|
|
Colapse all |
Post message
Hotmail & Passport (.NET Accounts) Vulnerability 2003-05-08 Muhammad Faisal Rauf Danka (mfrd attitudex com) [SECURITY] [DSA-301-1] New libgtop packages fix buffer overflow 2003-05-07 Matt Zimmerman (mdz debian org) [SECURITY] [DSA-302-1] New fuzz packages fix buffer overflow 2003-05-07 Matt Zimmerman (mdz debian org) Windows Media Player directory traversal vulnerability 2003-05-07 Jouko Pynnonen (jouko solutions fi) OVERVIEW ======== Windows Media Player versions 7 and 8 are vulnerable to a directory traversal attack when skin files (*.WMZ) are downloaded from Internet. The vulnerability allows malicious users to upload an arbitrary file to an arbitrary location when a victim user views a web page. When [ more ] [ reply ] Problem: Multiple Web Browsers do not do not validate CN on certificates. 2003-05-07 Simson L. Garfinkel (simsong nitroba com) Problem: Multiple Web Browsers do not do not validate CN on certificates. Effected Versons: Safari 1.0 Beta (v60) Safari 1.0 Beta 2 (v73) Konqueror Embedded (unknown version; common browser on Open Zaurus) [NOTE: Konquror 3.0.5 does not exhibit the problem.] Both versions of Safari were te [ more ] [ reply ] Cisco Security Advisory: Cisco VPN 3000 Concentrator Vulnerabilities 2003-05-07 Cisco Systems Product Security Incident Response Team (psirt cisco com) Multiple Buffer Overflow Vulnerabilities in SLMail (#NISR07052003A) 2003-05-07 NGSSoftware Insight Security Research (nisr nextgenss com) NGSSoftware Insight Security Research Advisory Name: Multiple Buffer Overflows in SLMail Systems Affected: SLMail 5.1.0.4420 on Windows Severity: High Risk Vendor URL: http://www.slmail.com Authors: David Litchfield (david (at) ngssoftware (dot) com [email concealed]) Mark Litchfield (mark (at) ngssoftware (dot) com [email concealed]) Date: 7th May 2003 [ more ] [ reply ] Multiple Vulnerabilities in SLWebmail 2003-05-07 NGSSoftware Insight Security Research (nisr nextgenss com) (1 replies) NGSSoftware Insight Security Research Advisory Name: Multiple Vulnerabilities in SLWebMail Systems Affected: SLWebMail 3 on Windows Severity: High Risk Vendor URL: http://www.slmail.com Authors: David Litchfield (david (at) ngssoftware (dot) com [email concealed]) Mark Litchfield (mark (at) ngssoftware (dot) com [email concealed]) Date: 7th May 2003 Advi [ more ] [ reply ] SAP database local root vulnerability during installation. (fwd) 2003-05-07 Larry W. Cashdollar (lwc vapid ath cx) This is an older (moot) vulnerability that I discovered which was never released, the vendor has fixed it. It is similar to what KF at snosoft discovered recently in the current version of SAPDB. Vapid Labs SAP database local root vulnerability during installation. December 10, 2002 I. BACKGROU [ more ] [ reply ] Siemens Mobile Phone - Buffer Overflow 2003-05-06 subj (r2subj3ct dwclan org) ====================================== ---> Product: Siemens Mobile Phone ---> Version: All *45 series phones ---> OffSite: www.siemens-mobile.com ---> Problem: Buffer Overflow. ====================================== ** General Description ** In phones Siemens of a series 45, I found on [ more ] [ reply ] [SECURITY] [DSA 300-1] New Balsa packages fix buffer overflow 2003-05-06 joey infodrom org (Martin Schulze) youbin local root exploit + advisory 2003-05-06 Knud Erik Højgaard (address-modified-due-to-out-of-office-and-gay-antivirus-marking-perl-scripts-as-trojans---kain ircop dk) (1 replies) [SECURITY] [DSA 299-1] New leksbot packages fix improper setuid-root execution 2003-05-06 Matt Zimmerman (mdz debian org) RE: Microsoft IIS Authentication Manager Account Conformation Vuln? 2003-05-06 Russ (Russ Cooper rc on ca) First described by mnemonix on Febuary 24, 1999, in NTBugtraq post; http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind9902&L=ntbugtraq &F=P&S=&P=5572 (URL is wrapped to more than one line, you must reconnect the pieces for it to work properly) Cheers, Russ - NTBugtraq Editor -----Original Me [ more ] [ reply ] Crash in Internet Explorer 6.0 Sp1 2003-05-05 David F. Madrid (conde0 telefonica net) Affected product : IE 6.0 Sp1 Vendor Status : the issue will be solved in the next service pack Description : Internet explorer can be crashed by clicking on a specially crafted link . The problem is in the AnchorClick DHTML behaviour of the A ( link ) object . With this behaviour you can specif [ more ] [ reply ] Security Update: [CSSA-2003-017.0] OpenLinux: Various serious Samba vulnerabilities 2003-05-02 security sco com To: bugtraq (at) securityfocus (dot) com [email concealed] announce (at) lists.caldera (dot) com [email concealed] security-alerts (at) linuxsecurity (dot) com [email concealed] ________________________________________________________________________ ______ SCO Security Advisory Subject: OpenLinux: Various serious Samba vulnerabilities Advisory number: CSSA-2003-017.0 Issue da [ more ] [ reply ] Security Update: [CSSA-2003-018.0] OpenLinux: file command buffer overflow 2003-05-02 security sco com To: bugtraq (at) securityfocus (dot) com [email concealed] announce (at) lists.caldera (dot) com [email concealed] security-alerts (at) linuxsecurity (dot) com [email concealed] ________________________________________________________________________ ______ SCO Security Advisory Subject: OpenLinux: file command buffer overflow Advisory number: CSSA-2003-018.0 Issue date: 200 [ more ] [ reply ] Multiple Buffer Overflow Vulnerabilities Found in FTGate Pro Mail Server v. 1.22 (1328) 2003-05-06 Dennis Rand (der infowarfare dk) [CLA-2003:640] Conectiva Security Announcement - vnc 2003-05-05 Conectiva Updates (secure conectiva com br) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ -- CONECTIVA LINUX SECURITY ANNOUNCEMENT - ------------------------------------------------------------------------ -- PACKAGE : vnc SUMMARY : Vulnerabilties in cookies and r [ more ] [ reply ] CORE-2003-0303: Multiple Vulnerabilities in Mirabilis ICQ client 2003-05-05 CORE Security Technologies Advisories (advisories coresecurity com) Microsoft Biztalk Server ISAPI HTTP Receive function buffer overflow 2003-05-05 Cesar (cesarc56 yahoo com) Security Advisory Name: Microsoft Biztalk Server ISAPI HTTP Receive function buffer overflow System Affected : Microsoft BizTalk Server 2002 Severity : High Remote exploitable : Yes Author: Cesar Cerrudo. Date: 05/05/03 Advisory Number: CC040301 Legal Notice: This Advisory is Copyri [ more ] [ reply ] Microsoft Biztalk Server DTA vulnerable to SQL injection 2003-05-05 Cesar (cesarc56 yahoo com) Security Advisory Name: Microsoft Biztalk Server Document Tracking and Admnistration vulnerable to SQL injection System Affected : BizTalk Server 2000 and BizTalk Server 2002 Severity : High Remote exploitable : Yes Author: Cesar Cerrudo. Date: 05/05/03 Advisory Number: CC040302 Lega [ more ] [ reply ] [CLA-2003:639] Conectiva Security Announcement - krb5 2003-05-05 Conectiva Updates (secure conectiva com br) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ -- CONECTIVA LINUX SECURITY ANNOUNCEMENT - ------------------------------------------------------------------------ -- PACKAGE : krb5 SUMMARY : Several Kerberos vulnerabiliti [ more ] [ reply ] Security Update: [CSSA-2003-019.0] OpenLinux: tcp SYN with FIN packets are not discarded 2003-05-05 security sco com To: bugtraq (at) securityfocus (dot) com [email concealed] announce (at) lists.caldera (dot) com [email concealed] security-alerts (at) linuxsecurity (dot) com [email concealed] ________________________________________________________________________ ______ SCO Security Advisory Subject: OpenLinux: tcp SYN with FIN packets are not discarded Advisory number: CSSA-2003-019.0 Issu [ more ] [ reply ] Key validity bug in GnuPG 1.2.1 and earlier 2003-05-04 David Shaw (dshaw jabberwocky com) As part of the development of GnuPG 1.2.2, a bug was discovered in the key validation code. This bug causes keys with more than one user ID to give all user IDs on the key the amount of validity given to the most-valid key. This bug does not impact any key with only one user ID. Photo IDs ("user [ more ] [ reply ] SILLY BEHAVIOR Part III : Internet Explorer 5.5 - 6.0 2003-05-04 http-equiv (at) excite (dot) com [email concealed] (1 malware com) Sunday, May 4, 2003 Silent delivery and installation of an executable on the target machine, default install of win98 and Internet Explorer with all patches to date. No client input other than viewing a web page: Mildly amused by the recent patching of the codebase saga spanning nearly 3 yea [ more ] [ reply ] |
|
Privacy Statement |
There is a very serious and stupid vulnerability or badcoding in Hotmail / Passportâ??s (.NET Accounts)
I tried sending emails several times to Hotmail / Passport contact addresses, but always met with the NLP bots.
I guess I donâ??t need to go in
[ more ] [ reply ]