|
|
Colapse all |
Post message
[SECURITY] [DSA 281-1] New xftp packages fix arbitrary code execution 2003-04-08 joey infodrom org (Martin Schulze) Unchecked Buffer in Opera 7.02 2003-04-08 David F.Madrid (conde0 telefonica net) Tested version : Opera 7.02 Build 2668 Vendor Status : Vendor was contacted on 8-4-2003 Description : Opera web browser has an unchecked buffer in his code that allow a malicious website to crash it and in certain circumstances , execute code with user priviliges . To reproduce the bug open this [ more ] [ reply ] Immunix Secured OS 7+ Kerberos update 2003-04-08 Immunix Security Team (security wirex com) ----------------------------------------------------------------------- Immunix Secured OS Security Advisory Packages updated: Kerberos 5 Affected products: ImmunixOS 7.0, 7+ Bugs fixed: CAN-2003-0139 CAN-2003-0138 CAN-2003-0028 CAN-2003-0082 Date: Mon Apr 7 2003 Advisory ID: IMNX-2003-7+-007 [ more ] [ reply ] MDKSA-2003:044 - Updated samba packages fix remote root vulnerability 2003-04-07 Mandrake Linux Security Team (security linux-mandrake com) Coppermine Photo Gallery remote compromise 2003-04-07 Berend-Jan Wever (SkyLined edup tudelft nl) ---AFFECTED SOFTWARE--- From the website, http://www.chezgreg.net/coppermine/: "Coppermine Photo Gallery is a picture gallery script. Users can upload pictures with a web browser (thumbnails are created on the fly), add comments, send e-cards and view statistics about the pictures. " "The script us [ more ] [ reply ] Re: NetBIOS could be used as network flood amplier 2003-04-05 Francesco Vigo (f vigo anti-idle com) In-Reply-To: <E9A01F52DC939448BBDE44ED2E1C468F6710DD (at) muskie.rc.on (dot) ca [email concealed]> Hi, maybe there was some incomprehension about what I meant. I am aware that "Broadcast Storm" is an old and well known problem, that affects misconfigured LANs. It's easy to find documentation about that matter, but th [ more ] [ reply ] [CLA-2003:619] Conectiva Security Announcement - zlib 2003-04-07 Conectiva Updates (secure conectiva com br) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ -- CONECTIVA LINUX SECURITY ANNOUNCEMENT - ------------------------------------------------------------------------ -- PACKAGE : zlib SUMMARY : gzprintf() buffer overflow DAT [ more ] [ reply ] Immunix Secured OS 7+ samba update 2003-04-07 Immunix Security Team (security wirex com) ----------------------------------------------------------------------- Immunix Secured OS Security Advisory Packages updated: samba Affected products: ImmunixOS 7.0, 7+ Bugs fixed: CAN-2003-0201 Date: Mon Apr 7 2003 Advisory ID: IMNX-2003-7+-006-01 Author: Seth Arnold <sarnold (at) wirex (dot) com [email concealed]> - [ more ] [ reply ] [SECURITY] [DSA 280-1] New samba packages fix remote root exploit 2003-04-07 joey infodrom org (Martin Schulze) Immunix Secured OS 7+ cvs update 2003-04-07 Immunix Security Team (security wirex com) ----------------------------------------------------------------------- Immunix Secured OS Security Advisory Packages updated: cvs Affected products: ImmunixOS 7.0, 7+ Bugs fixed: CAN-2003-0015 Date: Wed Apr 2 2003 Advisory ID: IMNX-2003-7+-004-01 Author: Seth Arnold <sarnold (at) wirex (dot) com [email concealed]> --- [ more ] [ reply ] JpegX 2.0.0.3 Password Bypass Vulnerability 2003-04-05 JeiAr (jeiar kmfms com) JpegX 2.0.0.3 Password Bypass Vulnerability -------------------------------------------------- Written by Lawrence Kom 09/30/01 http://www.nerdlogic.org/jpegx larry (at) nerdlogic (dot) org [email concealed] aim: kloned Modified the encryption format to avoid guillermito's program. http://www.pipo.com/guillermito/ [ more ] [ reply ] Java Agent freezes Lotus Notes and Domino 6.0.1 2003-04-05 Marc Schoenefeld (schonef uni-muenster de) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, the following agent causes the IBM JVM 1.3.1 shipped with Lotus Domino 6.0.1 and Lotus Notes 6.0.1 to