SecurityFocus

FreeBSD Security Advisory FreeBSD-SA-03:06.openssl 2003-03-21
FreeBSD Security Advisories (security-advisories freebsd org)

Stunnel: RSA timing attacks / key discovery 2003-03-21
Brian Hatch (bugtraq ifokr org)

Release Date: 2003-Mar-21
Package: stunnel
Versions: Stunnel 3.x x <= 22
Stunnel 4.x x <= 04
Problem type: Key discovery / Information Leakage
Exploit script: None publicly available
Severity: High
Networ

[ more ] [ reply ]

IRM 004: ActiveSync Version 3.5 Denial of Service Vulnerability 2003-03-21
IRM Advisories (advisories irmplc com)

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
IRM Security Advisory No. 004

ActiveSync version 3.5 Denial of Service Vulnerability

Vulnerablity Type / Importance: Denial of Service / High

Problem discovered: November 26th 2002
Vendor contacted: November 26th 2002
Advisory

[ more ] [ reply ]

Guestbook tr3.a 2003-03-21
subj (r2subj3ct dwclan org)

Product : Guestbook tr3.a

Version : First

WebSite : http://www.planetmoon.net

Problem : Viewing passwords file

Description:

------------

In this script passwords are in passwd.txt file

In Shrot, all who want see the passwords can make it.

Exploit:

--------

http://[somehost]/[gb_d

[ more ] [ reply ]

Re: Check Point FW-1 NG FP3 & FP3 HF1: DoS attack against syslog daemon possible 2003-03-21
Hines, Eric (ehin4 allstate com) (1 replies)

Has anyone tested these vulnerabilities on NG FP1 or are they strictly
related to FP3?

Eric Hines

-----Original Message-----
From: Dr. Peter Bieringer [mailto:pbieringer (at) aerasec (dot) de [email concealed]]
Sent: Friday, March 21, 2003 6:47 AM
To: Maillist Bugtraq; Maillist full-disclosure
Subject: Check Point FW-1 NG

[ more ] [ reply ]

Re: Check Point FW-1 NG FP3 & FP3 HF1: DoS attack against syslog daemon possible 2003-03-21
dchesterfield bankofny com

[Sorcerer-spells] OPENSSL-SORDCERER2003-03-21 2003-03-21
Michael Walton (mwalton abilene com)

[ more ] [ reply ]

GLSA: kernel (200303-17) 2003-03-21
Daniel Ahlberg (aliz gentoo org)

Edonkey and Overnet resources consumption 2003-03-21
Auriemma Luigi (aluigi pivx com)

######################################################################

Applications: Edonkey2000 (http://www.edonkey2000.com)
Overnet (http://www.overnet.com)
Versions: 0.45 and previous versions (only the GUI program)
Platforms: Windows only
Bug: The programs spa

[ more ] [ reply ]

Check Point FW-1 NG FP3 & FP3 HF1: DoS attack against syslog daemon possible 2003-03-21
Dr. Peter Bieringer (pbieringer aerasec de)

Hi all,

interesting for all Check Point FW-1 NG users which have enabled the since
FP3 included syslog daemon.

Peter

====================

(P) & (C) 2003 AERAsec Network Services and Security GmbH

URLs:
http://www.aerasec.de/
http://www.aerasec.de/security/advisories/txt/
checkpoint-fw

[ more ] [ reply ]

SuSE Security Announcement: file (SuSE-SA:2003:017) 2003-03-21
Thomas Biege (thomas suse de)

[RHSA-2003:108-01] Updated Evolution packages fix multiple vulnerabilities 2003-03-21
bugzilla redhat com

---------------------------------------------------------------------
Red Hat Security Advisory

Synopsis: Updated Evolution packages fix multiple vulnerabilities
Advisory ID: RHSA-2003:108-01
Issue date: 2003-03-21
Updated on: 2003-03-21
Product:

[ more ] [ reply ]

SuSE Security Announcement: ethereal (SuSE-SA:2003:019) 2003-03-21
Thomas Biege (thomas suse de)

[SECURITY] [DSA 265-1] New bonsai packages fix several vulnerabilities 2003-03-21
joey infodrom org (Martin Schulze)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 265-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Martin Schulze
March 21st, 2003

[ more ] [ reply ]

SuSE Security Announcement: qpopper (SuSE-SA:2003:018) 2003-03-21
Thomas Biege (thomas suse de)

