BugTraq Mode:
(Page 1298 of 1748)  < Prev  1293 1294 1295 1296 1297 1298 1299 1300 1301 1302 1303  Next >
Re: Getting round website authentication with Firefox 2005-07-27
Shalom Carmel (shalom venera com)
Actually, this is a "feature" of most if not all browsers, that have no way
to logout of URLs protected
by HTTP basic authentication.

Try to completely close all browser instances between the two attempts and
you will discover that
firefox asks for a login in all cases.

Shalom Carmel
-------------

[ more ]  [ reply ]
FreeBSD Security Advisory FreeBSD-SA-05:18.zlib 2005-07-27
FreeBSD Security Advisories (security-advisories freebsd org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

========================================================================
=====
FreeBSD-SA-05:18.zlib Security Advisory
The FreeBSD Project

Topic: Bu

[ more ]  [ reply ]
RE: On classifying attacks 2005-07-25
Black, Michael (black EssexCorp com)
Perhaps the current popularity of remote/local terms comes from the
Lincoln Labs studies done in 1998:
http://www.usenix.org/events/sec99/full_papers/ghosh/ghosh_html/

Attacks were divided into four categories:
denial of service
probing/surveillance
remote to local
user to root attacks

In the

[ more ]  [ reply ]
[SECURITY] [DSA 768-1] New phpbb2 packages fix cross-site scripting 2005-07-27
joey infodrom org (Martin Schulze)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 768-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Martin Schulze
July 27th, 2005

[ more ]  [ reply ]
Shared section vulnerability when opening microsoft office document resulting in DoS 2005-07-27
sylvain roger solucom fr
There is a shared section vulnerability in office products when trying to open
an office document with firefox. For example try to open a word document
attached in a webmail. firefox.exe process will create a son winword.exe
process (it only appears when the process is created with firefox not svcho

[ more ]  [ reply ]
Re : [Firefox Bug 302187] New: Shared section vulnerability when opening microsoft office document resulting in DoS 2005-07-27
sylvain roger solucom fr
Hello,

More details about the potentiel vulnerability : Firefox is just starting a new process in the standard way, using CreateProcess
(see
<http://lxr.mozilla.org/seamonkey/source/nsprpub/pr/src/md/windows/ntmis
c.c#391>).
Firefox is already passing NULL to lpProcessAttributes and lpThreadAttribu

[ more ]  [ reply ]
[ GLSA 200507-26 ] GNU Gadu, CenterICQ, Kadu, EKG, libgadu: Remote code execution in Gadu library 2005-07-27
Sune Kloppenborg Jeppesen (jaervosz gentoo org)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200507-26
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -

[ more ]  [ reply ]
[SECURITY] [DSA 767-1] New ekg packages fix arbitrary code execution 2005-07-27
joey infodrom org (Martin Schulze)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 767-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Martin Schulze
July 27th, 2005

[ more ]  [ reply ]
[ GLSA 200507-25 ] Clam AntiVirus: Integer overflows 2005-07-26
Sune Kloppenborg Jeppesen (jaervosz gentoo org)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200507-25
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -

[ more ]  [ reply ]
FreeBSD Security Advisory FreeBSD-SA-05:19.ipsec 2005-07-27
FreeBSD Security Advisories (security-advisories freebsd org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

========================================================================
=====
FreeBSD-SA-05:19.ipsec Security Advisory
The FreeBSD Project

Topic: In

[ more ]  [ reply ]
[ GLSA 200507-24 ] Mozilla Suite: Multiple vulnerabilities 2005-07-26
Sune Kloppenborg Jeppesen (jaervosz gentoo org)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200507-24
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -

[ more ]  [ reply ]
[SECURITY] [DSA 765-1] New heimdal packages fix arbitrary code execution 2005-07-27
joey infodrom org (Martin Schulze)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 765-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Martin Schulze
July 22nd, 2005

[ more ]  [ reply ]
[ISR] - Novell GroupWise Client Remote Buffer Overflow 2005-07-27
Francisco Amato (famato infobyte com ar)
||
|| [ISR]
|| Infobyte Security Research
|| www.infobyte.com.ar
|| 07.27.2005
||

.:: SUMMARY

Novell GroupWise Client Remote Buffer Overflow

Version: GroupWise 6.5.3, It is suspected that all previous versions of
Groupwise Client
are vulnerable.

