BugTraq Mode:
(Page 1612 of 1748)  < Prev  1607 1608 1609 1610 1611 1612 1613 1614 1615 1616 1617  Next >
ColdFusion cross-site scripting security vulnerability of an error page 2003-09-23
Takashi Hara (pfh00062 nifty com)


>> The outline of vulnerability

Macromedia's ColdFusion can display the various information about an error at the time of error occurred.

There is information transmitted from a client machine like "Referer".

ColdFusion displays the information as it is.

An attacker can execute a script on

[ more ]  [ reply ]
Multiple PAM vulnerabilities in portable OpenSSH 2003-09-23
Damien Miller (djm cvs openbsd org)
Subject: Portable OpenSSH Security Advisory: sshpam.adv

This document can be found at: http://www.openssh.com/txt/sshpam.adv

1. Versions affected:

Portable OpenSSH versions 3.7p1 and 3.7.1p1 contain multiple
vulnerabilities in the new PAM code. At least one of these bugs

[ more ]  [ reply ]
Portable OpenSSH 3.7.1p2 released 2003-09-23
Damien Miller (djm cvs openbsd org)
Portable OpenSSH 3.7.1p2 has just been released. It will be available
from the mirrors listed at http://www.openssh.com/portable.html shortly.

Please note that this is a release to address issues in the portable
version only. The items mentioned below do not affect the OpenBSD
version.

OpenSSH

[ more ]  [ reply ]
Moozatech: WZFTPD Denial Of Service 2003-09-23
Moran Zavdi (Security moozatech com)
23/09/03

Moozatech Advisory http://www.moozatech.com/mt-23-09-2003.txt

-------------------------------------------------------

Application: wzdftpd FTP Server
Web Site: http://www.wzdftpd.net
Versions: 0.1rc5
Platform: Windows 2000,WindowsXP,UNIX systems might also be affected.
Risk:

[ more ]  [ reply ]
[CLA-2003:748] Conectiva Security Announcement - wu-ftpd 2003-09-22
Conectiva Updates (secure conectiva com br)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
CONECTIVA LINUX SECURITY ANNOUNCEMENT
- ------------------------------------------------------------------------
--

PACKAGE : wu-ftpd
SUMMARY : Command execution remote vu

[ more ]  [ reply ]
SpeakFreely for Win <= 7.6a remote crash through malformed GIF 2003-09-22
Luigi Auriemma (aluigi altervista org)
#######################################################################

Luigi Auriemma

Application: SpeakFreely
http://www.fourmilab.ch/speakfree/
http://speak-freely.sourceforge.net
Versions: <= 7.6a
Platforms: Windows (Unix versions are

[ more ]  [ reply ]
base64 2003-09-22
"Ilya Teterin" (alienhard mail ru) (2 replies)
Consider we decoding data which contains padding character ('=') at the unexpected place. What we should do with such data? The specification of base64 decoding does not tell us what we MUST or even MAY do with such data... So, we can do anything we like to do:

1. threat padding character as end of

[ more ]  [ reply ]
Re: base64 2003-09-23
Erwan David (Erwan David trusted-logic fr)
Re: base64 2003-09-22
Bennett Todd (bet rahul net)
Wu_ftpd all versions (not) vulnerability. 2003-09-22
Adam Zabrocki (pi3ki31ny wp pl)


I. Entry.

(Not) Vuln are all version deamons wu_ftp; not in default installation.

When we use option where deamon send e-mail with name of uploaded files,

deamon use function store() and next SockPrintf().

II. Vulnerability details.

Vulnerability function is SockPrintf(). There

[ more ]  [ reply ]
SpeakFreely for Win <= 7.6a spoofed DoS 2003-09-22
Luigi Auriemma (aluigi altervista org)
#######################################################################

Luigi Auriemma

Application: SpeakFreely
http://www.fourmilab.ch/speakfree/
http://speak-freely.sourceforge.net
Versions: <= 7.6a
Platforms: Windows (Unix versions are

[ more ]  [ reply ]
Multiple Security Issues in Netup UTM 2003-09-20
Gleb Smirnoff (glebius cell sick ru)
Name : Multiple Security Issues in Netup UTM
Software Package : Netup UserTraffManager
Vendor Homepage : http://www.netup.biz, http://www.netup.ru
Vulnerable Versions: 3.0, 4.0
Platforms : Linux, FreeBSD
Vulnerability Type : SQL injections, remote shell command execution

[ more ]  [ reply ]
How VeriSign's SiteFinder service breaks Outlook Express 2003-09-20
Richard M. Smith (rms computerbytesman com) (1 replies)
Hello,

I discovered that VeriSign's SiteFinder service breaks Microsoft's
Outlook Express email reader. If a user misspells a domain name in
their POP3 or SMTP server name, Outlook Express no longer provides
meaningful error messages to a user to help them to fix the problem.

Similar problems may

[ more ]  [ reply ]
VeriSign's SiteFinder VS Microsoft smart search 2003-09-22
urbn visi com
Does VeriSign's SiteFinder service violate the ECPA? 2003-09-20
Richard M. Smith (rms computerbytesman com) (1 replies)
Hi,

Here's a question for the lawyers. In certain situations, does the
VeriSign SiteFinder service violate the Electronic Communications
Privacy Act (AKA, ECPA)?

