SecurityFocus

SIPS (PHP) 2003-03-18
subj (r2subj3ct dwclan org)

Product : SIPS

Version : v0.2.2

WebSite : http://www.squishdot.org

Problem : Viewing users account

Description:

------------

You could easily look throught any user's account without any

permissions. Each of them is in dir names after first letter of his

login. For example foo will

[ more ] [ reply ]

[OpenPKG-SA-2003.019] OpenPKG Security Advisory (openssl) 2003-03-18
OpenPKG (openpkg openpkg org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

________________________________________________________________________

OpenPKG Security Advisory The OpenPKG Project
http://www.openpkg.org/security.html http://www.openpkg.org
openpkg-security (at) openpkg (dot) org [email concealed]

[ more ] [ reply ]

TSLSA-2003-0009 - mysql 2003-03-18
tsl trustix com (Trustix Secure Linux Advisor)

Simple WebDAV method validator (PERL code) 2003-03-17
SensePost Research (research sensepost com)

A quick 10 minute job...

> head -n 9 finder.pl
#!/bin/perl
##
## This script test for most of the methods used by WebDAV
## If the server does not complain about the method its an indication
## that WebDAV is in use..
##
## Please see http://www.microsoft.com/technet/treeview/default.asp?url=/techn

[ more ] [ reply ]

[OpenPKG-SA-2003.020] OpenPKG Security Advisory (modssl) 2003-03-18
OpenPKG (openpkg openpkg org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

________________________________________________________________________

OpenPKG Security Advisory The OpenPKG Project
http://www.openpkg.org/security.html http://www.openpkg.org
openpkg-security (at) openpkg (dot) org [email concealed]

[ more ] [ reply ]

MDKSA-2003:033 - Updated zlib packages fix buffer overrun vulnerability 2003-03-18
Mandrake Linux Security Team (security linux-mandrake com)

Re: Microsoft Security Advisory MS 03-007 2003-03-18
Dave Aitel (dave immunitysec com) (1 replies)

This: http://www.msnbc.com/news/886524.asp?0cv=CB10&cp1=1

says that:
...
But the exploit was sophisticated and well designed, and it was alarmingly
successful, said Russ Cooper, security researcher for TruSecure Corp. The
company learned of the attack through sources in the U.S. military last
Tuesd

[ more ] [ reply ]

RE: Microsoft Security Advisory MS 03-007 2003-03-18
Brett Moore (brett softwarecreations co nz)

[ESA-20030318-009] Several 'kernel' vulnerabilities 2003-03-18
EnGarde Secure Linux (security guardiandigital com)

GLSA: man (200303-13) 2003-03-18
Daniel Ahlberg (aliz gentoo org)

GLSA: mysql (200303-14) 2003-03-18
Daniel Ahlberg (aliz gentoo org)

[OpenPKG-SA-2003.021] OpenPKG Security Advisory (samba) 2003-03-18
OpenPKG (openpkg openpkg org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

________________________________________________________________________

OpenPKG Security Advisory The OpenPKG Project
http://www.openpkg.org/security.html http://www.openpkg.org
openpkg-security (at) openpkg (dot) org [email concealed]

[ more ] [ reply ]

Re: @(#)Mordred Labs advisory - Texis sensitive information leak 2003-03-18
info thunderstone com

In-Reply-To: <200303142239.h2EMdbbK049019 (at) mailserver3.hushmail (dot) com [email concealed]>

THUNDERSTONE RESPONSE TO SECURITY ALERT

Thunderstone Software is aware of a report about a "vulnerability" in one of our products, published on Bugtraq. Thunderstone takes such concerns seriously. We offer the following details

[ more ] [ reply ]

[OpenPKG-SA-2003.022] OpenPKG Security Advisory (mysql) 2003-03-18
OpenPKG (openpkg openpkg org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

________________________________________________________________________

OpenPKG Security Advisory The OpenPKG Project
http://www.openpkg.org/security.html http://www.openpkg.org
openpkg-security (at) openpkg (dot) org [email concealed]

[ more ] [ reply ]

[security bulletin] SSRT0845U HP Tru64 UNIX, HP-UX stdio Potential Security Vulnerability 2003-03-18
Dave Ahmad (da securityfocus com)

David Mirza Ahmad
Symantec

"sabbe dhamma anatta"

0x26005712
8D 9A B1 33 82 3D B3 D0 40 EB AB F0 1E 67 C6 1A 26 00 57 12

[ more ] [ reply ]

AOL's Billion SPAM March on Cyberspace 2003-03-17
Jason Coombs (jasonc science org)

Aloha, Lonnie.

Your article: "ISPs Seek Bigger Mallet To Eliminate Spammers" caught my
attention.
http://www.theledger.com/apps/pbcs.dll/section?Category=COLUMNISTS0203

I'm an information security and computer forensics expert with detailed
technical knowledge of SPAM and the technology employed b

[ more ] [ reply ]

CERT Advisory CA-2003-09 Buffer Overflow in Microsoft IIS 5.0 (fwd) 2003-03-17
Dave Ahmad (da securityfocus com)

David Mirza Ahmad
Symantec

"sabbe dhamma anatta"

0x26005712
8D 9A B1 33 82 3D B3 D0 40 EB AB F0 1E 67 C6 1A 26 00 57 12

[ more ] [ reply ]

[Sorcerer-spells] SAMBA-SORCERER2003-03-17 2003-03-17
Michael Walton (mwalton abilene com)

--
Michael Walton

Asst-Manager Tech Support
mwalton (at) abilene (dot) com [email concealed]

(915)677-7900

[ more ] [ reply ]

PHP-Nuke 5.5 and 6.0: Path Disclosure 2003-03-15
Rynho Zeros Web (hackargentino gmx net)

+ Product -> PHP-Nuke
+ Version -> 5.5, 6.0 (other versions not tested jet)
+ Website -> http://www.phpnuke.org
+ Problems -> Path Disclosure

+ Explanation:
The fault happens in the file print.php, which this including in the modulos
'News' and 'AvantGo', in the same one is checked that the vari

[ more ] [ reply ]

MDKSA-2003:032 - Updated samba packages fix remote root vulnerability 2003-03-16
Mandrake Linux Security Team (security linux-mandrake com)

[SCSA-010] Path Disclosure & Cross Site Scripting Vulnerability in MyABraCaDaWeb 2003-03-17
Grégory Le Bras (gregory lebras security-corporation com)

________________________________________________________________________

Security Corporation Security Advisory [SCSA-010]

________________________________________________________________________

PROGRAM: MyABraCaDaWeb

HOMEPAGE: http://www.webmaster-mag.net/

VULNERABLE VERSIONS: v1.0.2 an

[ more ] [ reply ]

Security Bugfix for Samba - Samba 2.2.8 Released 2003-03-17
Maslov, Snowy (Snowy Maslov fujitsu com au)

(See http://www.samba.org/samba/whatsnew/samba-2.2.8.html for a copy of
this information)

The Samba Team announces Samba 2.2.8

****************************************
* IMPORTANT: Security bugfix for Samba *
****************************************

Th

[ more ] [ reply ]

[RHSA-2003:054-00] Updated rxvt packages fix various vulnerabilites 2003-03-17
bugzilla redhat com

---------------------------------------------------------------------
Red Hat Security Advisory

Synopsis: Updated rxvt packages fix various vulnerabilites
Advisory ID: RHSA-2003:054-00
Issue date: 2003-03-17
Updated on: 2003-03-17
Product: R

[ more ] [ reply ]

S21SEC-011 - Multiple vulnerabilities in BEA WebLogic Server 2003-03-17
Lluis Mora (llmora s21sec com)

###############################################################
ID: S21SEC-011-en
Title: Multiple vulnerabilities in BEA WebLogic Server
Date: 7/01/2003
Status: Patch published
Scope: Remote command execution
Platforms: Linux, Windows 2000, probably others
Author: llmora
Location: http://www.s21sec.

[ more ] [ reply ]

GLSA: samba (200303-11) 2003-03-17
Daniel Ahlberg (aliz gentoo org)

[INetCop Security Advisory #2002-0x82-013] Kebi Academy 2001 Web Solution Directory Traversing Vulnerability. 2003-03-17
dong-h0un U (xploit hackermail com)

========================================
INetCop Security Advisory #2002-0x82-013
========================================

* Title: Kebi Academy 2001 Web Solution Directory Traversing Vulnerability.

0x01. Description

Kebi Academy 2001 is web solution that is supplied to C Binary CGI in we

[ more ] [ reply ]

[ADVISORY] Timing Attack on OpenSSL 2003-03-17
Ben Laurie (ben algroup co uk)

I expect a release to follow shortly.

--
http://www.apache-ssl.org/ben.html http://www.thebunker.net/

"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff

[ more ] [ reply ]

GLSA: qpopper (200303-12) 2003-03-17
Daniel Ahlberg (aliz gentoo org)