|
|
Prev week |
Colapse all |
Post message
Re: [SePro Bugtraq] WBB Portal - JGS-Portal <= 3.0.2 - Multiple Vulnerabilities (09.05.05) 2005-05-19 deluxe security-project org In-Reply-To: <200505172151.j4HLpThM004829 (at) linus.mitre (dot) org [email concealed]> >>Cross Site Scripting: >>------------------------- >>You can abuse the SQL-Injections for XSS attacks. > >Does this occur because the XSS-style attacks are being injected into >SQL queries, which then generate errors because the queries ar [ more ] [ reply ] [ GLSA 200505-14 ] Cheetah: Untrusted module search path 2005-05-19 Sune Kloppenborg Jeppesen (jaervosz gentoo org) [SECURITY] [DSA 725-1] New ppxp packages fix local root exploit 2005-05-19 joey infodrom org (Martin Schulze) MDKSA-2005:092 - Updated gzip packages fix several vulnerabilities 2005-05-19 Mandriva Security Team (security mandriva com) MDKSA-2005:091 - Updated bzip2 packages fix multiple vulnerabilities 2005-05-19 Mandriva Security Team (security mandriva com) phpATM arbitrary PHP code inclusion 2005-05-19 Ingvar Gilbert (bugtraq ingwie de) Affected product: phpATM Version vulnerable: 1.21, and probably earlier. Risk: High, execution of arbitrary PHP Vendor informed: Not possible (mail bounces with 550, tried twice) Vendor URL: http://phpatm.free.fr/ phpATM seems to be some up-/downloadscript for web environments. The discussed vulner [ more ] [ reply ] MDKSA-2005:090 - Updated nasm packages fix vulnerability 2005-05-19 Mandriva Security Team (security mandriva com) MDKSA-2005:089 - Updated cdrdao packages fix local root vulnerability 2005-05-19 Mandriva Security Team (security mandriva com) UnixWare 7.1.4 : Updated mozilla fixes many security issues 2005-05-18 please_reply_to_security sco com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ________________________________________________________________________ ______ SCO Security Advisory Subject: UnixWare 7.1.4 : Updated mozilla fixes many security issues Advisory number: SCOSA-2005.25 Issue date: 2005 May 18 Cross reference: [ more ] [ reply ] Security issue in Microsoft Outlook 2005-05-18 Bakchodiya (bakchodiya yahoo com) An issue has been discovered in MS Outlook (All Versions) where anyone can fake a URL & send it across. How does it work: Lets compose an email in MS Outlook, lets type http://www.cybertrion.com & put a space after it to make it a link. Now put your cursor just before cybertrion & type any URL f [ more ] [ reply ] [FLSA-2005:152771] Updated pam packages fix security issue 2005-05-18 Marc Deslauriers (marcdeslauriers videotron ca) [FLSA-2005:152883] Updated mozilla packages fix security issues 2005-05-18 Marc Deslauriers (marcdeslauriers videotron ca) NOVELL ZENWORKS MULTIPLE REMÃ?TE STACK & HEAP OVERFLOWS 2005-05-18 list rem0te com Date May 18, 2005 Vulnerabilities Novell ZENworks provides Remote Management capabilities to large networks. In order to manage remote nodes ZENworks implements an authentication protocol to verify the requestor is authorized for a transaction. This authentication protocol contains several stack an [ more ] [ reply ] Re: Yahoo! Messenger may be storing all session data 'Unencoded' on the local machine 2005-05-19 Torseq Tech. (bindshell gmail com) In-Reply-To: <20050518171643.29971.qmail (at) www.securityfocus (dot) com [email concealed]> The newly-made available Yahoo! Messenger 7.0 beta build 224 also stores the same information in clear-text as 5.x - 6.0 versions do when the Logfile is enabled (tested on Windows only). Yahoo! Messenger 7.0 was just made available sev [ more ] [ reply ] Re: Mac OS X - Adobe Version Cue local root exploit [c version exploit] 2005-05-17 Vade 79 (v9 fakehalo us) In-Reply-To: <20050516180915.6634.qmail (at) www.securityfocus (dot) com [email concealed]> why would you release an exploit for something that was found a year ago(?) by someone else, not reference the original finder and make an exploit in C that simply does the same thing the original exploit did running a bunch of system() [ more ] [ reply ] Re: [SePro Bugtraq] WBB Portal - JGS-Portal <= 3.0.2 - Multiple Vulnerabilities (09.05.05) 2005-05-17 Steven M. Christey (coley mitre org) >Cross Site Scripting: >------------------------- >You can abuse the SQL-Injections for XSS attacks. Does this occur because the XSS-style attacks are being injected into SQL queries, which then generate errors because the queries are malformed, and then PHP blindly reflects the malformed query ba [ more ] [ reply ] [USN-129-1] Squid vulnerability 2005-05-18 Martin Pitt (martin pitt canonical com) =========================================================== Ubuntu Security Notice USN-129-1 May 18, 2005 squid vulnerability CAN-2005-1519 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) Ubuntu [ more ] [ reply ] Windows (XP, 2k3, Longhorn) is vulnerable to IpV6 Land attack. 