|
|
Colapse all |
Post message
iDEFENSE Security Advisory 01.13.05 - Apple iTunes Playlist Parsing Buffer Overflow Vulnerability 2005-01-13 customer service mailbox (customerservice idefense com) Trend Micro Control Manager - Enterprise Edition 3.0 Web application Replay attack 2005-01-13 Hammud_Saway premium trendmicro com Dear Bugtraq, Here is Trend Micro's reply to this claim This kind of sniffing and "hijacking" of login could be done to almost all ordinary installed http products with login procedure. Since we offer a way to install it with HTTPS(SSL) and making login and communicating with the server secure, [ more ] [ reply ] STG Security Advisory: [SSA-20050113-25] ZeroBoard multiple vulnerabilities 2005-01-13 advisory stgsecurity com STG Security Advisory: [SSA-20050113-25] ZeroBoard multiple vulnerabilities Revision 1.1 Date Published: 2004-12-31 (KST) Last Update: 2005-1-13 Disclosed by SSR Team (advisory (at) stgsecurity (dot) com [email concealed]) Summary ======= ZeroBoard is one of widely used web BBS applications in Korea. However, an i [ more ] [ reply ] SB2005002: pron to bypass APF checking uid(0) routine 2005-01-13 x90c (jyj9782 kornet net) ===================================================== SB2005002: pron to bypass APF checking uid(0) routine ----------------------------------------------------- Date : 01-13-2005 Author : x90c (at) www.chollian (dot) net [email concealed]/~jyj9782 ----- Affected Version ----- apf-0.9.4-7 ( current at this ti [ more ] [ reply ] MDKSA-2005:007 - Updated imlib packages fix vulnerability 2005-01-13 Mandrake Linux Security Team (security linux-mandrake com) Trend Micro Control Manager - Enterprise Edition 3.0 Web application Replay attack 2005-01-13 CIRT Advisory (advisory cirt dk) The web application are vulnerable to a replay attack, meaning that the username and password are encrypted but there are not used any form of timestamp to make this mechanism more advanced and secure. If it is possible to sniff the traffic when a user login to the administrative interface, it is p [ more ] [ reply ] UPDATE: [ GLSA 200412-25 ] CUPS: Multiple vulnerabilities 2005-01-12 Thierry Carrez (koon gentoo org) InternetExploiter 3.2 2005-01-13 Berend-Jan Wever (skylined edup tudelft nl) Hi all, I know I released a working exploit earlier but it had two small imperfections, version 0.2 should be more robust and fully OS/SP/language independant. I personally believe it should work on all platforms, but I don't have enough machines nor time to prove my claim, I'll leave that to you. [ more ] [ reply ] MDKSA-2005:006 - Updated hylafax packages fix vulnerability 2005-01-13 Mandrake Linux Security Team (security linux-mandrake com) IE issue with percent 20 2005-01-13 RSnake (rsnake shocking com) This is a really odd problem, and I haven't seen it published anywhere. Apparently IE handles IPs in URLs as something like (as you might expect): http://xxx.xxx.xxx.xxx/ But the problem is if I put a %20 in the IP address like this, it will still render (assuming I am under 16 charachters betw [ more ] [ reply ] Cross Site Scripting holes found in Horde 3.0 2005-01-13 Hyperdose Security (robfly hyperdose com) Hyperdose Security Advisory Name: Cross Site Scripting holes found in Horde 3.0 Systems Affected: Horde 3.0 installations Severity: Moderate Author: Robert Fly - robfly (at) hyperdose (dot) com [email concealed] Advisory URL: http://www.hyperdose.com/advisories/H2005-01.txt --Horde Description-- The Horde Application Framewor [ more ] [ reply ] [SECURITY] [DSA 637-1] New exim-tls packages fix arbitrary code execution 2005-01-13 joey infodrom org (Martin Schulze) [CLA-2005:915] Conectiva Security Announcement - php4 2005-01-13 Conectiva Updates (secure conectiva com br) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ -- CONECTIVA LINUX SECURITY ANNOUNCEMENT - ------------------------------------------------------------------------ -- PACKAGE : php4 SUMMARY : Fixes for multiple php4 vulner [ more ] [ reply ] [CLA-2005:916] Conectiva Security Announcement - ethereal 2005-01-13 Conectiva Updates (secure conectiva com br) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ -- CONECTIVA LINUX SECURITY ANNOUNCEMENT - ------------------------------------------------------------------------ -- PACKAGE : ethereal SUMMARY : Fixes for security vulnera [ more ] [ reply ] [SECURITY] [DSA 638-1] New gopher packages fix several vulnerabilities 2005-01-13 joey infodrom org (Martin Schulze) [CLA-2005:917] Conectiva Security Announcement - krb5 2005-01-13 Conectiva Updates (secure conectiva com br) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ -- CONECTIVA LINUX SECURITY ANNOUNCEMENT - ------------------------------------------------------------------------ -- PACKAGE : krb5 SUMMARY : Fix for buffer overflow in lib [ more ] [ reply ] Windows ANI File Parsing Proof Of Concept (MS05-002) 2005-01-12 assaf404 yahoo com Hi all! I have created a proof of concept for the Windows ANI File Parsing vulnerability which got published by eEye yesterday (MS05-002). Details about the proof of concept + demo can be found here : http://underwar.livedns.co.il/projects/ani/ Very detailed process of creating the proof o [ more ] [ reply ] [waraxe-2005-SA#039] - Critical Sql Injection in Sgallery module for PhpNuke 2005-01-13 Janek Vind (come2waraxe yahoo com) Is DEP easily evadable? 2005-01-12 John Richard Moser (nigelenki comcast net) (1 replies) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I'm no security expert, so bear with me here; I just kind of tripped over something interesting that I'd like to ask about. I was blogging about DEP based on MS' technical documentation and came up with a quick and dirty way to use a buffer overflow (w [ more ] [ reply ] Re: Is DEP easily evadable? 2005-01-13 Florian Weimer (fw deneb enyo de) (1 replies) [SECURITY] [DSA 636-1] New libc6 packages fix insecure temporary files 2005-01-12 joey infodrom org (Martin Schulze) [SECURITY] [DSA 635-1] New exim packages fix arbitrary code execution 2005-01-12 joey infodrom org (Martin Schulze) Arkeia Possible remote root & information leakage 2005-01-12 Maciej Bogucki (maciej bogucki artegence com) During the testing of arkeia a few security holes has been discovered. Vulnerable System: Arkeia 4.2.x, 5.2.x and 5.3.x Details: 1. Writable directory $ ls -ld /opt/arkeia/server/dbase/ drwxrwxrwx 10 root root 4096 gru 27 13:40 /opt/arkeia/server/dbase/ 2. Default the "root" account password i [ more ] [ reply ] Linux kernel i386 SMP page fault handler privilege escalation 2005-01-12 Paul Starzetz (ihaquer isec pl) |
|
Privacy Statement |
iDEFENSE Security Advisory 01.13.05:
http://www.idefense.com/application/poi/display?type=vulnerabilities
January 13, 2005
I. BACKGROUND
Apple iTunes is a digital jukebox capable of playing a variety of sound
file formats, sharing music
[ more ] [ reply ]