|
|
Colapse all |
Post message
MDKSA-2004:141 - Updated zip packages fix vulnerability 2004-11-25 Mandrake Linux Security Team (security linux-mandrake com) RE: Winamp - Buffer Overflow In IN_CDDA.dll [Unpatched] 2004-11-26 alex cottle (eddie5659 hotmail com) Dear Brett I've noticed that you say this is for version 5.05. Just looked at Winamp's site, and they have a 5.06 version out. Is this one vunerable as well? Kind Regards Alex Cottle >From: "Brett Moore" <brett.moore (at) security-assessment (dot) com [email concealed]> >Reply-To: <brett.moore (at) security-assessment (dot) com [email concealed]> >To [ more ] [ reply ] MDKSA-2004:140 - Updated a2ps packages fix vulnerability 2004-11-25 Mandrake Linux Security Team (security linux-mandrake com) MDKSA-2004:139 - Updated cyrus-imapd packages fix multiple vulnerabilities 2004-11-25 Mandrake Linux Security Team (security linux-mandrake com) [SECURITY] [DSA 597-1] New cyrus-imapd packages fix arbitrary code execution 2004-11-25 joey infodrom org (Martin Schulze) Winamp - Buffer Overflow In IN_CDDA.dll [Unpatched] 2004-11-24 Brett Moore (brett moore security-assessment com) ======================================================================== = Winamp - Buffer Overflow In IN_CDDA.dll = = Affected Software: = Winamp 5.05, 5.06 = = Public disclosure on November 24, 2004 ======================================================================== == Overview == Hat [ more ] [ reply ] [CLA-2004:899] Conectiva Security Announcement - samba 2004-11-25 Conectiva Updates (secure conectiva com br) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ -- CONECTIVA LINUX SECURITY ANNOUNCEMENT - ------------------------------------------------------------------------ -- PACKAGE : samba SUMMARY : Fix for Samba's denial of ser [ more ] [ reply ] [SECURITY] [DSA 599-1] New tetex-bin packages fix arbitrary code execution 2004-11-25 joey infodrom org (Martin Schulze) Re: Liferay Cross Site Scripting Flaw 2004-11-25 michael young (myoung liferay com) In-Reply-To: <A2A3422FEEB89D4DBFDF7692B7C737BACED1 (at) mshyd2.hyd.deshaw (dot) com [email concealed]> The scripting flaw as been fixed as of version 2.2.0 release 10/1/2004. We urge all parties to upgrade their deployments. >Received: (qmail 21320 invoked from network); 22 May 2004 22:20:19 -0000 >Received: from outgoing [ more ] [ reply ] [USN-32-1] mysql vulnerabilities 2004-11-25 Martin Pitt (martin pitt canonical com) =========================================================== Ubuntu Security Notice USN-32-1 November 25, 2004 mysql-dfsg vulnerabilities CAN-2004-0836, CAN-2004-0837, CAN-2004-0956, CAN-2004-0957 =========================================================== A security issue affects the following U [ more ] [ reply ] [ GLSA 200411-34 ] Cyrus IMAP Server: Multiple remote vulnerabilities 2004-11-25 Thierry Carrez (koon gentoo org) Remote buffer overflow in MailEnable IMAP service [Hat-Squad Advisory] 2004-11-25 Jerome ATHIAS (jerome athias free fr) Product: MailEnable Mail Server Vendor Url: http://www.mailenable.com Version: MailEnable Professional Edition v1.52, MailEnable Enterprise Edition v1.01 Vulnerability: Remote buffer overflow in IMAP service Release Date: 26 November, 2004 Vendor Status: InInformed on 24 November 2004 R [ more ] [ reply ] EZshopper is still vulnerable against Directory Traversal. 2004-11-25 Zero_X www.lobnan.de Team (zero-x linuxmail org) Product: EZshopper Versions: all URL: www.ahg.com Vulnerability: Directory Traversal Date: November 25, 2004 Discovered by: Zero X <Zero_X (at) excluded (dot) org [email concealed]> loadpage.cgi of EZshopper allows Directory Traversal Example: http://targethost/cgi-bin/loadpage.cgi?user_id=id&file=.|./.|./.|./ [ more ] [ reply ] FIREFOX flaws: nested array sort() loop Stack overflow exception 2004-11-25 Berend-Jan Wever (skylined edup tudelft nl) (1 replies) Hi all, Same flaw works for Firefox as well as MSIE: <HTML> <SCRIPT> a = new Array(); while (1) { (a = new Array(a)).sort(); } </SCRIPT> <SCRIPT> a = new Array(); while (1) { (a = new Array(a)).sort(); } </SCRIPT> </HTML> Added to the list: http://www.edup.tudelft.nl/~bjwever/advisory_firefox [ more ] [ reply ] Re: [Full-Disclosure] FIREFOX flaws: nested array sort() loop Stack overflow exception 2004-11-25 Heikki Toivonen (heikki osafoundation org) [SECURITY] [DSA 598-1] New yardradius packages fix arbitrary code execution 2004-11-25 joey infodrom org (Martin Schulze) Re: Sun Java Plugin arbitrary package access vulnerability 2004-11-25 Ken S (ken securitylist gmail com) (1 replies) After installing a new version of the JRE on two machines, IE and Firefox both report the plug-in as 1.4.2_06. For browsing to unknown sites, it would appear that there is no need to uninstall the older versions, unless there is a way for the javascript code to call a lower version of the JRE. Ho [ more ] [ reply ] Re: Sun Java Plugin arbitrary package access vulnerability 2004-11-25 Peter Greenwood (peterg reel demon co uk) MSIE flaws: nested array sort() loop Stack overflow exception 2004-11-25 Berend-Jan Wever (skylined edup tudelft nl) Hi all, Another flaw in IE: <HTML> <SCRIPT> a = new Array(); while (1) { (a = new Array(a)).sort(); } </SCRIPT> <SCRIPT> a = new Array(); while (1) { (a = new Array(a)).sort(); } </SCRIPT> </HTML> Normally I would see if it's exploitable but I figure I'm not MS's pet bug finder/analyser... So [ more ] [ reply ] XSS in Brazilian Insite products 2004-11-24 Carlos Ulver (carlos ulver gmail com) Well i have found some XSS in insite products Inmail -> As the name says a webmail Inshop -> Shopping Cart The XSS problem founded could stole user accounts without the need of password. I sent an e-mail long time ago telling them about this, but i get no answers and no correction was made so... [ more ] [ reply ] Jabberd2.x remote BuffJabberd2.x remote Buffer Overflowser Overflows 2004-11-24 icbm (icbm 0x557 org) [Security Advisory] Advisory: [AD_LAB-04002]Jabberd2.x remote Buffer Overflows Authors: icbm (at) venustech.com (dot) cn [email concealed] Class: Boundary Condition Error CVE:CAN-2004-0953 Remote: Yes, could allow remote compromise Vulnerable: Jabberd 2.* Unvulnerable: Jabberd 1.4 Vendor: http://jabberd.jabbe [ more ] [ reply ] [ GLSA 200411-32 ] phpBB: Remote command execution 2004-11-24 Sune Kloppenborg Jeppesen (jaervosz gentoo org) |
|
Privacy Statement |
<IFRAME SRC=?>
save it as a html file, open it in IE, in about 30 seconds, it will cause a stack_overflow exception and exit. Because IE will not stop allocating stack buffer, until there is not enough stack
[ more ] [ reply ]