|
|
Colapse all |
Post message
[SECURITY] [DSA-351-1] New php4 packages fix cross-site scripting vulnerability 2003-07-16 Matt Zimmerman (mdz debian org) CERT Advisory CA-2003-15 Cisco IOS Interface Blocked by IPv4 Packet (fwd) 2003-07-17 Muhammad Faisal Rauf Danka (mfrd attitudex com) Regards -------- Muhammad Faisal Rauf Danka *** There is an attachment in this mail. *** _____________________________________________________________ --------------------------- [ATTITUDEX.COM] http://www.attitudex.com/ --------------------------- _____________________________________________ [ more ] [ reply ] Changing UBB cookie allows account hijack 2003-07-16 anti_acid hotmail com Application: UBB 6.(?) Platform: Any system supporting PERL. Severity: Malicious users can steal session cookies, allowing administrative access to the bulletin board. Also custom html/js insertion in forum page is possible. Author: antiacid [anti_acid (at) hotmail (dot) com [email concealed]] Web: http://ww [ more ] [ reply ] Disclosure-for-pay? 2003-07-16 Talley, Brooks (brooks frnk com) My company recently received a communication from someone purporting to know of a security vulnerability in our web application. The individual stated that they would sign an NDA and report the details of the vulnerability to us if we paid his "consulting fee" and provided future services to him at [ more ] [ reply ] SRT2003-07-07-0831 - IBM U2 UniVerse cci_dir creates hard links as root 2003-07-16 KF (dotslash snosoft com) PHP safe mode broken? 2003-07-16 Michal Krause (michal krause cz) Hi, I think there is a bug in PHP safe mode handling from version 4.3.0 till now. Problem description: There is a function php_check_safe_mode_include_dir() (fopen_wrappers.c) which checks, if file is in safe_mode_include_dir. When no safe_mode_include_dir is specified in the configuration, this [ more ] [ reply ] MDKSA-2003:074 - Updated kernel packages fix multiple vulnerabilities 2003-07-16 Mandrake Linux Security Team (security linux-mandrake com) SRT2003-07-08-1223 - IBM U2 UniVerse uvadm can take root via buffer overflows 2003-07-16 KF (dotslash snosoft com) Immunix Secured OS 7+ nfs-utils update -- bugtraq 2003-07-16 Immunix Security Team (security immunix com) [Please do not set vacation autoreplies to public mail lists. It is very rude. Please do not tell us our gpg signature is a virus. It is not. Thank you.] ----------------------------------------------------------------------- Immunix Secured OS Security Advisory Packages updated: nfs-utils Affect [ more ] [ reply ] Digi-news and Digi-ads version 1.1 admin access without password 2003-07-16 scrap (webmaster securiteinfo com) Digi-news and Digi-ads version 1.1 admin access without password .oO Overview Oo. Digi-news and Digi-ads version 1.1 admin access without password Discovered on 2003, March, 30th Vendor: Digi-FX Digi-news 1.1 is a PHP news editor. It allows you to easily add, edit, and delete news. Digi-ad 1.1 is [ more ] [ reply ] Auction Works XXS Vulnerability 2003-07-16 Bosen (mobile bosen net) 1ndonesian Security Team (1st) http://bosen.net/releases/ ======================================================================== ===== Security Advisory Advisory Name: Auction Works XXS Vulnerability Release Date: 07/15/2003 Application: Current/Running Platform: Win32 Severity: Med [ more ] [ reply ] SRT2003-07-07-0913 - Abnormal suid behavior in several applications 2003-07-16 KF (dotslash snosoft com) SRT2003-07-07-0833 - IBM U2 UniVerse users with uvadm rights can take root via uvadmsh 2003-07-16 KF (dotslash snosoft com) ZH2003-10SA (security advisory): Mail System Ver. 0.9 Beta 2003-07-16 G00db0y (G00db0y zone-h org) ZH2003-10SA (security advisory): Mail System Ver. 0.9 Beta. Published: 16/07/2003 Released: 16/07/2003 Name: Mail System Ver. 0.9 Beta Affected Systems: All versions (?) Issue: Remote attackers can view all messages (and sql injection vulnerability) Author: G00db0y (at) zone-h (dot) org [email concealed] [ more ] [ reply ] [CLA-2003:697] Conectiva Security Announcement - phpgroupware 2003-07-16 Conectiva Updates (secure conectiva com br) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ -- CONECTIVA LINUX SECURITY ANNOUNCEMENT - ------------------------------------------------------------------------ -- PACKAGE : phpgroupware SUMMARY : Cross site scripting v [ more ] [ reply ] ISA Server - Error Page Cross Site Scripting 2003-07-16 Brett Moore (brett moore security-assessment com) ======================================================================== = ISA Server - Error Page Cross Site Scripting = = brett.moore (at) security-assessment (dot) com [email concealed] = http://www.security-assessment.com = = MS Bulletin posted: July 16, 2003 = http ://www.microsoft.com/technet/security/bulletin/MS03-028.as [ more ] [ reply ] CERT Advisory CA-2003-14 Buffer Overflow in Microsoft Windows HTML (fwd) 2003-07-16 Muhammad Faisal Rauf Danka (mfrd attitudex com) Regards -------- Muhammad Faisal Rauf Danka *** There is an attachment in this mail. *** _____________________________________________________________ --------------------------- [ATTITUDEX.COM] http://www.attitudex.com/ --------------------------- _____________________________________________ [ more ] [ reply ] [LSD] Critical security vulnerability in Microsoft Operating Systems 2003-07-17 Last Stage of Delirium (contact lsd-pl net) Hello, We have discovered a critical security vulnerability in all recent versions of Microsoft operating systems. The vulnerability affects default installations of Windows NT 4.0, Windows 2000, Windows XP as well as Windows 2003 Server. This is a buffer overflow vulnerability that exists in an [ more ] [ reply ] Microsoft ISA Server HTTP error handler XSS (TL#007) 2003-07-16 Thor Larholm (thor pivx com) Thor Larholm security advisory TL#006 ------------------------------------- 16 July 2003 HTML format: http://pivx.com/larholm/adv/TL006 Topic: ISA Server HTTP error handler XSS. Discovery date: 25 June 2002. Severity: Medium Affected applications: ---------------------- Any Microsoft Internet [ more ] [ reply ] CALEA electonic wiretapping on unsecured Solaris boxes 2003-07-15 Dan Harkless (bugtraq harkless org) The story about the insecure Diebold electronic voting system recently forwarded to Bugtraq was certainly disturbing, but here's something even worse (though some of it is old news): The Federal Bureau of Investigation administers the Communications Assistance to Law Enforcement Act (CAL [ more ] [ reply ] [slackware-security] nfs-utils packages replaced (SSA:2003-195-01b) 2003-07-15 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] nfs-utils packages replaced (SSA:2003-195-01b) New nfs-utils packages are available for Slackware 8.1, 9.0, and -current to replace the ones that were issued yesterday. A bug in has been fixed in utils/mountd/auth.c that could c [ more ] [ reply ] |
|
Privacy Statement |
http://bosen.net/releases/
==============================================================
Security Advisory
Advisory Name: eStore SQL Injection Vulnerability & Path Disclosure
Release Date: 07/15/2003
Application: eStore 1.0.1
eStore 1.0.2
[ more ] [ reply ]