|
|
Colapse all |
Post message
ERRATA: [ GLSA 200407-21 ] Samba: Multiple buffer overflows 2004-07-29 Thierry Carrez (koon gentoo org) DansGuardian Hex Encoding URL Banned Extension Filter Bypass Vulnerability 2004-07-29 Rubén Molina (ruben udea edu co) DansGuardian Hex Encoding URL Banned Extension Filter Bypass Vulnerability ======================================================================== == Original Release Date: 2004-07-29 Author: Ruben Molina (a.k.a fradiavolo) Email: ruben (at) udea.edu (dot) co [email concealed] !!! VIVA COLOMBIA !!! 1. Systems affected: All [ more ] [ reply ] OpenServer 5.0.6 OpenServer 5.0.7 : Multiple Vulnerabilities in Sendmail 2004-07-28 please_reply_to_security sco com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ________________________________________________________________________ ______ SCO Security Advisory Subject: OpenServer 5.0.6 OpenServer 5.0.7 : Multiple Vulnerabilities in Sendmail Advisory number: SCOSA-2004.11 Issue date: 2004 July 28 Cro [ more ] [ reply ] MDKSA-2004:074 - Updated webmin packages correct remote attacker vulnerabilities 2004-07-28 Mandrake Linux Security Team (security linux-mandrake com) Re: [Full-Disclosure] Crash IE with 11 bytes ;) 2004-07-28 Berend-Jan Wever (skylined edup tudelft nl) Here's a detailed description of what's going wrong with [STYLE]@;/* The problem is the unterminated comment "/*"; IE computes the length of the comment for a memcpy opperation by substracting the end pointer form the start pointer. The comment starts behind "/*" and should end at "*/", but since t [ more ] [ reply ] AntiBoard <= 0.7.2 XSS/SQL Injection 2004-07-28 Josh Gilmour (gilmourj gmail com) ####################################################################### Product: AntiBoard Written By: djresonance - djresonance <at> yahoo <dot> com Versions Affected : <= 0.7.2 About: AntiBoard is a small and compact multi-threaded bulletin board/message board... Vulnerabilities: XSS [ more ] [ reply ] UnixWare 7.1.3up : tcpdump several vulnerabilities in tcpdump. 2004-07-28 please_reply_to_security sco com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ________________________________________________________________________ ______ SCO Security Advisory Subject: UnixWare 7.1.3up : tcpdump several vulnerabilities in tcpdump. Advisory number: SCOSA-2004.9 Issue date: 2004 July 28 Cross referenc [ more ] [ reply ] MDKSA-2004:073 - Updated XFree86 packages fix issue with xdm opening random sockets 2004-07-28 Mandrake Linux Security Team (security linux-mandrake com) Re: [Full-Disclosure] Internet Explorer Remote Null Pointer Crash(mshtml.dll) 2004-07-28 Berend-Jan Wever (skylined edup tudelft nl) Here's a detailed description of what's going wrong with the <a href=::%7b> right click bug. (yeah, my reply is a bit late but I was busy and went on a holliday) Right click on a link with href="file://::XXXX" and IE will try to download it, fail and try to report an error. While creating this erro [ more ] [ reply ] Pavuk Digest Authentication Buffer Overflow 2004-07-28 mattmurphy (at) kc.rr (dot) com [email concealed] (mattmurphy kc rr com) Pavuk Digest Authentication Buffer Overflow Vulnerabilities I. Synopsis Pavuk is a package designed for mass document retreival. Pavuk is scriptable, and supports several advanced features, including several classes of authentication. NTLM, Basic, and Digest, are among those supported. II. Vuln [ more ] [ reply ] MDKSA-2004:072 - Updated postgresql packages fix buffer overflow in odbc driver 2004-07-28 Mandrake Linux Security Team (security linux-mandrake com) Aladdin response regarding eSafe 2004-07-28 Ofer Elzam (ofere hotmail com) In-Reply-To: <18610004519.20040724152743 (at) SECURITY.NNOV (dot) RU [email concealed]> eSafe Gateway uses a default value of 80% file download before first inspection of executable files from HTTP servers. This value can be changed to as low as 5% if desired. We feel that the 80% gives a good balance between user experience [ more ] [ reply ] MDKSA-2004:075 - Updated mod_ssl packages fix potential vulnerabilities 2004-07-28 Mandrake Linux Security Team (security linux-mandrake com) [Paper] Small XSS Paper 2004-07-28 Ferruh Mavituna (ferruh mavituna com) LOVELY QUOTES; ************************************************************************ *** Summary: Small XSS Paper about dangerous "href" attributes which don't have quotes; Online URL: http://ferruh.mavituna.com/article/?569 (formatted HTML, Easier to read) Some web application doesn't care abo [ more ] [ reply ] [CLA-2004:852] Conectiva Security Announcement - kernel 2004-07-28 Conectiva Updates (secure conectiva com br) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ -- CONECTIVA LINUX SECURITY ANNOUNCEMENT - ------------------------------------------------------------------------ -- PACKAGE : kernel SUMMARY : Fixes for kernel vulnerabili [ more ] [ reply ] WASC Releases Web Security Threat Classification 2004-07-28 Jeremiah Grossman (jeremiah whitehatsec com) Web Application Security Consortium Establishes Official Charter and Delivers Web Security Threat Classification Group Promotes Industry Standard Terminology of Web Security Threats Web Application Security Consortium (WASC), a group dedicated to developing and promoting "security standards of [ more ] [ reply ] RE: Forward:FullDisclosure/IE - Possible Address Spoofing 2004-07-26 Chenghuai Lu (luchenghuai yahoo com) I played the exploit using IE5 and IE6. I observed some strange behaviors. Under IE5 no sp when I click the link, the IE will open the urls specified in the href, i.e., microsoft, google and slatdot first. Then, the IE will redirect the window to the url specified in onunload. Under IE6 sp1, the IE [ more ] [ reply ] [SECURITY] [DSA 532-2] New libapache-mod-ssl packages fix multiple vulnerabilities 2004-07-27 Matt Zimmerman (mdz debian org) IRM 009: RiSearch and RiSearch ProPro are vulnerable to open FTP/HTTP proxy, directory listings and file disclosure vulnerabilities 2004-07-27 IRM Advisories (advisories irmplc com) =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- IRM Security Advisory No. 009 RiSearch and RiSearch ProPro are vulnerable to open FTP/HTTP proxy, directory listings and file disclosure vulnerabilities Vulnerablity Type / Importance: Network Subversion, Open Proxy, [ more ] [ reply ] [security bulletin] SSRT4782 rev. 0 HP-UX CIFS Server potential remote root access 2004-07-27 Boren, Rich (SSRT) (rich boren hp com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 HP SECURITY BULLETIN HPSBUX01062 REVISION: 0 SSRT4782 rev. 0 HP-UX CIFS Server potential remote root access ----------------------------------------------------------------- NOTICE: There are no restrictions for distribution of this Bulleti [ more ] [ reply ] OSX Panther Internet Connect - Local root 2004-07-26 br00t blueyonder co uk Apple OSX Panther Internet Connect - Local root Vulnerability. =========================================== =================== Date: 25.07.2004 Author: B-r00t. 2004. Email: B-r00t <br00t (at) blueyonder.co (dot) uk [email concealed]> Vendor: Apple Operating System: OSX Panther (Possibly Previous Versions). [ more ] [ reply ] |
|
Privacy Statement |
Gentoo Linux Security Advisory GLSA 200407-21
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -
[ more ] [ reply ]