|
|
Colapse all |
Post message
[CLA-2004:841] Conectiva Security Announcement - libneon 2004-05-25 Conectiva Updates (secure conectiva com br) SSH URI handler remote arbitrary code execution 2004-05-24 kang (kang insecure ws) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Adv: safari_0x06 Release Date: 24/05/2004 Affected Products: MacOSX >= 10.3.3, Various Browsers, possibly others platforms/browsers Fixed in: Not fixed. Impact: Remote code execution. Severity: High. Vendors: Notified (20-23/02/04) Author: kang@insecure [ more ] [ reply ] [ GLSA 200405-19 ] Opera telnet URI handler file creation/truncation vulnerability 2004-05-25 Kurt Lieber (klieber gentoo org) Netgear RP114 URL filter fails if URL is too long 2004-05-24 Marc Ruef (marc ruef computec ch) Hi! Netgear has some small router and firewalling devices for home users and small companies (SOHO). Most of these solutions are able to do a simple keyword based URL filtering. Lets say we don't want users to visit http://www.scip.ch so we create a filter for the keyword "scip.ch". If a user wants [ more ] [ reply ] cPanel mod_phpsuexec Vulnerability 2004-05-24 Rob Brown (rob asquad com) Severity: High, Arbitrary Execution, Local Privilege Escalation Background: cPanel is a common web hosting management system written by cpanel.net installed on UNIX Operation Systems to help manage web, email, ftp, databases, and other administrative tasks. Problem Description: The options [ more ] [ reply ] [SECURITY] [DSA 508-1] New xpcd packages fix buffer overflow 2004-05-23 Matt Zimmerman (mdz debian org) e107 web portal user.php XSS (Cross Site Scripting) 2004-05-22 Chris Norton (kicktd ramsecurity us) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ------------------------------------------------- R.A.M Security Advisory ------------------------------------------------- http://www.ramsecurity.us ------------------------------------------------- Severity: Medium Title: e107 web portal us [ more ] [ reply ] Liferay Cross Site Scripting Flaw 2004-05-22 Giri, Sandeep (giris deshaw com) Advisory Name: Liferay Cross Site Scripting flaw Release Date: 05/22/2004 Application: Liferay (www.liferay.com) Author: Sandeep Giri Vendor Status: Notified ( 4 months ago) Overview: (Taken from http://www.liferay.com/products/index.jsp) Liferay Enterprise Portal was designed to: Provi [ more ] [ reply ] MDKSA-2004:050 - Updated kernel packages fix multiple vulnerabilities 2004-05-22 Mandrake Linux Security Team (security linux-mandrake com) Allegro RomPager/2.10 DoS exploit 2004-05-22 Seth Alan Woolley (seth tautology org) The description made it easy to create this one. Needed this to confirm if some 2.10-branded products were in fact patched and warranted replacing. Considering there was four years of warning and there are still tons of boxes with this problem, please, people, get your systems pen-tested. http:// [ more ] [ reply ] Exploit codes for CVS Vulnerability and snort rules from ISC 2004-05-22 K-OTiK Security (Special-Alerts k-otik com) hello, as you know two exploits were released for the CVS vulnerability discovered by S.Esser http://www.k-otik.com/exploits/05212004.CVS_Solaris.c.php http://www.k-otik.com/exploits/05212004.CVS_Linux.c.php the ISC Handlers George Bakos and Mike Poor put together some simple and very go [ more ] [ reply ] Re: Internet explorer .clsid vulnerability 2004-05-22 roozbeh afrasiabi (roozbeh_afrasiabi yahoo com) In-Reply-To: <8B32EDC90D8F4E4AB40918883281874D523591 (at) pivxwin2k1.secnet.pivx (dot) com [email concealed]> >This is actually a behavior that is part of Windows Explorer, not Internet Explorer. I think we have covered this in the past on lists as well. If it is not already documented somewhere it should be, as this is how [ more ] [ reply ] [ GLSA 200405-16 ] Multiple XSS Vulnerabilities in SquirrelMail 2004-05-21 Rajiv Aaron Manglani (rajiv gentoo org) [OpenPKG-SA-2004.025] OpenPKG Security Advisory (rsync) 2004-05-21 OpenPKG (openpkg openpkg org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ________________________________________________________________________ OpenPKG Security Advisory The OpenPKG Project http://www.openpkg.org/security.html http://www.openpkg.org openpkg-security (at) openpkg (dot) org [email concealed] [ more ] [ reply ] Eudora 6.1.1 attachment spoof, LaunchProtect 2004-05-21 psz maths usyd edu au (Paul Szabo) Eudora 6.1.1 for Windows was released recently. Some buffer oveflow (exploitable to execute any code) issues seem to be solved, but serious problems remain. (I do not know if Eudora for Macs is affected.) Though known for years, the spoofing of attachments is still not fixed. The problem with Launc [ more ] [ reply ] MDKSA-2004:046-1 - apache-mod_perl packages are now available 2004-05-20 Mandrake Linux Security Team (security linux-mandrake com) e107 web portal Referers HTTP Injection 2004-05-21 Chinchilla (kingchinchilla hotmail com) Synopsis: All versions of e107 have a vulnerability that allows html tags and content to be posted to the stats page and to be listed under Referers and may also list a screen size that they wish. Description: All versions of e107 have a vulnerability that allows html tags and conte [ more ] [ reply ] Stupid Phishing Tricks 2004-05-21 http-equiv (at) excite (dot) com [email concealed] (1 malware com) Phriday , May 21, 2004 Several pheeble yet interesting phishing possibilities arise as phollows: Take one .htaccess trivially modified to suit the target scenario: AuthName "EXCHANGE SERVER LOGIN ERROR: PLEASE TRY AGAIN" AuthType Basic One throw-away domain which can include the target's hos [ more ] [ reply ] [SNS Advisory No.72] Symantec Norton AntiVirus 2004 ActiveX Control Vulnerability 2004-05-21 snsadv lac co jp (snsadv) ---------------------------------------------------------------------- SNS Advisory No.72 Symantec Norton AntiVirus 2004 ActiveX Control Vulnerability Problem first discovered on: Tue, 30 Mar 2004 Published on: Fri, 21 May 2004 ---------------------------------------------------------------------- [ more ] [ reply ] RE: Internet explorer .clsid vulnerability 2004-05-20 Thor Larholm (thor pivx com) This is actually a behavior that is part of Windows Explorer, not Internet Explorer. I think we have covered this in the past on lists as well. If it is not already documented somewhere it should be, as this is how Windows file queries (inside IE) are performed on the local file system. Basically, [ more ] [ reply ] RE: Question About Ethics and Full Disclosure 2004-05-20 Kevin E. Casey (kcasey nanoweb com) Try calling the sales department for the shopping cart vendor. Tell them you hard about the 2 vulnerabilities, thll them that when they are fixed, you might perhaps buy their product... Sales motivates development... Or at the least might get you to a person at the vendor who cares. -----Original [ more ] [ reply ] RE: Question About Ethics and Full Disclosure 2004-05-20 Drew Copley (dcopley eeye com) > -----Original Message----- > From: Tom [mailto:tommy (at) providesecurity (dot) com [email concealed]] > Sent: Thursday, May 20, 2004 12:43 PM > To: frogman (at) infosecwar (dot) net [email concealed] > Cc: bugtraq (at) securityfocus (dot) com [email concealed]; > security-basics (at) securityfocus (dot) com [email concealed]; > vuln-dev (at) securityfocus (dot) com [email concealed]; webappsec (at) securityfocus (dot) com [email concealed] > Subject: Question Ab [ more ] [ reply ] Auditor security collection released - a swiss army knife for security assessments. 2004-05-20 Max (mmo remote-exploit org) Auditor security collection released Just like to inform, that i have released my penetration test distro right now on my companys website under the gpl. The main difference between phlack, fire and knoppix-std is, that it is focused on usability. As you know remote-exploit.org was focused in th [ more ] [ reply ] |
|
Privacy Statement |
Hash: SHA1
- ------------------------------------------------------------------------
--
CONECTIVA LINUX SECURITY ANNOUNCEMENT
- ------------------------------------------------------------------------
--
PACKAGE : libneon
SUMMARY : Fix for a buffer overflow v
[ more ] [ reply ]