|
|
Colapse all |
Post message
SGI Advanced Linux Environment security update #2 2003-10-27 SGI Security Coordinator (agent99 sgi com) Re: CensorNet: Cross Site Scripting Vulnerability 2003-10-27 Dan Searle (dan searle adelix com) Hi People, I'm Dan the main developer for CensorNet. I don't consider this issue to be a vulnerability of any kind, however, we will endeavour (for completeness) to stop people from being able to insert script into the "Access Denied" page on CensorNet. If anyone could enlighten me as to a situatio [ more ] [ reply ] Norton Internet Security 2003 XSS 2003-10-27 DigitalPranksters (secteam digitalpranksters com) DigitalPranksters Security Advisory http://www.DigitalPranksters.com Norton Internet Security Blocked Sites XSS Risk: Low Product: Norton Internet Security 2003 v6.0.4.34 (Maybe others we only tested this version) Product URL: http://www.symantec.com/sabu/nis/nis_pe/index.html Found By: Krazy [ more ] [ reply ] SGI Advanced Linux Environment security update #3 2003-10-27 SGI Security Coordinator (agent99 sgi com) SGI Advanced Linux Environment security update #4 2003-10-27 SGI Security Coordinator (agent99 sgi com) Libnids <= 1.17 buffer overflow 2003-10-27 rafal wojtczuk 7bulls com (Rafal Wojtczuk) Hello, Libnids is a library which implements the functionality of NIDS E-component. Libnids provides IP defragmentation, TCP stream reassembly and port scan detection. Robert Watson <rwatson (at) FreeBSD (dot) org [email concealed]> has found a bug in the part of libnids code responsible for TCP reassembly. The flaw probably [ more ] [ reply ] Re: a dangerous fast spreading (yet simple) trojan horse. 2003-10-27 K-OTiK Security (Special-Alerts k-otik com) In-Reply-To: <000f01c39ced$e5abce50$0900000a@whitestar> it uses a well known IE unpatched vulnerability discovered by jelmer on Sep 11 2003 "Windows Media Player & Internet Explorer File Download and Execution" : http://www.k-otik.com/WMPLAYER-TEST/ http://www.securityfocus.com/archive/1/337285 [ more ] [ reply ] Advanced Poll : PHP Code Injection, File Include, Phpinfo 2003-10-25 Frog Man (leseulfrog hotmail com) Informations : °°°°°°°°°°°°° Language : PHP Product : Advanced Poll Version : 2.0.2 Textfile Website : http://www.proxy2.de Problems : - PHP Code Injection - File Include - Phpinfo PHP Code/Location : °°°°°°°°°°°°°°°°°°° comments.php : ------------------------------------------------------------ [ more ] [ reply ] MDKSA-2003:096-1 - Updated apache2 packages fix CGI scripting deadlock 2003-10-25 Mandrake Linux Security Team (security linux-mandrake com) Java 1.4.2_02 InsecurityManager JVM crash 2003-10-26 Marc Schoenefeld (schonef uni-muenster de) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello, Java 2 Security Managers are objects that should enforce system integrity and safety. Everyone would expect that the provided base classes from the JDK are therefore a role model for code quality and stability. But that's all theory. Let's [ more ] [ reply ] Some serious security holes in 'The Bat!' 2003-10-25 Bipin Gautam hUNT3R (door_hunt3r blackcodemail com) 'The Bat!' [http://www.ritlabs.com/] is a powerful, highly configurable, MULTI-USER, yet easy to use email client. I have discoverd some serious security holes in 'The Bat!' mmm..., when a new account is created in 'The Bat!' It creates the account in %programfiledir%\The Bat!\MAIL\ without [ more ] [ reply ] Dansie Shopping Cart Discloses Installation Path to Remote Users 2003-10-26 Dr`Ponidi Haryanto (drponidi hackermail com) Indonesia Security Development Team Advisory Dansie Shopping Cart Discloses Installation Path to Remote Users ================================================================ Advisory Name: Dansie Shopping Cart Discloses Installation Path to Remote Users Release Date: 5:21 AM 10/20/03 [ more ] [ reply ] Re: Internet Explorer and Opera local zone restriction bypass 2003-10-26 Mohsen Hariri (mohsen_hariri yahoo com) In-Reply-To: <20031024135303.26267.qmail (at) linuxmail (dot) org [email concealed]> It worked for me- IE6 on XP-SP1. but it seems to be a Flash Player MX plugin bug than IE bug, cause it stores cookies( flash documents call it SharedObject) on disk, in a fixed location. bye >Subject: Internet Explorer and Opera [ more ] [ reply ] a dangerous fast spreading (yet simple) trojan horse. 