|
|
Colapse all |
Post message
[hackgen-2004-#001] - Non-critacal Cross-Site Scripting bug in CuteNews 2004-09-02 Exoduks (exoduks gmail com) MDKSA-2004:088 - Updated krb5 packages fix multiple vulnerabilities 2004-09-01 Mandrake Linux Security Team (security linux-mandrake com) Exploit: AIM Exploit (Ignore Previous Post) 2004-09-01 John Bissell (monkey321_1 hotmail com) Hi people, sorry I'm posting this again but I made a slight error in the code on submission. The error was in the reverse_shellcode return address which I just edited to be more universal using a universal AOL module return address... /* Begin Exploit Code */ /* * AIM Away Message Buffer O [ more ] [ reply ] [ GLSA 200409-01 ] vpopmail: Multiple vulnerabilities 2004-09-01 Sune Kloppenborg Jeppesen (jaervosz gentoo org) SSHD / AnonCVS Nastyness 2004-08-31 Dragos Ruiu (dr kyx net) SSHD / AnonCVS Port Bouncing Nastyness Advisory URL: http://pacsec.jp/advisories.html Summary: -------- Sites with default SSHD configs and anonymous CVS or other "public" access are vulnerable to port bounce attacks. Details: -------- SSHD defaults to AllowTcpForwarding "yes" in /etc/ssh/sshd_co [ more ] [ reply ] Multiple Vulnerabilities In phpWebsite 2004-09-01 GulfTech Security (security gulftech org) ########################################################## # GulfTech Security Research August, 31st 2004 ########################################################## # Vendor : phpWebSite Development Team # URL : http://phpwebsite.appstate.edu/ # Version : phpWebsite 0.9.3-4 And Earlier [ more ] [ reply ] RE: CuteNews News.txt writable to world 2004-08-30 Albert Puigsech Galicia (ripe 7a69ezine org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Sunday 29 August 2004 10:39, e0r wrote: > Date: August 29, 2004 > Vender: http://www.cutephp.com/ > Program: CuteNews > Versions affected: => 1.3.6 > Bug: CuteNews News.txt writable to world > Type: > Author: e0r > www: http://www.rootthief.c [ more ] [ reply ] [nisr (at) nextgenss (dot) com [email concealed]: Patch available for multiple critical flaws in Oracle] 2004-09-01 David Ahmad (da securityfocus com) ----- Forwarded message from NGSSoftware Insight Security Research <nisr (at) nextgenss (dot) com [email concealed]> ----- From: "NGSSoftware Insight Security Research" <nisr (at) nextgenss (dot) com [email concealed]> Subject: Patch available for multiple critical flaws in Oracle To: <bugtraq (at) securityfocus (dot) com [email concealed]>, <NTBUGTRAQ (at) LISTSERV.NTBUGTRAQ (dot) COM [email concealed]>, <vul [ more ] [ reply ] RE: Security Center and Windows XP clients in domain, 20040831062712.31317.qmail (at) www.securityfocus (dot) com [email concealed] 2004-09-01 Sym Security (secure symantec com) ------------------ On 80312004, albatross posted the following: >From the Symantec site: >Q: Which Symantec products will the product update apply to? >A: The product update applies to customers who use Symantec Client >Security, Symantec AntiVirus Corporate Edition, and Symantec AntiVirus Ente [ more ] [ reply ] [security bulletin] SSRT3657 rev.3 HP-UX CDE libDtHelp buffer overflow 2004-08-31 Boren, Rich (SSRT) (rich boren hp com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ----------------------------------------------------------------- **REVISED 03** Source: HEWLETT-PACKARD COMPANY SECURITY BULLETIN: HPSBUX0311-297 Originally issued: 16 November 2003 Last revised: 30 August 2004 SSRT3657 rev.3 CDE libDtHelp --- [ more ] [ reply ] New security tools and papers released 2004-09-01 shadown (shadown gmail com) Hi, Today I've released some security papers/presentations that I've done about Exploit coding techniques, Pen-Testing Methologies, and forensics. And fuzzer v1.0, a Protocol Fuzzing Tool written in python to let it runs on mulpi platforms. Give them a try, I hope u enjoy them. get them at [ more ] [ reply ] ADVISORY: http response splitting hole in Comersus shopping cart 2004-09-01 Maestro De-Seguridad (maestrodeseguridad lycos com) ADVISORY Author: Maestro (me!) Date: 01-SEP-04 Vendor: Comersus (www.comersus.com) Product: Comersus Shopping Cart 5.0991 Problem: Http response splitting (web cache poisoning, xss, yadayadayada) - http://www.packetstormsecurity.org/papers/general/whitepaper_httprespons e.pdf Exploit: [ more ] [ reply ] RE: Security Center and Windows XP clients in domain 2004-09-01 David Webster (dwebster wittig com) I just installed WINXP SP2 on my laptop which is already a member of a WIN2003 domain, and post install it had these settings. 