|
|
Colapse all |
Post message
[SECURITY] [DSA 799-1] New webcalendar packages fix remote code execution 2005-09-02 Michael Stone (mstone klecker debian org) [SECURITY] [DSA 798-1] New phproupware packages fix several vulnerabilities 2005-09-02 joey infodrom org (Martin Schulze) [SECURITY] [DSA 800-1] New pcre3 packages fix arbitrary code execution 2005-09-02 joey infodrom org (Martin Schulze) CYBSEC - Multiple Vendor Web Vulnerability Scanner Arbitrary Script Injection Vulnerability 2005-09-01 Mariano Nuñez Di Croce (mnunez cybsec com) CYBSEC S.A. www.cybsec.com Advisory Name: Multiple Vendor Web Vulnerability Scanner Arbitrary ============= Script Injection Vulnerability Vulnerability Class: Script Injection ==================== Release Date: 09.01.2005 ============= Affected Applications: ====================== * N-Stealth [ more ] [ reply ] [SECURITY] [DSA 794-1] New polygen packages fix denial of service 2005-09-01 joey infodrom org (Martin Schulze) RE: Re: secure client-side platform 2005-09-01 Mark Senior (Mark Senior gov ab ca) Your attack tree below is of the form: A and ( B or C or D) and E I submit a simpler one of the form: A or (B and C) A - there is an exploitable vulnerability (in the remote-code-execution sense) in the DNS response handling code on your livecd. You send out a query, a malicious response reache [ more ] [ reply ] iDEFENSE Security Advisory 09.01.05: Novell NetMail IMAPD Command Continuation Request Heap Overflow 2005-09-01 iDEFENSE Labs (labs-no-reply idefense com) Novell NetMail IMAPD Command Continuation Request Heap Overflow iDEFENSE Security Advisory 09.01.05 www.idefense.com/application/poi/display?id=301&type=vulnerabilities September 1, 2005 I. BACKGROUND Novell NetMail is an e-mail and calendaring system that is based on Internet-standard messaging [ more ] [ reply ] iDEFENSE Security Advisory 09.01.05: 3Com Network Supervisor Directory Traversal Vulnerability 2005-09-01 iDEFENSE Labs (labs-no-reply idefense com) 3Com Network Supervisor Directory Traversal Vulnerability iDEFENSE Security Advisory 09.01.05 www.idefense.com/application/poi/display?id=300&type=vulnerabilities September 9, 2005 I. BACKGROUND 3Com Network Supervisor is a network monitoring application which allows monitoring services on mult [ more ] [ reply ] SUSE Security Announcement: kernel multiple security problems (SUSE-SA:2005:050) 2005-09-01 Marcus Meissner (meissner suse de) [security bulletin] SSRT051005 rev.1 - HP ProLiant DL585 Servers Unauthorized Remote Access 2005-09-01 Boren, Rich (HP SSRT) (rich boren hp com) silc server and toolkit insecure temporary file creation 2005-09-01 Eric Romang / ZATAZ.com (eromang zataz com) ######################################################### silc server and toolkit insecure temporary file creation Vendor: http://silcnet.org/ Advisory: http://www.zataz.net/adviso/silc-server-toolkit-06152005.txt Vendor informed: yes Exploit available: yes Impact : low Exploitation : low ####### [ more ] [ reply ] [SECURITY] [DSA 779-2] New Mozilla Firefox packages fix several vulnerabilities 2005-09-01 joey infodrom org (Martin Schulze) re: Ariba Spend Management System 2005-09-01 gerald626 gmail com I would like to clarify some things. First, I would like to apologize for any mis-representaiton due to a lack of proper explanation on my part. My previous post was essentially true, that the username/password is being transmitted in clear text. However, it is not in the URL as I previously clai [ more ] [ reply ] [SECURITY] [DSA 793-1] New sqwebmail packages fix cross-site scripting 2005-09-01 joey infodrom org (Martin Schulze) File aribitary read access in frox 2005-09-01 un4m31 gmail com =( c1zc0 Security advisory #1 )= =( Frox transparent froxy / cache )= =( found by rotor irc.efnet.org #c1zc0 )= =( http://c1zc0.com - c1zc0 