|
|
Colapse all |
Post message
[SECURITY] [DSA 534-1] New mailreader packages fix directory traversal vulnerability 2004-07-23 Matt Zimmerman (mdz debian org) [SECURITY] [DSA 533-1] New courier packages fix cross-site scripting vulnerability 2004-07-23 Matt Zimmerman (mdz debian org) Forward:FullDisclosure/IE - Possible Address Spoofing 2004-07-23 Liu Die Yu (liudieyu umbrella name) ----- SUBJ: FullDisclosure: multiple web browsers, multiple bugs - onUnload and location.href FROM: Rudolf Polzer (divzero_at_gmail.com) URL : http://seclists.org/lists/fulldisclosure/2004/Jul/1001.html DEMO: http://www.informatik.uni-frankfurt.de/~polzer/rbiclan/location ----- after i clicked "Go [ more ] [ reply ] MDKSA-2004:071 - Updated samba packages fix vulnerability in SWAT, samba-server. 2004-07-22 Mandrake Linux Security Team (security linux-mandrake com) SWAT PreAuthorization PoC 2004-07-22 bugtraq beyondsecurity com Hi, The following is a brief proof of concept exploit code for the vulnerability mentioned in "Evgeny Demidov" <demidov (at) gleg (dot) net [email concealed]>'s advisory: Samba 3.x swat preauthentication buffer overflow Running the perl script against a vulnerable SWAT server will cause: Program received signal SIGSEGV, Seg [ more ] [ reply ] @stake advisory: HP dced Remote Command Execution Multiple OSes 2004-07-22 Advisories (advisories atstake com) [OpenPKG-SA-2004.033] OpenPKG Security Advisory (samba) 2004-07-22 OpenPKG (openpkg openpkg org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ________________________________________________________________________ OpenPKG Security Advisory The OpenPKG Project http://www.openpkg.org/security.html http://www.openpkg.org openpkg-security (at) openpkg (dot) org [email concealed] [ more ] [ reply ] [CLA-2004:851] Conectiva Security Announcement - samba 2004-07-22 Conectiva Updates (secure conectiva com br) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ -- CONECTIVA LINUX SECURITY ANNOUNCEMENT - ------------------------------------------------------------------------ -- PACKAGE : samba SUMMARY : Multiple potential buffer ove [ more ] [ reply ] Comcast(tm) Email Manager allows arbitrary java and activex code execution 2004-07-22 Michael Scheidell (scheidell secnap net) Vulnerability in Comcast Webmail Manager allows arbitrary java and activex code execution Systems: Comcast Webmail email system. www.comcast.net Vulnerable: X-Mailer: AT&T Message Center Version 1 (Mar 22 2004) Not Vulnerable: Unknown Severity: Serious / Low (Fixed now) Category: Arbitrary Executio [ more ] [ reply ] [OpenPKG-SA-2004.034] OpenPKG Security Advisory (php) 2004-07-22 OpenPKG (openpkg openpkg org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ________________________________________________________________________ OpenPKG Security Advisory The OpenPKG Project http://www.openpkg.org/security.html http://www.openpkg.org openpkg-security (at) openpkg (dot) org [email concealed] [ more ] [ reply ] DOS@XitamiHTTPd 2004-07-21 CoolICE (CoolICE China com) Application: Xitami Web Server Vendors: http://www.xitami.com/xiopen_2_5.zip Version: v2.5c1 Platforms: Windows Bug: D.O.S Date: 2004-07-15 Author: CoolICE e-mail: CoolICE#China.com ================ Content: ---------------- TestCode: @echo off ::::::::::::::::::::::::::::::::::::::::::::::::::: [ more ] [ reply ] Denial of Service in Conceptronic CADSLR1 Router 2004-07-21 Administrador de 'Shell Security' (admin shellsec net) ________________________________________ . : Shell Security Advisory : . ________________________________________ Denial of Service in Conceptronic CADSLR1 Router ------------------------------------------------------------------------ ----- - 1 - Introducción - Intro ------------------------- [ more ] [ reply ] Bug@FlashFTPd 2004-07-21 CoolICE (CoolICE China com) Application: Flash FTP Server Vendors: http://www.net2soft.com/downloads/flashftpserver.exe Version: 1.0(2.1?) Platforms: Windows Bug: Directory Traversal Date: 2004-06-9 Author: CoolICE e-mail: CoolICE#China.com ================ TestCode: C:\>ftp localhost Connected to server. 