|
|
Colapse all |
Post message
[SECURITY] [DSA 491-1] New Linux 2.4.19 packages fix local root exploit (mips) 2004-04-17 joey infodrom org (Martin Schulze) [BUG-CORRECTION] IISShield "Server" header costumization 2004-04-17 Tiago Halm (thalm netcabo pt) Hi all, A new version (v1.0.4) of IISShield was released concerning a bug correction regarding the parsing of the "Server" header costumization. The problem concerned the interpretation of the "Server" header costumization. When the objective was to leave the "Server" header with its default value, [ more ] [ reply ] [SECURITY] [DSA 487-1] New neon packages fix format string vulnerabilities 2004-04-17 Matt Zimmerman (mdz debian org) [SECURITY] [DSA 490-1] New Zope packages fix arbitrary code execution 2004-04-17 joey infodrom org (Martin Schulze) MS04-011 SSL Remote DoS PoC 2004-04-17 David Barroso Berrueta (dbarroso s21sec com) Hi, when looking recently for vulnerabilities in the Microsoft SSL code we have found the DoS described in the lastest Microsoft Security Bulletin MS04-011. We've only tested this PoC on Windows 2000 running IIS 5.0, but as the bulletin says, other applications using SSL and other windows versions [ more ] [ reply ] Squirrelmail Chpasswod bof 2004-04-17 Matias Neiff (matias neiff com ar) Hi all There is a boffer over flow in the chpasswd binary, distributed with the plugin. This allow to local's user to execute commands as a root. ---:::Prott:::--- root@orco:/mnt/hosting/hack/bof# su webmaster webmaster@orco:/mnt/hosting/hack/bof$ ./exploit 166 5555 99999 Using address: 0xbfffe325 [ more ] [ reply ] [SECURITY] [DSA 431-2] New perl packages fix information leak in suidperl 2004-04-17 Matt Zimmerman (mdz debian org) [SCSA-028] Nuked-Klan Multiple Vulnerabilities 2004-04-17 advisory security-corporation com ================================================= Security Corporation Security Advisory [SCSA-028] Nuked-Klan Multiple Vulnerabilities ================================================= PROGRAM: Nuked-KlaN HOMEPAGE: http://www.nuked-klan.org VULNERABLE VERSIONS: b1.4, b1.5, SP2 RISK: MEDIUM/HIGH [ more ] [ reply ] Network Intelligence Advisory - Denial of Service Vulnerability in ColdFusion MX 2004-04-17 K. K. Mookhey (cto nii co in) Name: Denial of Service Vulnerability in ColdFusion MX Systems Affected: Version 6.0 and earlier Severity: Medium-High Category: Denial of Service Vendor URL: Macromedia ColdFusion MX Discovered by: Network Intelligence (I) Pvt. Ltd. (www.nii.co.in) Online location: http://www.nii.co.in/vuln/cfdos.h [ more ] [ reply ] Internet Explorer XSS published unpatched in SP1 AND SP2 2004-04-17 Rafel Ivgi, The-Insider (theinsider 012 net il) Hi! 2 weeks ago i discovered this XSS: <p id=cool align=center style="height: expression(alert('xss'))">s</p> in Internet Explorer(fully patched and with SP2) I also discoverd they Liu Die Yu(greetings pal) discovered it a long time ago. <IMG width="0" height="0" style="width: expression(alert()) [ more ] [ reply ] [SECURITY] [DSA 489-1] New Linux 2.4.17 packages fix local root exploit (mips+mipsel) 2004-04-17 joey infodrom org (Martin Schulze) [SECURITY] [DSA 486-1] New cvs packages fix multiple vulnerabilities 2004-04-17 Matt Zimmerman (mdz debian org) Norton AntiVirus nested file manual scan bypass..... 2004-04-17 Bipin Gautam (visitbipin hotmail com) Norton AntiVirus nested file manual scan bypass..... Product Version: Norton Antivirus 2002 (~Only tested On...~) Risk Impact: Medium Vendor Status: No responce! Summary: If you manage to inject a file in the sub-directory(s); beyond windows OS can create normally, [ say in 130 'th + su [ more ] [ reply ] void.at - neon format string bugs 2004-04-16 Thomas Wana (greuff void at) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [VSA0401 - neon - void.at security notice] Overview ======== We have discovered a format string vulnerability in neon (http://www.webdav.org/neon). neon is a webdav client library, used by Subversion and others. CVE has assigned the name CAN-2004-017 [ more ] [ reply ] [OpenPKG-SA-2004.016] OpenPKG Security Advisory (neon) 2004-04-16 OpenPKG (openpkg openpkg org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ________________________________________________________________________ OpenPKG Security Advisory The OpenPKG Project http://www.openpkg.org/security.html http://www.openpkg.org openpkg-security (at) openpkg (dot) org [email concealed] [ more ] [ reply ] After Ms patches last Wed ... 2004-04-16 aborg mca org mt (1 replies) Hi .. Is anyone else having time problems on their networks? Yesterday (Thu) I had approx 50% of my users unable to login because "the time on the client and server are different" and I could not figure out a way to solve it. Some people managed to login but could not get access to shared res [ more ] [ reply ] "Delete anti-virus and firewall software" --Microsoft 2004-04-16 Kim Scarborough (kjs uchicago edu) Isn't the "Resolution" in this Knowledge Base article a little, uh, ill-advised: <http://support.microsoft.com/default.aspx?scid=kb;en-us;820673> Isn't this the same company that says things like this under "Mitigating Factors" in their security bulletins: "Firewall best practices and standard d [ more ] [ reply ] [securityzone (at) macromedia (dot) com [email concealed]: New Macromedia Security Zone Bulletin Posted] 2004-04-16 David Ahmad (da securityfocus com) ----- Forwarded message from Macromedia Security Zone <securityzone (at) macromedia (dot) com [email concealed]> ----- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ IMPORTANT: A security issue that may affect ColdFusion MX 6.1 customers has come to our attention recently. To learn about this new issue and [ more ] [ reply ] [OpenPKG-SA-2004.015] OpenPKG Security Advisory (ethereal) 2004-04-16 OpenPKG (openpkg openpkg org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ________________________________________________________________________ OpenPKG Security Advisory The OpenPKG Project http://www.openpkg.org/security.html http://www.openpkg.org openpkg-security (at) openpkg (dot) org [email concealed] [ more ] [ reply ] Re: Backdoor in X-Micro WLAN 11b Broadband Router 2004-04-16 Mariano Firpo (marianofirpo x-micro com) (1 replies) In-Reply-To: <84smfb7rmf.fsf (at) risko (dot) hu [email concealed]> X-Micro Support Team: 1- The backdoor has been solved with the latest Firmware 1.601. 2- Please do not upgrade the Firmware with unofficial releases because this will void the warranty. 3- Thanks for posting this security issue. [ more ] [ reply ] |
|
Privacy Statement |
> I had a different issue after Wednesdays updates. Two win2k computers in
> my office were rendered useless after the patch. They were fine before,
> but as soon as the patch finished and the PC was rebooted, the CPU usage
> was 100% and nothing could be done
[ more ] [ reply ]