|
|
Colapse all |
Post message
DMA[2005-0131b] - 'Setuid Perl PERLIO_DEBUG buffer overflow' 2005-02-07 KF (lists) (kf_lists digitalmunition com) Vulnerability in 3Com 3CServer v1.1 2005-02-07 mandragore (mandragore gmail com) Object: Vulnerability in 3CServer v1.1, free utility for windows32, from 3Com. Details: While old, this free utility is still proposed from the 3Com site, so it's worth mentionning this. There are buffer overflows in many of the FTP commands supported, leading to various heap overflows. The applica [ more ] [ reply ] DMA[2005-0131a] - 'Setuid Perl PERLIO_DEBUG root owned file creation' 2005-02-07 KF (lists) (kf_lists digitalmunition com) [OSX Finder] DS_Store arbitrary file overwrite vulnerability. 2005-02-07 Vade 79 (v9 fakehalo deadpig org) HEADER: [OSX Finder] DS_Store arbitrary file overwrite vulnerability. CONTACT: vade79 -> v9 (at) fakehalo (dot) us [email concealed] (fakehalo/realhalo) CATEGORY: Local with user intervention. IMPACT: Privilege escalation. REFERENCE: http://fakehalo.us/xfinder-ds.pl BACKGROUND: The Finder is the application that Mac OS [ more ] [ reply ] New version of ike-scan (IPsec IKE scanner) available - v1.7 2005-02-07 Roy Hills (Roy Hills nta-monitor com) ike-scan v1.7 has been released. The new version is available at http://www.nta-monitor.com/ike-scan/ The key changes from the previous version (v1.6) are: a) new psk-crack program to crack IKE Aggressive Mode pre-shared keys using either dictionary or brute-force methods. The new --pskcrack (- [ more ] [ reply ] VOIPSEC 2005-02-07 VoIP Security Aliance (voipsa voipsa org) The Voice over IP Security Alliance (VOIPSA) is pleased to announce the launch of the VOIPSEC mailing list. VOIPSEC is a moderated discussion list focused on VoIP security issues, VoIP security technologies, and related topics. Everyone is welcome to subscribe at http://www.voipsa.org/lists.html [ more ] [ reply ] XSS Vulnerability at thefacebook.com 2005-02-07 Jonathan Rockway (jrockw2 uic edu) XSS Vulnerability at thefacebook.com Not surprisingly, ``thefacebook'' <http://www.thefacebook.com/> contains an XSS hole. Basically, the signup form for paid announcements lets you add a school to display the announcement at. The script that adds the school accepts the name of the school as t [ more ] [ reply ] [SECURITY] [DSA 669-1] New php3 packages fix several vulnerabilities 2005-02-07 joey infodrom org (Martin Schulze) [PersianHacker.NET 200502-05] WWWoard passwd 2005-02-05 Pedram Hayati (pi3ch yahoo com) [Persianhacker.net] Full Path Disclosure and PHP Injection In Pafiledb 3.1 Final WWWBoard is a threaded World Wide Web discussion forum and message board, which allows users to post new messages, followup to existing ones and more. The current release in 2.0 ALPHA 2.1, which means there still ar [ more ] [ reply ] [USN-75-1] cpio vulnerability 2005-02-04 Martin Pitt (martin pitt canonical com) =========================================================== Ubuntu Security Notice USN-75-1 February 04, 2005 cpio vulnerability CAN-1999-1572 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) The fol [ more ] [ reply ] Foxmail Server Remote Buffer Overflow Vulnerability 2005-02-05 Xin Ouyang (xouyang fortinet com) DATE: 02/04/2005 AUTHOR: (Fortinet, inc) xouyang<xouyang_at_fortinet.com> <oyxin (at) segfault (dot) cn [email concealed]> PRODUCTS: Foxmail Server- A MAil server for both Windows and linux. AFFECTED VERSION: Foxmail server for windows version 2.0(Newest).I just test windows server ,maybe linux version have vulnera [ more ] [ reply ] [USN-74-2] Fixed Postfix packages for USN-74-1 2005-02-04 Martin Pitt (martin pitt canonical com) =========================================================== Ubuntu