BugTraq Mode:
(Page 1611 of 1748)  < Prev  1606 1607 1608 1609 1610 1611 1612 1613 1614 1615 1616  Next >
GLSA: openssh (200309-14) 2003-09-23
aliz gentoo org (Daniel Ahlberg) (1 replies)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - - ---------------------------------------------------------------------
GENTOO LINUX SECURITY ANNOUNCEMENT 200309-14
- - - ---------------------------------------------------------------------

          PACKAGE : openssh
          SUMMARY : multipl

[ more ]  [ reply ]
Re: [Full-Disclosure] GLSA: openssh (200309-14) 2003-09-23
Ademar de Souza Reis Jr. (ademar conectiva com br)
FreeBSD Security Advisory FreeBSD-SA-03:14.arp 2003-09-24
FreeBSD Security Advisories (security-advisories freebsd org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

========================================================================
=====
FreeBSD-SA-03:14.arp Security Advisory
The FreeBSD Project

Topic: de

[ more ]  [ reply ]
TCLHttpd Server - Multiple Vulnerabilities 2003-09-24
Phuong Nguyen (dphuong yahoo com)
Released Date 09/23/2003

TITLE
=====
TCLHttpd 3.4.2 - Multiple Vulnerabilities

DESCRIPTION
===========
"TclHttpd is used both as a general-purpose Web
server, and as a framework for building server
applications. It implements Tcl (http://www.tcl.tk),
including the Tcl Resource Center and Scriptics

[ more ]  [ reply ]
[ESA-20030924-026] 'WebTool-userpass' passphrase disclosure vulnerability. 2003-09-24
EnGarde Secure Linux (security guardiandigital com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

+-----------------------------------------------------------------------
-+
| Guardian Digital Security Advisory September 24, 2003 |
| http://www.guardiandigital.com ESA-20030924-026 |
|

[ more ]  [ reply ]
Privacy leak in VeriSign's SiteFinder service 2003-09-23
Richard M. Smith (rms computerbytesman com) (1 replies)
Hi,

I just discovered that VeriSign's SiteFinder Web site is leaking data
submitted in Web forms to its marketing analysis partner, Omniture.
Forms can easily contain personal information such as an email address.
For the problem to occur, a Web form must use the GET method.

This data spill prob

[ more ]  [ reply ]
Privacy leak in VeriSign's SiteFinder service #2 2003-09-24
Mark Coleman (markc uniontown com) (1 replies)
Re: Privacy leak in VeriSign's SiteFinder service #2 2003-09-24
Marco Ivaldi (raptor 0xdeadbeef info)
RE: [Fwd: Re: AIM Password theft] 2003-09-23
Thor Larholm (thor pivx com)
This is just a simple exploit utilizing the Object Data vulnerability
discovered by Drew Copley, coupled with the GreyMagic no-script HTML
rendering as demonstrated earlier on this list and others by jelmer.

Tell your user to go install MS03-032, which he obviously did not do as
MS03-032 patches th

[ more ]  [ reply ]
Re: AIM Password theft 2003-09-23
Brent Meshier (brent meshier com)
Mark,
The code you just sent looks familiar to a SPAM I received
attempting to hijack users' e-gold accounts. Out of curiosity I
followed that link which loaded start.html (attached). What worries me
is that I'm running IE 6.0.2800.1106 with all the latest patches from
Microsoft and this page (st

[ more ]  [ reply ]
RE: [Fwd: Re: AIM Password theft] 2003-09-23
S G Masood (sgmasood yahoo com)
Hi Mark,

www.Haxr.org uses the "XML Page Object Type Validation
Vulnerability" [1] to infect IE users automatically.
Here is the code from the site:

<span datasrc="#oExec" datafld="counter"
dataformatas="html"></span>
<xml id="oExec">
<security>
<counter>
<![CDATA[
<object data=tracker.php></obje

[ more ]  [ reply ]
MondoSoft File Creation vulnerability 2003-09-24
Jens H. Christensen (jhc protego dk)
PROTEGO Security Advisory #PSA200302
Topic: MondoSoft File Creation vulnerability
Application : MondoSearch 4.4, 5.0, and 5.1
Author: Jens H. Christensen (jhc at protego.dk)
Advisory URL: http://www.protego.dk/advisories/200302.html
Identifiers: CERT: VU# 756556
Vendor Name: MondoSoft
Vendor URL:

[ more ]  [ reply ]
[slackware-security] WU-FTPD Security Advisory (SSA:2003-259-03) 2003-09-24
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] WU-FTPD Security Advisory (SSA:2003-259-03)

Upgraded WU-FTPD packages are available for Slackware 9.0 and
- -current. These fix a problem where an attacker could use a
specially crafted filename in conjunction with WU-FTPD's
con

[ more ]  [ reply ]
[slackware-security] New OpenSSH packages (SSA:2003-266-01) 2003-09-24
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] New OpenSSH packages (SSA:2003-266-01)

