|
|
Prev week |
Colapse all |
Post message
Re: Apple, Apple Remote Desktop client [Multiple vulnerabilities] 2004-09-08 Jérôme ATHIAS (jerome athias caramail com) Insecure Temporary File Creation Vulnerability in Net-Acct 2004-09-08 Jérôme ATHIAS (jerome athias caramail com) Net-Acct is a user-space daemon which generates log files of network traffic for accounting purposes. Initially created by Ulrich Callmeier, it is now worked upon occasionally by a team of volunteers on the list net-acct*CoLi.Uni-SB.DE, questions are best asked there or net-acct*exorsus.net. S [ more ] [ reply ] Cerulean Studios Trillian 0.74i Buffer Overflow in MSN module exploit 2004-09-08 Jérôme ATHIAS (jerome athias caramail com) DATE 08/09/2004 PRODUCT Trillian is a chat client currently supporting IRC, AIM, ICQ, MSN Messenger, and Yahoo! Messenger. (from readme.txt file) DETAILS A buffer overflow vulnerability in basic edition version 0.74i (latest version) occours in the MSN module when receiving a string of ar [ more ] [ reply ] MDKSA-2004:090 - Updated zlib packages fix DoS vulnerability 2004-09-08 Mandrake Linux Security Team (security linux-mandrake com) Re: [XSS] PHP-Nuke 7.4 Bugs 2004-09-05 Blaine Elzey (lz lzmarine net) This seems like more of a SQL injection bug. $admin value "eCcgVU5JT04gU0VMRUNUIDEvKjox" decodes to "x' UNION SELECT 1/*:1" which will cause the pwd check to be manipulated into union selecting the valid password. 7.4 Patch can be in auth.php, replace line (about) 61 if ($aid=="" || $pwd=="") { [ more ] [ reply ] Re: cdrdao local root exploit 2004-09-07 3APA3A (3APA3A SECURITY NNOV RU) Dear Jérôme ATHIAS, This bug was originally reported to Bugtraq by Andreas Mueller on January, 15 2002 --Sunday, September 5, 2004, 11:16:42 PM, you wrote to bugtraq (at) securityfocus (dot) com [email concealed]: JA> if [ ! -L $HOME/.cdrdao ];then echo "Could'n link to \$HOME/.cdrdao" -- ~/ZARAZA Íåïðèÿòíîñòè íà÷ [ more ] [ reply ] [SNS Advisory No.77] Usermin Remote Arbitrary Shell Command Execution Vulnerability 2004-09-07 snsadv lac co jp (snsadv) ---------------------------------------------------------------------- SNS Advisory No.77 Usermin Remote Arbitrary Shell Command Execution Vulnerability Problem first discovered on: Sun, 11 Apr 2004 Published on: Tue, 7 Sept 2004 --------------------------------------------------------------------- [ more ] [ reply ] mpg123 buffer overflow vulnerability 2004-09-07 Davide Del Vecchio (dante alighieri org) ======================================================= mpg123-0.59r buffer overflow vulnerability ======================================================= Davide Del Vecchio Adv#10 Discovered in: 16/08/2003 Date: 06/09/2003 Version affected: mpg123-0.59r and maybe mpg123-0.59s CVE: CAN-2004-080 [ more ] [ reply ] Site News Authentication Error May Let Local Users Add Messages 2004-09-05 Jérôme ATHIAS (jerome athias caramail com) Bug XSS in PsNews 1.1 2004-09-05 Michal Blaszczak (wacky nicponie org) °°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°° *5-9-2004 *Autor: wacky *E-mail: wacky (at) nicponie (dot) org [email concealed] *WWW: http://www.nicponie.org °°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°° ----------------------------------------------- |BugCross-Site Scripting (XSS) w PsNews [ more ] [ reply ] Good Patch to Multiple [XSS] Vulnerabilities in PHP-Nuke 7.4 2004-09-06 Pierquinto Manco (pierquinto gmail com) ************************************************************** * CODEBUG Labs * Patch #1 * Title: Multiple XSS Bug in admin.php * Author: Pierquinto 'Mantra' Manco * Product: PHP-Nuke 7.4 * Web: http://www.mantralab.org * * Register to our site and receive our newsletter! ************ [ more ] [ reply ] [XSS] PHP-Nuke 7.4 Newsletter Injection Bug 2004-09-05 Pierquinto Manco (mantra ntj it) ************************************************************** * CODEBUG Labs * Advisory #5 * Title: Newsletter Injection Bug * Author: Pierquinto 'Mantra' Manco * Product: PHP-Nuke 7.4 * Type: XSS * Web: http://www.mantralab.org * ****************************************************** [ more ] [ reply ] [ GLSA 200409-10 ] multi-gnome-terminal: Information leak 2004-09-06 Thierry Carrez (koon gentoo org) Apple, Apple Remote Desktop client 2004-09-05 Adam Shostack (adam homeport org) In Software Update, I see: > The Apple Remote Desktop Client version 1.2.4 update delivers > improvements to security, performance, and reliability of the Apple > Remote Desktop 1.2 client software running on Mac OS X versions > 10.1, 10.2 and 10.3. For more information on this update, please > refe [ more ] [ reply ] cdrdao local root exploit 2004-09-05 Jérôme ATHIAS (jerome athias caramail com) #!