|
|
Colapse all |
Post message
[SECURITY] [DSA-319-1] New webmin packages fix remote session ID spoofing 2003-06-12 Matt Zimmerman (mdz debian org) [SECURITY] [DSA-318-1] New lyskom-server packages fix denial of service 2003-06-12 Matt Zimmerman (mdz debian org) Sphera Hosting Director Control Panel Multiple Vulnerabilities: XSS-Session Hijacking-DoS/Buffer Overflow-Another User Accounts access 2003-06-13 Lorenzo Hernandez Garcia-Hierro (novappc novappc com) SuSE Security Announcement: radiusd-cistron (SuSE-SA:2003:030) 2003-06-13 Thomas Biege (thomas suse de) [ANNOUNCE] kses 0.1.0 2003-06-13 Ulf Harnhammar (ulfh update uu se) kses 0.1.0 ========== kses is an HTML filter written in PHP. It removes all unwanted HTML elements and attributes, no matter how malformed HTML input you give it. This is helpful for avoiding Cross-Site Scripting (XSS) security holes, among other things. Some of kses' current features are: * It w [ more ] [ reply ] Cross site scripting in Post-Nuke 2003-06-13 David F. Madrid (idoru videosoft net uy) Issue : Cross site scripting in Post-Nuke Version affected : Post Nuke 0.7.2.3-Phoenix Description : Post-Nuke is a content management system that allow you to deploy a website easily . Its developers claim that their product is more secure than competitors . I found three places when a script [ more ] [ reply ] MDKSA-2003:066 - Updated kernel packages fix multiple vulnerabilities 2003-06-11 Mandrake Linux Security Team (security linux-mandrake com) Denial of Service Attack against ArGoSoft Mail Server Version 1.8 2003-06-11 Rushjo (at) tripbit (dot) org [email concealed] (rushjo tripbit org) TA-2003-06 Denial of Service Attack against ArGoSoft Mail Server Version 1.8 (1.8.3.5) contributed by: rushjo ======================================================================== ============== Tripbit Security Advisory TA-2003-06 Denial of Service Attack against ArGoSoft Mail Server Version [ more ] [ reply ] Low risk vulnerabilities in ftp file list handling 2003-06-11 alan dhcp22 swansea linux org uk Several ftp parsing libraries are vulnerable to attack by simply feeding them too much data. While the library authors have taken care to be robust in parsing ftp NLST returns they don't iterate the data as they receive it but store the data until the NLST completes. In the case of rpm a user using [ more ] [ reply ] [OpenPKG-SA-2003.031] OpenPKG Security Advisory (gzip) 2003-06-11 OpenPKG (openpkg openpkg org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ________________________________________________________________________ OpenPKG Security Advisory The OpenPKG Project http://www.openpkg.org/security.html http://www.openpkg.org openpkg-security (at) openpkg (dot) org [email concealed] [ more ] [ reply ] Directory traversal in NucaWeb Server 2003-06-10 Over_G (overg mail ru) Product: Nuca WebServer Version: 0.01 OffSite: http://www.geocities.com/nucainterface Problem: Directory traversal ------------------------------------------------ NucaWebServer - server, written in Delphi. This server have a large problem - Atacker may view all files on hard disk. The server does [ more ] [ reply ] Immunix Secured OS 7+ tetex update 2003-06-09 Immunix Security Team (security immunix com) ----------------------------------------------------------------------- Immunix Secured OS Security Advisory Packages updated: tetex, psutils, w3c-libwww Affected products: Immunix OS 7+ Bugs fixed: CAN-2002-0836 Date: Mon Jun 9 2003 Advisory ID: IMNX-2003-7+-016-01 Author: Seth Arnold <sar [ more ] [ reply ] [SECURITY] [DSA-312-1] New powerpc kernel fixes several vulnerabilities 2003-06-10 Matt Zimmerman (mdz debian org) Linux 2.0 remote info leak from too big icmp citation 2003-06-09 Philippe Biondi (biondi cartel-securite fr) ---------------------------------------------------------------------- Cartel Sécurité --- Security Advisory Advisory Number: CARTSA-20030314 Subject: Linux 2.0 remote info leak from too big icmp citation Author: Philippe Biondi <biondi (at) cartel-securite (dot) fr [email concealed]> Discovered: [ more ] [ reply ] [LeapFTP] "PASV" Reply Buffer Overflow Vulnerability 2003-06-09 :: Operash :: (nesumin softhome net) [SECURITY] [DSA-311-1] New kernel packages fix several vulnerabilities 2003-06-09 Matt Zimmerman (mdz debian org) [FTP Voyager] File List Buffer Overflow Vulnerability 2003-06-09 :: Operash :: (nesumin softhome net) Several bugs found in "Spyke's PHP Board" 2003-06-09 Marc Bromm (theblacksheep fastmail fm) ================================================ <------------------------------------------------> <------------#www.bright-shadows.net#------------> <------------------------------------------------> <--------------#theblacksheep&erik#--------------> <--------------------------------------------- [ more ] [ reply ] [LSD] HP-UX security vulnerabilities 2003-06-10 Last Stage of Delirium (contact lsd-pl net) Hello, In this letter you will find the result of a brief security audit that we did some time ago for HP-UX platform. We have found 8 vulnerabilities (seven local and a remote one). Technical details about all of the vulnerabilities were sent to the HP security team few months ago and in all cases [ more ] [ reply ] PSOFT H-Sphere Cross Site Scripting Vulnerabilities 2003-06-09 Lorenzo Hernandez Garcia-Hierro (novappc novappc com) WebSetup / WebMin Security Vulnerability on IRIX 2003-06-09 SGI Security Coordinator (agent99 sgi com) Apache 2.x APR Exploit Code 2003-06-08 mattmurphy (at) kc.rr (dot) com [email concealed] (mattmurphy kc rr com) (1 replies) I had planned to write this tool in C for the sake of using native functionality like crypt(3) to support digest authentication. I'd also planned to support intermediate proxies, but a determined user can implement this via various tunneling applications with minimal complications, and I don't need [ more ] [ reply ] |
|
Privacy Statement |
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 319-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Matt Zimmerman
June 12th, 2003
[ more ] [ reply ]