BugTraq Mode:
(Page 1540 of 1748)  < Prev  1535 1536 1537 1538 1539 1540 1541 1542 1543 1544 1545  Next >
SUSE Security Announcement: xf86/XFree86 (SuSE-SA:2004:006) 2004-02-23
thomas suse de (Thomas Biege)

-----BEGIN PGP SIGNED MESSAGE-----

________________________________________________________________________
______

SUSE Security Announcement

Package: xf86/XFree86
Announcement-ID: SuSE-SA:2004:006
Date: Monda

[ more ]  [ reply ]
nCipher Advisory #9: Host-side attackers can access secret data 2004-02-23
nCipher Support (technotifications us ncipher com)
nCipher Security Advisory No. 9
Host-side attackers can access secret data
------------------------------------------

SUMMARY
=======

On certain models and firmware combinations, an attacker who is able
to issue commands to an HSM (eg, by having use o

[ more ]  [ reply ]
TSLSA-2004-0008 - kernel 2004-02-23
Trustix Security Advisor (tsl trustix org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Trustix Secure Linux Security Advisory #2004-0008

Package name: kernel
Summary: local root exploit in mremap
Date: 2004-02-23
Affected versions: Tr

[ more ]  [ reply ]
Re: is predicatable file location a vuln? (was RE: Aol Instant Messenger/Microsoft 2004-02-22
Steven M. Christey (coley mitre org)

Stuart Moore said:

>An interesting category, for sure. I think this point deserves
>discussion. Is the use of predictable file locations really a
>vulnerability? We know that it can certainly facilitate exploits, but
>is it a vulnerability in and of itself? (Or is it even an "exposure"
>as CVE

[ more ]  [ reply ]
lbreakout2 < 2.4beta-2 local exploit 2004-02-22
Li0n7 voila fr


/*

* lbreakout2 < 2.4beta-2 local exploit by Li0n7 (at) voila (dot) fr [email concealed]

* vulnerability reported by Ulf Harnhammar <Ulf.Harnhammar.9485 (at) student.uu (dot) se [email concealed]>

* usage: ./lbreakout2-exp [-r <RET>][-b [-s <STARTING_RET>]]

*

*/

#include <stdio.h>

#include <stdlib.h>

#include <unistd.h>

#include <sys/wai

[ more ]  [ reply ]
[SECURITY] [DSA 447-1] New hsftp packages fix format string vulnerability 2004-02-23
Matt Zimmerman (mdz debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 447-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Matt Zimmerman
February 22nd, 2004

[ more ]  [ reply ]
[SECURITY] [DSA 446-1] New synaesthesia packages fix insecure file creation 2004-02-21
Matt Zimmerman (mdz debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 446-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Matt Zimmerman
February 21st, 2004

[ more ]  [ reply ]
[SECURITY] [DSA 436-2] New mailman packages fix bug introduced in DSA 436-1 2004-02-21
Matt Zimmerman (mdz debian org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 436-2 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Matt Zimmerman
February 21st, 2004

[ more ]  [ reply ]
[SECURITY] [DSA 448-1] New pwlib packages fix multiple vulnerabilities 2004-02-23
Matt Zimmerman (mdz debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 448-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Matt Zimmerman
February 22nd, 2004

[ more ]  [ reply ]
GateKeeper Pro 4.7 buffer overflow 2004-02-22
Iván Rodriguez Almuiña (kralor coromputer net)
/*==============================[CRPT - French
Team]=============================* [Coromputer Security Advisory] - [CRPTSA-01]
*================================== [Summary]
==================================*
Software : GateKeeper Pro 4.7
Platforms : win32
Risk : High
Impact : Buffer over

[ more ]  [ reply ]
FYI: CAIF Format Specification 2004-02-22
Oliver Goebel (Goebel CERT Uni-Stuttgart DE)
For Your Information:

a draft on the format specification of the Common Announcement
Interchange Format (CAIF) has been released.

The project started in 2002 and produced a requirements document, which
was released in January 2003 (it is available from the CAIF homepage).
Based on the requirement

[ more ]  [ reply ]
RE: Re: is predicatable file location a vuln? (was RE: Aol Instant Messenger/Microsoft Internet Explorer remote code execution) 2004-02-20
Drew Copley (dcopley eeye com)


> -----Original Message-----
> From: http-equiv (at) excite (dot) com [email concealed] [mailto:1 (at) malware (dot) com [email concealed]]
> Sent: Friday, February 20, 2004 1:37 PM
> To: bugtraq (at) securityfocus (dot) com [email concealed]
> Subject: Re: is predicatable file location a vuln? (was RE:
> Aol Instant Messenger/Microsoft Internet Explorer remote code
> execution)

[ more ]  [ reply ]
LNSA-#2004-0003: Linux Kernel 2004-02-20
Vincenzo Ciaglia (ciaglia netwosix org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

************************************************************************
************
Netwosix Linux Security Advisory #2004-0003 <http://www.netwosix.org>
- ------------------------------------------------------------------------
-----------

Package na

[ more ]  [ reply ]
LNSA-#2004-0002: Fetchmail 6.2.4 and earlier remote denial of service 2004-02-20
Vincenzo Ciaglia (ciaglia netwosix org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

************************************************************************
************
Netwosix Linux Security Advisory #2004-0002 <http://www.netwosix.org>
- ------------------------------------------------------------------------
-----------

Package nam

[ more ]  [ reply ]
Re: is predicatable file location a vuln? (was RE: Aol Instant Messenger/Microsoft Internet Explorer remote code execution) 2004-02-20
http-equiv (at) excite (dot) com [email concealed] (1 malware com)


<!--

> Being able to store arbitrary content in a predictable file
>location is a vulnerability category of its own

An interesting category, for sure. I think this point deserves
discussion. Is the use of predictable file locations really a
vulnerability?

