|
|
Prev week |
Colapse all |
Post message
[FLSA-2005:152919] Updated grip package fixes security issue 2005-09-16 Marc Deslauriers (marcdeslauriers videotron ca) (TOOL) TAPiON ver 0.1c 2005-09-16 Piotr Bania (bania piotr gmail com) Hi, For those who are interrested, new version (0.1c) of TAPiON (polymorphic decryptor generator) is now available. The package can be downloaded at: http://pb.specialised.info/all/tapion/ - the list of changes in 0.1c version is also stored at this url. best regards, Piotr Bania -- -------- [ more ] [ reply ] [SECURITY] [DSA 815-1] New kdebase packages fix local root vulnerability 2005-09-16 joey infodrom org (Martin Schulze) gwcc insecure temporary file creation 2005-09-16 ZATAZ Audits (exploits zataz net) ######################################################### gwcc insecure temporary file creation Vendor: http://gwcc.sourceforge.net/ Advisory: http://www.zataz.net/adviso/gwcc-09052005.txt Vendor informed: yes Exploit available: yes Impact : low Exploitation : low ################################ [ more ] [ reply ] PHP SESSION MODIFICATION 2005-09-16 unknow uw-team org -- == -- == -- == -- == -- == -- == -- == -- == -- == -- Name: PHP SESSION Version: tested on 3.x and 4.x Homepage: http://php.net/ Authors: unknow (from uw-team) and adam_i Date: 16 September 2005 -- == -- == -- == -- == -- == -- == -- == -- == -- == -- In PHP You can define a session variable by [ more ] [ reply ] SUSE Security Announcement: evolution (SUSE-SA:2005:054) 2005-09-16 Ludwig Nussel (ludwig nussel suse de) ncompress insecure temporary file creation 2005-09-16 ZATAZ Audits (exploits zataz net) ######################################################### ncompress insecure temporary file creation Vendor: ftp://ftp.leo.org/pub/comp/os/unix/linux/sunsite/utils/compress/ Advisory: http://www.zataz.net/adviso/ncompress-09052005.txt Vendor informed: yes Exploit available: yes Impact : low Exploi [ more ] [ reply ] Re: CastleCops ramps up fight against CoolWebSearch/HomeSearch 2005-09-15 Times Enemy (times krr org) Greetings. I am not professionally involved with this, merely curious, which is my excuse for my current ignorance in this area. Does the Microsoft (Giant) Antispyware application utilize the CasteCops list(s) of BHOs? Up front, i am being lame and not rtfm'ing/researching this myself. .times [ more ] [ reply ] arc insecure temporary file creation 2005-09-16 ZATAZ Audits (exploits zataz net) ######################################################### arc insecure temporary file creation Vendor: http://arc.sourceforge.net/ Advisory: http://www.zataz.net/adviso/arc-09052005.txt Vendor informed: yes Exploit available: yes Impact : low Exploitation : low ################################## [ more ] [ reply ] Re: CastleCops ramps up fight against CoolWebSearch/HomeSearch 2005-09-16 Paul Laudanski (zx castlecops com) Microsoft has a research team that seeks out new spyware threats for the MSAS database. They write up their own analysis so the threats listed in our database most likely have a different name and method for identifying malware BHOs. The experts here at CCSP do share information on new threats [ more ] [ reply ] worring about YaST in SuSE 9.3 and maybe lower 2005-09-16 innate gmx de author: l0om email: email:l0om | a7 | excluded d07 org page: www.excluded.org worring about YaST in SuSE 9.3 and maybe lower iam wondering about the installation routine from SuSE linux 9.3 and maybe some lower verisons. YaST is creating a directory named "/var/adm/YaST/InstSrcManager/IS_CACH [ more ] [ reply ] FF IDN buffer overflow workaround works in Netscape too 2005-09-15 Juha-Matti Laurio (juha-matti laurio netti fi) Summary about Firefox IDN buffer overflow vulnerability workarounds in Netscape Browser [a new, more informative title used] Instructions and methods described at Mozilla Foundation Security Advisory "What Firefox and Mozilla users should know about the IDN buffer overflow security issue" https [ more ] [ reply ] [FLSA-2005:163274] Updated CUPS packages fix security issue 2005-09-15 Marc Deslauriers (marcdeslauriers videotron ca) [FLSA-2005:163047] Updated squirrelmail package fixes security issues 2005-09-15 Marc Deslauriers (marcdeslauriers videotron ca) [FLSA-2005:162680] Updated Zlib packagea fix security issues 2005-09-15 Marc Deslauriers (marcdeslauriers videotron ca) [FLSA-2005:160202] Updated mozilla packages fix security issues 2005-09-15 Marc Deslauriers (marcdeslauriers videotron ca) Re: AWstats Path Disclosure Vulnerability 2005-09-15 Martin Pitt (martin pitt canonical com) Hi Nicolas! Fournaux [2005-09-15 2:58 +0200]: > If you use this url : > http://www.server.com/awstats/awstats.pl?config=xxx > > You will get the full path on the hard drive of the script "awstats.pl" > with all sub folders. Ah, I see; I thought you meant the path of the configuration file. Wel [ more ] [ reply ] PTL Advisory 050825 - HP LaserJet Network Username and Information Enumeration 2005-09-15 Pinion Lab (lab pinion se) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -- Pinion Security Consulting AB Tegeluddsvägen 92 115 28 Stockholm Tel. +46 8 54591350 Fax. +46 8 54591369 PGP: B57F 2C79 1D8C 0F84 00D5 4076 7FF5 7413 697A 2DD0 - -- This e-mail is confidential to the named recipient and any unauthorised [ more ] [ reply ] Re: AWstats Path Disclosure Vulnerability 2005-09-15 cwh01 www78 dixiesys com Thing is, it's a MINOR bug. Since most people install it in the default /cgi-gin and usually under /awstats, it doesn't give much ammo other then possibly the userid of the account. And since a LOT of ppl use something easy like "admin" or a shortened version of teh domain name like "domai00", it' [ more ] [ reply ] Airscanner Mobile Security Advisory #05082201: File Transfer Anywhere v3.01 Local Server Password Disclosure 2005-09-13 contact airscanner com Airscanner Mobile Security Advisory #05082201: File Transfer Anywhere v3.01 Local Server Password Disclosure Product: TTXN File Transfer Anywhere v3.01 server Platform: Tested on Windows Mobile Pocket PC 2003 Requirements: Mobile device running Windows Mobile Pocket PC with Transfer Anywhere v3.0 [ more ] [ reply ] XSS Vulnerability in MIVA Merchant 5 - Includes Fix 2005-09-14 admin hyperconx com MIVA Merchant 5 is vulnerable to XSS attack. Users can use javascript to embed their own inputs into the MM5 screens and checkout pages overriding various store safeguards and functions. MIVA Corporation has been very cooperative and has already posted an update to their software entitled (core-4). [ more ] [ reply ] Re: PHP Nuke <= 7.8 Multiple SQL Injections 2005-09-14 Paul Laudanski (zx castlecops com) On 12 Sep 2005 r.verton (at) gmail (dot) com [email concealed] wrote: > Software: PHP Nuke 7.8 > Type: SQL Injections > Risk: High > > PHP Nuke 7.8 is prone to multiple SQL injection vulnerabilities. > These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. [ more ] [ reply ] MDKSA-2005:164 - Updated XFree86/x.org packages fix vulnerability 2005-09-14 Mandriva Security Team (security mandriva com) [SECURITY] [DSA 811-1] New common-lisp-controller packages fix arbitrary code injection 2005-09-14 joey infodrom org (Martin Schulze) RE: [Full-disclosure] FireFox Host: Buffer Overflow is not justexploitable on FireFox 2005-09-14 Peter Kruse (kruse krusesecurity dk) Hi Juha! > I have informed the vendor Netscape being affected on 9th > September 2005. I did the same on the 10th of September - still no reply nor official statement from Netscape which makes me a little worried. > 2) > Disabling IDN support via about:config (or prefs.js file) is > possible i [ more ] [ reply ] Re: Re: Serious Security issue with broken - Microsoft's .Net XML Serialization API 2005-09-14 darkangel stt gmail com there is an attribute in .net to serialize all your attributes... "long" type may not be serializable by default (no idea why)... example : [XmlRootAttribute("item", IsNullable = false)] public class MenuData { [XmlAttribute("Label")] public string MenuLabel = string.Empty; [XmlAttribute( [ more ] [ reply ] RE: [Snort-devel] Re: [Snort-users] Snort DoS Fallacies 2005-09-14 Ferguson, Justin (IARC) (FergusonJ nv doe gov) J. Ferguson Intrusion Analyst NNSA Information Assurance Response Center fergusonj (at) nv.doe (dot) gov [email concealed] -----Original Message----- From: Ferguson, Justin (IARC) Sent: Wednesday, September 14, 2005 6:50 AM To: 'Martin Roesch'; Ferguson, Justin (IARC) Cc: 'snort-devel (at) lists.sourceforge (dot) net [email concealed]'; 'snort-users@ [ more ] [ reply ] Anti Arp Poisoning Daemon (OpenAAPD) PS: Link corrected 2005-09-14 Andrea Di Pasquale (whyx openbeer it) RE: [Snort-devel] Re: [Snort-users] Snort DoS Fallacies 2005-09-14 Steven Sturges (steve sturges sourcefire com) > Q5) Frag3 has the problem in the snapshot I downloaded, why > won't you admit it? > A5) Because you're wrong. The snapshot you're referring to > has the fixes in PrintTcpOptions(), so even with the call to > PrintIPPkt() in there the DoS doesn't work. Version 2.4.0 > did not have the code yo [ more ] [ reply ] |
|
Privacy Statement |
Fedora Legacy Update Advisory
Synopsis: Updated grip package fixes security issue
Advisory ID: FLSA:152919
Issue date: 2005-09-15
Product: Red Hat Linux, Fedora Core
Keywords:
[ more ] [ reply ]