|
|
Colapse all |
Post message
[CLA-2003:774] Conectiva Security Announcement - bugzilla 2003-11-05 Conectiva Updates (secure conectiva com br) POS#1 Self-Executing HTML: Internet Explorer 5.5 and 6.0 Part III 2003-11-05 http-equiv (at) excite (dot) com [email concealed] (1 malware com) Wednesday, November 5, 2003 In our never-ending quest for entertainment, we commece from this date forward to end-2004 our POS series of findings. That is the 'perfect operating system'. Today we debut and regurgitate new and not so new for fun as follows. A warm up for the New Year if you wil [ more ] [ reply ] Multiple SQL Injection Vulnerabilities in Oracle Application Server 9i and RDBMS (#NISR05112003) 2003-11-05 NGSSoftware Insight Security Research (nisr nextgenss com) NGSSoftware Insight Security Research Advisory Name : Multiple Oracle Application Server SQL Injection Vulnerabilities Systems Affected: All OS platforms; Oracle9i Application Server Release 1 and 2 and RDBMS Severity : High Risk Vendor URL : http://www.oracle.com/ Author : David Litchfield (davi [ more ] [ reply ] IE: double slash moves cache from INTERNET zone to MYCOMPUTER zone 2003-11-05 Liu Die Yu (liudieyuinchina yahoo com cn) double slash moves cache from INTERNET zone to MYCOMPUTER zone ("that's all" is the end of file if you are in a hurry) [tested] OS:WinXp Microsoft Internet Explorer v6.Sp1; up-to-date on 2003/10/30 [technical detail] copy an EXE file to your cache directory: [SysDrive]:\Documents and Se [ more ] [ reply ] MSIE clientCaps "isComponentInstalled" and "getComponentVersion" registry information leakage 2003-11-05 Sam Schinke (sschinke myrealbox com) Hello bugtraq, Here is a verbatim copy of an email I sent to secure (at) microsoft (dot) com [email concealed] on September 12th. 7 weeks later I am doubtful that a response is forthcoming. Today I re-tested against the latest version (6.0.2800.1106) of IE, and also wrote an additional page allowing more arbit [ more ] [ reply ] [slackware-security] apache security update (SSA:2003-308-01) 2003-11-05 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] apache security update (SSA:2003-308-01) Apache httpd is a hypertext transfer protocol server, and is used by over two thirds of the Internet's web sites. Upgraded Apache packages are available for Slackware 8.1, 9.0, 9.1, and - [ more ] [ reply ] [ESA-20031105-030] 'apache' buffer overflow in mod_alias and mod_rewrite 2003-11-05 EnGarde Secure Linux (security guardiandigital com) UnixWare 7.1.3 Open UNIX 8.0.0 UnixWare 7.1.1 : CDE libDtHelp buffer overflow 2003-11-04 security sco com To: announce (at) lists.caldera (dot) com [email concealed] bugtraq (at) securityfocus (dot) com [email concealed] full-disclosure (at) lists (dot) n [email concealed] etsys.com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ________________________________________________________________________ ______ SCO Security Advisory Subject: UnixWare 7.1.3 Open UNIX 8.0.0 UnixWare 7.1 [ more ] [ reply ] MDKSA-2003:102 - Updated postgresql packages fix buffer overflow vulnerability 2003-11-04 Mandrake Linux Security Team (security linux-mandrake com) [ESA-20031104-029] 'openssl' ASN.1 parsing denial of service 2003-11-04 EnGarde Secure Linux (security guardiandigital com) Liteserve Buffer Overflow in Handling Server's Log. 2003-11-04 Tri Huynh (trihuynh zeeup com) Liteserve Buffer Overflow in Handling Server's Log. ================================================= PROGRAM: Liteserve HOMEPAGE:http://www.cmfperception.com/liteserve.html VULNERABLE VERSIONS: 2.2 and below DESCRIPTION ================================================= LiteServe is a powerful, [ more ] [ reply ] [OpenSSL Advisory] Denial of Service in ASN.1 parsing 2003-11-04 Mark J Cox (mark openssl org) -----BEGIN PGP SIGNED MESSAGE----- OpenSSL Security Advisory [4 November 2003] Denial of Service in ASN.1 parsing ================================== Previously, OpenSSL 0.9.6k was released on the 30 September 2003 to address various ASN.1 issues. The issues were found using a test suite from NIS [ more ] [ reply ] NIPrint remote exploit 2003-11-04 Crazy Einstein (crazy_einstein yahoo com) ===== .