|
|
Colapse all |
Post message
[SECURITY] [DSA 564-1] New mpg123 packages fix arbitrary code exceution 2004-10-13 joey infodrom org (Martin Schulze) [hackgen-2004-#002] - Remote file inclusion bug in ocPortal 1.0.3. 2004-10-12 Exoduks (exoduks gmail com) Microsoft IIS 5.x/6.0 WebDAV (XML parser) attribute blowup DoS 2004-10-12 Amit Klein (AKsecurity) (aksecurity hotpop com) //////////////////////////////////////////////////////////////////// //====================>> Security Advisory <<=====================// //////////////////////////////////////////////////////////////////// -------------------------------------------------------------------- -----[ IIS 5.x/6.0 WebD [ more ] [ reply ] RE: Insecure Default Service DACL's in Windows 2003 2004-10-12 Kurt Dillard (kurtdill microsoft com) Are you sure? I'm looking at the SDDL for the SharedAccess service, and this is what I see: D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CC LCSWLOCRRC;;;AU)(A;;CCLCSWRPWPDTLOCRRC;;;PU)S:(AU;FA;CCDCLCSWRPWPDTLOCRS DRCWDWO;;;WD) Unless my understanding of SDDL is way off, th [ more ] [ reply ] Reverse Engineering the First Pocket PC Trojan 2004-10-12 kers0r (root asylum-nz com) Airscanner Corp. has published a new tutorial on "Reverse Engineering the First Pocket PC Trojan": http://www.informit.com/articles/article.asp?p=340544 This tutorial shows you how to reverse engineer a new example of Windows Mobile malware - step by step. We include our methods for back [ more ] [ reply ] UnixWare 7.1.4 : Multiple Vulnerabilities in libpng 2004-10-12 please_reply_to_security sco com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ________________________________________________________________________ ______ SCO Security Advisory Subject: UnixWare 7.1.4 : Multiple Vulnerabilities in libpng Advisory number: SCOSA-2004.16 Issue date: 2004 October 07 Cross reference: sr89 [ more ] [ reply ] CORE-2004-0802: IIS NNTP Service XPAT Command Vulnerabilities 2004-10-12 CORE Security Technologies Advisories (advisories coresecurity com) UnixWare 7.1.3up UnixWare 7.1.4 : CUPS before 1.1.21 allows remote attackers to cause a denial of service 2004-10-12 please_reply_to_security sco com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ________________________________________________________________________ ______ SCO Security Advisory Subject: UnixWare 7.1.3up UnixWare 7.1.4 : CUPS before 1.1.21 allows remote attackers to cause a denial of service Advisory number: SCOSA-2004. [ more ] [ reply ] [SECURITY] [DSA 563-2] New cyrus-sasl packages really fix arbitrary code execution 2004-10-12 joey infodrom org (Martin Schulze) Regression in IE: Accessing remote/local content in IE (GM#009-IE) 2004-10-12 GreyMagic Security (security greymagic com) (1 replies) For further information on the regression itself see "Solution" section. GreyMagic Security Advisory GM#009-IE ===================================== By GreyMagic Software, 23 Aug 2002, 12 Oct 2004. Available in HTML format at http://www.greymagic.com/security/advisories/gm009-ie/. Topic: Access [ more ] [ reply ] Re: Regression in IE: Accessing remote/local content in IE (GM#009-IE) 2004-10-12 Nick FitzGerald (nick virus-l demon co uk) [SECURITY] [DSA 563-1] New cyrus-sasl packages fix arbitrary code execution 2004-10-12 joey infodrom org (Martin Schulze) Insecure Default Service DACL's in Windows 2003 2004-10-11 Ziots, Edward (EZiots Lifespan org) To the list, In my documentation of the Default DACL on Windows 2003 Services, I have found and confirmed the following: Both the Distributed Link tracking Server Service and Internet Connection Firewall Service have the Default DACL of Everyone:Full Control, which basically lets anyone connect [ more ] [ reply ] FW: problem in voip environment 2004-10-12 Walton, John Michael (John) (jmwalton avaya com) Reposting...first attempt didn't seem to make it onto the list. ------ Loic- It sounds like both the PC and IP phone are in the same subnet/VLAN. If they are, you will always be able to ping the phone from the PC because they are on the same logical wire. Suggestions: 1a.) Verify the IP pho [ more ] [ reply ] MonkeyShell: using XML-RPC for access to a remote shell 2004-10-11 Abe Usher (securitylist sharp-ideas net) Security pundits have been warning about the dangers implicit with Web services for years. A good starting point for understanding the security issues related to Web services can be found at: http://searchwebservices.techtarget.com/originalContent/0,289142,sid26_g ci872720,00.html Of course to reall [ more ] [ reply ] Micronet wireless broadband router SP916BM admin password reset when power off 2004-10-12 MrJoe (mrjoe host sk) Product: Micronet Wireless Broadband Router, Model No.: SP916BM Bug: When you power off this router, password for user "admin" is set back to default "admin". But to change the password you must know password that was set before power off. By default you cannot access web interface from outsi [ more ] [ reply ] Microsoft cabarc directory traversal 2004-10-12 Jelmer (jkuperus planet nl) Description: Cabarc is a command line tool to create and extract cabinet files (.cab) it is included in the Windows Support Tools package It is subject to a directory traversal bug similar to those found in unzip, unarj etc.. Technical Details: ..\file fails ../file defeats the protection Demon [ more ] [ reply ] [SECURITY] [DSA 562-1] New mysql packages fix several vulnerabilities 2004-10-11 joey infodrom org (Martin Schulze) [MAxpatrol Security Advisory] Multiple vulnerabilities in GoSmart Message Board 2004-10-11 Alexander Antipov (antipov SecurityLab ru) This vulnerability was discovered by Positive Technologies using MaxPatrol (www.maxpatrol.com) - intellectual professional security scanner. It is able to detect a substantial amount of vulnerabilities not published yet. MaxPatrol's intelligent algorithms are also capable to detect a lot of vulnerab [ more ] [ reply ] [SECURITY] [DSA 458-3] New python2.2 packages really fix buffer overflow and restore functionality 2004-10-10 joey infodrom org (Martin Schulze) [ GLSA 200410-06 ] CUPS: Leakage of sensitive information 2004-10-09 Kurt Lieber (klieber gentoo org) Limited \secure\ buffer-overflow in some old Monolith games 2004-10-08 Luigi Auriemma (aluigi autistici org) MDKSA-2004:106 - Updated cyrus-sasl packages fix local vulnerability 2004-10-07 Mandrake Linux Security Team (security linux-mandrake com) ASP.NET cannonicalization issue 2004-10-07 Evans, Arian (Arian Evans fishnetsecurity com) Hadn't seen this on the lists yet: Cannonicalization issue in ASP.NET <snip> Microsoft is currently investigating a reported vulnerability in Microsoft ASP.NET. An attacker can send specially crafted requests to the server and view secured content without providing the proper credentials. This rep [ more ] [ reply ] [ GLSA 200410-05 ] Cyrus-SASL: Buffer overflow and SASL_PATH vulnerabilities 2004-10-07 Kurt Lieber (klieber gentoo org) [SECURITY] [DSA 560-1] New lesstif packages fix several vulnerabilities 2004-10-07 joey infodrom org (Martin Schulze) |
|
Privacy Statement |
Hash: SHA1
- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 564-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Martin Schulze
October 13th, 2004
[ more ] [ reply ]