|
|
Colapse all |
Post message
Secunia Research: SpeedProject Products ZIP/UUE File ExtractionBuffer Overflow 2005-11-24 Secunia Research (vuln secunia com) Advisory 23/2005: vTiger multiple vulnerabilities 2005-11-24 Christopher Kunz (christopher kunz hardened-php net) MDKSA-2005:215 - Updated binutils packages fix vulnerabilities 2005-11-23 Mandriva Security Team (security mandriva com) XSS on Yahoo Mail 2005-11-23 Richard Fuchshuber (richardfuch yahoo com br) Hi, I've noticed a strange behavior in "Yahoo! Mail" when dealing with html attachments. It's possible to insert data into the "Yahoo! Mail" html interface. For example, with the following code in an html attachment it's possible to insert "Your profile is out of date, please update clicking he [ more ] [ reply ] [ GLSA 200511-18 ] phpSysInfo: Multiple vulnerabilities 2005-11-22 Sune Kloppenborg Jeppesen (jaervosz gentoo org) [ GLSA 200511-19 ] eix: Insecure temporary file creation 2005-11-22 Sune Kloppenborg Jeppesen (jaervosz gentoo org) [ GLSA 200511-20 ] Horde Application Framework: XSS vulnerability 2005-11-22 Sune Kloppenborg Jeppesen (jaervosz gentoo org) Google Talk Denial of Service - BenjiBug 2005-11-23 James Evans (iamjamesevans gmail com) Title: Google Talk Denial of Service - BenjiBug Reported Date: October 15, 2005 Public Disclosure: November 22, 2005 Status: Vendor contacted. Unpatched. Software which automatically updates itself is often a good idea - especially where home users are concerned. It is often impossible to patch th [ more ] [ reply ] [SECURITY] [DSA 907-1] New ipmenu packages fix insecure temporary file creation 2005-11-23 joey infodrom org (Martin Schulze) [SECURITY] [DSA 908-1] New sylpheed-claws packages fix arbitrary code execution 2005-11-23 joey infodrom org (Martin Schulze) GeSWall Intrusion Prevention System 2.1 Released (Freeware) 2005-11-23 GentleSecurity Team (gsw gentlesecurity com) Dear Bugtraq, we are pleased to announce the immediate GeSWall freeware release. GeSWall is an intrusion prevention system for Windows. It protects from intrusions and damage from malicious software by isolating vulnerable applications. Isolation applies an access restriction policy that effectivel [ more ] [ reply ] [SECURITY] [DSA 909-1] New horde3 packages fix cross-site scripting 2005-11-23 joey infodrom org (Martin Schulze) [security bulletin] SSRT051074 Revised - HP-UX Running xterm Local Unauthorized Access 2005-11-23 security-alert hp com [USN-218-1] netpbm vulnerabilities 2005-11-21 Martin Pitt (martin pitt canonical com) =========================================================== Ubuntu Security Notice USN-218-1 November 21, 2005 netpbm-free vulnerabilities CVE-2005-3632, CVE-2005-3662 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 4.10 [ more ] [ reply ] [ GLSA 200511-17 ] FUSE: mtab corruption through fusermount 2005-11-22 Thierry Carrez (koon gentoo org) [SECURITY] [DSA 900-3] New fetchmail-ssl packages fix potential information leak 2005-11-22 joey infodrom org (Martin Schulze) Horde MIME Viewer vulnerability 2005-11-22 daniel schreckling securityfocus com, at securityfocus com,informatik uni-hamburg de securityfocus com Exploiting the Stack (Part I-IV) 2005-11-22 Nish securityfocus com, "[at]" securityfocus com,securitycompass securityfocus com, "[dot]" securityfocus com,com securityfocus com All four articles on wrting stack overflow on windows has been released on Security Compass website. The articles and the code used in them can be accessed through Security Compass's web site at http://www.securitycompass.com/Case%20Studies.htm. Comments and suggestions about the articles can be [ more ] [ reply ] [KAPDA::#14] - PHPPost XSS and HTML Injection 2005-11-22 alireza hassani (trueend5 yahoo com) KAPDA New advisory Vendor: http://www.php-post.co.uk/ Vulnerable Version: v1.0 Bug: XSS and HTML Injection Exploitation: Remote with browser Description: -------------------- PHPP is a free message board powered by PHP and MySQL. Vulnerability: -------------------- HTML Injection: The software d [ more ] [ reply ] VHCS 2.x HTTP Error Cross Site Scripting 2005-11-22 Moritz Naumann (securityfocus com moritz-naumann com) OTRS 1.x/2.x Multiple Security Issues 2005-11-22 Moritz Naumann (securityfocus com moritz-naumann com) [USN-190-2] ucs-snmp vulnerability 2005-11-21 Martin Pitt (martin pitt canonical com) =========================================================== Ubuntu Security Notice USN-190-2 November 21, 2005 ucd-snmp vulnerability CVE-2005-2177 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) Ubun [ more ] [ reply ] [USN-217-1] Inkscape vulnerability 2005-11-21 Martin Pitt (martin pitt canonical com) =========================================================== Ubuntu Security Notice USN-217-1 November 21, 2005 inkscape vulnerability https://bugzilla.ubuntu.com/show_bug.cgi?id=16689 =========================================================== A security issue affects the following Ubuntu release [ more ] [ reply ] [USN-219-1] Linux kernel vulnerabilities 2005-11-22 Martin Pitt (martin pitt canonical com) ========================================================== Ubuntu Security Notice USN-219-1 November 22, 2005 linux-source-2.6.8.1/-2.6.10/-2.6.12 vulnerabilities CVE-2005-2709, CVE-2005-2973, CVE-2005-3055, CVE-2005-3180, CVE-2005-3271, CVE-2005-3272, CVE-2005-3273, CVE-2005-3274, CVE-2005-3275, [ more ] [ reply ] [ GLSA 200511-16 ] GNUMP3d: Directory traversal and insecure temporary file creation 2005-11-21 Thierry Carrez (koon gentoo org) Secunia Research: Opera Command Line URL Shell Command Injection 2005-11-22 Secunia Research (vuln secunia com) [SECURITY] [DSA 905-1] New mantis packages fix several vulnerabilities 2005-11-22 joey infodrom org (Martin Schulze) |
|
Privacy Statement |
Secunia Research 24/11/2005
- SpeedProject Products ZIP/UUE File Extraction Buffer Overflow -
======================================================================
Table of Contents
Affected Software
[ more ] [ reply ]