|
|
Colapse all |
Post message
[SECURITY] [DSA-307-1] New gps packages fix multiple vulnerabilities 2003-05-29 Matt Zimmerman (mdz debian org) RE: Alert: MS03-019, Microsoft... wrong, again. 2003-05-28 Marc Maiffret (marc eeye com) Microsoft is wrong and misleading customers in this advisory. This Windows Media Service vulnerability is exploitable, as confirmed in the labs at eEye, and by the discoverer of this vulnerability, Brett Moore. I am not sure why Microsoft misidentified this vulnerability... maybe it is just a typo, [ more ] [ reply ] Webfroot Shoutbox 2.32 directory traversal and code injection. 2003-05-29 pokleyzz (pokleyzz scan-associates net) Products: Webfroot Shoutbox v 2.32 and below (http://shoutbox.sf.net) Date: 09 May 2003 Author: pokleyzz <pokleyzz_at_scan-associates.net> Contributors: sk_at_scan-associates.net shaharil_at_scan-associates.net munir_at_scan-associates.net URL: http://www.scan-associates.net Summary: Webfroo [ more ] [ reply ] BAZARR CODE NINER PINK TEAM GO GO GO 2003-05-29 bazarr (at) ziplip (dot) com [email concealed] (bazarr ziplip com) dave pointed out dat i forgot to send da attached .c in my first post. dis proves dat im so bizy dat i forget to send other half of email to bugtraq. attached is a local root xploit for eterm. and on default install of debian it be a local gid utmp xploit. hi martin dis is a nice change up from da [ more ] [ reply ] Philboard Forum Vulnerability 2003-05-29 aresu bosen net Philboard Vulnerability Severity : High (Possible gain administrator/users access on Forum Board) Systems Affected: Philboard up to v1.14 Vendor URL: http://www.youngpip.com/philboard.asp Vuln Type : Cookie Injection Status : Vendor contacted, fixed version is not available (cause they didn't r [ more ] [ reply ] ICQLite executable trojaning 2003-05-29 3APA3A (3APA3A SECURITY NNOV RU) bugtraq@, Title: ICQ Lite executable trojaning Affected: ICQLite 2003a Vendor: ICQ Inc Vendor URL: http://www.icq.com Risk: Average Exploitable: Yes Remote: No Date: May, 29 2003 Advisory URL: http://www.security.nnov.ru/advisories/icqlite.asp I. Intro: ICQ Lite is popular internet messenge [ more ] [ reply ] IIS WEBDAV Denial of Service attacks 2003-05-29 Mark Litchfield (mark ngssoftware com) Hi All, I won't bother posting my advisories for the DOS issues here as SPIDynamics SPI Labs ( http://www.spidynamics.com/spilabs.html ) have already released theirs. In case you missed their postings, and you have deployed IIS 4.0 / IIS 5.0 and IIS 5.1 as your chosen web server, to obtain the pat [ more ] [ reply ] MDKSA-2003:062 - Updated cups packages fix Denial of Service vulnerability 2003-05-29 Mandrake Linux Security Team (security linux-mandrake com) Geeklog 1.3.7sr1 and below multiple vulnerabilities. 2003-05-29 pokleyzz (pokleyzz scan-associates net) Products: Geeklog 1.3.7sr1 and below (http://www.geeklog.net) Date: 29 May 2003 Author: pokleyzz <pokleyzz_at_scan-associates.net> Contributors: sk_at_scan-associates.net shaharil_at_scan-associates.net munir_at_scan-associates.net URL: http://www.scan-associates.net Summary: Geeklog 1.3.7sr [ more ] [ reply ] [slackware-security] CUPS DoS vulnerability fixed (SSA:2003-149-01) 2003-05-29 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] CUPS DoS vulnerability fixed (SSA:2003-149-01) Upgraded CUPS packages are available for Slackware 8.1, 9.0, and -current to fix a denial of service attack vulnerability. Here are the details from the Slackware 9.0 ChangeLog: +- [ more ] [ reply ] Multiple Vulnerabilities In P-Synch Password Management 2003-05-29 JeiAr (jeiar kmfms com) Multiple Vulnerabilities In P-Synch Password Management ------------------------------------------------------- The other night I came across a server running P-Synch. I had never heard of it so i was curious to poke around on it a bit. Within an hour i found the vulns listed below. Im pre [ more ] [ reply ] New php release with security fixes 2003-05-29 je sekure net See below, /jonas ---------- Forwarded message ---------- Date: Thu, 29 May 2003 15:05:24 +0300 (EEST) From: Jani Taskinen <sniper (at) php (dot) net [email concealed]> Reply-To: Jani Taskinen <sniper (at) iki (dot) fi [email concealed]> To: php-announce (at) lists.php (dot) net [email concealed] Cc: php-general (at) lists.php (dot) net [email concealed] Subject: [ANNOUNCE] PHP 4.3.2 released -----BEGIN PGP [ more ] [ reply ] Another ZEUS Server web admin XSS! 2003-05-29 Hugo Vázquez Caramés (overclocking_a_la_abuela hotmail com) Algorimic Complexity Attacks 2003-05-29 Scott A Crosby (scrosby cs rice edu) Hello. This is to announce a new class of attack which we have named 'Algorithmic Complexity Attack'. These attacks can perform denial of service and/or cause the victim to consume more CPU time than expected. We have a website for our research paper and project and tentative source code illustrati [ more ] [ reply ] PAFileDB SQL Injection Vulnerability & Ratings Cheat Fix 2003-05-29 JeiAr (jeiar kmfms com) I recently found out that someone I knew was running this vuln application. After informing them it was vuln they were dissapointed at the fact that they could no longer use the program as the author has not supplied a fix. Anyway, here is a quick fix i threw together to take care of the p [ more ] [ reply ] [RHSA-2003:186-01] Updated httpd packages fix Apache security vulnerabilities 2003-05-28 bugzilla redhat com Bandmin 1.4 XSS Exploit 2003-05-28 silent needel (silentneedle hotmail com) Bandmin 1.4 XSS Exploit by Silent Needle A:BACKGROUND Bandmin is a cgi script show you the bandwidth for the sites in the server. B:DESCRIPTION The cross site scripting allow you to print a html or javascript or others in the webpage when it just open not write in the page. C:EXPLOIT [ more ] [ reply ] [SECURITY] [ANNOUNCE] Apache 2.0.46 released 2003-05-28 Apache HTTP Server Project (jwoolley apache org) Internet Information Services 5.0 Denial of service 2003-05-28 SPI Labs (spilabs spidynamics com) Internet Information Services 5.0 Denial of service [Release Date] May 29th, 2003 Severity: High [Systems Affected] * Microsoft Information Server 5.0 * Microsoft Information Server 5.1 [Description] If an attacker sends a Webdav request with a body over 49,153 bytes using the 'PROPFIND' or 'SEA [ more ] [ reply ] Tornado www-server v1.2: directory traversal, buffer overflow 2003-05-29 D4rkGr3y (grey_1999 mail ru) [RHSA-2003:145-01] Updated kernel fixes security vulnerabilities and updates drivers 2003-05-28 bugzilla redhat com Remote PC Access Server 2.2 Vulnerability 2003-05-28 postmaster ytech co il Dear Bugtraq Here is a full details information about the vulnerability of Remote PC Access Server 2.2, taken from our advisory (includes the exploit code): http://www.ytech.co.il/advisories/rpca/rpcaccess.htm Best Regards, Yaron Tal YTECH.CO.IL -------------------------------------------------- [ more ] [ reply ] [RHSA-2003:177-01] Updated up2date and rhn_register clients available 2003-05-28 bugzilla redhat com Postnuke: path disclosure (0.7.2.3 and prior) 2003-05-28 rkc (rkc uncompiled com) Intro. What is PostNuke ? PostNuke is a weblog/Content Management System (CMS). It is far more secure and stable than competing products. Home Page: http://www.postnuke.com && A vulnerability have been found in Postnuke (v0.7.2.3-Phoenix & prior) which allow users to determine the physical path [ more ] [ reply ] |
|
Privacy Statement |
performing an implicit struct copy several times in succession would
result in data from different struct copy operations overwriting each
other.
This problem is present in at least gcc-3.2 and gcc-3.2.2, i.e. the gcc
present in RH8.x
[ more ] [ reply ]