|
|
Colapse all |
Post message
[ GLSA 200503-07 ] phpMyAdmin: Multiple vulnerabilities 2005-03-03 Sune Kloppenborg Jeppesen (jaervosz gentoo org) Re: TYPO3 SQL Injection vunerabilitie 2005-03-04 Dennis Shewmaker (dshewmaker promission net) In-Reply-To: <20050303170830.16705.qmail (at) www.securityfocus (dot) com [email concealed]> Hi: > >http://[UrlToLinksSection]?&no_cache=1&action=getviewcategory&category_ uid=1%20or%201=1 > What do you mean by [UrlToLinksSection]? I work with Typo3 almost every day and don't see what you are refering to. Thanks, Dennis [ more ] [ reply ] [ GLSA 200503-06 ] BidWatcher: Format string vulnerability 2005-03-03 Sune Kloppenborg Jeppesen (jaervosz gentoo org) My-forum.org cookies vulnerability - data bug 2005-03-03 Black Angel (theblackdemon gmail com) I discovered a security issue that affects the following my-forum.org release: FOROS v.3.2 - http://my-forum.org/index.php?id=Ingles When you are logged in with an account, you need edit the cookie of the site and change the value where your username is and replace it for the victim's username ( [ more ] [ reply ] Microsoft Antispyware Beta window docking issue 2005-03-03 Jeroen van Rijn (xananda gmail com) (1 replies) If you place your taskbar to the righthand side of the screen (I'm assuming it'll do this for all positions other than the default bottomhugging one): - Popup messages about hosts file changes and other such notifications float up and up and up and are damned hard to read or click. I'm assuming thi [ more ] [ reply ] Re: Microsoft Antispyware Beta window docking issue 2005-03-03 Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] (sbradcpa pacbell net) TYPO3 SQL Injection vunerabilitie 2005-03-03 Fabian Becker (neonomicus gmx de) Hello Bugtraq :) Two week ago I found a SQL Inejetion vulnerabilitie in Typo3 (in the links-section/module/whatever you call it). I didn't really try to develope an exploit because I thought typo3 would directly react. But unfortunately that didn't happen :/ So here is the url that "exploits" th [ more ] [ reply ] [CLA-2005:928] Conectiva Security Announcement - clamav 2005-03-03 Conectiva Updates (secure conectiva com br) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ -- CONECTIVA LINUX SECURITY ANNOUNCEMENT - ------------------------------------------------------------------------ -- PACKAGE : clamav SUMMARY : Fix for denial of service in [ more ] [ reply ] Microsoft AntiSpyware Beta and Windows Scripting Host 2005-03-03 Joe Stocker (joe inetsecurityconsulting com) The Scripting Guys wrote a good article on Technet yesterday summarizing how System Administrators can work around the script-blocking feature of Microsoft AntiSpyware. After reading the article it is also evident that it would be just as easy for Spyware to take the same hints to dodge the MS AntiS [ more ] [ reply ] [USN-90-1] Imagemagick vulnerability 2005-03-03 Martin Pitt (martin pitt canonical com) =========================================================== Ubuntu Security Notice USN-90-1 March 03, 2005 imagemagick vulnerability CAN-2005-0397 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) [ more ] [ reply ] Advisory #08 - phpBB 2.0.13 Bad filtered in usercp_register.php 2005-03-03 Paisterist (paisterist nst gmail com) (1 replies) /* -------------------------------------------------------- [N]eo [S]ecurity [T]eam [NST]® - Advisory #08 - 29/02/05 -------------------------------------------------------- Program: phpBB 2.0.13 Homepage: http://www.phpbb.com Vulnerable Versions: phpBB 2.0.13 & Lower versions Risk: Low Risk Impac [ more ] [ reply ] Re: Advisory #08 - phpBB 2.0.13 Bad filtered in usercp_register.php 2005-03-03 vzmule (vzmule forever-hack net) [XSS] paBox 1.6 2005-03-03 Rift (Sean Sage-web com) Just wanted to let it be known seeing as i havent seen any info on this yet, ive discovered a cross scripting problem in PABox 1.6 http://phpnuke.org/modules.php?name=News&file=article&sid=5065 they give a demo page of pabox there. if you take the default form used for the shoutbox, there are [ more ] [ reply ] [SECURITY BULLETIN] SSRT4866 rev.0 MUP HP OpenVMS V6.x and V7.x privileged file access 2005-03-02 Boren, Rich (SSRT) (rich boren hp com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 HP SECURITY BULLETIN HPSBOV01121 REVISION: 0 SSRT4866 rev.0 MUP HP OpenVMS V6.x and V7.x privileged file access NOTICE: There are no restrictions for distribution of this Security Bulletin provided that it remains complete and intact. The infor [ more ] [ reply ] EEYE: Computer Associates License Manager Remote Vulnerabilities 2005-03-02 Karl Lynn (klynn eeye com) Computer Associates License Manager Remote Vulnerabilities Release Date: 03/02/2005 Severity: High (Remote Code Execution) Vendor: Computer Associates Software Affected: The vulnerability exists if the CA License package version on the system is between v1.53 and v1.61.8. This package is include [ more ] [ reply ] Golden Ftp server 1.29 Username remote Buffer Overflow 2005-03-02 Carlos Ulver (carlos ulver gmail com) Golden Ftp Server Username Remote Buffer Overflow Date:03/01/2005 Version: Golden Ftp Server 1.92 (Until 01/03/2005 it can be downloaded from http://www.goldenftpserver.com/golden-ftp-server.zip SHA-1 Hash of the ZIP file: 9F98D73C46E0F17EF31096F9441B9A9E8ED40CF3 ) Vendor Description: Golden [ more ] [ reply ] Security Advisory: Computalynx CProxy Server Multiple Remote Vulnerabilities 2005-03-02 Kristof Philipsen (kristof philipsen ubizen com) +======================================================================= ==================+ | Security Advisory: Computalynx CProxy Server Multiple Remote Vulnerabilities | +======================================================================= ==================+ | kristof.philipsen@ub [ more ] [ reply ] iDEFENSE Labs Releases IDA Sync 2005-03-02 iDEFENSE Labs (labs-no-reply idefense com) An internal iDEFENSE Labs tool, IDA Sync, has been released as open source and is available for download from: http://labs.idefense.com IDA Sync was written to allow multiple analysts to synchronize their reverse engineering efforts with IDA Pro in real time. Users connect to a central server thr [ more ] [ reply ] [ GLSA 200503-05 ] xli, xloadimage: Multiple vulnerabilities 2005-03-02 Thierry Carrez (koon gentoo org) [FLSA-2005:2314] Updated XFree86 packages fix security flaws 2005-03-02 Dominic Hargreaves (dom earth li) Foxmail server "USER" command Multiple remote buffer overflow 2005-03-02 Xin Ouyang (xouyang fortinet com) AUTHOR: (Fortinet, inc) xouyang<xouyang_at_fortinet.com> <oyxin (at) segfault (dot) cn [email concealed]> PRODUCTS: Foxmail Server. A Mail server for both Windows and linux. AFFECTED VERSION: Foxmail server for windows version 2.0 (latest). I've just tested windows server, the linux version may be vulnerable too. D [ more ] [ reply ] RealOne Player / Real .WAV Heap Overflow File Format Vulnerability 2005-03-02 Mark Litchfield (mark ngssoftware com) Mark Litchfield of NGSSoftware has discovered a high risk Heap Overflow vulnerability in the .WAV file format when being opened by either of the following products: Windows: RealPlayer 10.5 (6.0.12.1056 and below) RealPlayer 10 RealOne Player V2 RealOne Player V1 RealPlayer 8 RealPlayer Enterpris [ more ] [ reply ] [CLA-2005:926] Conectiva Security Announcement - mod_python 2005-03-02 Conectiva Updates (secure conectiva com br) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ -- CONECTIVA LINUX SECURITY ANNOUNCEMENT - ------------------------------------------------------------------------ -- PACKAGE : mod_python SUMMARY : Fix for mod_python vulne [ more ] [ reply ] License Patches Are Now Available To Address Buffer Overflows 2005-03-02 Williams, James K (James Williams ca com) CA License Security Notice Attention CA Customers: License Patches Are Now Available To Address Buffer Overflows Working closely with eEye Digital Security® and iDEFENSE, the CA Technical Support team has resolved multiple vulnerability issues recently discovered in the CA License soft [ more ] [ reply ] iDEFENSE Security Advisory 03.02.05: Computer Associates License Client and Server Invalid Command Buffer Overflow 2005-03-02 iDEFENSE Labs (labs-no-reply idefense com) Computer Associates License Client and Server Invalid Command Buffer Overflow iDEFENSE Security Advisory 03.02.05 www.idefense.com/application/poi/display?id=210&type=vulnerabilities March 2, 2005 I. BACKGROUND The Computer Associates License Client/Server applications provide a method for CA pr [ more ] [ reply ] iDEFENSE Security Advisory 03.02.05: Computer Associates License Client PUTOLF Buffer Overflow 2005-03-02 iDEFENSE Labs (labs-no-reply idefense com) Computer Associates License Client PUTOLF Buffer Overflow iDEFENSE Security Advisory 03.02.05 www.idefense.com/application/poi/display?id=211&type=vulnerabilities March 2, 2005 I. BACKGROUND The Computer Associates License Client/Server applications provide a method for CA products to register t [ more ] [ reply ] |
|
Privacy Statement |
Gentoo Linux Security Advisory GLSA 200503-07
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -
[ more ] [ reply ]