SecurityFocus

RE: Another Mac OS X ScreenSaver Security Issue (after Security Update 2003-07-14) 2003-07-31
CHRIS GRABENSTEIN (LFGRABC LF VCCS EDU)

That's not really allowing another program to bind the keys. In the case of
the Netware client, Microsoft's GINA is completely replaced by the NWGINA
which handles the authentication at that point. It doesn't simply bypass
MS's GINA unless I'm incredibly misinformed. A malicious user can certainl

[ more ] [ reply ]

NetScreen Security Advisory 57739 2003-07-31
NetScreen Security Response Team (security-alert netscreen com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Title: NetScreen Advisory 57739

Date: 30 July 2003

Impact: Potential Denial of Service of Security Device

Affected Products: NetScreen Firewall/VPN products running ScreenOS
4.0.1r1 through 4.0.1r6 and 4.0.3r1 and 4.0.3r2

Unaffected Products: Ne

[ more ] [ reply ]

Insufficient input checking on web site allows dangerous HTML TAGS 2003-07-31
Michael Scheidell (scheidell secnap net)

Insufficient input checking on web site allows dangerous HTML TAGS
Systems: LightSurf(tm) Content Delivery system;
Sprint Picture Mail(sm) web site
Severity: Serious
Category: Arbitrary Execution of HTML of Hackers Choice
Classification: Input Validation Error
BugTraq-ID: TBA
Remote Explo

[ more ] [ reply ]

[bWM#015] SQL-Injection @ Woltlab Burning Board + MOD Guthabenhack 1.3 2003-07-31
ben moeckel badwebmasters net

http://badWebMasters.net
ben moeckel security research
-------------------------------------------------

badWebMasters security advisory #015

SQL-Injection @ Woltlab Burning Board + MOD Guthabenhack 1.3

Discovery Date: 2003-07-28

Original Advisory:
http://badwebmasters.net/adv/015/ (tex

[ more ] [ reply ]

ePolicy Orchestrator multiple vulnerabilities 2003-07-31
@stake Advisories (advisories atstake com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

@stake, Inc.
www.atstake.com

Security Advisory

Advisory Name: ePolicy Orchestrator multiple vulnerabilities
Release Date: 07/31/2003
Application: McAfee ePolicy Orchestrat

[ more ] [ reply ]

SuSE Security Announcement: wuftpd (SuSE-SA:2003:032) 2003-07-31
Roman Drahtmueller (draht suse de)

MDKSA-2003:080 - Updated wu-ftpd packages fix remote root vulnerability 2003-07-31
Mandrake Linux Security Team (security linux-mandrake com)

RE: Another Mac OS X ScreenSaver Security Issue (after Security Update 2003-07-14) 2003-07-31
Rizwan Jiwan (Rizwan Jiwan KINGSTON Hummingbird com) (1 replies)

I wouldn't consider this a bug. It is like me writing a script that kills
any process named "ScreenSaverEngine". If I run it with my privileges it
should allow me to kill the process (assuming I own ScreenSaverEngine).
Escape Pod does what it is meant to. OS X does what it is meant to--that is
unles

[ more ] [ reply ]

Re: Another Mac OS X ScreenSaver Security Issue (after Security Update 2003-07-14) 2003-07-31
Alaric B Snell (alaric alaric-snell com) (1 replies)

Re: Another Mac OS X ScreenSaver Security Issue (after Security Update 2003-07-14) 2003-07-31
MightyE (trash mightye org) (2 replies)

Re: Another Mac OS X ScreenSaver Security Issue (after Security Update 2003-07-14) 2003-07-31
Barry Fitzgerald (bkfsec sdf lonestar org)

Re: Another Mac OS X ScreenSaver Security Issue (after Security Update 2003-07-14) 2003-07-31
David Riley (oscar the-rileys net) (1 replies)

Re: Another Mac OS X ScreenSaver Security Issue (after Security Update 2003-07-14) 2003-07-31
MightyE (trash mightye org)

[RHSA-2003:245-01] Updated wu-ftpd packages fix remote vulnerability. 2003-07-31
bugzilla redhat com

wu-ftpd fb_realpath() off-by-one bug 2003-07-31
Janusz Niewiadomski (funkysh isec pl) (1 replies)

Synopsis: wu-ftpd fb_realpath() off-by-one bug
Product: wu-ftpd
Version: 2.5.0 <= 2.6.2
Vendor: http://www.wuftpd.org/

URL: http://isec.pl/vulnerabilities/isec-0011-wu-ftpd.txt
CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0466
Author: Wojciech Purczynski <cliph (at) isec (dot) p [email concealed]

[ more ] [ reply ]

RE: wu-ftpd fb_realpath() off-by-one bug 2003-07-31
mteshome (mteshome gnx com)

Vulnerability analysis site 2003-07-30
Kenneth R. van Wyk (Ken KRvW com)

For those interested, my co-author (Mark Graff) and I have been posting and
maintaining a free repository of analyses of some recent/topical
vulnerabilities on our book's web page, at http://www.securecoding.org --
you can alternatively go directly to the analyses at
http://www.securecoding.org

[ more ] [ reply ]

MDKSA-2003:079 - Updated kdelibs packages fix konqueror authentication leak 2003-07-31
Mandrake Linux Security Team (security linux-mandrake com)

[SECURITY] [DSA-355-1] New gallery packages fix cross-site scripting 2003-07-30
Matt Zimmerman (mdz debian org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 355-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Matt Zimmerman
July 30th, 2003

[ more ] [ reply ]

[SECURITY] [DSA-356-1] New xtokkaetama packages fix buffer overflows 2003-07-31
Matt Zimmerman (mdz debian org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 356-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Matt Zimmerman
July 30th, 2003

[ more ] [ reply ]

GameSpy Arcade Arbitrary File Writing Vulnerability 2003-07-30
Mike Kristovich (zzz threezee com)

###############################################################

ThreeZee Technology, Inc. Security Advisory #TZT002

###############################################################

Advisory: GameSpy Arcade Arbitrary File Writing

Discovered: July 26, 2003

Released:

[ more ] [ reply ]