|
|
Colapse all |
Post message
iDEFENSE Security Advisory 02.08.05: IBM AIX auditselect Local Format String Vulnerability 2005-02-08 iDefense Customer Service (customerservice idefense com) IBM AIX auditselect Local Format String Vulnerability iDEFENSE Security Advisory 02.08.05 www.idefense.com/application/poi/display?id=193&type=vulnerabilities February 08, 2005 I. BACKGROUND The auditselect program is a setuid root application, installed by default under multiple versions of IB [ more ] [ reply ] [SECURITY] [DSA 670-1] New emacs20 packages fix arbitrary code execution 2005-02-08 joey infodrom org (Martin Schulze) OpenServer 5.0.6 OpenServer 5.0.7 : enable command line buffer overflows 2005-02-08 please_reply_to_security sco com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ________________________________________________________________________ ______ SCO Security Advisory Subject: OpenServer 5.0.6 OpenServer 5.0.7 : enable command line buffer overflows Advisory number: SCOSA-2005.13 Issue date: 2005 February 07 [ more ] [ reply ] [SECURITY] [DSA 671-1] New xemacs21 packages fix arbitrary code execution 2005-02-08 joey infodrom org (Martin Schulze) Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs. 2005-02-08 Jerome ATHIAS (jerome athias free fr) CORE-2004-0819: MSN Messenger PNG Image Parsing Vulnerability 2005-02-08 CORE Security Technologies Advisories (advisories coresecurity com) UnixWare 7.1.4 : vulnerability in foomatic-rip in Foomatic before 3.0.2 allows local users or remote attackers with access to CUPS to execute arbitrary commands 2005-02-08 please_reply_to_security sco com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ________________________________________________________________________ ______ SCO Security Advisory Subject: UnixWare 7.1.4 : vulnerability in foomatic-rip in Foomatic before 3.0.2 allows local users or remote attackers with access to CUPS to e [ more ] [ reply ] RE: International Domain Name [IDN] - browser-level fix (not network.enableIDN) 2005-02-08 Scovetta, Michael V (Michael Scovetta ca com) Brandon, A few notes: 1. The 'network.enableIDN' appears to only work in the first browser session after you set it. Set it, close your browser, open it again, and try the POC. (At least, this was the case for me on Firefox 1.0). 2. Here's a browser-level fix (for any browser supporting proxy.pac [ more ] [ reply ] php-fusion 4.x vuln 2005-02-08 thegreatone2176 yahoo com TheGreatOne2176, Reapercore I have a found an error in php-fusion 4.x where you can view any thread on the forum. In fusion_forum/viewthread.php the $_GET variables arent properly checked or queried making it possible to view all threads. The example I tested was fusion_forum/viewthread.php?for [ more ] [ reply ] iDEFENSE Security Advisory 02.07.05: IBM AIX chdev Local Format String Vulnerability 2005-02-07 iDefense Customer Service (customerservice idefense com) IBM AIX chdev Local Format String Vulnerability iDEFENSE Security Advisory 02.07.05 http://www.idefense.com/application/poi/display?type=vulnerabilities February 07, 2005 I. BACKGROUND The chdev program is a setuid root application, installed by default under multiple versions of IBM AIX, that f [ more ] [ reply ] International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs. 2005-02-08 Brandon Kovacs (liljoker771 gmail com) The state of homograph attacks I. Background International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs. II. Description In December 2001, a paper was released describing Homograph attacks [1]. This new attack allows an attacker/phisher [ more ] [ reply ] CodeCon Reminder 2005-02-07 Len Sassaman (rabbi abditum com) We'd like to remind those of you planning to attend this year's event that CodeCon is fast approaching. CodeCon is the premier event in 2005 for application developer community. It is a workshop for developers of real-world applications with working code and active development projects. Past prese [ more ] [ reply ] UnixWare 7.1.4 : racoon multilple security issues 2005-02-07 please_reply_to_security sco com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ________________________________________________________________________ ______ SCO Security Advisory Subject: UnixWare 7.1.4 : racoon multilple security issues Advisory number: SCOSA-2005.10 Issue date: 2005 February 07 Cross reference: sr890 [ more ] [ reply ] GMail / Google Groups ESMTP software b0f 2005-02-07 Michal Zalewski (lcamtuf ghettot org) For their popular GMail service, and