|
|
Colapse all |
Post message
Cafelog WordPress / b2 SQL injection vulnerabilities discovered and fixed in CVS 2003-10-03 Seth Woolley (seth tautology org) Minihttpserver File-Sharing for NET Directory Traversal Vulnerability 2003-10-03 Bahaa Naamneh (b_naamneh hotmail com) FreeBSD Security Advisory FreeBSD-SA-03:17.procfs 2003-10-03 FreeBSD Security Advisories (security-advisories freebsd org) New Tool: MetaCoretex (DB Security Scanner) 2003-10-02 visigoth (visigoth securitycentric com) Greetings all! I am pleased to announce the initial public release of a toy I have been working on for a little while now... MetaCoretex is an OpenSource, JAVA based, database capable security scanner with a kewl set of features. We have a bunch of spiffy probes already which are capable of do [ more ] [ reply ] New OpenSSL remote vulnerability (issue date 2003/10/02) 2003-10-02 Patrik Hornik (patrik hornik ebitech sk) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ====================================================================== Security advisory 20031002 - ---------------------------------------------------------------------- Product: openssl Issue date: 2003/10/02 Last updated: 2003/10/02 ========== [ more ] [ reply ] Process Killing - Playing with PostThreadMessage 2003-10-02 Brett Moore (brett moore security-assessment com) (1 replies) ======================================================================== = = Process Killing - Playing with PostThreadMessage = = brett.moore (at) security-assessment (dot) com [email concealed] = http://www.security-assessment.com = = Originally posted: October 02, 2003 ========================================================== [ more ] [ reply ] CERT Advisory CA-2003-26 Multiple Vulnerabilities in SSL/TLS Implementations 2003-10-01 CERT Advisory (cert-advisory cert org) Re: SSGbook (ASP) 2003-10-01 Terry Bankert (tbankert script-shed com) In-Reply-To: <F127ak1HTJcwXAtPyFC00019ee5 (at) hotmail (dot) com [email concealed]> This issue has been fixed >Received: (qmail 27350 invoked from network); 8 Oct 2002 17:28:07 -0000 >Received: from outgoing2.securityfocus.com (HELO outgoing.securityfocus.com) (205.206.231.26) > by mail.securityfocus.com with SMTP; 8 Oct [ more ] [ reply ] NOVL-2003-10087450 - Novell Response to NISCC/CERT Advisoriesre: OpenSSL - revised url 2003-10-01 Ed Reed (ereed novell com) Multiple vulnerabilities in WinShadow 2003-10-01 Bahaa Naamneh (b_naamneh hotmail com) Multiple vulnerabilities in WinShadow ------------------------------------- Affected Systems: OmniCom WinShadow version: 2.0 (and possibly earlier versions) Vendor: OmniCom Technologies - http://www.omnicomtech.com Issue: 1. Buffer overflow in client handling hostnames in host files [ more ] [ reply ] ptl-2003-01: IBM DB2 LOAD Command Stack Overflow Vulnerability 2003-10-01 Pentest Security Advisories (alerts pentest co uk) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Pentest Limited Security Advisory IBM DB2 LOAD Command Stack Overflow Vulnerability Advisory Details - ---------------- Title: IBM DB2 LOAD Command Stack Overflow Vulnerability Announcement date: 1st October 2003 Advisory Reference: ptl-2003-01 CVE [ more ] [ reply ] ptl-2003-02: IBM DB2 INVOKE Command Stack Overflow Vulnerability 2003-10-01 Pentest Security Advisories (alerts pentest co uk) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Pentest Limited Security Advisory IBM DB2 INVOKE Command Stack Overflow Vulnerability Advisory Details - ---------------- Title: IBM DB2 INVOKE Command Stack Overflow Vulnerability Announcement date: 1st October 2003 Advisory Reference: ptl-2003-02 [ more ] [ reply ] NOVL-2003-10087450 - Novell Response to NISCC/CERT Advisoriesre: OpenSSL 2003-10-01 Ed Reed (ereed novell com) DCP Portal - 5.5 holes 2003-10-01 Lifo Fifo (lifofifo20 yahoo com) Never use this product if you have turned off magic_quotes_gpc. And this product won't work anyway if you have turned off register_globals. All the files in the product, dont check for integrity of variables. You can easily exploit this using some SQL Injection techniques. For example, if you w [ more ] [ reply ] [slackware-security] OpenSSL security update (SSA:2003-273-01) 2003-10-01 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] OpenSSL security update (SSA:2003-273-01) Upgraded OpenSSL packages are available for Slackware 8.1, 9.0, 9.1, and -current. These fix problems with ASN.1 parsing which could lead to a denial of service. It is not known whether [ more ] [ reply ] Cisco Security Advisory: SSL Implementation Vulnerabilities 2003-10-01 Cisco Systems Product Security Incident Response Team (psirt cisco com) MDKSA-2003:098 - Updated openssl packages fix vulnerabilities 2003-10-01 Mandrake Linux Security Team (security linux-mandrake com) [Full-Disclosure] [SECURITY] [DSA-393-1] New OpenSSL packages correct denial of service issues 2003-10-01 debian-security-announce lists debian org MDKSA-2003:097 - Updated mplayer packages fix buffer overflow vulnerability 2003-09-30 Mandrake Linux Security Team (security linux-mandrake com) [CLA-2003:751] Conectiva Security Announcement - openssl 2003-09-30 Conectiva Updates (secure conectiva com br) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ -- CONECTIVA LINUX SECURITY ANNOUNCEMENT - ------------------------------------------------------------------------ -- PACKAGE : openssl SUMMARY : Remote vulnerabilities DATE [ more ] [ reply ] |
|
Privacy Statement |
Hash: SHA1
Vendor:
Cafelog
Product:
WordPress (formerly b2)
http://www.wordpress.org/
Vulnerable Versions:
* CVS versions before October 1, 2003
* Vulnerability affects code inherited from b2, so all versions of
wordpress released before CVS fix are affected a
[ more ] [ reply ]