|
|
Colapse all |
Post message
[SECURITY] [DSA 243-1] New kdemultimedia packages fix several vulnerabilities 2003-01-24 joey infodrom org (Martin Schulze) Mailman: cross-site scripting bug 2003-01-24 webmaster procheckup com Product: Mailman Affected Version: 2.1 not other version has been tested Vendor's URL: http://www.gnu.org/software/mailman/ Solution: TBC Author: Manuel Rodriguez Introduction: ------------ Mailman is software to help manage electronic mail discussion lists, much like Majordomo or Smart [ more ] [ reply ] [SECURITY] [DSA 242-1] New kdebase packages fix several vulnerabilities 2003-01-24 joey infodrom org (Martin Schulze) Test program for CVS double-free. 2003-01-24 Joe Testa (Joe_Testa rapid7 com) Greetings-- Attached to this e-mail you'll find a Java program which probes a CVS pserver for the recent double-free() vulnerability. I've tested it on a Linux architecture only; it would be much appreciated if people would mail me back with its performance results against *BSD, AIX, etc. [ more ] [ reply ] Re: Other Security Contacts Required (AutoDesk, Motorola and Vignette) 2003-01-24 Ollie Whitehouse (ollie atstake com) Another YabbSE Remote Code Execution Vulnerability 2003-01-24 mindwarper hush com YabbSE Remote Code Execution 2 Vulnerability ( By Mindwarper :: mindwarper (at) hush (dot) com [email concealed] :: ) <------- -------> ---------------------- Vendor Information: ---------------------- Homepage : http://www.yabbse.org Vendor : informed Mailed advisory: 24/01/02 Vender Response : None -------------------- [ more ] [ reply ] Re: SPRINT ADSL [Zyxel 645 Series Modem] 2003-01-24 FX (fx phenoelit de) > ftp> open malware.com > Connected to malware.com. > 220 Sprint FTP version 1.0 ready at Wed Jan 5 17:20:47 2000 > User (malware.com:(none)): > 331 Enter PASS command > Password: > 230 Logged in > ftp> get rom-0 I'm not sure if this applies to the Zyxel boxes you found, but there is another file [ more ] [ reply ] DoS attack on Windows 2000 Terminal Server 2003-01-23 Jonathan Hunter jonathan.hunter+dated+1043753340.86cf13 (at) ptel.co (dot) uk [email concealed] (jonathan hunter+dated+1043753340 86cf13 ptel co uk) This one's short and simple.. Description ----------- Any user with sufficient permission to log on to a Windows 2000 Terminal Server (via RDP or ICA) and access its filesystem can reboot the server at will. Exploit ------- - Open %SYSTEMROOT%\SYSTEM32\MSGINA.DLL for exclusive access (read lock [ more ] [ reply ] [CLA-2003:562] Conectiva Linux Security Announcement - dhcp 2003-01-23 secure conectiva com br -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ -- CONECTIVA LINUX SECURITY ANNOUNCEMENT - ------------------------------------------------------------------------ -- PACKAGE : dhcp SUMMARY : Remote Vulnerability DATE [ more ] [ reply ] MDKSA-2003:009 - Updated cvs packages fix multiple vulnerabilities 2003-01-20 Mandrake Linux Security Team (security linux-mandrake com) Astaro Security Linux Firewall - HTTP Proxy vulnerability 2003-01-20 Volker Tanger (volker tanger discon de) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Greetings! A quite well known (i.e. ancient) type of proxy vulnerability was found in the https proxy of Astaro Security Linux firewall (which is a chrooted yet plain squid btw.) This general problem has been known to be an issue with nearly all HTTP [ more ] [ reply ] [CLA-2003:564] Conectiva Linux Security Announcement - libpng 2003-01-23 secure conectiva com br -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ -- CONECTIVA LINUX SECURITY ANNOUNCEMENT - ------------------------------------------------------------------------ -- PACKAGE : libpng SUMMARY : Buffer overflow vulnerabilit [ more ] [ reply ] [SECURITY] [DSA 239-1] New kdesdk packages fix several vulnerabilities 2003-01-23 joey infodrom org (Martin Schulze) Security Update: [CSSA-2003-004.0] Linux: Multiple Security Vulnerabilities in the Common Unix Printing System (CUPS) 2003-01-21 security caldera com To: bugtraq (at) securityfocus (dot) com [email concealed] announce (at) lists.caldera (dot) com [email concealed] security-alerts (at) linuxsecurity (dot) com [email concealed] full-disclosure (at) lists.netsys (dot) com [email concealed] ________________________________________________________________________ ______ SCO Security Advisory Subject: Linux: Multiple Security Vulnerabilities in the Common Unix [ more ] [ reply ] phpLinks mail() abuse Vulnerability 2003-01-20 mindwarper hush com phpLinks mail() abuse Vulnerability ( By Mindwarper :: mindwarper (at) hush (dot) com [email concealed] :: ) <------- -------> ---------------------- Vendor Information: ---------------------- Homepage : http://www.destiney.com Vendor : Could not be informed (Host not found) Mailed advisory: 09/01/20 Vender Response : None [ more ] [ reply ] [SECURITY] [DSA 240-1] New kdegames packages fix several vulnerabilities 2003-01-23 joey infodrom org (Martin Schulze) [security (at) slackware (dot) com [email concealed]: [slackware-security] New DHCP packages available] 2003-01-23 White Vampire (whitevampire mindless com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ----- Forwarded message from Slackware Security Team <security (at) slackware (dot) com [email concealed]> ----- Return-Path: <owner-slackware-security (at) slackware (dot) com [email concealed]> Delivered-To: whitvamp@localhost Received: (qmail 6136 invoked from network); 20 Jan 2003 21:37:08 -0000 Receive [ more ] [ reply ] [CLA-2003:561] Conectiva Linux Security Announcement - cvs 2003-01-23 secure conectiva com br -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ -- CONECTIVA LINUX SECURITY ANNOUNCEMENT - ------------------------------------------------------------------------ -- PACKAGE : cvs SUMMARY : Update: cvs remote double free( [ more ] [ reply ] [OpenPKG-SA-2003.007] OpenPKG Security Advisory (wget) 2003-01-23 OpenPKG (openpkg openpkg org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ________________________________________________________________________ OpenPKG Security Advisory The OpenPKG Project http://www.openpkg.org/security.html http://www.openpkg.org openpkg-security (at) openpkg (dot) org [email concealed] [ more ] [ reply ] IE chain vulnerability 2003-01-20 Alex Loots (a loots itsec-ss nl) Hello list, I have a question regarding the IE certificate chain vulnerability reported in MS02-050. The patch that fixes this vulnerability results in strange behavior of IE when a connection attempt is being made to a website which uses a malicious certificate. I have set up a demo that uses a ma [ more ] [ reply ] DoS in Hotsync Manager (with network hotsync enabled) 2003-01-23 Gary H. Jones II (gary pointblanksecurity com) Tested with HotSync Manager version 4.0.4.0 If you connect to the port HotSync Manager listens on for a network = request telnet 127.0.0.1 14238 And send the data "OK ATDT<" followed by CRLF A message will appear "Out of memory. Please free some memory, then choose retry" It will give you opti [ more ] [ reply ] |
|
Privacy Statement |
EditTag is a script which facilitates website content management. EditTag allows users to edit pages using a web interface, but restricts editing to specific tagged areas of the document. This feature enables website managers to create a way for content authors who may not know HTML to update a w
[ more ] [ reply ]