SecurityFocus

[security bulletin] SSRT051052 rev.1 - HP OpenView Operations and OpenView VantagePoint Java Runtime Environment (JRE) Remote Privileged Access 2005-10-21
security-alert hp com

[SNS Advisory No.84] Oracle Application Server HTTP Response Splitting Vulnerability 2005-10-21
snsadv lac co jp (snsadv)

----------------------------------------------------------------------
SNS Advisory No.84
Oracle Application Server HTTP Response Splitting Vulnerability

Problem first discovered on: Tue, 01 Feb 2005
Published on: Tue, 21 Oct 2005
--------------------------------------------------------------------

[ more ] [ reply ]

MDKSA-2005:192 - Updated xli packages fix buffer overflow vulnerabilities. 2005-10-21
Mandriva Security Team (security mandriva com)

MDKSA-2005:191 - Updated ruby packages fix safe level and taint flag protections vulnerability 2005-10-21
Mandriva Security Team (security mandriva com)

MDKSA-2005:190 - Updated nss_ldap/pam_ldap packages fix privilege vulnerabilities. 2005-10-21
Mandriva Security Team (security mandriva com)

MDKSA-2005:189 - Updated imap packages fix buffer overflow vulnerabilities. 2005-10-21
Mandriva Security Team (security mandriva com)

MDKSA-2005:188 - Updated graphviz packages fix temporary file vulnerability. 2005-10-21
Mandriva Security Team (security mandriva com)

MDKSA-2005:187 - Updated dia packages fix python SVG import vulnerability. 2005-10-21
Mandriva Security Team (security mandriva com)

[SECURITY] [DSA 869-1] New eric packages fix arbitrary code execution 2005-10-21
joey infodrom org (Martin Schulze)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 869-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Martin Schulze
October 21st, 2005

[ more ] [ reply ]

F.E.A.R. 1.01 likes lithsock 2005-10-21
Luigi Auriemma (aluigi autistici org)

F.E.A.R. (First Encounter Assault and Recon, http://www.whatisfear.com)
is the recent FPS game developed by Monolith.

I knew it was vulnerable from many months but I was really curious to
see if the developers were so brave to leave this old "silent socket
termination" bug unpatched not only in th

[ more ] [ reply ]

Nuked klan 1.7: XSS vulnerability 2005-10-21
papipsycho hotmail com

########################################
### ###
### mail/msn: papipsycho (at) hotmail (dot) com [email concealed] ###
### ###
########################################

======================================
Sreach Module
Mots clés & Auteur :

">[XSS]
==========

[ more ] [ reply ]

UnixWare 7.1.4 UnixWare 7.1.3 : ppp buffer overflow 2005-10-20
please_reply_to_security sco com

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

________________________________________________________________________
______

SCO Security Advisory

Subject: UnixWare 7.1.4 UnixWare 7.1.3 : ppp buffer overflow
Advisory number: SCOSA-2005.41
Issue date: 2005 October 20
Cross reference: sr89

[ more ] [ reply ]

[Argeniss] Story of a dumb patch (Paper advisoryabout CSRSS and Windows Explorer vulnerabilities) 2005-10-20
Cesar (cesarc56 yahoo com)

Hi.

This is a new paper and it is about the
vulnerabilities patched on MS05-049 and also details
a mistake made by Microsoft on a previous patch.

http://www.argeniss.com/research/MSBugPaper.pdf

Enjoy.

Cesar.

__________________________________
Yahoo! FareChase: Search multiple travel site

[ more ] [ reply ]

iDEFENSE Security Advisory 10.20.05: Symantec Norton AntiVirus DiskMountNotify Local Privilege Escalation 2005-10-20
iDEFENSE Labs (labs-no-reply idefense com)

Symantec Norton AntiVirus DiskMountNotify Local Privilege Escalation

iDEFENSE Security Advisory 10.20.05
www.idefense.com/application/poi/display?id=325&type=vulnerabilities
October 20, 2005

I. BACKGROUND

Symantec's Norton AntiVirus for Macintosh is an antivirus solution for
the Mac OS X environm

[ more ] [ reply ]

iDEFENSE Security Advisory 10.20.05: Symantec Norton AntiVirus LiveUpdate Local Privilege Escalation 2005-10-20
iDEFENSE Labs (labs-no-reply idefense com)

Symantec Norton AntiVirus LiveUpdate Local Privilege Escalation

iDEFENSE Security Advisory 10.20.05
www.idefense.com/application/poi/display?id=324&type=vulnerabilities
October 20, 2005

I. BACKGROUND

Symantec's Norton AntiVirus for Macintosh is an antivirus solution for
the Mac OS X environment.

