SecurityFocus

[Full-Disclosure] iDEFENSE Security Advisory 04.15.04: RealNetworks Helix Universal Server Denial of Service Vulnerability 2004-04-15
idlabs-advisories idefense com

RealNetworks Helix Universal Server Denial of Service Vulnerability

iDEFENSE Security Advisory 04.15.04
http://www.idefense.com/application/poi/display?type=vulnerabilities
February 15, 2004

I. BACKGROUND

RealNetworks Helix Universal Server is a universal digital media
delivery platform with indu

[ more ] [ reply ]

SCT javascript execution vulnerability 2004-04-15
spiffomatic 64 (spiffomatic64 hotmail com)

Vendor : SCT
URL :
http://www.sct.com/Education/Products/Connected_Learning/CampusPipeline.
html
Version : CampusPipeline
Risk : javascript execution

Description: SCT Campus Pipeline is the Web platform of choice at over 175
institutions. It improves efficiency, builds community, and prov

[ more ] [ reply ]

FreeBSD Security Advisory FreeBSD-SA-04:07.cvs 2004-04-15
FreeBSD Security Advisories (security-advisories freebsd org)

Re: XSS, Admin Access via Cookie and File Upload vulnerability in NewsPHP. 2004-04-15
Manuel Lopez (mantra gulo org)

George, Admin of NewsPHP confirms that all vulnerabilities are now fixed.
http://www.newsphp.com

[ more ] [ reply ]

[OpenPKG-SA-2004.014] OpenPKG Security Advisory (mysql) 2004-04-14
OpenPKG (openpkg openpkg org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

________________________________________________________________________

OpenPKG Security Advisory The OpenPKG Project
http://www.openpkg.org/security.html http://www.openpkg.org
openpkg-security (at) openpkg (dot) org [email concealed]

[ more ] [ reply ]

ZA Security Hole 2004-04-14
Damjan Kreft (damjan kreft siol net)

Hello!

I think, I discover some kind of security hole in ZoneAlaram - any version.
The problem is hidding in E-mail Protection. Because I'm form Slovenia (not
Slovakia), our alphabet does have some letters with roof (c - è, s - ¹, z -
¾). And when the name of e-mail attachment contain any of these

[ more ] [ reply ]

US-CERT Technical Cyber Security Alert TA04-104A -- Multiple Vulnerabilities in Microsoft Products 2004-04-14
CERT Advisory (cert-advisory cert org)

Include vulnerability in GEMITEL v 3.50 2004-04-15
jaguar (webmaster wulab com)

GEMITEL V 3 build 50 :: include vulnerability

URL : http://www.isesam.com/
FORUM : http://www.isesam.com/forums/gemitel/thread_open.shtml
Vendor has been contacted.

Description :
---------------

Gemitel is a free software written in php that allows to manage micro payments like allopass, m

[ more ] [ reply ]

Cisco Security Notice: Cisco IPsec VPN Implementation Group Password Usage Vulnerability 2004-04-15
Cisco Systems Product Security Incident Response Team (psirt cisco com)

[RHSA-2004:159-01] Updated Subversion packages fix security vulnerability in neon 2004-04-15
bugzilla redhat com

FW: [Unpatched] 4 new Microsoft patches, 4 old updated, 24 vulnerabilities 2004-04-14
Thor Larholm (thor pivx com)

-----Original Message-----
From: Thor Larholm
To: http://unpatched.pivxlabs.com
Subject: [Unpatched] 4 old Microsoft patches updated

4 old Microsoft patches updated

In addition to releasing 4 new patches today (see previous post on
Unpatched below), Microsoft has re-released 4 older patches w

[ more ] [ reply ]

[SECURITY] [DSA 479-2] New Linux 2.4.18 packages fix local root exploit (i386) 2004-04-14
joey infodrom org (Martin Schulze)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 479-2 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Martin Schulze
April 14th, 2004

[ more ] [ reply ]

phpBugTracker 0.9.1 && Earlier Vulnerabilities 2004-04-15
JeiAr (security gulftech org)

Vendor : Benjamin Curtis

URL : http://phpbt.sourceforge.net

Version : phpBugTracker 0.9.1

Risk : Multiple Vulnerabilities

Description:

phpBugTracker is meant to be a replacement for Bugzilla (one day). It's

not quite there yet, but we're working on it. This project grew out of

[ more ] [ reply ]

[ GLSA 200404-13 ] CVS Server and Client Vulnerabilities 2004-04-14
Kurt Lieber (klieber gentoo org)

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200404-13
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -

[ more ] [ reply ]

[SECURITY] [DSA 480-1] New Linux 2.4.17 and 2.4.18 packages fix local root exploit (hppa) 2004-04-14
joey infodrom org (Martin Schulze)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 480-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Martin Schulze
April 14th, 2004

