|
|
Prev week |
Colapse all |
Post message
NetBSD Security Advisory 2004-005: Denial of service vulnerabilities in OpenSSL 2004-04-21 NetBSD Security-Officer (security-officer netbsd org) EEYE: Yahoo! Mail Account Filter Overflow Hijack 2004-04-21 Drew Copley (dcopley eeye com) "Yahoo! Mail" Account Filter Overflow Hijack Release Date: April 19, 2004 Date Reported: March 10, 2004 Severity: High Vendor: Yahoo! Description: "Yahoo! Mail" is one of the Internet's most popular web based email solutions. They provide free email and large capacity storage, as well as subs [ more ] [ reply ] NetBSD Security Advisory 2004-006: TCP protocol and implementation vulnerability 2004-04-21 NetBSD Security-Officer (security-officer netbsd org) -----BEGIN PGP SIGNED MESSAGE----- NetBSD Security Advisory 2004-006 ================================= Topic: TCP protocol and implementation vulnerability Version: NetBSD-current: source prior to April 22, 2004 NetBSD 2.0: branch affected, release will include the fix NetBSD 1.6.2: [ more ] [ reply ] [waraxe-2004-SA#022 - Multiple vulnerabilities in PostNuke 0.726 Phoenix - part 2] 2004-04-21 Janek Vind (come2waraxe yahoo com) [waraxe-2004-SA#021 - Multiple vulnerabilities in phprofession 2.5 module for PostNuke] 2004-04-21 Janek Vind (come2waraxe yahoo com) Advanced Guestbook 2.2 -- SQL Injection Exploit 2004-04-21 JQ (idiosyncrasie xs4all nl) The widely-used Advanced Guestbook 2.2 webapplication (PHP, MySQL) appears vulnerable to SQL Injection granting the attacker administrator access. The attack is very simple and consists of inputting the following password string leaving the username entry blank: ') OR ('a' = 'a Regards, J [ more ] [ reply ] Re: Idea of CAW (Creation of Attack Wood) 2004-04-21 Jan Minar (jjminar fastmail fm) On Tue, Apr 20, 2004 at 05:58:17PM +0000, Magosányi Árpád wrote: > -Your definition of the goal is your definition. I might have > a goal which is very similar to yours, but have some different > aspects. The goals should be categorized, too, as the departing points are. Preferably, these goals sho [ more ] [ reply ] [SECURITY] [DSA 493-1] New xchat packages fix arbitrary code execution 2004-04-21 joey infodrom org (Martin Schulze) Re: ZA Security Hole 2004-04-21 Patrick Brauch (pab heisec de) Hello, I couldn't reproduce the errors, neither with braces () nor with unicode characters -- all files where renamed (quarantined) even if they had some problems with the correct display of the filename. I tested this with a current Zone Alarm Pro (downloaded today, April 21st) and a Windows [ more ] [ reply ] [RHSA-2004:166-01] Updated kernel packages resolve security vulnerabilities 2004-04-21 bugzilla redhat com IETF Draft on Transmission Control Protocol security considerations 2004-04-21 Thor Larholm (thor pivx com) From the Abstract: TCP (RFC793 [1]) is widely deployed and one of the most often used reliable end to end protocols for data communication. Yet when it was defined over 20 years ago the internet, as we know it, was a different place lacking many of the threats that are now common. Re [ more ] [ reply ] [PNSA 2004-2] PostNuke Security Advisory PNSA 2004-2 2004-04-20 Valerio Santinelli (tanis altralogica it) Re: phpBB 2.0.8a and lower - IP spoofing vulnerability 2004-04-21 Xin LI (delphij frontfree net) On Tue, Apr 20, 2004 at 04:15:48PM +0400, 3APA3A wrote: > --Monday, April 19, 2004, 4:01:29 AM, you wrote to bugtraq (at) securityfocus (dot) com [email concealed]: > > RR> the users IP address in the common.php script. This issue is caused > RR> by blind trust of the X-Forwarded-For HTTP header. A remote attacker > > This [ more ] [ reply ] US-CERT Technical Cyber Security Alert TA04-111B -- Cisco IOS SNMP Message Handling Vulnerability 2004-04-21 CERT Advisory (cert-advisory cert org) Linux kernel setsockopt MCAST_MSFILTER integer overflow 2004-04-20 Wojciech Purczynski (cliph isec pl) Re: NcFTP - password leaking 2004-04-20 Alex Behar (alex eclipse org il) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tuesday 20 April 2004 02:46, Konstantin Gavrilenko wrote: > ncftp client does not hash the password under certain conditions. And > such information is made available to other users through `ps aux` > Risk Factor: High Wget (1.8.2 and earlier) and [ more ] [ reply ] Cisco Security Advisory: TCP Vulnerabilities in Multiple IOS Based Cisco Products 2004-04-20 Cisco Systems Product Security Incident Response Team (psirt cisco com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: TCP Vulnerabilities in Multiple IOS-Based Cisco Products Revision 1.0 For Public Release 2004 April 20 21:00 UTC (GMT) - ------------------------------------------------------------------------ - Summary ======= A vulnerabilit [ more ] [ reply ] Cisco Security Advisory: Vulnerabilities in SNMP Message Processing 2004-04-20 Cisco Systems Product Security