-:-.-:-.-:-.-:-.-:-.-:-.-:-.-:-.-:-.-:-.-:-. .-:-.-:-.-:-.-:-.xCrZx.-:-.-:-.-:-.-:-.-:-. .-:-.-:-.-Black.Sand.Project.-:-.-:-.-:-. .-:-.-:-.-:-.-:-.-:-.-:-.-:-.-:-.-:-.-:-.-:-. __________________________________ Do you Yahoo!? Protect your identity with Yahoo! Mail AddressGuard http://a [ more ] [ reply ] MDKSA-2003:103 - Updated apache packages fix vulnerabilities 2003-11-04 Mandrake Linux Security Team (security linux-mandrake com) Re: Unauthorized access in Web Wiz Forum 2003-11-04 bruce webwizguide info In-Reply-To: <020a01c3a126$9b91aaf0$0bd3bdd5@pigkiller> The following issue has been resolved with release 7.51 of Web Wiz Forums. The updated version, 7.51, that has corrected this vulnerability can be downloaded from:- http://www.webwizforums.com > > >Unauthorized access in Web Wiz Forum [ more ] [ reply ] SRT2003-11-02-0218 - NIPrint LPD-LPR Local Help API SYSTEM exploit 2003-11-04 KF (dotslash snosoft com) [BUGZILLA] Security Advisory - SQL injection, information leak 2003-11-03 David Miller (justdave bugzilla org) Bugzilla Security Advisory November 2, 2003 Summary ======= Bugzilla is a Web-based bug-tracking system, currently used by a large number of software projects. This advisory covers security bugs that have recently been discovered and fixed in the Bugzilla code: two instances of arbitrary SQL inj [ more ] [ reply ] ShoutCast server 1.9.2/win32 2003-11-02 HEX (hex hex_net_ru securityfocus com) Informations : °°°°°°°°°°°° Language : Microsoft Visual C++ v5.0/v6.0 (MFC) Bugged Version : ShoutCast server 1.9.2/win32 (and less ?) Patched version : none Website : http://www.shoutcast.com Problems : DoS if we know the password from the server Objects : °°°°°°° - sc_serv.exe vulnerable variable [ more ] [ reply ] Unauthorized access in Web Wiz Forum 2003-11-02 Alexander Antipov (pk95 yandex ru) Unauthorized access in Web Wiz Forum A vulnerability has found in Web Wiz Forum (6.34, 7.01, 7.5). Remote user (authenticated or not) can read message in private forum. Remote user can post message in private forum. Software does not compare message to forum, when "quote" mode is used. In result, [ more ] [ reply ] multiple payload handling flaws in isakmpd 2003-11-02 Thomas Walpuski (thomas thinknerd de) 1 Abstract isakmpd's, OpenBSD's IKE daemon's, payload handling, especially the handling of delete payloads, contains numerous more or less severe flaws, which allow for unauthorized deletion of IKE and IPsec SAs. 2 Description 2.1 isakmpd does not require encryption for messages in [ more ] [ reply ] [RHSA-2003:309-01] Updated fileutils/coreutils package fix ls vulnerabilities 2003-11-03 bugzilla redhat com Internet Explorer Vulnerability: Content-Location works with both triple and double slash 2003-11-01 Mindwarper * (mindwarper linuxmail org) After I reported the Content-Location Vulnerability (http://www.securityfocus.com/archive/1/342317), Thor Larholm explained that the html execution was not caused by the Content-Location header, but instead by the triple slash (file:///). I have tested it with double slash and I even tested the t [ more ] [ reply ] Re: WU-FTPD 2.6.2 Freezer 2003-11-01 Rossen Petrov (rpetrov gmx net) let's not forget to give credit where credit is due. the bug was discovered by Georgi Guninski and is documented in his 10/22/03 advisory at http://www.guninski.com/binls.html Rossen At 07:55 31.10.2003 you wrote: >http://www.rosiello.org > >Vulnerabilities Section. > > > > > >/* > >* > >* [ more ] [ reply ] |
|
Privacy Statement |
Hash: SHA1
- ------------------------------------------------------------------------
--
CONECTIVA LINUX SECURITY ANNOUNCEMENT
- ------------------------------------------------------------------------
--
PACKAGE : bugzilla
SUMMARY : Fix for several vulnerabil
[ more ] [ reply ]