220 Flash FTP Ser [ more ] [ reply ] mi2g - fud, lies and libel 2004-07-20 not-mi2g hushmail com ** I AM NOT AFFILIATED WITH MI2G IN ANY WAY ** On July 6, someone made a parody advisory post to Full-Disclosure spoofing mi2g (mi2g.com). The person attempted to CC the Bugtraq and Vulnwatch mail list, but the moderators of those lists rejected the post. http://seclists.org/lists/fulldisclosure/ [ more ] [ reply ] dos_in_file_share_2.6 2004-07-20 nekd0 (nekd0 rambler ru) Hello bugtraq, LionMax Software WWW File Share Pro Remote Denial of Service Vulnerability remote Yes local No vulnerable WWW File Share Pro 2.60 download http://www.wfshome.com/download/wfssetup.exe WWW File Share Pro HTTP server may be prone to a remote denial of service condition. Succ [ more ] [ reply ] Denial of Service vulnerability in several Lexmark HTTP servers 2004-07-20 Peter Kruse (pkr csis dk) (1 replies) Denial of Service vulnerability in several Lexmark HTTP servers. Several Lexmark network printers is shipped with a build-in HTTP server for administrative tasks. The webserver software is vulnerable to a Denial of Service attack that will force the webserver to restart and/or stop taking requests. [ more ] [ reply ] Re: Denial of Service vulnerability in several Lexmark HTTP servers 2004-07-21 Eric Sesterhenn / snakebyte (snakebyte gmx de) [ GLSA 200407-15 ] Opera: Multiple spoofing vulnerabilities 2004-07-20 Sune Kloppenborg Jeppesen (jaervosz gentoo org) Buffer overflow in Whisper FTP Surfer 1.0.7 2004-07-19 Komrade (giocasati interfree it) PRODUCT Whisper FTP Surfer is a freeware FTP client for Windows DETAILS A buffer overflow in version 1.0.7 (latest version) occours when trying to open a file with a long name from an FTP Server. For common extension (as .txt) FTP surfer create a temporary file and tries to open it. When closing th [ more ] [ reply ] Inappropriate methods exposed in XML -what's the essence? 2004-07-20 portsmut navigator lv Does somebody know what is essence of Microsoft Security Bulletin MS02-052: what is so called "inappropriate methods exposed in XML support classes" (CVE-CAN-2002-0865). Could anybody compile some POC exploit showing this problem? Regards, Alex -- Bezmaksas e-pasta adreses piedâvâ http://web [ more ] [ reply ] [FLSA-2004:1734] Updated mailman resolves security vulnerability 2004-07-20 Jesse Keating (jkeating j2solutions net) [ GLSA 200407-14 ] Unreal Tournament 2003/2004: Buffer overflow in 'secure' queries 2004-07-19 Thierry Carrez (koon gentoo org) More Webserver / IE Exploits 2004-07-19 Hubbard, Dan (dhubbard websense com) (1 replies) We have discovered more than 300 websites that include malicious code that will attempt to run a program on your machine without end-user intervention. Similar to the recent Scob attack, a dual-pronged approach of exploiting vulnerable servers and clients is being used. There is no commonality on [ more ] [ reply ] PhpBB HTTP Response Splitting & Cross Site Scripting vulnerabilities 2004-07-20 Ory Segal (ory segal sanctuminc com) ///////////////////////////////////////////////////////////////////// //===================>> Security Advisory <<=======================// ///////////////////////////////////////////////////////////////////// --------------------------------------------------------------------- ---[ PhpBB HTTP Res [ more ] [ reply ] |
|
Privacy Statement |
Hash: SHA1
- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 534-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Matt Zimmerman
July 22nd, 2004
[ more ] [ reply ]