|
|
Colapse all |
Post message
GLSA: w3m 2003-02-17 Daniel Ahlberg (aliz gentoo org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - --------------------------------------------------------------------- GENTOO LINUX SECURITY ANNOUNCEMENT 200302-07 - - --------------------------------------------------------------------- PACKAGE : w3m SUMMARY : missing HTML quoting DATE : 2003 [ more ] [ reply ] /usr/bin/enq and /usr/bin/X11/aixterm exploit in AIX 2003-02-17 choi sungwoon (monocat2 hanmail net) /* Title: /usr/bin/enq and /usr/bin/X11/aixterm exploit in AIX Vulnerability found by Esa Etelavoun, iDEFFENSE Author: green(green (at) wowhacker (dot) org [email concealed]), dragory(dragory (at) wowhacker (dot) org [email concealed]) Tested on AIX 4.3.3/RS6000 Reference: lsd-pl.net's exploit Thanks to wowcode & overhead team at Wowhacker(http [ more ] [ reply ] Security Update: [CSSA-2003-007.0] Linux: Apache mod_dav module format string vulnerability 2003-02-17 security caldera com To: bugtraq (at) securityfocus (dot) com [email concealed] announce (at) lists.caldera (dot) com [email concealed] security-alerts (at) linuxsecurity (dot) com [email concealed] full-disclosure (at) lists.netsys (dot) com [email concealed] ________________________________________________________________________ ______ SCO Security Advisory Subject: Linux: Apache mod_dav module format string vulnerability Ad [ more ] [ reply ] PHP Security Advisory: CGI vulnerability in PHP version 4.3.0 2003-02-17 Jani Taskinen (sniper php net) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 PHP Security Advisory: CGI vulnerability in PHP version 4.3.0 Issued on: February 17, 2003 Software: PHP/CGI version 4.3.0 Platforms: All The PHP Group has learned of a serious security vulnerability in the CGI SAPI of PHP version 4.3.0. [ more ] [ reply ] Domino Advisories UPDATE 2003-02-18 Mark Litchfield (mark ngssoftware com) Hi All, Please note the following correction - The Notes Client Up-Date can be found at http://www14.software.ibm.com/webapp/download/search.jsp?q=&cat=&pf=&k=& dt=& go=y&rs=ESD-NOTECLNTi&S_TACT=&S_CMP=&sb=r The Domino Web Server Update can be found at http://www14.software.ibm.com/webapp/download [ more ] [ reply ] Oracle bfilename function buffer overflow vulnerability (#NISR16022003e) 2003-02-18 NGSSoftware Insight Security Research (nisr nextgenss com) NGSSoftware Insight Security Research Advisory Name: ORACLE bfilename function buffer overflow vulnerability Systems Affected: All platforms; Oracle9i Database Release 2, 9i Release 1, 8i, 8.1.7, 8.0.6 Severity: High Risk Category: Remote System Buffer Overrun Vendor URL: http://www.oracle.c [ more ] [ reply ] Lotus iNotes Client ActiveX Control Buffer Overrun (#NISR17022003c) 2003-02-18 NGSSoftware Insight Security Research (nisr nextgenss com) NGSSoftware Insight Security Research Advisory Name: Lotus iNotes Client ActiveX Control Buffer Overrun Systems Affected: Release 6.0 Severity: Medium Risk Category: Remote System Buffer Overrun Vendor URL: http://www.lotus.com Author: Mark Litchfield (mark (at) ngssoftware (dot) com [email concealed]) Date: 17th Fe [ more ] [ reply ] Lotus Domino Web Server Host/Location Buffer Overflow Vulnerability (#NISR17022003a) 2003-02-18 NGSSoftware Insight Security Research (nisr nextgenss com) NGSSoftware Insight Security Research Advisory Name: Lotus Domino Web Server Host/Location Buffer Overflow Vulnerability Systems Affected: Release 6.0 Severity: Critical Risk Category: Remote System Buffer Overrun Vendor URL: http://www.lotus.com Author: Mark Litchfield (mark (at) ngssoftware (dot) c [email concealed] [ more ] [ reply ] Lotus Domino Web Server iNotes Overflow (#NISR17022003b) 2003-02-18 NGSSoftware Insight Security Research (nisr nextgenss com) NGSSoftware Insight Security Research Advisory Name: Lotus Domino Web Server iNotes Overflow Systems Affected: Release 6.0 Severity: Critical Risk Category: Remote System Buffer