|
|
Colapse all |
Post message
MDKSA-2004:058 - Updated cvs packages fix multiple vulnerabilities 2004-06-09 Mandrake Linux Security Team (security linux-mandrake com) Mkdir exploit for PDP-11 doesn't work 2004-06-09 Jonathan S (js apollo gti net) Tim Newsham is right that there is an overflow present, but his exploit doesn't work (for me - it may work fine on his PDP-11 or emu). A bus error is what happens, which is a good sign that the return address needs to be changed. It sucks that there aren't very many tools in UnixV7, including text [ more ] [ reply ] ADVISORY: ASPDOTNETSTOREFRONT Improper Upload Validation 2004-06-09 Tom (tommy providesecurity com) ASPDOTNETSTOREFRONT Improper Upload Validation Release Date: June 9, 2004 Severity: HIGH Vendor: AspDotNetStorefront.com A Division of Discovery Productions, Inc. Software: Tested on AspDotNetStorefront 3.3 Previous versions may also be affected. Remote: Remotely executed from any web browser [ more ] [ reply ] MDKSA-2004:059 - Updated squid packages fix remotely exploitable vulnerability 2004-06-09 Mandrake Linux Security Team (security linux-mandrake com) [FULL DISCLOSURE] ASPDOTNETSTOREFRONT Cross-Site Scripting Vulnerability 2004-06-09 Tom (tommy providesecurity com) ASPDOTNETSTOREFRONT Cross-Site Scripting Vulnerability Release Date: June 9, 2004 Severity: Medium Vendor: AspDotNetStorefront.com A Division of Discovery Productions, Inc. Software: Tested on AspDotNetStorefront 3.3 Previous versions may also be affected. Remote: Remotely executed from any w [ more ] [ reply ] Metasploit Framework v2.1 2004-06-09 H D Moore (sflist digitaloffense net) The Metasploit Framework is an advanced open-source exploit development and testing environment. Version 2.1 fixes many issues that users have reported since the release of 2.0 and adds several new features. The bug fixes alone are more than worth the time to upgrade. If you currently use the Fr [ more ] [ reply ] Cisco Security Advisory: Cisco CatOS Telnet, HTTP and SSH Vulnerability 2004-06-09 Cisco Systems Product Security Incident Response Team (psirt cisco com) [FULL DISCLOSURE] ASPDOTNETSTOREFRONT Improper Session Validation 2004-06-09 Tom (tommy providesecurity com) ASPDOTNETSTOREFRONT Improper Session Validation Release Date: June 9, 2004 Severity: HIGH Vendor: AspDotNetStorefront.com A Division of Discovery Productions, Inc. Software: Tested on AspDotNetStorefront 3.3 Previous versions may also be affected. Remote: Remotely executed from any web brow [ more ] [ reply ] RE: OBJECT Bugs or Features 2004-06-09 Michael Wojcik (Michael Wojcik microfocus com) > From: Nick FitzGerald [mailto:nick (at) virus-l.demon.co (dot) uk [email concealed]] > Sent: Wednesday, June 09, 2004 8:24 AM > > Especially in the case of RFC'ed protocols, because of the > aforementioned "be lenient in what you accept" directive ... the > historical standard has been "accept it and do your best", leasin [ more ] [ reply ] [ GLSA 200406-04 ] Mailman: Member password disclosure vulnerability 2004-06-09 Kurt Lieber (klieber gentoo org) Major Cpanel Expliot HTML Injection 2004-06-09 Virtual Nova Web Hosting services virtualnova.net (verb0s virtualnova net) Major Bug found 6/7/04 Discovered by Verb0s Reseller accounts with cpanel, in the password modification page, can insert a basic injection ex:http://(domain):2086/scripts/passwd?password=<>&domain=<>&user=<> The code will modify all the mysql database passwords, in which the reseller sho [ more ] [ reply ] Potential Security Flaw in Symantec Gateway Security 360R 2004-06-09 Dev Null (devnull cox net) I think we have discovered a possible security flaw in the wireless security routines for the SGS 360R. While configuring Secure WLAN settings in the 360R we have discovered that the "Enforce VPN Tunnels/Disallow IPSec pass thru" and "Enforce VPN Tunnels/Allow IPSec pass thru" setting in both 2.1 b [ more ] [ reply ] unauthorized deletion of IPsec SAs in isakmpd, still 2004-06-08 Thomas Walpuski (thomas-bugtraq unproved org) (1 replies) 1 Abstract For nearly 10 months a handful of OpenBSD-developers is trying to fix a plethora of payload handling flaws in isakmpd. On 2004/01/13 they released something like a final patch to a broader public. The patch protects against some specific attacks, but does not solve the problem. [ more ] [ reply ] Re: unauthorized deletion of IPsec SAs in isakmpd, still 2004-06-09 Thomas Walpuski (thomas-bugtraq unproved org) Re: OBJECT Bugs or Features 2004-06-08 http-equiv (at) excite (dot) com [email concealed] (1 malware com) (1 replies) <!-- The headers of your example Email message quite clearly claim the message is multipart/alternative and the first part (with the "incomplete" OBJECT tag) is text/html. Thus, although the body of that MIME component is not a properly formed, complete HTML document, the MIME Content-Typ [ more ] [ reply ] Aspell 'word-list-compress' stack overflow vulnerability 2004-06-08 Shaun Colley (shaunige yahoo co uk) Multiple Vulnerabilities in Invision Power Board v1.3.1 Final. 2004-06-08 JvdR (thewarlock home nl) Description: Multiple Vulnerabilities in Invision Power Board v1.3.1 Final. Compromise: SQL Injection, Cross site Scripting. Vulnerable Systems: Invision Power Board v1.3.1 Final. Details: An Input Validation Error exists in ssi.php. $sql_fields is vulnerable to An Input Validation Error. How to e [ more ] [ reply ] |
|
Privacy Statement |
Hash: SHA1
_______________________________________________________________________
Mandrakelinux Security Update Advisory
_______________________________________________________________________
Package name: cvs
Advisory ID:
[ more ] [ reply ]