|
|
Colapse all |
Post message
[ GLSA 200502-17 ] Opera: Multiple vulnerabilities 2005-02-14 Sune Kloppenborg Jeppesen (jaervosz gentoo org) [NOBYTES.COM: #2] CubeCart 2.0.4 - Multiple Vulnerabilities 2005-02-14 John Cobb (johnc nobytes com) Hello All, I have discovered a number of remote vulnerabilities in: CubeCart 2.0.4. Authors Site: http://www.cubecart.com CubeCart is described by its authors as: 'What is CubeCart? CubeCart is an eCommerce script written with PHP & MySQL. With CubeCart you can setup a powerful online store as l [ more ] [ reply ] Microsoft Baseline Security Analyzer not seeing KB887742 and KB886185 2005-02-14 James Lay (jlay ameriben com) Subject line says it all....just did a fresh install of WinXP SP2....was using MBSAFU to make sure it would patch...which it did. However Windows Update shows still needing KB887742 and KB886185. MBSA shows no critical patches need updated. Systeminfo shows that both KB887742 and KB886185 are NOT [ more ] [ reply ] vbulletin 3.0.x PHP code execution 2005-02-13 AL3NDALEEB (al3ndaleeb uk2 net) Vulnerable Systems: ---------------- vBulletin version 3.0 up to and including version 3.0.4 Immune systems: ---------------- vBulletin version 3.0.5 vBulletin version 3.0.6 Vulnerable code in forumdisplay.php : ############################################################# if ($vboption [ more ] [ reply ] eBay Account Phishing with eBay Redirect 2005-02-13 Steven (steven lovebug org) (1 replies) I am not sure if this is better served by incidents or bugtraq, but in any event here it is. I frequently get the fake looking e-mails phishing for my Paypal, eBay, and banking login/password information. Generally the links to the spoofed webpages are just links to a fake page with a modified [ more ] [ reply ] Credit Card Phishing with executable download 2005-02-13 Gandalf The White (gandalf digital net) Greetings and Salutations: Interesting phishing expedition. I got an e-mail (see below, with very bad English) that tries to get my credit card, with a link to: If You Cant Locate Your Serial Number Click Here href="http://www.crumblis.com/~bye/viewxpserial.exe I thought that this was an intere [ more ] [ reply ] AWStats <= 6.4 Multiple vulnerabilities 2005-02-14 GHC (at) www.securityfocus (dot) com [email concealed],[ru]@securityfocus.com (at) www.securityfocus (dot) com [email concealed] (foster ghc ru) /*==========================================*/ // GHC -> AWStats <- ADVISORY \\ PRODUCT: AWStats // VERSION: <= 6.3 \\ URL: http://awstats.sourceforge.net/ // VULNERABILITY CLASS: Multiple vulnerabilities \\ RISK: high /*==========================================*/ [Product Description] "AW [ more ] [ reply ] [ GLSA 200502-15 ] PowerDNS: Denial of Service vulnerability 2005-02-13 Matthias Geerdsen (vorlon gentoo org) [SECURITY] [DSA 681-1] New synaesthesia packages fix unauthorised file access 2005-02-14 joey infodrom org (Martin Schulze) [ GLSA 200502-16 ] ht://Dig: Cross-site scripting vulnerability 2005-02-13 Luke Macken (lewk gentoo org) RE: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs. 2005-02-14 Michael Wojcik (Michael Wojcik microfocus com) > From: Scott Gifford [mailto:sgifford (at) suspectclass (dot) com [email concealed]] > Sent: Friday, 11 February, 2005 14:07 > > Isn't this the entire reason for browsers coming with a > small list of CAs which are deemed trustworthy? What "small list"? IE contains root certificates with server-authentication rights from s [ more ] [ reply ] [SECURITY] [DSA 680-1] New htdig packages fix cross-site scripting vulnerability 2005-02-14 joey infodrom org (Martin Schulze) [ GLSA 200502-14 ] mod_python: Publisher Handler vulnerability 2005-02-13 Sune Kloppenborg Jeppesen (jaervosz gentoo org) [SECURITY] [DSA 679-1] New toolchain-source package fixes insecure temporary files 2005-02-14 joey infodrom org (Martin Schulze) [CLA-2005:924] Conectiva Security Announcement - XFree86 2005-02-14 Conectiva Updates (secure conectiva com br) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ -- CONECTIVA LINUX SECURITY ANNOUNCEMENT - ------------------------------------------------------------------------ -- PACKAGE : XFree86 SUMMARY : Fixes for overflows in libX [ more ] [ reply ] Infostring crash and shutdown in the Quake 3 engine 2005-02-12 Luigi Auriemma (aluigi autistici org) Re: Advanced Guestbook 2.2 -- SQL Injection Exploit 2005-02-12 mary gmbwebworks com In-Reply-To: <20040421103632.8258.qmail (at) www.securityfocus (dot) com [email concealed]> >Received: (qmail 26376 invoked from network); 21 Apr 2004 20:40:00 -0000 >Received: from outgoing2.securityfocus.com (HELO outgoing.securityfocus.com) (205.206.231.26) > by mail.securityfocus.com with SMTP; 21 Apr 2004 20:40:00 -0000 [ more ] [ reply ] Symantec UPX issue solution 2005-02-11 Roger A. Grimes (roger banneretcs com) Per Symantec, if you update signatures via the normal LiveUpdate automatic process, your product should not be vulnerable. Updated signatures were released two days ago. Threats with the UPX exploit code will be detected as: http://www.sarc.com/avcenter/venc/data/bloodhound.exploit.26.html This w [ more ] [ reply ] MDKSA-2005:032-1 - Updated cpio packages fix vulnerability 2005-02-11 Mandrakelinux Security Team (security linux-mandrake com) [ GLSA 200502-12 ] Webmin: Information leak in Gentoo binary package 2005-02-11 Thierry Carrez (koon gentoo org) [ GLSA 200502-13 ] Perl: Vulnerabilities in perl-suid wrapper 2005-02-11 Thierry Carrez (koon gentoo org) |
|
Privacy Statement |
Gentoo Linux Security Advisory GLSA 200502-17
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -
[ more ] [ reply ]