL allow local users to overwrite arbitrary files via symlink attacks.
bee19f598e2eea511dddfaacc16b600f1e9d73c78441f166dabd4562e60f75f4
SuSE Security Advisory SuSE-SA:2004:008 - Two vulnerabilities have been discovered in CVS that can be exploited by malicious servers to compromise clients and by malicious users to retrieve arbitrary files from servers. Versions below 1.11.15 are affected.
634465bf9d0bf7d62e31bf17a6f6268ae520d0e80fc702c299ae1cadf2f0691f
Debian Security Advisory DSA 485-1 - Max Vozeler discovered two format string vulnerabilities in ssmtp, a simple mail transport agent. Untrusted values in the functions die() and log_event() were passed to printf-like functions as format strings. These vulnerabilities could potentially be exploited by a remote mail relay to gain the privileges of the ssmtp process (including potentially root).
dbb0ababf09e05e0182a9e13cbee4381b08e05056c33cc77cc8e03612c4fa654
Debian Security Advisory DSA 484-1 - Steve Kemp discovered a vulnerability in xonix, a game, where an external program was invoked while retaining setgid privileges. A local attacker could exploit this vulnerability to gain gid games.
95a2e6f0eb8456498067248b6ff0d47a81a32f4f950f5e93366646d58927a210
FTGateOffice/FTGatePro version 1.2 suffers from path exposure, cross site scripting, and validation errors.
eba70e4d82f4cdab0151b0d9a32d2ad8b4275d178450f866cc85fb930b059524
Cross site scripting bugs exist in PHP-Nuke versions 6.x through 7.2.
0da992c6bc892cac7f6b99a84635a87953f1c508e250c836c2ccfb9e521244ce
iDEFENSE Security Advisory 04.14.04: The Linux kernel performs no length checking on symbolic links stored on an ISO9660 file system, allowing a malformed CD to perform an arbitrary length overflow in kernel memory. Symbolic links on ISO9660 file systems are supported by the 'Rock Ridge' extension to the standard format. The vulnerability can be triggered by performing a directory listing on a maliciously constructed ISO file system, or attempting to access a file via a malformed symlink on such a file system. Many distributions allow local users to mount CDs, which makes them potentially vulnerable to local elevation attacks. The issue affects the 2.4.x, 2.5.x and 2.6.x kernel. Other kernel implementations may also be vulnerable.
37ae99b004272092f2bfb32d3b0aec033f6d0b99842d8d8cde738ec767346788
Secunia Security Advisory SA11358 - A vulnerability has been discovered in BEA WebLogic Server and WebLogic Express, which potentially allows malicious people to impersonate a user or server. The problem arises when SSL connections are established. A connection may be approved if the certificate chain is valid but the custom trust manager rejects the chain. This can potentially be exploited to gain unauthorized access. Versions affected are Server and Express 7.x through 8.x.
aeba05f30050233ac3bee2ebf32cbe2fd0c99eee958862c1495e92f7e563aedf
Secunia Security Advisory SA11356 - A security issue has been discovered in BEA WebLogic Server and WebLogic Express, which may lead to inappropriate privileges being granted. The problem arises if a parent group is deleted because child groups remains a member, after the parent group is deleted. If a parent group is re-created and granted higher privileges, those privileges are inherited by any group, which was a member of the group before being deleted. Versions affected are Server and Express 7.x through 8.x.
1c9767ef3923dd0eb87473562073b63aed6ed757a903c0ff17f1208978f88e33
1st Class mail server 4.01 suffers from a directory traversal and cross site scripting vulnerabilities.
37d2fbb2a07f80804c9aaf3e8665223847ed95e04aa791e1f7c74b43a1bf0c76
Citadel/UX Security Advisory 2004-01 - Citadel/UX versions 5.00 through 6.14 had loose permission settings for database related files, allowing any local shell user to gain access to any data on the system.
9528e6e8eb10b9e85b444a257f9d75e05e65db8af8dbc32634e6006f86f7eb36