|
|
Colapse all |
Post message
SRT2004-01-17-0425 - Ultr@VNC local SYSTEM access. 2004-01-17 KF (dotslash snosoft com) (1 replies) Yeah I know this one is short... theres a couple more on the way with more in depth details. -KF [ more ] [ reply ] Happy belated Personal Firewall day - SRT2004-01-17-0628 - Agnitum Optpost firewall allows Local SYSTEM access 2004-01-17 KF (dotslash snosoft com) HP printers and currency anti-copying measures 2004-01-17 Richard M. Smith (rms computerbytesman com) Hi, Last week, the Associated Press reported that Adobe has incorporated anti-copying technology in their Photoshop CS software which prevents users from opening image files of U.S. and European currency. Here's the article: Adobe admits to currency blocker http://tinyurl.com/2xnno (http: [ more ] [ reply ] [SECURITY] [DSA 424-1] New mc packages fix buffer overflow 2004-01-16 Matt Zimmerman (mdz debian org) [OpenCA Advisory] Vulnerability in signature verification 2004-01-16 Michael Bell (michael bell cms hu-berlin de) OpenCA Security Advisory [16 January 2004] Vulnerability in signature validation ===================================== A flaw in OpenCA before version 0.9.1.7 could cause OpenCA to accept a signature from a certificate if the certificate's chain is trusted by the chain directory of OpenCA. This me [ more ] [ reply ] The Bat! 2.01 memory corruption 2004-01-16 3APA3A (3APA3A SECURITY NNOV RU) Dear bugtraq, AGK (agk at sandy.ru) discovered The Bat! 2.01 to throw exception on few messages. It looks like The Bat! 2.01 in standard configuration (with build-in PGP support) has a bug with processing PGP signed messages (protocol="application/pgp-signature") with multiple recur [ more ] [ reply ] Re: Security bug in Xerox Document Centre 2004-01-16 K.Schleede (USA DSSC Doc Feedback xerox com) In-Reply-To: <20031220000206.17997.qmail (at) sf-www1-symnsj.securityfocus (dot) com [email concealed]> Thank you, Mr. Gutierrez and Mr. Pierce, for finding and pointing out the HTTP web page security vulnerability. (Originally posted, 19 December 2003.) The Office Group, worldwide has developed action plans that seem to be [ more ] [ reply ] [OpenPKG-SA-2004.002] OpenPKG Security Advisory (tcpdump) 2004-01-16 OpenPKG (openpkg openpkg org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ________________________________________________________________________ OpenPKG Security Advisory The OpenPKG Project http://www.openpkg.org/security.html http://www.openpkg.org openpkg-security (at) openpkg (dot) org [email concealed] [ more ] [ reply ] OpenSSL ASN.1 parsing bugs PoC / brute forcer 2004-01-15 Bram Matthys (Syzop) (syzop vulnscan org) Hi, exactly a week ago Mark Lachniet asked on the list(s) for PoC code for the OpenSSL ASN.1 parsing bugs ( http://www.openssl.org/news/secadv_20030930.txt ). I replied and gave details on how I made my brute forcer for that but didn't provide a PoC due to ugly code (and actually.. other reasons to [ more ] [ reply ] [SECURITY] [DSA 421-1] New mod-auth-shadow packages fix password expiration checking 2004-01-12 Matt Zimmerman (mdz debian org) Re: SRT2004-01-9-1022 - Symantec LiveUpdate allows local users to become SYSTEM 2004-01-12 Sym Security (symsecurity symantec com) Snort-inline 2004-01-13 Federico Petronio (fpetronio petrus agro uba ar) I have snort-inline 2.0.1 installed. I change the rule 2077 acction to drop. Then I try to access, using Mozilla 1.5 and IE6.0, the URL: http://server_name/admin/fileman/upload.php?dir= the snort-inline log start showing lines like this: [**] [1:2077:2] WEB-PHP Mambo upload.php access [**] [Class [ more ] [ reply ] unauthorized deletion of IPsec (and ISAKMP) SAs in racoon 2004-01-13 Thomas Walpuski (thomas thinknerd org) (1 replies) 0 Preface Now that most bugs in isakmpd that allowed for unauthorized SA deletion are "fixed", it's time to release some information on racoon. By the way: About 5 months ago I tried to contact the KAME developers. 1 Description racoon, KAME's IKE daemon, contains some flaws, that allow [ more ] [ reply ] Re: unauthorized deletion of IPsec (and ISAKMP) SAs in racoon 2004-01-14 itojun kame net (1 replies) MDKSA-2004:002 - Updated ethereal packages fix vulnerabilities 2004-01-13 Mandrake Linux Security Team (security linux-mandrake com) SmoothWall Project Security Advisory SWP-2004:001 2004-01-12 William Anderson (neuro smoothwall org) KDE Security Advisory: VCF file information reader vulnerability 2004-01-14 Dirk Mueller (mueller kde org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 KDE Security Advisory: VCF file information reader vulnerability Original Release Date: 2004-01-14 URL: http://www.kde.org/info/security/advisory-20040114-1.txt 0. References 1. Systems affected: All versions of kdepim as distributed with [ more ] [ reply ] FishCart Integer Overflow / Rounding Error 2004-01-14 Michael Brennen (mbrennen fni com) FishCart(R) is a popular full-featured multi-language open source e-commerce system. It is written in PHP4 and works with a variety of database engines. It has been in production for 6 years and is in active use in a number of countries. FishCart has developers in the US and western Europe. On [ more ] [ reply ] an article on the Israeli Post Office break-in 2004-01-14 Gadi Evron (ge linuxbox org) Couldn't find any article in English, so I summarised all the facts and wrote my own. www.math.org.il/post-office.rtf IMPORTANT note: this is an RTF file, if you do not trust me (which should be obvious) or have a secure machine.. maybe it's not such a good idea opening it. I'm too lazy to mak [ more ] [ reply ] [RHSA-2004:007-01] Updated tcpdump packages fix various vulnerabilities 2004-01-14 bugzilla redhat com Multiple vulnerabilities in WWW Fileshare Pro <= 2.42 2004-01-14 Luigi Auriemma (aluigi altervista org) SUSE Security Announcement: tcpdump (SuSE-SA:2004:002) 2004-01-14 krahmer suse de (Sebastian Krahmer) |
|
Privacy Statement |
Mambo Open Source v4.6 (CVS)
Vendor: Miro International Pty Ltd.
Author: FraMe ( frame at kernelpanik.org )
URL: http://www.kernelpanik.org
CONTENTS
1. Overview
2. Description.
3. Details
4. Patches.
1. Overview.
Mambo Open Source is an, open source,
[ more ] [ reply ]