|
|
Colapse all |
Post message
[waraxe-2004-SA#027 - Once again - critical vulnerabilities in PhpNuke 6.x - 7.2] 2004-05-05 Janek Vind (come2waraxe yahoo com) [OpenPKG-SA-2004.019] OpenPKG Security Advisory (kolab) 2004-05-05 OpenPKG (openpkg openpkg org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ________________________________________________________________________ OpenPKG Security Advisory The OpenPKG Project http://www.openpkg.org/security.html http://www.openpkg.org openpkg-security (at) openpkg (dot) org [email concealed] [ more ] [ reply ] Titan FTP Server Aborted LIST DoS 2004-05-05 Aviram Jenik (aviram beyondsecurity com) Titan FTP Server Aborted LIST DoS ---------------------------------------------------- Article reference: http://www.securiteam.com/windowsntfocus/5RP0215CUU.html SUMMARY A security vulnerability exists in South River Technologies' Titan FTP Server. An attacker issuing a LIST command and disc [ more ] [ reply ] Fuse Talk Vunerabilities 2004-05-05 Stuart Jamieson (stuart jamieson active-outdoors co uk) As well as well known XSS vunerabilities the latest version 4.0 seems to have some other issues. Unpatched releases of V4.0 allow the user to access the Template banning.cfm without any administrative privleages. All users of the software should check with fusetalk.com for the latest security p [ more ] [ reply ] Corsaire Security Advisory - Verity Ultraseek path disclosure issue 2004-05-05 advisories (advisories corsaire com) -- Corsaire Security Advisory -- Title: Verity Ultraseek path disclosure issue Date: 04.01.13 Application: Verity Ultraseek 5.2.1 and prior Environment: Solaris 7, Windows NT, Windows 2000, Redhat Linux Author: Martin O'Neal [martin.oneal (at) corsaire (dot) com [email concealed]] Audience: Vendor notification Reference: c040 [ more ] [ reply ] UnixWare 7.1.3 Open UNIX 8.0.0 UnixWare 7.1.1 : apache multiple vulnerabilities, upgraded to apache-1.3.29 2004-05-05 please_reply_to_security sco com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ________________________________________________________________________ ______ SCO Security Advisory Subject: UnixWare 7.1.3 Open UNIX 8.0.0 UnixWare 7.1.1 : apache multiple vulnerabilities, upgraded to apache-1.3.29 Advisory number: SCOSA-2004 [ more ] [ reply ] [slackware-security] lha update in bin package (SSA:2004-125-01) 2004-05-04 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] lha update in bin package (SSA:2004-125-01) New bin- packages are available for Slackware 8.1, 9.0, 9.1, and -current to fix buffer overflows and directory traversal vulnerabilities in the 'lha' archive utility. Sites using 'lh [ more ] [ reply ] Re: (HOAX) Dameware Mini Remote Control Version 4.2 ? Weak Key Agreement Scheme 2004-05-04 DameWare Support (support dameware com) In-Reply-To: <20040430182646.29912.qmail (at) www.securityfocus (dot) com [email concealed]> This is definitely not an exploit, nor is it a vulnerability and therefore inaccurate & misleading. Furthermore, the information submitted by ax09001h (at) hotmail (dot) com [email concealed] has nothing to do with obtaining the Session Encryption Key, nor does [ more ] [ reply ] remote root exec vulnerability in omail 2004-05-04 Thijs Dalhuijsen (thijs dalhuijsen com) product:omail webmail version: 0.98.5 notified: now the "patch" on omail.pl still leaves the system wide open for attack, the regex to filter out " and ' doesn't help you much if your $SHELL is bash or something similar both back ticks and more arcane ways of shell expansion $(rm -rf /) are sti [ more ] [ reply ] RE: Crystal Reports Vulnerabilities 2004-05-04 Imperva Application Defense Center (adc imperva com) Just a short update. Shortly after sending this mail we have been contacted by their Product Manager. BusinessObjects are now addressing the problem, and we are waiting a patch to be issued so the technical details of the vulnerability can be disclosed. Sincerely, Ofer Maor Application Defense Cen [ more ] [ reply ] @stake: AppleFileServer Remote Command Execution 2004-05-03 @stake Advisories (advisories atstake com) [product-security (at) apple (dot) com [email concealed]: APPLE-SA-2004-05-03 Security Update 2004-05-03] 2004-05-03 David Ahmad (da securityfocus com) ----- Forwarded message from Apple Product Security <product-security (at) apple (dot) com [email concealed]> ----- From: Apple Product Security <product-security (at) apple (dot) com [email concealed]> Subject: APPLE-SA-2004-05-03 Security Update 2004-05-03 To: <security-announce (at) lists.apple (dot) com [email concealed]> Date: Mon, 03 May 2004 14:27:44 -0700 User-Agent: Microsof [ more ] [ reply ] RE: New LSASS-based worm finally here (Sasser) 2004-05-04 Marc Maiffret (mmaiffret eeye com) One thing most people fail to note when speaking of vulnerability-to-worm timelines shrinking is that your basing your timeline off of when a vulnerability is disclosed, to when a worm is discovered, NOT when a worm is released. The importance of this is that your timeline is not specifically based [ more ] [ reply ] Sasser worm and Embedded Support Partner (ESP) port 5554/tcp 2004-05-03 SGI Security Coordinator (agent99 sgi com) [slackware-security] libpng update (SSA:2004-124-04) 2004-05-03 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] libpng update (SSA:2004-124-04) New libpng packages are available for Slackware 9.0, 9.1, and -current to fix an issue where libpng could be caused to crash, perhaps creating a denial of service issue if network services are link [ more ] [ reply ] [slackware-security] sysklogd update (SSA:2004-124-02) 2004-05-03 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] sysklogd update (SSA:2004-124-02) New sysklogd packages are available for Slackware 8.1, 9.0, 9.1, and -current to fix a security issue where a user could cause syslogd to crash. Thanks to Steve Grubb who researched the issue. [ more ] [ reply ] [slackware-security] rsync update (SSA:2004-124-01) 2004-05-03 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] rsync update (SSA:2004-124-01) New rsync packages are available for Slackware 8.1, 9.0, 9.1, and -current to fix a security issue. When running an rsync server without the chroot option it is possible for an attacker to write ou [ more ] [ reply ] [slackware-security] xine-lib update (SSA:2004-124-03) 2004-05-03 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] xine-lib update (SSA:2004-124-03) New xine-lib packages are available for Slackware 9.1 and -current to fix a security issue where playing a specially crafted Real RTSP stream could run malicious code as the user playing the stre [ more ] [ reply ] RE: Will the Sasser worm become the next Blaster? 2004-05-03 Pullum, Stephen (Stephen Pullum acs-inc com) From lurhq.com... Update: May 3, 2004 The authors of the Netsky virus have claimed authorship of Sasser in comments included in the code of Netsky.AC. They provide a snippet of source code as proof. LURHQ has also independently compared the binary code of both Sasser and Netsky and found other evi [ more ] [ reply ] |
|
Privacy Statement |
Product: P4DB
URL: http://www.mydata.se/ftp/P4DB/
Version: P4DB v2.01 and earlier
Risk: Multiple vunlerabilities (high)
Description:
P4DB is a CGI based tool that provides a web-based interface to Perforce
source code repositories. It is third-party software, de
[ more ] [ reply ]