|
|
Colapse all |
Post message
Re: M4DR007-06SA (security advisory): Multiple vulnerabilities in UPB 1.9.6 GOLD 2005-06-19 fraser myupb com Another tcpdump BGP infinite loop vulnerability (CAN-2005-1267) 2005-06-19 Simon L. Nielsen (simon FreeBSD org) Hello While working on the FreeBSD Security Advisory for the recent tcpdump issues (CAN-2005-1278, CAN-2005-1279, and CAN-2005-1280) I noticed another similar infinite loop DoS vulnerability in the BGP handling code. It affects at least tcpdump 3.8.3 and tcpdump 3.9 snapshots from before May 5. T [ more ] [ reply ] Sudo version 1.6.8p9 now available, fixes security issue. 2005-06-20 Todd C. Miller (Todd Miller courtesan com) Sudo version 1.6.8, patchlevel 9 is now available, which fixes a race condition in Sudo's pathname validation. This is a security issue. Summary: A race condition in Sudo's command pathname handling prior to Sudo version 1.6.8p9 that could allow a user with Sudo privileges to run arbit [ more ] [ reply ] Advisory 01/2005: Fileupload/download vulnerability in Trac 2005-06-19 Stefan Esser (sesser hardened-php net) [ GLSA 200506-14 ] Sun and Blackdown Java: Applet privilege escalation 2005-06-19 Sune Kloppenborg Jeppesen (jaervosz gentoo org) Black Hat Briefings Announcements 2005-06-17 Jeff Moss (jmoss blackhat com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hey BugTraq, I just wanted to let you know we got some new content on-line as well as a reminder about upcoming registration deadlines. Hope to see you there! REMINDER: Register before July 1st to take advantage of the earlier pricing! http://www.bl [ more ] [ reply ] JBOSS 3.2.2-3.2.7 / 4.0.2 installation path disclosure / config disclosure / version fingerprinting 2005-06-17 Marc Schoenefeld (marc schoenefeld gmx org) Security Advisory: JBOSS 3.2.2-3.2.7 / 4.0.2 installation path disclosure / config disclosure / version fingerprinting Date: 14/06/05 URL: http://www.illegalaccess.org/java/jboss_path.php Problem: The default installation of JBoss reveals the path of the installation directory and allows fingerp [ more ] [ reply ] [ GLSA 200506-13 ] webapp-config: Insecure temporary file handling 2005-06-17 Sune Kloppenborg Jeppesen (jaervosz gentoo org) Passwords Decrypter for UPB <= 1.9.6 2005-06-16 Alberto Trivero (trivero jumpy it) #!/usr/bin/perl # # Passwords Decrypter for UPB <= 1.9.6 # Related advisory: http://www.securityfocus.com/archive/1/402461/30/0/threaded # Discovered and Coded by Alberto Trivero use Getopt::Std; use LWP::Simple; getopt('hfu'); print "\n\t========================================\n"; print "\t= Pas [ more ] [ reply ] e107 v0.617 several new and old vulnerabilities 2005-06-12 Marc Ruef (marc ruef computec ch) Hello, The e107 is an open-source, PHP and SQL based portal and content management system[1]. I found some new vulnerabilities in the current release v0.617. Also some "older" flaws[2] has been re-discovered in different ways. This email has been sent some months ago to the e107 developers. They f [ more ] [ reply ] Adobe Reader 7: XML External Entity (XXE) Attack 2005-06-16 Sverre H. Huseby (shh thathost com) (1 replies) SquirrelMail "vendor" notification feeler 2005-06-16 Jonathan Angliss (jon squirrelmail org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Guys, This is a general feeler email. Due to the popularity of SquirrelMail, and the fact it is packaged with quite a few distributions, the SquirrelMail administration team are looking to setup a "vendor" notification list to work in conjunction wi [ more ] [ reply ] [SM-ANNOUNCE] Patch fixes SquirrelMail cross site scripting vulnerabilities [CAN-2005-1769] 2005-06-16 Jonathan Angliss (jon squirrelmail org) Hello All, Several cross site scripting (XSS) vulnerabilties have been discovered in SquirrelMail versions 1.4.0 - 1.4.4. These have been addressed in a patch that can be found at [1]. We advise all our users to apply this patch. We're also releasing SquirrelMail 1.4.5 release candidate 1 today. We [ more ] [ reply ] M4DR007-06SA (security advisory): Multiple vulnerabilities in UPB 1.9.6 GOLD 2005-06-16 Alberto Trivero (trivero jumpy it) M4DR007-06SA (security advisory): Multiple vulnerabilities in UPB 1.9.6 GOLD Published: 06 16 2005 Released: 06 16 2005 Name: Ultimate PHP Board (UPB) Affected Systems: <= 1.9.6 GOLD Issue: Full Path Disclosure, Cross-Site Scripting, Sensitive Information Disclosure Author: Alberto Trivero Ve [ more ] [ reply ] MDKSA-2005:102 - Updated gedit packages fix format string vulnerability 2005-06-16 Mandriva Security Team (security mandriva com) MDKSA-2005:101 - Updated tcpdump packages fix vulnerability 2005-06-16 Mandriva Security Team (security mandriva com) eEye Advisory - EEYEB-20050316 - HTML Help File Parsing Buffer Overflow 2005-06-15 Steve Manzuik (smanzuik eeye com) EEYEB-20050316 - HTML Help File Parsing Buffer Overflow Release Date: June 14, 2005 Date Reported: March 16, 2005 Severity: High (Remote Code Execution) Vendor: Microsoft Systems Affected: Windows 98 / 98 SE Windows Me Windows 2000 Service Pack 3 / Service Pack 4 Windows XP Service Pack 1 / Ser [ more ] [ reply ] Re: [NGSEC] AntiPharming v1.00 FREE 2005-06-14 Joel Esler (eslerj gmail com) " * Denying any user (even Administrator) to write to the hosts file. * Denying any user (even Administrator) to change your DNS settings." Then who is going to modify the settings? > On 6/14/05, lists @ NGSEC <lists (at) ngsec (dot) com [email concealed]> wrote: > > > > -----BEGIN PGP SIGNED MESSAGE- [ more ] [ reply ] MADSHEEP-05SA (security advisory): WebHints <= v1.03 Remote Command Execution Vulnerability 2005-06-15 Emanuele \MadSheep\ Gentili (emanuele orvietolug org) MADSHEEP-05SA (security advisory): WebHints <= v1.03 Remote Command Execution Vulnerability 06/11/2005 MADSHEEP-05SA (security advisory): WebHints <= v1.03 Remote Command Execution Vulnerability Published: 06 11 2005 Released: 06 11 2005 Name: WebHints Affected Systems: <= 1.03 Issue: R [ more ] [ reply ] DMA[2005-0614a] - 'Global Hauri ViRobot Server cookie overflow' 2005-06-15 KF (lists) (kf_lists digitalmunition com) Mambo 4.5.2.2 SQL Injection in UPDATE statement 2005-06-15 pokley (pokleyzz scan-associates net) Product : Mambo 4.5.2.2 (http://www.mamboserver.com) Summary: Mambo 4.5.2.2 and below SQL Injection in UPDATE statement Severity: Low Description =========== Mambo is a full-featured management system that can be used for everything from simple websites to complex corporate applications. Detail [ more ] [ reply ] is this new? vuln info @ Adobe 2005-06-15 phr1ker hushmail com (1 replies) Multiple paFileDB Vulnerabilities 2005-06-15 GulfTech Security Research (security gulftech org) ########################################################## # GulfTech Security Research June 14th, 2005 ########################################################## # Vendor : php Arena # URL : http://www.phparena.net/pafiledb.php # Version : paFileDB 3.1 && Earlier # Risk : Multiple [ more ] [ reply ] |
|
Privacy Statement |
the patch is availiable here:
http://www.myupb.com/forum/viewtopic.php?id=26&t_id=118
[ more ] [ reply ]