|
|
Colapse all |
Post message
[SECURITY] [DSA 727-1] New libconvert-uulib-perl packages fix arbitrary code execution 2005-05-20 joey infodrom org (Martin Schulze) [ GLSA 200505-15 ] gdb: Multiple vulnerabilities 2005-05-20 Sune Kloppenborg Jeppesen (jaervosz gentoo org) ERRATA: [ GLSA 200505-13 ] FreeRADIUS: SQL injection and Denial of Service vulnerability 2005-05-20 Sune Kloppenborg Jeppesen (jaervosz gentoo org) UPDATE: [ GLSA 200504-23 ] Kommander: Insecure remote script execution 2005-05-20 Sune Kloppenborg Jeppesen (jaervosz gentoo org) [SECURITY] [DSA 726-1] New oops packages fix format string vulnerability 2005-05-20 joey infodrom org (Martin Schulze) [FLSA-2005:152815] Updated libtiff packages fix security issues 2005-05-18 Marc Deslauriers (marcdeslauriers videotron ca) [USN-130-1] TIFF library vulnerability 2005-05-19 Martin Pitt (martin pitt canonical com) =========================================================== Ubuntu Security Notice USN-130-1 May 19, 2005 tiff vulnerability CAN-2005-1544 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) Ubuntu 5 [ more ] [ reply ] UNICODE BUFFER OVERFLOW IN MS-WORD 2005-05-19 Bahaa Naamneh (b_naamneh hotmail com) UNICODE BUFFER OVERFLOW IN MS-WORD =================================== *.mcw is the ms-word format file for Macintosh. the unicode buffer overflow occurs when the user opens the malformed *.mcw document. Proof of concept: ----------------- by modifying the *.mcw file by using binary editor as [ more ] [ reply ] JavaMail Information Disclosure (msgno) 2005-05-19 Ricky Latt (ygnboyz gmail com) "The JavaMail API provides a platform-independent and protocol-independent framework to build mail and messaging applications. The JavaMail API is implemented as a Java platform optional package and is also available as part of the Java 2 platform, Enterprise Edition. JavaMail provides a common, u [ more ] [ reply ] Re: [SePro Bugtraq] WBB Portal - JGS-Portal <= 3.0.2 - Multiple Vulnerabilities (09.05.05) 2005-05-19 deluxe security-project org In-Reply-To: <200505172151.j4HLpThM004829 (at) linus.mitre (dot) org [email concealed]> >>Cross Site Scripting: >>------------------------- >>You can abuse the SQL-Injections for XSS attacks. > >Does this occur because the XSS-style attacks are being injected into >SQL queries, which then generate errors because the queries ar [ more ] [ reply ] [ GLSA 200505-14 ] Cheetah: Untrusted module search path 2005-05-19 Sune Kloppenborg Jeppesen (jaervosz gentoo org) [SECURITY] [DSA 725-1] New ppxp packages fix local root exploit 2005-05-19 joey infodrom org (Martin Schulze) MDKSA-2005:092 - Updated gzip packages fix several vulnerabilities 2005-05-19 Mandriva Security Team (security mandriva com) MDKSA-2005:091 - Updated bzip2 packages fix multiple vulnerabilities 2005-05-19 Mandriva Security Team (security mandriva com) phpATM arbitrary PHP code inclusion 2005-05-19 Ingvar Gilbert (bugtraq ingwie de) Affected product: phpATM Version vulnerable: 1.21, and probably earlier. Risk: High, execution of arbitrary PHP Vendor informed: Not possible (mail bounces with 550, tried twice) Vendor URL: http://phpatm.free.fr/ phpATM seems to be some up-/downloadscript for web environments. The discussed vulner [ more ] [ reply ] MDKSA-2005:090 - Updated nasm packages fix vulnerability 2005-05-19 Mandriva Security Team (security mandriva com) MDKSA-2005:089 - Updated cdrdao packages fix local root vulnerability 2005-05-19 Mandriva Security Team (security mandriva com) UnixWare 7.1.4 : Updated mozilla fixes many security issues 2005-05-18 please_reply_to_security sco