|
|
Colapse all |
Post message
Vulnerability in IBM Windows XP: default hidden Administrator account allows local Administrator access 2004-09-15 Michael Scheidell (scheidell secnap net) Vulnerability in IBM Windows XP default hidden Administrator account allows local Administrator access Systems: IBM Workstations, Laptops, etc. Vulnerable: IBM Systems with preinstalled Microsoft Windows XP Professional RTM and SP1 Not Vulnerable: IBM Systems without Windows XP Professional Severity [ more ] [ reply ] [ANNOUNCE] Apache HTTP Server 2.0.51 Released 2004-09-15 Sander Striker (striker apache org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Apache Software Foundation and the The Apache HTTP Server Project are pleased to announce the release of version 2.0.51 of the Apache HTTP Server ("Apache"). This Announcement notes the significant changes in 2.0.51 as compared to 2.0.50. This ve [ more ] [ reply ] [SECURITY] [DSA 545-1] New cupsys packages fix denial of service 2004-09-15 joey infodrom org (Martin Schulze) PHP Vulnerability N. 1 2004-09-15 Stefano Di Paola (stefano dipaola wisec it) Hi all, This summer i have been playing around with some php issue and got some php vulnerabilities.. Let's go for the first one: ========================================================== Title: php(super)info(). Affected: Php <= 5.0.1 Not Affected: it seems Php <= 4.1.2 Vulnerability Type: Ex [ more ] [ reply ] MDKSA-2004:095 - Updated gdk-pixbuf packages fix image loading vulnerabilities 2004-09-15 Mandrake Linux Security Team (security linux-mandrake com) MDKSA-2004:094 - Updated printer-drivers packages fix vulnerability in foomatic 2004-09-15 Mandrake Linux Security Team (security linux-mandrake com) MDKSA-2004:093 - Updated squid packages fix DoS vulnerability 2004-09-15 Mandrake Linux Security Team (security linux-mandrake com) [OpenPKG-SA-2004.042] OpenPKG Security Advisory (aspell) 2004-09-15 OpenPKG (openpkg openpkg org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ________________________________________________________________________ OpenPKG Security Advisory The OpenPKG Project http://www.openpkg.org/security.html http://www.openpkg.org openpkg-security (at) openpkg (dot) org [email concealed] [ more ] [ reply ] McAfee VirusScan Privilege Escalation Vulnerability [iDEFENSE] 2004-09-15 Jérôme ATHIAS (jerome athias caramail com) McAfee VirusScan Privilege Escalation Vulnerability iDEFENSE Security Advisory 09.14.04: I. BACKGROUND McAfee VirusScan is a popular real-time virus protection application. For more information see http://www.mcafee.com. II. DESCRIPTION Local exploitation of a design error vulnerab [ more ] [ reply ] [OpenPKG-SA-2004.040] OpenPKG Security Advisory (samba) 2004-09-15 OpenPKG (openpkg openpkg org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ________________________________________________________________________ OpenPKG Security Advisory The OpenPKG Project http://www.openpkg.org/security.html http://www.openpkg.org openpkg-security (at) openpkg (dot) org [email concealed] [ more ] [ reply ] SMC7004VWBR / SMC7008ABR "spoofing" vulnerability. 2004-09-15 Jimmy Scott (jimmy inet-solutions be) SMC7004VWBR / SMC7008ABR "spoofing" vulnerability. Background: ----------- When you visit the main page of the SMC7004VWBR, it checks if someone is already logged in (on IP basis!). If someone is logged in, it shows you the admin's IP, if not, or you have that IP, it displays you the login scre [ more ] [ reply ] New Mozilla, Firefox and Thunderbird releases fix critical security issues 2004-09-15 Gaël Delalleau gael.delalleau+moz (at) m4x (dot) org [email concealed] (gael delalleau+moz m4x org) (This is not an official Mozilla advisory. My goal here is to bring awareness about these issues to the users of Mozilla-based products, and to provide some links to more detailed technical information about the security bugs I found.) Overview -------- Firefox Preview Release, Thunderbird 0.8, a [ more ] [ reply ] Re: Correction to latest Colsaire advisories 2004-09-15 advisories (advisories corsaire com) Rather than cross posting stuff verbatim from full-disclosure (it's there for anyone who wants to read it), in summary: At the time the research was conducted (August 2003) Corsaire looked around for as much information as possible prior to commencing. There were a number of individual MIME issues [ more ] [ reply ] Corsaire Security Advisory - Multiple vendor MIME field whitespace issue 2004-09-14 advisories (advisories corsaire com) -- Corsaire Security