|
|
Prev week |
Colapse all |
Post message
[OpenPKG-SA-2004.023] OpenPKG Security Advisory (subversion) 2004-05-19 OpenPKG (openpkg openpkg org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ________________________________________________________________________ OpenPKG Security Advisory The OpenPKG Project http://www.openpkg.org/security.html http://www.openpkg.org openpkg-security (at) openpkg (dot) org [email concealed] [ more ] [ reply ] MDKSA-2004:049 - Updated libneon packages fix heap variable overflow issues 2004-05-19 Mandrake Linux Security Team (security linux-mandrake com) MDKSA-2004:048 - Updated cvs packages fix remotely exploitable vulnerability 2004-05-19 Mandrake Linux Security Team (security linux-mandrake com) Reporting a Security Vulnerability in a Microsoft Product 2004-05-19 Microsoft Security Response Center (secure microsoft com) Hello! The Microsoft Security Response Center investigates all reports of security vulnerabilities sent to us that affect Microsoft products. If you believe you have found a security vulnerability affecting a Microsoft product, we would like to work with you to investigate it. We are concerned th [ more ] [ reply ] [ GLSA 200405-10 ] Icecast denial of service vulnerability 2004-05-19 Thierry Carrez (koon gentoo org) Re: Buffer Overflow in ActivePerl ? 2004-05-19 David Ahmad (da securityfocus com) On Wed, May 19, 2004 at 10:00:15AM +0100, David Cantrell wrote: > [CCed to activestate in case they were unaware of the discussion on > bugtraq - activestate people, see the archives] > > This isn't really a hole in perl itself, but in the particular build of > perl compiled and shipped by one part [ more ] [ reply ] Re: Buffer Overflow in ActivePerl ? 2004-05-19 David Cantrell (david cantrell org uk) [CCed to activestate in case they were unaware of the discussion on bugtraq - activestate people, see the archives] On Tue, May 18, 2004 at 03:23:16PM -0700, Drew Copley wrote: > The beauty of holes in perl itself is the possibility that > it could affect a widerange of perl scripts out there slee [ more ] [ reply ] [SECURITY] [DSA 507-1] New cadaver packages fix buffer overflow 2004-05-19 joey infodrom org (Martin Schulze) Non-logged Brute Force Attack Vulnerability for Fantastico-Created Databases on cPanel Based Hosts 2004-05-19 Michael Curtis (email curto us) Advisory: cPanel/Fantastico/mysql local vulnerability Date: 5/19/04 By: Michael Curtis (email [at] curto [dot] us) System: Redhat Enterprise 3 ES / cPanel 9.3.0-R5 (most likely all redhat versions with all cpanel versions) Severity: High, full compromise of local databases, password retrieval Backg [ more ] [ reply ] Idea for proactive worm protection 2004-05-19 Peter Surda (shurdeek routehat org) Hello guys, first of all, let me describe my situation. I live in a pretty big dorm, it features a LAN with about 1200 computers, of course, most of them run Windows and their users don't know how to update the system. Various worms (most notably Blaster, Welchia, Sasser and Agobot) regularly flood [ more ] [ reply ] A new Sanctum paper: "Blind XPath Injection" 2004-05-19 Amit Klein (amit klein sanctuminc com) I'm happy to announce a new paper from Sanctum, titled "Blind XPath Injection", written by yours truly. The paper can be downloaded here: http://www.sanctuminc.com/pdfc/WhitePaper_Blind_XPath_Injection_20040518 Below I copy the paper abstract: This paper describes a Blind XPath Injection atta [ more ] [ reply ] [SECURITY] [DSA 505-1] New cvs packages fix remote exploit 2004-05-19 joey infodrom org (Martin Schulze) [SECURITY] [DSA 506-1] New neon packages fix buffer overflow 2004-05-19 joey infodrom org (Martin Schulze) FreeBSD Security Advisory FreeBSD-SA-04:10.cvs 2004-05-19 FreeBSD Security Advisories (security-advisories freebsd org) [ GLSA 200405-09 ] ProFTPD Access Control List bypass vulnerability 2004-05-19 Kurt Lieber (klieber gentoo org) [FLSA-2004:1546] Updated utempter resolves security vulnerability -- Reissue: updated 8.0 version numbers 2004-05-19 Jesse Keating (jkeating j2solutions net) RE: Buffer Overflow in ActivePerl ? 