|
|
Prev week |
Colapse all |
Post message
[SECURITY] [DSA 736-2] New spamassassin packages fix potential DOS 2005-07-08 Michael Stone (mstone klecker debian org) [SECURITY] [DSA 735-2] New sudo packages fix pathname validation race 2005-07-08 Michael Stone (mstone klecker debian org) Security Advisory for Bugzilla 2.18.1 and 2.19.3 2005-07-08 mkanat bugzilla org Summary ======= Bugzilla is a Web-based bug-tracking system, used by a large number of software projects. This advisory covers two security bugs that have recently been discovered and fixed in the Bugzilla code: + Any user can change a flag on any bug. This also allows the attacker to expose [ more ] [ reply ] Fwd: [VOIPSEC] VoIP-Phones: Weakness in proccessing SIP-Notify-Messages 2005-07-08 gary madsen (gmads seclists gmail com) FYI ---------- Forwarded message ---------- From: Mark Teicher <mht3 (at) earthlink (dot) net [email concealed]> Date: Jul 7, 2005 7:06 PM Subject: Re: [VOIPSEC] VoIP-Phones: Weakness in proccessing SIP-Notify-Messages To: Tobias Glemser <tglemser (at) tele-consulting (dot) com [email concealed]> Cc: voipsec (at) voipsa (dot) org [email concealed] Interesting results when executed [ more ] [ reply ] SiteMinder Multiple Vulnerabilities 2005-07-08 c0ntexb gmail com /* ************************************************************************ ***************************************** $ An open security advisory #10 - Siteminder v5.5 Vulnerabilities ************************************************************************ ************************************** [ more ] [ reply ] [SECURITY] [DSA 743-1] New ht packages fix arbitrary code execution 2005-07-08 joey infodrom org (Martin Schulze) [SECURITY] [DSA 744-1] New fuse packages fix information disclosure 2005-07-08 joey infodrom org (Martin Schulze) SUSE Security Announcement: php/pear XML RPC remote code execution (SUSE-SA:2005:041) 2005-07-08 Marcus Meissner (meissner suse de) [Bday release] Comersus shopping cart has multiple Sql injection and Cross Site Scripting vulnerabilities 2005-07-07 dcrab hackerscenter com Dcrab 's Security Advisory http://www.dbtech.org Deadbolt Computer Technologies ****************************** SPECIAL BIRTHDAY RELEASE, 18TH BIRTHDAY RELEASE FOR DIABOLIC CRAB, YOU CAN SEND EMAILS TO DCRAB (at) HACKERSCENTER (dot) COM [email concealed] ****************************** Get Dcrab's Services to audit your Web ser [ more ] [ reply ] [SECURITY] [DSA 741-1] New bzip2 packages prevent decompression bomb 2005-07-07 joey infodrom org (Martin Schulze) Re: ICMP vulnerabilities 2005-07-07 J. Oquendo (root infiltrated net) On Wed, 6 Jul 2005, Theo de Raadt wrote: > > Repeat a few times -- and everyone will now consider that peer to be > flapping, and you have successfully taken an ISP off the net. > > > Please read the article. My take on this is that there are people > who don't want to fix this. > This isn't new [ more ] [ reply ] [OpenPKG-SA-2005.013] OpenPKG Security Advisory (zlib) 2005-07-07 OpenPKG (openpkg openpkg org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ________________________________________________________________________ OpenPKG Security Advisory The OpenPKG Project http://www.openpkg.org/security.html http://www.openpkg.org openpkg-security (at) openpkg (dot) org [email concealed] [ more ] [ reply ] NULL sessions vulnerabilities using alternate named pipes 2005-07-07 Jean-Baptiste Marchand (Jean-Baptiste Marchand hsc fr) PNGƒJƒEƒ“ƒ^+—pƒƒO‰ð̓XƒNƒŠƒvƒg remote commands execution vulnerability 2005-07-07 blahplok yahoo com Multiple vulnerabilities in Lantronix SLC console server 2005-07-07 spam drwetter org Hi, I stumbled on another bug during my review for console servers: Summary: Lantronix SecureLinx console server: Retrieval of ssh-private keys and system logfiles Confirmed on SLC32, Software version: 2.0, 3.0 very likely on all models of SLC series (SLC8, 16, 32, 48) www.lantronix.com Detail [ more ] [ reply ] RE: Microsoft Word Protection Bypass 2005-07-07 Walter Wickersham (wwickersham printinc com) I usually open it in OpenOffice and remove the protection there (use openoffice2.0) then save it as a word file again -----Original Message----- From: Dave.Collins (at) tetratech (dot) com [email concealed] [mailto:Dave.Collins (at) tetratech (dot) com [email concealed]] Sent: Wednesday, July 06, 2005 1:11 PM To: bugtraq (at) securityfocus (dot) com [email concealed] Subject: Re: Mic [ more ] [ reply ] RE: Microsoft Word Protection Bypass 2005-07-07 Christian King (cking procuri com) Quick HOWTO: 1. Open the protected document in Word 2. File / Save As (XML Document) 3. Open XML Document, look for <w:documentProtection w:edit="read-only" w:enforcement="on" w:unprotectPassword="xxxxxxx"/> The "unprotectPassword" will be a hex byte string. 4. Open the .doc in your favorite h [ more ] [ reply ] Problems with the Oracle Critical Patch Update for April 2005 2005-07-07 David Litchfield (davidl ngssoftware com) Hey all, Whilst analyzing Oracle's Critical Patch Update for April 2005 I noticed some failures in it, that meant certain issues the patch was supposed to fix were actually left unfixed. One set of vulnerabilities "fixed" by the April CPU is a group of SQL injection bugs in DBMS_SUBSCRIBE and DB [ more ] [ reply ] ICMP vulnerabilities 2005-07-07 Theo de Raadt (deraadt cvs openbsd org) Much more information on the ICMP vulnerabilities that allow you to blindly tear down TCP sessions. http://kerneltrap.org/node/5382 Please note these are not man-in-the-middle attacks. You can do them blind. Totally blind. You do not need to know any information. There are three attacks ou [ more ] [ reply ] Vulnerability in Whatpulse.Org profiles allows XSS and session hijacking 2005-07-06 rift13 charter net Whatpulse.org is a site that provides software to allower users to keep track of how many keystrokes they have entered and 'pulse' them to the website and view who has the most keys to date, etc. Whatpulse has a profile feature that lets a user describe a little bit about themself to otherusers. T [ more ] [ reply ] MDKSA-2005:112 - Updated zlib packages fix vulnerability 2005-07-07 Mandriva Security Team (security mandriva com) [USN-147-2] Fixed php4-pear packages for USN-147-1 2005-07-06 Martin Pitt (martin pitt canonical com) =========================================================== Ubuntu Security Notice USN-147-2 July 06, 2005 php4, php4-universe fixed packages https://bugzilla.ubuntu.com/show_bug.cgi?id=12426 =========================================================== A security issue affects the following Ub [ more ] [ reply ] [USN-148-1] zlib vulnerability 2005-07-06 Martin Pitt (martin pitt canonical com) =========================================================== Ubuntu Security Notice USN-148-1 July 06, 2005 zlib vulnerability CAN-2005-2096 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) Ubuntu 5 [ more ] [ reply ] |
|
Privacy Statement |
Hash: SHA1
- ------------------------------------------------------------------------
Debian Security Advisory DSA 736-2 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Michael Stone
July 07, 2005
[ more ] [ reply ]