|
|
Colapse all |
Post message
Stack-Based Buffer Overflow in Sybase EAServer 4.2.5 to 5.2 2005-07-15 SPI Labs (spilabs spidynamics com) AW: Silently fixed security bugs in Oracle Critical Patch Update July 2005 2005-07-15 Kornbrust, Alexander (ak red-database-security com) Hi David and all, You are right. Bug 2576249 (DAV_PUBLIC) was discovered by the Litchfield brothers and is already fixed with Alert 52. Correct me if I'm wrong, but I am not aware that the other bugs (Memory leak, webcache SSL 40bit encryption, oraaltpassword ...) are already covered by another [ more ] [ reply ] Why Vulnerability Databases can't do everything 2005-07-15 Steven M. Christey (coley mitre org) Regarding a particular vulnerability database, Xavier Beaudouin <kiwi (at) oav (dot) net [email concealed]> said: >They push advisory without testing and respect the usual way to inform >developper as it should. (name omitted simply because it could have been about any vuln database.) No doubt a lot of what I'm about to say [ more ] [ reply ] Compromising pictures of Microsoft Internet Explorer! 2005-07-15 Michal Zalewski (lcamtuf dione ids pl) (1 replies) Synopsis: --------- Well, not really. Instead, at the risk of boring you to death, I'd like to report on a casual 30-minute experiment I've conducted of recent. This experiment resulted in identifying a potential remote code execution path in Microsoft Internet Explorer, plus some other bug [ more ] [ reply ] Re: Compromising pictures of Microsoft Internet Explorer! 2005-07-15 Steve Kemp (steve steve org uk) LSS Security Advisory: Winamp remote buffer overflow vulnerability 2005-07-14 Leon Juranic (ljuranic lss hr) On classifying attacks 2005-07-15 Derek Martin (code pizzashack org) (1 replies) The issue has come up on bugtraq before, but I think it is worth raising it again. The question is how to classify attacks against users' client programs which come from the Internet, e.g. an e-mail carrying a malicious trojan horse payload. The reason this is important is because we judge how ser [ more ] [ reply ] Silently fixed security bugs in Oracle Critical Patch Update July 2005 2005-07-15 ak red-database-security com (1 replies) Hello BugTraq-Reader After reading the patch documentation and some tests with the CPU July 2005 I found out that Oracle fixed some security bugs silently without mention these bugs in their current risk matrix. Detailed information about most of these bugs are not available via Metalink but in m [ more ] [ reply ] Re: Silently fixed security bugs in Oracle Critical Patch Update July 2005 2005-07-15 David Litchfield (davidl ngssoftware com) [ GLSA 200507-14 ] Mozilla Firefox: Multiple vulnerabilities 2005-07-15 Thierry Carrez (koon gentoo org) [ GLSA 200507-15 ] PHP: Script injection through XML-RPC 2005-07-15 Thierry Carrez (koon gentoo org) several vulnerabilities present in Belkin wireless routers 2005-07-15 m123303 securityfocus com, "[at]" securityfocus com,richmond ac uk securityfocus com (1 replies) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Advisory name: several vulnerabilities present in Belkin wireless routers Overall severity rating: HIGH risk Devices affected: "belkin54g" family of wireless routers 4 main vulnerabilities are included in this advisory: - - default telnet backdoor [ more ] [ reply ] Re: several vulnerabilities present in Belkin wireless routers 2005-07-15 Steve Kemp (steve steve org uk) iDEFENSE Security Advisory 07.14.05: Sophos Anti-Virus Zip File Handling DoS Vulnerability 2005-07-14 iDEFENSE Labs (labs-no-reply idefense com) Sophos Anti-Virus Zip File Handling DoS Vulnerability iDEFENSE Security Advisory 07.14.05 www.idefense.com/application/poi/display?id=283&type=vulnerabilities July 14, 2005 I. BACKGROUND Sophos Small Business Suite includes the Sophos PureMessage Small Business Edition, combining virus and spam