|
|
Colapse all |
Post message
[ESA-20032407-018] Several local 'kernel' vulnerabilities. 2003-07-24 EnGarde Secure Linux (security guardiandigital com) ZH2003-12SA (security advisory): PHP-Gästebuch Ver. 1.60 Beta 2003-07-24 Jim Pangalos (dpangalos linuxmail org) Integrigy Security Alert - Oracle E-Business Suite FNDWRR Buffer Overflow 2003-07-24 Integrigy Security Alerts (alerts integrigy com) Integrigy Security Alert ______________________________________________________________________ Oracle E-Business Suite FNDWRR Buffer Overflow July 23, 2003 ______________________________________________________________________ Summary: The Oracle Applications FNDWRR CGI program, used to retriev [ more ] [ reply ] Integrigy Security Alert - Oracle E-Business Suite AOL/J Setup Test Information Disclosure 2003-07-24 Integrigy Security Alerts (alerts integrigy com) Integrigy Security Alert ______________________________________________________________________ Oracle E-Business Suite AOL/J Setup Test Information Disclosure July 23, 2003 ______________________________________________________________________ Summary: The Oracle Applications AOL/J Setup Test S [ more ] [ reply ] VMware GSX Server 2.5.1 / Workstation 4.0 (for Linux systems) vulnerability 2003-07-23 Dave Ahmad (da securityfocus com) EEYE: Windows MIDI Decoder (QUARTZ.DLL) Heap Corruption 2003-07-23 Derek Soeder (dsoeder eeye com) Windows MIDI Decoder (QUARTZ.DLL) Heap Corruption Release Date: July 23, 2003 Severity: High (Remote Code Execution) Systems Affected: Windows 98 Windows 98 SE Windows Millennium Edition Windows NT 4.0 Windows NT 4.0, Terminal Server Edition Windows 2000 Windows XP Windows Server 2003 Descripti [ more ] [ reply ] Drivial Pursuit: Internet Explorer Browser & Your Files and Folders ! 2003-07-23 http-equiv (at) excite (dot) com [email concealed] (1 malware com) Wednesday, 23 July, 2003 Yet another quaint lead-up to "silent delivery and installation of an executable on a target computer. No client input other than viewing a web page" ! This is getting boring. A myriad of technical hurdles have been recently placed to disallow access to files and fol [ more ] [ reply ] [CLA-2003:703] Conectiva Security Announcement - phpgroupware 2003-07-23 Conectiva Updates (secure conectiva com br) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ -- CONECTIVA LINUX SECURITY ANNOUNCEMENT - ------------------------------------------------------------------------ -- PACKAGE : phpgroupware SUMMARY : Remote vulnerability ( [ more ] [ reply ] MDKSA-2003:077 correction 2003-07-23 Vincent Danen (vdanen mandrakesoft com) The advisory announced this morning (MDKSA-2003:077 for phpgroupware) contains an incorrect CVE name which referenced a mpg123 vulnerability. The correct CVE names are CAN-2003-0504 and CAN-2003-0582. My apologies for the confusion. -- MandrakeSoft Security; http://www.mandrakesecure.net/ Online [ more ] [ reply ] MDKSA-2003:077 - Updated phpgroupware packages fix multiple vulnerabilities 2003-07-23 Mandrake Linux Security Team (security linux-mandrake com) Buffer Overflow in Netware Web Server PERL Handler 2003-07-23 Uffe Nielsen (uni protego dk) Topic: Buffer Overflow in Netware Web Server PERL Handler Platform : Netware 5.1 SP6, Netware 6 under certain conditions. Application : NetWare Enterprise Web Server Advisory URL: http://www.protego.dk/advisories/200301.html Identifiers: CERT: VU# 185593, CVE: CAN-2003-0562 Vendor Name: Novell, Inc. [ more ] [ reply ] R7-0015: Multiple Vulnerabilities Apple QuickTime/Darwin Streaming Server 2003-07-23 advisory rapid7 com NOVL-2003-2966549 - Enterprise Web Server PERL Buffer Overflow 2003-07-23 Ed Reed (ereed novell com) Denial of service in 3COM 812 DSL routers 2003-07-23 David F.Madrid (conde0 telefonica net) Product affected : 3COM 812 OfficeConnect DSL routers_________________ ______________________________________________________________________ Firware affected :____________________________________________________ ______________________________________________________________________ 1.1.9____ [ more ] [ reply ] [SECURITY] [DSA-352-1] New fdclone packages fix insecure temporary directory usage 2003-07-22 Matt Zimmerman (mdz debian org) Vulnerability in the mail client in Opera 7.20 beta 1. 2003-07-23 Arve Bersvendsen (arve virtuelvis com) A vulnerability has been discovered in M2, the mail client in Opera 7.20, beta 1. Impact of vulnerability: ------------------------ Minor. Versions affected: ------------------ Opera 7.20 Beta 1, build 2981 only. All other Opera versions are safe. Description: ------------ Operaâ??s mail clie [ more ] [ reply ] ODBC Login information saved as plain text... :( 2003-07-22 hanez (mailman hanez org) (1 replies) (this is my second post of this mail because the first didn't arrived to the list...) Hello All, i have found an interesting thing in Windows XP. When i create an ODBC SYSTEM-DSN (Datasource available for all users) for accessing a SQL-Server, it is saved in the Windows Registry. The Problem th [ more ] [ reply ] Re: ODBC Login information saved as plain text... :( 2003-07-23 Deus, Attonbitus (Thor HammerofGod com) IIS 6.0 Web Admin Multiple vulnerabilities 2003-07-22 Hugo Vázquez Caramés (overclocking_a_la_abuela hotmail com) Hi, last week I installed Windows 2003 for the first time (Enterprise edition and Web Server edition). My first objective was to check the security in the IIS 6.0 and of course my target was the Web Admin interface that comes with a lot of ASP's to play with ;-) Some flaws were detected, [ more ] [ reply ] phpMyAdmin: updated reply to vulnerability report of 2003-06-18 2003-07-22 Marc Delisle (DelislMa CollegeSherbrooke qc ca) phpMyAdmin version 2.5.2 has been released today. We believe it addresses all the issues mentionned in the vulnerability report. ( From http://www.phpmyadmin.net/documentation#faqsecurity ) Last update of this FAQ: 2003-07-22. The phpMyAdmin development team received notice of this security aler [ more ] [ reply ] Cracking windows passwords in 5 seconds 2003-07-22 bugtraq oechslin net As opposed to unix, windows password hashes can be calculated in advance because no salt or other random information si involved. This makes so called time-memory trade-off attacks possible. This vulnerability is not new but we think that we have the first tool to exploit this. At LASEC [ more ] [ reply ] [CLA-2003:702] Conectiva Security Announcement - cups 2003-07-22 Conectiva Updates (secure conectiva com br) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ -- CONECTIVA LINUX SECURITY ANNOUNCEMENT - ------------------------------------------------------------------------ -- PACKAGE : cups SUMMARY : Several vulnerabilities DATE [ more ] [ reply ] [CLA-2003:701] Conectiva Security Announcement - kernel 2003-07-22 Conectiva Updates (secure conectiva com br) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ -- CONECTIVA LINUX SECURITY ANNOUNCEMENT - ------------------------------------------------------------------------ -- PACKAGE : kernel SUMMARY : Vulnerabilities and bugfixes [ more ] [ reply ] |
|
Privacy Statement |
Hash: SHA1
+-----------------------------------------------------------------------
-+
| Guardian Digital Security Advisory July 24, 2003 |
| http://www.guardiandigital.com ESA-20032407-018 |
|
[ more ] [ reply ]