SecurityFocus

OpenServer 5.0.6 OpenServer 5.0.7 : scosessoin local privilege elevation 2005-01-25
please_reply_to_security sco com

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

________________________________________________________________________
______

SCO Security Advisory

Subject: OpenServer 5.0.6 OpenServer 5.0.7 : scosessoin local privilege elevation
Advisory number: SCOSA-2005.5
Issue date: 2005 January 25

[ more ] [ reply ]

wifi AP + broadcoast ping 2005-01-25
Miroslav Kubik (kubik_miroslav seznam cz)

Hello Bugtraq,

I really don´t know, I´ve found a bug but who knows :)

I tryed to test wifi networks by broadcast pings and I have found out that
almost every AP send icmp reply. So I think it could be easily abused for
DoS attack. I can confirm that Ovislinks and Compex accepts broadcast icmp
p

[ more ] [ reply ]

[ GLSA 200501-36 ] AWStats: Remote code execution 2005-01-25
Luke Macken (lewk gentoo org)

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200501-36
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -

[ more ] [ reply ]

phpEventCalendar HTML injection 2005-01-25
Madelman (madelman iname com)

[USN-70-1] Perl DBI module vulnerability 2005-01-25
Martin Pitt (martin pitt canonical com)

===========================================================
Ubuntu Security Notice USN-70-1 January 25, 2005
libdbi-perl vulnerabilities
CAN-2005-0077
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)

[ more ] [ reply ]

[SECURITY] [DSA 658-1] New libdbi-perl packages fix insecure temporary file 2005-01-25
joey infodrom org (Martin Schulze)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 658-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Martin Schulze
January 25th, 2005

[ more ] [ reply ]

[USN-69-1] Evolution vulnerability 2005-01-24
Martin Pitt (martin pitt canonical com)

===========================================================
Ubuntu Security Notice USN-69-1 January 24, 2005
evolution vulnerability
CAN-2005-0102
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)

Th

[ more ] [ reply ]

[USN-68-1] enscript vulnerabilities 2005-01-24
Martin Pitt (martin pitt canonical com)

===========================================================
Ubuntu Security Notice USN-68-1 January 24, 2005
enscript vulnerabilities
CAN-2004-1184 CAN-2004-1185 CAN-2004-1186
===========================================================

A security issue affects the following Ubuntu releases:

Ub

[ more ] [ reply ]

[ GLSA 200501-31 ] teTeX, pTeX, CSTeX: Multiple vulnerabilities 2005-01-23
Thierry Carrez (koon gentoo org)

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200501-31
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -

[ more ] [ reply ]

Re: ADVISORY: security hole (http response splitting) in snitz forums 2000 2005-01-25
Harold Lines (hlines apsc com)

In-Reply-To: <20040916150024.04B7BE5BC9 (at) ws7-2.us4.outblaze (dot) com [email concealed]>

The bug fix was posted on the Snitz message boards on 20 September 2004:

http://forum.snitz.com/forum/topic.asp?ARCHIVE=true&TOPIC_ID=54791

"to fix this issue, simply remove the following line from down.asp (approx line 76)

if

[ more ] [ reply ]

[CLA-2005:921] Conectiva Security Announcement - xpdf 2005-01-25
Conectiva Updates (secure conectiva com br)

MDKSA-2005:014 - Updated squid packages fix multiple vulnerabilities 2005-01-25
Mandrake Linux Security Team (security linux-mandrake com)

MDKSA-2005:015 - Updated mailman packages fix vulnerabilities 2005-01-25
Mandrake Linux Security Team (security linux-mandrake com)

Vulnerabilities in eXponent 0.95 2005-01-25
Ahmad Muammar (y3dips echo or id)

ECHO_ADV_02$2004

------------------------------------------------------------------------
---

Vulnerabilities in eXponent

------------------------------------------------------------------------
---

Author: y3dips

Date: Januari, 25th 2005

Location: Indonesia, Jakarta

[ more ] [ reply ]

[SECURITY] [DSA 655-1] New zhcon packages fix unauthorised file access 2005-01-25
joey infodrom org (Martin Schulze)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 655-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Martin Schulze
January 25th, 2005

[ more ] [ reply ]

[SECURITY] [DSA 656-1] New vdr packages fix insecure file access 2005-01-25
joey infodrom org (Martin Schulze)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 656-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Martin Schulze
January 25th, 2005

