|
|
Colapse all |
Post message
Multiple Vulnerabilities in Sun-One Application Server 2003-05-27 SPI Labs (spilabs spidynamics com) Security Update: [CSSA-2003-SCO.9] OpenServer 5.0.5 OpenServer 5.0.6 : Buffer overflows and other security vulnerabilities in Squid 2003-05-27 security sco com To: bugtraq (at) securityfocus (dot) com [email concealed] announce (at) lists.caldera (dot) com [email concealed] scoannmod (at) xenitec.on (dot) ca [email concealed] ________________________________________________________________________ ______ SCO Security Advisory Subject: OpenServer 5.0.5 OpenServer 5.0.6 : Buffer overflows and other security vulnerabilities in Squid Advis [ more ] [ reply ] [CLA-2003:656] Conectiva Security Announcement - netpbm 2003-05-27 Conectiva Updates (secure conectiva com br) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ -- CONECTIVA LINUX SECURITY ANNOUNCEMENT - ------------------------------------------------------------------------ -- PACKAGE : netpbm SUMMARY : Multiple vulnerabilities DAT [ more ] [ reply ] Exploit: Quake 3 engine, con\con and heartbeats (just for fun) 2003-05-27 Auriemma Luigi (aluigi pivx com) Well, the following problem is based on the very old con\con bug that affects unpatched Windows95/98/98SE systems. If you don't know it take a look here: http://www.microsoft.com/technet/security/bulletin/MS00-017.asp. I have decided to show this problem to the security community ONLY for 3 reaso [ more ] [ reply ] CORE-2003-0403: Axis Network Camera HTTP Authentication Bypass 2003-05-27 CORE Security Technologies Advisories (advisories coresecurity com) (1 replies) Core Security Technologies Advisory http://www.coresecurity.com Axis Network Camera HTTP Authentication Bypass Date Published: 2003-05-27 Last Update: 2003-05-23 Advisory ID: CORE-2003-0403 Bugtraq ID: 7652 CVE Name: C [ more ] [ reply ] Re: CORE-2003-0403: Axis Network Camera HTTP Authentication Bypass 2003-05-28 Kee Hinckley (nazgul somewhere com) S21SEC-023 - Vignette multiple Cross Site Scripting vulnerabilities 2003-05-26 S21SEC (vul-serv s21sec com) ############################################################### ID: S21SEC-023-en Title: Multiple Cross Site Scripting vulnerabilities in Vignette Date: 03/04/2003 Status: Vendor contacted and solution available Scope: HTML code Execution in client browsers Platforms: All Author: rpinuaga Location: [ more ] [ reply ] NII Advisory - Buffer Overflow in Analogx Proxy 2003-05-26 K. K. Mookhey (cto nii co in) (1 replies) =============================================== Buffer Overflow In Analogx Proxy 4.13 Vendor: Analogx Versions affected: Proxy 4.13 Date: 26th May 2003 Type of Vulnerability: Remotely Exploitable Buffer Overflow Severity: High By: Network Intelligence India www.nii.co.in ======================= [ more ] [ reply ] Re: NII Advisory - Buffer Overflow in Analogx Proxy 2003-05-27 Godwin Stewart (gstewart spamcop net) S21SEC-018 - Vignette memory leak AIX Platform 2003-05-26 S21SEC (vul-serv s21sec com) ############################################################### ID: S21SEC-018-en Title: Vignette memory leak AIX Platform Date: 15/03/2003 Status: Vendor contacted and solution available Scope: Revelation of memory variables Platforms: AIX Author: ecruz Location: http://www.s21sec.com/es/avisos/s21 [ more ] [ reply ] Buffer Overflow? Local Malformed URL attack on D-Link 704p router 2003-05-26 Chris R (admin securityindex net) My home network uses a small 4 port broadband Dlink router (704p) The firmware was updated a week ago. The following malformed URL's cause odd behavior in the router. Pointing your browser (like most routers) to the gateways internal IP address you get a web interface for administering yo [ more ] [ reply ] S21SEC-024 - Vignette TCL Injection 2003-05-26 S21SEC (vul-serv s21sec com) ############################################################### ID: S21SEC-024-en Title: Vignette TCL Injection Date: 03/04/2003 Status: Vendor contacted and solution available Scope: TCL code Execution, Remote command execution Platforms: All Author: rpinuaga Location: http://www.s21sec.com/es/avis [ more ] [ reply ] S21SEC-020 - Vignette user enumeration 2003-05-26 S21SEC (vul-serv s21sec com) ############################################################### ID: S21SEC-020-en Title: Vignette user enumeration Date: 15/03/2003 Status: Vendor contacted and solution available Scope: Enumeration of user status Platforms: All Author: rpinuaga Location: http://www.s21sec.com/es/avisos/s21sec-020-e [ more ] [ reply ] S21SEC-017 - Vignette /vgn/legacy/save SQL access 2003-05-26 S21SEC (vul-serv s21sec com) ############################################################### ID: