|
|
Colapse all |
Post message
Microsoft Internet Explorer Install Engine Control Buffer Overflow (#NISR19012005a) 2005-01-19 NGSSoftware Insight Security Research (nisr nextgenss com) NGSSoftware Insight Security Research Advisory Name: Microsoft Internet Explorer Install Engine Control Buffer Overflow Systems Affected: Microsoft Internet Explorer 5.x/6.x Severity: High Vendor URL: http://www.microsoft.com/ Author: Peter Winter-Smith [ peter (at) ngssoftware (dot) com [email concealed] ] Date of Public Advi [ more ] [ reply ] MSN Heartbeat Control Buffer Overflow 2005-01-19 NGSSoftware Insight Security Research (nisr nextgenss com) NGSSoftware Insight Security Research Advisory Name: MSN Heartbeat Control Buffer Overflow Systems Affected: Microsoft Internet Explorer with the MSN Heartbeat Control Severity: High Vendor URL: http://zone.msn.com/ Author: John Heasman [ john (at) ngssoftware (dot) com [email concealed] ] Date of Public Advisory: 19th January [ more ] [ reply ] RealPlayer Miscellaneous Vulnerabilities (#NISR19012005g) 2005-01-19 NGSSoftware Insight Security Research (nisr nextgenss com) NGSSoftware Insight Security Research Advisory Name: RealPlayer Miscellaneous Vulnerabilities Systems Affected: RealPlayer 10.5 (6.0.12.1040) and older Severity: Low/Medium Vendor URL: http://www.real.com/ Author: John Heasman [ john (at) ngssoftware (dot) com [email concealed] ] Date of Public Advisory: 19th January 2004 Advi [ more ] [ reply ] RealPlayer Arbitrary File Deletion Vulnerability (#NISR19012005f) 2005-01-19 NGSSoftware Insight Security Research (nisr nextgenss com) NGSSoftware Insight Security Research Advisory Name: RealPlayer Arbitrary File Deletion Vulnerability Systems Affected: RealPlayer 10.5 (6.0.12.1040) and older Severity: High Vendor URL: http://www.real.com/ Author: John Heasman [ john (at) ngssoftware (dot) com [email concealed] ] Date of Public Advisory: 19th January 2004 Ad [ more ] [ reply ] Multiple vulnerabilities in the AtHoc Toolbar (#NISR19012005c) 2005-01-19 NGSSoftware Insight Security Research (nisr nextgenss com) NGSSoftware Insight Security Research Advisory Name: Multiple Vulnerabilities in the AtHoc Toolbar For MSIE Systems Affected: AtHoc Toolbar for MSIE Severity: High Vendor URL: http://www.athoc.com/site/products/toolbar.asp Author: Mark Litchfield [ mark (at) ngssoftware (dot) com [email concealed] ] John Heasman [ john [ more ] [ reply ] Cisco Security Advisory: Vulnerability in Cisco IOS Embedded Call Processing Solutions 2005-01-19 Cisco Systems Product Security Incident Response Team (psirt cisco com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Vulnerability in Cisco IOS Embedded Call Processing Solutions Revision 1.0 For Public Release 2005 January 19 1500 UTC +---------------------------------------------------------------------- Contents ======== Summary [ more ] [ reply ] PeteFinnigan.com - Oracle security advisory 2005-01-18 Pete Finnigan (plsql petefinnigan com) Hi I have just created a security advisory for the issue I found that is fixed in Oracle latest security patch. The issue is with abuse of DIRECTORY objects and can be found here http://www.petefinnigan.com/directory_traversal.pdf - I have also updated my Oracle security alerts page to link to thi [ more ] [ reply ] iDEFENSE Security Advisory 01.18.05 - Multiple Unix/Linux Vendor Xpdf makeFileKey2 Stack Overflow 2005-01-18 customer service mailbox (customerservice idefense com) Multiple Unix/Linux Vendor Xpdf makeFileKey2 Stack Overflow iDEFENSE Security Advisory 01.18.05 www.idefense.com/application/poi/display?id=186&type=vulnerabilities January 18, 2005 I. BACKGROUND Xpdf is an open-source viewer for PDF files. More information is available at the following site: [ more ] [ reply ] Unrestricted I/O access vulnerability in INCA Gameguard 2005-01-17 Ryu Connor (Hellfire unspacy com) Source of security hole: INCA nProtect Gameguard Methods of propagation: http://eng.nprotect.com/partner.htm Vulnerable Operating Systems: Windows 2000 Windows XP Windows 2003 Non-Vulnerable Operating Systems: Windows 9x Vulnerability: nProtect Gameguard is an application bundled with multiplaye [ more ] [ reply ] [USN-61-1] vim vulnerabilities 2005-01-18 Martin Pitt (martin pitt canonical com) =========================================================== Ubuntu Security Notice USN-61-1 January 18, 2005 vim vulnerabilities CAN-2005-0069 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) The fo [ more ] [ reply ] Netegrity SiteMinder smpwservicescgi.exe target specification 2005-01-17 Marc Ruef (maru scip ch) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Dear ladies and gentlemen We have found a potential security vulnerability in the Netegrity SiteMinder script smpwservicescgi.exe. If a user is connecting to a secured web server over an url like https://www.scip.ch (just an example with our domain) [ more ] [ reply ] [USN-62-1] imagemagick vulnerability 2005-01-18 Martin Pitt (martin pitt canonical