|
|
Colapse all |
Post message
LSH: Buffer overrun and remote root compromise in lshd 2003-09-20 nisse lysator liu se (Niels Möller) The Analysis of RPC Long Filename Heap Overflow AND a Way to Write Universal Heap Overflow of Windows 2003-09-20 flashsky fangxing (flashsky xfocus org) [SECURITY] [DSA-388-1] New kdebase packages fix multiple vulnerabilites in KDM 2003-09-20 Matt Zimmerman (mdz debian org) Vulnrability in myPHPnuke 1.8.8 2003-09-20 Lifo Fifo (lifofifo20 yahoo com) Language : PHP Script : http://www.myphpnuke.com 1.8.8 Problem : SQL Injection Description : myphpnuke is a widely used Content Managemnt System. Problem : In auth.inc.php file, ********************* if ((isset($aid)) && (isset($pwd)) && ($op == "login")) { if($aid!="" AND $pwd!="") [ more ] [ reply ] [Advisory] Powerslave 4.3 Information Leak Vuln. 2003-09-19 Enrico Kern (phantom h07 org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ========================================================= H Zero Seven Security Advisory Product : FlyingDog Software - Powerslave Portalmanager Impact : information leak vulnerability Issue date: 19 Sept. 2003 Update : Powerslave 4.4.3 [ more ] [ reply ] [CLA-2003:747] Conectiva Security Announcement - kde 2003-09-19 Conectiva Updates (secure conectiva com br) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ -- CONECTIVA LINUX SECURITY ANNOUNCEMENT - ------------------------------------------------------------------------ -- PACKAGE : kde SUMMARY : Several vulnerabilities (kdm, k [ more ] [ reply ] MDKSA-2003:094 - Updated MySQL packages fix buffer overflow vulnerability 2003-09-19 Mandrake Linux Security Team (security linux-mandrake com) MDKSA-2003:093 - Updated gtkhtml packages fix vulnerability 2003-09-19 Mandrake Linux Security Team (security linux-mandrake com) [CLA-2003:743] Conectiva Security Announcement - MySQL 2003-09-18 Conectiva Updates (secure conectiva com br) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ -- CONECTIVA LINUX SECURITY ANNOUNCEMENT - ------------------------------------------------------------------------ -- PACKAGE : MySQL SUMMARY : Several Vulnerabilities DATE [ more ] [ reply ] Knox Arkeia Pro v5.1.12 remote root exploit 2003-09-18 A. C. (bugtraq_vuln yahoo com) Exploit attached for Knox Arkeia Pro v5.1.12 backup software from http://www.arkeia.com. /* * Knox Arkiea arkiead local/remote root exploit. * * Portbind 5074 shellcode * * Tested on Redhat 8.0, Redhat 7.2, but all versions are presumed vulnerable. * * NULLs out least significant byte [ more ] [ reply ] [SECURITY] [DSA-386-1] New libmailtools-perl packages fix input validation bug 2003-09-19 Matt Zimmerman (mdz debian org) [SECURITY] [DSA-387-1] New gopher packages fix buffer overflows 2003-09-19 Matt Zimmerman (mdz debian org) AppSecInc Security Alert: Denial of Service Vulnerability in DB2 Discovery Service 2003-09-19 Aaron C. Newman (aaron newman-family com) Denial of Service Vulnerability in DB2 Discovery Service To determine if you should apply this patch, download AppDetective for DB2 from http://www.appsecinc.com/products/appdetective/db2/ Risk level: Low Summary: IBM DB2 provides a UDP service used as a discovery service for locating DB2 databa [ more ] [ reply ] [SECURITY] [DSA-385-1] New hztty packages fix buffer overflows 2003-09-18 Matt Zimmerman (mdz debian org) Mambo 4.0.14 Stable Bugs 2003-09-19 Lifo Fifo (lifofifo20 yahoo com) Product : Mambo 4.0.14 Stable Website : http://www.mamboserver.com/ Status : Vendor notified via email Imapct : Search for "Mambo Open Source is Free Software released under the GNU/GPL License." (with quotes) returned more than 500 results. Credit : lifofifo First of all, you will get a [ more ] [ reply ] uninitialized buffer in midnight commander 2003-09-19 "Ilya Teterin" (alienhard mail ru) Midnight Commander is using uninitialized buffer for handling symlinks in VFS (tar, cpio). See vfs/direntry.c, handling of buf[] at vfs_s_resolve_symlink(). I wonder but it works almost properly ;-) On linux-i386 I can reach stack buffer overflow using specially crafted archive. Open http://buggzy. [ more ] [ reply ] Wave of fake Official Microsoft Advisory 2003-09-19 Bruno Clermont (bruno gnome ca) (1 replies) Since this morning I start seeing tons of fake Microsoft Advisories by mail. They contain a .exe attachment. Running strings(1) on the file show it contain it's own HTML mail source (and other version of the advisory), and many of the stuff it try to do: - Increment a web counter "GET http://ww2.f [ more ] [ reply ] [OpenPKG-SA-2003.041] OpenPKG Security Advisory (sendmail) 2003-09-19 OpenPKG (openpkg openpkg org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ________________________________________________________________________ OpenPKG Security Advisory The OpenPKG Project http://www.openpkg.org/security.html http://www.openpkg.org openpkg-security (at) openpkg (dot) org [email concealed] [ more ] [ reply ] [ESA-20030918-025] 'MySQL' buffer overflow. 2003-09-18 EnGarde Secure Linux (security guardiandigital com) SuSE Security Announcement: openssh (second release) (SuSE-SA:2003:039) 2003-09-18 Roman Drahtmueller (draht suse de) Web counter in the new Swen/Gibe.F worm 2003-09-18 Richard M. Smith (rms computerbytesman com) Hi, Joe Stewart of Lurhq.com has made an interesting discovery about the new Swen/Gibe.F worm that started circulating today: When the worm infects a new machine, it hits a Web counter. The URL of the counter is: http://ww2.fce.vutbr.cz/bin/counter.gif/link=bacillus&width=6&set=cnt006 If th [ more ] [ reply ] Several Mambo 4.0.14 Stable Exploits 2003-09-18 Lifo Fifo (lifofifo20 yahoo com) Product : Mambo 4.0.14 Stable Website : http://www.mamboserver.com/ Status : Vendor notified via email Imapct : Search for "Mambo Open Source is Free Software released under the GNU/GPL License." (with quotes) returned more than 500 results. Credit : lifofifo, hackingzone.org Originally poste [ more ] [ reply ] NetBSD Security Advisory 2003-012: Out of bounds memset(0) in sshd 2003-09-18 NetBSD Security Officer (security-officer NetBSD org) NetBSD Security Advisory 2003-013: Kernel memory disclosure via ibcs2 2003-09-18 NetBSD Security Officer (security-officer NetBSD org) NetBSD Security Advisory 2003-014: Insufficient argument checking in sysctl(2) 2003-09-18 NetBSD Security Officer (security-officer NetBSD org) |
|
Privacy Statement |
[ more ] [ reply ]