|
|
Colapse all |
Post message
Format String Vulnerabilities in Perl Programs 2005-12-02 Steven M. Christey (coley mitre org) *=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=* Format String Vulnerabilities in Perl Programs *=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=* Author: Steve Christey Date: December 2, 2005 ********************************************************************** Table o [ more ] [ reply ] [xfocus-SD-051202]openMotif libUil Multiple vulnerability 2005-12-02 alert7 (at) xfocus (dot) org [email concealed] (alert7 xfocus org) Title: [xfocus-SD-051202]openMotif-libUil-Multiple_vulnerability Affected version : openmotif 2.2.3(not got 2.2.4,so not test in openmotif 2.2.4) Product: http://www.motifzone.net/ xfocus (http://www.xfocus.org) have discovered multiple vulnerability in openmotif libUil library. details following [ more ] [ reply ] SEC Consult SA-XXXXXXXXXXX 2005-12-02 Bernhard Mueller (research sec-consult com) (1 replies) SEC Consult SA-20050212-1 :: A Word on Webmail Security and Browser related XSS Bugs 2005-12-02 Sec Consult Research (research sec-consult com) SEC Consult SA-20051202-1 :: GMX Webmail XSS 2005-12-02 Sec Consult Research (research sec-consult com) ========================================================== SEC-CONSULT Security Advisory 20051202-0 GMX / MSIE XSS ========================================================== Product: GMX Webmail V ?.? in combination with MSIE (maybe other browsers) Remarks: no other Versions tested but very likely [ more ] [ reply ] RE: Microsoft Windows CreateRemoteThread Exploit 2005-12-02 Michael Wojcik (Michael Wojcik microfocus com) > From: q7x (at) ashiyane (dot) com [email concealed] [mailto:q7x (at) ashiyane (dot) com [email concealed]] > Sent: Thursday, 01 December, 2005 05:02 > > Description: > when the one process open with OpenProcess function and > use CreateRemoteThread(Process,0,0,x,0,0,0) then the process crash. > an example hackers can use this method for kill f [ more ] [ reply ] [SECURITY] [DSA 915-1] New helix-player packages fix arbitrary code execution 2005-12-02 joey infodrom org (Martin Schulze) WinEggDropShell Multiple Remote Stack Overflow 2005-12-02 Sowhat (smaillist gmail com) WinEggDropShell Multiple Remote Stack Overflow by Sowhat 2005.12.02 http://secway.org/advisory/AD20051202.txt http://secway.org/exploit/wineggdropshell_bof.py.txt Affected: WinEggDropShell Eterntiy version (1.7) Other version may be vulnerable toooooo Overview: WinEggDropShell is a popular Chi [ more ] [ reply ] phpMyChat Multiple XSS vulnerabilities. 2005-12-02 secresearch fortinet com phpMyChat Multiple XSS vulnerabilities. I. BACKGROUND phpMyChat is an easy-to-install, easy-to-use multi-room chat based on PHP and a database, supporting MySQL, PostgreSQL, and ODBC. II. DESCRIPTION phpMyChat 0.14.6 start_page.css.php, style.css.php, users_popupL.php are prone to Cross-site Scrip [ more ] [ reply ] Cisco Security Advisory: IOS HTTP Server Command Injection Vulnerability 2005-12-01 Cisco Systems Product Security Incident Response Team (psirt cisco com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: IOS HTTP Server Command Injection Vulnerability ======================================================================== Document ID: 68322 Advisory ID: cisco-sa-20051201-http http://www.cisco.com/warp/public/707/cisco-sa-20 [ more ] [ reply ] [USN-221-1] racoon vulnerability 2005-12-01 Martin Pitt (martin pitt canonical com) =========================================================== Ubuntu Security Notice USN-221-1 December 01, 2005 ipsec-tools vulnerability CVE-2005-3732 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) U [ more ] [ reply ] [DRUPAL-SA-2005-009] Drupal 4.6.4 / 4.5.6 fixes minor access control issue 2005-12-01 Uwe Hermann (uwe hermann-uwe de) [SECURITY] [DSA 913-1] New gdk-pixbuf packages fix several vulnerabilities 2005-12-01 joey infodrom org (Martin Schulze) Perl format string integer wrap vulnerability 2005-12-01 robert dyadsecurity com SUMMARY. perl suffers from an integer wrap overflow inside the explicit parameter format string functionality, this has been confirmed to be a vector for remote code execution. Date Found: September 23, 2005. Public Release: TBD. Application: perl Credit: Jack Louis of Dyad Security BACKGROUND. [ more ] [ reply ] [USN-220-1] w3c-libwww vulnerability 2005-12-01 Martin Pitt (martin pitt canonical com) =========================================================== Ubuntu Security Notice USN-220-1 December 01, 2005 w3c-libwww vulnerability CVE-2005-3183 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) Ub [ more ] [ reply ] Edgewall Trac SQL Injection Vulnerability 2005-12-01 David Maciejak (david maciejak kyxar fr) Edgewall Trac SQL Injection Vulnerability Trac is an enhanced wiki and issue tracking system for software development project. It provides an interface to Subversion. More information on http://projects.edgewall.com/trac/ Description: Malicious user can conduct SQL injection in ticket query mod [ more ] [ reply ] [DRUPAL-SA-2005-007] Drupal 4.6.4 / 4.5.6 fixes XSS issue 2005-12-01 Uwe Hermann (uwe hermann-uwe de) [DRUPAL-SA-2005-008] Drupal 4.6.4 / 4.5.6 fixes XSS and HTTP header injection issue 2005-12-01 Uwe Hermann (uwe hermann-uwe de) [SECURITY] [DSA 914-1] New horde2 packages fix cross-site scripting 2005-12-01 joey infodrom org (Martin Schulze) Microsoft Windows CreateRemoteThread Exploit 2005-12-01 q7x ashiyane com (1 replies) Microsoft Windows CreateRemoteThread Exploit name : nima Salehi email : Q7X (at) ashiyane (dot) com [email concealed] web site : www.Ashiyane.com www.Ashiyane.net Copyright (c) 2002-2005 Ashiyane Digital Securty Team --------------------------------------------------------------------- Systems Affected: - Windows XP (all [ more ] [ reply ] WebCalendar Multiple Vulnerabilities. 2005-12-01 lwang lwang org WebCalendar Multiple Vulnerabilities. Author: lwang (lwang at lwang.org) Publish Date: 2005-12-1 Description: WebCalendar is a PHP application used to maintain a calendar for one or more persons and for a variety of purposes. In WebCalendar 0.1.0, activity_log.php and edit_report_handler.php ar [ more ] [ reply ] [security bulletin] SSRT4787 Revised - HP Systems Insight Manager (SIM) for HP-UX Remote Denial of Service (DoS) 2005-12-01 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c00563324 Version: 2 HPSBMA01076 SSRT4787 Revised - HP Systems Insight Manager (SIM) for HP-UX Remote Denial of Service (DoS) NOTICE: The information in this Security Bulletin should be acted upo [ more ] [ reply ] Sunbelt set to acquire Kerio Personal Firewall 2005-12-01 Paul Laudanski (zx castlecops com) (1 replies) |
|
Privacy Statement |
Ubuntu Security Notice USN-222-1 December 02, 2005
perl vulnerability
CVE-2005-3962
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 4.10 (Warty Warthog)
Ubuntu 5
[ more ] [ reply ]