-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
CONECTIVA LINUX SECURITY ANNOUNCEMENT
- ------------------------------------------------------------------------
--

PACKAGE : net-snmp
SUMMARY : Fix for the net-snmp packa

[ more ]  [ reply ]

Critical: Less critical

Impact: Cross Site Scripting

Where: From remote

Software: OpenAutoClassifieds 1.x

Vendor: http://jonroig.com/freecode/openautoclassifieds/

Description:

A vulnerability has been identified in

OpenAutoClassifieds, which can be exploited by malicio

[ more ]  [ reply ]

Full details on this issue are available on our website. There will be
no forced pdf files, and we have removed the java applet that so many of
you complained about. Registration is still necessary for indepth detail
on this issue. I have also attempted to stop the cross posting to the
mailing l

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 397-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Martin Schulze
November 7th, 2003

[ more ]  [ reply ]

PowerPortal v1.1b Cross-Site Scripting Vulnerability

Critical: Less critical

Impact: Cross Site Scripting

Where: From remote

Software: PowerPortal v1.1b

Description:

Cross-Site Scripting attack in this CMS can be exploited by

malicious users.

The vulnerabilities are cau

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
CONECTIVA LINUX SECURITY ANNOUNCEMENT
- ------------------------------------------------------------------------
--

PACKAGE : cups
SUMMARY : Denial of service vulnerabilit

[ more ]  [ reply ]

Hi,

we just release a Vulnerability scanner for the PSK Attack we've described
in april in our paper 'PSK Cracking using IKE Aggressive Mode'.
The scanner is freely available from our website:
www.ernw.de/download/ikeprobe.zip

The paper itself is available from our website too. Take a look at
w

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
CONECTIVA LINUX SECURITY ANNOUNCEMENT
- ------------------------------------------------------------------------
--

PACKAGE : thttpd
SUMMARY : Fixes for several vulnerabil

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

The Center for High Performance Computing at UNM / Dopesquad
Security Advisory

Wed Nov 5 13:10:35 MST 2003

Discovery made by: James E. Prewett (download (at) hpc.unm (dot) edu [email concealed])
Product: Ganglia
Versions: 2.5.3 tested

There is an error

[ more ]  [ reply ]

http://badWebMasters.net

ben moeckel security research

-------------------------------------------------

badWebMasters security advisory #017

Cross Site Scripting @ PHP-Kit

Discovery date: 2003-09

Original advisory:

http://badwebmasters.net/advisory/017/ (text/html)

Leg

[ more ]  [ reply ]

I can confirm the below on a brand spanking new, 3 week old, top-of-
the-line machine with Windows XP Home edition, customised, with every
conceivable patch, security pack, gadget enabled updating twaddle it
comes with and installed to date.

I demand a refund from the vendor ! This is a disgrac

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandrake Linux Security Update Advisory
_______________________________________________________________________

Package name: cups
Advisory ID:

[ more ]  [ reply ]

Thor Larholm said:

>This post raises an interesting question. Is our goal to find new
>vulnerabilities and attack vectors to help secure users and critical
>infrastructures, or is our goal to ease exploitation of existing
>vulnerabilities?
>
>There are no new vulnerabilities or techniques highligh

[ more ]  [ reply ]

> -----Original Message-----
> From: Benjamin Franz [mailto:snowhare (at) nihongo (dot) org [email concealed]]
> Sent: Wednesday, November 05, 2003 2:50 PM
> To: Thor Larholm
> Cc: Liu Die Yu; bugtraq (at) securityfocus (dot) com [email concealed]
> Subject: RE: Six Step IE Remote Compromise Cache Attack
>
>
> On Wed, 5 Nov 2003, Thor Larholm wrote:
>

[ more ]  [ reply ]

Thor Larholm <thor (at) pivx (dot) com [email concealed]> wrote:

> Is our goal to find new vulnerabilities and attack vectors to help secure
> users and critical infrastructures, or is our goal to ease exploitation
> of existing vulnerabilities?

The former is part of our goal, the latter is certainly not.

We actively look fo

[ more ]  [ reply ]

> From: white colin john [mailto:cjwhite1 (at) ehlnx13.ews.uiuc (dot) edu [email concealed]]
> If there's no proof-of-concept that shows current
> bugs can be combined into an exploit, is there
> any pressure on microsoft to patch the bugs?

There has already been several proof-of-concepts for each and every
vulnerability th

[ more ]  [ reply ]

This post raises an interesting question. Is our goal to find new
vulnerabilities and attack vectors to help secure users and critical
infrastructures, or is our goal to ease exploitation of existing
vulnerabilities?

There are no new vulnerabilities or techniques highlighted in this
attack (which i

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
CONECTIVA LINUX SECURITY ANNOUNCEMENT
- ------------------------------------------------------------------------
--

PACKAGE : apache
SUMMARY : Fix for some vulnerabilities

[ more ]  [ reply ]

I can only reproduce this from the My Computer zone, which already
allows arbitrary command execution through the codeBase vulnerability -
I don't see anything new in this, but feel free to correct me.

Regards
Thor Larholm
Senior Security Researcher
PivX Solutions, LLC

Get our research, join our

[ more ]  [ reply ]