|
|
Colapse all |
Post message
MDKSA-2003:038-1 - Updated 2.4 kernel packages fix ptrace vulnerability 2003-04-10 Mandrake Linux Security Team (security linux-mandrake com) Vulnerabilities in Portable Executable (PE) File Format For Win32 Architecture 2003-04-09 Exurity Inc. (exurity rogers com) Hi, Everyone on this list: Please find http://members.rogers.com/exurity/pdf/PE.pdf a research paper on the vulnerabilities of PE File Format For Win32 Architecture (especially x86). These vulnerabilities are probably well known. Some might have been used or exploited by many. The main concept of t [ more ] [ reply ] [SECURITY] [DSA 269-2] New heimdal packages fix authentication failure 2003-04-09 joey infodrom org (Martin Schulze) iDEFENSE Security Advisory 04.09.03: Denial of Service in Microsoft Proxy Server and Internet Security and Acceleration (ISA) S 2003-04-09 iDEFENSE Labs (labs idefense com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 iDEFENSE Security Advisory 04.09.03: http://www.idefense.com/advisory/04.09.03.txt Denial of Service in Microsoft Proxy Server 2.0 and Internet Security and Acceleration Server 2000 April 9, 2003 I. BACKGROUND Microsoft Corp.'s Internet Security and A [ more ] [ reply ] ISC guestbook script injection vulnerability. 2003-04-09 drG4njubas (drG4nj mail ru) This advisory can be found at www.blacktigerz.org Date: 08.04.2003 Subject: ISC guestbook script injection vulnerability. Description: Free, easy to use asp powered guestbook. Main fetures are: web-based administration, bad word filtering. Vendor: http://www.isc-online.at Download: http://www [ more ] [ reply ] PoPToP PPTP server remotely exploitable buffer overflow 2003-04-09 Timo Sirainen (tss iki fi) Versions older than 1.1.4-b3 and 1.1.3-20030409 affected. This seems to be exploitable only with Linux. PPTP? ----- PPTP-over-IPSEC is commonly used to create VPNs. Windows plays quite nicely with it. problem ------- PPTP packet header contain 16bit length which specifies the full size of the p [ more ] [ reply ] Hyperion FTP server Remote DOS and unauthorised remote access. 2003-04-08 moran zavdi (moraniam hotmail com) Exploit Code Released for Apache 2.x Memory Leak 2003-04-08 mattmurphy (at) kc.rr (dot) com [email concealed] (mattmurphy kc rr com) "iDEFENSE Labs" <labs (at) idefense (dot) com [email concealed]> writes: >II. DESCRIPTION > >Remote exploitation of a memory leak in the Apache HTTP Server causes the >daemon to over utilize system resources on an affected system. The problem >is HTTP Server's handling of large chunks of consecutive linefeed >characters. The w [ more ] [ reply ] [CLA-2003:624] Conectiva Security Announcement - samba 2003-04-08 Conectiva Updates (secure conectiva com br) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ -- CONECTIVA LINUX SECURITY ANNOUNCEMENT - ------------------------------------------------------------------------ -- PACKAGE : samba SUMMARY : Remote vulnerability DATE [ more ] [ reply ] [ARL03-A16] Multiple Security Issues in phPay 2003-04-09 Ahmet Sabri ALPER (s_alper hotmail com) +/--------\-------- ALPER Research Labs ------/--------/+ +/---------\------- Security Advisory -----/---------/+ +/----------\------ ID: ARL03-A16 ----/----------/+ +/-----------\----- salper (at) olympos (dot) org [email concealed] ---/-----------/+ Advisory Information -------------------- Name [ more ] [ reply ] samba 2.x call_trans2open() exploit 2003-04-08 noir sin (noir olympos org) 0day is fragile! one day it's your precious, next day its worthless ... anyways i put together this SAMBAExploit class in python which might be interesting for folks since it's reusable in many other stuff ... python cause; write once a heap, stack or fmt string exploit class and the rest is just [ more ] [ reply ] Multiple Vulnerabilities in libc RPC functions on IRIX 2003-04-08 SGI Security Coordinator (agent99 sgi com) iDEFENSE Security Advisory 04.08.03: Denial of Service in Apache HTTP Server 2.x 2003-04-08 iDEFENSE Labs (labs idefense com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 iDEFENSE Security Advisory 04.08.03: http://www.idefense.com/advisory/04.08.03.txt Denial of Service in Apache HTTP Server 2.x April 8, 2003 I. BACKGROUND The Apache Software Foundation's HTTP Server Project is an effort to develop and maintain an ope [ more ] [ reply ] Orplex guestbook script injection. 2003-04-07 drG4njubas (drG4nj mail ru) This advisory and other useful files can be found at http://www.blacktigerz.org Date: 07.04.2003 Subject: Orplex guestbook script injection. Description: Free asp guestbook. Main fetures are:inserting smiles as icons; web-based administration; bad word filtering. Vendor: Orplex consulting inc [ more ] [ reply ] False-negatives in several Vulnerability Assessment tools 2003-04-07 Nicolas Gregoire (ngregoire exaprobe com) (1 replies) ------------------------------------------------------------------------ Title : False-negatives in several Vulnerability Assessment tools Released : April 7th 2003 Location : http://www.exaprobe.com/labs/advisories/esa-2003-0407.html ----------------------------------------------------------------- [ more ] [ reply ] Re: False-negatives in several Vulnerability Assessment tools 2003-04-08 Geoff Shively (gshively pivx com) AMaViS-ng 0.1.6.x and postfix: possible open relay and mail loss 2003-04-07 Phil Cyc (ajEA3UMBepQ4MRExDmm0qbFeeQEJtffpg 1 protected unixadm org) (1 replies) Hi everyone - with postfix using AMaViS-ng 0.1.6.x (tested: 0.1.6.2 and 0.1.6.3; 0.1.4.x is not vulnerable), all email gets forwarded to the address specified by the "To:" header line, ignoring the real recipient given via "RCPT TO:". Possible exploit: --%snip%-- #> telnet somemx.domain.tld 25 ( [ more ] [ reply ] Re: AMaViS-ng 0.1.6.x and postfix: possible open relay and mail loss 2003-04-08 Phil Cyc (ajEA3UMBepQ4MRExDmm0qbFeeQEJtffpg 1 protected unixadm org) [CLA-2003:620] Conectiva Security Announcement - man 2003-04-07 Conectiva Updates (secure conectiva com br) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ -- CONECTIVA LINUX SECURITY ANNOUNCEMENT - ------------------------------------------------------------------------ -- PACKAGE : man SUMMARY : Local vulnerability DATE : [ more ] [ reply ] |
|
Privacy Statement |
Hash: SHA1
KDE Security Advisory: PS/PDF file handling vulnerability
Original Release Date: 2003-04-09
URL: http://www.kde.org/info/security/advisory-20030409-1.txt
0. References
http://bugs.kde.org/show_bug.cgi?id=53157
http://bugs.kde.org/show_bug.cgi?id=53
[ more ] [ reply ]