|
|
Colapse all |
Post message
[ GLSA 200505-09 ] Gaim: Denial of Service and buffer overflow vulnerabilties 2005-05-12 Sune Kloppenborg Jeppesen (jaervosz gentoo org) MDKSA-2005:084 - Updated gnutls packages fix vulnerabilities 2005-05-12 Mandriva Security Team (security mandriva com) MDKSA-2005:085 - Updated kdelibs packages fix vulnerabilities 2005-05-12 Mandriva Security Team (security mandriva com) MDKSA-2005:086 - Updated gaim packages fix multiple vulnerabilities 2005-05-12 Mandriva Security Team (security mandriva com) MDKSA-2005:087 - Updated tcpdump packages fix multiple vulnerabilities 2005-05-12 Mandriva Security Team (security mandriva com) Acrowave AAP-3100AR authetication bypass 2005-05-12 Martin Tornwall (martin tornwall telia com) I have found that It's possible to bypass the authentication on the Acrowave AAP-3100AR wireless router. By telnet'ing to the device and hitting CTRL + C at either the user name or password prompt, I crashed the shell, it was restarted and I was dropped to a prompt without entering any user name or [ more ] [ reply ] Directtopics Multiple Vulnerabilities (Security Advisory) 2005-05-12 Morinex Eneco (m0r1n3x gmail com) ------------------------------------------------------------------------ # Directtopics Multiple Vulnerabilities (Security Advisory) # By : Morinex # e-mail : morinex (at) marocmafia (dot) com [email concealed] # date : 08-04-2k5 # shoutz : w00pie.nl >Target : Directtopics >Vulnerable Versions: DT 2 beta , DT2 final, 2.1, [ more ] [ reply ] Re: Commonly used disk imaging and wiping tools can be tricked to miss parts of a disk 2005-05-12 Thor Arne Johansen (thorj ibas no) In-Reply-To: <4281CC45.3030608 (at) foi (dot) se [email concealed]> > >Another really bad thing is that disk wipe tools do not wipe a disk with >a DCO set on it. For example, the very common tool ExpertEraser 2.0 from >IBAS can be tricked into wiping as little of a disk as wished by setting >a DCO on the disk before the wi [ more ] [ reply ] Security Advisory for Bugzilla 2.18, 2.19.2, and 2.16.8 2005-05-12 Max Kanat-Alexander (mkanat bugzilla org) Summary ======= Bugzilla is a Web-based bug-tracking system, used by a large number of software projects. This advisory covers two security bugs that have recently been discovered and fixed in the Bugzilla code: + In all versions of Bugzilla since at least 2.16, it is possible to guess the na [ more ] [ reply ] [DR018] Quartz Composer / QuickTime 7 information leakage 2005-05-12 David Remahl (vuln remahl se) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The canonical URI of this advisory is <http://remahl.se/david/vuln/ 018/>. This advisory concerns an as-yet unpatched problem in QuickTime 7 on Mac OS X 10.4. The reason for disclosure before a vendor patch is that another person realized the pote [ more ] [ reply ] OpenServer 5.0.6 OpenServer 5.0.7 : chroot A known exploit can break a chroot prison. 2005-05-11 please_reply_to_security sco com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ________________________________________________________________________ ______ SCO Security Advisory Subject: OpenServer 5.0.6 OpenServer 5.0.7 : chroot A known exploit can break a chroot prison. Advisory number: SCOSA-2005.22 Issue date: Ma [ more ] [ reply ] BakBone NetVault last warning 2005-05-11 class (ad class101 org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 As a recall, there is now two months, the Hat-Squad has published 2 high security risks still UNPATCHED for BakBone NetVault 6.x/7.x all versions. In an Open Letter: http://phx.corporate-ir.net/phoenix.zhtml?c=67723&p=irol-newsArticle&t=R egular&id=704 [ more ] [ reply ] Re: Authentication bypass, sql injections and xss in ArticleLive 2005 2005-05-11 Steven M. Christey (coley mitre org) Diabolic Crab, The title and text of this advisory suggest SQL injection, but I don't see any any clear examples that demonstrate this. A modified Query parameter to the search function is given, and the parameter starts with the "'" character - which might *suggest* SQL injection - but the resul [ more ] [ reply ] Ethereal <= 0.10.10 SIP dissector stack overflow DoS exploit 2005-05-11 Shaun Colley (shaun rsc cx) Proof-of-concept DoS exploit for the ethereal SIP dissector stack overflow vulnerability discovered by SecurityLab. /* ethereal_sip_dos.c - by Shaun Colley <shaun rsc cx> * * This code exploits the Ethereal <= 0.10.10 SIP dissector stack overflow vulnerability, * reported by SecurityLab. See t [ more ] [ reply ] Guesbook Pro XSS & HTML Injection 2005-05-11 SoulBlack Group (soulblacktm gmail com) ============================================================ ============================================================ Title: Guestbook PRO Vulnerability discovery: SoulBlack - Security Research - http://soulblack.com.ar Date: 10/05/2005 Severity: Medium. defacement website Affected version: <= [ more ] [ reply ] |
|
Privacy Statement |
Ubuntu Security Notice USN-125-1 May 12, 2005
gaim vulnerabilities
CAN-2005-0967, CAN-2005-1261, CAN-2005-1261
===========================================================
A security issue affects the following Ubuntu releases:
Ubun
[ more ] [ reply ]