2005-05-17 Konrad Malewski (koyot moon ondraszek ds polsl gliwice pl) Hi! The land attack described in - http://www.securityfocus.com/archive/1/392354 - is fixed for ipv4 by last security updates, but not for ipv6 protocol. As in IpV4 version of the attack, the build-in firewall has to be turned off to experience the result (1-5 seconds of DoS condition). Tools [ more ] [ reply ] [USN-128-1] nasm vulnerability 2005-05-17 Martin Pitt (martin pitt canonical com) =========================================================== Ubuntu Security Notice USN-128-1 May 17, 2005 nasm vulnerability CAN-2005-1194 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) Ubuntu 5 [ more ] [ reply ] [USN-127-1] bzip2 vulnerabilities 2005-05-17 Martin Pitt (martin pitt canonical com) =========================================================== Ubuntu Security Notice USN-127-1 May 17, 2005 bzip2 vulnerabilities CAN-2005-0953, CAN-2005-1260 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty [ more ] [ reply ] Help Center Live Vulnerabilities 2005-05-17 GulfTech Security Research (security gulftech org) ########################################################## # GulfTech Security Research May 17th, 2005 ########################################################## # Vendor : Michael Bird # URL : http://www.helpcenterlive.com/ # Version : Help Center Live [ All Versions ] # Risk : Multiple Vulnerabili [ more ] [ reply ] Yahoo! Messenger may be storing all session data 'Unencoded' on the local machine 2005-05-18 Torseq Tech. (bindshell gmail com) Title: Yahoo! Messenger May Be Storing All Session Data 'Unencoded' On The Local Machine Discovered By: Torseq Tech. <bindshell (at) gmail (dot) com [email concealed]> Date: Wednesday, May 18, 2005 Application affected: Yahoo! Messenger ver. 5.x - 6.0 (all builds) Windows, *Nix/Mac ? (not tested) Vendor: Yahoo! Inc. Proof-of- [ more ] [ reply ] Linux kernel pktcdvd ioctl break user space limit vulnerability [corrected] 2005-05-18 bugs (bugs whitecell org) hi,all: sorry for insufficient coordination with vendor. :( I had corrected it and deleted rawdevice issue ------------------------------------------------------------------ Synopsis: Linux kernel pktcdvd ioctl break user space limit vulnerability Product: Linux kernel Version: 2.6 up [ more ] [ reply ] Re: Windows image size crash 2005-05-17 cmthemc yahoo com In-Reply-To: <428604DC.6010207 (at) bmitt (dot) com [email concealed]> win xp embedded crashed. >Received: (qmail 26180 invoked from network); 14 May 2005 18:24:28 -0000 >Received: from outgoing.securityfocus.com (HELO outgoing2.securityfocus.com) (205.206.231.26) > by mail.securityfocus.com with SMTP; 14 May 2005 18:24:28 - [ more ] [ reply ] [SECURITY] [DSA 724-1] New phpsysinfo packages fix cross site scripting 2005-05-18 joey infodrom org (Martin Schulze) MDKSA-2005:088-1 - Updated mozilla-firefox packages re-enable extensions 2005-05-17 Mandriva Security Team (security mandriva com) OpenServer 5.0.6 OpenServer 5.0.7 : telnet client multiple issues 2005-05-17 please_reply_to_security sco com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ________________________________________________________________________ ______ SCO Security Advisory Subject: OpenServer 5.0.6 OpenServer 5.0.7 : telnet client multiple issues Advisory number: SCOSA-2005.23 Issue date: 2005 May 17 Cross refer [ more ] [ reply ] [CLA-2005:953] Conectiva Security Announcement - kde 2005-05-17 Conectiva Updates (secure conectiva com br) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ -- CONECTIVA LINUX SECURITY ANNOUNCEMENT - ------------------------------------------------------------------------ -- PACKAGE : kde SUMMARY : Fixes for multiple KDE security [ more ] [ reply ] |
|
Privacy Statement |
"The JavaMail API provides a platform-independent and protocol-independent framework to build mail and messaging applications. The JavaMail API is implemented as a Java platform optional package and is also available as part of the Java 2 platform, Enterprise Edition. JavaMail provides a common, u
[ more ] [ reply ]