crash. After calling the agent a huge amount of memory is not freed and causes the server machine (observed on MS XP) to deny further service. IM [ more ] [ reply ] Vignette Story Server sensitive information disclosure (a040703-1) 2003-04-07 @stake Advisories (advisories atstake com) [OpenPKG-SA-2003.028] OpenPKG Security Advisory (samba) 2003-04-07 OpenPKG (openpkg openpkg org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ________________________________________________________________________ OpenPKG Security Advisory The OpenPKG Project http://www.openpkg.org/security.html http://www.openpkg.org openpkg-security (at) openpkg (dot) org [email concealed] [ more ] [ reply ] [SECURITY] [DSA 279-1] New metrics packages fix insecure temporary file creation 2003-04-07 joey infodrom org (Martin Schulze) [CLA-2003:618] Conectiva Security Announcement - kernel 2003-04-07 Conectiva Updates (secure conectiva com br) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ -- CONECTIVA LINUX SECURITY ANNOUNCEMENT - ------------------------------------------------------------------------ -- PACKAGE : kernel SUMMARY : Local vulnerability: ptrace [ more ] [ reply ] [DDI-1013] Buffer Overflow in Samba allows remote root compromise 2003-04-07 Erik Parker (erik parker digitaldefense net) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 |----------------------------------------------------------------------- -------| Digital Defense Inc. Security Advisory DDI-1013 labs (at) digitaldefense (dot) net [email concealed] http://www.digitaldefense.net/ |---------------------------------------------------------- [ more ] [ reply ] Interbase/Firebird - external file security bug 2003-04-05 Kotala Zdenìk (Zdenek Kotala Mius cz) Class: IB/FB can create or modify all accessible files on disk Remote: YES Localy: YES Vulnerable: IB 6.01, IB6.5, FB 1.0.2 (WIN/Linux) Not Vulnerable: IB7.0 Not Tested: FB 1.5 Beta Overview: IB/FB support external file for table. Data store in raw format and there isn't access rectriction. If fi [ more ] [ reply ] RE: LocalSystem account in Windows 2000/XP 2003-04-04 Russ (Russ Cooper rc on ca) Gee, you must have read the 1st paragraph of the description of the LocalSystem account in the W2K Platform SDK. http://msdn.microsoft.com/library/default.asp?url=/library/en-us/netdir/ ad/the_localsystem_account.asp RTFM. Cheers, Russ - NTBugtraq Editor -----Original Message----- From: Pavel [ma [ more ] [ reply ] Two Invision Power Board 1.1.x vulns 2003-04-04 Gossi The Dog (gossi lab6 com) Hola, Invision Power Services have continued to show their amazing support and understanding for the security community by release two patches for their 'Invision Power Board' product (now one of the most widely used 'Board' programs around). Without sending out any security mailing list announce [ more ] [ reply ] SignHere guestbook vulnerability. 2003-04-05 drG4njubas (drG4nj mail ru) This advisory nd other useful files can be found at www.blacktigerz.org Subject: SignHere guestbook vulnerability. Description: Free, easy-to-use guestbook. Main features are: message text formatting (bold text, urls etc.); inserting smiles as icons; web-based administration; email notification [ more ] [ reply ] LocalSystem account in Windows 2000/XP 2003-04-04 Pavel (hiddenrecipient email com) Hello everybody, Here is a couple of my observations on Windows 2000/XP LocalSystem account. Originally (NT4) the paradigm of this account was declared by MS as the following: 1. This account doesn't require athentication on the local computer. 2. It has unlimited rights on the local c [ more ] [ reply ] |
|
Privacy Statement |
Rant: People using a product called 'antigen' should be shot, stabbed, and
shot again. Today, more than a month after posting DSR-toppler.pl and
sircd.sh, I _still_ get 5-8 emails a day saying that 'a virus have been
found and quarantined'. Oh please, get a grip. And
[ more ] [ reply ]