|
|
Colapse all |
Post message
[CLA-2003:628] Conectiva Security Announcement - vixie-cron 2003-04-17 Conectiva Updates (secure conectiva com br) MDKSA-2003:049 - Updated kde3 packages fix arbitrary command execution 2003-04-17 Mandrake Linux Security Team (security linux-mandrake com) Fwd: CERT Advisory CA-2003-13 Multiple Vulnerabilities in Snort Preprocessors 2003-04-17 Muhammad Faisal Rauf Danka (mfrd attitudex com) Regards -------- Muhammad Faisal Rauf Danka *** There is an attachment in this mail. *** _____________________________________________________________ --------------------------- [ATTITUDEX.COM] http://www.attitudex.com/ --------------------------- _____________________________________________ [ more ] [ reply ] Web Wiz Forums all version db stealing 2003-04-17 Uziel aka nuJIurpuM (Uziel uziel biz) .:: Decription ::. Web Wiz Forums, the free award winning ASP bulletin board system is available in a boxed version with link removal code. .:: Vendor ::. http://www.webwizguide.info .:: Problem ::. By default all passwords are kept on admin/wwforum.mdb Example: http://www.target.com/ [ more ] [ reply ] [SECURITY] [DSA 288-1] New OpenSSL packages fix decipher vulnerability 2003-04-17 joey infodrom org (Martin Schulze) [SECURITY] [DSA 289-1] New rinetd packages fix denial of service 2003-04-17 joey infodrom org (Martin Schulze) Vulnerability in rinetd 2003-04-17 Martin Schulze (joey infodrom org) Sam Hocevar discovered a security problem in rinetd, an IP connection redirection server. When the server maintains 64 connections and the connection list is full, rinetd resizes the list in order to store the new incoming connection. However, this is done improperly, resulting in a denial of serv [ more ] [ reply ] IE 6.0 - trivial crash 2003-04-16 Adam [ckkl] (ckkl poczta wp pl) (2 replies) Hello, Nothing to add, just a trivial IE crash. http://www.sztolnia.pl/hack/TrivialIECrash/TrivialIECrash.html Best Regards Adam Blaszczyk reverser, coder, writer & researcher [VX/AV] http://www.symantec.com (Localization Engineer) http://www.mykakee.com (Home page) Whatever I say in this e-mail [ more ] [ reply ] [SECURITY] [DSA 290-1] New sendmail-wide packages fix DoS and arbitrary code execution 2003-04-17 joey infodrom org (Martin Schulze) [SCSA-017] Directory Traversal Vulnerability in EZ Server 2003-04-16 Grégory Le Bras (gregory lebras security-corporation com) ====================================================================== Security Corporation Security Advisory [SCSA-017] Directory Traversal Vulnerability in EZ Server ====================================================================== PROGRAM: EZ Server HOMEPAGE: http://www.html-helpe [ more ] [ reply ] Exploit/DoS in MS Internet Explorer 6.0 (OBJECT Tag) 2003-04-16 Ryan Emerle (securityFocus emerle net) (2 replies) *Description* Microsoft Internet Explorer 6.0 (other versions not tested) is vulnerable to a DoS when specially crafted html is present on a page. The vulnerability is in the processing of the OBJECT tag. *Tested* OS: Windows 2000 Pro SP3 (fully up-to-date) IE: Internet Explorer 6.0.280 [ more ] [ reply ] Re: Exploit/DoS in MS Internet Explorer 6.0 (OBJECT Tag) 2003-04-16 Roland Postle (mail blazde co uk) [CLA-2003:627] Conectiva Security Announcement - ethereal 2003-04-16 Conectiva Updates (secure conectiva com br) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ -- CONECTIVA LINUX SECURITY ANNOUNCEMENT - ------------------------------------------------------------------------ -- PACKAGE : ethereal SUMMARY : Several vulnerabilities DA [ more ] [ reply ] MDKSA-2003:048 - Updated eog packages fix arbitrary command execution 2003-04-16 Mandrake Linux Security Team (security linux-mandrake com) MDKSA-2003:047 - Updated xfsdump packages fix insecure file creation 2003-04-16 Mandrake Linux Security Team (security linux-mandrake com) i cracked restriction of 'zone' in mozilla. 2003-04-16 Liu Die Yu (liudieyuinchina yahoo com cn) (1 replies) i cracked restriction of 'zone' in mozilla. ("that's all" is the end of file if you are in a hurry) [tested] OS:"Windows Server 2003" NETSCAPE Ver String: "Mozilla/5.0 (Windows; U; Windows NT 5.2; zh-CN; rv:1.0.1) Gecko/20020823 Netscape/7.0 " (downloaded on "2003/3/31 UTC+800") MOZILL [ more ] [ reply ] SFAD03-001: iWeb Mini Web Server Remote Directory Traversal 2003-04-16 subversive (subversive linuxmail org) Veritas BackupExec 9.0 may ship with upatched MS SQL Desktop Engine 2003-04-15 Marcus Beaman (marcus beaman state or us) I don't know if this is worth posting, but I've not seen it run across bugtraq yet, and we at the state found out the hard way: -Marcus <snip> Veritas BackupExec 9.0 that recently shipped out on CD to registered owners (like us) is vulnerable to the SQL Slammer worm. http://seer.support.veritas.c [ more ] [ reply ] Immunix Secured OS 7+ glibc update 2003-04-15 Immunix Security Team (security wirex com) ----------------------------------------------------------------------- Immunix Secured OS Security Advisory Packages updated: glibc Affected products: ImmunixOS 7+ Bugs fixed: CAN-2003-0028 Date: Mon Apr 14 2003 Advisory ID: IMNX-2003-7+-009-01 Author: Seth Arnold <sarnold (at) wirex (dot) com [email concealed]> ------ [ more ] [ reply ] Re: ActivCard password cache memory leakage 2003-04-15 Massimo Cereda (massimo cereda cgweb it) In-Reply-To: <9969CF31A0D6D411BC4B00508BB38E84031F4D94@BAIMSG4> >The problem found relates to accessing static passwords stored (for >performance) in a memory cache by ActivCard Gold. ActivCard recognizes the >seriousness of this problem, and will fix it in the next version of the >product - Act [ more ] [ reply ] CORE-2003-0307: Snort TCP Stream Reassembly Integer Overflow Vulnerability 2003-04-15 CORE Security Technologies Advisories (advisories coresecurity com) Oddities in Windows ACL inheritance 2003-04-15 Nicolas RUFF (lists) (ruff lists edelweb fr) Hi all, Let's have a look at Windows 2000/XP ACL inheritance oddities : 1/ Create a new file named "test.txt" 2/ Break ACL inheritance and apply custom ACL 3/ Rename "test.txt" to "othertest.txt" 4/ Check that ACL has not changed Now : 1/ Use REGEDIT and create a new key (in HKCU for example) nam [ more ] [ reply ] |
|
Privacy Statement |
Hash: SHA1
- ------------------------------------------------------------------------
--
CONECTIVA LINUX SECURITY ANNOUNCEMENT
- ------------------------------------------------------------------------
--
PACKAGE : vixie-cron
SUMMARY : Local vulnerability
DATE
[ more ] [ reply ]