Security 2005 )= Package: frox Frox Author: James Hollingshead Download Site: http://frox.sourceforge.net Vulnrability: File aribitary read access Frox is a [ more ] [ reply ] Re: secure client-side platform 2005-09-01 liudieyu umbrella name (2 replies) #1, we are talking about how to do critical secret communication in a secure way, right? so forget about those putting win9x 24/7 on DSL ... let them continue contributing to the spam and zombie business ;-) imagine i'm going to access an e-gold acocunt of $1M ... first i unplug the network [ more ] [ reply ] [SecuriWeb.2005.1] - Barracuda SPAM firewall advisory 2005-09-01 Francois Harvey (fharvey securiweb net) RE: Ariba password exposure vulnerability 2005-09-01 Craig Kennedy (CKennedy ariba com) Gerald626, I read your post on bugtraq and needed to respond to clear up some inaccuracies and misrepresentations. Ariba's "Spend management" software is a suite of web based applications that enable customers to more effectively manage their spend. I'm not quite sure what you mean by "... transm [ more ] [ reply ] UMN gopher[v3.0.9+] multiple(2) client buffer overflows. 2005-09-01 v9 (v9 fakehalo us) 1. BACKGROUND The Internet Gopher Client is based on the UMN Gopher/Gopherd 2.3.1 code. Gopher is an Internet technology that predates the Web. It presents information as a virtual network-wide filesystem. Modern browsers such as Konqueror can display gopherspace as if it contained files on your lo [ more ] [ reply ] SimplePHPBlog Arbitrary File Deletion and Sample Exploit 2005-08-29 'ken'@FTU (ken ftusecurity com) SimplePHPBlog has a vulnerability in its comment_delete_cgi.php. The PHP script allows for the arbitrary deletion of files. Attached is an perl script to demonstrate the exploit. This vulnerability, in combination with the fact that the installation scripts are left on the server after installat [ more ] [ reply ] [USN-173-4] PCRE vulnerabilities 2005-08-31 Martin Pitt (martin pitt canonical com) =========================================================== Ubuntu Security Notice USN-173-4 August 31, 2005 python2.1, python2.2, python2.3, gnumeric vulnerabilities CAN-2005-2491 =========================================================== A security issue affects the following Ubuntu r [ more ] [ reply ] Re: Vulnerability in Symantec Anti Virus Corporate Edition v9.x] 2005-08-31 secure symantec com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Symantec is aware of and is currently investigating this issue. Symantec Product Security Team Symantec takes the security of our products seriously and is a responsible disclosure company. You can view our response policies at http://www.symantec.com [ more ] [ reply ] Ariba password exposure vulnerability 2005-08-31 gerald626 gmail com The Ariba Spend Mangement System, which is a web-based application, appears to transmit the username and password of the user to the server via the URL in plain text. Packet capture is available for analysis upon request. This may enable a malicious user to sniff the username/password for accounts [ more ] [ reply ] Vulnerability in Symantec Anti Virus Corporate Edition v9.x 2005-08-31 golovast gmail com (2 replies) The vulnerability has been identified and confirmed in versions 9.0.1.x and 9.0.4.x. I am fairly certain that it exists in all releases of version 9 and possibly other versions as well. Essentially, the program can be configured to receive updates via Symantec's or an Internal Live update server. [ more ] [ reply ] RE: Vulnerability in Symantec Anti Virus Corporate Edition v9.x 2005-09-01 James C Slora Jr (Jim Slora phra com) |
|
Privacy Statement |
Hash: SHA1
- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 798-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Michael Stone
September 2, 2005
[ more ] [ reply ]