|
|
Colapse all |
Post message
Digital Armaments Security Advisory 12.20.2005: WEBsweeper/MIMEsweeper Executable File Content Check bypass Vulnerability 2005-12-20 info digitalarmaments com [security bulletin] SSRT5983 rev.1 - HP-UX Running Software Distributor (SD) Remote Unauthorized Access 2005-12-20 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c00583199 Version: 1 HPSBUX02089 SSRT5983 rev.1 - HP-UX Running Software Distributor (SD) Remote Unauthorized Access NOTICE: The information in this Security Bulletin should be acted upon as soon [ more ] [ reply ] iDefense Security Advisory 12.20.05: McAfee Security Center MCINSCTL.DLL ActiveX Control File Overwrite 2005-12-20 labs-no-reply (at) idefense (dot) com [email concealed] (labs-no-reply idefense com) McAfee Security Center MCINSCTL.DLL ActiveX Control File Overwrite iDefense Security Advisory 12.20.05 http://www.idefense.com/intelligence/vulnerabilities/display.php?id=358 December 20, 2005 I. BACKGROUND McAfee VirusScan is an anti-virus software. More information is available from the vendor [ more ] [ reply ] Enterprise Connector v.1.02 Multiple SQL Vulnerabilities and Login Bypass 2005-12-20 darkz gsa gmail com Enterprise Connector v.1.02 Multiple SQL Vulnerabilities and Login Bypass Author: Attila Gerendi (Darkz) Date: December 20, 2005 Package: Enterprise Connector (http://www.enterpriseheart.com/site/modules/mydownloads/) Versions Affected: 1.02 (Other versions may also be affected.) Severity: SQL Inje [ more ] [ reply ] iDefense Security Advisory 12.20.05: Qualcomm WorldMail IMAP Server String Literal Processing Overflow Vulnerability 2005-12-20 labs-no-reply (at) idefense (dot) com [email concealed] (labs-no-reply idefense com) Qualcomm WorldMail IMAP Server String Literal Processing Overflow Vulnerability iDefense Security Advisory 12.20.05 http://www.idefense.com/intelligence/vulnerabilities/display.php?id=359 December 20, 2005 I. BACKGROUND Qualcomm WorldMail is an email and messaging server designed for use in smal [ more ] [ reply ] Symantec Antivirus Library Remote Heap Overflows 2005-12-20 list rem0te com Date December 20, 2005 Vulnerability The Symantec Antivirus Library provides file format support for virus analysis. During decompression of RAR files Symantec is vulnerable to multiple heap overflows allowing attackers complete control of the system(s) being protected. These vulnerabilities can be [ more ] [ reply ] MDKSA-2005:233 - Updated apache2 packages fix vulnerability in worker MPM 2005-12-19 Mandriva Security Team (security mandriva com) Re: Making unidirectional VLAN and PVLAN jumping bidirectional 2005-12-19 Clayton Kossmeyer (ckossmey cisco com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Response ============== This is Cisco PSIRT's response to the statements made by Arhont Ltd. in their message: Making unidirectional VLAN and PVLAN jumping bidirectional, posted on 2005-Dec-19. An archived version of the report can be found here: [ more ] [ reply ] [security bulletin] SSRT051026 rev. 1 - HP-UX running WBEM Services Denial of Service (DoS) 2005-12-19 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c00582373 Version: 1 HPSBMA02088 SSRT051026 rev. 1 - HP-UX running WBEM Services Denial of Service (DoS) NOTICE: The information in this Security Bulletin should be acted upon as soon as possible [ more ] [ reply ] about phpMyAdmin's server_privileges.php announced vulnerability 2005-12-19 Marc Delisle (Marc Delisle cegepsherbrooke qc ca) phpMyAdmin's team answer to vulnerability announcement of Dec 17, 2005 [ http://www.securityfocus.com/archive/1/419709/30/0/threaded ] We don't think that this is a real threat. The server_privileges.php script checks at the beginning if the user is privileged. So, for this attack to work, the vi [ more ] [ reply ] Making unidirectional VLAN and PVLAN jumping bidirectional 2005-12-19 Andrew A. Vladimirov (mlists arhont com) Re: phpMyAdmin server_privileges.php SQL Injection Vulnerabilities. 