|
|
Colapse all |
Post message
[SECURITY] [DSA 861-1] New uw-imap packages fix arbitrary code execution 2005-10-11 joey infodrom org (Martin Schulze) CodeCon 2006 Call For Papers 2005-10-11 Len Sassaman (rabbi abditum com) CodeCon 2006 February 10-12, 2006 San Francisco CA, USA www.codecon.org Call For Papers CodeCon is the premier showcase of cutting edge software development. It is an excellent opportunity for programmers to demonstrate their work and keep abreast of what's going on in their community. All presen [ more ] [ reply ] [USN-199-1] Linux kernel vulnerabilities 2005-10-10 Martin Pitt (martin pitt canonical com) =========================================================== Ubuntu Security Notice USN-199-1 October 10, 2005 linux-source-2.6.10, linux-source-2.6.8.1 vulnerabilities CAN-2005-3053, CAN-2005-3106, CAN-2005-3107, CAN-2005-3108, CAN-2005-3109, CAN-2005-3110 ======================================== [ more ] [ reply ] [USN-198-1] cfengine vulnerabilities 2005-10-10 Martin Pitt (martin pitt canonical com) =========================================================== Ubuntu Security Notice USN-198-1 October 10, 2005 cfengine vulnerabilities CAN-2005-2960, CAN-2005-3137 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Wa [ more ] [ reply ] [USN-197-1] Shorewall vulnerability 2005-10-10 Martin Pitt (martin pitt canonical com) =========================================================== Ubuntu Security Notice USN-197-1 October 10, 2005 shorewall vulnerability CAN-2005-2317 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) Ubu [ more ] [ reply ] [USN-196-1] Xine library vulnerability 2005-10-10 Martin Pitt (martin pitt canonical com) =========================================================== Ubuntu Security Notice USN-196-1 October 10, 2005 xine-lib vulnerability CAN-2005-2337 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) Ubun [ more ] [ reply ] [USN-195-1] Ruby vulnerability 2005-10-10 Martin Pitt (martin pitt canonical com) =========================================================== Ubuntu Security Notice USN-195-1 October 10, 2005 ruby1.8 vulnerability CAN-2005-2337 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) Ubunt [ more ] [ reply ] Antivirus detection bypass by special crafted archive. 2005-10-07 unsecure writeme com Release Date : 2005-10-05 Tested on: Windows 2000 SP2 & SP4 Tested with: Jotti Online Antivirus Scanner Tested with: VirusTotal Online Antivirus Scanner Tested with: Command line freeware UnRAR v3.50 Tested with: PowerZip v7.06 Discovered by: fRoGGz Credit to: SecuBox Labs -============ [ more ] [ reply ] gnome-pty-helper writes arbitrary utmp records 2005-10-07 Paul Szabo (psz maths usyd edu au) For full details please see http://bugs.debian.org/329156 Extracts from above: Paul Szabo <psz (at) maths.usyd.edu (dot) au [email concealed]>: gnome-pty-helper can be made to write utmp/wtmp records with arbitrary DISPLAY (host) settings. ... ... I do not know any root escalation methods. ... cannot think of any [ more ] [ reply ] MDKSA-2005:176 - Updated webmin package fixes authentication bypass vulnerability 2005-10-07 Mandriva Security Team (security mandriva com) MDKSA-2005:177 - Updated hylafax packages fix temporary file vulnerability 2005-10-07 Mandriva Security Team (security mandriva com) Re: Opinion: Complete failure of Oracle security response and utter neglect of their responsibility to their customers 2005-10-07 Kurt Seifried (bt seifried org) http://www.red-database-security.com/advisory/published_alerts.html 19-jul-2005 - Advisory: Various Cross-Site-Scripting Vulnerabilities in Oracle Report - [Various CSS in Oracle Reports] (Not fixed after 700+ days) 19-jul-2005 - Advisory: Read parts of any XML-file on the application server via [ more ] [ reply ] Re: Opinion: Complete failure of Oracle security response and utter neglect of their responsibility to their customers 2005-10-08 Tony Jambu (tjambu labyrinth net au) Cyphor 0.19 SQL Injection / Board takeover / cross site scripting 2005-10-08 retrogod aliceposta it Cyphor 0.19 SQL Injection / Board takeover / cross site scripting 1)if magic quotes off -> SQL Injection: by "Forgot your password?" feature you can send yourself a new admin password and reset it, poc: email: [your_email] nick: 'or'X'='X soon, you will receive an email like this: You have regi [ more ] [ reply ] [SECURITY] [DSA 847-1] New dia packages fix arbitrary code execution 2005-10-08 joey infodrom org (Martin Schulze) [SECURITY] [DSA 848-1] New masqmail packages fix several vulnerabilities 2005-10-08 joey infodrom org (Martin Schulze) [SECURITY] [DSA 849-1] New shorewall packages fix firewall bypass 2005-10-08 joey infodrom org (Martin Schulze) [ GLSA 200510-08 ] xine-lib: Format string vulnerability 2005-10-08 Sune Kloppenborg Jeppesen (jaervosz gentoo org) [ GLSA 200510-09 ] Weex: Format string vulnerability 2005-10-08 Sune Kloppenborg Jeppesen (jaervosz gentoo org) Re: Security contact for ... 