|
|
Colapse all |
Post message
MDKSA-2003:087 - Updated gkrellm packages fix remote arbitrary code executeion vulnerability 2003-08-29 Mandrake Linux Security Team (security linux-mandrake com) [CLA-2003:727] Conectiva Security Announcement - sendmail 2003-08-29 Conectiva Updates (secure conectiva com br) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ -- CONECTIVA LINUX SECURITY ANNOUNCEMENT - ------------------------------------------------------------------------ -- PACKAGE : sendmail SUMMARY : Remote vulnerability DATE [ more ] [ reply ] [RHSA-2003:267-01] New up2date available with updated SSL certificate authority file 2003-08-29 bugzilla redhat com [SECURITY] [DSA 274-1] New node packages fix remote root vulnerability 2003-08-29 joey infodrom org (Martin Schulze) RE: EEYE: Internet Explorer Object Data Remote Execution Vulnerability 2003-08-27 Drew Copley (dcopley eeye com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Addendum: It has come to our attention that the file extension does not matter. So, the only way people should be blocking is this is by blocking by this tag: Content-Type: application/hta Cheers. > -----Original Message----- > From: Drew Copley [ more ] [ reply ] WorldFlash - Spyware and BO 2003-08-28 mac ac t-online de (Dr Markus a Campo) I use the demo-version of the WorldFlash News-Ticker Gold M5.30i (http://www.worldflash.com/). While investigating some unexpected crashs of the programm with a sniffer, I noticed that some privat informations are sent back to WorldFlash, i.e. my real IP behind the firewall, the mailserver I use, an [ more ] [ reply ] RealOne Player Allows Cross Zone and Domain Access 2003-08-27 DigitalPranksters (secteam digitalpranksters com) DigitalPranksters Security Advisory http://www.DigitalPranksters.com RealOne Player Allows Cross Zone and Domain Access Risk: High Product: RealOne Player (English only), RealOne Player v2 for Windows (all languages), and RealOne Enterprise Desktop (all versions, standalone and as configured by [ more ] [ reply ] OSSTMM 2.1 Released 2003-08-25 Robert E. Lee (robert isecom org) Barcelona, Spain - 25th August 2003 - The Institute for Security and Open Methodologies (ISECOM) unveils the much anticipated 2.1 release of the Open Source Security Testing Methodology Manual (OSSTMM). About the OSSTMM The Open Source Security Testing Methodology Manual (OSSTMM) is an open standar [ more ] [ reply ] [slackware-security] GDM security update (SSA:2003-236-01) 2003-08-24 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] GDM security update (SSA:2003-236-01) Upgraded gdm packages are available for Slackware 9.0 and -current. These fix a security issue where a local user may use GDM to read any file on the system. Here are the details from the S [ more ] [ reply ] Re: Heterogeneity as a form of obscurity, and its usefulness 2003-08-25 Crispin Cowan (crispin immunix com) Eric Greenberg wrote: >Heterogeneity has played a major role in disastor and recovery designs for >as long as I can remember (that would be the past 20 years). Equally so, I > Be *very* careful here: security is fundamentally different from fault tolerance. FT needs to defeat random, independent f [ more ] [ reply ] newsPHP file inclusion & bad login validation 2003-08-25 Dariusz 'Officerrr' Kolasinski (officerrr poligon com pl) newsPHP arbitary file inclusion & bad login validation ===+++===+++===+++ Product: newsPHP Version: <= v216 Vendor: http://www.nphp.net Author: Officerrr <officerrr (at) poligon.com (dot) pl [email concealed]> Discover by: Officerrr <officerrr (at) poligon.com (dot) pl [email concealed]> Vendor Response: Not contacted yet... ===+++===+++===+++ Problem # [ more ] [ reply ] SNMPc v5 and v6 remote vulnerability 2003-08-25 Alexander V. Nickolenko (sawny multimedia ru) Topic: SNMPc v5 and v6 remote vulnerability Impact: Any remote user can gain Supervisor access to NMS Versions affected: All versions up to and including 6.0.8 Fix: available Remote: yes Exploit: available I. Description SNMPc is a general-purpose Distributed Network Manager by Castl [ more ] [ reply ] [Full-Disclosure] [SECURITY] [DSA-344-2] New unzip packages fix directory traversal vulnerability 2003-08-26 debian-security-announce lists debian org SRT2003-08-22-104 - Wireless Intrusion dection remote root compromise 2003-08-23 KF (dotslash snosoft com) MDKSA-2003:086 - Updated sendmail packages fix vulnerability 2003-08-26 Mandrake Linux Security Team (security linux-mandrake com) [RHSA-2003:261-01] Updated pam_smb packages fix remote buffer overflow. 2003-08-26 bugzilla redhat com RE: EEYE: Internet Explorer Object Data Remote Execution Vulnerability 2003-08-22 Menashe Eliezer (menashe finjan com) The ability to launch a local executable file with parameters is very dangerous. It has been used by MSBlaster/Lovsan worm. (Launching Local tftp.exe) Finjan Software has modified the basic exploit code that has been published by eEye Digital Security. The following harmless demo creates "YouHaveBee [ more ] [ reply ] vpop3d Denial Of Service. 2003-08-22 Daniel (deadbeat sdf lonestar org) Hi, Topic: vpop3d Denial Of service Product: vpop3d Note: This is implemented in several vhost packages, I can't name all of them, but vhost-3.05r3 is one. Vendor Notification: Notified several Vendors about the binary vpop3d that they are using in their packages, Original Author of vpop3d has [ more ] [ reply ] |
|
Privacy Statement |
As everyone knows, ActiveX controls and the <OBJECT> tag has been a big
source of security holes in Internet Explorer. However, it looks like
support for ActiveX controls is going to be removed from Internet
Explorer. A small company called Eolas recently won a $521 million
judgment against M
[ more ] [ reply ]