|
|
Colapse all |
Post message
[FLSA-2005:152908] Updated gftp package fixes security issue 2005-07-10 Marc Deslauriers (marcdeslauriers videotron ca) [FLSA-2005:154991] Updated sharutils package fixes security issue 2005-07-10 Marc Deslauriers (marcdeslauriers videotron ca) [FLSA-2005:155505] Updated php packages fix security issues 2005-07-10 Marc Deslauriers (marcdeslauriers videotron ca) Detecting vulnerable zlib versions (CAN-2005-2096) 2005-07-12 Florian Weimer (fw deneb enyo de) Based on data kindly provided by Mark Adler, I've created Clamav signatures which can be used to detect copies of vulnerable zlib versions. This is useful mainly for discovering statically linked zlib copies in program binaries, which must be patched separately. The Clamav signature database is av [ more ] [ reply ] Metasploit exploit for PHP XMLRPC 2005-07-12 comsatcat (comsatcat earthlink net) I got bored last night so I wrote a basic xmlrpc exploit for metasploit. Just drop it in your exploits/ and load it up. package Msf::Exploit::xmlrpc; use strict; use base 'Msf::Exploit'; #use Msf::Socket::Tcp; my $advanced = { }; ####################### # Exploit Information # ################## [ more ] [ reply ] iDEFENSE Security Advisory 07.12.05: Microsoft Word 2000 and Word 2002 Font Parsing Buffer Overflow Vulnerability 2005-07-12 iDEFENSE Labs (labs-no-reply idefense com) Microsoft Word 2000 and Word 2002 Font Parsing Buffer Overflow Vulnerability iDEFENSE Security Advisory 07.12.05 www.idefense.com/application/poi/display?id=281&type=vulnerabilities July 12, 2005 I. BACKGROUND Microsoft Word is the word processing component of the Microsoft Office package. More i [ more ] [ reply ] Possible security issue with FreeBSD 5.4 jailing and BPF 2005-07-11 ronvdaal (ronvdaal zarathustra linux666 com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 While playing around with FreeBSD 5.4 and jailing I discovered that it was possible to put an ethernet interface into promiscious mode from within the jailed environment, allowing a packetsniffer to gather data not meant for the jailed box. This also a [ more ] [ reply ] Multiple High Risk Vulnerabilities in Oracle E-Business Suite 11i - Critical Patch Update July 2005 2005-07-12 Integrigy Security (alerts integrigy com) Integrigy Security Advisory ______________________________________________________________________ Multiple High Risk Vulnerabilities in Oracle E-Business Suite 11i Oracle Critical Patch Update - July 2005 July 12, 2005 ______________________________________________________________________ Summa [ more ] [ reply ] MDKSA-2005:113 - Updated clamav packages fix vulnerability 2005-07-12 Mandriva Security Team (security mandriva com) PacSec/core05 Call For Papers 2005-07-12 Dragos Ruiu (dr kyx net) English url: http://pacsec.jp/speakers.html?LANG=ENGLISH Japanese url: http://pacsec.jp/speakers.html?LANG=JAPANESE PacSec/core05 CALL FOR PAPERS World Security Pros To Converge on Japan November 15/16 TOKYO, Japan -- To address the increasing importance of information security in Japan, the b [ more ] [ reply ] MDKSA-2005:114 - Updated leafnode packages fix multiple vulnerabilities 2005-07-12 Mandriva Security Team (security mandriva com) MDKSA-2005:115 - Updated mplayer packages fix vulnerabilities 2005-07-12 Mandriva Security Team (security mandriva com) MDKSA-2005:116 - Updated cpio packages fix vulnerabilities 2005-07-12 Mandriva Security Team (security mandriva com) Re: Problems with the Oracle Critical Patch Update for April 2005 2005-07-12 David Litchfield (davidl ngssoftware com) Hi Cesar, > We always test Oracle patches against the bugs we have > reported to them just to be sure the patches work. <SNIP> > (10.1.0.4) applied (we tested the patch on this system > after April CPU relase) Yep; that's why at NGSSoftware we're absolutely thorough about testing these things. By [ more ] [ reply ] [ GLSA 200507-11 ] MIT Kerberos 5: Multiple vulnerabilities 2005-07-12 Sune Kloppenborg Jeppesen (jaervosz gentoo org) Advisory 10/2005: Yawp/YaWiki Remote URL Include Vulnerability 2005-07-12 Stefan Esser (sesser hardened-php net) SoftiaCom MailServer - Local Password Disclosure Vulnerability 2005-07-12 unsecure writeme com Software: SoftiaCom MailServer Corporation: DarWeb Version: v1.0 (v2.0 is a fake) Vulnerability: Local Password Disclosure ------------------------------- BACKGROUND __________ SoftiaCom design and build software utilities in communication and network server. WMailserver is an internet email [ more ] [ reply ] [SECURITY] [DSA 753-1] New gedit packages fix denial of service 2005-07-12 joey infodrom org (Martin Schulze) MA[2005-0712b] - 'Nokia Affix Bluetooth btsrv/btobex poor use of system()' 2005-07-12 KF (lists) (kf_lists digitalmunition com) Cisco Security Advisory: Cisco CallManager Memory Handling Vulnerabilities 2005-07-12 Cisco Systems Product Security Incident Response Team (psirt cisco com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ======================================================================== Cisco Security Advisory: Cisco CallManager Memory Handling Vulnerabilities Revision 1.0 For Public Release 2005 July 12 1500 UTC (GMT) ===================================== [ more ] [ reply ] [SECURITY] [DSA 752-1] New gzip packages fix several vulnerabilities 2005-07-11 joey infodrom org (Martin Schulze) blogtorrent remote/local user password disclosure 2005-07-11 Emanuele Gentili (emanuele orvietolug org) WASC-Articles: 'DOM Based Cross Site Scripting or XSS of the Third Kind: A look at an overlooked flavor of XSS' 2005-07-11 contact webappsec org The Web Application Security Consortium is proud to present 'DOM Based Cross Site Scripting or XSS of the Third Kind: A look at an overlooked flavor of XSS ' written by Amit Klein. In this article Amit focuses on a little known variant of Cross Site Scripting which attacks a user's client without se [ more ] [ reply ] [SECURITY] [DSA 745-1] New drupal package fixes multiple vulnerabilities 2005-07-10 Michael Stone (mstone klecker debian org) [ GLSA 200507-07 ] phpWebSite: Multiple vulnerabilities 2005-07-10 Matthias Geerdsen (vorlon gentoo org) [SECURITY] [DSA 747-1] New egroupware packages fix remote command execution 2005-07-10 Michael Stone (mstone klecker debian org) |
|
Privacy Statement |
Fedora Legacy Update Advisory
Synopsis: Updated gftp package fixes security issue
Advisory ID: FLSA:152908
Issue date: 2005-07-10
Product: Red Hat Linux, Fedora Core
Keywords:
[ more ] [ reply ]