2005-10-06 Williams, James K (James Williams ca com) > From: EMendoza [mailto:erikam (at) gmail (dot) com [email concealed]] > Sent: Thursday, October 06, 2005 3:54 PM > To: bugtraq (at) securityfocus (dot) com [email concealed]; dailydave (at) lists.immunitysec (dot) com [email concealed] > Subject: [Dailydave] Security contact for ... > > Computer Associates? ... N/m hopefully they read these lists. > > Here's a freebe, non-default [ more ] [ reply ] Re: Opinion: Complete failure of Oracle security response and utter neglect of their responsibility to their customers 2005-10-07 Ivan . (ivanhec gmail com) Hi David, On Security, Is Oracle the Next Microsoft? http://www.eweek.com/article2/0,1895,1860184,00.asp **********************snip************************** Davidson has also taken a public stand against researchers like Litchfield and Kornbrust, who she says exaggerate the dimensions of security [ more ] [ reply ] Utopia News Pro 1.1.3 SQL Injection / cross site scripting 2005-10-07 retrogod aliceposta it 2.56 07/10/2005 Utopia News Pro 1.1.3 SQL Injection / cross site scripting software: site: http://www.utopiasoftware.net a)xss: http://[target]/[path]/header.php?sitetitle=</title><script>alert(docume nt.cookie)</script><!-- http://[target]/[path]/footer.php?version=<script>alert(document.cookie) < [ more ] [ reply ] Re: [Dailydave] Security contact for ... 2005-10-07 security curmudgeon (jericho attrition org) : Computer Associates? ... N/m hopefully they read these lists. : : Here's a freebe, non-default install tho :(. Affects about 5 or so core : CA products iirc. http://www.osvdb.org/vendor_dict.php?section=vendor&id=3396&c=C Computer Associates International, Inc. Short Name: CA, CAI URL: htt [ more ] [ reply ] [ GLSA 200510-07 ] RealPlayer, Helix Player: Format string vulnerability 2005-10-07 Thierry Carrez (koon gentoo org) MailEnable W3C Logging Remote Buffer Overflow Proof of Concept 2005-10-07 advisory wirecom org Attached is a proof of concept for the MailEnable W3C Logging vulnerability. It features a special type of patching shellcode designed to quickly and easily secure this vulnerability across your network. I am releasing this in hopes that other POC writers will follow suit, releasing exploits that p [ more ] [ reply ] Aenovo Multiple Vulnerabilities 2005-10-07 advisory kapda ir Aenovo Multiple Vulnerabilities [KAPDA::#3] - Aenovo - Multiple Vulnerabilities KAPDA New advisory Vulnerable products : Aenovo(v Trial`s tested,Hopefully all other versions), AenovoShop and aeNovoWYSI (v Demo`s tested,Hopefully all other versions) Vendor: http://www.aenovo.co.uk/ Risk: High [ more ] [ reply ] Re: Re: Opinion: Complete failure of Oracle security response and utter neglect of their responsibility to their customers 2005-10-07 ak red-database-security com Hello I agree with David's and Cesar's opinion. Here are 3 examples how Oracle is dealing with security: +++ Last week (28-sep-2005) I've got an email from Oracle secalert (secalert_us (at) oracle (dot) com [email concealed], signed with the Oracle PGP key). They asked me to remove my already published Oracle security ad [ more ] [ reply ] Re: Opinion: Complete failure of Oracle security response and utter neglect of their responsibility to their customers 2005-10-07 Gadi Evron (ge linuxbox org) (1 replies) > Having worked closely with the security teams of most large commercial > vendors (IBM, Oracle, Microsoft, Apple, HP, Adobe, Real) I can quite > honestly say that, of all of them, Oracle is the only company to still > treat security in this way. Most other organizations "got it" years ago > and [ more ] [ reply ] Re: Opinion: Complete failure of Oracle security response and utter neglect of their responsibility to their customers 2005-10-07 David Litchfield (davidl ngssoftware com) |
|
Privacy Statement |
Hash: SHA1
- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 861-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Martin Schulze
October 11th, 2005
[ more ] [ reply ]