Incident Response Team (psirt cisco com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Vulnerabilities in SNMP Message Processing Revision 1.0 INTERIM For Public Release 2004 April 20 UTC 2100 - ----------------------------------------------------------------------- Contents ======== Summary Affected [ more ] [ reply ] Cisco Security Advisory: TCP Vulnerabilities in Multiple Non-IOS-Based Cisco Products 2004-04-20 Cisco Systems Product Security Incident Response Team (psirt cisco com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: TCP Vulnerabilities in Multiple Non-IOS Cisco Products Revision 1.0 For Public Release 2004 April 20 21:00 UTC (GMT) - ------------------------------------------------------------------------ - Summary ======= A vulnerability [ more ] [ reply ] Re: After Ms patches last Wed ... 2004-04-20 Greg Kujawa (greg kujawa diamondcellar com) In-Reply-To: <2DF52978DE0D854F9435C7AA7DD51F9801F4A12D (at) atlmaiexcp01.iss (dot) loca [email concealed]l> Don't know if this is duplicate info from another message, but there are two different issues with the KB835732 update. Specifically on Windows 2000 machines. The first issue involves cached data in RAM. If a machine [ more ] [ reply ] [cliph (at) isec (dot) pl [email concealed]: Linux kernel setsockopt MCAST_MSFILTER integer overflow] 2004-04-20 David Ahmad (da securityfocus com) ----- Forwarded message from Wojciech Purczynski <cliph (at) isec (dot) pl [email concealed]> ----- From: Wojciech Purczynski <cliph (at) isec (dot) pl [email concealed]> Subject: Linux kernel setsockopt MCAST_MSFILTER integer overflow To: bugtraq (at) securityfocus (dot) com [email concealed], <full-disclosure (at) lists.netsys (dot) com [email concealed]>, <vulnwatch (at) vulnwatch (dot) org [email concealed]> Cc: vendor-sec (at) lst (dot) de [email concealed] Repl [ more ] [ reply ] Re: Idea of CAW (Creation of Attack Wood) 2004-04-20 Magosányi Árpád (mag bunuel tii matav hu) A levelezõm azt hiszi, hogy kincses zoli a következõeket írta: > there is the attack tree concept of Bruce Schneier: > http://www.schneier.com/paper-attacktrees-ddj-ft.html > http://www.counterpane.com/attacktrees.pdf [] > i am working on attack tree of smartcards, and i have the > idea of creating [ more ] [ reply ] Format String in Cherokee 2004-04-20 CoKi (coki nosystem com ar) ------------------------------------------------- No System Group - Advisory #3 - 17/04/04 ------------------------------------------------- Program: Cherokee Web Server Homepage: http://www.0x50.org Vulnerable Versions: Cherokee 0.4.16 and prior Risk: Low / Medium Impact: Local Format St [ more ] [ reply ] US-CERT Technical Cyber Security Alert TA04-111A -- Vulnerabilities in TCP 2004-04-20 CERT Advisory (cert-advisory cert org) Re: ZA Security Hole 2004-04-20 David Wilson (David Wilson isode com) On Wed, 2004-04-14 at 21:44, Damjan Kreft wrote: > Hello! > > I think, I discover some kind of security hole in ZoneAlaram - any version. > The problem is hidding in E-mail Protection. Because I'm form Slovenia (not > Slovakia), our alphabet does have some letters with roof (c - è, s - ¹, z - > ¾). [ more ] [ reply ] Re: phpBB 2.0.8a and lower - IP spoofing vulnerability 2004-04-20 3APA3A (3APA3A SECURITY NNOV RU) Dear Ready Response, --Monday, April 19, 2004, 4:01:29 AM, you wrote to bugtraq (at) securityfocus (dot) com [email concealed]: RR> the users IP address in the common.php script. This issue is caused RR> by blind trust of the X-Forwarded-For HTTP header. A remote attacker This issue is very common for different BBs (for e [ more ] [ reply ] Re: BitDefender Scan Online(ActiveX) - Remote File Download &Execute & Private Information Disclosure 2004-04-20 Sami POTIRCA (spotirca bitdefender com) NISCC Vulnerability Advisory 236929: Vulnerability Issues in TCP 2004-04-20 David Ahmad (da securityfocus com) http://www.uniras.gov.uk/vuls/2004/236929/index.htm -- NISCC Vulnerability Advisory 236929 Vulnerability Issues in TCP Version Information Advisory Reference 236929 Release Date 20 April 2004 Last Revision 20 April 2004 Version Number 1.0 What is Affected? The vulnerability described [ more ] [ reply ] Re: NcFTP - password leaking 2004-04-20 Frank v Waveren (fvw var cx) On Tue, Apr 20, 2004 at 12:46:10AM +0100, Konstantin Gavrilenko wrote: > ncftp client does not hash the password under certain conditions. And > such information is made available to other users through `ps aux` [snip] > root 798 0.0 0.1 2020 1064 pts/3 S 15:04 0:00 ncftp > ftp://t [ more ] [ reply ] |
|
Privacy Statement |
-----BEGIN PGP SIGNED MESSAGE-----
NetBSD Security Advisory 2004-005
=================================
Topic: Denial of service vulnerabilities in OpenSSL
Version: NetBSD-current: source prior to March 22, 2004
NetBSD 2.0: branch unaffected, release will include the fix
NetBSD 1.6.2:
[ more ] [ reply ]