|
|
Colapse all |
Post message
[waraxe-2004-SA#025 - Multiple vulnerabilities in Protector System 1.15b1 for PhpNuke] 2004-04-23 Janek Vind (come2waraxe yahoo com) RE: [Full-Disclosure] EEYE: Symantec Multiple Firewall TCP Options Denial of Service 2004-04-23 Sym Security (secure symantec com) On 04/23/2004: eEye Digital Security posted: eE"Derek Soeder" <dsoeder (at) eeye (dot) com [email concealed]> Sent by: full-disclosure-admin (at) lists.netsys (dot) com [email concealed] 04/23/2004 01:36 PM Symantec Multiple Firewall TCP Options Denial of Service Release Date: April 23, 2004 Date Reported: March 9th, 2004 Severity: [ more ] [ reply ] EEYE: Symantec Multiple Firewall TCP Options Denial of Service 2004-04-23 Derek Soeder (dsoeder eeye com) Symantec Multiple Firewall TCP Options Denial of Service Release Date: April 23, 2004 Date Reported: March 9th, 2004 Severity: High (Remote Denial of Service) Vendor: Symantec Systems Affected: Symantec Norton Internet Security 2003 Symantec Norton Internet Security 2004 Symantec Norton Interne [ more ] [ reply ] Potential Microsoft PCT worm (MS04-011) 2004-04-23 advisories (advisories corsaire com) Potential Microsoft PCT worm (MS04-011) A revised exploit has been released for the PCT flaw in the last 24-hrs by THC (THCIISSLame.c). For the last few hours we have also been receiving uncorroborated anecdotal evidence from reliable sources that a working worm is being trialled on the Internet, [ more ] [ reply ] TCP Reset Attacks: Paper and Code Now Availble 2004-04-23 sullo cirt net Just a quick note to announce that Paul Watson's research paper, slides and code for the much publicized "Slipping in the Window: TCP Reset Attacks" presentation are now available for download. All materials can be found on OSVDB.org at: http://www.osvdb.org/4030 Thanks, Sullo -- http://www.c [ more ] [ reply ] Arbitrary file overwriting in Unreal engine through UMOD 2004-04-22 Luigi Auriemma (aluigi altervista org) SGI Advanced Linux Environment security update #18 2004-04-21 SGI Security Coordinator (agent99 sgi com) MDKSA-2004:031-1 - Updated utempter packages fix several vulnerabilities 2004-04-21 Mandrake Linux Security Team (security linux-mandrake com) [slackware-security] xine security update (SSA:2004-111-01) 2004-04-21 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] xine security update (SSA:2004-111-01) New xine packages are available for Slackware 9.1 and -current to fix security issues. Here are the details from the Slackware 9.1 ChangeLog: +--------------------------+ Tue Apr 20 19:01:5 [ more ] [ reply ] Vulnerabilities in long-lived TCP connections on SGI systems 2004-04-21 SGI Security Coordinator (agent99 sgi com) NetBSD Security Advisory 2004-005: Denial of service vulnerabilities in OpenSSL 2004-04-21 NetBSD Security-Officer (security-officer netbsd org) -----BEGIN PGP SIGNED MESSAGE----- NetBSD Security Advisory 2004-005 ================================= Topic: Denial of service vulnerabilities in OpenSSL Version: NetBSD-current: source prior to March 22, 2004 NetBSD 2.0: branch unaffected, release will include the fix NetBSD 1.6.2: [ more ] [ reply ] EEYE: Yahoo! Mail Account Filter Overflow Hijack 2004-04-21 Drew Copley (dcopley eeye com) "Yahoo! Mail" Account Filter Overflow Hijack Release Date: April 19, 2004 Date Reported: March 10, 2004 Severity: High Vendor: Yahoo! Description: "Yahoo! Mail" is one of the Internet's most popular web based email solutions. They provide free email and large capacity storage, as well as subs [ more ] [ reply ] NetBSD Security Advisory 2004-006: TCP protocol and implementation vulnerability 2004-04-21 NetBSD Security-Officer (security-officer netbsd org) -----BEGIN PGP SIGNED MESSAGE----- NetBSD Security Advisory 2004-006 ================================= Topic: TCP protocol and implementation vulnerability Version: NetBSD-current: source prior to April 22, 2004 NetBSD 2.0: branch affected, release will include the fix NetBSD 1.6.2: [ more ] [ reply ] [waraxe-2004-SA#022 - Multiple vulnerabilities in PostNuke 0.726 Phoenix - part 2] 2004-04-21 Janek Vind (come2waraxe yahoo com) [waraxe-2004-SA#021 - Multiple vulnerabilities in phprofession 2.5 module for PostNuke] 2004-04-21 Janek Vind (come2waraxe yahoo com) Advanced Guestbook 2.2 -- SQL Injection Exploit 2004-04-21 JQ (idiosyncrasie xs4all nl) The widely-used Advanced Guestbook 2.2 webapplication (PHP, MySQL) appears vulnerable to SQL Injection granting the attacker administrator access. The attack is very simple and consists of inputting the following password string leaving the username entry blank: ') OR ('a' = 'a Regards, J [ more ] [ reply ] [SECURITY] [DSA 493-1] New xchat packages fix arbitrary code execution 2004-04-21 joey infodrom org (Martin Schulze) [RHSA-2004:166-01] Updated kernel packages resolve security vulnerabilities 2004-04-21 bugzilla redhat com IETF Draft on Transmission Control Protocol security considerations 2004-04-21 Thor Larholm (thor pivx com) From the Abstract: TCP (RFC793 [1]) is widely deployed and one of the most often used reliable end to end protocols for data communication. Yet when it was defined over 20 years ago the internet, as we know it, was a different place lacking many of the threats that are now common. Re [ more ] [ reply ] [PNSA 2004-2] PostNuke Security Advisory PNSA 2004-2 2004-04-20 Valerio Santinelli (tanis altralogica it) US-CERT Technical Cyber Security Alert TA04-111B -- Cisco IOS SNMP Message Handling Vulnerability 2004-04-21 CERT Advisory (cert-advisory cert org) Linux kernel setsockopt MCAST_MSFILTER integer overflow 2004-04-20 Wojciech Purczynski (cliph isec pl) Cisco Security Advisory: TCP Vulnerabilities in Multiple IOS Based Cisco Products 2004-04-20 Cisco Systems Product Security Incident Response Team (psirt cisco com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: TCP Vulnerabilities in Multiple IOS-Based Cisco Products Revision 1.0 For Public Release 2004 April 20 21:00 UTC (GMT) - ------------------------------------------------------------------------ - Summary ======= A vulnerabilit [ more ] [ reply ] Cisco Security Advisory: Vulnerabilities in SNMP Message Processing 2004-04-20 Cisco Systems Product Security Incident Response Team (psirt cisco com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Vulnerabilities in SNMP Message Processing Revision 1.0 INTERIM For Public Release 2004 April 20 UTC 2100 - ----------------------------------------------------------------------- Contents ======== Summary Affected [ more ] [ reply ] Cisco Security Advisory: TCP Vulnerabilities in Multiple Non-IOS-Based Cisco Products 2004-04-20 Cisco Systems Product Security Incident Response Team (psirt cisco com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: TCP Vulnerabilities in Multiple Non-IOS Cisco Products Revision 1.0 For Public Release 2004 April 20 21:00 UTC (GMT) - ------------------------------------------------------------------------ - Summary ======= A vulnerability [ more ] [ reply ] |
|
Privacy Statement |
{=======================================================================
=========}
{ [waraxe-2004-SA#025] }
{=======================================================================
=========}
{
[ more ] [ reply ]