|
|
Colapse all |
Post message
[SECURITY] [DSA 429-1] New gnupg packages fix cryptographic weakness in ElGamal signing keys 2004-01-27 Matt Zimmerman (mdz debian org) [slackware-security] GAIM security update (SSA:2004-026-01) 2004-01-27 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] GAIM security update (SSA:2004-026-01) GAIM is a GTK2-based Instant Messaging (IM) client. New GAIM packages are available for Slackware 9.0, 9.1, and -current. 12 vulnerabilities were found in the instant messenger GAIM that al [ more ] [ reply ] MDKSA-2004:007 - Updated mc packages fix buffer overflow vulnerability 2004-01-27 Mandrake Linux Security Team (security linux-mandrake com) MDKSA-2004:006 - Updated gaim packages fix multiple vulnerabilities 2004-01-27 Mandrake Linux Security Team (security linux-mandrake com) New MiMail variant is DDoS'ing SCO.com 2004-01-27 tlarholm pivx com MiMail.R, also known as W32/Mydoom@MM (McAfee), Novarg (F-Secure), W32.Novarg.A@mm (Symantec), Win32.Mydoom.A (CA) and Win32/Shimg (CA), is a polymorphic variant that collects/spams/forges email addresses using its own SMTP engine, installs a backdoor (most likely for use by spammers) and engages in [ more ] [ reply ] RE: Finjan SurfinGate Vulnerability 2004-01-26 Menashe Eliezer (menashe finjan com) Finjan Response to David Byrne's "Finjan SurfinGate Vulnerability" Dated January 23, 2004 David Byrne contacted Finjan Software a year ago, and based on his comments we issued a detailed alert to our customers. We explained that the control port is NOT used to change security policies within our s [ more ] [ reply ] [HUC] Serv-U FTPD 3.x/4.x "SITE CHMOD" Command remote exploit V1.0 2004-01-26 lion (lion cnhonker net) /* *----------------------------------------------------------------------- * * Servu.c - Serv-U FTPD 3.x/4.x "SITE CHMOD" Command * Remote stack buffer overflow exploit * * Copyright (C) 2004 HUC All Rights Reserved. * * Author : lion * : lion (at) cnhonker (dot) net [email concealed] * : http:// [ more ] [ reply ] ProxyNow! 2.x Multiple Overflow Vulnerabilities 2004-01-26 Peter Winter-Smith (peter4020 hotmail com) Re: Windows XP Explorer Executes Arbitrary Code in Folders 2004-01-26 Stuart Moore (smoore bugtraq securityglobal net) Thor, >Why don't we call a spade a spade? You are rather humorous! But I can be humorous, too: why don't we call a folder a folder? Seriously, though, the interesting part is indeed not the self execution and not the HTML in Local zone. The more interesting part is the HTML file as folder. C [ more ] [ reply ] RE: Self-Executing FOLDERS: Windows XP Explorer Part V 2004-01-26 Thor Larholm (thor pivx com) (1 replies) Why don't we call a spade a spade? You renamed an HTML file from "My Pics.html" to "My Pics.Folder", it's still an HTML file and not a folder. In fact, except for the changed file extension this is simply just a repeat of your previous post, "Self-Executing HTML: Internet Explorer 5.5 and 6.0 Part [ more ] [ reply ] Re: QuadComm Q-Shop ASP Shopping Cart Software multiple security vulnerabilities 2004-01-26 S-Quadra Security Research (research s-quadra com) Self-Executing FOLDERS: Windows XP Explorer Part V 2004-01-25 http-equiv (at) excite (dot) com [email concealed] (1 malware com) (1 replies) Sunday, January 25, 2004 The following file is a 'folder' comprising both scripting and an executable [*.exe]. We inject scripting and an executable into the 'folder' which is designed to point back to the executable in the 'folder' and execute it. Provided the 'folder' is an html file, Wi [ more ] [ reply ] Re: Self-Executing FOLDERS: Windows XP Explorer Part V 2004-01-26 mightye[removethis] mightye[removethis]@mightye.org ("mightye[removethis]" mightye org) Serv-U ftp 4.2 site chmod long_file_name exploit 2004-01-26 Qianwei Hu (a1476854 hotmail com) /* * serv-u 4.2 site chmod long_file_name stack overflow exp * vul discovered by kkqq (at) 0x557 (dot) org [email concealed] * exp coded by mslug (at) safechina (dot) net [email concealed] * Jan 25 2004 */ /* test with serv-U 4.1.0.7, 4.1.0.11 on win2k sp4 en machine*/ #include <winsock2.h> #include <stdio.h> #define CHMOD_CMD "SITE CHMOD 0666 " #define [ more ] [ reply ] Re: vulnerabilities of postscript printers 2004-01-24 Bob Beck (beck bofh cns ualberta ca) (1 replies) >>> My god, people attach printers to networks! Postscript is Turing Complete! >> Blah blah - you can't open files... > Sure you can, RTFM... Who cares? if it's a network attached printer there's some sort of IP stack in there speaking lpr, and some semblance of an operating system. It's a com [ more ] [ reply ] RE: Major hack attack on the U.S. Senate 2004-01-24 bugtraq anastrophe com At 01:45 PM 1/23/2004, B. Kinney wrote: >I don't disagree with your opinion on the article - it was meant to be >shock journalism. It's the only way they can get us to read anything >about our political system. > >I still am of the nature that you don't go places you don't belong. If >you need a m [ more ] [ reply ] Inrtra Forum Cross Site Scripting Vulnerabillity 2004-01-24 Rafel Ivgi, The-Insider (theinsider 012 net il) BWS v1.0b3 Directory Transversal Vulnerability 2004-01-24 Rafel Ivgi, The-Insider (theinsider 012 net il) Resources consumption in Reptile webserver daily version 2004-01-24 Donato Ferrante (fdonato autistici org) |
|
Privacy Statement |
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 429-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Matt Zimmerman
January 26th, 2004
[ more ] [ reply ]