2003-10-28 Gadi Evron (ge egotistical reprehensible net) I usually do not email about "new" trojan horses unless they have something "special" about them, for there are a lot of them coming out non-stop. However, with this one, Although quite simple, is very destructive and spreading at incredible speed. The trojan horse spreads by people going to differ [ more ] [ reply ] Musicqueue multiple local vulnerabilities 2003-10-27 dong-h0un U (xploit hackermail com) ======================================== INetCop Security Advisory #2003-0x82-020 ======================================== * Title: Musicqueue multiple local vulnerabilities 0x01. Description Musicqueue is a CGI music jukebox using external tools to play the files. Because of that it supp [ more ] [ reply ] New Vulnerability 2003-10-26 Joshua P. Miller (jpmiller tds net) I would like to submit a vulnerability that I just recently discovered. I have already contacted the vendor of the software that I discovered the bug in, but they have not gotten back to me. There are two Code Injection/CSS vulnerabilities that exist in Guestbook Version 1.51 by Chi Kien Uong (www.p [ more ] [ reply ] RE: Internet Explorer and Opera local zone restriction bypass 2003-10-25 Mindwarper * (mindwarper linuxmail org) (1 replies) I decided to use the flash cookie just as an example. I could have used for example the Macromedia Director cookie. Another way would be using IE temporary cookies because they allow html tags and most other ascii symbols except for ";" in the cookie name. So all I have to do is create a document.wr [ more ] [ reply ] Re: Internet Explorer and Opera local zone restriction bypass 2003-10-27 Heikki Toivonen (hjtoi comcast net) sh-httpd `wildcard character' vulnerability 2003-10-27 dong-h0un U (xploit hackermail com) ======================================== INetCop Security Advisory #2003-0x82-019 ======================================== * Title: sh-httpd `wildcard character' vulnerability 0x01. Description About: sh-httpd is a shell script-based Web server that supports GET and HEAD methods, and a CG [ more ] [ reply ] Buffer Overflow in Yahoo messenger Client 2003-10-26 Hat-Squad Security Team (service hat-squad com) Re: Internet Explorer and Opera local zone restriction bypass 2003-10-25 psz maths usyd edu au (Paul Szabo) Thor Larholm <thor (at) PIVX (dot) COM [email concealed]> wrote: > ... this is not a problem with Microsofts Internet Explorer, but ... > There are two completely new issues at hand here. > The second issue is that IE ... inadvertently redirects to a local file ... > Content-Location: file:///c:/somefile.html > ... circumvents [ more ] [ reply ] RE: Internet Explorer and Opera local zone restriction bypass 2003-10-25 Thor Larholm (thor pivx com) There was not a lot of details in your post, so I will try to verify and clarify your findings. First things first, this is not a problem with Microsofts Internet Explorer, but with Macromedia and their Flash player. I could reproduce this issue successfully with a fresh install of the latest Flash [ more ] [ reply ] SiteKiosk terminal software 2003-10-24 Zrekam (zrekam badsystems com) (1 replies) I have found a bug/weakness in the SiteKiosk terminal software, that allows me to use the terminal without paying for the use of it. The weakness lays in the rule based system that sets the different charge zones in the terminal. The system allows you to use asterixs(*) in the rules for settin [ more ] [ reply ] |
|
Privacy Statement |
________________________________________________________________________
______
SGI Security Advisory
Title : SGI Advanced Linux Environment security update #2
Number : 20031001-01-U
Date : October 27, 2003
Reference
[ more ] [ reply ]