Security advisory

Issue: Shopfactory e-commerce application allows alteration of order details

Date: 03/05/03

Vendor first notified: December 2002

Affected versions: All available versions (current version Shopfactory 5.8)

ABOUT SHOPFACTORY:

Shopfactory is a shopping cart solution. According t

[ more ]  [ reply ]

---------------------------------------------------------------------
Red Hat, Inc. Red Hat Security Advisory

Synopsis: Updated squirrelmail packages close cross-site scripting vulnerabilities
Advisory ID: RHSA-2003:042-07
Issue date: 2003-02-07
Updated on:

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - ---------------------------------------------------------------------
GENTOO LINUX SECURITY ANNOUNCEMENT 200303-5
- - ---------------------------------------------------------------------

PACKAGE : tcpdump
SUMMARY : remote dos

[ more ]  [ reply ]

In-Reply-To: <3E5F651E.35B09C5D (at) computec (dot) ch [email concealed]>

>It seems that I'm one of the last Netscape 4.x users.

>The following paste shows the IMAP mail part of this

configuration file.

>You can see that the line 17 shows the unencrypted

password

Netscape 4.x is out of date - we recommend that

everyon

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

________________________________________________________________________

OpenPKG Security Advisory The OpenPKG Project
http://www.openpkg.org/security.html http://www.openpkg.org
openpkg-security (at) openpkg (dot) org [email concealed]

[ more ]  [ reply ]

Hi,

something that could be interesting...

We have decided not to contact any vendor (many vendors are vulnerable and

we have not enough time...sorry) and made this advisory public in this

list.

ILLC - Inverse Lookup Log Corruption

We are using a technique that we have called ?ILLC?

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

________________________________________________________________________

OpenPKG Security Advisory The OpenPKG Project
http://www.openpkg.org/security.html http://www.openpkg.org
openpkg-security (at) openpkg (dot) org [email concealed]

[ more ]  [ reply ]

The ISC website lists the following as of today:

http://www.isc.org/products/BIND/bind-security.html

"ISC has discovered or has been notified of several bugs which can result
in vulnerabilities of varying levels of severity in BIND as distributed by
ISC. Upgrading to BIND version 9.2.2 is stron

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

iDEFENSE Security Advisory 03.04.03:
http://www.idefense.com/advisory/03.04.03.txt
Locally Exploitable Buffer Overflow in file(1)
March 4, 2003

I. BACKGROUND

file(1) is an application that utilizes a magic file (typically located in
/usr/share/magic)

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----

The password is not enabled by default, but the readme has the following installation instructions:

- ---

open setup.php and edit these options

$ADMIN[RequirePass] = "Yes"; // Checks to see if upload has a vaild
password
$ADMIN[Password] = "password"; //

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

________________________________________________________________________

OpenPKG Security Advisory The OpenPKG Project
http://www.openpkg.org/security.html http://www.openpkg.org
openpkg-security (at) openpkg (dot) org [email concealed]

[ more ]  [ reply ]

In-Reply-To: <3E63BA9C.3000303 (at) satx.rr (dot) com [email concealed]>

Hello Geoff,

Thank you for your reply.

Some reactions on your statements:

1. I've tested the SNMP 'set community name'. None responded

to 'internal' after I changed it to something else.

You are right when you mean the SNMP 'GET community na

[ more ]  [ reply ]

What happens if the string is sent repeatedly while the phone is turned
on but is unattended or receives text messages silently? Is the battery
drained as predicted?

Willis

-----Original Message-----
From: Jan Niehusmann [mailto:jan (at) gondor (dot) com [email concealed]]
Sent: Monday, March 03, 2003 2:46 PM
To: subj subj

[ more ]  [ reply ]

To: bugtraq (at) securityfocus (dot) com [email concealed] announce (at) lists.caldera (dot) com [email concealed] scoannmod (at) xenitec.on (dot) ca [email concealed] full-disclosure (at) lists.netsys (dot) com [email concealed]

________________________________________________________________________
______

SCO Security Advisory

Subject: UnixWare 7.1.1 Open UNIX 8.0.0 UnixWare 7.1.3 : ftp vulnerability wit

[ more ]  [ reply ]

HP Support Information Digests

========================================================================
=======
o Security Bulletin Digest Split
------------------------------

The security bulletins digest has been split into multiple digests
based on the operatin

[ more ]  [ reply ]

Uploader Version 1.1 which is available from
http://www.phpscriptcenter.com/uploader.php
includes "uploader.php", which lets you upload ANY file (even scripts eg. in
PHP) onto the server
if no password protection is specified in the configuration file (default
set to off).
The supplied files will be

[ more ]  [ reply ]

*** There is an attachment in this mail. ***

_____________________________________________________________
---------------------------
[ATTITUDEX.COM]
http://www.attitudex.com/
---------------------------

_____________________________________________________________
Select your own custom email a

[ more ]  [ reply ]

----- Forwarded message from Product Security <product-security (at) apple (dot) com [email concealed]> -----

Return-Path: <security-announce-admin (at) lists.apple (dot) com [email concealed]>
Date: Mon, 03 Mar 2003 14:09:17 -0800
Subject: APPLE-SA-2003-03-03 sendmail
From: Product Security <product-security (at) apple (dot) com [email concealed]>
To: <security-announce (at) lists (dot) appl [email concealed]e.

[ more ]  [ reply ]