1)security center was enabled 2)the Windows Firewall was set to ON (recommended) on all three interfaces (LAN, WAN, Cisco VPN adapter). I am running version 8.00.9374 of S [ more ] [ reply ] Cross-Site Scripting Vulnerability in Newtelligence DasBlog 2004-09-01 Dominick Baier (seclists leastprivilege com) ERNW Security Advisory Cross-Site Scripting Vulnerability in Newtelligence DasBlog Author: Dominick Baier <dbaier (at) ernw (dot) de [email concealed]> 1. Summary: A XSS (Cross-Site-Scripting) Vulnerability in DasBlog's Event and Activity Viewer allows to inject and execute code on the client's machine. This allows an attac [ more ] [ reply ] [ GLSA 200409-02 ] MySQL: Insecure temporary file creation in mysqlhotcopy 2004-09-01 Thierry Carrez (koon gentoo org) SUSE Security Announcement: kernel (SUSE-SA:2004:028) 2004-09-01 Thomas Biege (thomas suse de) (1 replies) -----BEGIN PGP SIGNED MESSAGE----- ________________________________________________________________________ ______ SUSE Security Announcement Package: kernel Announcement-ID: SUSE-SA:2004:028 Date: Wednesday, [ more ] [ reply ] Re: SUSE Security Announcement: kernel (SUSE-SA:2004:028) 2004-09-02 Paul Starzetz (paul starzetz de) Samba FindNextPrintChangeNotify() Error Lets Remote Authenticated Users Crash smbd 2004-08-31 Jérôme ATHIAS (jerome athias caramail com) OpenServer 5.0.6 OpenServer 5.0.7 : apache mod_digest Incorrect Client Response Verification Vulnerability 2004-08-31 please_reply_to_security sco com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ________________________________________________________________________ ______ SCO Security Advisory Subject: OpenServer 5.0.6 OpenServer 5.0.7 : apache mod_digest Incorrect Client Response Verification Vulnerability Advisory number: SCOSA-2004 [ more ] [ reply ] Cisco Security Advisory: Vulnerabilities in Kerberos 5 Implementation 2004-08-31 Cisco Systems Product Security Incident Response Team (psirt cisco com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Vulnerabilities in Kerberos 5 Implementation Revision 1.0 For Public Release 2004 August 31 1830 UTC (GMT) - ---------------------------------------------------------------------- Contents ======== Summary Affected [ more ] [ reply ] Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes 2004-08-31 Jérôme ATHIAS (jerome athias caramail com) Date: Tue, 31 Aug 2004 00:38:05 -0400 Subject: http://www.blackboxvoting.org/?q=node/view/78 BlackBoxVoting.org reported a vulnerability in the Diebold GEMS central tabulator. A local authenticated user can enter a two-digit code in a certain "hidden" location to cause a second set of [ more ] [ reply ] OpenServer 5.0.6 OpenServer 5.0.7 : squid %-encoded characters in a URL 2004-08-31 please_reply_to_security sco com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ________________________________________________________________________ ______ SCO Security Advisory Subject: OpenServer 5.0.6 OpenServer 5.0.7 : squid %-encoded characters in a URL Advisory number: SCOSA-2004.13 Issue date: 2004 August 31 Cr [ more ] [ reply ] |
|
Privacy Statement |
Hash: SHA1
- ------------------------------------------------------------------------
--
Trustix Secure Linux Bugfix Advisory #2004-0045
Package name: kerberos5
Summary: Multiple security holes
Date: 2004-09-02
Affected versions: Trusti
[ more ] [ reply ]