p [ more ] [ reply ] MDKSA-2005:119 - Updated krb5 packages fix multiple vulnerabilities 2005-07-14 Mandriva Security Team (security mandriva com) MDKSA-2005:120 - Updated mozilla-firefox packages fix multiple vulnerabilities 2005-07-14 Mandriva Security Team (security mandriva com) Re: [Full-disclosure] ICMP Security Vulnerabilities - NEW (cough) 2005-07-14 Fernando Gont (fernando frh utn edu ar) At 06:42 p.m. 12/07/2005, Vic Vandal wrote: Vic, I'd like to sum-up my response, before quoting your e-mail to respond to each of your comments. a) Discussing an issue "in various circles" is not "raising awareness". The proof of that is the large number of vulnerable implementations, as listed [ more ] [ reply ] [ GLSA 200507-13 ] pam_ldap and nss_ldap: Plain text authentication leak 2005-07-14 Thierry Carrez (koon gentoo org) XSS in forums Simple Message Board Version 2.0 Beta 1 2005-07-14 stormhacker hotmail com [T]his BUGS discovered by rUnViRuS Http://www.security-arab.com =-=-=-=-=-=-=-=-= xss in forums Simple Message Board Version 2.0 Beta 1 Powered by Man and Machine, Ltd Exploit =-=-=-= XSS in forum.cfm http://www.example.com/forum/forum.cfm?FID=<script>JavaScript:alert(docu ment.cookie);</script> =- [ more ] [ reply ] 05_07_14-bitdefender_malicious_content_bypass 2005-07-14 Alexander Hagenah (webmaster primepage de) --/ INTRODUCTION -- Advisory : 05_07_14-bitdefender_malicious_content_bypass Release Date : 14. July 2005 Application : BitDefender Antivirus Impact : Malicious content bypass Author : Alexander 'xaitax' Hagenah [ah at primepage dot de] --/ SYSTEMS AFFECTED -- BitDefender running on Linux/BS [ more ] [ reply ] SquirrelMail Arbitrary Variable Overwriting Vulnerability 2005-07-14 GulfTech Security Research (security gulftech org) ########################################################## # GulfTech Security Research July 14th, 2005 ########################################################## # Vendor : The SquirrelMail Project Team # URL : http://www.squirrelmail.org/ # Version : SquirrelMail 1.4.5-RC1 && Earlier [ more ] [ reply ] [SM-ANNOUNCE] Patch available for CAN-2005-2095 2005-07-14 Jonathan Angliss (jon squirrelmail org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi All, This is just a quick note to report the availability of a patch for CAN-2005-2095. This patch is against 1.4.4. It can be downloaded from http://www.squirrelmail.org/security/issue/2005-07-13. The patch has the checksum 634e366370d818fd942 [ more ] [ reply ] [SECURITY] [DSA 746-1] New packages fix remote command execution in phpgroupware 2005-07-14 Michael Stone (mstone klecker debian org) 1st European Conference on Computer Network Defence (EC2ND) 2005-07-14 Blyth A J C (Comp) (ajcblyth glam ac uk) 1st European Conference on Computer Network Defence (EC2ND) 15th/16th December 2005, School of Computing, University of Glamorgan, UK. Call for Papers The 1st European Conference on Computer Network Defence will take place in December 2005 at the School of Computing, University of Glamorgan. The [ more ] [ reply ] YaBBSe 1.5.5c Path disclosure problem 2005-07-14 priestmaster (priest priestmaster org) -------------------------------------------------------------------- -------- Team priestmasters YabbSE 1.5.5c Path disclosure ---------- -------------------------------------------------------------------- Software Vendor: http://sourceforge.net/projects/yabbse/ A path disclosure vuln exist in th [ more ] [ reply ] [FLSA-2005:152777] Updated ImageMagick packages fix security issues 2005-07-12 Marc Deslauriers (marcdeslauriers videotron ca) |
|
Privacy Statement |
-----------------------------------------------------------
Release Date: July 15 2005
Severity: Medium
A vulnerability has been discovered in Sybase EAServer. If exploited,
this can result in
user-specified code being executed under the
[ more ] [ reply ]