2004-05-18 Drew Copley (dcopley eeye com) > -----Original Message----- > From: noderat (at) hotmail (dot) com [email concealed] [mailto:noderat (at) hotmail (dot) com [email concealed]] > Sent: Tuesday, May 18, 2004 9:11 PM > To: bugtraq (at) securityfocus (dot) com [email concealed] > Subject: Re: Buffer Overflow in ActivePerl ? > > In-Reply-To: <40AAB885.10935.31071242@localhost> > > >Looks like full control of EIP... [ more ] [ reply ] Re: Unknown IE bug with css-styles 2004-05-18 Paolo Mattiangeli (security centrodiascolto it) Yep, IE crashes badly. But I can't understand what your code is for. The <link> tag should appear in the <head> section of your document, and you'll have a hard time displaying a table without a <tr>...</tr> . Cheers! Paolo ----- Original Message ----- From: <henkie_is_leet (at) hotmail (dot) com [email concealed]> To: <bugt [ more ] [ reply ] Re: Buffer Overflow in ActivePerl ? 2004-05-18 Josh Tolley (josh raintreeinc com) Also reproduced in perl v5.8.0 build 806 on WinXP Pro. rich.sf (at) lclogic (dot) com [email concealed] wrote: >Reproduced with 5.6.1/win95. > >On Mon, 17 May 2004, Oliver (at) greyhat (dot) de [email concealed] wrote: > > > >>Date: Mon, 17 May 2004 22:23:56 +0200 >>From: "Oliver (at) greyhat (dot) de [email concealed]" <Oliver (at) greyhat (dot) de [email concealed]> >>To: full-disclosure (at) lists.netsys (dot) com [email concealed] >> [ more ] [ reply ] Re: Buffer Overflow in ActivePerl ? 2004-05-19 noderat hotmail com In-Reply-To: <40AAB885.10935.31071242@localhost> >Looks like full control of EIP... > >However, there is not likely to be a privilege escalation here unless >perhaps a script processor on a web server can be cajoled into doing >something with this?? (Not at all familiar with the innards of W [ more ] [ reply ] MDKSA-2004:047 - Updated kdelibs packages fix URI handling vulnerabilities 2004-05-18 Mandrake Linux Security Team (security linux-mandrake com) Unknown IE bug with css-styles 2004-05-18 henkie_is_leet hotmail com Heya ppl!, I was coding around a bit.. When I was testing the html code with internet explorer, the damn thing started to crash! (Including all other IE's that where open at the same time) I?ve tested it several times (on different machines) and all had the same problem. it has something [ more ] [ reply ] Re: Buffer Overflow in ActivePerl ? 2004-05-18 Nick FitzGerald (nick virus-l demon co uk) "Oliver (at) greyhat (dot) de [email concealed]" <Oliver (at) greyhat (dot) de [email concealed]> wrote: > i played around with ActiveState's ActivePerl for Win32, and crashed > Perl.exe with the following command: > > perl -e "$a="A" x 256; system($a)" Ditto -- "v5.8.0 built for MSWin32-x86-multi-thread" on Win2K SP4 plus all but last week's security [ more ] [ reply ] |
|
Privacy Statement |
Hash: SHA1
________________________________________________________________________
OpenPKG Security Advisory The OpenPKG Project
http://www.openpkg.org/security.html http://www.openpkg.org
openpkg-security (at) openpkg (dot) org [email concealed]
[ more ] [ reply ]