|
|
Colapse all |
Post message
grsecurity 2.1.0 release / 5 Linux kernel advisories 2005-01-07 spender grsecurity net (Brad Spengler) Let's try this again, since web archives don't like multipart attachments. grsecurity 2.1.0 release / Linux Kernel advisories -------------------------------------------------------------------- Table Of Contents: 1) grsecurity 2.1.0 announcement and changelog 2) Linux Kernel advisory introductio [ more ] [ reply ] grsecurity 2.1.0 release / 5 Linux kernel advisories 2005-01-07 spender grsecurity net (Brad Spengler) grsecurity 2.1.0 release / Linux Kernel advisories -------------------------------------------------------------------- Table Of Contents: 1) grsecurity 2.1.0 announcement and changelog 2) Linux Kernel advisory introduction 3) 2.4/2.6 random poolsize sysctl handler integer overflow 4) 2.6 scsi ioct [ more ] [ reply ] Santy and SSL 2005-01-06 Ofer Shezaf (Ofer Shezaf breach com) Since my company sells a product that decrypts SSL traffic in order to enable intrusion detection systems to inspect it, I was looking for examples of real world attacks hidden in SSL traffic. As part of this research I examined Santy and found out that: a. there are many phpBB sites protected by [ more ] [ reply ] WinAc AND WinHKI ZIP File Directory Transversal 2005-01-06 Rafel Ivgi, The-Insider (theinsider 012 net il) [ GLSA 200501-10 ] Vilistextum: Buffer overflow vulnerability 2005-01-06 Thierry Carrez (koon gentoo org) MDKSA-2005:004 - Updated nasm packages fix buffer overflow vulnerability 2005-01-06 Mandrake Linux Security Team (security linux-mandrake com) MDKSA-2005:003 - Updated vim packages fix modeline vulnerabilities 2005-01-06 Mandrake Linux Security Team (security linux-mandrake com) MDKSA-2005:002 - Updated wxGTK2 packages fix vulnerabilities 2005-01-06 Mandrake Linux Security Team (security linux-mandrake com) re: All Symantec Products All Versions Until 2005 - Remote Stack Buffer Overflow 2005-01-06 Sym Security (secure symantec com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Symantec is aware and currently investigating this issue. Symantec Product Security Team Symantec takes the security of our products seriously and is a responsible disclosure company. You can view our response policies at http://www.symantec.com/secur [ more ] [ reply ] MDKSA-2005:001 - Updated libtiff packages fix multiple vulnerabilities 2005-01-06 Mandrake Linux Security Team (security linux-mandrake com) [CLA-2005:913] Conectiva Security Announcement - samba 2005-01-06 Conectiva Updates (secure conectiva com br) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ -- CONECTIVA LINUX SECURITY ANNOUNCEMENT - ------------------------------------------------------------------------ -- PACKAGE : samba SUMMARY : Fixes for Samba vulnerabiliti [ more ] [ reply ] [USN-55-1] imlib2 vulnerabilities 2005-01-06 Martin Pitt (martin pitt canonical com) =========================================================== Ubuntu Security Notice USN-55-1 January 06, 2005 imlib2 vulnerabilities CAN-2004-1025, CAN-2004-1026 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Wart [ more ] [ reply ] [USN-54-1] TIFF library tool vulnerability 2005-01-06 Martin Pitt (martin pitt canonical com) =========================================================== Ubuntu Security Notice USN-54-1 January 06, 2005 tiff vulnerability CAN-2004-1183 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) The fol [ more ] [ reply ] RE: All Symantec Products All Versions Until 2005 - Remote Stack Buffer Overflow 2005-01-06 Polazzo Justin (Justin Polazzo facilities gatech edu) Does this affect Symantec Corporate Edition as well? -----Original Message----- From: Rafel Ivgi, The-Insider [mailto:theinsider (at) 012.net (dot) il [email concealed]] Sent: Thursday, January 06, 2005 2:21 AM To: vulnwatch (at) vulnwatch (dot) org [email concealed]; Windows NTBugtraq Mailing List; list (at) securiteam (dot) com [email concealed]; full-disclosure (at) lists.netsys (dot) com [email concealed]; [ more ] [ reply ] [SECURITY] [DSA 628-1] New imlib2 packages fix arbitrary code execution 2005-01-06 joey infodrom org (Martin Schulze) [SECURITY] [DSA 626-1] New tiff packages fix denial of service 2005-01-06 joey infodrom org (Martin Schulze) [SECURITY] [DSA 627-1] New namazu2 packages fix cross-site scripting vulnerability 2005-01-06 joey infodrom org (Martin Schulze) RE: Paper: SQL Injection Attacks by Example 2005-01-05 Sergey Chernyshev (Sergey courttv com) I believe changing to stored procedures is good not just because it's impossible to inject something to the query the same way it's done with regular queries - but because in addition to that you can restrict permissions for connected user to run only stored procedures and be even more specific with [ more ] [ reply ] All Symantec Products All Versions Until 2005 - Remote Stack Buffer Overflow 2005-01-06 Rafel Ivgi, The-Insider (theinsider 012 net il) [ GLSA 200501-06 ] tiff: New overflows in image decoding 2005-01-05 Thierry Carrez (koon gentoo org) [ GLSA 200501-05 ] mit-krb5: Heap overflow in libkadm5srv 2005-01-05 Sune Kloppenborg Jeppesen (jaervosz gentoo org) RE: Paper: SQL Injection Attacks by Example 2005-01-05 Scovetta, Michael V (Michael Scovetta ca com) Chip-- I agree-- and for the Java junkies in the house: ps = con.prepareStatement("update people set name = ? where nid = ?"); ps.setString(1, request.getParameter("name")); ps.setString(2, request.getParameter("nid")); ps.executeUpdate(); I must say, I like the Java syntax much better th [ more ] [ reply ] |
|
Privacy Statement |
Hash: SHA1
Hi all,
first of all I must comply about the handling of this vulnerability that I
reported to vendorsec. Obviously my code posted there has been stolen and
plagiated by Stefan Esser from Ematters. The posting containing the
plagiate will follow. Now I
[ more ] [ reply ]