|
|
Colapse all |
Post message
[ GLSA 200406-10 ] Gallery: Privilege escalation vulnerability 2004-06-15 Thierry Carrez (koon gentoo org) Symantec Enterprise Firewall DNSD cache poisoning Vulnerability 2004-06-15 fryxar (fryxar datafull com) Symantec Enterprise Firewall dnsd proxy, versions 8 and later, is vulnerable to cache poisoning attacks when acting as a caching nameserver. Is possible to inject false entries in its cache and make a false DNS server look like authoritative of a zone, when it is not. Once this information is load [ more ] [ reply ] [SNS Advisory No.75] Webmin/Usermin Account Lockout Bypass Vulnerability 2004-06-11 snsadv lac co jp (snsadv) ---------------------------------------------------------------------- SNS Advisory No.75 Webmin/Usermin Account Lockout Bypass Vulnerability Problem first discovered on: Sun, 11 Apr 2004 Published on: Fri, 11 Jun 2004 ---------------------------------------------------------------------- Overview [ more ] [ reply ] RE: Internet Explorer Remote Null Pointer Crash(mshtml.dll) 2004-06-15 Thor Larholm (thor pivx com) Manually right-clicking and selecting "Save target as" invokes the download functionality. This can also be automatically triggered by redirecting with a META tag to a server script that sets Content-Type and Content-Disposition headers to an unknown MIME-type which causes the "Open/Save As" dialog [ more ] [ reply ] Web Wiz Forums Registration Rules XSS Vulnerability 2004-06-15 Ferruh Mavituna (ferruh mavituna com) ------------------------------------------------------ WEB WIZ FORUMS REGISTRATION RULES XSS VULNERABILITY ------------------------------------------------------ Online URL : http://ferruh.mavituna.com/article/?528 XSS / Cross Site Scripting attack allows an attacker to hijack other users/administr [ more ] [ reply ] [SECURITY] [DSA 519-1] New CVS packages fix several potential security problems 2004-06-15 joey infodrom org (Martin Schulze) ActiveX control download and redirection 2004-06-15 Martijn Brinkers (m brinkers pobox com) Hi, I have been playing around with ActiveX controls and I noticed that IE shows the complete URL even though the download has been redirected. From a user perspective its a bit unclear where the actual ActiveX control is downloaded from. example can be found on (a self signed ActiveX control will [ more ] [ reply ] RE: Multiple Antivirus Scanners DoS attack. 2004-06-15 Bo Rasmussen (brr cadesign dk) Hi, Just tried with clamscan and clamdscan v.0.71 on a OpenBSD 3.5, with these signatures: ClamAV update process started at Tue Jun 15 09:13:49 2004 main.cvd is up to date (version: 23, sigs: 21096, f-level: 2, builder: ddm) daily.cvd updated (version: 357, sigs: 866, f-level: 2, builder: ccordes) [ more ] [ reply ] Unprivilegued settings for FreeBSD kernel variables 2004-06-15 Radko Keves (rado unitra sk) CATEGORY: kern INTRODUCTION: i have found security threat in basic security facility in BSD systems that allows to lower sysctl variable in this case to bypass security settings, root privilegues are needed DESCRIPTION: sysctl(8) ... The sysctl utility retrieves kernel state and allow [ more ] [ reply ] MAGIC XSS INTO THE DNS: coelacanth 2004-06-15 http-equiv (at) excite (dot) com [email concealed] (1 malware com) [security bulletin] SSRT4717 rev.0 HP Tru64 UNIX SSL/TLS Potential Remote Denial of Service (DoS) 2004-06-14 Boren, Rich (SSRT) (rich boren hp com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 HP SECURITY BULLETIN HPSBTU01049 REVISION: 0 SSRT4717 rev.0 HP Tru64 UNIX SSL/TLS Potential Remote Denial of Service (DoS) NOTICE: There are no restrictions for distribution of this Bulletin provided that it remains complete and intact. The in [ more ] [ reply ] RE: Multiple Antivirus Scanners DoS attack. 