Advisory -- Title: Multiple vendor MIME field whitespace issue Date: 04.08.03 Application: various Environment: various Author: Martin O'Neal [martin.oneal (at) corsaire (dot) com [email concealed]] Audience: General distribution Reference: c030804-003 -- Scope -- The aim of this document is to clearl [ more ] [ reply ] Corsaire Security Advisory - Multiple vendor MIME RFC2231 encoding issue 2004-09-14 advisories (advisories corsaire com) -- Corsaire Security Advisory -- Title: Multiple vendor MIME RFC2231 encoding issue Date: 04.08.03 Application: various Environment: various Author: Martin O'Neal [martin.oneal (at) corsaire (dot) com [email concealed]] Audience: General distribution Reference: c030804-008 -- Scope -- The aim of this document is to clearly [ more ] [ reply ] Microsoft GDIPlus.DLL JPEG Parsing Engine Buffer Overflow 2004-09-14 Nick D. (ndebaggis verizon net) Microsoft GDIPlus.DLL JPEG Parsing Engine Buffer Overflow ----------------------------------------------------------------- Advisory: September 14, 2004 Reported: October 7, 2003 Systems affected based on testing: Windows XP SP0,SP1,SP1a (Home & Pro) Systems potentially affected based on Microsoft [ more ] [ reply ] [ GLSA 200409-18 ] cdrtools: Local root vulnerability in cdrecord if set SUID root 2004-09-14 Sune Kloppenborg Jeppesen (jaervosz gentoo org) Corsaire Security Advisory - Multiple vendor MIME field quoting issue 2004-09-14 advisories (advisories corsaire com) -- Corsaire Security Advisory -- Title: Multiple vendor MIME field quoting issue Date: 04.08.03 Application: various Environment: various Author: Martin O'Neal [martin.oneal (at) corsaire (dot) com [email concealed]] Audience: General distribution Reference: c030804-004 -- Scope -- The aim of this document is to clearly de [ more ] [ reply ] Corsaire Security Advisory - Multiple vendor MIME RFC2047 encoding issue 2004-09-14 advisories (advisories corsaire com) (1 replies) -- Corsaire Security Advisory -- Title: Multiple vendor MIME RFC2047 encoding issue Date: 04.08.03 Application: various Environment: various Author: Martin O'Neal [martin.oneal (at) corsaire (dot) com [email concealed]] Audience: General distribution Reference: c030804-007 -- Scope -- The aim of this document is to clearl [ more ] [ reply ] Re: Corsaire Security Advisory - Multiple vendor MIME RFC2047 encoding issue 2004-09-15 David F. Skoll (dfs roaringpenguin com) Microsoft Office WordPerfect Converter Buffer Overflow Vulnerability 2004-09-14 Jérôme ATHIAS (jerome athias caramail com) Microsoft Office WordPerfect Converter Buffer Overflow Vulnerability http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0573 Peter Winter-Smith has reported a vulnerability in various Microsoft Office products, which can be exploited by malicious people to compromise a user's system. [ more ] [ reply ] [ GLSA 200409-17 ] SUS: Local root vulnerability 2004-09-14 Sune Kloppenborg Jeppesen (jaervosz gentoo org) Buffer Overrun in JPEG Processing (GDI+) Could Allow Code Execution [MS04-028] 2004-09-14 Jérôme ATHIAS (jerome athias caramail com) A buffer overrun vulnerability exists in the processing of JPEG image formats that could allow remote code execution on an affected system. Any program that processes JPEG images on the affected systems could be vulnerable to this attack, and any system that uses the affected programs or component [ more ] [ reply ] ADVISORY: http response splitting in snipsnap 2004-09-14 Maestro De-Seguridad (maestrodeseguridad lycos com) ADVISORY Author: Maestro (me!) Date: 14-SEP-04 Vendor: SnipSnap (www.snipsnap.org) Product: SnipSnap 0.5.2a Product description (from vendor website): SnipSnap is a free and easy to install weblog and wiki tool written in Java. Problem: Http response splitting (web cache poisoning, xss, ya [ more ] [ reply ] Rainbow tables for LM/NTLMv1 authentication 2004-09-14 Hidenobu Seki (seki atc yamatake co jp) Hello, I would recommend to read a Robert Hensing article. Why you shouldn't be using passwords of any kind on your Windows networks . . . http://blogs.msdn.com/robert_hensing/archive/2004/07/28/199610.aspx And, I don't recommend to rely on NoLMHash. http://www.securityfriday.com/Topics/w [ more ] [ reply ] |
|
Privacy Statement |
http://scary.beasts.org/security/CESA-2004-003.txt
libXpm multiple image parsing flaws
===================================
Programs affected: libXpm, and any programs which use libXpm to decode XPM
files. For example, the GIMP seems to use libXpm.
Severity: Compromise of acc
[ more ] [ reply ]