|
|
Colapse all |
Post message
Solaris SADMIND Exploitation 2003-09-18 H D Moore (rootdown-announce metasploit com) The exploitation method is different from the iDefense advisory, this code only requires a single UDP packet to the sadmind service to execute commands. ================================================== $ wget http://www.metasploit.com/tools/rootdown.pl >/dev/null 2>&1 $ chmod 755 rootdown.pl $ [ more ] [ reply ] [CLA-2003:742] Conectiva Security Announcement - sendmail 2003-09-18 Conectiva Updates (secure conectiva com br) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ -- CONECTIVA LINUX SECURITY ANNOUNCEMENT - ------------------------------------------------------------------------ -- PACKAGE : sendmail SUMMARY : Remote vulnerability DATE [ more ] [ reply ] Directory traversal in Plug & Play Web Server 2003-09-18 Bahaa Naamneh (b_naamneh hotmail com) Directory traversal in Plug & Play Web Server Introduction: ============= "The Plug and Play Web Server provides all of the tools you need to host your own website. The tools are bundled together in one comprehensive software package that it is incredibly easy to use and maintain." - Vendo [ more ] [ reply ] MDKSA-2003:092 - Updated sendmail packages fix buffer overflow vulnerability 2003-09-18 Mandrake Linux Security Team (security linux-mandrake com) Immunix Secured OS 7+ sendmail update 2003-09-18 Immunix Security Team (security immunix com) [From the Redundancy Department of Redundancy: When setting up an out-of-office-autoreply, please configure it to NOT respond to Precedence: bulk mail or other public mail lists. Thanks.] ----------------------------------------------------------------------- Immunix Secured OS Security Advisory [ more ] [ reply ] [SECURITY] [DSA-384-1] New sendmail packages fix buffer overflows 2003-09-18 Matt Zimmerman (mdz debian org) CORE-2003-0531: Multiple IBM DB2 Stack Overflow Vulnerabilities 2003-09-18 CORE Security Technologies Advisories (advisories coresecurity com) [ESA-20030918-024] Additional 'OpenSSH" buffer management bugs. 2003-09-18 EnGarde Secure Linux (security guardiandigital com) CERT Advisory CA-2003-25 Buffer Overflow in Sendmail 2003-09-18 CERT Advisory (cert-advisory cert org) FreeBSD Security Advisory FreeBSD-SA-03:13.sendmail 2003-09-17 FreeBSD Security Advisories (security-advisories freebsd org) FreeBSD Security Advisory FreeBSD-SA-03:12.openssh [REVISED] 2003-09-17 FreeBSD Security Advisories (security-advisories freebsd org) [CLA-2003:741] Conectiva Security Announcement - openssh 2003-09-17 Conectiva Updates (secure conectiva com br) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ -- CONECTIVA LINUX SECURITY ANNOUNCEMENT - ------------------------------------------------------------------------ -- PACKAGE : openssh SUMMARY : Remote vulnerabilities DATE [ more ] [ reply ] [RHSA-2003:279-02] Updated OpenSSH packages fix potential vulnerabilities 2003-09-17 bugzilla redhat com Denial-Of-Service and JVM Crash via user injectable xsl template 2003-09-17 Marc Schoenefeld (schonef uni-muenster de) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ILLEGALACCESS.ORG JAVA SECURITY ANNOUNCEMENT - ------------------------------------------------------------------------ -- PACKAGE : Embedded XALAN packages in JDK 1.4.x SUMMARY : Vulnerable classes callable via user injectable xsl template THREAT [ more ] [ reply ] RE: Exploiting Multiple Flaws in Symantec Antivirus 2004 for Windows Mobile (fwd) 2003-09-17 Thor Larholm (thor pivx com) ---------- Forwarded message ---------- > From: <auto9115 (at) hushmail (dot) com [email concealed]> > Subject: [Full-Disclosure] Exploiting Multiple Flaws in Symantec > Antivirus 2004 for Windows Mobile > > Vulnerability #2: The Virus scanner does not appear to work at all! > > Like any antivirus scanner, Symantec detects t [ more ] [ reply ] Denial Of Service in Plug & Play Web (FTP) Server 2003-09-17 Bahaa Naamneh (b_naamneh hotmail com) Denial Of Service in Plug & Play Web (FTP) Server Introduction: ============= "The Plug and Play Web Server provides all of the tools you need to host your own website. The tools are bundled together in one comprehensive software package that it is incredibly easy to use and maintain." - V [ more ] [ reply ] Verisign abusing .COM/.NET monopoly, BIND releases new 2003-09-17 Thor Larholm (thor pivx com) (2 replies) This is simply amazing, Verisign has just turned the .COM and .NET TLD DNS servers up-side-down for their own economical gain and, in doing so, disrupted network traffic for most of the Internet. Mail administrators who use any non-existant DNSBL to mark email as spam suddenly has all their mails de [ more ] [ reply ] Re: Verisign abusing .COM/.NET monopoly, BIND releases new 2003-09-17 SR (bugtraq rivera za net) (1 replies) Re: Verisign abusing .COM/.NET monopoly, BIND releases new 2003-09-17 Damaged Industries (damaged damaged no-ip com) Re: Verisign abusing .COM/.NET monopoly, BIND releases new 2003-09-17 Jose Nazario (jose monkey org) Lun_mountd.c vs mounty.c 2003-09-17 Tobias Klein (tobias klein ewetel de) frew min ago i was browsing packetstorm and i cant belive my eyes anyone has changed a half haeder of my code and disclosures it to packetstorm i cant understand why pplz does that are they not able to got there own skills i have investigate many hours to write this code and it should never release [ more ] [ reply ] OPENSSH-SORCERER2003-09-17 2003-09-17 Michael Walton (mwalton abilene com) (1 replies) Sorcerer Update Advisory Tap Into the Source ________________________________________________________________________ Source Name: openssh-3.7p1 Advisory ID: SORCERER2003-09-17 Date: September 17th, 2003 ______ [ more ] [ reply ] Re: [Full-Disclosure] Exploiting Multiple Flaws in Symantec Antivirus 2004 for Windows Mobile 2003-09-17 Sym Security (symsecurity symantec com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Symantec's response to Issue #1: Symantec's Auto-Protect feature in Symantec AntiVirus for Handhelds scanner is designed to detect malicious code, in real time, as files are saved to a device. At this time the anticipated mechanism for transport to [ more ] [ reply ] [slackware-security] Sendmail vulnerabilities fixed (SSA:2003-260-02) 2003-09-17 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] Sendmail vulnerabilities fixed (SSA:2003-260-02) The sendmail packages in Slackware 8.1, 9.0, and -current have been patched to fix security problems. These issues seem to be remotely exploitable, so all sites running sendmail s [ more ] [ reply ] [slackware-security] OpenSSH updated again (SSA:2003-260-01) 2003-09-17 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] OpenSSH updated again (SSA:2003-260-01) Upgraded OpenSSH 3.7.1p1 packages are available for Slackware 8.1, 9.0 and -current. These fix additional buffer management errors that were not corrected in the recent 3.7p1 release. The [ more ] [ reply ] |
|
Privacy Statement |
--/ INTRODUCTION --
Advisory : rcon_plaintext
Release Date : 18.September 2003
Application : HLSW / rcon-console
Impact : rcon passwords can be sniffed
Vendor Status : No reply yet.
Author : Alexander 'xaitax' Hagenah [ah (at) primepage (dot) de [email concealed]]
[ more ] [ reply ]