|
|
Colapse all |
Post message
A Brief Analysis of Bofra/MyDoom.AG/AH 2004-11-18 Bryan Burns (bburns juniper net) Overview of Bofra ============== Bofra (AKA MyDoom.AG/AH) is a worm that was first discovered on November 8th circulating in the wild. Bofra spreads by sending e-mail to victims with a URL pointing back to a special webserver running on the infected machine. Bofra runs this small webserver on por [ more ] [ reply ] [USN-30-1] Linux kernel vulnerabilities 2004-11-18 Martin Pitt (martin pitt canonical com) =========================================================== Ubuntu Security Notice USN-30-1 November 18, 2004 linux-source-2.6.8.1 vulnerabilities CAN-2004-0883, CAN-2004-0949, and others =========================================================== A security issue affects the following Ubuntu re [ more ] [ reply ] [USN-29-1] samba vulnerability 2004-11-18 Martin Pitt (martin pitt canonical com) =========================================================== Ubuntu Security Notice USN-29-1 November 18, 2004 samba vulnerability CAN-2004-0882 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) The fo [ more ] [ reply ] Re: Vulnerabilities in forum phpBB2 with Cash_Mod (all ver.) 2004-11-19 Robert Hetzler (mods xore ca) In-Reply-To: <20041118044742.16170.qmail (at) www.securityfocus (dot) com [email concealed]> A fix for this was submitted to phpbb.com yesterday afternoon, and was posted to the site around 7pm PST http://www.phpbb.com/phpBB/viewtopic.php?p=1319332#1319332 The download for the new vesion can be found here: http://www.phpb [ more ] [ reply ] Buffer overlow in DMS POP3 Server for Windows 2000/XP 1.5.3 build 37 and prior versions. 2004-11-18 Reed Arvin (reedarvin gmail com) Summary: A buffer overflow exists in DMS POP3 Server for Windows 2000/XP 1.5.3 build 37 (http://www.digitalmapping.sk.ca/pop3srv/default.asp) and prior versions. Details: A buffer overflow occurs during the POP3 authentication process when an overly long username is supplied. When the userna [ more ] [ reply ] AppServ 2.5.x and Prior Exploit 2004-11-18 saudi linux (ksa2ksa yahoo com) what AppServ ========== AppServ is the Apache/PHP/MySQL open source software installer packages. Objective : - Easy to buid Webserver and Database Server - For those who just beginning client/server programming. - For web programmers/developers using PHP & MySQL. - For programming techniq [ more ] [ reply ] [CLA-2004:892] Conectiva Security Announcement - MySQL 2004-11-18 Conectiva Updates (secure conectiva com br) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ -- CONECTIVA LINUX SECURITY ANNOUNCEMENT - ------------------------------------------------------------------------ -- PACKAGE : MySQL SUMMARY : Fixes for several mysql vulne [ more ] [ reply ] EXEC exploit in phpBB - fix 2004-11-18 Paul S. Owen (paul0x01 starstreak net) (1 replies) Following additional information supplied to us by a party other than "howdark.com" we can confirm the existence of a serious exploit in phpBB, in all versions below 2.0.11. We will not post concept of proof information given the seriousness of this issue. Unfortunately howdark.com group have chose [ more ] [ reply ] FreeBSD Security Advisory FreeBSD-SA-04:16.fetch 2004-11-18 FreeBSD Security Advisories (security-advisories freebsd org) [CLA-2004:890] Conectiva Security Announcement - libxml2 2004-11-18 Conectiva Updates (secure conectiva com br) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ -- CONECTIVA LINUX SECURITY ANNOUNCEMENT - ------------------------------------------------------------------------ -- PACKAGE : libxml2 SUMMARY : Fixes for libxml2 buffer ov [ more ] [ reply ] [MaxPatrol] SQL-injection