|
|
Colapse all |
Post message
Re: Opinion: Complete failure of Oracle security response and utter neglect of their responsibility to their customers 2005-10-07 Gadi Evron (ge linuxbox org) (1 replies) Re: Opinion: Complete failure of Oracle security response and utter neglect of their responsibility to their customers 2005-10-07 David Litchfield (davidl ngssoftware com) MDKSA-2005:175 - Updated texinfo packages fix temporary file vulnerability 2005-10-07 Mandriva Security Team (security mandriva com) MDKSA-2005:174 - Updated mozilla-thunderbird packages fix multiple vulnerabilities 2005-10-07 Mandriva Security Team (security mandriva com) MDKSA-2005:173 - Updated mozilla-firefox packages fix vulnerabilities 2005-10-07 Mandriva Security Team (security mandriva com) MDKSA-2005:172 - Updated openssh packages fix GSSAPI credentials vulnerability 2005-10-07 Mandriva Security Team (security mandriva com) Plaintext Password Vulnerabilitiy during Installation of Oracle HTMLDB 2005-10-07 ak red-database-security com [security bulletin] SSRT051003 rev.1 - HP-UX Java Web Start remote unauthorized privileged access 2005-10-07 security-alert hp com [security bulletin] SSRT051043 rev.0 - Apache Remote Unauthorized access 2005-10-07 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 HP SECURITY BULLETIN HPSBUX01232 REVISION: 0 SSRT051043 rev.0 - Apache Remote Unauthorized access NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. INITIAL RELEASE: 05 October 2005 POTENTIAL SECURITY IM [ more ] [ reply ] [SECURITY] [DSA 846-1] New cpio packages fix several vulnerabilities 2005-10-07 joey infodrom org (Martin Schulze) Re: Opinion: Complete failure of Oracle security response and utter neglect of their responsibility to their customers 2005-10-06 Rainer Duffner (rainer ultra-secure de) David Litchfield wrote: > Hey, > I know you this wasn't your intent when you wrote it, but: > >> That means 70 000 000 ? spend by Larry for the silly Yacht - you, >> David, could charge 100 000 per day and still deliver more value. > > > I just want to make it clear that all I'm looking for from O [ more ] [ reply ] Re: Opinion: Complete failure of Oracle security response and utter neglect of their responsibility to their customers 2005-10-06 Cesar (cesarc56 yahoo com) I support David 100% and I would like to add a few comments (I can't avoid doing this :)): I remember reading an article where Larry Ellison said that Oracle database server were used by FBI, CIA, USSR goverment, etc. he referenced that as saying our software is the most secure, top goverment agenc [ more ] [ reply ] [USN-194-1] texinfo vulnerability 2005-10-06 Martin Pitt (martin pitt canonical com) =========================================================== Ubuntu Security Notice USN-194-1 October 06, 2005 texinfo vulnerability CAN-2005-3011 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) Ubunt [ more ] [ reply ] [ GLSA 200510-05 ] Ruby: Security bypass vulnerability 2005-10-06 Sune Kloppenborg Jeppesen (jaervosz gentoo org) Re: Opinion: Complete failure of Oracle security response and utter neglect of their responsibility to their customers 2005-10-06 Rainer Duffner (rainer ultra-secure de) (1 replies) David Litchfield wrote: [snip sad Oracle track "record" on security] I must assume most of their code is written by some poor guys in a sweatshop in Bangalore or Shanghai today. And only those people can "fix" it, so if somebody finds a flaw, a "request to fix" is sent to Bangalore and fulfille [ more ] [ reply ] Re: Opinion: Complete failure of Oracle security response and utter neglect of their responsibility to their customers 2005-10-06 David Litchfield (davidl ngssoftware com) xloadimage buffer overflow. 2005-10-05 Ariel Berkman (aberkm1 uic edu) Hi, While creating a stripped down version of xloadimage, I have discovered three buffer overflows in xloadimage when handling the image title name. Unlike most of the supported image formats in xloadimage, the NIFF image format can store a title name of arbitrary length as part of the image file. [ more ] [ reply ] [ GLSA 200510-06 ] Dia: Arbitrary code execution through SVG import 2005-10-06 Sune Kloppenborg Jeppesen (jaervosz gentoo org) aspReady FAQ - open for SQL-injections 2005-10-06 preben watchcom no The free, open source project called "aspReady FAQ" is open for SQL-injection. This results is admin access with the ability change/delete the entire database. An example on SQL-inject that works could be: 1'or'1'='1 After doing a google search, I've found out that some companies are actually u [ more ] [ reply ] High Risk Vulnerability in Sun Directory Server 2005-10-06 NGSSoftware Insight Security Research (nisr ngssoftware com) Peter Winter-Smith of NGSSoftware has discovered high risk vulnerability in Sun Directory Server. This flaw can permit an unauthenticated attacker to remotely compromise the Directory server. Affected versions include: Sun Directory Server 5.2 (patch 3 and below) This issue has been resolved in t [ more ] [ reply ] WASC Threat Classification in 4 languages 2005-10-05 contact webappsec org The Web Application Security Consortium (WASC) is announcing the availability of the Web Security Threat Classification in English, Japanese, Spanish, and Turkish. The material is open source and provided in TXT, PDF, and DOC formats. The Web Security Threat Classification is a cooperative [ more ] [ reply ] [security bulletin] SSRT051004 rev.1 - HP-UX Java Runtime Environment (JRE) Untrusted Applet Elevates Privilege 2005-10-06 security-alert hp com Secunia Research: Webroot Desktop Firewall Two Vulnerabilities 2005-10-06 Secunia Research (vuln secunia com) Secunia Research: PHP-Fusion Two SQL Injection Vulnerabilities 2005-10-06 Secunia Research (vuln secunia com) |
|
Privacy Statement |
know about the lacking security practices, secure development practices
and decent security response by *many* vendors.
Some of these vendors critical to the infrastructure far more than Oracle.
With all due respect to your w
[ more ] [ reply ]