Overrun Vendor URL: http://www.lotus.com Author: Mark Litchfield (mark (at) ngssoftware (dot) com [email concealed]) Date: 17 [ more ] [ reply ] Oracle TZ_OFFSET Remote System Buffer Overrun (#NISR16022003c) 2003-02-17 NGSSoftware Insight Security Research (nisr nextgenss com) Oracle TO_TIMESTAMP_TZ Remote System Buffer Overrun (#NISR16022003b) 2003-02-17 NGSSoftware Insight Security Research (nisr nextgenss com) Oracle unauthenticated remote system compromise (#NISR16022003a) 2003-02-17 NGSSoftware Insight Security Research (nisr nextgenss com) Oracle9i Application Server Format String Vulnerability (#NISR16022003d) 2003-02-17 NGSSoftware Insight Security Research (nisr nextgenss com) GLSA: mailman 2003-02-17 Daniel Ahlberg (aliz gentoo org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - --------------------------------------------------------------------- GENTOO LINUX SECURITY ANNOUNCEMENT 200302-05 - - --------------------------------------------------------------------- PACKAGE : mailman SUMMARY : cross site scripting DATE : [ more ] [ reply ] [immune advisory] Mulitple vulnerabilities found in BisonFTP 2003-02-17 Immune Advisory (ja immune dk) [immune advisory] Mulitple vulnerabilities found in BisonFTP ======================================================================== ======== BisonFTP is a FTP daemon used on Microsoft Windows 9x/NT systems. -[ DESCRIPTION ]---------------------------------------------------------------- I) Bison [ more ] [ reply ] The First Honeyd Challenge 2003-02-17 Niels Provos (provos citi umich edu) With the release of Honeyd 0.5 over the weekend, I am pleased to also announce the first Honeyd challenge! Honeyd is a virtual honeypot running as a small daemon to create virtual hosts on a network. The hosts can be configured to run arbitrary services, and their personality can be adapted so tha [ more ] [ reply ] Riched20.DLL attribute label buffer overflow vulnerability 2003-02-16 Jie Dong (Thkrdev yoursft com) @stake Advisory: MacOS X TruBlueEnvironment Privilege Escalation Attack 2003-02-14 @stake Advisories (advisories atstake com) HPUX disable buffer overflow vulnerability 2003-02-14 HP S/W Security Team (secure hpchs cup hp com) -----BEGIN PGP SIGNED MESSAGE----- We have contacted Davide Del Vecchio and confirmed that the the buffer overflow in disable(1) does not occur with the patches recommended in HPSBUX0208-213, which says in part: ----------------------------------------------------------------- HEWLETT-PACKARD C [ more ] [ reply ] IndyNews - PhpNuke module: several problems 2003-02-14 Elisa Manara (e entropika net) IndyNews is a PhpNuke add-on that allows users to include media files (images, documents and so on) to articles. While I was playing with the module, I've found several problems. 1) function delMediaFile() Anybody is able to delete any media attached to already approved articles. 2) function man [ more ] [ reply ] Re: Ericsson HM220dp ADSL modem Insecure Web Administration Vulnerability 2003-02-14 John Jørgensen (john safe2day dk) In-Reply-To: <5.1.1.5.0.20030213100935.02108210 (at) mail.varberg (dot) se [email concealed]> > Not according to my contacts at Ericsson. The vulnerability is limited to > one batch of 6000 modems delivered to the Italian market, which is bad > enough! The entire 220 series was discontinued in 2001. It may be that 220 [ more ] [ reply ] [SECURITY] [DSA 251-1] New w3m packages fix cookie information leak 2003-02-14 joey infodrom org (Martin Schulze) MDKSA-2003:016 - Updated util-linux packages provide stronger randomness in mcookie 2003-02-14 Mandrake Linux Security Team (security linux-mandrake com) |
|
Privacy Statement |
Hash: SHA1
- - ---------------------------------------------------------------------
GENTOO LINUX SECURITY ANNOUNCEMENT 200302-06
- - ---------------------------------------------------------------------
PACKAGE : syslinux
SUMMARY : security issues in installer
D
[ more ] [ reply ]