|
|
Colapse all |
Post message
RE: Round One: "DLL Proxy" Attack Easily Hijacks SSL from Internet Explorer 2004-02-12 Disclosure From OSSI (disclosure ossecurity ca) Thanks a lot for everyone's comments and feedback on this disclosure. We spent time on this old issue as it has an extremely high malicious targeted attack capability and very easy to exploit. After Jeremy's IE targeting file saving vulnerability was disclosed in November 2003, we came across the i [ more ] [ reply ] [slackware-security] mutt security update (SSA:2004-043-01) 2004-02-12 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] mutt security update (SSA:2004-043-01) Mutt is a text-based program for reading electronic mail. New mutt packages are available for Slackware 8.1, 9.0, 9.1, and -current. These have been upgraded to version 1.4.2i to fix a buf [ more ] [ reply ] [slackware-security] XFree86 security update (SSA:2004-043-02) 2004-02-12 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] XFree86 security update (SSA:2004-043-02) New XFree86 base packages are available for Slackware 8.1, 9.0, 9.1, and -current. These fix overflows which could possibly be exploited to gain unauthorized root access. All sites runn [ more ] [ reply ] RE: W2K source "leaked"? 2004-02-12 tlarholm pivx com This is not the first time that people have reported leaked copies of Windows source code. In 2000, Wired News reported that the source code for Whistler (now Windows XP) had been leaked, though they never confirmed it. http://www.wired.com/news/business/0,1367,35135,00.html WinBeta is also report [ more ] [ reply ] W2K source "leaked"? 2004-02-12 Gadi Evron (ge egotistical reprehensible net) A couple of days ago a friend of mine drew my attention to the source making rounds on the encrypted p2p networks, I was hoping it would take a bit longer for it to be "out", but that was just day-dreaming. Thor Larholm just gave me this URL, as you can notice, the server is busy: http://www.neow [ more ] [ reply ] iDEFENSE Security Advisory 02.11.04: XFree86 Font Information File Buffer Overflow II 2004-02-12 iDefense Labs (labs iDefense com) iDEFENSE Security Advisory 02.11.04: XFree86 Font Information File Buffer Overflow II http://www.idefense.com/application/poi/display?id=73 February 12, 2004 I. BACKGROUND In short, XFree86 is an open source X11-based desktop infrastructure. XFree86, provides a client/server interface between di [ more ] [ reply ] Cross Site Scripting in VBulletin forum software 2004-02-12 Jamie Fisher (contact_jamie_fisher yahoo co uk) Client side execution of malicious scripts (cross-site scripting) Test Impact Customer session and cookies may be compromised. The attacker may be able to pose as a legitimate user to view and alter user records, and perform transactions as that user. From the polarised perspective, a user [ more ] [ reply ] FW: CA Response: eTrust InoculateIT/Antivirus 6.0 for Linux vulnerability 2004-02-12 Jensen, Greg (Greg Jensen ca com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 A typo was quickly identified in the URL below from my original posting yesterday. Please use the following URL instead, if any eTrust Antivirus or InoculateIT customers are wanting to report any problems they feel may be related to this, or wish to [ more ] [ reply ] MDKSA-2004:010 - Updated mutt packages fix remote crash 2004-02-12 Mandrake Linux Security Team (security linux-mandrake com) CA Response: eTrust InoculateIT/Antivirus 6.0 for Linux vulnerability 2004-02-12 Jensen, Greg (Greg Jensen ca com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Computer Associates has been investigating the vulnerability claims from the recent Bugtraq posting, related to eTrust Antivirus 6.0 for Linux. Though it is too early to determine the accuracy of this claim, and the platforms it may cover, Computer As [ more ] [ reply ] MDKSA-2004:011 - Updated NetPBM packages fix a number of temporary file bugs. 2004-02-12 Mandrake Linux Security Team (security linux-mandrake com) RE: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption 2004-02-11 Drew Copley (dcopley eeye com) > -----Original Message----- > From: Rainer Gerhards [mailto:rgerhards (at) hq.adiscon (dot) com [email concealed]] > Sent: Wednesday, February 11, 2004 1:11 AM > To: Tina Bird > Cc: BUGTRAQ (at) securityfocus (dot) com [email concealed] > Subject: RE: EEYE: Microsoft ASN.1 Library Length Overflow > Heap Corruption > <snip> > But I think the bottom [ more ] [ reply ] [ GLSA 200402-03 ] Monkeyd Denial of Service vulnerability 2004-02-11 Tim Yamin (plasmaroo gentoo org) [ GLSA 200402-04 ] Gallery <= 1.4.1 and below remote exploit vulnerability 2004-02-11 Tim Yamin (plasmaroo gentoo org) |
|
Privacy Statement |
Title : Symlink vulnerabilities in mailmgr
Bug finder : Marco van Berkum (m.v.berkum (at) obit (dot) nl [email concealed])
Website : http://ws.obit.nl
URL to mailmgr : http://web.onda.com.br/orso/mailmgr.html
Tested version : Mailmgr-1.2.3
Date
[ more ] [ reply ]