|
|
Colapse all |
Post message
RE: Did MS pull an Ilfak? (MS patch bindiff results) 2006-01-10 Greg Wroblewski (Greg Wroblewski microsoft com) The only attack vector we know about for Win9x, ME platforms is through printing. I'm afraid that "fixing" that would break some functionality. Greg ------------ This post is provided as is and confers no rights or whatever. -----Original Message----- From: Joe Polk [mailto:listuser.jav (at) gmail (dot) com [email concealed]] [ more ] [ reply ] [ GLSA 200601-06 ] xine-lib, FFmpeg: Heap-based buffer overflow 2006-01-10 Stefan Cornelius (dercorny gentoo org) [RHSA-2006:0157-01] Low: struts security update for Red Hat Application Server 2006-01-11 bugzilla redhat com [EEYEB-20051117B] Apple iTunes (QuickTime.qts) Heap Overflow 2006-01-11 Advisories (Advisories eeye com) EEYEB-20051117B Apple iTunes (QuickTime.qts) Heap Overflow Release Date: January 10, 2006 Date Reported: November 17, 2005 Patch Development Time (In Days): 54 Days Severity: High (Code Execution) Vendor: Apple Systems Affected: Quicktime on Windows 2000 Quicktime on Windows XP Quicktime on Ma [ more ] [ reply ] [EEYEB-20051220] Apple QuickTime QTIF Stack Overflow 2006-01-11 Advisories (Advisories eeye com) EEYEB-20051229 Apple QuickTime QTIF Stack Overflow Release Date: January 10, 2006 Date Reported: December 29, 2005 Patch Development Time (In Days): 12 days Severity: High (Code Execution) Vendor: Apple Systems Affected: Quicktime on Windows 2000 Quicktime on Windows XP Quicktime on Mac OS [ more ] [ reply ] [EEYEB-20051031] Apple QuickTime Malformed GIF Heap Overflow 2006-01-11 Advisories (Advisories eeye com) EEYEB-20051031 Apple QuickTime Malformed GIF Heap Overflow Release Date: January 10, 2006 Date Reported: October 31, 2005 Severity: High (Code Execution) Patch Development Time (In Days): 71 Days Severity: High (Code Execution) Vendor: Apple Systems Affected: Quicktime on Windows 2000 Quickt [ more ] [ reply ] Cisco Security Advisory: Default Administrative Password in Cisco Security Monitoring, Analysis and Response System (CS-MARS) 2006-01-11 Cisco Systems Product Security Incident Response Team (psirt cisco com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: ======================== Default Administrative Password in Cisco Security Monitoring, Analysis ====================================================================== and Response System (CS-MARS) ============================= [ more ] [ reply ] Updated Advisories - Incorrect CVE Information 2006-01-11 Advisories (Advisories eeye com) Our apologies, the incorrect CVE information was provided with our Apple advisories today. The correct CVE numbers are; [EEYEB-20051220] Apple QuickTime QTIF Stack Overflow = CVE-2005-2340 [EEYEB-20051117B] Apple iTunes (QuickTime.qts) Heap Overflow = CVE-2005-4092 [EEYEB-20051117A] Apple QuickTi [ more ] [ reply ] Microsoft Outlook Critical Vulnerability 2006-01-10 NGSSoftware Insight Security Research (mark ngssoftware com) John Heasman and Mark Litchfield of NGSSoftware have discovered a critical vulnerability affecting Microsoft Outlook. The vulnerable versions include: Microsoft Outlook 2000 (inc. Microsoft Office 2000 Service Pack 3 and Multilanguage packs) Microsoft Outlook 2002 (inc. Microsoft Office XP Servi [ more ] [ reply ] Microsoft Exchange Critical Vulnerability 2006-01-10 NGSSoftware Insight Security Research (mark ngssoftware com) John Heasman and Mark Litchfield of NGSSoftware have discovered a critical vulnerability affecting Microsoft Exchange. The vulnerable versions include: Microsoft Exchange Server 5.0 Service Pack 2 Microsoft Exchange Server 5.5 Service Pack 4 Microsoft Exchange 2000 Server Pack 3 with the Post-Ser [ more ] [ reply ] New PEAR / Apache2Triad Exploit 2006-01-09 jd2k2000 hotmail com File: go-pear.php Affects: v0.2.2 (May affect other versions) Date: 6th January 2006 Issue Description: ==================================== A vulnerability exists within version 0.2.2 of go-pear.php, part of PHP's PEAR Package. The problem lies in the scripts capacity to utilize a pro [ more ] [ reply ] [FLSA-2006:168375] Updated mozilla packages fix security issues 2006-01-10 Marc Deslauriers (marcdeslauriers videotron ca) [FLSA-2006:152922] Updated ethereal packages fix security issues 2006-01-10 Marc Deslauriers (marcdeslauriers videotron ca) Time modification flaw in BSD securelevels on NetBSD and Linux 2006-01-09 RedTeam Pentesting (release