[ more ] [ reply ]

[RHSA-2004:154-01] Updated CVS packages fix security issue 2004-04-14
bugzilla redhat com

[SECURITY] [DSA 482-1] New Linux 2.4.17 packages fix local root exploit (source+powerpc/apus+s390) 2004-04-14
joey infodrom org (Martin Schulze)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 482-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Martin Schulze
April 14th, 2004

[ more ] [ reply ]

4 new Microsoft patches to close 20 vulnerabilities 2004-04-13
Thor Larholm (thor pivx com)

4 new Microsoft patches to close 20 vulnerabilities

It's patch Tuesday in Redmond and this April we have seen the release of
MS04-011, MS04-012, MS04-013 and MS04-014. Microsoft has given all of
these patches an impact of "Remote Code Execution" and the affected
software ranges from Windows 98 to W

[ more ] [ reply ]

SUSE Security Announcement: cvs (SuSE-SA:2004:008) 2004-04-14
krahmer suse de (Sebastian Krahmer)

[SECURITY] [DSA 483-1] New mysql packages fix insecure temporary file creation 2004-04-14
joey infodrom org (Martin Schulze)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 483-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Martin Schulze
April 14th, 2004

[ more ] [ reply ]

[Full-Disclosure] iDEFENSE Security Advisory 04.13.04 - Microsoft Help and Support Center Argument Injection Vulnerability 2004-04-13
idlabs-advisories idefense com

Microsoft Help and Support Center Argument Injection Vulnerability

iDEFENSE Security Advisory 04.13.04
www.idefense.com/application/poi/display?id=100&type=vulnerabilities
April 13, 2004

I. BACKGROUND

Help and Support Center is a feature of Microsoft Windows that enables
users to download and ins

[ more ] [ reply ]

EEYE: Windows Local Security Authority Service Remote Buffer Overflow 2004-04-13
Marc Maiffret (mmaiffret eeye com)

Windows Local Security Authority Service Remote Buffer Overflow

Release Date:
April 13, 2004

Date Reported:
October 8, 2003

Severity:
High (Remote Code Execution)

Vendor:
Microsoft

Systems Affected:
Windows 2000
Windows XP

Description:
eEye Digital Security has discovered a remote buffer over

[ more ] [ reply ]

UPDATE: LCDproc Buffer Overflow and Format String Vulnerabilities 2004-04-13
Rene Wagner (reenoo gmx de)

LCDproc Security Advisory 2004-04-13

OVERVIEW

Package Name: LCDproc
Vendor URL: http://lcdproc.org
http://sourceforge.net/projects/lcdproc
Problem category: Buffer overflow and format string

[ more ] [ reply ]

EEYE: Windows Expand-Down Data Segment Local Privilege Escalation 2004-04-13
Marc Maiffret (mmaiffret eeye com)

Windows Expand-Down Data Segment Local Privilege Escalation

Release Date:
April 13, 2004

Date Reported:
November 21, 2003

Severity:
Medium (Local Privilege Escalation to Kernel)

Vendor:
Microsoft

Systems Affected:
Windows NT 4.0
Windows 2000

Description:
eEye Digital Security has discovered a

[ more ] [ reply ]

[CLA-2004:839] Conectiva Security Announcement - apache 2004-04-13
Conectiva Updates (secure conectiva com br)

EEYE: Microsoft DCOM RPC Race Condition 2004-04-13
Marc Maiffret (mmaiffret eeye com)

Microsoft DCOM RPC Race Condition

Release Date:
April 13, 2004

Date Reported:
September 10, 2003

Severity:
High (Remote Code Execution)

Vendor:
Microsoft

Systems Affected:
Microsoft Windows NT Workstation 4.0
Microsoft Windows NT Server 4.0
Microsoft Windows NT Server 4.0, Terminal Server Editi

[ more ] [ reply ]

Re: Fwd: [BID 7482, bug in OpenSSH (Still in FreeBSD-STABLE)] 2004-04-13
des des no (Dag-Erling Smørgrav)

"Felipe Neuwald" <felipe.neuwald (at) loreno.com (dot) br [email concealed]> writes:
> felipe@worm felipe $ ssh -l root host
> Password:
> Password:
> Password:
> root@host's password:
> Permission denied, please try again.
> root@host's password:
> Permission denied, please try again.
> root@host's password:
> Permission denie

[ more ] [ reply ]

[KSA-005] Multiple vulnerabilities in Tutos 2004-04-13
François SORIN (francois sorin kereval com)

=================================================
Kereval Security Advisory [KSA-005]

Multiple vulnerabilities in Tutos
=================================================

PROGRAM: Tutos
HOMEPAGE: http://www.tutos.org
VULNERABLE VERSIONS: 1.1.20031017
RISK: Medium/High
IMPACT: Cross Site Scripting /

[ more ] [ reply ]