2004-06-14 Messer, Jon (JMesser pelco com) Symantec AV Corporate version 8 doesnt seem to be affected. I scanned the blackhole.zip file and SAV corp v8 blew right through all levels of the compression and found and quarantined the EICAR test strings. -----Original Message----- From: Ethy H. Brito [mailto:ethy (at) inexo.com (dot) br [email concealed]] Sent: Monday, Jun [ more ] [ reply ] Re: MS web designers -- "What Security Initiative?" 2004-06-14 Greg Kujawa (greg kujawa diamondcellar com) (1 replies) In-Reply-To: <40CB8263.18297.7605685C@localhost> I have to applaud your specific examples of where Microsoft's aims have been redirected (pun intended) and have become woefully presumptuous. Having worked in web hosting and website development in past lives I would agree that correcting the weblink [ more ] [ reply ] Re: MS web designers -- "What Security Initiative?" 2004-06-15 Nick FitzGerald (nick virus-l demon co uk) RE: New IRC Trojan -Symantec and Trend Micro Unable To Stop Infection 2004-06-14 Romulo M. Cholewa (rmc rmc eti br) Interesting, I hope this is NOT a trend or new policy. On friday 4th 13:34 -0300 GMT, I sent to the focus-virus list a message about a new malware of some sort, that was not being detected by Symantec AV Corporate (Client Security with 02/06/2004 rev. 17 - now, with defs. from 13/06/2004 rev. 17, [ more ] [ reply ] authentication bug in KAME's racoon 2004-06-14 Thomas Walpuski (thomas-bugtraq unproved org) (1 replies) Summary There is a severe bug in racoon's authentication via digital signatures with certificates. Description racoon verifies the peer's certificate using eay_check_x509cert(). For some strange reason eay_check_x509cert() sets a verify callback: X509_STORE_set_verify_cb_func(cert_ct [ more ] [ reply ] RE: Antivirus/Trojan/Spyware scanners DoS! 2004-06-14 Romulo M. Cholewa (rmc rmc eti br) Hi there, I'm accessing the web right now through a Kerio Winroute Firewall with McAfee protection (transparent proxy). Didn't detect at all while downloading the file. Once the download completed, manual scan with Symantec AV Corporate (8.1 with Client Security and defs. from 13/06/2004 rev. 17) [ more ] [ reply ] IRIX syssgi system call vulnerability and other security fixes 2004-06-14 SGI Security Coordinator (agent99 sgi com) Antivirus/Trojan/Spyware scanners DoS [summary] 2004-06-14 Bipin Gautam (visitbipin hotmail com) > Hello everybody, > > I wounder how many Antivirus/Trojan/Spyware scanners > will choak while having a manual scan of > the > file: > > http://www.geocities.com/visitbipin/SERVER_dwn.zip > > I was woundering, what would be the results if such > file gets stucked in an "AV gateway" (O [ more ] [ reply ] RE: New IRC Trojan -Symantec and Trend Micro Unable To Stop Infection 2004-06-14 Drew Copley (dcopley eEye com) > -----Original Message----- > From: Rusty Chiles [mailto:rustychiles (at) cox (dot) net [email concealed]] > Sent: Thursday, June 03, 2004 3:35 PM > To: bugtraq (at) securityfocus (dot) com [email concealed] > Subject: New IRC Trojan -Symantec and Trend Micro Unable To > Stop Infection > > It seems that a new trojan is making the rounds on irc. > No [ more ] [ reply ] VP-ASP Shopping Cart Multiple Vulnerabilities 2004-06-14 Thomas Ryan (tommy providesecurity com) VP-ASP Shopping Cart Multiple Vulnerabilities Release Date: June 14, 2004 Severity: High Vendor: Virtual Programming Software: VP-ASP Shopping Cart Version 5.x Remote: Remotely executable Vulnerabilities: Cross Site Scripting SQL Injection Technical Details: Cross Site Scripting Vulnerability [ more ] [ reply ] |
|
Privacy Statement |
Hash: SHA1
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200406-09
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
[ more ] [ reply ]