|
|
Colapse all |
Post message
[SECURITY] [DSA 808-1] New tdiary packages fix Cross Site Request Forgery 2005-09-12 joey infodrom org (Martin Schulze) PHP Nuke <= 7.8 Multiple SQL Injections 2005-09-12 r verton gmail com [NewAngels Advisory #7]PHP Nuke <= 7.8 Multiple SQL Injections ======================================================================== ===== Software: PHP Nuke 7.8 Type: SQL Injections Risk: High Date: Sep. 10 2005 Vendor: PHP-Nuke (phpnuke.org) Credit: ======= Robin 'onkel_fisch' Verton from i [ more ] [ reply ] Security Flaw in pam_per_user Module 2005-09-12 Mark D. Roth roth+pam_per_user (at) feep (dot) net [email concealed] (roth+pam_per_user feep net) Summary/Impact: --------------- There is a security flaw in the pam_per_user PAM module that can allow someone to authenticate as any user on the system, provided that they already have the proper credentials for one account. This security hole is fixed in pam_per_user-0.4, which is available from [ more ] [ reply ] Sawmill XSS vuln 2005-09-12 Mark Terry (Mark Terry nta-monitor com) Bugtraq, This has been delayed until the vendor had released a new version: <<<<SNIP>>>>> Date: Fri, 26 Aug 2005 11:48:48 -0700 From: Greg Ferrar <ferrar (at) flowerfire (dot) com [email concealed]> User-Agent: Mozilla Thunderbird 1.0.2 (Macintosh/20050317) X-Accept-Language: en-us, en To: Terence.Wong (at) nta-monitor (dot) com [email concealed] Cc: sup [ more ] [ reply ] Re[2]: [Full-disclosure] (TOOL) TAPiON (Polymorphic Decryptor Generator) Engine 2005-09-09 Alejandro Barrera (abarrera iron-gate net) > Re, >>... >>If you want some indepth on polymorphis I recomend you the 29a papers: >>http://vx.netlux.org/29a/ > I'm not a master in this branch however let me citate one of the > aritcles found on the server you sent me (i also recomend you to read it): I read it long ago thxs. > Lev [ more ] [ reply ] [SECURITY] [DSA 807-1] New mod_ssl packages fix acl restriction bypass 2005-09-12 joey infodrom org (Martin Schulze) FreeBSD Security Advisory FreeBSD-SA-05:20.cvsbug [REVISED] 2005-09-09 FreeBSD Security Advisories (security-advisories freebsd org) [USN-179-1] openssl weak default configuration 2005-09-09 Martin Pitt (martin pitt canonical com) =========================================================== Ubuntu Security Notice USN-179-1 September 09, 2005 openssl weak default configuration https://bugzilla.ubuntu.com/show_bug.cgi?id=13593 =========================================================== A security issue affects the follo [ more ] [ reply ] [USN-178-1] Linux kernel vulnerabilities 2005-09-09 Martin Pitt (martin pitt canonical com) =========================================================== Ubuntu Security Notice USN-178-1 September 09, 2005 linux-source-2.6.10, linux-source-2.6.8.1 vulnerabilities CAN-2005-1913, CAN-2005-2490, CAN-2005-2492, CAN-2005-2800, CAN-2005-2801, CAN-2005-2802 ================================= [ more ] [ reply ] class-1 Forum Software v 0.24.4 Remote code execution 2005-09-08 retrogod aliceposta it class-1 Forum Software v 0.24.4 Remote code execution software: site: http://www.class1web.co.uk/software description: class-1 Forum Software is a PHP/MySQL driven web forum. It is written and distributed under the GNU General Public License which means that its source is freely-distributed and [ more ] [ reply ] KillProcess 2.20 and priors "FileDescription" Local Buffer Overflow Issue 2005-09-09 fRoGGz securityfocus com Zebedee DoS Vulnerability 2005-09-09 Shiraishi.M (shiraishi insi co jp) We have found a denial of service vulnerability in Zebedee. This issue have been fixed in 2.4.1A. [TESTED ON] Zebedee 2.4.1 (Windows version and source compiled Linux version) [VULNERABILITY] The server crushes when "0" received as the port number in the protocol option header. $ od -tx1z -Ax z [ more ] [ reply ] KillProcess 2.20 and priors "FileDescription" Local Buffer Overflow Issue 2005-09-09 fRoGGz securityfocus com VULNERABLE PRODUCT ------------------ Software: KillProcess Platforms: