|
|
Colapse all |
Post message
[ANNOUNCE][SECURITY] Apache 2.0.47 released 2003-07-09 Apache HTTP Server Project (striker apache org) Re: [sec-labs] Adobe Acrobat Reader <=5.0.7 Buffer Overflow Vulnerability + PoC code 2003-07-09 sec-labs team (team sec-labs hack pl) We can easily reproduce this bug on version 5.0.7 and 5.0.5 on Slackware Linux and Phoenix and Mozilla browsers. You can choose Netscape or NCSA compatibile browser in Adobe preferences, and WWWLaunchNetscape and WWWLaunchNCSA functions. You should not have problem with this bug. It is quite simp [ more ] [ reply ] [SECURITY] [DSA-344-1] New unzip packages fix directory traversal 2003-07-08 Matt Zimmerman (mdz debian org) [SNS Advisory No.66] Apache HTTP Server v2 Causes a DoS When Parsing a Type-Map File 2003-07-09 Secure Net Service(SNS) Security Advisory (snsadv lac co jp) ---------------------------------------------------------------------- SNS Advisory No.66 Apache HTTP Server v2 Causes a DoS When Parsing a Type-Map File Problem first discovered on: Thu, 26 Dec 2002 Published on: Wed, 09 Jul 2003 Reference: http://www.lac.co.jp/security/english/snsadv_e/66_e.html [ more ] [ reply ] TerminatorX local root 2003-07-09 andrewg felinemenace org Program: terminatorX 3.80 Impact: Users can gain local root Discovered: jaguar Writeup and exploits: Andrew Griffiths 1) Background 'terminatorX is a realtime audio synthesizer that allows you to "scratch" on digitally sampled audio data (*.wav, *.au, *.ogg, *.mp3, etc.) the way hiphop-DJ [ more ] [ reply ] xchar crash after 3 continually server call 2003-07-08 tupac sakur (extraneous uhagr org) package:xchat 1.8.11(win binary) description:irc client Os tested:winXp pro author:extraneous mail:extraneous (at) UHAGr (dot) org [email concealed] the fault: --- Looking up acn.irc.gr.. --- Connecting to acn.irc.gr (212.89.160.2) port 6667.. --- Connected. Now logging in.. -acn.irc.gr- *** Looking up your hostnam [ more ] [ reply ] Re: rundll32.exe buffer overflow 2003-07-08 Curt Wilson (netw3_security hushmail com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 FYI This does not appear to be exploitable on an en Windows 2000 SP3 + all current hotfixes (have not loaded SP4 yet however). advpack32.dll does not exist on my win2k pro system, however advpack.dll does and this was attempted, using 499 chars + more [ more ] [ reply ] Domain User Credentials access via OWA XSS 2003-07-07 Hugo Vázquez Caramés (overclocking_a_la_abuela hotmail com) On my previous post about OWA XSS I talked about Cross Site Scripting in the attachment field of a mail. The XSS is not in the attachment, is in the body of the message. Sorry, I need to sleep... Please notice: not in the attachment, in the BODY. To make it clear to understand I have just [ more ] [ reply ] [SECURITY] [DSA-342-1] New mozart packages fix unsafe mailcap configuration 2003-07-07 Matt Zimmerman (mdz debian org) RE: Contact information for Microsoft Security Response Center [tf] 2003-07-07 Francis Favorini (francis favorini duke edu) > Can you confirm that this address security (at) microsoft (dot) com [email concealed] is > being monitored as well. I once sent a bug to this address and got a response that indicated that it was Microsoft Security, as in their campus police force. This was a couple of years ago. I suppose for safety reasons, they might n [ more ] [ reply ] Multiple Buffer Overflows in IglooFTP PRO 2003-07-07 Peter Winter-Smith (peter4020 hotmail com) Multiple Buffer Overflows in IglooFTP PRO Url: http://www.iglooftp.com IglooFTP PRO is an extremely powerful, easy to use and well designed FTP client. Perhaps my personal favourite. It is extremely easy to use, but doesn't lack the configurability needed for advanced users. It it this a [ more ] [ reply ] [SECURITY] [DSA-341-1] New liece packages fix insecure temporary file creation 2003-07-07 Matt Zimmerman (mdz debian org) [CLA-2003:691] Conectiva Security Announcement - php4 2003-07-08 Conectiva Updates (secure conectiva com br) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ -- CONECTIVA LINUX SECURITY ANNOUNCEMENT - ------------------------------------------------------------------------ -- PACKAGE : php4 SUMMARY : New PHP4 packages with securit [ more ] [ reply ] zkfingerd-2.0.2(the last version)Format String Vulnerabilities 2003-07-08 yan feng (jsk ph4nt0m net) MDKSA-2003:073 - Updated unzip packages fix vulnerability 2003-07-08 Mandrake Linux Security Team (security linux-mandrake com) Information Disclosure Vulnerability in board51, forum51 and news51 2003-07-08 Marc Bromm (theblacksheep fastmail fm) ================================================ <------------------------------------------------> <------------#www.bright-shadows.net#------------> <------------------------------------------------> <--------------#theblacksheep&erik#--------------> <--------------------------------------------- [ more ] [ reply ] Qt temporary files race condition in Knoppix 3.1 2003-07-08 Hugo Vázquez Caramés (overclocking_a_la_abuela hotmail com) Qt libaries works with KDE. Knoppix 3.1 comes with KDE3. A default installation on hard disk of this live CD linux distribution with the SSHD daemon running may allow a serious D.o.S. attack and potential root compromise. I've found a race condition in knoppix 3.1 live CD. I've confirmed [ more ] [ reply ] ZH2003-1SA (security advisory): Rockliffe Mailsite Express - mail attachments retrievable without proper authentication 2003-07-08 tizio caio (G00db0y zone-h org) ZH2003-1SA (security advisory): Rockliffe Mailsite Express - mail attachments retrievable without proper authentication. Published: 08/07/2003 Released: 08/07/2003 Name: Rockliffe Mailsite Express - mail attachments retrievable without proper authentication Affected Systems: Mailsite [ more ] [ reply ] [CLA-2003:690] Conectiva Security Announcement - imp 2003-07-08 Conectiva Updates (secure conectiva com br) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ -- CONECTIVA LINUX SECURITY ANNOUNCEMENT - ------------------------------------------------------------------------ -- PACKAGE : imp SUMMARY : SQL code injection vulnerabilit [ more ] [ reply ] Named Pipe Filename Local Privilege Escalation 2003-07-08 @stake Advisories (advisories atstake com) What Win2k SP4 doesn't fix (security), but says it does... 2003-07-08 m_a_s2mp yahoo com In my testing these security bulleints aren't fixed in Win2k SP4, but are documented that they are at this link: http://www.microsoft.com/technet/treeview/default.asp? url=/technet/security/news/w2kSP4.asp 1. MS02-053. It fixes the FPSE 2000 vulnerability, but not FPSE 2002. 2. MS03-01 [ more ] [ reply ] |
|
Privacy Statement |
Hash: SHA1
Apache 2.0.47 Released
The Apache Software Foundation and the Apache HTTP Server Project are
pleased to announce the tenth public release of the Apache 2.0
HTTP Server. This Announcement notes the significant changes i
[ more ] [ reply ]