|
|
Colapse all |
Post message
SUSE Security Announcement: hylafax (SuSE-SA:2003:045) 2003-11-10 krahmer suse de (Sebastian Krahmer) [SECURITY] [DSA 399-1] New epic4 packages fix denial of service 2003-11-10 joey infodrom org (Martin Schulze) [SECURITY] [DSA 398-1] New conquest packages fix local conquest exploit 2003-11-10 joey infodrom org (Martin Schulze) [BUGZILLA] Security Advisory - information leak 2003-11-10 David Miller (justdave bugzilla org) Bugzilla Security Advisory November 9, 2003 Summary ======= Bugzilla is a Web-based bug-tracking system, currently used by a large number of software projects. This advisory covers a security bug which was accidently introduced in development version 2.17.5 and subsequently fixed in the Bugzilla [ more ] [ reply ] sql injection in phpbb 2003-11-08 jocanor jocanor (jocanor2002 hotmail com) (2 replies) I found a vulnerability en phpbb 2.0.5 and prior, is probably also affect 2.0.6 this bug don't affect to version 2.0.7 phpbb have a list of registereds users, when you click on a memebr of this list, you are requesting data to the database for example: http://www.example.com/forum/pr [ more ] [ reply ] Directory traversal in The TelCondex SimpleWebserver 2.13.31027 Build 3289. 2003-11-09 "nimber" (nimber mail ru) OpenLinux: Multiple vulnerabilities have reported in Ethereal 0.9.12 2003-11-08 security sco com To: announce (at) lists.caldera (dot) com [email concealed] bugtraq (at) securityfocus (dot) com [email concealed] full-disclosure (at) lists.netsys (dot) com [email concealed] security-alerts (at) linuxsecurity (dot) com [email concealed] -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ________________________________________________________________________ ______ SCO Security Advisory Subject: OpenLinux [ more ] [ reply ] RE: POS#1 Self-Executing HTML: Internet Explorer 5.5 and 6.0 Part III 2003-11-07 Cowperthwaite, Eric (eric cowperthwaite eds com) (2 replies) On a related topic, Does anyone have a method to programatically (perhaps using registry entries) change security settings in Internet Explorer for a specific zone. For example, if I wanted to disable active scripting for the Internet Zone for 1000 end users by pushing a script, reg entry or someth [ more ] [ reply ] Re: POS#1 Self-Executing HTML: Internet Explorer 5.5 and 6.0 Part III 2003-11-09 Thor Larholm (thor pivx com) Re: POS#1 Self-Executing HTML: Internet Explorer 5.5 and 6.0 Part III 2003-11-08 teemu schaabl (teemu lynix net) rpc remote return-into-libc exploit 2003-11-07 Jack Trixter (trixterjack yahoo com) /* * have you recently bought one of those expensive new windows security products * on the market? do you think you now have strong protection? * Look again: * * *rpc!exec* * by ins1der (trixterjack (at) yahoo (dot) com [email concealed]) * * windows remote return into libc exploit! * * remote rpc exploi [ more ] [ reply ] RE: Six Step IE Remote Compromise Cache Attack 2003-11-07 Steven M. Christey (coley mitre org) (1 replies) Paul Schmehl said: > We need a paradigm shift in programming from "allow all but the > known bad" to "disallow all but the known good", don't we? We need a little bit more than that, because our understanding of "what's bad" increases with time, and that frequently reduces the set of "what's good [ more ] [ reply ] Re: Six Step IE Remote Compromise Cache Attack 2003-11-10 Goetz Babin-Ebell (babin-ebell trustcenter de) OpenLinux: ucd-snmp remote heap overflow 2003-11-07 security sco com To: announce (at) lists.caldera (dot) com [email concealed] bugtraq (at) securityfocus (dot) com [email concealed] full-disclosure (at) lists.netsys (dot) com [email concealed] security-alerts (at) linuxsecurity (dot) com [email concealed] ________________________________________________________________________ ______ SCO Security Advisory Subject: OpenLinux: ucd-snmp remote heap overflow Advisory number: [ more ] [ reply ] UnixWare 7.1.3 Open UNIX 8.0.0 UnixWare 7.1.1 : CDE libDtHelp buffer overflow 2003-11-07 security sco com To: announce (at) lists.sco (dot) com [email concealed] bugtraq (at) securityfocus (dot) com [email concealed] full-disclosure (at) lists.netsys (dot) com [email concealed] -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ________________________________________________________________________ ______ SCO Security Advisory Subject: UnixWare 7.1.3 Open UNIX 8.0.0 UnixWare 7.1.1 : [ more ] [ reply ] [CLA-2003:780] Conectiva Security Announcement - ethereal 2003-11-07 Conectiva Updates (secure conectiva com br) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ -- CONECTIVA LINUX SECURITY ANNOUNCEMENT - ------------------------------------------------------------------------ -- PACKAGE : ethereal SUMMARY : Fix for ethereal vulnerabi [ more ] [ reply ] OpenServer 5.0.7 OpenServer 5.0.6 OpenServer 5.0.5 : Perl cross-site scripting vulnerability. 2003-11-07 security sco com To: announce (at) lists.caldera (dot) com [email concealed] bugtraq (at) securityfocus (dot) com [email concealed] full-disclosure (at) lists.netsys (dot) com [email concealed] -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ________________________________________________________________________ ______ SCO Security Advisory Subject: OpenServer 5.0.7 OpenServer 5.0.6 OpenServer [ more ] [ reply ] OpenServer 5.0.7 : OpenSSH: multiple buffer handling problems 2003-11-07 security sco com To: announce (at) lists.caldera (dot) com [email concealed] bugtraq (at) securityfocus (dot) com [email concealed] full-disclosure (at) lists.netsys (dot) com [email concealed] -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ________________________________________________________________________ ______ SCO Security Advisory Subject: OpenServer 5.0.7 : OpenSSH: multiple buffer [ more ] [ reply ] OpenServer 5.0.7 OpenServer 5.0.6 OpenServer 5.0.5 : Various Apache security fixes 2003-11-07 security sco com To: announce (at) lists.caldera (dot) com [email concealed] bugtraq (at) securityfocus (dot) com [email concealed] full-disclosure (at) lists.netsys (dot) com [email concealed] -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ________________________________________________________________________ ______ SCO Security Advisory Subject: OpenServer 5.0.7 OpenServer 5.0.6 OpenServer [ more ] [ reply ] OpenServer 5.0.5 OpenServer 5.0.6 OpenServer 5.0.7: Multiple vulnerabilities affecting several components of gwxlibs 2003-11-07 security sco com To: announce (at) lists.caldera (dot) com [email concealed] bugtraq (at) securityfocus (dot) com [email concealed] full-disclosure (at) lists.netsys (dot) com [email concealed] -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ________________________________________________________________________ ______ SCO Security Advisory Subject: OpenServer 5.0.5 OpenServer 5.0.6 OpenServer [ more ] [ reply ] |
|
Privacy Statement |
Bug is found in this script:
DailyDose v 1.1 (by www.onlinearts.net)
The script (dose.pl) does not check the input:
$data=$ENV{'QUERY_STRING'};
($command,$list,$temp, $id) = split ("&",$data,4);
. . .
local ($template) = "$tempdir/$temp";
open(TEMPL, "$template") || print "no file found $
[ more ] [ reply ]