|
|
Colapse all |
Post message
Immunix Secured OS 7+ fileutils update 2003-11-01 Immunix Security Team (security immunix com) [Lotus and Outlook users: please do not use out-of-office autoreplies. They are extremely annoying. Thanks.] ----------------------------------------------------------------------- Immunix Secured OS Security Advisory Packages updated: fileutils Affected products: Immunix OS 7+ Bugs fixed: CAN-2 [ more ] [ reply ] New Varient Of Irc Worm Spreading 2003-10-31 Craig Holmes (Leusent absolut intellihost ca) Hi All, A new varient of the recent worm that exploits the recent IE exploit has surfaced. This time instead of a link to supposed Britney Spears picture, it links to a supposed Jessica Alba picture. The url has hit "bandwidth exceeded", and this will hopefully stop the spreading. It appears to [ more ] [ reply ] Re: Mimail.C (Denial of Service Attack) 2003-10-31 K-OTiK Security (Special-Alerts k-otik com) In-Reply-To: <20031031151823.26363.qmail (at) sf-www1-symnsj.securityfocus (dot) com [email concealed]> it seems that this worm attempts to launch a Denial of Service Attack by sending a large amount of data to known servers (port 80 / ICMP). The worm verifies that a connection is active by contacting google.com, then the DoS [ more ] [ reply ] Virginity Security Advisory 2003-002 : Tritanium Bulletin Board - Read and write from/to internal (protected) Threads 2003-10-31 Virginity Security (advisory konfiweb de) Console Root On OSX up to 10.2.8 2003-10-31 Jason Storm (jms lasergun org) On all versions of OSX up to and including 10.2.7 and possibly 10.2.8, init can be crashed using a USB keyboard by holding down CTRL-C immediately after boot, and keeping it held down. Init crashes two or three minutes into the boot process and drops you into a root shell. At this point, you can o [ more ] [ reply ] Macos 10.2.8 2003-10-31 Adam Shostack (adam homeport org) > Apple Computer Inc. said in a statement given to MacCentral on > Friday that the company would be fixing security flaws uncovered in > Mac OS X Jaguar by Cambridge, MA-based security research firm @Stake > earlier this week. > http://maccentral.macworld.com/news/2003/10/31/jaguarfix/index.php?re [ more ] [ reply ] DoS in Plug and Play Web Server Proxy Server 2003-10-31 Oliver Karow (Oliver Karow gmx de) DoS in Plug and Play Web Server Proxy Server ============================== Plug & Play server is a HTTP/FTP/NEWS/MAIL/TELNET/DNS/DHCP/HTTP-PROXY server, running on Windows platforms. Version: 1.0002c -------- Vendor: www.pandpsoft.com ------- Vulnerability: -------------- Sending the followi [ more ] [ reply ] VMware GSX Server and ESX Server OpenSSL vulnerability patches 2003-10-31 VMware (vmware-security-alert vmware com) Redirection and refresh parses local file 2003-10-31 Liu Die Yu (liudieyuinchina yahoo com cn) Redirection and refresh parses local file ("that's all" is the end of file if you are in a hurry) [tested] OS:WinXp Microsoft Internet Explorer v6.Sp1; up-to-date on 2003/10/30 [demo] http://www.safecenter.net/UMBRELLAWEBV4/IredirNrefresh/IredirNrefresh-My Page.htm [exp] if an iframe [ more ] [ reply ] Corsaire Security Advisory: BEA WebLogic example InteractiveQuery.jsp XSS issue 2003-10-31 advisories (advisories corsaire com) -- Corsaire Security Advisory -- Title: BEA WebLogic example InteractiveQuery.jsp XSS issue Date: 04.07.03 Application: BEA WebLogic 8.1 and prior Environment: Various Author: Martin O'Neal [martin.oneal (at) corsaire (dot) com [email concealed]] Audience: General distribution Reference: c030704-008 -- Scope -- The aim of [ more ] [ reply ] IRM 008: Citrix Metaframe XP is vulnerable to Cross Site Scripting 2003-10-31 IRM Advisories (advisories irmplc com) ------------------------------------------------------------------------ ---- IRM Security Advisory No. 008 Citrix Metaframe XP is vulnerable to Cross