|
|
Colapse all |
Post message
[SECURITY] [DSA 551-1] New lukemftpd packages fix arbitrary code execution 2004-09-21 joey infodrom org (Martin Schulze) [ GLSA 200409-28 ] GTK+ 2, gdk-pixbuf: Multiple image decoding vulnerabilities 2004-09-21 Thierry Carrez (koon gentoo org) Re: glFTPd local stack buffer overflow 2004-09-21 Bloody_A (bloody_a glftpd com) In-Reply-To: <20040919041243.22505.qmail (at) www.securityfocus (dot) com [email concealed]> The glFTPd dupescan utility is an extra tool provided by the glFTPd team to give users the possibility to search the dupelog from the shell. glFTPd does not use this program for normal operation. A patch to fix this problem has been [ more ] [ reply ] CA UniCenter Management Portal Username Enumeration Vulnerability 2004-09-21 thomas adams (tgadams bellsouth net) Multiple Vulnerabilities In EmuLive Server4 2004-09-21 GulfTech Security (security gulftech org) ########################################################## # GulfTech Security Research September 20th, 2004 ########################################################## # Vendor : Emulive Imaging Corporation # URL : http://www.emulive.com # Version : EmuLive Server4 Commerce Edition Build [ more ] [ reply ] [ GLSA 200409-26 ] Mozilla, Firefox, Thunderbird, Epiphany: New releases fix vulnerabilities 2004-09-20 Thierry Carrez (koon gentoo org) Multiple Full Disclosure Path in postnuke 0.750 phoenix 2004-09-19 Jérôme ATHIAS (jerome athias caramail com) ##################################################################### # [CODEBUG Labs] # # Advisory #6 # # Title: Multiple Full Disclosure Path in postnuke 0.750 phoenix # # Author: FAiN182 - fain182 (at) infinito (dot) it [email concealed] # # Product: Postnuke 0.750 Phoenix # # Type: Full disclosure path # # Web: htt [ more ] [ reply ] [ GLSA 200409-24 ] Foomatic: Arbitrary command execution in foomatic-rip filter 2004-09-20 Joshua J. Berry (condordes gentoo org) [ GLSA 200409-25 ] CUPS: Denial of service vulnerability 2004-09-20 Thierry Carrez (koon gentoo org) glFTPd local stack buffer overflow 2004-09-19 CoKi (coki nosystem com ar) ------------------------------------------------- No System Group - Advisory #05 - 18/09/04 ------------------------------------------------- Program: glFTPd Homepage: http://www.glftpd.com Vulnerable Versions: glFTPd v2.00RC3 and prior Risk: Low / Medium Impact: Local Stack Buffer Overfl [ more ] [ reply ] Local root compromise possible with getmail 2004-09-19 David Watson (baikie ehwhat freeserve co uk) The following vulnerabilities apply to all releases of getmail prior to 3.2.5, and all version 4 releases prior to 4.2.0. They do not apply where getmail is run as an unprivileged user, or where an unprivileged external MDA is used for the final delivery of mail. They are not exploitable remotely [ more ] [ reply ] [SECURITY] [DSA 550-1] New wv packages fix arbitrary command execution 2004-09-20 joey infodrom org (Martin Schulze) Serious Security Issue in Windows XP SP2's Firewall 2004-09-19 Andreas Marx (amarx gega-it de) Hello, this might be interesting for you (see below): Please note that all screenshots and more details can be found in the German article only (see links), the English one is slightly shortened. cheers, Andreas Marx PC-WELT discovers and fixes serious security issue in Windows XP SP2 by Andre [ more ] [ reply ] CoD United Offensive boom boom 2004-09-18 Luigi Auriemma (aluigi autistici org) An update for the Call of Duty bug (http://aluigi.altervista.org/adv/codboom-adv.txt) The 15th September 2004 has been officially released the expansion pack called United Offensive. It is an expansion pack but uses a new executable that unfortunally has not been fixed for the shutdown bug I repor [ more ] [ reply ] FreeBSD Security Advisory FreeBSD-SA-04:14.cvs 2004-09-20 FreeBSD Security Advisories (security-advisories freebsd org) Default username/password pairs in ON Command CCM 5.x database backend 2004-09-20 Jonas Olsson (jonas olsson takeit se) Tool announcement: fakebust 2004-09-19 Michal Zalewski (lcamtuf ghettot org) Good morning, I am proud to announce the availability of fakebust 0.1 beta. Fakebust is a simple, open-source, user-friendly, intuitive and very rapid malicious code analyzer that can partly replace and in certain aspects outperform an expensive, strictly controlled sandbox setup. The tool can be [ more ] [ reply ] Debian netkit telnetd vulnerability 2004-09-18 Michal Zalewski (lcamtuf ghettot org) (1 replies) Exposure: Remote root compromise through buffer handling flaws Confirmed vulnerable: Up-to-date Debian 3.0 woody (issue is Debian-specific) Debian netkit-telnet-ssl-0.17.24+0.1 package Debian netkit-telnet-ssl-0.17.17+0.1 package Mitigating factors: Telnet service must be running and [ more ] [ reply ] AOL Groups/AIM Information Disclosure 2004-09-15 Link Linkovich (linkovich gmail com) AOL Groups/AIM Information Disclosure Link Linkovich Sept 18, 2004 ---BACKGROUND--- *AIM/EMAIL When a user creates an AOL Instant Messanger(AIM) account they are asked to provide an email address for the purpose of recovering lost passwords. This email address is not published anywhere as a link t [ more ] [ reply ] wp-04-0001: Multiple Browser Cookie Injection Vulnerabilities 2004-09-15 Paul Johnston (paul westpoint ltd uk) Westpoint Security Advisory --------------------------- Title: Multiple Browser Cookie Injection Vulnerabilities Risk Rating: Low Software: Multiple Web Browsers Platforms: Unix and Windows Author: Paul Johnston <paul (at) westpoint.ltd (dot) uk [email concealed]> assisted by Richard Moore < [ more ] [ reply ] Microsoft WordPerfect 5.x Converter Heap Overflow 2004-09-14 NGSSoftware Insight Security Research Advisory (nisr ngssoftware com) |
|
Privacy Statement |
I. ABSTRACT
Almost any device having IP stack with enabled ICMP can be used to
be a tunnel redirector.
II. DESCRIPTION
Let's imagine in Net a hacker having his source server(S), destination
server(D), and a ip-capable device - victim(V). S sends to V spoofe
[ more ] [ reply ]