|
|
Prev week |
Colapse all |
Post message
[CLA-2004:800] Conectiva Security Announcement - lftp 2004-01-06 Conectiva Updates (secure conectiva com br) Multiple Vulnerabilities in Phorum 3.4.5 2004-01-05 Calum Power (enune fribble net) Phorum 3.4.5 Vulnerabilities ----------------------------- Credit: Author: : Calum Power Version(s) : <= 3.4.5 Vendor : Phorum Vendor URL : http://phorum.org Vendor Contacted: Yes Vendor Fix: Phorum has released Phorum v3.4.6 as a response to this advisory. Please patch your vulnerable [ more ] [ reply ] [SECURITY] [DSA 412-1] New nd packages fix buffer overflows 2004-01-06 Matt Zimmerman (mdz debian org) [SECURITY] [DSA 411-1] New mpg321 packages fix format string vulnerability 2004-01-06 Matt Zimmerman (mdz debian org) Immunix Secured OS 7.3 kernel update 2004-01-06 Immunix Security Team (security immunix com) ----------------------------------------------------------------------- Immunix Secured OS Security Advisory Packages updated: kernel Affected products: Immunix 7.3 Bugs fixed: CAN-2003-0985 Date: Mon Jan 5 2004 Advisory ID: IMNX-2004-73-001-01 Author: Seth Arnold <sarnold (at) immunix (dot) com [email concealed]> ---- [ more ] [ reply ] [SECURITY] [DSA 409-1] New bind packages fix denial of service 2004-01-06 Matt Zimmerman (mdz debian org) Linux kernel do_mremap() proof-of-concept exploit code 2004-01-05 Christophe Devine (devine iie cnam fr) The following program can be used to test if a x86 Linux system is vulnerable to the do_mremap() exploit; use at your own risk. $ cat mremap_poc.c /* * Proof-of-concept exploit code for do_mremap() * * Copyright (C) 2004 Christophe Devine and Julien Tinnes * * This program is free softwar [ more ] [ reply ] vBulletin Forum 2.3.xx calendar.php SQL Injection 2004-01-05 Qianwei Hu (a1476854 hotmail com) vBulletin Forum 2.3.xx calendar.php SQL Injection ======================================================== Website: www.safechina.net Discovered by: mslug (a1476854 (at) hotmail (dot) com [email concealed]) Description: ============= There exist a sql injection problem in calendar.php. Notice the eventid field. -------- Cut [ more ] [ reply ] SUSE Security Announcement: Linux Kernel (SuSE-SA:2004:001) 2004-01-05 thomas suse de (Thomas Biege) [SECURITY] [DSA 408-1] New screen packages fix group utmp exploit 2004-01-05 joey infodrom org (Martin Schulze) [ESA-20040105-001] 'kernel' bug and security fixes. 2004-01-05 EnGarde Secure Linux (security guardiandigital com) [SECURITY] [DSA 407-1] New ethereal packages fix several vulnerabilities 2004-01-05 joey infodrom org (Martin Schulze) [CLA-2004:799] Conectiva Security Announcement - kernel 2004-01-05 Conectiva Updates (secure conectiva com br) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ -- CONECTIVA LINUX SECURITY ANNOUNCEMENT - ------------------------------------------------------------------------ -- PACKAGE : kernel SUMMARY : Fix for two vulnerabilities [ more ] [ reply ] Announcing adore-ng 0.31 2004-01-04 Stealth (stealth team-teso net) hi, At http://stealth.7350.org/rootkits/adore-ng-0.31.tgz you can find the latest Adore-ng. Since the new version supports various new features as previously braindumped in Phrack #61 (evil-log-tagging, LKM infection, reboot residency) I announce this version. If you never used adore before, her [ more ] [ reply ] Re: Linux kernel mremap vulnerability 2004-01-05 Paul Starzetz (ihaquer isec pl) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, due to monday related problems there is a small error in my posting. The correct URL is: http://isec.pl/vulnerabilities/isec-0013-mremap.txt - -- Paul Starzetz iSEC Security Research http://isec.pl/ -----BEGIN PGP SIGNATURE----- Version: GnuPG [ more ] [ reply ] [SECURITY] [DSA 406-1] New lftp packages fix arbitrary code execution 2004-01-05 joey infodrom org (Martin Schulze) HotNews arbitary file inclusion 2004-01-04 Dariusz 'Officerrr' Kolasinski (officerrr poligon com pl) HotNews arbitary file inclusion. ===+++===+++===+++ Product: HotNews Version: <= v0.7.2 Vendor: http://sourceforge.net/projects/hotnews/ Bug discovered by: Officerrr <officerrr (at) poligon.com (dot) pl [email concealed]> Vendor Response: Not contacted yet. ===+++===+++===+++ Problem #1: ===+++===+++===+++ Attacker can inclu [ more ] [ reply ] newsPHP v216 patch 2004-01-04 Dariusz 'Officerrr' Kolasinski (officerrr poligon com pl) This small patch will fix the 'newsPHP arbitary file inclusion & bad login validation' bug published on 1st sepember 2003. ===+++===+++===+++ Product: newsPHP Version: <= v216 Vendor: http://www.nphp.net Bug discover by: Officerrr <officerrr (at) poligon.com (dot) pl [email concealed]> Vendor Response: no patch released since [ more ] [ reply ] [SCSA-025] Invision Power Board SQL Injection Vulnerability 2004-01-03 advisory security-corporation com ====================================================================== Security Corporation Security Advisory [SCSA-025] Invision Power Board SQL Injection Vulnerability ====================================================================== PROGRAM: Invision Power Board HOMEPAGE: http://www.invis [ more ] [ reply ] xsok local games exploit (2) 2004-01-03 c0wboy@0x333 (c0wboy tiscali it) [c0wboy@0x333 c0wboy]$ gcc "0x333xsok(2).c" -o exp_2 [c0wboy@0x333 c0wboy]$ ./exp_2 --- 0x333xsok => xsok 1.02 local games exploit --- --- Outsiders Se(c)urity Labs 2003 --- sh-2.05b$ id uid=500(c0wboy) gid=20(games) groups=500(c0wboy) sh-2.05b$ exit exit [c0wboy@0x333 c0wboy]$ sorry but too alcool [ more ] [ reply ] Webcam Watchdog Stack Overflow Vulnerability 2004-01-03 Peter Winter-Smith (peter4020 hotmail com) Webcam Watchdog Stack Overflow Vulnerability ############################################ Credit: Author : Peter Winter-Smith Software: Packages : Webcam Watchdog Version : 3.63 and below Vendor : Webcam Corp. Vendor Url : http://www.webcamsoft.com/en/watchdog.html Vulnerability: Bu [ more ] [ reply ] RE: Self-Executing HTML: Internet Explorer 5.5 and 6.0 Part IV 2004-01-02 tlarholm pivx com Naturally, this only works from a local security zone such as the My Computer zone. You cannot exploit the Shell.Application object from the Internet Zone where you get an explanatory "Permission Denied" error. This eases the process of abusing local security zone privileges but does not change the [ more ] [ reply ] include() vuln in EasyDynamicPages v.2.0 2004-01-02 Vietnamese Security Group (security security com vn) Microsoft Word Protection Bypass 2004-01-02 Thorsten Delbrouck-Konetzko (Thorsten Delbrouck guardeonic com) Hi all, Microsoft Word provides an option to protect "forms" by password. This is used to ensure that unauthorized users cannot manipulate the contents of documents except within specially designed "form" areas. This feature is also often used to protect documents which do not even have form are [ more ] [ reply ] |
|
Privacy Statement |
Hash: SHA1
- ------------------------------------------------------------------------
--
CONECTIVA LINUX SECURITY ANNOUNCEMENT
- ------------------------------------------------------------------------
--
PACKAGE : lftp
SUMMARY : Buffer overflow vulnerability
[ more ] [ reply ]