[ more ] [ reply ]

logwatch and logrotate might create a blind spot in reporting 2005-01-25
Sami Pitko (sami pitko vaisala com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello BUGTRAQ,

I'm sorry, if this is old news to you, but I couldn't find similar cases
in BUGTRAQ archives.

logwatch (www.logwatch.org) is widely recommended tool for creating nice
reports of various, often security related logfiles. logwatch is incl

[ more ] [ reply ]

[SECURITY] [DSA 657-1] New xine-lib packages fix arbitrary code execution 2005-01-25
joey infodrom org (Martin Schulze)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 657-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Martin Schulze
January 25th, 2005

[ more ] [ reply ]

MDKSA-2005:013 - Updated ethereal packages fix multiple vulnerabilities 2005-01-24
Mandrake Linux Security Team (security linux-mandrake com)

iDEFENSE Security Advisory 01.24.05: DataRescue Interactive Disassembler Pro Buffer Overflow Vulnerability 2005-01-24
iDefense Customer Service (customerservice idefense com)

DataRescue Interactive Disassembler Pro Buffer Overflow Vulnerability

iDEFENSE Security Advisory 01.24.05
www.idefense.com/application/poi/display?id=189&type=vulnerabilities
January 24, 2005

I. BACKGROUND

DataRescue Inc.'s IDA Pro is a Windows or Linux hosted multi-processor
disassembler and deb

[ more ] [ reply ]

English-language version of K-OTik.COM launched today ! 2005-01-25
K-OTiK Security (Special-Alerts k-otik com)

Hi all,

Today we launched the English-language version of our security and vulnerability monitoring portal K-OTik.COM

English advisories and alerts are now available through email, Web site, and RSS/XML feeds.

K-OTik Security English Version :

http://www.k-otik.com/english

K-OTik Se

[ more ] [ reply ]

Multiple vulnerabilities in MercuryBoard 1.1.1 2005-01-24
Alberto Trivero (trivero jumpy it)

*************************************************************
* CODEBUG Labs
* Advisory #7
* Title: Multiple vulnerabilities in MercuryBoard 1.1.1
* Author: Alberto Trivero
* English Version: Alberto Trivero
* Product: MercuryBoard 1.1.1
* Type: Multiple Vulnerabilities
* Web: http://www.codebug.org

[ more ] [ reply ]

Local buffer-overflow in W32Dasm 8.93 2005-01-24
Luigi Auriemma (aluigi autistici org)

#######################################################################

Luigi Auriemma

Application: W32Dasm
(was http://www.expage.com/page/w32dasm)
Versions: <= 8.93 (8.94???)
Platforms: Windows
Bug: buffer-overflow
Exploitation: local

[ more ] [ reply ]

MDKSA-2005:012 - Updated zhcon packages fix vulnerability 2005-01-24
Mandrake Linux Security Team (security linux-mandrake com)

[ GLSA 200501-35 ] Evolution: Integer overflow in camel-lock-helper 2005-01-24
Luke Macken (lewk gentoo org)

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200501-35
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -

[ more ] [ reply ]

Portcullis Security Advisory 05-002 Spectrum Cash Receipting System Weak Password Encryption 2005-01-24
Paul J Docherty (PJD portcullis-security com)

Portcullis Security Advisory

Vulnerable System:

Spectrum Cash Receipting System

Vulnerability Title:

Spectrum Cash Receipting System Weak Password Protection Vulnerability.

Vulnerability discovery and development:

Portcullis Security Testing Services.

Affected systems:

All known

[ more ] [ reply ]

SECURITY.NNOV: Multiple applications fd_set structure bitmap array index overflow 2005-01-24
3APA3A (3APA3A security nnov ru) (1 replies)

Issue: Multiple applications fd_set structure bitmap array
index overflow
Type: remote
Date: December, 12 2004
Original URL: http://www.security.nnov.ru/advisiories/sockets.asp
Author: 3APA3A
URL: http://www.security.nnov.ru/
Affecte

[ more ] [ reply ]

Re: SECURITY.NNOV: Multiple applications fd_set structure bitmap array index overflow 2005-01-25
Michael Hampton (error10 gmail com)

SUSE Security Announcement: Realplayer 8 (SUSE-SA:2005:004) 2005-01-24
Marcus Meissner (meissner suse de)