|
|
Prev week |
Colapse all |
Post message
Re: Security bug in Xerox Document Centre 2004-01-16 K.Schleede (USA DSSC Doc Feedback xerox com) In-Reply-To: <20031220000206.17997.qmail (at) sf-www1-symnsj.securityfocus (dot) com [email concealed]> Thank you, Mr. Gutierrez and Mr. Pierce, for finding and pointing out the HTTP web page security vulnerability. (Originally posted, 19 December 2003.) The Office Group, worldwide has developed action plans that seem to be [ more ] [ reply ] [OpenPKG-SA-2004.002] OpenPKG Security Advisory (tcpdump) 2004-01-16 OpenPKG (openpkg openpkg org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ________________________________________________________________________ OpenPKG Security Advisory The OpenPKG Project http://www.openpkg.org/security.html http://www.openpkg.org openpkg-security (at) openpkg (dot) org [email concealed] [ more ] [ reply ] OpenSSL ASN.1 parsing bugs PoC / brute forcer 2004-01-15 Bram Matthys (Syzop) (syzop vulnscan org) Hi, exactly a week ago Mark Lachniet asked on the list(s) for PoC code for the OpenSSL ASN.1 parsing bugs ( http://www.openssl.org/news/secadv_20030930.txt ). I replied and gave details on how I made my brute forcer for that but didn't provide a PoC due to ugly code (and actually.. other reasons to [ more ] [ reply ] [SECURITY] [DSA 421-1] New mod-auth-shadow packages fix password expiration checking 2004-01-12 Matt Zimmerman (mdz debian org) Re: SRT2004-01-9-1022 - Symantec LiveUpdate allows local users to become SYSTEM 2004-01-12 Sym Security (symsecurity symantec com) Snort-inline 2004-01-13 Federico Petronio (fpetronio petrus agro uba ar) I have snort-inline 2.0.1 installed. I change the rule 2077 acction to drop. Then I try to access, using Mozilla 1.5 and IE6.0, the URL: http://server_name/admin/fileman/upload.php?dir= the snort-inline log start showing lines like this: [**] [1:2077:2] WEB-PHP Mambo upload.php access [**] [Class [ more ] [ reply ] unauthorized deletion of IPsec (and ISAKMP) SAs in racoon 2004-01-13 Thomas Walpuski (thomas thinknerd org) 0 Preface Now that most bugs in isakmpd that allowed for unauthorized SA deletion are "fixed", it's time to release some information on racoon. By the way: About 5 months ago I tried to contact the KAME developers. 1 Description racoon, KAME's IKE daemon, contains some flaws, that allow [ more ] [ reply ] Re: Abuse report email for CitiBank/CitiCards? 2004-01-12 Nicholas Weaver (nweaver CS berkeley edu) On Sat, Jan 10, 2004 at 03:36:28PM -0500, winstrel composed: > Anyone know valid email addresses for reporting potential abuse or fraud at > to CitiBank.com/CitiCards.com? > > I'd like to forward some fraud emails (e.g. "Please go to this link and > enter your card number and PIN that you use for A [ more ] [ reply ] MDKSA-2004:002 - Updated ethereal packages fix vulnerabilities 2004-01-13 Mandrake Linux Security Team (security linux-mandrake com) SmoothWall Project Security Advisory SWP-2004:001 2004-01-12 William Anderson (neuro smoothwall org) KDE Security Advisory: VCF file information reader vulnerability 2004-01-14 Dirk Mueller (mueller kde org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 KDE Security Advisory: VCF file information reader vulnerability Original Release Date: 2004-01-14 URL: http://www.kde.org/info/security/advisory-20040114-1.txt 0. References 1. Systems affected: All versions of kdepim as distributed with [ more ] [ reply ] FishCart Integer Overflow / Rounding Error 2004-01-14 Michael Brennen (mbrennen fni com) FishCart(R) is a popular full-featured multi-language open source e-commerce system. It is written in PHP4 and works with a variety of database engines. It has been in production for 6 years and is in active use in a number of countries. FishCart has developers in the US and western Europe. On [ more ] [ reply ] Re: unauthorized deletion of IPsec (and ISAKMP) SAs in racoon 2004-01-14 itojun kame net > 0 Preface > > Now that most bugs in isakmpd that allowed for unauthorized SA > deletion are "fixed", it's time to release some information on racoon. > > By the way: About 5 months ago I tried to contact the KAME developers. sorry that we did not take necessary actions that time. the at [ more ] [ reply ] an article on the Israeli Post Office break-in 2004-01-14 Gadi Evron (ge linuxbox org) Couldn't find any article in English, so I summarised all the facts and wrote my own. www.math.org.il/post-office.rtf IMPORTANT note: this is an RTF file, if you do not trust me (which should be obvious) or have a secure machine.. maybe it's not such a good idea opening it. I'm too lazy to mak [ more ] [ reply ] [RHSA-2004:007-01] Updated tcpdump packages fix various vulnerabilities 2004-01-14 bugzilla redhat com Multiple vulnerabilities in WWW Fileshare Pro <= 2.42 2004-01-14 Luigi Auriemma (aluigi altervista org) Re: FW: Abuse report email for CitiBank/CitiCards? 