Site Scripting Vulnerablity Type / Importance: XSS / Medium Problem discovered: August 18th 2003 Vendor contacted: August 18th 2003 Advisory publis [ more ] [ reply ] Advisory: Sun's jre/jdk 1.4.2 multiple vulernabilities in linuxinstallers 2003-10-31 Stan Bubrouski (stan ccs neu edu) Author: Stan Bubrouski Date: October 31, 2003 Package(s): j2re/j2sdk OS: Linux (possibly others, see below) Versions: 1.4.2 - 1.4.2_02 Severity: Local users may overwrite any file owned by the user who installs java due to insecure file handling while unpacking/installing java. Problem: There are [ more ] [ reply ] RE: Internet Explorer and Opera local zone restriction bypass 2003-10-30 psz maths usyd edu au (Paul Szabo) Thor Larholm <thor (at) pivx (dot) com [email concealed]> wrote: >> Storing in an unpredictable location might help. >> Obfuscation does not: instead of setting a cookie >> of BadThing, the attacker could set one that will >> become BadThing. The need to reverse-engineer the >> obfuscation, and details like possible character [ more ] [ reply ] Corsaire Security Advisory: BEA Tuxedo Administration CGI multiple argument issues 2003-10-31 advisories (advisories corsaire com) -- Corsaire Security Advisory -- Title: BEA Tuxedo Administration CGI multiple argument issues Date: 04.07.03 Application: BEA Tuxedo 8.1 and prior Environment: Various Author: Martin O'Neal [martin.oneal (at) corsaire (dot) com [email concealed]] Audience: General distribution Reference: c030704-009 -- Scope -- The aim of [ more ] [ reply ] Mimail.C 2003-10-31 Alan (alan tennent y3kgroup com) The irritation has begun :/ A new version of Mimail.C has cropped up. It spoofs the recipients domain and sends the mail as 'james@<spoofed domain>' and has an attachment: pictures.jpg.exe Some clients have reported massive amounts of lag due to its mass mailing and one client's firewall dro [ more ] [ reply ] WU-FTPD 2.6.2 Freezer 2003-10-31 Angelo Rosiello (angelo rosiello katamail com) (1 replies) http://www.rosiello.org Vulnerabilities Section. /* * * http://www.rosiello.org * (c) Rosiello Security * * Copyright Rosiello Security 2003 * All Rights reserved. * * Tested on Red Hat 9.0 * * Author: Angelo Rosiello * Mail : angelo (at) rosiello (dot) org [email concealed] [ more ] [ reply ] RE: Internet Explorer and Opera local zone restriction bypass 2003-10-30 Thor Larholm (thor pivx com) > From: Paul Szabo [mailto:psz (at) maths.usyd.edu (dot) au [email concealed]] > Storing in an unpredictable location might help. > Obfuscation does not: instead of setting a cookie > of BadThing, the attacker could set one that will > become BadThing. The need to reverse-engineer the > obfuscation, and details like possib [ more ] [ reply ] Re: Internet Explorer and Opera local zone restriction bypass 2003-10-30 psz maths usyd edu au (Paul Szabo) William A. Schulze <was (at) macromedia (dot) com [email concealed]> wrote in http://www.securityfocus.com/archive/1/342910 : > ... Flash Player stores cookies in a somewhat predictable location > (assuming the username can be guessed), and some of the contents are > stored as plain text. While this is not in itself a directly [ more ] [ reply ] RE: Internet Explorer and Opera local zone restriction bypass 2003-10-30 Francis Favorini (francis favorini duke edu) william schulze [mailto:was (at) macromedia (dot) com [email concealed]] wrote... > Once an updated Flash Player is available, we will post the > new software and notify both our customers and the BugTraq > community with this information. Will there be a standalone version of this patch that can be deployed silently (unatt [ more ] [ reply ] |
|
Privacy Statement |
*
* m00 security advistory #004
*
* BRS WebWeaver remote DoS vulnerability
*
* www.m00security.org
*
************************************************************/
---------------------------------
Pr
[ more ] [ reply ]