|
|
Colapse all |
Post message
Re: gcc 4.1 bug miscompiles pointer range checks, may place you at risk 2006-05-03 leonleon77 hotmail com perhaps instead of "c + len > c" being the test of pointer wraparound, one may use the following (if there is a desire to use pointer-based arithmetic)... #define MAXPTR (char *)0xffffffff // this would differ on 64 bit systems if (MAXPTR - c < len) { // we have a pointer wraparound... } [ more ] [ reply ] bigwebmaster guestbook multiply XSS 2006-05-04 Javor Ninov (drfrancky securax org) Affected software: Bigwebmaster Guestbook version 1.02 and down Vendor: http://www.bigwebmaster.com/Perl/Scripts_and_Programs/Guestbooks/ Introduction: (taken from vendor site) This is one of the most powerful guestbooks that you will find on the internet. Visitors who come to your site will be able [ more ] [ reply ] Panda Antivirus Enterprise Secure, Norton Antivirus 2005 and the virus "I Love You" 2006-05-04 Joxean Koret (joxeankoret yahoo es) Hi to all! Trying with a friend the latest Panda Antivirus and ClamAv we have been found that they are unable to detect the old "I Love You" virus by simply changing the name of one variable. Attached goes a working "I Love You" virus in which I changed ONLY the variable "dirsystem" with the name [ more ] [ reply ] libero.it XSS vulnerability - HTML injection 2006-05-02 Davide Denicolo (davide securityinfos com) --Security Report-- Advisory: libero.it XSS vulnerability - HTML injection --- Author: Davide Denicolo --- Date: 28/04/06 --- Contact: davide<at>securityinfos.com --- Vendor: ItaliaOnLine S.r.l (http://www.libero.it) Service: Web Level: Low --- Description: Libero.it is a Web portal of big Italian [ more ] [ reply ] 321soft PhP Gallery 0.9 - directory travel & XSS 2006-05-02 d4igoro gmail com 321soft PhP Gallery 0.9 - directory travel & XSS -------------------------------------------------------- Software: 321soft PhP Gallery Version: 0.9 Type: directory travel & XSS Date: Mai 3 01:38:04 CEST 2006 Vendor: 321soft.de Page: http://321soft.de/ Risc: Middle credits: ------------- [ more ] [ reply ] Fast Click <= 2.3.8 Remote File Inclusion 2006-05-02 Aminrayden yahoo com Fast Click <= 2.3.8 Remote File Inclusion ------------------------------------------------------- Aria-security.com advisory Bug Discovered by R@1D3N (amin emami) email:AminRayden (at) yahoo (dot) com [email concealed] and rayden (at) aria-security (dot) net [email concealed] Date:02/05/2006 original advisory:http://www.aria-security.net/advisory/fc/ [ more ] [ reply ] Fast Click SQL Lite <= 1.1.3 Remote File Inclusion 2006-05-02 Aminrayden yahoo com Fast Click SQL Lite <= 1.1.3 Remote File Inclusion ------------------------------------------------------- Aria-security.com advisory Bug Discovered by R@1D3N (amin emami) email:AminRayden (at) yahoo (dot) com [email concealed] and rayden (at) aria-security (dot) net [email concealed] Date:02/05/2006 original advisory:http://www.aria-security.net/ad [ more ] [ reply ] [REWTERZ-20060503] XM Easy Personal FTP Server Remote Buffer Overflow Vulnerability 2006-05-04 rewterz (advisories rewterz com) REWTERZ-20060503 - XM Easy Personal FTP Server Remote Buffer Overflow Vulnerability Release Date: May 3, 2006 Severity: High (Remote Code Execution) Vendor: Dxmsoft Software Affected: XM Easy Personal FTP Server v4.3 and before Operating Systems Affected: Windows NT 4.0 Windows 98 / ME Windows [ more ] [ reply ] zawhttpd - Buffer Overflow 2006-05-02 Kamil Sienicki (K3 spelunca int pl) Name: zawhttpd Version: 0.8.23 previous version probably too. Language: C Problem: Buffer Overflow Vendor: http://www.norz.org/zawhttpd.html Discovered by: Kamil 'K3' Sienicki Description: zawhttpd is a mini Web server that features HTTP/1.0 and 1.1 support, keep-alive persistent connections, IPv [ more ] [ reply ] ISA Server 2004 Log Manipulation 2006-05-04 beSIRT (beSIRT beyondsecurity com) Discovered by: Noam Rathaus using the beSTORM fuzzer. Reported to vendor: December, 2005. Vendor response: Microsoft does not consider this issue to be a security vulnerability. Public release date: 4th of May, 2006. Advisory URL: http://www.beyondsecurity.com/besirt/advisories/042006-001-ISA-LM. [ more ] [ reply ] [security bulletin] HPSBUX02108 SSRT061133 rev.10 - HP-UX running Sendmail, Remote Execution of Arbitrary Code 2006-05-04 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c00629555 Version: 10 HPSBUX02108 SSRT061133 rev.10 - HP-UX running Sendmail, Remote Execution of Arbitrary Code NOTICE: The information in this Security Bulletin should be acted upon as soon as [ more ] [ reply ] [REWTERZ-20060504] - Sami FTP Server Remote Buffer Overflow Vulnerability 2006-05-04 rewterz (advisories rewterz com) REWTERZ-20060504 - Sami FTP Server Remote Buffer Overflow Vulnerability Release Date: May 4, 2006 Severity: High (Remote Code Execution) Vendor: KarjaSoft Software Affected: Sami FTP Server v2.0.2 and before Operating Systems Affected: Windows NT 4.0 Windows 98 / ME Windows 2000 Windows XP Wind [ more ] [ reply ] [SECURITY] [DSA 1051-1] New Mozilla Thunderbird packages fix several vulnerabilities 2006-05-04 joey infodrom org (Martin Schulze) [USN-281-1] Linux kernel vulnerabilities 2006-05-04 Martin Pitt (martin pitt canonical com) =========================================================== Ubuntu Security Notice USN-281-1 May 04, 2006 linux-source-2.6.10, linux-source-2.6.12 vulnerabilities CVE-2006-0557, CVE-2006-1052, CVE-2006-1055, CVE-2006-1066, CVE-2006-1242, CVE-2006-1343, CVE-2006-1368, CVE-2006-1525 =========== [ more ] [ reply ] [USN-280-1] X.org server vulnerability 2006-05-04 Martin Pitt (martin pitt canonical com) =========================================================== Ubuntu Security Notice USN-280-1 May 04, 2006 xorg vulnerability CVE-2006-1526 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 5.04 (Hoary Hedgehog) Ubuntu [ more ] [ reply ] Re: Ejabberd : Symlink vulnerability during installation process 2006-05-03 mickael remond process-one net The problem was in the software generating the installer. We have worked with their team and they have been very responsive. The problem has been fixed with the release of a new installer version (Less than one day, about 12 jours :-): Version: ejabberd-1.1.1_2-linux-installer.bin Download pag [ more ] [ reply ] [USN-279-1] libnasl/nessus vulnerability 2006-05-03 Martin Pitt (martin pitt canonical com) =========================================================== Ubuntu Security Notice USN-279-1 May 03, 2006 libnasl vulnerability CVE-2006-2093 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 5.04 (Hoary Hedgehog) Ubun [ more ] [ reply ] OpenVPN 2.0.7 and below: Remote OpenVPN Management Interface Flaw 2006-05-03 c0redump ackers org uk (2 replies) Hi, There is a flaw (well more a stupid design than anything else) in OpenVPN 2.0.7 (and below) in the the Remote Management Interface that allows an attacker to gain complete control because there is NO AUTHENTICATION (YES NO AUTHENTICATION AT ALL!). This can be carried out from within the LAN th [ more ] [ reply ] Re: OpenVPN 2.0.7 and below: Remote OpenVPN Management Interface Flaw 2006-05-04 Joachim Schipper (j schipper math uu nl) Re: OpenVPN 2.0.7 and below: Remote OpenVPN Management Interface Flaw 2006-05-03 David F. Skoll (devnull roaringpenguin com) |
|
Privacy Statement |
as a single-user calendar, a multi-user calendar for groups of users,
or as an event calendar viewable by visitors.
See project homepage for details: http://www.k5n.us/webcalendar.php
Description:
The problem is that different
[ more ] [ reply ]