[ more ] [ reply ]

iDEFENSE Security Advisory 10.20.05: Multiple Vendor Ethereal srvloc Buffer Overflow Vulnerability 2005-10-20
iDEFENSE Labs (labs-no-reply idefense com)

Multiple Vendor Ethereal srvloc Buffer Overflow Vulnerability

iDEFENSE Security Advisory 10.20.05
www.idefense.com/application/poi/display?id=323&type=vulnerabilities
October 20, 2005

I. BACKGROUND

Ethereal is a full featured open source network protocol analyzer. For
more information, see http:

[ more ] [ reply ]

OpenServer 5.0.7 : authsh and backupsh buffer overflow 2005-10-20
please_reply_to_security sco com

[USN-211-1] Enigmail vulnerability 2005-10-20
Martin Pitt (martin pitt canonical com)

===========================================================
Ubuntu Security Notice USN-211-1 October 20, 2005
enigmail vulnerability
CVE-2005-3256
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)
Ubun

[ more ] [ reply ]

[ GLSA 200510-18 ] Netpbm: Buffer overflow in pnmtopng 2005-10-20
Thierry Carrez (koon gentoo org)

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200510-18
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -

[ more ] [ reply ]

[ GLSA 200510-17 ] AbiWord: New RTF import buffer overflows 2005-10-20
Thierry Carrez (koon gentoo org)

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200510-17
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -

[ more ] [ reply ]

Oracle Workflow CSS Vulnerability wf_route 2005-10-20
ak red-database-security com

Dear Reader,

The Oracle Critical Patch Update October 2005 provides fixes for 2 Cross-Site-
Scripting vulnerabilities in Oracle Workflow found by Red-Database-Security GmbH.

I know that the severity and impact of CSS bugs is low. My critical security bugs
in Oracle (e.g. become DBA via the import

[ more ] [ reply ]

[SECURITY] [DSA 867-1] New module-assistant package fixes insecure temporary file 2005-10-20
joey infodrom org (Martin Schulze)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 867-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Martin Schulze
October 20th, 2005

[ more ] [ reply ]

Oracle Workflow CSS Vulnerability wf_monitor 2005-10-20
ak red-database-security com

Dear Bugtraq-Reader,

The Oracle Critical Patch Update October 2005 provides fixes for 2 Cross-Site-
Scripting vulnerabilities in Oracle Workflow found by Red-Database-Security GmbH.

I know that the severity and impact of CSS bugs is low. My critical security bugs
in Oracle (e.g. become DBA via th

[ more ] [ reply ]

[SECURITY] [DSA 866-1] New Mozilla packages fix several vulnerabilities 2005-10-20
joey infodrom org (Martin Schulze)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 866-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Martin Schulze
October 20th, 2005

[ more ] [ reply ]

Oracle 10g - emagent.exe Stack-Based Overflow 2005-10-20
SPI Labs (Spi Labs spidynamics com)

Oracle 10g - emagent.exe Stack-Based Overflow

Release Date: October 18, 2005
Severity: Critical

Systems Affected
----------------
For a complete list of products and components affected, please visit
http://www.oracle.com/technology/deploy/security/pdf/cpuoct2005.html

Description
-----------
A vu

[ more ] [ reply ]

XSS & Path Disclosure in Chipmunk's products 2005-10-20
alireza hassani (trueend5 yahoo com)

Products: Chipmunk >> ( Forum , Topsites , Directory )
, [ Guestbook ]
Versions: Tested: Last released of products
Vendor: http://chipmunk-scripts.com
Bug: ( XSS ) , [ Path Disclosure ]
Exploitation: Remote
---------------------------
Introduction:
Chipmunk Forum is a small yet flexible and fully
f

[ more ] [ reply ]

RE: CAID 33485 - Computer Associates iGateway debug mode HTTP GET request buffer overflow vulnerability 2005-10-19
Williams, James K (James Williams ca com)

Advisory has been updated to announce availability of iGateway
updates for all platforms.

Title: Computer Associates iGateway debug mode HTTP GET request
buffer overflow vulnerability (v1.1)

CA Vulnerability ID: 33485

Discovery Date: 2005-10-06

CA Advisory Date v1.0: 2005-10-14 (initial rele

[ more ] [ reply ]

[SECURITY] [DSA 868-1] New Mozilla Thunderbird packages fix several vulnerabilities 2005-10-20
joey infodrom org (Martin Schulze)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 868-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Martin Schulze
October 20th, 2005

[ more ] [ reply ]

Vulnerabilities in Oracle E-Business Suite 11i - Critical Patch Update October 2005 2005-10-19
Integrigy Security (alerts integrigy com)

Integrigy Security Advisory
______________________________________________________________________

Vulnerabilities in Oracle E-Business Suite 11i
Oracle Critical Patch Update - October 2005
October 18, 2005
______________________________________________________________________

Summary:

Oracle t

[ more ] [ reply ]

[security bulletin] SSRT051052 rev.0 - HP OpenView Operations and OpenView VantagePoint Java Runtime Environment (JRE) Remote Privileged Access 2005-10-19
security-alert hp com