Upgraded OpenSSH 3.7.1p2 packages are available for Slackware 8.1,
9.0 and -current. This fixes security problems with PAM
authentication. It also includes several code cleanups from Solar

[ more ]  [ reply ]
[slackware-security] ProFTPD Security Advisory (SSA:2003-259-02) 2003-09-24
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] ProFTPD Security Advisory (SSA:2003-259-02)

Upgraded ProFTPD packages are available for Slackware 8.1, 9.0 and
- -current. These fix a security issue where an attacker could gain
a root shell by downloading a specially crafted f

[ more ]  [ reply ]
OpenServer 5.0.7 OpenServer 5.0.6 OpenServer 5.0.5 : wu-ftpd fb_realpath() off-by-one bug 2003-09-24
security sco com

To: bugtraq (at) securityfocus (dot) com [email concealed] announce (at) lists.caldera (dot) com [email concealed] full-disclosure (at) lists.netsys (dot) com [email concealed]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

________________________________________________________________________
______

SCO Security Advisory

Subject: OpenServer 5.0.7 OpenServer 5.0.6 OpenServer

[ more ]  [ reply ]
Re: base64 2003-09-23
"Ilya Teterin" (alienhard mail ru)
Erwan David:
> I'll add 5. consider data encoding as broken and return an error.
> The base64 specification specifies how to encode. If you get
> padding character inside data, it's no more base64 encoded data.

The base64 specification specifies how to decode, too. And it specifies how to handle un

[ more ]  [ reply ]
RE: Does VeriSign's SiteFinder service violate the ECPA? 2003-09-23
Michael Wojcik (Michael Wojcik microfocus com)
> From: N407ER [mailto:n407er (at) myrealbox (dot) com [email concealed]]
> Sent: Tuesday, September 23, 2003 10:43 AM
>
> By this logic, all webservers which unintentionally accept traffic
> without somehow verifying that a typo did not take place violate the
> ECPA. Thats ridiculous. Do you really want a precedent where,

[ more ]  [ reply ]
[Fwd: Re: AIM Password theft] 2003-09-23
Mark Coleman (markc uniontown com)
Hi, can anyone shed some light on this for me? If this is new, its
going to spread like wildfire. AOL or incidents lists have yet to
reply.... it appears to be a legitimate threat as I have at least one
user "infected" already.. Thank you..

-Mark Coleman

--------------

Hi, please find atta

[ more ]  [ reply ]
ISS Security Brief: ProFTPD ASCII File Remote Compromise Vulnerability (fwd) 2003-09-23
Dave Ahmad (da securityfocus com)

-----BEGIN PGP SIGNED MESSAGE-----

Internet Security Systems Security Brief
September 23, 2003

ProFTPD ASCII File Remote Compromise Vulnerability

Synopsis:

ISS X-Force has discovered a flaw in the ProFTPD Unix FTP server. ProFTPD
is a highly configurable FTP (File Transfer Protocol) server for

[ more ]  [ reply ]
RE: Does VeriSign's SiteFinder service violate the ECPA? 2003-09-23
Kaplan Michael N NPRI (KaplanMN Npt NUWC Navy Mil)

"By this logic, all webservers which unintentionally accept traffic
without somehow verifying that a typo did not take place violate the
ECPA. Thats ridiculous. Do you really want a precedent where, if someone
accidentally POSTs bank information to your site instead of the URL
they

[ more ]  [ reply ]
Re: Wu_ftpd all versions (not) vulnerability. 2003-09-22
Marcin Ulikowski (r3b00t tx pl)
From: Adam Zabrocki <pi3ki31ny (at) wp (dot) pl [email concealed]>
> .... but in the system (linux) is restriction for path_name = 4095 and in
this example we should build minimum path_name = 32778 :-) (Shall it is
possibly to bypass it?)

Linux 2.2.x and some early 2.4.x kernel versions defines PATH_MAX to be 4095
characters,

[ more ]  [ reply ]
RE: base64 2003-09-23
latte hushmail com
What about this section:

" Because it is used only for padding at the end of the data, the
occurrence of any '=' characters may be taken as evidence that the
end of the data has been reached (without truncation in transit). No
such assurance is possible, however, when the number of octets
transmit

[ more ]  [ reply ]
mpg123[v0.59r,v0.59s]: remote client-side heap corruption exploit. 2003-09-23
Vade 79 (v9 fakehalo deadpig org)


did an audit of mpg123(my mp3 player of choice), found a remotely

exploitable bug in audio streaming service(httpget.c); applies to v0.59r

and v0.59s(pre, up to current as of writing this). the exploit comments

explain how it works and how to find the memory addresses needed(if not

already a

[ more ]  [ reply ]
(Page 1611 of 1748)  < Prev  1606 1607 1608 1609 1610 1611 1612 1613 1614 1615 1616  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus