|
|
Colapse all |
Post message
[security bulletin] SSRT5971 rev.0 - HP Tru64 Unix FTP Daemon (ftpd) Remote Denial of Service (DoS) 2005-09-20 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 HP SECURITY BULLETIN HPSBTU01227 REVISION: 0 SSRT5971 rev.0 - HP Tru64 Unix FTP Daemon (ftpd) Remote Denial of Service (DoS) NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. INITIAL RELEASE: 19 Septembe [ more ] [ reply ] [security bulletin] SSRT5999 rev.0 HP OpenVMS Secure Web Browser Mozilla Application Node Spoofing 2005-09-20 security-alert hp com [ GLSA 200509-13 ] Clam AntiVirus: Multiple vulnerabilities 2005-09-19 Thierry Carrez (koon gentoo org) Alstrasoft Epay Pro 2.0 and prior Directory Traversal Vulnerability 2005-09-18 h4cky0u gmail com ------------------------------------------------------ HYA-2005-008 h4cky0u.org Advisory 008 ------------------------------------------------------ Date - Mon Sep 19 2005 TITLE: ====== Alstrasoft Epay Pro 2.0 and prior Directory Traversal Vulnerability SEVERITY: ========= Medium SOFTWA [ more ] [ reply ] Whitepaper - Writing small shellcode 2005-09-19 Dafydd Stuttard (daf ngssoftware com) I have written a short whitepaper describing techniques for writing small shellcode. This can be downloaded from: http://www.ngssoftware.com/papers/WritingSmallShellcode.pdf Abstract This paper describes an attempt to write Win32 shellcode that is as small as possible, to perform a common task sub [ more ] [ reply ] [USN-184-1] umount vulnerability 2005-09-19 Martin Pitt (martin pitt canonical com) =========================================================== Ubuntu Security Notice USN-184-1 September 19, 2005 util-linux vulnerability CAN-2005-2876 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Wart [ more ] [ reply ] @System Security Conference 2005-09-18 Giorgio Zoppi (zoppi cli di unipi it) Hi, I wish to inform you that this year in Pisa (Italy) there will be the third @System Security Conference (http://www.atsystem.org) in 13th October. This meeting was born with the aim to discover and speek about the new IT-Security borders. The main focus of this year will be Mobile&Wireless [ more ] [ reply ] [ GLSA 200509-09 ] Py2Play: Remote execution of arbitrary Python code 2005-09-17 Thierry Carrez (koon gentoo org) Possible memory corruption problems in Apple Safari 2005-09-17 Jonathan Rockway (jon jrock us) Hello, I was playing around with Safari the other day and noticed that it crashes solid if you convince it to visit: data://<h1>crash</h1> Typing it into the address bar is sufficient for testing and crashes the browser completely. I loaded up Safari in gdb to see where it crashes and got the fo [ more ] [ reply ] [BuHa-Security] Multiple vulnerabilities in (admincp/modcp of) vBulletin 3.0.8/9 2005-09-18 bugtraq morph3us org Dumb Question 2005-09-19 Sean Warnock (swarnock removeme warnocksolutions com) First of all I want to say hello to the few people that I meet at Toorcon 2005. For my first security conference you guys helped make it magical. Also greets go out to the guys from the San Fernando Linux users group. You guys are great and I'll have to make it your way one of these days. [ more ] [ reply ] Web Application Security Analyzer for PHP-Nuke/phpBB CMS 2005-09-17 Paul Laudanski (zx castlecops com) With all the discussions surrounding the PHP-Nuke CMS wrapping phpBB2 as its forums, I've released an application called Analyzer (version 2.0) available from Download.com. It checks the following versions and reports if newer versions exist: mysql php apache phpnuke phpbb It also checks certai [ more ] [ reply ] Alstrasoft Epay Pro 2.0 and prior Directory Traversal Vulnerability 2005-09-19 h4cky0u gmail com ------------------------------------------------------ HYA-2005-008 h4cky0u.org Advisory 008 ------------------------------------------------------ Date - Mon Sep 19 2005 TITLE: ====== Alstrasoft Epay Pro 2.0 and prior Directory Traversal Vulnerability SEVERITY: ========= Medium SOFTWA [ more ] [ reply ] [Full-disclosure] killbits? should have named them kibbles and bits 2005-09-19 Ill will (xillwillx gmail com) Background: Killbits are used to block certain activex controls from running within windows It is possible using certain methods to bypass this remotely. This goes out to my favorite company in the whole world Microsoft. Thanks for the upcoming vacation. :) MS security department head (Hi Terry) wi [ more ] [ reply ] [ GLSA 200509-12 ] Apache, mod_ssl: Multiple vulnerabilities 2005-09-19 Thierry Carrez (koon gentoo org) Antigen 8.0 for Exchange/SMTP Rule Vulnerability 2005-09-19 Alan Monaghan (AlanM Gardnerweb com) ====================================================================== - Sybari Antigen for SMTP / Exchange Rule / Attachment Pass through - ====================================================================== 1) Affected Software Sybari Antigen v8.0 SR2 for Exchange/SMTP Other versions may als [ more ] [ reply ] router worms and International Infrastructure [was: Re: IOS exploit] 2005-09-19 Gadi Evron (ge linuxbox org) The text below is an email I just sent to the North American Network Operators Group. I believe asking for bugtraq's opinion is also critical. Thanks, Gadi. Michael.Dillon (at) btradianz (dot) com [email concealed] wrote: > Reading through the original Russian posting here > http://www.securitylab.ru/news/240415.php&direc [ more ] [ reply ] ERRATA: [ GLSA 200507-20 ] Shorewall: Security policy bypass 2005-09-17 Thierry Carrez (koon gentoo org) CuteNews 1.4.0 remote code execution 2005-09-17 retrogod aliceposta it CuteNews 1.4.0 (possibly prior versions) remote code execution software: site: http://cutephp.com/ description: "Cute news is a powerful and easy for using news management system that use flat files to store its database. It supports comments, archives, search function, image uploading, backup [ more ] [ reply ] CuteNews 1.4.0 remote code execution 2005-09-17 retrogod aliceposta it CuteNews 1.4.0 (possibly prior versions) remote code execution software: site: http://cutephp.com/ description: "Cute news is a powerful and easy for using news management system that use flat files to store its database. It supports comments, archives, search function, image uploading, backup [ more ] [ reply ] [ GLSA 200509-11 ] Mozilla Suite, Mozilla Firefox: Buffer overflow 2005-09-18 Thierry Carrez (koon gentoo org) [ GLSA 200509-10 ] Mailutils: Format string vulnerability in imap4d 2005-09-17 Thierry Carrez (koon gentoo org) Cisco IOS hacked? 2005-09-19 ciscoioshehehe (ciscoioshehehe yandex ru) (1 replies) today news on SecurityLab.ru (only in russian): http://www.securitylab.ru/news/240415.php * break CRC on CISCO IOS * Desgin Mechanism of cross-platform worm for IOS device. * Run IRC server on 2600 CISCO. * Found more vulnerabilities in EIGRP protocol. and some more... Online translate from Rus [ more ] [ reply ] Re: [Full-disclosure] FireFox Host: Buffer Overflow is not just exploitable on FireFox 2005-09-16 milw0rm Inc. (milw0rm gmail com) This problem also effects Thunderbird (tested) and im guessing Netscape's Mail client (untested) which it really can't do much except cause Thunderbird/Netscape to crash without javascript. Include the linked source in an email for your testing. http://www.milw0rm.com/down.php?id=1204 /str0ke On [ more ] [ reply ] |
|
Privacy Statement |
Hash: SHA1
- ------------------------------------------------------------------------
The Debian Project http://www.debian.org/
Security Host Bandwidth Saturation press (at) debian (dot) org [email concealed]
September 20th, 2005
[ more ] [ reply ]