2004-01-12 Jim Gonzalez (gonzj dslinmaryland com) I just received this a few hours ago not sure if it is legit. Here is the header info if someone would like to invesigate. Seems like the like is down already. Jim Gonzalez Return-Path: <Royce_Witte (at) aol (dot) com [email concealed]> Received: from charter.com (gateway-system.cpe.leeds.al.charter.com [68.117.191.116]) by [ more ] [ reply ] SUSE Security Announcement: tcpdump (SuSE-SA:2004:002) 2004-01-14 krahmer suse de (Sebastian Krahmer) Network Associates Product Security Contact 2004-01-14 Matt Moore (matt moore pentest co uk) Hello list, I wondered if anyone knew of a product security contact within Network Associates, in particular for their McAfee line of products? Up to this point I've tried: security-alert (at) nai (dot) com [email concealed] (as described in bugtraq post from 2002) Jim_Magdych (at) nai (dot) com [email concealed] (sender of above post) sec_labs (at) nai (dot) com [email concealed] [ more ] [ reply ] RE: Abuse report email for CitiBank/CitiCards? 2004-01-13 Lance James (lance james bakbone com) www.securityfocus.com/infocus/1745 for a better and clear experience with Citibank folks and their responses. -----Original Message----- From: Nicholas Weaver [mailto:nweaver (at) CS.berkeley (dot) edu [email concealed]] Sent: Monday, January 12, 2004 11:07 AM To: winstrel Cc: bugtraq (at) securityfocus (dot) com [email concealed] Subject: Re: Abuse r [ more ] [ reply ] Re: FW: Abuse report email for CitiBank/CitiCards? 2004-01-12 Nicholas Weaver (nweaver CS berkeley edu) On Mon, Jan 12, 2004 at 01:52:01PM -0500, Sullivan, Barbra A composed: > All, > > To report such issues for Citibank or Citicards, please refer to the about email fraud link on www.citibank.com or www.citi.com. > Having used those links in the past and gotten a black hole (no ack, and no way to r [ more ] [ reply ] nCipher Advisory #8: payShield library may verify bad requests 2004-01-14 nCipher Support (technotifications us ncipher com) [RHSA-2004:006-01] Updated kdepim packages resolve security vulnerability 2004-01-14 bugzilla redhat com How to track a Phisher... Re: FW: Abuse report email for CitiBank/CitiCards? 2004-01-12 Nicholas Weaver (nweaver CS berkeley edu) On Mon, Jan 12, 2004 at 04:41:40PM -0500, Jim Gonzalez composed: > I just received this a few hours ago not sure if it is legit. Here is the > header info if someone would like to invesigate. Seems like the like is down > already. Tracking down a Phishing scheme takes a little work. First, you nee [ more ] [ reply ] symlink vul for Antivir / Linux Version 2.0.9-9 (maybe lower) 2004-01-13 Rene (l0om excluded org) discovered and written: l0om <l0om (at) excluded (dot) org [email concealed]> date: 13.01.2004 risk: medium page: www.excluded.org symlink vul for Antivir / Linux Version 2.0.9-9 (maybe lower) antivir gets started on bootup and creats a tmp file (/tmp/.pid_antivir_$$ - where $$ is the process id). [ more ] [ reply ] PhpDig 1.6.x: remote command execution 2004-01-14 FraMe (frame hispalab com) Product: PhpDig 1.6.x Vendor: phpdig.net Author: FraMe ( frame at kernelpanik.org ) URL: http://www.kernelpanik.org CONTENTS 1. Overview 2. Description. 3. Details 4. Patches. 1. Overview. PhpDig is a http spider/search engine written in Php with a MySql database in backend. PhpDig builds a glos [ more ] [ reply ] SRT2004-01-9-1022 - Symantec LiveUpdate allows local users to become SYSTEM 2004-01-12 KF (dotslash snosoft com) |
|
Privacy Statement |
AGK (agk at sandy.ru) discovered The Bat! 2.01 to throw exception on few
messages. It looks like The Bat! 2.01 in standard configuration (with
build-in PGP support) has a bug with processing PGP signed messages
(protocol="application/pgp-signature") with multiple recur
[ more ] [ reply ]