[ESA-20030321-010] 'glibc' RPC XDR decoder vulnerability 2003-03-21
EnGarde Secure Linux (security guardiandigital com)

New attack vectors and a vulnerability dissection of MS03-007 2003-03-21
David Litchfield (david ngssoftware com)

The patch announced by Microsoft on the 17th March 2003 fixed a security
vulnerability in the core of the Windows 2000 operating system. This flaw
was actively being exploited through WebDAV requests to Microsoft's Internet
Information Server 5. It must be stressed that IIS was simply the attack
vec

[ more ] [ reply ]

GLSA: evolution (200303-18) 2003-03-21
Daniel Ahlberg (aliz gentoo org)

[SCSA-011] Path Disclosure Vulnerability in XOOPS 2003-03-20
Grégory Le Bras (gregory lebras security-corporation com)

________________________________________________________________________

Security Corporation Security Advisory [SCSA-011]

________________________________________________________________________

PROGRAM: XOOPS

HOMEPAGE: http://www.xoops.org/

VULNERABLE VERSIONS: v2.0 (and prior ?)

_____

[ more ] [ reply ]

Opara 6.06 Released, Security-Hole Left 2003-03-20
nesumin (nesumin softhome net)

Opera Software released Opera 6.06.
However, the security hole that we had released on Feb 9th, 2003
("Opera Username Buffer Overflow Vulnerability"
[http://www.securityfocus.com/archive/1/311194])
has not been fixed yet. Opera 6.06 still has this security hole,
to which we should pay heed.

Here at

[ more ] [ reply ]

[OpenPKG-SA-2003.026] OpenPKG Security Advisory (openssl) 2003-03-20
OpenPKG (openpkg openpkg org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

________________________________________________________________________

OpenPKG Security Advisory The OpenPKG Project
http://www.openpkg.org/security.html http://www.openpkg.org
openpkg-security (at) openpkg (dot) org [email concealed]

[ more ] [ reply ]

CORE-20030304-02: Vulnerability in Mutt Mail User Agent 2003-03-20
CORE Security Technologies Advisories (advisories coresecurity com)

Core Security Technologies Advisory
http://www.coresecurity.com

Vulnerability in Mutt Mail User Agent

Date Published: 2003-03-20

Last Update: 2003-03-19

Advisory ID: CORE-20030304-02

Bugtraq ID: 7120

CVE CAN: None currently

[ more ] [ reply ]

IBM Tivoli Firewall Security Toolbox buffer overflow vulnerability 2003-03-20
Niels Heinen (niels heinen ubizen com)

*******************************************************************

Subject : IBM Tivoli Firewall Security Toolbox (TFST) remote buffer
overflow vulnerability
Version : Tivoli Firewall Toolbox version 1.2
Platform: All supported platforms

***********************************************

[ more ] [ reply ]

Safeboot PC Security User Emuneration Vulnerability 2003-03-20
Advisories (advisories irmplc com)

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

IRM Security Advisory No. 003
Safeboot PC Security User Emuneration Vulnerability
Vulnerablity Type / Importance: User Enumeration / Medium
Problem discovered: Fri, 31 Jan 2003
Vendor contacted: Mon, 3 Feb 2003
Advi

[ more ] [ reply ]

[OpenPKG-SA-2003.025] OpenPKG Security Advisory (mutt) 2003-03-20
OpenPKG (openpkg openpkg org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

________________________________________________________________________

OpenPKG Security Advisory The OpenPKG Project
http://www.openpkg.org/security.html http://www.openpkg.org
openpkg-security (at) openpkg (dot) org [email concealed]

[ more ] [ reply ]

FreeBSD Security Advisory FreeBSD-SA-03:05.xdr 2003-03-20
FreeBSD Security Advisories (security-advisories freebsd org)

[Sorcerer-spells] LINUX-SORCERER2003-03-20 2003-03-20
Michael Walton (mwalton abilene com)

[ more ] [ reply ]

[IPS] osCommerce multiple XSS vulnerabilities 2003-03-20
Daniel Alcántara de la Hoz (seguridad iproyectos com)

iProyectos Security Advisory:
XSS Bugs in osCommerce

1. Problem description.
2. Risk
3. Solution
4. Manual fix
5. About iProyectos

------------------------------------

1. Problem description:

osCommerce is a widely installed open source shopping e-commerce solut

[ more ] [ reply ]

[Sorcerer-spells] KRB5-SORCERER2003-03-20 2003-03-20
Michael Walton (mwalton abilene com)

[ more ] [ reply ]