Windows Version: 2.20 and priors Original advisorie: http://sbox.nightmail.ru -------------------------- BACKGROUND ---------- This funny application can terminate any Windows process with the click of a button. It can also [ more ] [ reply ] (TOOL) TAPiON (Polymorphic Decryptor Generator) Engine 2005-09-09 Piotr Bania (bania piotr gmail com) Hi, TAPiON engine was developed to avoid code detection (shellcode/whatever). The engine can create unical decryptor, encrypt original data and decrypt it on the fly (while code executes). MAIN FEATURES: # decryption key based on randomly generated decryptor (attacker breakpoint insertion [ more ] [ reply ] iDEFENSE Security Advisory 09.09.05: GNU Mailutils 0.6 imap4d 'search' Format String Vulnerability 2005-09-09 iDEFENSE Labs (labs-no-reply idefense com) GNU Mailutils 0.6 imap4d 'search' Format String Vulnerability iDEFENSE Security Advisory 09.09.05 www.idefense.com/application/poi/display?id=303&type=vulnerabilities September 09, 2005 I. BACKGROUND The GNU mailutils package is a collection of mail-related utilities, including local and remote m [ more ] [ reply ] [SECURITY] [DSA 806-1] New cvs packages fix insecure temporary files 2005-09-09 joey infodrom org (Martin Schulze) MDKSA-2005:161 - Updated apache2 packages to address multiple vulnerabilities 2005-09-08 Mandriva Security Team (security mandriva com) [SECURITY] [DSA 805-1] New Apache2 packages fix several vulnerabilities 2005-09-08 joey infodrom org (Martin Schulze) Secunia Research: NOD32 Anti-Virus ARJ Archive Handling BufferOverflow 2005-09-08 Secunia Research (vuln secunia com) Secunia Research: ALZip ACE Archive Handling Buffer Overflow 2005-09-08 Secunia Research (vuln secunia com) [SECURITY] [DSA 804-1] New kdelibs packages fix backup file information leak 2005-09-08 joey infodrom org (Martin Schulze) [SECURITY] [DSA 803-1] New Apache packages fix HTTP request smuggling 2005-09-08 joey infodrom org (Martin Schulze) anti Windows XP SP2 firewall trick 2005-09-07 crusoe alexandria cc 1.9.2005 Mark Kica crusoe (at) alexandria (dot) cc [email concealed] FEI AI Technical University Kosice #Dedicated to Katka H. from Levoca How to avoid of detection of server application on Windows XP SP2 firewall ######################################################################## ####### #Q:How safe is Window [ more ] [ reply ] RE: FileZilla weakly-encrypted password vulnerability: advisory + PoC 2005-09-07 Mark Senior (Mark Senior gov ab ca) I understand that you're not necessarily endorsing the developer's stance, so please take no offence. The below posting is evidence that the FileZilla developers are infected with a DOS mentality - the assumption that every computer will be used by only one person. The developer is being disingenu [ more ] [ reply ] [USN-176-1] kcheckpass vulnerability 2005-09-07 Martin Pitt (martin pitt canonical com) =========================================================== Ubuntu Security Notice USN-176-1 September 07, 2005 kdebase vulnerability CAN-2005-2494 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 5.04 (Hoary Hedgeho [ more ] [ reply ] [USN-177-1] Apache 2 vulnerabilities 2005-09-07 Martin Pitt (martin pitt canonical com) =========================================================== Ubuntu Security Notice USN-177-1 September 07, 2005 apache2, libapache-mod-ssl vulnerabilities CAN-2005-2700, CAN-2005-2728 =========================================================== A security issue affects the following Ubuntu r [ more ] [ reply ] USN-160-2: Apache vulnerability 2005-09-07 Martin Pitt (martin pitt canonical com) =========================================================== Ubuntu Security Notice USN-160-2 September 07, 2005 apache vulnerability CAN-2005-2088 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) Ubuntu [ more ] [ reply ] |
|
Privacy Statement |
Hash: SHA1
- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 808-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Martin Schulze
September 12th, 2005
[ more ] [ reply ]