SecurityFocus

Visual SourceSafe - Preliminary Observations 2002-12-29
Joel Maslak (jmaslak antelope net)

Recently, I evaluated Visual SourceSafe (VSS) 6.0 for an employer. We
were comparing it to other network-aware source code control systems.

Visual SourceSafe is barely network aware. By "barely", it is network
aware in the same way an Access Database can be network aware - all
program logic i

[ more ] [ reply ]

CITIBANK [CANADA]: INTERNET EXPLORER BROWSERS 2002-12-29
http-equiv (at) excite (dot) com [email concealed] (http-equiv malware com)

Sunday, December 29, 2002

There is a small silly hitch with CITIBANK CANADA's secured sign in
to online banking:

https://citibankcanada.ebilling.com/index.jhtml

Specifically AUTOCOMPLETE="off" in the forms. It is not set.

While much explanation is made about SSL connections and fancy
digital

[ more ] [ reply ]

Multiple vulnerabilities found in PlatinumFTPserver V1.0.6 2002-12-30
Dennis Rand (DER cowi dk)

Mvh.
Dennis Rand
System/Security Manager
COWI A/S

A world of machines pushing packets to each other. Computers passing data
through various protocols without argument. A problem humanity still hasn't
surpassed. Networks breaking barriers of political hatred. Physical bodies
are no longer import

[ more ] [ reply ]

Leafnode security announcement SA:2002:01 2002-12-29
Matthias Andree (matthias andree gmx de)

-----BEGIN PGP SIGNED MESSAGE-----

leafnode-SA-2002:01.versions

Topic: vulnerabilities in leafnode

Announcement: leafnode-SA-2002:01
Writer: Matthias Andree
Version: 1.00
Announced: 2002-12-29
Category: main
Type: denial of service
Impact: CPU busy loop
Credits: Jan Knutar (jknutar, nic dot f

[ more ] [ reply ]

[SECURITY] [DSA 218-1] New bugzilla packages fix cross site scripting problem 2002-12-30
joey infodrom org (Martin Schulze)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 218-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Martin Schulze
December 30th, 2002

[ more ] [ reply ]

Potential DOS attack with Web-CyrAdm. 2002-12-30
Casper Aleva (tonus dsinet org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

DSINet Security Advisory DSINET-SA-02-01
http://www.dsinet.org/textfiles/advisories/dsinet/dsinet-sa-02-01.txt

Potential DOS attack with Web-CyrAdm

Program: Web-CyrAdm
Credits: Remko Lodder ( remko (at) dsinet (dot) org [email concealed] - http://www.dsinet.org/ )
Vendor: Luc de

[ more ] [ reply ]

GLSA: cups 2002-12-29
Daniel Ahlberg (aliz gentoo org)

GLSA: openldap 2002-12-28
Daniel Ahlberg (aliz gentoo org)

Telindus 112x ADSL Router - Weak Password Encryption 2002-12-28
eflorio edmaster it

Telindus Router (series 112x)

has a well-know authentication problem,

which lets to extract router password

from a UDP-dump sniffed over 9833 port.

More about this at:

http://www.securiteam.com/securitynews/5DP0A2K7GY.html

or

http://neworder.box.sk/showme.php3?id=6730

New firmware (6.0

[ more ] [ reply ]

Gallery v1.3.2 allows remote exploit (fixed in 1.3.3) 2002-12-28
Bharat Mediratta (bharat menalto com)

___________________
PROBLEM DESCRIPTION

Gallery is an open source image management system. Learn more about
it at http://gallery.sourceforge.net

Gallery v1.3.2 introduced a new feature that allows users to publish
images to their website-based Gallery using the Windows XP Publishing
subsystem.

[ more ] [ reply ]

PHRACK #60 HAS BEEN RELEASED 2002-12-28
phrackstaff phrack org

PHRACK Inc. is proud to present

.oO( P H R A C K N U M B E R 6 0 )Oo.

We are proud that we finally can present you the one and only, the best,
the always right and never wrong dmca-ignoring and bush-bashing PHRACK
magazine NUMBER 60! Having now reached this mil

[ more ] [ reply ]

[IPS] PUTTY SSH-Client Exploit 2002-12-28
Daniel Alcántara de la Hoz (seguridad iproyectos net)

-----------------------------------------------------------
I-PROYECTOS Division Seguridad (Security Research)
-----------------------------------------------------------
2003 seguridad (at) iproyectos (dot) net [email concealed]

Proof of concept code / Exploit
-----------------------------------------------------------

[ more ] [ reply ]

GLSA: cyrus-sasl 2002-12-27
Daniel Ahlberg (aliz gentoo org)

Buffer overflow in PHP "wordwrap" function 2002-12-27
David F. Skoll (dfs roaringpenguin com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

There is a buffer overflow in PHP's built-in "wordwrap" function
for PHP versions greater than 4.1.2 and less than 4.3.0.