Here's the actual text of the ECPA:

http://www4.law.cornell.edu/uscode/18/pIch119.html

With my packet sniffer, I noticed that the

[ more ]  [ reply ]
Re: Does VeriSign's SiteFinder service violate the ECPA? 2003-09-23
N407ER (n407er myrealbox com)
How Verisign's SiteFinder service breaks Windows networking utilities 2003-09-20
Richard M. Smith (rms computerbytesman com)
Hi,

Verisign's SiteFinder service also breaks many of the standard Windows
networking utilities by providing misleading error messages, temporary
lockups, and incorrect status information.

For example, referencing a UNC path with a misspelled domain name with
SiteFinder in the picture gives an inc

[ more ]  [ reply ]
Fw: 0x333hztty => hztty 2.0 local root exploit 2003-09-21
c0wboy@0x333 (c0wboy tiscali it)
hztty 2.0 local root exploit

[ more ]  [ reply ]
[SECURITY] [DSA-383-2] OpenSSH buffer management fix 2003-09-21
Wichert Akkerman (wichert wiggy net)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------

Debian Security Advisory DSA-383-2 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Wichert Akkerman
September 21, 2003
- -----------

[ more ]  [ reply ]
Snort not backdoored, Sourcefire not compromised 2003-09-22
Martin Roesch (roesch sourcefire com)
It's come to my attention that some group is claiming to have broken
into a Sourcefire server and backdoored the Snort source code. First
things first, there is no backdoor in Snort nor has there ever been,
everyone can relax.

A shell server got compromised well over a year ago, but what these

[ more ]  [ reply ]
[SECURITY] [DSA-382-3] OpenSSH buffer management fix 2003-09-21
Wichert Akkerman (wichert wiggy net)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------

Debian Security Advisory DSA-382-3 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Wichert Akkerman
September 21, 2003
- -----------

[ more ]  [ reply ]
[RHSA-2003:256-01] Updated Perl packages fix security issues. 2003-09-22
bugzilla redhat com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ---------------------------------------------------------------------
Red Hat Security Advisory

Synopsis: Updated Perl packages fix security issues.
Advisory ID: RHSA-2003:256-01
Issue date: 2003-09-22
Updated

[ more ]  [ reply ]
[RHSA-2003:243-01] Updated Apache and mod_ssl packages fix security vulnerabilities 2003-09-22
bugzilla redhat com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ---------------------------------------------------------------------
Red Hat Security Advisory

Synopsis: Updated Apache and mod_ssl packages fix security vulnerabilities
Advisory ID: RHSA-2003:243-01
Issue date:

[ more ]  [ reply ]
Denial of service vulnerability in Xitami Open Source Web Server 2003-09-22
Oliver Karow (Oliver karow gmx de)
Denial of service vulnerability in Xitami Open Source Web Server
================================================================

Date: 22.09.2003
=====

Affected Systems
================

The vulnerability was discovered on several versions (production and
beta) of Xitami
webserver for Windows N

[ more ]  [ reply ]
SuSE Security Announcement: sendmail, sendmail-tls (SuSE-SA:2003:040) 2003-09-20
Roman Drahtmueller (draht suse de)
-----BEGIN PGP SIGNED MESSAGE-----

________________________________________________________________________
______

SuSE Security Announcement

Package: sendmail, sendmail-tls
Announcement-ID: SuSE-SA:2003:040
Date:

[ more ]  [ reply ]
[SECURITY] [DSA-389-1] New ipmasq packages fix insecure packet filtering rules 2003-09-20
Matt Zimmerman (mdz debian org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 389-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Matt Zimmerman
September 20th, 2003

[ more ]  [ reply ]
<Advice> Possible Backdoor into openssh-3.7.1p1-i386-1.tgz from Slackware Mirror 2003-09-20
Piermark (bugs84 libero it) (3 replies)
Hi,

I have update my Slackware 9.0 with openssh-3.7.1p1-i386-1.tgz from
http://www.slackware.at/data/slackware-9.0/patches/packages/openssh-3.7.
1p1-i386-1.tgz

Now i have 3 new tcp/ip ports into my system: (thank Nmap) :-)

- 867 Open
- 879 Open
- 889 Open

Example:

telnet> open
(to) 127.0.0.1 8

[ more ]  [ reply ]
Re: <Advice> Possible Backdoor into openssh-3.7.1p1-i386-1.tgz from Slackware Mirror 2003-09-21
Patrick J. Volkerding (security slackware com)
Re: <Advice> Possible Backdoor into openssh-3.7.1p1-i386-1.tgz from Slackware Mirror 2003-09-21
Robert Jaroszuk (zim iq pl)
Re: <Advice> Possible Backdoor into openssh-3.7.1p1-i386-1.tgz from Slackware Mirror 2003-09-21
Martin Östlund (martin lemonlime se)
(Page 1612 of 1748)  < Prev  1607 1608 1609 1610 1611 1612 1613 1614 1615 1616 1617  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus