|
|
Colapse all |
Post message
[SECURITY] [DSA 237-1] New kdenetwork packages fix several vulnerabilities 2003-01-23 joey infodrom org (Martin Schulze) SPRINT ADSL [Zyxel 645 Series Modem] 2003-01-23 http-equiv (at) excite (dot) com [email concealed] (http-equiv malware com) Thursday, January 23 2003 Sprint FastConnect[insert little registration r here]ADSL provides the Zyxel series of modem/routers to their customers. The problem is all these devices are factory set with default commonly known passwords and logins and include a little http, ftp and telnet serve [ more ] [ reply ] [SECURITY] [DSA 238-1] New kdepim packages fix several vulnerabilities 2003-01-23 joey infodrom org (Martin Schulze) RE: TRACE used to increase the dangerous of XSS. 2003-01-23 Thor Larholm (thor pivx com) I just finished reading this so-called whitepaper and the press release, and all I can say is hyped, sensationalised snakeoil. The HttpOnly cookie feature, a proprietary Microsoft extension designed to mitigate a single aspect of XSS, can be circumvented in myriads of ways. In fact, reading the HTT [ more ] [ reply ] [OpenPKG-SA-2003.006] OpenPKG Security Advisory (python) 2003-01-23 OpenPKG (openpkg openpkg org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ________________________________________________________________________ OpenPKG Security Advisory The OpenPKG Project http://www.openpkg.org/security.html http://www.openpkg.org openpkg-security (at) openpkg (dot) org [email concealed] [ more ] [ reply ] [security (at) slackware (dot) com [email concealed]: [slackware-security] New CVS packages available] 2003-01-23 White Vampire (whitevampire mindless com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ----- Forwarded message from Slackware Security Team <security (at) slackware (dot) com [email concealed]> ----- Return-Path: <owner-slackware-security (at) slackware (dot) com [email concealed]> Delivered-To: whitvamp@localhost Received: (qmail 22276 invoked from network); 22 Jan 2003 01:02:50 -0000 Receiv [ more ] [ reply ] [ANNOUNCE] Apache 2.0.44 Released 2003-01-22 Lars Eilebrecht (lars apache org) -----BEGIN PGP SIGNED MESSAGE----- The Apache Software Foundation and The Apache HTTP Server Project are pleased to announce the seventh public release of the Apache 2.0 HTTP Server. This Announcement notes the significant changes in 2.0.44 as compared to 2.0.43. This version of Apache is princi [ more ] [ reply ] MyRoom (PHP) 2003-01-19 Frog Man (leseulfrog hotmail com) Informations : °°°°°°°°°°°°°° Website : http://www.plansbiz.net Version : 3.5 GOLD Problems : File copy/upload PHP Code/Location : °°°°°°°°°°°°°°°°°°° room/save_item.php : ------------------------------------------------------------------------ if($name == "" OR $ref == ""){ echo "You are fogot en [ more ] [ reply ] Updated patches for SGI Advisories 20020903-02-P and 20021103-01-P 2003-01-22 SGI Security Coordinator (agent99 sgi com) [OpenPKG-SA-2003.003] OpenPKG Security Advisory (vim) 2003-01-21 OpenPKG (openpkg openpkg org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ________________________________________________________________________ OpenPKG Security Advisory The OpenPKG Project http://www.openpkg.org/security.html http://www.openpkg.org openpkg-security (at) openpkg (dot) org [email concealed] [ more ] [ reply ] [SCSA-001] Sambar Server Cross-Site Scripting vulnerability 2003-01-22 Le Bras Grégory (gregory lebras security-corp org) .: Sambar Server Cross-Site Scripting vulnerability :. ________________________________________________________________________ Security Corporation Security Advisory [SCSA-001] ________________________________________________________________________ PROGRAM: Sambar Server HOMEPAGE: http: [ more ] [ reply ] ISS Security Brief: PeopleSoft XML External Entities Vulnerability (fwd) 2003-01-20 Dave Ahmad (da securityfocus com) David Mirza Ahmad Symantec 0x26005712 8D 9A B1 33 82 3D B3 D0 40 EB AB F0 1E 67 C6 1A 26 00 57 12 -----BEGIN PGP SIGNED MESSAGE----- Internet Security Systems Security Brief January 20, 2003 PeopleSoft XML External Entities Vulnerability Synopsis: ISS X-Force has discovered a flaw in the Peo [ more ] [ reply ] SuSE Security Announcement: susehelp (SuSE-SA:2003:005) 2003-01-20 Sebastian Krahmer (krahmer suse de) FTP delete file problem 2003-01-17 K B (krbrooks1_1999 yahoo com) I've seen this problem with NCFTP 2.7.1 on Solaris 8, and I wondering if anyone knew of a fix for this or could tell me if I'm just missing somethinhg obvious. Here's what I tested with ncftp. I have 2 virtual users, userA and userB. UserA puts a file, then when userB ftp's to that loca [ more ] [ reply ] RUXCON - 12/13 April, 2003. SYDNEY, Australia. 2003-01-17 RuxCon (announce-con ruxcon org) RUXCON - 12/13 April, 2003. SYDNEY, Australia. http://www.ruxcon.org RUXCON is a conference organized by the (sometimes underground) Australian security community. It is an attempt to bring together the individual talents of the Australian computer security sector, through live pres [ more ] [ reply ] [OpenPKG-SA-2003.004] OpenPKG Security Advisory (cvs) 2003-01-21 OpenPKG (openpkg openpkg org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ________________________________________________________________________ OpenPKG Security Advisory The OpenPKG Project http://www.openpkg.org/security.html http://www.openpkg.org openpkg-security (at) openpkg (dot) org [email concealed] [ more ] [ reply ] TRACE used to increase the dangerous of XSS. 2003-01-22 Jeremiah Grossman (jeremiah whitehatsec com) WhiteHat Security has released a new white paper discussing a new class of web-app-sec attack (XST) which potentially affects all web servers supporting TRACE. The white paper explains all the detailed technical results we have found so far. We are fairly certain this particular issue will spark mu [ more ] [ reply ] Path Parsing Errata in Apache HTTP Server 2003-01-22 mattmurphy (at) kc.rr (dot) com [email concealed] (mattmurphy kc rr com) Original Message: ----------------- From: mattmurphy (at) kc.rr (dot) com [email concealed] mattmurphy (at) kc.rr (dot) com [email concealed] Date: Wed, 22 Jan 2003 09:00:58 -0500 To: full-disclosure (at) lists.netsys (dot) com [email concealed] Subject: Path Parsing Errata in Apache HTTP Server Path Parsing Errata in Apache HTTP Server ABSTRACT The Apache HTTP Server <http://h [ more ] [ reply ] MDKSA-2003:010 - Updated printer-drivers packages fix local vulnerabilities 2003-01-21 Mandrake Linux Security Team (security linux-mandrake com) [SECURITY] [DSA 235-1] New kdegraphics packages fix several vulnerabilities 2003-01-22 joey infodrom org (Martin Schulze) Whitepaper - Detecting Wireless LAN MAC Address Spoofing 2003-01-22 Joshua Wright (Joshua Wright jwu edu) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I recently completed a white paper that demonstrates some techniques that can be used for detecting spoofed MAC addresses on 802.11 networks. In this paper I identify tactics that can be used to identify the use of the Wellenreiter, FakeAP and AirJack [ more ] [ reply ] WinRAR buffer overflow vulnerability 2003-01-21 nesumin (nesumin softhome net) Hello everybody. We found vulnerability in WinRAR 3.10 or lower version, and reported details to Author of this Software at 2003/01/12. Fixed version 3.11 of WinRAR was released, so we release the Information about this vulnerability. ___________________________________________________ ------ [ more ] [ reply ] [SECURITY] [DSA 233-1] New cvs packages fix arbitrary code execution 2003-01-21 joey infodrom org (Martin Schulze) Entercept Ricochet Advisory: Sun Solaris KCMS Library Service Daemon Arbitrary File Retrieval Vulnerability 2003-01-22 Entercept Ricochet Team (Ricochet entercept com) *******ENTERCEPT RICOCHET ADVISORY******* Date: Wednesday, January 22, 2003 Issue: KCMS Library Service Daemon Arbitrary File Retrieval Vulnerability http://www.entercept.com/news/uspr/01-22-03.asp Vulnerability Description: Kodak Color Management System (KCMS) is an API that provides color m [ more ] [ reply ] YabbSE Remote Code Execution Vulnerability 2003-01-21 mindwarper hush com YabbSE Remote Code Execution Vulnerability ( By Mindwarper :: mindwarper (at) hush (dot) com [email concealed] :: ) <------- -------> ---------------------- Vendor Information: ---------------------- Homepage : http://www.yabbse.org Vendor : informed Mailed advisory: 21/01/02 Vender Response : None ---------------------- [ more ] [ reply ] New Web Vulnerability - Cross-Site Tracing 2003-01-22 Pete Soderling (pete petesoder com) (1 replies) I thought this news might interest the group ... ExtremeTech (http://extremetech.com) just released an article on a new type of vulnerability recently reported to CERT, Cross-Site Tracing (XST). "After months of extensive research, San Jose California-based WhiteHat Security has unmasked a flaw in [ more ] [ reply ] |
|
Privacy Statement |
Hash: SHA1
- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 237-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Martin Schulze
January 22nd, 2003
[ more ] [ reply ]