|
|
Colapse all |
Post message
security hole (http response splitting) in phpwebsite 2004-11-11 Maestro De-Seguridad (maestrodeseguridad lycos com) ADVISORY Author: Maestro (me!) Date: 11-NOV-04 Vendor: Appalachian State University (http://phpwebsite.appstate.edu/) Product: phpWebSite 0.9.3-4 Product description (from vendor website): phpWebSite provides a complete web site content management system. Web-based administration allows for [ more ] [ reply ] Zone Labs IMsecure Active Link Filter Bypass 2004-11-11 Kurczaba Associates advisories (advisories kurczaba com) Zone Labs IMsecure Active Link Filter Bypass http://www.kurczaba.com/html/security/0410141.htm ------------------------------------------------- Overview: A vulnerability has been discovered in the Zone Labs IMsecure Active Link Filter Vendor: Zone Labs (http://www.zonelabs.com) Affected Systems/ [ more ] [ reply ] [waraxe-2004-SA#037 - Sql injection bug in Phorum 5.0.12 and older versions] 2004-11-12 Janek Vind (come2waraxe yahoo com) [CLA-2004:889] Conectiva Security Announcement - sasl2 2004-11-11 Conectiva Updates (secure conectiva com br) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ -- CONECTIVA LINUX SECURITY ANNOUNCEMENT - ------------------------------------------------------------------------ -- PACKAGE : sasl2 SUMMARY : Fix for buffer overflow vulne [ more ] [ reply ] Cisco Security Advisory: Crafted Timed Attack Evades Cisco Security Agent Protections 2004-11-11 Cisco Systems Product Security Incident Response Team (psirt cisco com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: ======================== Crafted Timed Attack Evades Cisco Security Agent Protections ============================================================ Document ID: 63326 Revision 1.0: FINAL For Public Release 2004 November 11 1 [ more ] [ reply ] [ GLSA 200411-20 ] ez-ipupdate: Format string vulnerability 2004-11-11 Sune Kloppenborg Jeppesen (jaervosz gentoo org) SQL injection in vBulletin forums (last10.php) 2004-11-11 Dr. Death (drdeath4ever hotmail com) hi all, a new SQL injection found in VBulletin Forums 3.0.x the Vulnerabilite found in last.php, last 10 topics hack. last.php?fsel=,user.password%20as%20title,user.%20 %20%20%20username%20as%20lastposter%20FROM%20user, thread%20%20%20%20%20WHERE%20usergroupid=6%20LIMIT %201 to solve the prob [ more ] [ reply ] Re: Nortel Networks Contivity VPN Client information leakage vulnerability 2004-11-10 Quincy Jackson (qjacks0n yahoo com) > IV. Solution > This issue is resolved in Contivity VPN Client for Windows V5.01_030 Obviously this can't be fixed by changing the client software. The full advisory makes it clear that an attacker willing to reverse engineer the proprietary hash used to obscure usernames in Nortel's software cou [ more ] [ reply ] Unsecure Ftpd on HP PSC 2510 Printer 2004-11-10 Justin Rush (jrush scout wisc edu) Product Name: HP PSC 2510 Summary: Ftp print service is not configurable This printer comes with an ftp daemon which allows anonymous access, and drops the user into a write only directory. By default anyone from anywhere can drop a file into this directory and the printer will print the document [ more ] [ reply ] 04WebServer Three Vulnerabilities 2004-11-10 Jérôme ATHIAS (jerome athias fr) Summary 04WebServer is a HTTP server developed by Soft3304 for Windows platforms. It is an easy-to-configure personal HTTP server that supports CGI, SSI, WebDAV and SSL/TLS. This advisory documents three vulnerabilities that were found in version 1.42 of 04WebServer. Tested System 04W [ more ] [ reply ] Nortel Networks Contivity VPN Client information leakage vulnerability 2004-11-10 Network Intelligence (I) Pvt. Ltd. (info nii co in) Name: User Account Enumeration in Nortel Contivity VPN Vendor: Nortel Networks Products Affected: Nortel Networks Contivity VPN Client Type: Remote User Account Enumeration Severity: Medium I. Overview The Nortel Networks Contivity VPN Client authentication error message provides more information t [ more ] [ reply ] Cisco Security Advisory: Cisco IOS DHCP Blocked Interface Denial-of-Service 2004-11-10 Cisco Systems Product Security Incident Response Team (psirt cisco com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Cisco IOS DHCP Blocked Interface Denial-of-Service ======================================================================== ======= Revision 1.0 For Public Release 2004 November 10 1700 UTC (GMT) - ---------------------------- [ more ] [ reply ] [SquirrelMail Security Advisory] Cross Site Scripting in encoded text 2004-11-10 Jonathan Angliss (jon squirrelmail org) SquirrelMail Security Notice ============================ About ----- SquirrelMail is a standards-based webmail package written in PHP4. It includes built-in pure PHP support for the IMAP and SMTP protocols, and all pages render in pure HTML 4.0 (with no JavaScript required) for maximum compatibili [ more ] [ reply ] Linux ELF loader vulnerabilities 2004-11-10 Paul Starzetz (ihaquer isec pl) (2 replies) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Synopsis: Linux kernel binfmt_elf loader vulnerabilities Product: Linux kernel Version: 2.4 up to to and including 2.4.27, 2.6 up to to and including 2.6.8 Vendor: http://www.kernel.org/ URL: http://isec.pl/vulnerabilities/isec [ more ] [ reply ] [ GLSA 200411-16 ] zip: Path name buffer overflow 2004-11-09 Sune Kloppenborg Jeppesen (jaervosz gentoo org) |
|
Privacy Statement |
Gentoo Linux Security Advisory GLSA 200411-19
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -
[ more ] [ reply ]