com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ________________________________________________________________________ ______ SCO Security Advisory Subject: UnixWare 7.1.4 : Updated mozilla fixes many security issues Advisory number: SCOSA-2005.25 Issue date: 2005 May 18 Cross reference: [ more ] [ reply ] Security issue in Microsoft Outlook 2005-05-18 Bakchodiya (bakchodiya yahoo com) An issue has been discovered in MS Outlook (All Versions) where anyone can fake a URL & send it across. How does it work: Lets compose an email in MS Outlook, lets type http://www.cybertrion.com & put a space after it to make it a link. Now put your cursor just before cybertrion & type any URL f [ more ] [ reply ] [FLSA-2005:152771] Updated pam packages fix security issue 2005-05-18 Marc Deslauriers (marcdeslauriers videotron ca) [FLSA-2005:152883] Updated mozilla packages fix security issues 2005-05-18 Marc Deslauriers (marcdeslauriers videotron ca) NOVELL ZENWORKS MULTIPLE REMÃ?TE STACK & HEAP OVERFLOWS 2005-05-18 list rem0te com Date May 18, 2005 Vulnerabilities Novell ZENworks provides Remote Management capabilities to large networks. In order to manage remote nodes ZENworks implements an authentication protocol to verify the requestor is authorized for a transaction. This authentication protocol contains several stack an [ more ] [ reply ] Re: Yahoo! Messenger may be storing all session data 'Unencoded' on the local machine 2005-05-19 Torseq Tech. (bindshell gmail com) In-Reply-To: <20050518171643.29971.qmail (at) www.securityfocus (dot) com [email concealed]> The newly-made available Yahoo! Messenger 7.0 beta build 224 also stores the same information in clear-text as 5.x - 6.0 versions do when the Logfile is enabled (tested on Windows only). Yahoo! Messenger 7.0 was just made available sev [ more ] [ reply ] Re: Mac OS X - Adobe Version Cue local root exploit [c version exploit] 2005-05-17 Vade 79 (v9 fakehalo us) In-Reply-To: <20050516180915.6634.qmail (at) www.securityfocus (dot) com [email concealed]> why would you release an exploit for something that was found a year ago(?) by someone else, not reference the original finder and make an exploit in C that simply does the same thing the original exploit did running a bunch of system() [ more ] [ reply ] Re: [SePro Bugtraq] WBB Portal - JGS-Portal <= 3.0.2 - Multiple Vulnerabilities (09.05.05) 2005-05-17 Steven M. Christey (coley mitre org) >Cross Site Scripting: >------------------------- >You can abuse the SQL-Injections for XSS attacks. Does this occur because the XSS-style attacks are being injected into SQL queries, which then generate errors because the queries are malformed, and then PHP blindly reflects the malformed query ba [ more ] [ reply ] [USN-129-1] Squid vulnerability 2005-05-18 Martin Pitt (martin pitt canonical com) =========================================================== Ubuntu Security Notice USN-129-1 May 18, 2005 squid vulnerability CAN-2005-1519 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) Ubuntu [ more ] [ reply ] Windows (XP, 2k3, Longhorn) is vulnerable to IpV6 Land attack. 2005-05-17 Konrad Malewski (koyot moon ondraszek ds polsl gliwice pl) Hi! The land attack described in - http://www.securityfocus.com/archive/1/392354 - is fixed for ipv4 by last security updates, but not for ipv6 protocol. As in IpV4 version of the attack, the build-in firewall has to be turned off to experience the result (1-5 seconds of DoS condition). Tools [ more ] [ reply ] |
|
Privacy Statement |
Hash: SHA1
- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 727-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Martin Schulze
May 20th, 2005
[ more ] [ reply ]