2005-12-19 michal cihar com Hi There is no vulnerability in this - user needs to be logged in. You can do same (without messing SQL injection) by directly passing SQL statements to import.php or sql.php. Yes phpMyAdmin allows to execute queries to authenticated users, but it's main task of this program and can not be consider [ more ] [ reply ] [ GLSA 200512-10 ] Opera: Command-line URL shell command injection 2005-12-18 Thierry Carrez (koon gentoo org) [FLSA-2005:168326] Updated util-linux and mount packages fix security issue 2005-12-18 Marc Deslauriers (marcdeslauriers videotron ca) [FLSA-2005:166939] Updated openssl packages fix security issues 2005-12-18 Marc Deslauriers (marcdeslauriers videotron ca) [FLSA-2005:155510] Updated gtk2 packages fixes security issues 2005-12-18 Marc Deslauriers (marcdeslauriers videotron ca) [FLSA-2005:152892] Updated enscript package fixes security issues 2005-12-18 Marc Deslauriers (marcdeslauriers videotron ca) [FLSA-2005:152870] Updated a2ps package fixes security issue 2005-12-18 Marc Deslauriers (marcdeslauriers videotron ca) [FLSA-2005:152832] Updated lynx package fixes security issues 2005-12-18 Marc Deslauriers (marcdeslauriers videotron ca) [FLSA-2005:152787] Updated redhat-config-nfs package fixes security issue 2005-12-18 Marc Deslauriers (marcdeslauriers videotron ca) [SECURITY] [DSA 923-1] New dropbear packages fix arbitrary code execution 2005-12-19 joey infodrom org (Martin Schulze) Re: Fullpath disclosure in roundcube webmail 2005-12-17 Steven M. Christey (coley mitre org) >I try this request in my mailbox >http://xxxx.com/roundcube/?_auth=3Dcf559dcf52d8801ccd51cd1f3ba3eca08d1b 0 >bce= &_task=3Dma%60il then roundcube shows this warning For the 3 people who might care about the distinction (e.g. vuln DBs who exclude path disclosure), this appears to be a custom error [ more ] [ reply ] phpMyAdmin server_privileges.php SQL Injection Vulnerabilities. 2005-12-17 Alice Bryson (abryson bytefocus com) phpMyAdmin server_privileges.php SQL Injection Vulnerabilities. I. BACKGROUND phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the Web. II. DESCRIPTION phpMyAdmin server_privileges.php is prone to SQL Injection vulnerability. A remote attacker may execute arb [ more ] [ reply ] Microsoft IIS Remote Denial of Service (DoS) .DLL Url exploit 2005-12-16 inge henriksen booleansoft com ** Inge Henriksen Security Advisory - Full Disclosure Proof of Concept at http://ingehenriksen.blogspot.com/ ** Advisory Name: Microsoft IIS Remote Denial of Service (DoS) .DLL Url exploit Release Date: 16. Desember 2005 Vulnerable: Microsoft® Internet Information Server® V5.1 Not vulnerable: [ more ] [ reply ] Fullpath disclosure in roundcube webmail 2005-12-17 king_purba yahoo co uk I try this request in my mailbox http://xxxx.com/roundcube/?_auth=3Dcf559dcf52d8801ccd51cd1f3ba3eca08d1b0 bce= &_task=3Dma%60il then roundcube shows this warning **PHP Error in /usr/local/apache2/htdocs/roundcube/index.php (301)*:* Invalid request failed/file not found The requested page was not fo [ more ] [ reply ] RE: RLA ("Remote LanD Attack") 2005-12-16 Patrick Galligan (Patrick Galligan flightcentre com au) Correct me if I'm wrong, but if you're internet router is dropping spoofed packets, as they should be, this attack will not work. Regards, Patrick -----Original Message----- From: Synister Syntax [mailto:synistersyntaxlist (at) gmail (dot) com [email concealed]] Sent: Friday, 16 December 2005 1:56 AM To: sppride (at) gmail (dot) com [email concealed]; b [ more ] [ reply ] |
|
Privacy Statement |
Digital Armaments advisory is 12.15.2005
http://www.digitalarmaments.com/2005161283546323.html
I. Background
WEBsweeeper/MIMEsweeper is a commercial software that brings policy-based content security to the HTTP gateway.
[ more ] [ reply ]