|
|
Colapse all |
Post message
MDKSA-2004:153 - Updated aspell packages fix vulnerability 2004-12-20 Mandrake Linux Security Team (security linux-mandrake com) MDKSA-2004:152 - Updated ethereal packages fix multiple vulnerabilities 2004-12-20 Mandrake Linux Security Team (security linux-mandrake com) [SECURITY] [DSA 612-1] New a2ps packages fix arbitrary command execution 2004-12-20 joey infodrom org (Martin Schulze) [USN-42-1] Xine library vulnerabilities 2004-12-20 Martin Pitt (martin pitt canonical com) =========================================================== Ubuntu Security Notice USN-42-1 December 20, 2004 xine-lib vulnerabilities https://sourceforge.net/project/shownotes.php?group_id=9655&release_id=2 90099 =========================================================== A security issue affect [ more ] [ reply ] [ GLSA 200412-17 ] kfax: Multiple overflows in the included TIFF library 2004-12-19 Sune Kloppenborg Jeppesen (jaervosz gentoo org) Internet Explorer Help ActiveX Control Local Zone Security Restriction Bypass Vulnerability (updated) 2004-12-19 Paul (paul greyhats cjb net) I appologize for the previous vulnerability (longnamevuln) because it was incomplete. After realizing my mistake, longnamevuln looked useless. However, it was just incomplete, not useless. What longnamevuln did was open a local file in the browser window. To execute active content, it needed to be [ more ] [ reply ] [ GLSA 200412-16 ] kdelibs, kdebase: Multiple vulnerabilities 2004-12-19 Sune Kloppenborg Jeppesen (jaervosz gentoo org) Exploit for Ultrix 4.5 dxterm 2004-12-19 Kristoffer Brånemyr (ztion swipnet se) Well, I hadn't seen a buffer overflow exploit for ultrix on bugtraq, so I decided to make one. I don't think anyone is using ultrix seriously anymore, so this is just for fun ;). -- cut here -- /* Ultrix 4.5/MIPS dxterm exploit by ztion in 2004 Greets to: Stok, sidez It wasn't possible [ more ] [ reply ] Re: Internet Explorer Code Execution Bypass Vulnerability 2004-12-19 cmthemc yahoo com In-Reply-To: <20041217170337.26668.qmail (at) www.securityfocus (dot) com [email concealed]> Hello, I'm a little bit confused as to why you would classify this as a "vulnerability" -- or even relate it to internet explorer at all... I think you have confused the simple html parsing of Active Desktop with microsoft internet [ more ] [ reply ] Windows Explorer TGA Crash 2004-12-18 Bill (Bill vectracon com) I've found a TGA file that crashes Windows Explorer when Explorer tries to generate a preview for it. I'm not expert in this area, so I don't know if this could be used as a way to run arbitrary code. However I've attached the broken TGA, in zip format, in hopes that someone else can figure out [ more ] [ reply ] Crystal FTP Pro Client Buffer Overflow 2004-12-20 Luca Ercoli (luca ercoli inwind it) Package: Crystal FTP Pro Auth: http://www.casdk.com/ Version: 2.8 (current release) and below Vulnerability Type: Arbitrary Command Execution Crystal FTP Pro Description (from the Developer): Crystal FTP Pro is a Top awarded FTP client for dummies and experts. The state of the art user [ more ] [ reply ] [ GLSA 200412-15 ] Ethereal: Multiple vulnerabilities 2004-12-19 Sune Kloppenborg Jeppesen (jaervosz gentoo org) UPDATE: [ GLSA 200410-12 ] WordPress: HTTP response splitting and XSS vulnerabilities 2004-12-19 Luke Macken (lewk gentoo org) PHP shmop.c module permits write of arbitrary memory. 2004-12-19 Stefano Di Paola (stefano dipaola wisec it) Hi list-eners, ========================================================== Title: Php shmop write of arbitrary memory - Safe Mode Bypass Affected: Php <= 5.0.2 & 4.3.9 if shmop module is loaded. Vulnerability Type: Input Validation - write of arbitrary memory ==Summary Shared Memory PHP Module ha [ more ] [ reply ] KDE Security Advisory: Konqueror Java Vulnerability 2004-12-20 Waldo Bastian (bastian kde org) KDE Security Advisory: Konqueror Java Vulnerability Original Release Date: 2004-12-20 URL: http://www.kde.org/info/security/advisory-20041220-1.txt 0. References http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1145 http://www.heise.de/security/dienste/browsercheck/tests/java [ more ] [ reply ] AIX 5.1/5.2/5.3 local root exploits 2004-12-20 cees-bart (ceesb cs ru nl) hi, i found some local security holes in IBM's AIX versions 5.1, 5.2 and 5.3 (unix for IBM RS/6000 powerpc). 1) the first is a bug in all setuid diag related tools that use an environment variable as a prefix to an external binary executed as root. 2) the second is a classical stack overflow in [ more ] [ reply ] Security Bulletin SSRT4687 rev.0 HP-UX newgrp(1) local privilege elevation 2004-12-20 Boren, Rich (SSRT) (rich boren hp com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 HP SECURITY BULLETIN HPSBUX01102 REVISION: 0 SSRT4687 rev.0 HP-UX newgrp(1) local privilege elevation NOTICE: There are no restrictions for distribution of this Bulletin provided that it remains complete and intact. The information in this Sec [ more ] [ reply ] [ GLSA 200412-19 ] phpMyAdmin: Multiple vulnerabilities 2004-12-19 Sune Kloppenborg Jeppesen (jaervosz gentoo org) [SECURITY] [DSA 611-1] New htget packages fix arbitrary code execution 2004-12-20 joey infodrom org (Martin Schulze) Re: Patch available for multiple critical flaws in Oracle 2004-12-18 Marc Bejarano (bugtraq beej org) At 18:08 8/31/2004, NGSSoftware Insight Security Research wrote: >Researchers at NGSSoftware have discovered multiple critical >vulnerabilities in Oracle Database Server and Oracle Application Server. >Versions affected include > >Oracle Database 10g Release 1 Version 10.1.0.2 >Oracle9i Database S [ more ] [ reply ] |
|
Privacy Statement |
Hash: SHA1
[ Updated: Jan Minar informed us of an error in this advisory where the
summary said "Remote hole, local Dos". This is is of course wrong and
this update of the advisory is to correct that. We wish to think Jan
Minar for telling us and apologize
[ more ] [ reply ]