|
|
Colapse all |
Post message
[security bulletin]SSRT4826 rev.0 Mozilla Application Suite for HP Tru64 UNIX Multiple Potential Security Vulnerabilities 2004-10-05 Boren, Rich (SSRT) (rich boren hp com) Patch available for critical IBM DB2 Universal Database flaws 2004-10-05 NGSSoftware Insight Security Research (nisr nextgenss com) Researchers at NGSSoftware have discovered multiple critical/high risk vulnerabilities in IBM's DB2 Universal Database. Versions affected include DB2 8.1 Fixpak 7 and earlier IBM has updated Fixpak 6 and 7 to 6a and 7a to include fixes for these flaws. In all, 20 vulnerabilities, mostly remotely e [ more ] [ reply ] [ GLSA 200410-02 ] Netpbm: Multiple temporary file issues 2004-10-04 Thierry Carrez (koon gentoo org) [FLSA-2004:1324] Updated libxml2 resolves security vulnerability 2004-10-04 Marc Deslauriers (marcdeslauriers videotron ca) FreeBSD Security Advisory FreeBSD-SA-04:15.syscons 2004-10-04 FreeBSD Security Advisories (security-advisories freebsd org) [FLSA-2004:1325] Updated mod_python packages fix security vulnerability 2004-10-03 Dominic Hargreaves (dom earth li) [SECURITY] [DSA 557-1] New rp-pppoe packages fix potential root compromise 2004-10-04 joey infodrom org (Martin Schulze) Buffer Overflow in Spider game 2004-10-03 Security Team (security emuadmin com) (1 replies) Description: Spider 1.1 buffer overflow. Summary: A vulnerability has been discovered in the game spider, an application contained in the Debian GNU/Linux distribution. The vulnerability allows a local attacker to gain elevated privileges by overflowing the -s parameter. Impact: The attacker can g [ more ] [ reply ] [SECURITY] [DSA 556-1] New netkit-telnet packages fix invalid free 2004-10-03 Matt Zimmerman (mdz debian org) [FLSA-2004:1372] Updated sysstat packages fix securityvulnerabilities 2004-10-03 Marc Deslauriers (marcdeslauriers videotron ca) [LoWNOISE] IPSWITCH WhatsUp Gold 8.03 Remote fr33 exploit 2004-10-03 ET LoWNOISE (et cyberspace org) A nice exploit :) Hope you like it. #!/usr/bin/perl # [LoWNOISE] NotmuchG.pl v.1.5 # ================================================ # IPSWITCH WhatsUp Gold ver8.03 Remote Buffer Overflow Exploit # ================================================ # # Exploit by ET LoWNOISE Colombia # et(at)c [ more ] [ reply ] Re: cdrecord local root exploit 2004-10-02 Solar Designer (solar openwall com) On Sat, Oct 02, 2004 at 02:50:56PM -0400, Greg A. Woods wrote: > [ On Saturday, October 2, 2004 at 10:07:51 (+0400), Solar Designer wrote: ] > > Subject: Re: cdrecord local root exploit > > > > Actually, you can do it by creating an auxiliary directory and placing > > the configuration file in it: > [ more ] [ reply ] In-game format string in Judge Dredd vs. Death 1.01 2004-10-02 Luigi Auriemma (aluigi autistici org) Re:2. Code execution in Icecast 2.0.1(exploit with shellcode) 2004-10-02 me delikon de i added a shellcode which downloads NCAT from www.elitehaven.net. this ncat spwans a shell on port 9999 ------------------------------------------------------------------------ - C:\>iceexec 127.0.0.1 Icecast <= 2.0.1 Win32 remote code execution 0.1 by Luigi Auriemma e-mail: aluigi[at]altervista [ more ] [ reply ] [FLSA-2004:1733] Updated squirrelmail resolves security vulnerabilities 2004-10-02 Dominic Hargreaves (dom earth li) Security advisory - Xerces-C++ 2.5.0: Attribute blowup 2004-10-02 Amit Klein (AKsecurity) (aksecurity hotpop com) *** *** Security Advisory *** *** *** Xerces-C++ 2.5.0: Attribute blowup denial-of-service *** *** Author: Amit Klein *** Release Date: October 2nd, 2004 *** Description: An attacker can craft a malicious XML document, which uses XML attributes in a way that inflicts a denial of service conditi [ more ] [ reply ] On Polymorphic Evasion 2004-10-02 Phantasmal Phantasmagoria (phantasmal hush ai) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------ On Polymorphic Evasion by Phantasmal Phantasmagoria phantasmal (at) hush (dot) ai [email concealed] - ---- Table of Contents ------------- 1 - Prologue 2 - Introduction 3 - Detection 4 - Testing 5 - E [ more ] [ reply ] dbPowerAmp Buffer Overflow And Dos Vulnerabilities 2004-09-30 GulfTech Security (security gulftech org) ########################################################## # GulfTech Security Research September 27th, 2004 ########################################################## # Vendor : Illustrate # URL : http://www.dbpoweramp.com # Version : dbPowerAmp Music Converter 10.0 && Player 2.0 # Ris [ more ] [ reply ] Re: Oracle 9i Union Flaw 2004-10-01 Brandon Petty (bmpfg8 umr edu) (1 replies) In-Reply-To: <20040930224011.21783.qmail (at) www.securityfocus (dot) com [email concealed]> >A fellow student, here at UMR, has tested the MSAccess 2K/XP Union Flaw If you are wondering about the Access Union Flaw... I posted something that was, for the most part, incorrect about Access and how it handles Unions. There a [ more ] [ reply ] MDKSA-2004:104 - Updated samba packages fix vulnerability 2004-10-01 Mandrake Linux Security Team (security linux-mandrake com) [ GLSA 200410-01 ] sharutils: Buffer overflows in shar.c and unshar.c 2004-10-01 Thierry Carrez (koon gentoo org) Re: cdrdao local root exploit 2004-10-01 newbug Tseng (newbug chroot org) In-Reply-To: <1157225765.20040907131857 (at) SECURITY.NNOV (dot) RU [email concealed]> The vuln is still exist in cdrdao 1.1.9-5mdk + Mandrake 10 (beta 2). I think cdrdao should drop root permission before save the config. [newbug@localhost tmp]$ ls -al /blah ls: /blah: No such file or directory [newbug@localhost tmp]$ ln [ more ] [ reply ] |
|
Privacy Statement |
Wanna do a quick test to see if the programmers that wrote your windows operating system have any clue as to what there doing ? Run these commands from cmd.exe in the system32 directory:
for %i in (*.exe) do start %i %n%n%n%n%n%n%n%n%n%n%n%n%n%n%n%n%n%n%n%n
for %i in (*.exe) do start %i AA
[ more ] [ reply ]