S21SEC-017-en Title: Vignette /vgn/legacy/save SQL access Date: 15/03/2003 Status: Vendor contacted and solution available Scope: Execution of SQL SELECT calls Platforms: All Author: rpinuaga Location: http://www.s21sec.com/es/aviso [ more ] [ reply ] BRS WebWeaver: POST and HEAD Overflaws 2003-05-27 euronymous (just-a-user yandex ru) =:=:=::=:=:=::=:=:=::=:=:=::=:=:=::=:=:=::=:=:=::= topic: BRS WebWeaver: POST and HEAD Overflaws product: BRS WebWeaver v1.04 and prior [ i guess ] vendor: www.brswebweaver.com risk: high date: 05/25/2k3 tested platform: Windows 98 Second Edition discovered by: euronymous /F0KP advisory urls: http: [ more ] [ reply ] [CLA-2003:655] Conectiva Security Announcement - BitchX 2003-05-26 Conectiva Updates (secure conectiva com br) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ -- CONECTIVA LINUX SECURITY ANNOUNCEMENT - ------------------------------------------------------------------------ -- PACKAGE : BitchX SUMMARY : Remote vulnerabilities DATE [ more ] [ reply ] S21SEC-019 - Vignette /vgn/style internal information leak 2003-05-26 S21SEC (vul-serv s21sec com) ############################################################### ID: S21SEC-019-en Title: Vignette /vgn/style internal information leak Date: 15/03/2003 Status: Vendor contacted and solution available Scope: Revelation of internal variables Platforms: All Author: rpinuaga Location: http://www.s21sec. [ more ] [ reply ] S21SEC-021 - Vignette License access and modification 2003-05-26 S21SEC (vul-serv s21sec com) ############################################################### ID: S21SEC-021-en Title: Vignette License access and modification Date: 15/03/2003 Status: Vendor contacted and solution available Scope: Unauthenticated access to the License management template Platforms: All Author: rpinuaga Location [ more ] [ reply ] S21SEC-016 - Vignette SSI Injection 2003-05-26 S21SEC (vul-serv s21sec com) ############################################################### ID: S21SEC-016-en Title: Vignette SSI Injection Date: 15/03/2003 Status: Vendor contacted and solution available Scope: SSI Execution, In some cases Remote command execution Platforms: All Author: rpinuaga Location: http://www.s21sec.co [ more ] [ reply ] The PACKET 0' DEATH FastTrack network vulnerability 2003-05-26 random nut (random_nut yahoo com) The PACKET 0' DEATH FastTrack network vulnerability =================================================== Vulnerability Overview ---------------------- There exists a vulnerability in the FastTrack network core that can be used by an attacker to take control of all FastTrack network supernodes. The [ more ] [ reply ] [Priv8security Advisory] Batalla Naval remote overflow 2003-05-26 wsxz (wsxz terra com br) Priv8security advisory: 1 ----------------------------------------------------------------------- Product: Gnome Batalla Naval Version: 1.0.4 (and probably earlier versions) Vendor: http://batnav.sourceforge.net/ Problem: Remote Buffer overflow Author: Wsxz (wsxz (at) priv8security (dot) com [email concealed]) ---------- [ more ] [ reply ] Re: Eudora 5.2.1 attachment spoof 2003-05-27 psz maths usyd edu au (Paul Szabo) Building on my Eudora attachment spoof http://www.securityfocus.com/archive/1/322286 I have now found better games to play: From: me To: you Ensure victim has both attachments 'calc' and 'calc.exe' (sent in this, or previous, email). Then the following shows 'windows' icon and runs [ more ] [ reply ] [RHSA-2003:171-01] Updated CUPS packages fix denial of service attack 2003-05-27 bugzilla redhat com ATM on linux Exploit(les,local) 2003-05-25 axis ph4nt0m (axis ph4nt0m net) /* ATM on linux Exploit *** vulnerability discovered by Angelo Rosiello *** sorry for my poor english. *** i wrote this exploit just for fun. *** i can't get a rootshell on my linux :( *** tested on redhat7.3 ,other linux maybe OK,too. *** atm package:linux-atm-2.4.0-1.i386.rpm *** http:// [ more ] [ reply ] Possible XSS on iPlanet Messaging Server 2003-05-27 Hugo Vázquez Caramés (overclocking_a_la_abuela hotmail com) While playing around with the webmail server (Iplanet Messaging) of my old ISP (Terra Networks) I noticed something really strange that I could not believe in: it was possible to do a XSS through an html attachment. In fact, with Iplanet Messaging you can open an html attachments "online", s [ more ] [ reply ] |
|
Privacy Statement |
-------------------------------------------------------
[Release Date]: May 27, 2003
[System Affected]
* Sun-ONE Application Server 7.0 for Windows 2000/XP
[Description]
During a brief audit of a SunONE Application Server installation
on Wind
[ more ] [ reply ]