/bin/sh DIR=`pwd` echo "" echo "cdrdao local root exploit - gr doesn't protect you this time" echo "Karol Wiêsek <appelast*drumnbass.art.pl>" echo "" sleep 2 umask 000 echo -n "[*] Checking if /etc/ld.so.preload doesn't exist ... " if [ -f /etc/ld.so.preload ]; then echo "WRONG" echo [ more ] [ reply ] [RLSA_01-2004] QNX PPPoEd local root vulnerabilities 2004-09-05 Julio Cesar Fort (julio rfdslabs com br) Denial of service in Brocade switches (was: Engenio/LSI Logic controllers denial of service/data corruption) 2004-09-05 Jedi/Sector One (j pureftpd org) This is a modified advisory about the specific Brocade case. Product : all Brocade fiber channel switches running pre-3.2 code including Silkworm 3800, Silkworm 3200 and Silkworm 2800. Vuln. : Remotely exploitable denial of service Date : 09/05/2004 Author : Frank Denis <j (at) pureftpd (dot) org [email concealed]>, test [ more ] [ reply ] serverview 3.0 - insecure file permissions 2004-09-06 Rene (l0om excluded org) date: 06.09.2004 author: l0om - l0om [at] excluded d0t org - www.excluded.org product: serverview problem: insecure file permissions version: 3.0??? serverview is a server management product from fujitsu siemens which is shipped with every PRIMERGY server. it is based on snmp an let you [ more ] [ reply ] SUSE Security Announcement: apache2 (SUSE-SA:2004:030) 2004-09-06 krahmer suse de (Sebastian Krahmer) OpenCA Security Advisory: Cross Site Scripting vulnerability 2004-09-06 Martin Bartosch (martin bartosch gmx de) OpenCA Security Advisory: Cross Site Scripting vulnerability Authors Martin Bartosch <mb-bugtraq (at) cynops (dot) de [email concealed]> Michael Bell <michael.bell (at) cms.hu-berlin (dot) de [email concealed]> 2004-09-01 Initial revision 2004-09-06 Public release Summary ------- The OpenCA Project is a collaborative effort to develop a robust, [ more ] [ reply ] Cross-Site Scripting Vulnerability in Newtelligence DasBlog 2004-09-01 Dominick Baier (seclists leastprivilege com) ERNW Security Advisory Cross-Site Scripting Vulnerability in Newtelligence DasBlog Author: Dominick Baier <dbaier (at) ernw (dot) de [email concealed]> 1. Summary: A XSS (Cross-Site-Scripting) Vulnerability in DasBlog's Event and Activity Viewer allows to inject and execute code on the client's machine. This allows an attac [ more ] [ reply ] Patch available for multiple critical flaws in Oracle 2004-08-31 NGSSoftware Insight Security Research (nisr nextgenss com) Researchers at NGSSoftware have discovered multiple critical vulnerabilities in Oracle Database Server and Oracle Application Server. Versions affected include Oracle Database 10g Release 1 Version 10.1.0.2 Oracle9i Database Server Release 2, versions 9.2.0.4 and 9.2.0.5 Oracle9i Database Server [ more ] [ reply ] [ GLSA 200409-08 ] Ruby: CGI::Session creates files insecurely 2004-09-03 Sune Kloppenborg Jeppesen (jaervosz gentoo org) [XSS] PHP-Nuke 7.4 DelAdmin Bug 2004-09-04 Pierquinto Manco (mantra ntj it) ************************************************************** * CODEBUG Labs * Advisory #2 * Title: DelAdmin Bug * Author: Pierquinto 'Mantra' Manco * Product: PHP-Nuke 7.4 * Type: XSS * Web: http://www.mantralab.org * ************************************************************** [ more ] [ reply ] |
|
Privacy Statement |
Mac OS X CoreFoundation Buffer Overflow and Library Loading Bugs Let Local Users Gain Elevated Privileges
References:
http://securitytracker.com/id?1011174
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0821
http:/
[ more ] [ reply ]