|
|
Colapse all |
Post message
@(#)Mordred Labs advisory - Integer overflow in PHP socket_iovec_alloc() function 2003-03-25 Sir Mordred (mordred s-mail com) //@(#) Mordred Security Labs advisory Release date: March 25, 2003 Name: Integer overflow in PHP socket_iovec_alloc() function Versions affected: < 4.3.2 Conditions: PHP must be compiled with --enable-sockets option, which is turned off by default Risk: average Author: Sir Mordred (mordred@s-mail. [ more ] [ reply ] Fwd: APPLE-SA-2003-03-24 Samba, OpenSSL 2003-03-25 Bryan Blackburn (blb pobox com) ----- Forwarded message from Product Security <product-security (at) apple (dot) com [email concealed]> ----- Date: Mon, 24 Mar 2003 14:44:36 -0800 Subject: APPLE-SA-2003-03-24 Samba, OpenSSL From: Product Security <product-security (at) apple (dot) com [email concealed]> To: <security-announce (at) lists.apple (dot) com [email concealed]> Message-ID: <BAA4CA53.A2%product-security@ap [ more ] [ reply ] Multiple Vulnerabilities and Enhancements in ftpd on IRIX 2003-03-24 SGI Security Coordinator (agent99 sgi com) Security Update: [CSSA-2003-014.0] Linux: several recently discovered openssl vulnerabilities 2003-03-21 security sco com To: bugtraq (at) securityfocus (dot) com [email concealed] announce (at) lists.caldera (dot) com [email concealed] security-alerts (at) linuxsecurity (dot) com [email concealed] ________________________________________________________________________ ______ SCO Security Advisory Subject: Linux: several recently discovered openssl vulnerabilities Advisory number: CSSA-2003-014. [ more ] [ reply ] DEF CON Announcement: CFP, Media now on line! 2003-03-21 The Dark Tangent (dtangent defcon org) Hello everyone, I would like to make several DEF CON related announcements. The Call For Papers for speaking at DEF CON ELEVEN (or XI, 0x0B, 1.1, 11) is now on-line and in effect. Continuing last year, we will continue to pay speakers. We are also continuing to improve speaker quality. It is n [ more ] [ reply ] Security Update: [CSSA-2003-SCO.7] UnixWare 7.1.1 Open UNIX 8.0.0 : Several vulnerabilities in XDR/RPC routines 2003-03-19 security sco com To: bugtraq (at) securityfocus (dot) com [email concealed] announce (at) lists.caldera (dot) com [email concealed] ________________________________________________________________________ ______ SCO Security Advisory Subject: UnixWare 7.1.1 Open UNIX 8.0.0 : Several vulnerabilities in XDR/RPC routines Advisory number: CSSA-2003-SCO.7 Issue date: 2 [ more ] [ reply ] WebDav Exploit ffs 2003-03-24 Rafael Nuñez (rnunez scientech com ve) I've been receiving a bunch of emails concerning if the exploit that I sent to the list (iis_txt.c ) was focus on WebDav Vuln.. Of course Not (was a totally different one, based on the old *.asp like iistart.asp). If David Litchfield read the 1st one he prolly cried. Regarding this I'm sending the [ more ] [ reply ] Samba-TNG 0.3.1 Security Release (fwd) 2003-03-23 Erik Parker (netmask mindsec com) ---------- Forwarded message ---------- Date: Sat, 22 Mar 2003 21:03:11 +0100 (CET) From: Stephan Lauffer <lauffer (at) ph-freiburg (dot) de [email concealed]> To: tng-announcements (at) lists.dcerpc (dot) org [email concealed] Subject: [ANNOUNCE] Samba-TNG 0.3.1 Security Release Samba-TNG-0.3.1 released ========================== Mar 22th 2003 Today th [ more ] [ reply ] [SECURITY] [DSA 267-1] New lpr packages fix local root exploit 2003-03-24 joey infodrom org (Martin Schulze) paFileDB 3.x SQL Injection Vulnerability 2003-03-23 flur (flur flurnet org) Flurnet Security ---------------- paFileDB by todd (at) phparena (dot) net [email concealed] PHP Arena http://www.phparena.net Tested on: paFileDB 3.0 Final paFileDB 3.0 Beta 3.1 paFileDB 3.1 Final Explanation: paFileDB is a file management script that supports user file rating. It uses an SQL d [ more ] [ reply ] [SECURITY] [DSA 266-1] New krb5 packages fix several vulnerabilities 2003-03-24 joey infodrom org (Martin Schulze) [ESA-20030324-012] 'MySQL' root exploit. 