Security Notice USN-74-2 February 04, 2005 postfix vulnerability http://bugs.debian.org/267837 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 4.1 [ more ] [ reply ] [USN-74-1] Postfix vulnerability 2005-02-04 Martin Pitt (martin pitt canonical com) (1 replies) =========================================================== Ubuntu Security Notice USN-74-1 February 04, 2005 postfix vulnerability http://bugs.debian.org/267837 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Wart [ more ] [ reply ] Webroot Software Resigns from COAST 2005-02-05 Paul Laudanski (zx castlecops com) Original: http://castlecops.com/article-5721-nested-0-0.html In a very interesting turn around for COAST's credibility (and that of the folks who continue to remain as members), Webroot Software issued a press release: http://castlecops.com/article-5719-nested-0-0.html "Webroot Software announc [ more ] [ reply ] [SECURITY] [DSA 667-1] New squid packages fix several vulnerabilities 2005-02-04 joey infodrom org (Martin Schulze) Input Validation Vulnerability in Apple Safari version 1.2.4 v125.12 2005-02-04 Jonathan Rockway (jrockw2 uic edu) (1 replies) Input Validation Vulnerability in Apple Safari version 1.2.4 v125.12 Apple's Safari web browser ignores the Content-type: sent by the web server. As a result, plain text is rendered as HTML. This is obviously undesirable; a text file could contain HTML and carry out an XSS attack. For an exa [ more ] [ reply ] Re: Input Validation Vulnerability in Apple Safari version 1.2.4v125.12 2005-02-05 Nicolas Gregoire (ngregoire exaprobe com) [SECURITY] [DSA 667-1] New PostgreSQL packages fix arbitrary library loading 2005-02-04 joey infodrom org (Martin Schulze) Exploit For Savant Web Server 3.1 (tested on win2003) 2005-02-04 CorryL (corryl sitoverde com) I tested the buffer overflow on win2003 server using 253 evil byte for overwrite the eip register My exploit for testing use #!/usr/bin/perl ######################################################################## #### ###### #Savant Web Server 3.1 Remote Buffer Overflow Exploit # # # #This is [ more ] [ reply ] [SECURITY] [DSA 666-1] New Python2.2 packages fix unauthorised XML-RPC internals access 2005-02-04 joey infodrom org (Martin Schulze) Wireless networks/Default Admin username security problem in Croatia 2005-02-04 Radoslav Dejanoviæ (radoslav dejanovic opsus hr) (1 replies) There are two quite common practices used in Croatia that have left huge number of users wide open to attacks. I presume that, if you look around, you might find one or both in your general vicinity. First one is the fact that computer "manufacturers" in Croatia always chose one of dozen defaul [ more ] [ reply ] Re: Wireless networks/Default Admin username security problem in Croatia 2005-02-05 Denis Jedig (seclists syneticon de) [ RSTACK Public Security Advisory ] Remote DOS against Linksys PSUS4 2005-02-03 laurent oudot (oudot rstack org) (1 replies) - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Rstack Public Security Advisory RSTACK SA200502-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://rstack.org/ - - - - - - - [ more ] [ reply ] Re: [ RSTACK Public Security Advisory ] Remote DOS against Linksys PSUS4 2005-02-04 Denis Jedig (seclists syneticon de) [USN-73-1] Python vulnerability 2005-02-03 Martin Pitt (martin pitt canonical com) =========================================================== Ubuntu Security Notice USN-73-1 February 03, 2005 python2.2, python2.3 vulnerability CAN-2005-0089 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty W [ more ] [ reply ] [Linux kernel ipv6_setsockopt integer overflow] 2005-02-03 qobaiashi (qobaiashi gmx net) (1 replies) |
|
Privacy Statement |
[ more ] [ reply ]