|
|
Colapse all |
Post message
Multiple Vulnerabilities in Splatt Forum 4.0 2003-05-01 Frame4 Security Systems (webmaster frame4 com) Re: Portable OpenSSH: Dangerous AIX linker behavior (aixgcc.adv) 2003-05-01 Shiva Persaud (shivapd us ibm com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Taken from IBM's AIX vendor response (http://lists.insecure.org/lists/bugtraq/2000/Mar/0184.html) to this issue when discussed in 2000: <BEGIN> The AIX version 4 linker has always documented the -blibpath option as a mechanism for removing build e [ more ] [ reply ] eBay Security Contact 2003-05-01 mattmurphy (at) kc.rr (dot) com [email concealed] (mattmurphy kc rr com) (3 replies) Hello, I'm looking for contact information for the security department (if such a thing exists) at eBay. If anyone has any security contact information (specifically, I'm looking for e-mail addresses), or just general "support" information where I can reach a human -- as such information appear [ more ] [ reply ] Cisco Security Advisory: Cisco ONS15454, ONS15327, ONS15454SDH, and ONS15600 Nessus Vulnerabilities 2003-05-01 Cisco Systems Product Security Incident Response Team (psirt cisco com) re:Latest MS SQL Server vulnerabilities revealed 2003-04-30 Michael - (michael nix org) After reading your papers I must say it was quite interesting and it introduce quite a few new ideas. However, most of them (at leat in your paper found at http://www.appsecinc.com/presentations/Manipulating_SQL_Server_Using_SQL _Injection.pdf ) base themselves on the idea that you can perform an [ more ] [ reply ] Red Hat IA64 products still missing fixes for the ptrace vs kmod vulnerability 2003-04-30 Christoph Hellwig (hch infradead org) It seems redhat still hasn't manged to make any of their IA64 products immune against CAN-2003-0127. For RH AS2.1 (and it's crippled corporate newspeak variations) a kernel errata was released only for x86 but noa IA64, as in https://rhn.redhat.com/errata/RHSA-2003-103.html for RH 7.x on IA64 th [ more ] [ reply ] [CLA-2003:633] REVISED: Conectiva Security Announcement - glibc 2003-04-30 Conectiva Updates (secure conectiva com br) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ -- CONECTIVA LINUX SECURITY ANNOUNCEMENT - ------------------------------------------------------------------------ -- PACKAGE : glibc SUMMARY : XDR integer overflow DATE [ more ] [ reply ] [SECURITY] [DSA 295-1] New pptpd packages fix remote root exploit 2003-04-30 joey infodrom org (Martin Schulze) SILLY BEHAVIOR Part II : Internet Explorer 5.5 - 6.0 2003-05-01 http-equiv (at) excite (dot) com [email concealed] (1 malware com) Thursday, May 1, 2003 The following represents a trivial yet elaborate method of injecting arbitrary html into the "My Computer" zone on win98 using the Internet Explorer series of browsers. The manufacturer, commonly known as "Microsoft" has a done a splendid job of battening down the hatche [ more ] [ reply ] [SECURITY] [DSA 296-1] New kdebase packages fix arbitrary command execution 2003-04-30 joey infodrom org (Martin Schulze) [CLA-2003:635] Conectiva Security Announcement - balsa 2003-04-30 Conectiva Updates (secure conectiva com br) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ -- CONECTIVA LINUX SECURITY ANNOUNCEMENT - ------------------------------------------------------------------------ -- PACKAGE : balsa SUMMARY : Buffer overflow in the IMAP c [ more ] [ reply ] Re: April appeared to be a month of IE bugs. Here's another one. 2003-05-01 ERRor (error pochtamt ru) > >Hello, Bugtraq. > > >Malicious htm file can freeze IE with 100% CPU usage: > >Construct the file freeze.htm: > >c:\>perl -e "print qq'\xFF\xFE'; print qq'\r\n' x 30000" > freeze.htm > This string works only with Active Perl, in unix-like Perl versions exploit string is: perl -e "print qq'\xFF\x [ more ] [ reply ] [SECURITY] [DSA 297-1] New snort packages fix remote root exploits 2003-05-01 joey infodrom org (Martin Schulze) [CLA-2003:633] Conectiva Security Announcement - glibc 2003-04-30 Conectiva Updates (secure conectiva com br) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ -- CONECTIVA LINUX SECURITY ANNOUNCEMENT - ------------------------------------------------------------------------ -- PACKAGE : glibc SUMMARY : XDR integer overflow DATE [ more ] [ reply ] [CLA-2003:614] REVISED: Conectiva Security Announcement - sendmail 2003-04-30 Conectiva Updates (secure conectiva com br) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ -- CONECTIVA LINUX SECURITY ANNOUNCEMENT - ------------------------------------------------------------------------ -- PACKAGE : sendmail SUMMARY : Buffer overflow vulnerabil [ more ] [ reply ] |
|
Privacy Statement |
how to code review and remedy them is now available at
http://msdn.microsoft.com/columns/secure.asp
Cheers, Michael
Writing Secure Code 2nd Edition
http://www.microsoft.com/mspress/books/5957.asp
[ more ] [ reply ]