2003-03-24 EnGarde Secure Linux (security guardiandigital com) 3com RAS 1500 Remote vulnerabilities. 2003-03-24 Piotr Chytla (pch isec pl) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Synopsis: 3com RAS 1500 Remote vulnerabilities. Product: 3C433279A-US http://www.3com/ras1500 Version: Firmware X2.0.10 URL: http://isec.pl/vulnerabilities/isec-0009-3com-ras.txt Author: Piotr Chytla <pch (at) isec (dot) pl [email concealed]> Date: Februa [ more ] [ reply ] IE - reading local files 2003-03-23 Adam [ckkl] (ckkl poczta wp pl) (1 replies) Hello, I don't know if anybody pointed it out before... While playing with IE [6.0] I found out that it is possible to read local files with a little help of user... How it works? 1. IE lets you define style for the INPUT type=file tag including clipping region what makes possible to hi [ more ] [ reply ] Re: [INetCop Security Advisory] ++Danger++ Outblaze Web based e-mail that is exposed in very dangerous state !!! 2003-03-20 Suresh Ramasubramanian (suresh hserus net) Suresh Ramasubramanian [20/03/03 11:54 +0530]: > > INetCop Security Advisory #2003-0x82-014.c > > > > Exploit can succeed manufacturing user's cookie. > > Your submission to bugtraq is pretty sketchy - there are no details, nor is > there any proof of concept / sample code. Thanks to dong [ more ] [ reply ] ProtWare "HTML Guardian" has pathetic "encryption" 2003-03-20 rain_song hushmail com For $40 or $70, ProtWare's "HTML Guardian" (http://www.protware.com) claims to "encrypt html code and javascripts, [making] it impossible to reuse them." Unfortunately, "HTML Guardian" does not do anything more than to obfuscate the HTML source code. There is no encryption. In fact, the JavaScrip [ more ] [ reply ] SimpleChat 2003-03-20 subj (r2subj3ct dwclan org) Product : SimpleChat! Version : 1.3 WebSite : http://hot-things.net Problem : Private info viewing Description: ------------ In a directory /data/ the file containing the information on users of a chat lays (taking place in a chat at present), to which any interested person can recei [ more ] [ reply ] NT Service Killer 2003-03-21 tomotocigare (tomotocigare securiteinfo com) Introduction Picture yourself as a win32 programmer, you were provided with local administrator rights. You are in charge of developing NT system services, i.e. applications that do not need opened session to be running. During the debugging phase, you might need to stop your service prototype. Try [ more ] [ reply ] RE: Check Point FW-1 NG FP3 & FP3 HF1: DoS attack against syslog daemon possible 2003-03-21 Hines, Eric (ehin4 allstate com) Alright. I was just concerned because of the wording Checkpoint used on their web site. "Prior to the release of NG FP3 HF2......." I'm going to assume they were referring to the HF2 portion of that, and not < FP3 Eric Hines -----Original Message----- From: dchesterfield (at) bankofny (dot) com [email concealed] [mailto:d [ more ] [ reply ] |
|
Privacy Statement |
Hash: SHA1
- - ---------------------------------------------------------------------
GENTOO LINUX SECURITY ANNOUNCEMENT 200303-22
- - ---------------------------------------------------------------------
PACKAGE : glibc
SUMMARY : integer overf
[ more ] [ reply ]