a newly introduced "enhanced" Google Groups bells and whistles, Google uses their own, custom-crafted MX software on a number of load balancing nodes. Although I am naturally unable to analyze their proprietary software, this daemon appears to be vulnerable to a [ more ] [ reply ] [SePro Bugtraq] SQL-Injection in PerlDesk 1.x 2005-02-07 deluxe security-project org SQL-Injection in PerlDesk Discovered by deluxe89 and Astovidatu [ www.security-project.org ] Vendor: LogicNow Homepage: http://www.perldesk.com/ Vulnerable versions: 1.x Login required: no Description: "PerlDesk is a feature packed web based help desk and email management application des [ more ] [ reply ] Firetabbing [Firefox 1.0] 2005-02-07 mikx (mikx mikx de) __Summary The javascript security manager usually prevents that a javascript: URL from one host is opened in a window displaying content from another host. But when the link is dropped to a tab, the security manager does not kick in. This can lead to several security problems scaling from steali [ more ] [ reply ] Fireflashing [Firefox 1.0] 2005-02-07 mikx (mikx mikx de) __Summary Using plugins like Flash and the -moz-opacity filter it is possible to display the about:config site in a hidden frame or a new window. By making the user double-click at a specific screen position (e.g. using a DHTML game) you can silently toggle the status of boolean config parameter [ more ] [ reply ] Firedragging [Firefox 1.0] 2005-02-07 mikx (mikx mikx de) __Summary Usually Firefox does not allow that an executable, non-image file gets directly dragged to the desktop (e.g. by supplying malware.exe as the src of an image tag). Instead Firefox creates a link to the file on the desktop. If you create a hybrid of a gif image and a batch file you can t [ more ] [ reply ] UnixWare 7.1.3 UnixWare 7.1.1 : Vulnerabilities in long-lived TCP connections / Rose attack 2005-02-07 please_reply_to_security sco com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ________________________________________________________________________ ______ SCO Security Advisory Subject: UnixWare 7.1.3 UnixWare 7.1.1 : Vulnerabilities in long-lived TCP connections / Rose attack Advisory number: SCOSA-2005.14 Issue date: [ more ] [ reply ] [Security Bulletin] HP Tru64 Unix Mozilla Application Suite 1.7.3 Remote Denial of Service (DoS) 2005-02-07 Boren, Rich (SSRT) (rich boren hp com) iDEFENSE Security Advisory 02.07.05: SquirrelMail S/MIME Plugin Command Injection Vulnerability 2005-02-07 iDefense Customer Service (customerservice idefense com) SquirrelMail S/MIME Plugin Command Injection Vulnerability iDEFENSE Security Advisory 02.07.05 www.idefense.com/application/poi/display?id=191&type=vulnerabilities February 07, 2005 I. BACKGROUND Squirrelmail S/MIME plugin enables the viewing of S/MIME-signed messages of the MIME "multipart/signe [ more ] [ reply ] OpenServer 5.0.6 OpenServer 5.0.7 : Vulnerabilities in long-lived TCP connections / Rose attack 2005-02-07 please_reply_to_security sco com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ________________________________________________________________________ ______ SCO Security Advisory Subject: OpenServer 5.0.6 OpenServer 5.0.7 : Vulnerabilities in long-lived TCP connections / Rose attack Advisory number: SCOSA-2005.9 Issue da [ more ] [ reply ] [ GLSA 200502-06 ] LessTif: Multiple vulnerabilities in libXpm 2005-02-06 Thierry Carrez (koon gentoo org) [USN-77-1] Squid vulnerabilities 2005-02-07 Martin Pitt (martin pitt canonical com) =========================================================== Ubuntu Security Notice USN-77-1 February 07, 2005 squid vulnerabilities CAN-2005-0173, CAN-2005-0174, CAN-2005-0175, CAN-2005-0211 =========================================================== A security issue affects the following Ubuntu [ more ] [ reply ] [ GLSA 200502-07 ] OpenMotif: Multiple vulnerabilities in libXpm 2005-02-07 Thierry Carrez (koon gentoo org) [USN-76-1] Emacs vulnerability 2005-02-07 Martin Pitt (martin pitt canonical com) =========================================================== Ubuntu Security Notice USN-76-1 February 07, 2005 emacs21 vulnerability CAN-2005-0100 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) The [ more ] [ reply ] |
|
Privacy Statement |
This is a quick announcement that the recent Microsoft patch (MS-05- has
fixed a vulnerability I found a while back in SMB.
(http://www.microsoft.com/technet/security/bulletin/ms05-011.mspx)
More information on this vulnerability is
[ more ] [ reply ]