.:: BACKGROUND

GroupWise Client is Novell'

[ more ]  [ reply ]
[NILESA-20050701] UnixWare 7.x RPC portmapper Dos Vulnerability 2005-07-27
Jonglim Yun (abc mail nilesoft co kr)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

========================================================================
========
NileSOFT Security Advisory
- ------------------------------------------------------------------------
--------
ID : NILESA-20050701
Title : rp

[ more ]  [ reply ]
CYBSEC - Security Advisory: Default Configuration InformationDisclosure in Lotus Domino 2005-07-26
Leandro Meiners (lmeiners cybsec com)
(The following advisory is also available in PDF format for download at:
http://www.cybsec.com/vuln/default_configuration_information_disclosure_
lotus_domino.pdf )

CYBSEC S.A.
www.cybsec.com

Advisory Name: Default Configuration Information Disclosure in Lotus
Domino (Including password hashes)

Vu

[ more ]  [ reply ]
Re: Re: Local privilege escalation using runasp V3.5.1 2005-07-26
securityfocus 5 stele spamgourmet com
Correct! -> All critical files should not be modifyalbe by an normal user!
Users should not be able to modify the program files directory too.

[ more ]  [ reply ]
Re: Local privilege escalation using runasp V3.5.1 2005-07-26
securityfocus 5 stele spamgourmet com
Hello,

this is not a RunAs Pro Bug.
-> Critical Files should be protected by Administrators, so that normal users are not able to rename them.
Just optimize your User-Permissions.

-> Just note:
Our next release will include a CRC32 Check of the file.

[ more ]  [ reply ]
Internet Explorer AJAX Bug 2005-07-26
anakin php5 pl
Summary:
Internet Explorer 6.0 and below hangs when entering prepared page

Details:
When using AJAX (Asynchronous JavaScript and XML) to load page content dynamicly we are allowed to do anything on the side of server. Internet Explorer process hangs when Content-type header is sent within.

Vulnera

[ more ]  [ reply ]
RE: ClamAV Multiple Rem0te Buffer Overflows 2005-07-26
Sec-Tec Lists (zen31438 zen co uk)
>The clamav.net front page says "Latest ClamAV stable release is: 0.86.2".
>
>Is this included in your advisory?

The release notes for 0.86.2 say:

"Changes in this release include fixes for three possible integer overflows in libclamav"

[ more ]  [ reply ]
[HSC Security Group] XSS in CartWiz 2005-07-26
zinho hackerscenter com
Hackers Center Security Group (http://www.hackerscenter.com/)
Zinho's Security Advisory

Desc: XSS in CartWIZ
Risk: Medium (Cookie stealing)

store/viewCart.asp?message=%3Cplaintext%3E

allows anyone to retrieve cookie and take control over the account.
I noticed there are also

[ more ]  [ reply ]
Vulnerability in IBM access 2005-07-26
sylvain roger solucom fr
Hello,

I would like to make to Bugtraq knowledge the existence of a security vulnerability in IBM access software. IBM access is vulnerable to a Shared Section vulnerability. The processes QCWLICON.exe and QCTRAY.exe have the section \BaseNamedObjects\QCONDB with invalid rights which allows everyo

[ more ]  [ reply ]
3Com launches vulnerability-buying program 2005-07-25
Ghaith Nasrawi (libero aucegypt edu)
folks,

as it was announced few minutes ago that "3Com launches
vulnerability-buying program" (through TippingPoint, a company 3Com
acquired earlier this year)

http://www.securityfocus.com/news/11253
http://www.zerodayinitiative.com/

so what do you think about this step? Obviously, they are trying

[ more ]  [ reply ]
fetchmail security announcement fetchmail-SA-2005-01 2005-07-26
Matthias Andree ma+nomail (at) dt.e-technik.uni-dortmund (dot) de [email concealed] (ma+nomail dt e-technik uni-dortmund de)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

fetchmail-SA-2005-01: security announcement

Topic: remote code injection vulnerability in fetchmail

Author: Matthias Andree
Version: 1.02
Announced: 2005-07-21
Type: buffer overrun/stack corruption/code injection
Impact: account or system compromi

[ more ]  [ reply ]
SPIDynamics WebInspect Cross-Application Scripting (XAS) 2005-07-26
3APA3A (3APA3A SECURITY NNOV RU)
Dear bugTraq,

Cross application scripting attacks (data obtained from untrusted
source is sent unfiltered from trusted application to browser) in
different applications are reported by anonymous author.

In Russian version of article "XSS - WEB = Cross-Applications
Scri

[ more ]  [ reply ]
(Page 1298 of 1748)  < Prev  1293 1294 1295 1296 1297 1298 1299 1300 1301 1302 1303  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus