on my searches today i found some bugs that i think i should post because well, we use some of the things they are in so, im gunna post these and i think theres a fix for most so make sure you patch (poor xmaddy, that huge uptime is gunna be spanked if you use these lololol sorry man had to)

anyway, enjoy reading:

For the first one, im posting this because a few days ago i saw a thread that was asking about text based browsers.

Vendor: Ito, Akinori

An input validation vulnerability was reported in the w3m web
browser. A remote user can conduct cross-site scripting attacks.

Impact: Disclosure of authentication information

Alert: http://securitytracker.com/alerts/2003/Feb/1006060.html
---------------------------------------------------------------------------------------------
This next one isnt that bad because well, they need physical access, but if you work in a large company that has confidential info this may affect you more:

Linux Kernel

Vendor: [Multiple Authors/Vendors]

A vulnerability was reported in the Linux 2.4 kernel. A local
user may be able to read some information from the file system that
the user is not authorized to read.

Impact: Denial of service via local system

Alert: http://securitytracker.com/alerts/2003/Feb/1006049.html

so if you work in a bigger company you may wanna check out the supplied link.
--------------------------------------------------------------------------------------------------------------------------------------

For this next one....im starting to realize why people say Internet Exploiter, this is weird:

Microsoft Internet Explorer (IE)

Vendor: Microsoft

A vulnerability was reported in Microsoft Internet Explorer in
the showHelp() function. A remote user can create HTML scripting
code that could load and execute code on a target user's system.

Impact: Disclosure of system information

Alert: http://securitytracker.com/alerts/2003/Feb/1006046.html
I know theres alot of Windows users here so make sure you update Windows and make sure you get any available IE updates.
-------------------------------------------------------------------------------------------------------------

Another one for the XP people here, as i said a sec ago make sure you update:

Windows Redirector

Vendor: Microsoft

A vulnerability was reported in the Windows Redirector in
Microsoft Windows XP operating system. A local user could gain
elevated privileges.

Impact: Execution of arbitrary code via local system

Alert: http://securitytracker.com/alerts/2003/Feb/1006045.html
-------------------------------------------------------------------------------------------------------------------------
For this one, i remember there was a post like 3 days ago about opera but im not sure if it was this particular flaw or not so ill post it just to be sure:

Opera

Vendor: Opera Software

Several vulnerabilities were reported in the Opera web browser.
A remote user can create HTML that, when loaded, can access
arbitrary files and directories on the target user's system. A
remote user can obtain some browser history details.

Impact: Disclosure of system information

Alert: http://securitytracker.com/alerts/2003/Feb/1006044.html
------------------------------------------------------------------------
This ones for anyone running a mailing list or something and uses majordomo:

Majordomo

Vendor: Chapman, Brent et al

An information disclosure vulnerability was reported in
Majordomo. A remote user may be able to extract subscriber e-mail
addresses from the server.

Impact: Disclosure of user information

Alert: http://securitytracker.com/alerts/2003/Feb/1006040.html
-------------------------------------------------------------------------------------------------------------------------
This next one is a real shocker i know, but another hole in IE....wow

Microsoft Internet Explorer (IE)

Vendor: Microsoft

A vulnerability was reported in Microsoft Internet Explorer. A
remote user can create malicious code that will effect the dragging
and dropping of arbitrary HTML.

Impact: Disclosure of system information

Alert: http://securitytracker.com/alerts/2003/Feb/1006036.html
#################################################################
This one here actually shocks me, this is for hogfly

chpass

Vendor: OpenBSD

An information disclosure vulnerability was reported in the
OpenBSD chpass(1) utility. A local user may be able to view the
contents of certain files.

Impact: Disclosure of system information

Alert: http://securitytracker.com/alerts/2003/Feb/1006035.html

###############################################################################
Well thats all for now, Remember, Its better to have to reboot/screw your uptime because you installed a patch than to Reboot/Screw your uptime because the patch you didnt install didnt stop the worm from formatting your server ...hmmmm i just made that up and i like it, lol.