redteam-pentesting de) Advisory: Time modification flaw in BSD securelevels on NetBSD and Linux The implementations of securelevels on NetBSD and Linux contain an integer overflow, allowing the protection of system time to be completely circumvented. Details ======= Product: NetBSD Linux Affected Versions: [ more ] [ reply ] [FLSA-2006:152907] Updated htdig packages fix security issues 2006-01-10 Marc Deslauriers (marcdeslauriers videotron ca) [FLSA-2006:136323] Updated gettext package fixes security issues 2006-01-10 Marc Deslauriers (marcdeslauriers videotron ca) Re: Html_Injection in vBulletin 3.5.2 2006-01-10 info hoder com OK . First see this : http://www.securityfocus.com/archive/1/420663/30/120/threaded Credit ? Savsak.com [Ejder And The_BeKiR And Liz0Zim And CyberLord] So what is this ? Credit : -------------------- Discovered & released by trueend5 (trueend5 kapda ir) Security Science Researchers Institute Of I [ more ] [ reply ] [USN-236-2] xpdf vulnerabilities in kword, kpdf 2006-01-09 Martin Pitt (martin pitt canonical com) =========================================================== Ubuntu Security Notice USN-236-2 January 09, 2006 kdegraphics, koffice vulnerabilities CVE-2005-3624, CVE-2005-3625, CVE-2005-3626, CVE-2005-3627 =========================================================== A security issue affects the f [ more ] [ reply ] [security bulletin] SSRT051058 rev.1 - HP-UX Secure Shell Remote Denial of Service (DoS) 2006-01-10 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c00589050 Version: 1 HPSBUX02090 SSRT051058 rev.1 - HP-UX Secure Shell Remote Denial of Service (DoS) NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. [ more ] [ reply ] Malware - future trends 2006-01-10 Dancho Danchev (dancho danchev hush com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi folks, I have recently conducted an independent research on the current, and future trends on the malware scene. Basically, my publication answers, what are the driving forces behind the rise of malware? Who?s behind it, and what tactics do they use [ more ] [ reply ] [USN-239-1] libapache2-mod-auth-pgsql vulnerability 2006-01-09 Martin Pitt (martin pitt canonical com) =========================================================== Ubuntu Security Notice USN-239-1 January 09, 2006 libapache2-mod-auth-pgsql vulnerability CVE-2005-3656 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Wa [ more ] [ reply ] iDefense Security Advisory 01.10.06: Sun Solaris uustat Buffer Overflow Vulnerability 2006-01-10 labs-no-reply (at) idefense (dot) com [email concealed] (labs-no-reply idefense com) Sun Solaris uustat Buffer Overflow Vulnerability iDefense Security Advisory 01.10.06 http://www.idefense.com/intelligence/vulnerabilities/display.php?id=366 January 10, 2006 I. BACKGROUND The uustat binary (part of the uucp project) is used to display or cancel uucp requests as well as to provide [ more ] [ reply ] Multiple Vulnerabilities in Hummingbird Collaboration 2006-01-10 luca carettoni securenetwork it Secure Network - Security Research Advisory Vuln name: Multiple Vulnerabilities in Hummingbird Collaboration Systems affected: Collaboration 5.2.1 and lower versions Severity: Low Local/Remote: Remote Vendor URL: http://www.hummingbird.com/products/enterprise/collaboration/ Author(s): Luca Caretton [ more ] [ reply ] [SECURITY] [DSA 935-1] New libapache2-mod-auth-pgsql packages fix arbitrary code execution 2006-01-10 Michael Stone (mstone klecker debian org) [SECURITY] [DSA 930-2] New smstools packages fix format string vulnerability 2006-01-10 Michael Stone (mstone klecker debian org) Re: Html_Injection in vBulletin 3.5.2 2006-01-10 Steven M. Christey (coley mitre org) This appears to be the same vulnerability as that reported to Bugtraq by trueend5 of KAPDA on January 1: BUGTRAQ:20060106 [KAPDA::#19] - Html Injection in vBulletin 3.5.2 URL:http://www.securityfocus.com/archive/1/archive/1/420663/100/0/thread ed In fact, the text is exactly the same, as is th [ more ] [ reply ] [SECURITY] [DSA 934-1] New pound packages fix multiple vulnerabilities 2006-01-10 Michael Stone (mstone klecker debian org) |
|
Privacy Statement |
# Author: Sintigan (at) shellcoders (dot) com [email concealed]
# http://www.shellcoders.com/
# ----------------------------------------
# Program ID: Serial Line Sniffer 0.4.4
#
# sintigan@midnight:/home/sintigan$ perl slsnif-ploit.pl
# sh-3.00# id
# uid
[ more ] [ reply ]