|
|
Colapse all |
Post message
[OpenPKG-SA-2003.042] OpenPKG Security Advisory (openssh) 2003-09-24 OpenPKG (openpkg openpkg org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ________________________________________________________________________ OpenPKG Security Advisory The OpenPKG Project http://www.openpkg.org/security.html http://www.openpkg.org openpkg-security (at) openpkg (dot) org [email concealed] [ more ] [ reply ] Outlook security updates not stopping Swen 2003-09-24 Guy Barnum (GuyBarnum Armscole com) (posted to dshield also) For all of you who have been flooded with Swen emails. I've gone around a few times over the last few days with a combination of ISA server, outlook and Norton not being able to stop the latest Microsoft-hoax swen virus email. Here is what I came up with: I just tested a [ more ] [ reply ] Re: [Tclhttpd-users] Re: TCLHttpd Server - Multiple Vulnerabilities 2003-09-24 Brent Welch (welch panasas com) Here is the patch for the dirlist.tcl bug Please note also that with this bug you can see a directory listing, but you cannot fetch any files that you might be able to see. The server running at www.tcl.tk has had this patch applied to it. *** dirlist.tcl 4 Apr 2003 04:10:54 -0000 1.10 --- d [ more ] [ reply ] Re-Boot Design ASP Forum SQL injection Vulnerability 2003-09-24 Bahaa Naamneh (b_naamneh hotmail com) Re: [Fwd: Re: AIM Password theft] 2003-09-24 DarkKnight (mbuzz04 yahoo com) (1 replies) In-Reply-To: <3F7077FE.70303 (at) uniontown (dot) com [email concealed]> That method of stealing was taken from my website, "counter" is used to trick users into thinking that the script is just for a counter, but in reality it is just the object vulnerability. Anyways, AIM will do nothing to fix this. Why? Because it is not a [ more ] [ reply ] RE: [Fwd: Re: AIM Password theft] VU#865940 2003-09-24 Thor Larholm (thor pivx com) Art, You are correct, I should not have replied to Mark when I had not yet had my morning coffee. The dynamic rendering of OBJECT elements still trigger the HTA functionality exposed in Windows. Personally, though, I see this as an unrelated vulnerability regarding static/dynamic code rendering [ more ] [ reply ] RE: Does VeriSign's SiteFinder service violate the ECPA? 2003-09-24 Christopher Wagner (chrisw pacaids com) Your reply is well thought-out and logical, and most certainly all admins shouldn't be responsible for making sure typo'd URLs don't get intercepted by their webservers. The point I think Mr. Smith is trying to make is that Verisign seems to *want* to intercept this private information and use it t [ more ] [ reply ] Re: AIM Password theft 2003-09-24 http-equiv (at) excite (dot) com [email concealed] (1 malware com) <!-- Out of curiosity I followed that link which loaded start.html (attached). --> Caution: off-site archives will and have already stored this as: text/plain attachment: start.txt Tested on neohapsis [http://archives.neohapsis.com/archives/bugtraq/2003-09/0375.html] Due to the 'neve [ more ] [ reply ] [CLA-2003:749] Conectiva Security Announcement - php4 2003-09-24 Conectiva Updates (secure conectiva com br) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ -- CONECTIVA LINUX SECURITY ANNOUNCEMENT - ------------------------------------------------------------------------ -- PACKAGE : php4 SUMMARY : Integer overflow vulnerabiliti [ more ] [ reply ] Denial of Service against Gauntlet-Firewall / SQL-Gateway 2003-09-24 Oliver Heinz (heinz arago de) DOS-Attack against Gauntlet Firewall ------------------------------------- We found out a security-issue with the Oracle-Proxy (SQL-Gateway) of Gauntlet Firewall, Version 6 (manufactured by Secure Computing/NAI, serversrunning Solaris 8, newest Patches installed). Abstract: --------- Sen [ more ] [ reply ] BRS WebWeaver: Anonymous Surfing 2003-09-24 euronymous (just-a-user yandex ru) =:=:=::=:=:=::=:=:=::=:=:=::=:=:=::=:=:=::=:=:=::= topic: BRS WebWeaver: Anonymous Surfing product: BRS WebWeaver 1.06 vendor: http://www.brswebweaver.com risk: high date: 09/24/2k3 discovered by: euronymous /F0KP advisory urls: http://f0kp.iplus.ru/bz/027_en http://f0kp.iplus.ru/bz/ [ more ] [ reply ] Re: base64 2003-09-24 MightyE (trash mightye org) (1 replies) I agree, I don't think it's unreasonable to reject improperly formatted messages. Chances are much higher that they're spam or virii, and the minority with broken clients will find their way to non-broken clients. If you are parsing the message, particularly looking for malware, and encounter [ more ] [ reply ] |
|
Privacy Statement |
sustained of SOBIG.F, and I had to deal with bandwidth charges for more
than 450GB of SOBIG over a ten day period! My client had a particularly
nasty problem with this nuisance because the malware email address scanner
picked up
[ more ] [ reply ]