|
|
Colapse all |
Post message
[SECURITY] [DSA 850-1] New tcpdump packages fix denial of service 2005-10-09 joey infodrom org (Martin Schulze) [SECURITY] [DSA 851-1] New openvpn packages fix denial of service 2005-10-09 joey infodrom org (Martin Schulze) [SECURITY] [DSA 852-1] New up-imapproxy packages fix arbitrary code execution 2005-10-09 joey infodrom org (Martin Schulze) [SECURITY] [DSA 853-1] New ethereal packages fix several vulnerabilities 2005-10-09 joey infodrom org (Martin Schulze) [SECURITY] [DSA 854-1] New tcpdump packages fix denial of service 2005-10-09 joey infodrom org (Martin Schulze) Announcement: The Web Application Firewall Evaluation Criteria v1 2005-10-10 contact webappsec org The Web Application Firewall Evaluation Criteria project is proud to announce its first public release. The goal of the project is to develop a detailed web application firewall evaluation criteria; a testing methodology that can be used by any reasonably skilled technician to independently assess [ more ] [ reply ] [SECURITY] [DSA 855-1] New weex packages fix arbitrary code execution 2005-10-10 joey infodrom org (Martin Schulze) [SECURITY] [DSA 856-1] New py2play packages fix arbitrary code execution 2005-10-10 joey infodrom org (Martin Schulze) [SECURITY] [DSA 857-1] New graphviz packages fix insecure temporary file 2005-10-10 joey infodrom org (Martin Schulze) Re: Opinion: Complete failure of Oracle security response and utter neglect of t 2005-10-10 Silent / Saracoth (saracoth hotmail com) http://en.wikipedia.org/wiki/Ad_hominem http://en.wikipedia.org/wiki/Style_over_substance_fallacy All right, I figured that a 14-message long thread would have some kind of credible defense for Oracle, but nope. All I see are generalizations that don't apply and logical fallacies (which, if your [ more ] [ reply ] PullThePlug Contest: Call For Papers 2005-10-10 announcements pulltheplug org Hi, The PullThePlug Contest is a unique opportunity for individuals in the information security community to share their knowledge in the form of interesting and innovative papers and win a prize in the process. All the papers will be reviewed by our Contest Voting Panel and the best entries will [ more ] [ reply ] [SECURITYREASON.COM] phpMyAdmin Local file inclusion 2.6.4-pl1 2005-10-10 max jestsuper pl -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [phpMyAdmin Local file inclusion 2.6.4-pl1] Author: Maksymilian Arciemowicz ( cXIb8O3 ).18 Date: 10.10.2005 from SECURITYREASON.COM - --- 0.Description --- phpMyAdmin 2.6.4 is a tool written in PHP intended to handle the administration of MySQL over t [ more ] [ reply ] [SECURITY] [DSA 858-1] New xloadimage packages fix arbitrary code execution 2005-10-10 joey infodrom org (Martin Schulze) [SECURITY] [DSA 859-1] New xli packages fix arbitrary code execution 2005-10-10 joey infodrom org (Martin Schulze) iDEFENSE Security Advisory 10.10.05: SGI IRIX runpriv Design Error Vulnerability 2005-10-10 iDEFENSE Labs (labs-no-reply idefense com) SGI IRIX runpriv Design Error Vulnerability iDEFENSE Security Advisory 10.10.05 www.idefense.com/application/poi/display?id=312&type=vulnerabilities October 10, 2005 I. BACKGROUND The runpriv program is a setuid root application that checks to see if a regular user has been granted privileges t [ more ] [ reply ] iDEFENSE Security Advisory 10.10.05: Kaspersky Anti-Virus Engine CHM File Parser Buffer Overflow Vulnerability 2005-10-10 iDEFENSE Labs (labs-no-reply idefense com) Kaspersky Anti-Virus Engine CHM File Parser Buffer Overflow Vulnerability iDEFENSE Security Advisory 10.10.05 www.idefense.com/application/poi/display?id=318&type=vulnerabilities October 10, 2005 I. BACKGROUND Kaspersky Anti-Virus Engine (KAV) is a popular virus scanning engine for Windows and L [ more ] [ reply ] versatileBulletinBoard V1.0.0 RC2 (possibly prior versions) multiple SQL injection vulnerabilities / login bypass / board takeover 2005-10-10 rgod aliceposta it versatileBulletinBoard V1.0.0 RC2 (possibly prior versions) multiple SQL Injection vulnerabilities / login bypass / cross site scripting / information disclosure software: site: http://vbb.eniki.de/ if magic_quotes_gpc off... A) i)SQL INJECTION / LOGIN BYPASS you can login as admin typing; lo [ more ] [ reply ] [SECURITY] [DSA 860-1] New Ruby packages fix safety bypass 2005-10-11 joey infodrom org (Martin Schulze) FreeBSD Security Advisory FreeBSD-SA-05:21.openssl 2005-10-11 FreeBSD Security Advisories (security-advisories freebsd org) XSS vulnerability in Zeroblog 2005-10-11 alireza hassani (trueend5 yahoo com) Software: ZeroBlog Vendor: http://www.sothq.net Version: 1.2a , 1.1f Bug: XSS Exploitation: Remote --------------------------- Introduction: Zeroblog: Feature ritch weblog, d-board, live webcam (option, and requires 3th party software), calendar, poll system, photogallery, smileys, search engine, 80 [ more ] [ reply ] [KDE Security Advisory] KOffice/KWord RTF import buffer overflow 2005-10-11 Dirk Mueller (mueller kde org) Secunia Research: WinRAR Format String and Buffer OverflowVulnerabilities 2005-10-11 Secunia Research (vuln secunia com) The Malloc Maleficarum 2005-10-11 Phantasmal Phantasmagoria (phantasmal hush ai) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [-------------------------------- The Malloc Maleficarum Glibc Malloc Exploitation Techniques by Phantasmal Phantasmagoria phantasmal (at) hush (dot) ai [email concealed] [-------------------------------- In late 2001, "Vudo Malloc Tricks" and "Once Upon A free()" defined the e [ more ] [ reply ] iDEFENSE Security Advisory 10.11.05: Microsoft Distributed Transaction Controller Packet Relay DoS Vulnerability 2005-10-11 iDEFENSE Labs (labs-no-reply idefense com) Microsoft Distributed Transaction Controller Packet Relay DoS Vulnerability iDEFENSE Security Advisory 10.11.05 www.idefense.com/application/poi/display?id=319&type=vulnerabilities October 11, 2005 I. BACKGROUND The Distributed Transaction Controller provides a method for disparate processes to [ more ] [ reply ] iDEFENSE Security Advisory 10.11.05: Microsoft Distributed Transaction Controller TIP DoS Vulnerability 2005-10-11 iDEFENSE Labs (labs-no-reply idefense com) Microsoft Distributed Transaction Controller TIP DoS Vulnerability iDEFENSE Security Advisory 10.11.05 www.idefense.com/application/poi/display?id=320&type=vulnerabilities October 11, 2005 I. BACKGROUND The Distributed Transaction Controller provides a method for disparate processes to complete [ more ] [ reply ] [EEYEB20050510] - Microsoft DirectShow Remote Code Vulnerability 2005-10-11 Advisories eeye com Microsoft DirectShow Remote Code Vulnerability Release Date: October 11, 2005 Date Reported: May 10, 2005 Severity: High (Code Execution) Vendor: Microsoft Systems Affected: Windows 98, 98SE, ME Windows 2000 SP4 - Microsoft DirectX 8.0 - 9.0c Windows XP SP1 - SP2 - DirectX 9.0 - 9.0c Windows S [ more ] [ reply ] [EEYEB20050708] Microsoft Distributed Transaction Coordinator Memory Modification Vulnerability 2005-10-11 Advisories eeye com Microsoft Distributed Transaction Coordinator Memory Modification Vulnerability Release Date: October 11, 2005 Date Reported: July 8, 2005 Severity: High (Remote Code Execution) Vendor: Microsoft Systems Affected: Windows 2000 Server SP0 - SP4 - Vulnerable - Anonymous remotely exploitable [ more ] [ reply ] [EEYEB20050915] - MDT2DD.DLL COM Object Uninitialized Heap Memory Vulnerability 2005-10-11 Advisories eeye com MDT2DD.DLL COM Object Uninitialized Heap Memory Vulnerability Release Date: October 11, 2005 Date Reported: September 15, 2005 Severity: High (Code Execution) Vendor: Microsoft Systems Affected: Internet Explorer 5 SP4 Internet Explorer 5.5 SP2 - Windows ME Internet Explorer 6 SP1 - All Windows [ more ] [ reply ] [EEYEB20050803] - Windows UMPNPMGR wsprintfW Stack Buffer Overflow Vulnerability 2005-10-11 Advisories eeye com Windows UMPNPMGR wsprintfW Stack Buffer Overflow Vulnerability Release Date: October 11, 2005 Date Reported: August 3, 2005 Severity: High (Remote Code Execution with Authentication) Medium (Privilege Escalation to SYSTEM) Vendor: Microsoft Systems Affected: Windows NT 4.0 Windows 2000 Windows [ more ] [ reply ] [SECURITY] [DSA 862-1] New Ruby 1.6 packages fix safety bypass 2005-10-11 joey infodrom org (Martin Schulze) |
|
Privacy Statement |
Hash: SHA1
- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 850-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Martin Schulze
October 9th, 2005
[ more ] [ reply ]