Please see http://bugs.php.net/bug.php?id=20927 for details.

If you use the wordwrap() function on user-supplied input, a
special

[ more ] [ reply ]

[CLA-2002:557] Conectiva Linux Security Announcement - cyrus-imapd 2002-12-27
secure conectiva com br

[GIS 2002101601] SkyStream Admin Shell Privilege Escalation. 2002-12-27
Global InterSec Research (research globalintersec com)

Global InterSec LLC
http://www.globalintersec.com

GIS Advisory ID: 2002101601
Changed: 12/27/2002
Author: research (at) globalintersec (dot) com [email concealed]
Reference: http://www.globalintersec.com/adv/skystream-2002101601.txt

Summary:

SkyStream's Edge Media Router-5000 (EMR5000) a

[ more ] [ reply ]

[SECURITY] [DSA 217-1] New typespeed packages fix buffer overflow 2002-12-27
joey infodrom org (Martin Schulze)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 217-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Martin Schulze
December 27th, 2002

[ more ] [ reply ]

(MSIE)A rather old trick for web server is now played on MSIE. 2002-12-26
Liu Die Yu (liudieyuinchina yahoo com cn)

(MSIE)A rather old trick for web server is now played on MSIE.

("that's all" is the end of file if you are in a hurry)

[tested]MSIEv6(CN version)

Patch: Q312461,Q328970(MS02-066)

{IEXPLORE.EXE file version: 6.0.2600.0000}

{MSHTML.DLL file version: 6.00.2600.0000}

[demo]

at

http://w

[ more ] [ reply ]

Full Disclosure: Windows File Protection Old Security Catalog Vulnerability 2002-12-26
FORENSICS.ORG Security Coordinator (secalert forensics org)

========================================================================
====
==
________________________________________________________________________
____
__
SECURITY ALERT

Windows File Protection Old Security Catalog Vulnerability

December 26, 2002 [Full Disclosure, secure (at) microsoft (dot) com [email concealed] and oth

[ more ] [ reply ]

Full Disclosure: Windows File Protection Arbitrary Certificate Chain Vulnerability 2002-12-26
FORENSICS.ORG Security Coordinator (secalert forensics org)

========================================================================
====
==
________________________________________________________________________
____
__
SECURITY ALERT

Windows File Protection Arbitrary Certificate Chain Vulnerability

December 26, 2002 [Full Disclosure, secure (at) microsoft (dot) com [email concealed]

[ more ] [ reply ]

[SECURITY] [DSA 216-1] New fetchmail packages fix buffer overflow 2002-12-24
joey infodrom org (Martin Schulze)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 216-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Martin Schulze
December 24th, 2002

[ more ] [ reply ]

[SNS Advisory No.60 rev.2] Windows XP Disclosure of Registered AP Information 2002-12-24
snsadv (at) lac.co (dot) jp [email concealed] (snsadv lac co jp)

------------------------------------------------------------------------
--
SNS Advisory No.60
Windows XP Disclosure of Registered AP Information

Problem first discovered: 30 Aug 2002
Published: 4 Dec 2002
Last revised: 24 Dec 2002
http://www.lac.co.jp/security/english/snsadv_e/60_e.html
-----------

[ more ] [ reply ]

iDEFENSE Security Advisory 12.23.02: Integer Overflow in pdftops 2002-12-23
iDEFENSE Labs (labs idefense com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

iDEFENSE Security Advisory 12.23.02:
http://www.idefense.com/advisory/12.23.02.txt
Integer Overflow in pdftops
December 23, 2002

Reference Advisory: http://www.idefense.com/advisory/12.19.02.txt
[Multiple Security Vulnerabilities in Common Unix Printi

[ more ] [ reply ]

Proxy vulnerability in TrendMicro InterScan-VirusWall V3.6 2002-12-23
jrodriga retevision es

Thanks Volker,

This warning was published 6 months ago. Please see the TrendMicro
Solution Bank (Solution 13000):

http://kb.trendmicro.com/solutions/solutionDetail.asp?solutionID=13000

Regards,

Josué.

----- Remitido por Josue Rodriguez Garduño/CATALUNYA/RETEVISION con f

[ more ] [ reply ]

Antwort: Openwebmail 1.71 remote root compromise 2002-12-23
Stephan Sachweh (Stephan Sachweh pallas com)

On 18.12.2002 18:37:59 Dmitry Guyvoronsky wrote:

> Software : Openwebmail (http://openwebmail.org)
> Version : ?.?? -> 1.71 (current)
> Type : Arbitrary commands execution
> Remote : yes
> Root : yes (!!!)
> Date : December 18, 2002

> IV. RECOMENDATIONS
>
> Temporary disable usin

[ more ] [ reply ]