-->

If it isn't it should be

[ more ]  [ reply ]
OpenLinux: Perl Safe.pm unsafe access 2004-02-20
please_reply_to_security sco com

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

________________________________________________________________________
______

SCO Security Advisory

Subject: OpenLinux: Perl Safe.pm unsafe access
Advisory number: CSSA-2004-007.0
Issue date: 2004 February 20
Cross reference: sr887196 fz5284

[ more ]  [ reply ]
RE: is predicatable file location a vuln? (was RE: Aol Instant Messenger/Microsoft Internet Explorer remote code execution) 2004-02-20
Drew Copley (dcopley eeye com)


> -----Original Message-----
> From: Stuart Moore [mailto:smoore.bugtraq (at) securityglobal (dot) net [email concealed]]
> Sent: Thursday, February 19, 2004 10:40 PM
> To: thor (at) pivx (dot) com [email concealed]; bugtraq (at) securityfocus (dot) com [email concealed]
> Subject: is predicatable file location a vuln? (was RE: Aol
> Instant Messenger/Microsoft Internet Explorer

[ more ]  [ reply ]
Remote Buffer Overflow in PSOProxy 0.91 2004-02-20
Donato Ferrante (fdonato autistici org)
Donato Ferrante

Application: PSOProxy
http://psoproxy.sourceforge.net/

Version: 0.91

Bug: Remote Buffer Overflow

Author: Donato Ferrante
e-mail: fdonato (at) autistici (dot) org [email concealed]
web: www.autistici.org/fdonato

x

[ more ]  [ reply ]
is predicatable file location a vuln? (was RE: Aol Instant Messenger/Microsoft Internet Explorer remote code execution) 2004-02-20
Stuart Moore (smoore bugtraq securityglobal net)
Thor,

Hi. Good summary of the previous posts regarding the 'shell:' issue.

> Being able to store arbitrary content in a predictable file location is
> a vulnerability category of its own

An interesting category, for sure. I think this point deserves discussion. Is the use of
predictable fi

[ more ]  [ reply ]
Bank of America contact 2004-02-20
Lance James (lance securescience net)
Hi bugtraq,

Does anyone know anyone that I would contact to address certain
security issues at Bank of America. I see that Wells Fargo and
Citibank has direct contacts, but not BofA. Please let me know.
Thanks.

--
Best regards,
Lance James mailto:lance@securescie

[ more ]  [ reply ]
Re: SNMP community string disclosure in Linksys WAP55AG 2004-02-19
Nicolai van der Smagt (nicolai vandersmagt bbned nl)
Hugo wrote:

> On Wed, 17 Feb 2004, NN Poster wrote:
>
> > Linksys WAP55AG does not properly secure SNMP community strings. In particular, it is possible to obtain all community strings, including read/write, by querying OID 1.3.6.1.4.1.3955.2.1.13.1.2.
> >
> > 1.3.6.1.4.1.3955.2.1.13.1.2.1 = STRI

[ more ]  [ reply ]
article: Theft of Client Information at a Major Israeli Bank's "Information Fortress". 2004-02-19
Gadi Evron (ge egotistical reprehensible net)
According to reports, a break-in occurred at the Israeli Bank Leumi's
"Information Fortress". The perpetrators accessed the perimeter
physically and proceeded to steal and delete critical client information
from the "main server", using a laptop computer they allegedly hooked
into the network.

[ more ]  [ reply ]
[CLA-2004:821] Conectiva Security Announcement - XFree86 2004-02-20
Conectiva Updates (secure conectiva com br)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
CONECTIVA LINUX SECURITY ANNOUNCEMENT
- ------------------------------------------------------------------------
--

PACKAGE : XFree86
SUMMARY : Fix for font related vulner

[ more ]  [ reply ]
fix for recently disclosed Oracle interval conversion overflows? 2004-02-20
Marc Bejarano (bugtraq beej org)
on 2/5, cesar cerrudo sent an advisory about some buffer overflows in
interval conversion funcions in Oracle Database 9ir2 to the ntbugtraq
mailing list [1].

the advisory says:
==
Vendor Fix:
Go to Oracle Metalink site,
<http://metalink.oracle.com>http://metalink.oracle.com

Vendor Contact:
Orac

[ more ]  [ reply ]
[CLA-2004:820] Conectiva Security Announcement - kernel 2004-02-20
Conectiva Updates (secure conectiva com br)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
CONECTIVA LINUX SECURITY ANNOUNCEMENT
- ------------------------------------------------------------------------
--

PACKAGE : kernel
SUMMARY : Fixes for kernel vulnerabili

[ more ]  [ reply ]
[SECURITY] [DSA 444-1] New Linux 2.4.17 packages fix local root exploit (ia64) 2004-02-20
joey infodrom org (Martin Schulze)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 444-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Martin Schulze
February 20th, 2004

[ more ]  [ reply ]
(Page 1540 of 1748)  < Prev  1535 1536 1537 1538 1539 1540 1541 1542 1543 1544 1545  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus