|
|
Colapse all |
Post message
LNSA-#2004-0017: rsync (Aug, 17 2004) 2004-08-17 Vincenzo Ciaglia (ciaglia netwosix org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ************************************************************************ ************ Netwosix Linux Security Advisory #2004-0017 <http://www.netwosix.org> - ------------------------------------------------------------------------ ----------- Package name [ more ] [ reply ] Opera Local File/Directory Detection (GM#009-OP) 2004-08-17 GreyMagic Software (security greymagic com) GreyMagic Security Advisory GM#009-OP ===================================== By GreyMagic Software, 17 Aug 2004. Available in HTML format at http://www.greymagic.com/security/advisories/gm009-op/. Topic: Opera Local File/Directory Detection. Discovery date: 04 Aug 2004. Affected applications: == [ more ] [ reply ] vpopmail <= 5.4.2 (sybase vulnerability) 2004-08-17 Jérôme ATHIAS (jerome athias caramail com) Bug: format string and buffer overflow (sybase) Product: vpopmail <= 5.4.2 (sybase vulnerability) Author: Werro [werro (at) list (dot) ru [email concealed]] Realease Date : 12/08/04 Risk: Low Vendor status: Vendor is in a big shit :) Reference: http://web-hack.ru/unl0ck/advisories/ Overview: vpopmail is a set of p [ more ] [ reply ] [SECURITY] [DSA 539-1] New kdelibs packages fix denial of service 2004-08-17 joey infodrom org (Martin Schulze) Third party cookie handling in Opera can lead to potential compromises in Servers relying on redirection 2004-08-17 Rohit Dube (rohit kritikalsolutions com) Hi, Opera's policy with respect to third party cookie makes it vulnerable to session replay attacks. This was discovered 2 weeks back. Opera's response to the same is attached. The issue and the workaround are listed below. Opera claims to be the fastest browser on earth and has the third largest [ more ] [ reply ] [ GLSA 200408-16 ] glibc: Information leak with LD_DEBUG 2004-08-17 Kurt Lieber (klieber gentoo org) [SECURITY] [DSA 538-1] New rsync packages fix unauthorised directory traversal and file access 2004-08-17 joey infodrom org (Martin Schulze) SQL Injection in CACTI 2004-08-16 Fernando Quintero (nando altred net) (1 replies) IpSwitch IMail Server <= ver 8.1 User Password Decryption 2004-08-16 Adik (netninja hotmail kg) (1 replies) Hi fellaz, IpSwitch IMail Server version up to 8.1 uses weak encryption algorithm to encrypt its user passwords. Have a look at attached proof of concept tool, which will decrypt user password from local machine instantly. --- G:\xploits\imail_decrypt> G:\xploits\imail_decrypt>imailpwdump -d - [ more ] [ reply ] Re: IpSwitch IMail Server <= ver 8.1 User Password Decryption 2004-08-17 Dave Warren (dave warren devilsplayground net) [ GLSA 200408-14 ] acroread: UUDecode filename buffer overflow 2004-08-15 Sune Kloppenborg Jeppesen (jaervosz gentoo org) NullyFake - Site Spoofing in MSIE 2004-08-15 Liu Die Yu (liudieyu umbrella name) SUBJ: NullyFake - Site Spoofing in MSIE FROM: Liu Die Yu <liudieyu AT umbrella D0T name> [demo] http://umbrella.name/originalvuln/msie/NullyFake/test.htm [tested] ie6.zhcn.sp1.up2date running on winxp.pro.zhcn.up2date : 2004/08/15 ie6.en.sp1.up2date running on winxp.pro.en.up2date : 2004/08/15 (x [ more ] [ reply ] gv buffer overflows: here, there, and everywhere 2004-08-16 infamous41md hotpop com TO MOD: no really i swear i'm not mentally challenged, _THIS_ is what i trying to send you last time, my apologies for the last 2 emails. i promise to go to sleep now. well you know i can't see why people would have to invent fake advisories and vulnerabilities when there are just SO many real on [ more ] [ reply ] [SECURITY] [DSA 537-1] New Ruby packages fix insecure CGI session management 2004-08-16 joey infodrom org (Martin Schulze) [ GLSA 200408-15 ] Tomcat: Insecure Installation 2004-08-15 Sune Kloppenborg Jeppesen (jaervosz gentoo org) Posible security bug in phpMyWebhosting 2004-08-14 Matias Neiff (matias neiff com ar) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi all. There is a posible security bug in the phpMyWebhosting (http://sourceforge.net/projects/phpmywebhosting/) File: includes/functions/pmwh.php Function: test Code: - ------------------------------------------------------------------------ ...... [ more ] [ reply ] RE: JS/Zerolin 2004-08-14 Thor Larholm (tlarholm pivx com) Nicholas was kind enough to provide me with a sample of Zerolin. Anyone who is even remotely up-to-date with their patches will not be affected by this. At the end of the email is a short piece of encoded Jscript code which when decoded outputs a hidden iframe that retrieves the following URL: htt [ more ] [ reply ] SpecificMAIL Technical Brief 2004-08-14 Nick D. (ndebaggis verizon net) (1 replies) SpecificMAIL Outlook Spam Filter Technical Brief July 22, 2004; August 10, 2004 SpecificMAIL (www.specificmail.com) is a free Outlook / Outlook Express spam filter that utilizes a proprietary online spam database to help keep your inbox clean of spam. SpecificMAIL is much more than a spam filter; [ more ] [ reply ] |
|
Privacy Statement |
Affected software description:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Php-Nuke is popular freeware content management system, written in php by
Francisco Burzi. This CMS (COntent Management System) is used on many thousands
websites, because it`s free of charge, easy to install and has broad s
[ more ] [ reply ]