|
|
Colapse all |
Post message
[SECURITY] [DSA 284-1] New kdegraphics packages fix arbitrary command execution 2003-04-12 joey infodrom org (Martin Schulze) PATCH: [CAN-2003-0132] Apache 2.0.44 Denial of Service Vulnerability 2003-04-11 William A. Rowe, Jr. (wrowe rowe-clan net) In additional response to the iDEFENSE Security Advisory 04.08.03 cited below, the Apache HTTP Server Project has published a specific patch to address this Denial of Service vulnerability for the 2.0.44 server version. The patch may or may not apply to earlier versions of Apache 2.0, and if app [ more ] [ reply ] R7-0013: Heap Corruption in Gaim-Encryption Plugin 2003-04-12 Rapid 7 Security Advisories (advisory rapid7 com) Ocean12 ASP Guestbook Manager v1.00 2003-04-11 drG4njubas (drG4nj mail ru) This advisory can be found at www.blacktigerz.org Subject: Ocean12 ASP Guestbook Manager v1.00. Description: Written entirely in ASP and VBScript this is a completely web-based, easy to install, ASP Guestbook Program. It stores data in an Access 2000 database and is configured 100% through the [ more ] [ reply ] repost: SRT2003-04-01-1231 - Progress DLC overflows 2003-04-09 KF (dotslash snosoft com) For some reason this post did not show up in the archive for April (it was sent out on the 1st) http://www.securityfocus.com/archive/1/2003-03-29/2003-04-04/1 ... I also did not see it in the http://www.securityfocus.com/bid listing so I am sending it out again... I am sorry if you have already [ more ] [ reply ] FileMaker Pro network protocol sends passwords to any client attempting to connect to a shared database. 2003-04-09 Stephen White swhite+fmbug (at) ox.compsoc (dot) net [email concealed] (swhite+fmbug ox compsoc net) I recently discovered a serious bug in FileMaker Pro's database sharing. FileMaker have just released an advisory about this on their security pages: http://www.filemaker.com/support/security -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Subject: FileMaker Pro network protocol sends password [ more ] [ reply ] Re: AMaViS-ng 0.1.6.x and postfix: possible open relay and mail loss 2003-04-09 Hilko Bengen bengen+amavis (at) hilluzination (dot) de [email concealed] (bengen+amavis hilluzination de) Phil Cyc <ajEA3UMBepQ4MRExDmm0qbFeeQEJtffpg.1 (at) protected.unixadm (dot) org [email concealed]> writes: > with postfix using AMaViS-ng 0.1.6.x (tested: 0.1.6.2 and 0.1.6.3; > 0.1.4.x is > not vulnerable), all email gets forwarded to the address specified by the > "To:" header line, ignoring the real recipient given via "RCPT [ more ] [ reply ] [SECURITY] [DSA 283-1] New xfsdump packages fix insecure file creation 2003-04-11 joey infodrom org (Martin Schulze) Buffer Overflow Vulnerability Found in MailMax Version 5 2003-04-11 Dennis Rand (der infowarfare dk) MacOS X DirectoryService Privilege Escalation (a041003-1) 2003-04-10 @stake Advisories (advisories atstake com) [RHSA-2003:089-00] Updated glibc packages fix vulnerabilities in RPC XDR decoder 2003-04-10 bugzilla redhat com Integrigy Security Advisory - Oracle Applications FNDFS Vulnerability 2003-04-11 Integrigy Security Alerts (alerts integrigy com) Integrigy Security Advisory ______________________________________________________________________ Oracle E-Business Suite FNDFS Vulnerability April 10, 2003 ______________________________________________________________________ Summary: The Oracle Applications FNDFS program, used to retrieve re [ more ] [ reply ] [CLA-2003:625] Conectiva Security Announcement - openssl 2003-04-10 Conectiva Updates (secure conectiva com br) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ -- CONECTIVA LINUX SECURITY ANNOUNCEMENT - ------------------------------------------------------------------------ -- PACKAGE : openssl SUMMARY : OpenSSL library vulnerabili [ more ] [ reply ] Admin access in GuestBook r4 2003-04-10 Over_G (overg mail ru) Product: GuestBook Version: release 4 OffSite: http://www.lasource.r2.ru/ Problem: Admin access -------------------------------------- You may use admin panel. Get the password there: http://[target]/cgi-bin/guestbook/passwd The password don't crypt :) Contacts: www.overg.com www.dwcgr0up.co [ more ] [ reply ] Disclosing information in Super GuestBook 2003-04-10 Over_G (overg mail ru) Product: Super GuestBook Version: 1.0 OffSite: http://www.lasource.r2.ru/ Problem: Disclosing information ----------------------------------------- View file http://[target]/cgi-bin/SGB_DIR/superguestconfig and you view configuration of the Super guestbook. View "Password" field and you view pass [ more ] [ reply ] Flaw in Microsoft VM Could Enable System Compromise 2003-04-10 K-Otik.com (contrib K-Otik com) TITLE : Microsoft Virtual Machine Bytecode Verifier Vulnerability CRITICAL : Highly critical IMPACT : System access OPERATING SYSTEM: Microsoft Windows 95 Microsoft Windows 98 and 98SE Microsoft Windows Millennium Microsoft Windows NT 4.0, beginning with Service Pack 1 Microsoft Wind [ more ] [ reply ] Re: Microsoft Terminal Services vulnerable to MITM-attacks. 2003-04-10 Carlos Branco (cb all-is-on com) In-Reply-To: <uod6k5g9fr.fsf (at) hostname.lkpg.cendio (dot) se [email concealed]> >This means RDP is vulnerable to Man In The Middle attacks (from here >on referred to as MITM attacks). Great piece of research by Erik Forsberg and his team. However, this vulnerability does NOT affect Remote Desktop Web connect [ more ] [ reply ] Re: Exploit Code Released for Apache 2.x Memory Leak 2003-04-10 Serban Murariu (smurariu2 yahoo com) If the server uses squid as an accelerator, the damage is not so big: PID USER PRI NI SIZE RSS SHARE STAT %CPU %MEM 704 squid 25 0 20720 13M 5920 R 98.0 22.3 and also, after a while, squid's figures return to normal even though the flood continues... perhaps some protection in squi [ more ] [ reply ] |
|
Privacy Statement |
Hash: SHA1
- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 284-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Martin Schulze
April 12th, 2003
[ more ] [ reply ]