Internet / Network Security
  1. Home
  2. Computing & Technology
  3. Internet / Network Security

Security Alerts and Bulletins

QuickTips Index

[SA10962] Apache Directory Traversal Vulnerability
Jeremy Bae has reported a vulnerability in Apache running on cygwin, allowing malicious people to view arbitrary files on a vulnerable system.

[SA10973] Trillian Protocol Handling Buffer Overflow Vulnerabilities
Stefan Esser has discovered two vulnerabilities in Trillian, which can be exploited by malicious people to compromise a user's system

[SA10969] Platform LSF "eauth" Component Vulnerabilities
Tomasz Grabowski has reported some vulnerabilities in Platform LSF, which can be exploited by malicious people to impersonate other users, gain escalated privileges, and potentially compromise a vulnerable system.

[SA10967] Opt-X Arbitrary File Inclusion Vulnerability
G00db0y has reported a vulnerability in Opt-X, which can be exploited by malicious people to compromise a vulnerable system.

[SA10966] Confirm Arbitrary Command Execution Vulnerability
Mariusz Woloszyn has discovered a vulnerability in Confirm, which can be exploited by malicious people to compromise a user's system.

[SA10961] Debian update for metamail
Debian has issued updated packages for metamail. These fix some vulnerabilities, which can be exploited by malicious people to compromise a user's system.

[SA10921] ZoneAlarm SMTP Service Buffer Overflow Vulnerability
eEye has discovered a vulnerability in ZoneAlarm and Zone Labs Integrity, allowing malicious people to compromise a vulnerable system.

[SA10960] Avirt Voice/Soho Long Input Buffer Overflow Vulnerabilities
Donato Ferrante has reported some vulnerabilities in Avirt Voice and Avirt Soho, which potentially can be exploited by malicious people to compromise a vulnerable system.

[SA10963] XMB Cross Site Scripting and SQL Injection Vulnerabilities
Janek Vind has reported multiple vulnerabilities in XMB, allowing malicious people to conduct Cross Site Scripting and SQL injection attacks.

[SA10958] Libxml2 URI Parsing Buffer Overflow Vulnerabilities
Yuuichi Teranishi has discovered some vulnerabilities in libxml2, which potentially can be exploited by malicious people to compromise a vulnerable system.

[SA10959] Mac OS X Security Update Fixes Multiple Vulnerabilities
Multiple vulnerabilities have been discovered in Apple Mac OS X, where some of the specified issues can be exploited to gain knowledge of sensitive information, cause a DoS (Denial of Service), and potentially compromise a vulnerable system.

[SA10956] Quicktime/Darwin Streaming Server DESCRIBE Request Denial of Service
iDEFENSE has reported a vulnerability in QuickTime/Darwin Streaming Server, which can be exploited by malicious people to cause a DoS (Denial of Service).

[SA10951] Debian update for hsftp
Debian has issued updated packages for hsftp. These fix a vulnerability, which potentially can be exploited by malicious people to compromise a user's system.

[SA10950] Hsftp Filename Format String Vulnerability
The vulnerability is caused due to a format string error when processing file names. This can be exploited by placing files with specially crafted filenames containing format specifiers on a server and trick a user into connecting to it.

[SA10948] PSOProxy Long Input Buffer Overflow Vulnerability
The vulnerability is caused due to a boundary error when handling received data. This can be exploited to cause a buffer overflow by sending an overly long HTTP request or arbitrary large string (about 1035 bytes) to the service or tricking a user, whose traffic is processed by the proxy, to visit a malicious website or click a specially crafted link.

[SA10947] Proxy-Pro Professional GateKeeper Buffer Overflow Vulnerability
The vulnerability is caused due to a boundary error in the web proxy ("GKHttp.dll"). This can be exploited to cause a buffer overflow by sending an overly long HTTP request or arbitrary string (about 4100 bytes) to the service or by tricking a user, whose HTTP traffic is processed by the proxy, to visit a malicious website or click a specially crafted link.

[SA10955] phpNewsManager "functions.php" Directory Traversal Vulnerability
G00db0y has reported a vulnerability in phpNewsManager, which can be exploited by malicious people to gain knowledge of sensitive information. The "functions.php" script does not sanitise user input passed to the "clang" parameter properly, which can be exploited via classic directory traversal attacks to disclose the content of arbitrary files.

[SA10946] Debian update for mailman
Debian has issued updated packages for pwlib. These fix some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service).

[SA10938] Oracle9i Lite Unspecified Vulnerability
Oracle has issued updates for Oracle9i Lite. These fix an unspecified vulnerability, allowing authenticated users to gain access to a connected Oracle database server.

[SA10933] Cisco ONS 15000 Multiple Vulnerabilities
Multiple vulnerabilities have been reported in various products running Cisco ONS, which can be exploited by malicious people to gain knowledge of system information, cause a DoS (Denial of Service), or gain unauthorised access.

[SA10936] Oracle9i Database and Application Server SOAP DTD Denial of Service
Amit Klein has identified a vulnerability in Oracle9i Database and Application Server, allowing malicious people to cause a Denial of Service. The vulnerability is caused due to an error in the XML parser when parsing the DTD (Document Type Definition) part of XML documents. This can be exploited on SOAP enabled servers by sending a specially crafted SOAP request, which causes a vulnerable SOAP server to consume all CPU resources for a longer period of time as well as large amounts of memory.

[SA10934] TANDBERG Products H.323 Protocol Implementation Vulnerabilities
TANDBERG has acknowledged that some products are affected by the recently reported vulnerabilities in various vendors' H.323 protocol implementations. The vulnerabilities are caused due to errors in the processing of H.225 messages over TCP. This can be exploited by malicious people to reboot an affected device by sending specially crafted messages to it (default port 1720/tcp).

[SA10931] Debian update for XFree86
Debian has issued updated packages for XFree86. These fix some vulnerabilities, which can be exploited by malicious, local users to gain escalated privileges or cause a DoS (Denial of Service).

[SA10939] OpenLinux update for saned
SCO has issued updated packages for sane. These fix several vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service).

Explore Internet / Network Security
About.com Special Features
Family Tech Center

Stay connected and entertained with reviews on tips on the latest HDTVs, cellphones and more. More >

Connect Your Home Computers

Easy ways to connect two computers for networking purposes. More >

Internet / Network Security
  1. Home
  2. Computing & Technology
  3. Internet / Network Security

©2009 About.com, a part of The New York Times Company.

All rights reserved.