com) =========================================================== Ubuntu Security Notice USN-62-1 January 18, 2005 imagemagick vulnerability CAN-2005-0005 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) [ more ] [ reply ] Gallery v1.3.4-pl1, v1.4.4-pl2, 2.0 Alpha Cross Site Scripting Vulnerability 2005-01-17 Rafel Ivgi, The-Insider (theinsider 012 net il) Novell GroupWise WebAccess error modules loading 2005-01-17 Marc Ruef (maru scip ch) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Dear ladies and gentlemen We have found a potential security vulnerability in the Novell GroupWise WebAccess error module handling. First of all it is possible to circumvent the login procedure. If a user connects to https://www.scip.com:1444/servlet [ more ] [ reply ] [USN-63-1] MySQL client vulnerability 2005-01-18 Martin Pitt (martin pitt canonical com) =========================================================== Ubuntu Security Notice USN-63-1 January 18, 2005 mysql-dfsg vulnerability CAN-2005-0004 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) T [ more ] [ reply ] UnixWare 7.1.4 UnixWare 7.1.3 UnixWare 7.1.1 : chroot A known exploit can break a chroot prison. 2005-01-18 please_reply_to_security sco com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ________________________________________________________________________ ______ SCO Security Advisory Subject: UnixWare 7.1.4 UnixWare 7.1.3 UnixWare 7.1.1 : chroot A known exploit can break a chroot prison. Advisory number: SCOSA-2005.2 Issue [ more ] [ reply ] Kazaa Sig2Dat Protocol Remote Integer Overflow and Denial Of Service by creating files in arbitrary locations 2005-01-17 Rafel Ivgi, The-Insider (theinsider 012 net il) (2 replies) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Application: Kazaa Vendors: http://www.kazaa.com Versions: kazaa lite k++(probably all others too...) Platforms: Windows Bug: Sig2Dat Protocol Remote Integer Overflow and Den [ more ] [ reply ] Re: Kazaa Sig2Dat Protocol Remote Integer Overflow and Denial Of Service by creating files in arbitrary locations 2005-01-18 Markus Kern (markus-kern gmx net) Re: Kazaa Sig2Dat Protocol Remote Integer Overflow and Denial Of Service by creating files in arbitrary locations 2005-01-18 Berend-Jan Wever (skylined edup tudelft nl) iDEFENSE Security Advisory 01.17.05: Multiple Vendor ImageMagick .psd Image File Decode Heap Overflow Vulnerability 2005-01-17 customer service mailbox (customerservice idefense com) Multiple Vendor ImageMagick .psd Image File Decode Heap Overflow Vulnerability iDEFENSE Security Advisory 01.17.05 www.idefense.com/application/poi/display?id=184&type=vulnerabilities January 17, 2005 I. BACKGROUND ImageMagick provides a variety of graphics image-handling libraries and capabilit [ more ] [ reply ] [SECURITY] [DSA 644-1] New chbg packages fix arbitrary code execution 2005-01-18 joey infodrom org (Martin Schulze) [SECURITY] [DSA 643-1] New queue packages fix buffer overflows 2005-01-18 joey infodrom org (Martin Schulze) Multiple high risk vulnerabilities in Oracle RDBMS 10g/9i 2005-01-18 NGSSoftware Insight Security Research (nisr nextgenss com) Researchers at NGSSoftware have discovered multiple high risk vulnerabilities in the Oracle Database Server. Versions affected include Oracle Database 10g - All Releases Oracle9i Database Server - All Releases The vulnerabilities include PL/SQL Injection vulnerabilities that allow low privileged u [ more ] [ reply ] [SIG^2 G-TEC] NodeManager Professional V2.00 Buffer Overflow Vulnerability 2005-01-17 chewkeong security org sg Multiple Vulnerabilities in Netgear FVS318 Router 2005-01-17 Paul Kurczaba (advisories securinews com) Multiple Vulnerabilities in Netgear FVS318 Router http://www.securinews.com/vuln.htm?vulnid=103 ------------------------------------------------- Overview: The Netgear FVS318 is an easy to use, firewall/router designed for home users and small businesses. SecuriNews Research has found 2 vulnerabil [ more ] [ reply ] Minis directory traversal vulnerability 2005-01-16 Madelman (madelman iname com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Title: Minis directory traversal vulnerability Vulnerability discovery: Madelman <madelman AT iname.com> Date: 31/12/2004 Severity: Moderate Summary: - -------- (from vendor site: http://minis.sourceforge.net/) Minis is a tiny, PHP-powered, text-fil [ more ] [ reply ] phpGiftReq SQL Injection 2005-01-16 Madelman (madelman iname com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Title: phpGiftReq SQL Injection Vulnerability discovery: Madelman <madelman AT iname.com> Date: 16/01/2005 Severity: Moderately critical Summary: - -------- The PHP Gift Registry is a web-enabled gift registry intended for use among a circle of family [ more ] [ reply ] MDKSA-2005:008 - Updated cups packages fix multiple vulnerabilities 2005-01-17 Mandrake Linux Security Team (security linux-mandrake com) |
|
Privacy Statement |
_,'| _.-''``-...___..--';)
/_ \'. __..-' , ,--...--'''
<\ .`--''' ` /'
`-';'
[ more ] [ reply ]