in Invision Power Board 2.x 2004-11-18 Alexander Anisimov (anisimov ptsecurity com) RE: New URL spoofing bug in Microsoft Internet Explorer 2004-11-17 Michael Silk (michaels phg com au) Or even a fake "a" tag: <span style="color: blue; text-decoration: underline; cursor: hand;" onmouseover="window.status = 'http://www.msn.com/';" onmouseout="window.status = 'Done.'" onclick="document.location = 'http://www.google.com'"> Visit Msn! </span> -----Original Message----- From: q q [ma [ more ] [ reply ] [ GLSA 200411-26 ] GIMPS, SETI@home, ChessBrain: Insecure installation 2004-11-17 Sune Kloppenborg Jeppesen (jaervosz gentoo org) Vulnerabilities in forum phpBB2 with Cash_Mod (all ver.) 2004-11-18 Jerome ATHIAS (jerome athias fr) (1 replies) Hi all phpBB is a very popular message board using modules extensions. One of these module ? Cash_Mod is a very popular one and is used by many people. It has critical vulnerabilities, one of them letting anyone inject malicious PHP code that will be executed on the server side. Let?s [ more ] [ reply ] Re: Vulnerabilities in forum phpBB2 with Cash_Mod (all ver.) 2004-11-18 Rafael San Miguel Carrasco (smcsoc yahoo es) MDKSA-2004:133 - Updated sudo packages fix vulnerability 2004-11-17 Mandrake Linux Security Team (security linux-mandrake com) RX171104 Cscope v15.5 and minors - symlink vulnerability - advisory, exploit and patch. 2004-11-17 rexolab (research rexotec com) (1 replies) |############################ REXOTEC(dot)COM ############################### | |=-----=[ ADV RX171104 - Cscope :: Race condition on temporary file ]-----=| | | |=---[ - INFORMATION `----------------------------------------------------------------------| VulnDiscovery: 2003/05/21 Releas [ more ] [ reply ] Re: RX171104 Cscope v15.5 and minors - symlink vulnerability - advisory, exploit and patch. 2004-11-18 Hans-Bernhard Broeker (broeker physik rwth-aachen de) [USN-28-1] sudo vulnerability 2004-11-17 Martin Pitt (martin pitt canonical com) =========================================================== Ubuntu Security Notice USN-28-1 November 17, 2004 sudo vulnerability http://www.sudo.ws/sudo/alerts/bash_functions.html =========================================================== A security issue affects the following Ubuntu releases: [ more ] [ reply ] MDKSA-2004:134 - Updated apache packages fix buffer overflow in mod_include 2004-11-17 Mandrake Linux Security Team (security linux-mandrake com) [USN-27-1] libxpm4 vulnerability 2004-11-17 Martin Pitt (martin pitt canonical com) =========================================================== Ubuntu Security Notice USN-27-1 November 17, 2004 libxpm4 vulnerability CAN-2004-0687, CAN-2004-0688 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty [ more ] [ reply ] [USN-26-1] bogofilter vulnerability 2004-11-17 Martin Pitt (martin pitt canonical com) =========================================================== Ubuntu Security Notice USN-26-1 November 17, 2004 bogofilter vulnerability CAN-2004-1007 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) T [ more ] [ reply ] MDKSA-2004:132 - Updated gd packages fix integer overflows 2004-11-17 Mandrake Linux Security Team (security linux-mandrake com) Advisory 14/2004: Linux 2.x smbfs multiple remote vulnerabilities 2004-11-17 Stefan Esser (s esser e-matters de) MDKSA-2004:135 - Updated apache2 packages fix request DoS 2004-11-17 Mandrake Linux Security Team (security linux-mandrake com) SUSE Security Announcement: xshared, XFree86-libs, xorg-x11-libs (SUSE-SA:2004:041) 2004-11-17 Thomas Biege (thomas suse de) |
|
Privacy Statement |
for more details. Authored by Dan Guido and j0hny_lightning.
[ more ] [ reply ]