|
|
Prev week |
Colapse all |
Post message
[SECURITY] [DSA 563-2] New cyrus-sasl packages really fix arbitrary code execution 2004-10-12 joey infodrom org (Martin Schulze) Regression in IE: Accessing remote/local content in IE (GM#009-IE) 2004-10-12 GreyMagic Security (security greymagic com) For further information on the regression itself see "Solution" section. GreyMagic Security Advisory GM#009-IE ===================================== By GreyMagic Software, 23 Aug 2002, 12 Oct 2004. Available in HTML format at http://www.greymagic.com/security/advisories/gm009-ie/. Topic: Access [ more ] [ reply ] [SECURITY] [DSA 563-1] New cyrus-sasl packages fix arbitrary code execution 2004-10-12 joey infodrom org (Martin Schulze) Insecure Default Service DACL's in Windows 2003 2004-10-11 Ziots, Edward (EZiots Lifespan org) To the list, In my documentation of the Default DACL on Windows 2003 Services, I have found and confirmed the following: Both the Distributed Link tracking Server Service and Internet Connection Firewall Service have the Default DACL of Everyone:Full Control, which basically lets anyone connect [ more ] [ reply ] FW: problem in voip environment 2004-10-12 Walton, John Michael (John) (jmwalton avaya com) Reposting...first attempt didn't seem to make it onto the list. ------ Loic- It sounds like both the PC and IP phone are in the same subnet/VLAN. If they are, you will always be able to ping the phone from the PC because they are on the same logical wire. Suggestions: 1a.) Verify the IP pho [ more ] [ reply ] MonkeyShell: using XML-RPC for access to a remote shell 2004-10-11 Abe Usher (securitylist sharp-ideas net) Security pundits have been warning about the dangers implicit with Web services for years. A good starting point for understanding the security issues related to Web services can be found at: http://searchwebservices.techtarget.com/originalContent/0,289142,sid26_g ci872720,00.html Of course to reall [ more ] [ reply ] Micronet wireless broadband router SP916BM admin password reset when power off 2004-10-12 MrJoe (mrjoe host sk) Product: Micronet Wireless Broadband Router, Model No.: SP916BM Bug: When you power off this router, password for user "admin" is set back to default "admin". But to change the password you must know password that was set before power off. By default you cannot access web interface from outsi [ more ] [ reply ] Microsoft cabarc directory traversal 2004-10-12 Jelmer (jkuperus planet nl) Description: Cabarc is a command line tool to create and extract cabinet files (.cab) it is included in the Windows Support Tools package It is subject to a directory traversal bug similar to those found in unzip, unarj etc.. Technical Details: ..\file fails ../file defeats the protection Demon [ more ] [ reply ] [SECURITY] [DSA 562-1] New mysql packages fix several vulnerabilities 2004-10-11 joey infodrom org (Martin Schulze) [MAxpatrol Security Advisory] Multiple vulnerabilities in GoSmart Message Board 2004-10-11 Alexander Antipov (antipov SecurityLab ru) This vulnerability was discovered by Positive Technologies using MaxPatrol (www.maxpatrol.com) - intellectual professional security scanner. It is able to detect a substantial amount of vulnerabilities not published yet. MaxPatrol's intelligent algorithms are also capable to detect a lot of vulnerab [ more ] [ reply ] [SECURITY] [DSA 458-3] New python2.2 packages really fix buffer overflow and restore functionality 2004-10-10 joey infodrom org (Martin Schulze) [ GLSA 200410-06 ] CUPS: Leakage of sensitive information 2004-10-09 Kurt Lieber (klieber gentoo org) Limited \secure\ buffer-overflow in some old Monolith games 2004-10-08 Luigi Auriemma (aluigi autistici org) MDKSA-2004:106 - Updated cyrus-sasl packages fix local vulnerability 2004-10-07 Mandrake Linux Security Team (security linux-mandrake com) ASP.NET cannonicalization issue 2004-10-07 Evans, Arian (Arian Evans fishnetsecurity com) Hadn't seen this on the lists yet: Cannonicalization issue in ASP.NET <snip> Microsoft is currently investigating a reported vulnerability in Microsoft ASP.NET. An attacker can send specially crafted requests to the server and view secured content without providing the proper credentials. This rep [ more ] [ reply ] [ GLSA 200410-05 ] Cyrus-SASL: Buffer overflow and SASL_PATH vulnerabilities 2004-10-07 Kurt Lieber (klieber gentoo org) [SECURITY] [DSA 560-1] New lesstif packages fix several vulnerabilities 2004-10-07 joey infodrom org (Martin Schulze) HTTP Response Splitting Vulnerability in Wordpress 1.2 2004-10-06 Chaotic Evil (chaoticevil spyring com) SECURITY ADVISORY: HTTP Response Splitting in WordPress 1.2 AUTHOR: Chaotic Evil (chaoticevil $$$at$$$ spyring $$$dot$$$ com) DATE: October 6th, 2004 PRODUCT: WordPress 1.2 (wordpress.org) FROM THE VENDOR WEBSITE: WordPress is a state-of-the-art semantic personal publishing platform with a focu [ more ] [ reply ] [SECURITY] [DSA 600-1] New samba packages fix arbitrary file access 2004-10-07 joey infodrom org (Martin Schulze) [HV-HIGH] MS Word multiple exceptions, at least one exploitable 2004-10-06 vuln hexview com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 MS Word multiple exceptions, at least one exploitable. Classification: =============== Level: low-MED-[high]-crit ID: HEXVIEW*2004*10*06*1 Overview: ========= MS Word is a highly overrated and widely used text processor, a part of monstrous collection [ more ] [ reply ] Re: Buffer Overflow in Spider game 2004-10-06 Matt Zimmerman (mdz debian org) On Tue, Oct 05, 2004 at 07:56:53AM +0200, van Helsing wrote: > He didn't said DEBIAN is affected. > He just said it's contained in Debian. The message made a claim that a vulnerability existed in a package in Debian which allowed access to gid 'games'. That is not the case. -- - mdz [ more ] [ reply ] New Microsoft Security Response Center PGP Key [pgp] 2004-10-05 Microsoft Security Response Center (secure microsoft com) Hello! The Microsoft Security Response Center has generated a new PGP key. We use this key to sign all security bulletin notifications and encourage others to use this key when sending sensitive information to us. Our new key is available at: - https://www.microsoft.com/technet/security/bullet [ more ] [ reply ] Patch available for high risk flaws in the AtHoc Toolbar 2004-10-06 NGSSoftware Insight Security Research (nisr nextgenss com) Mark Litchfield and John Heasman of NGSSoftware have discovered two high risk vulnerabilities in the AtHoc Toolbar. The AtHoc toolbar is a plugin for Microsoft's Internet Explorer. The toolbar is redistributed to users of eBay Accenture ThomasRegister ThomasRegional Juniper Networks WiredNews CarF [ more ] [ reply ] Re: Multiple vulnerabilities in BlackBoard 2004-10-06 Yves Goergen (contact unclassified de) In-Reply-To: <20041006105643.22566.qmail (at) www.securityfocus (dot) com [email concealed]> Hello Xiaofeng, I'm new to this site so I don't know if it's use to not inform the programme author before publishing security related information. Anyway, there's a patch available for this problem for some minutes now. You can [ more ] [ reply ] [SECURITY] [DSA 558-1] New libapache-mod-dav packages fix potential denial of service 2004-10-06 joey infodrom org (Martin Schulze) |
|
Privacy Statement |
Hash: SHA1
- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 563-2 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Martin Schulze
October 12th, 2004
[ more ] [ reply ]