|
|
Colapse all |
Post message
Adelphia Powerlink service vulnerable to man in the middle attacks by cable modem users. 2002-12-12 0x90 (0x90 invisiblenet net) [SECURITY] [DSA-209-1] two wget problems 2002-12-12 Wichert Akkerman (wichert wiggy net) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-209-1 security (at) debian (dot) org [email concealed] http://www.debian.org/security/ Wichert Akkerman December 12, 2002 - ------------ [ more ] [ reply ] Password Hole Found In Webshots 2002-12-12 Brian Carpenter (brian carpenter wosc edu) I have descovered a hole in the webshots screensave program. On either a Win2K or xp machine that has it installed you can bypass the password on the screen saver by pressing Ctrl+Alt+Del wich brings up the Windows box that contains logout lockcomputer shutdown ect: Then you will hit cancel and boo [ more ] [ reply ] [RHSA-2002:222-21] Updated apache, httpd, and mod_ssl packages available 2002-12-12 bugzilla redhat com VisNetic WebSite XSS vulnerability through HTTP referer header 2002-12-12 Ory Segal (ory segal sanctuminc com) Visnetic WebSite XSS vulnerability through HTTP Referer header ------------------------------------------------------------------------ --------------------- => Author: Ory Segal - Sanctum inc. http://www.sanctuminc.com/ => Release date: 09/12/2002 => Vendor: Deerfield ( http://www.deerfield.com ) [ more ] [ reply ] [SECURITY] [DSA 208-1] New Perl packages correct Safe handling 2002-12-12 joey infodrom org (Martin Schulze) Multiple Mambo Site Server sec-weaknesses 2002-12-12 euronymous (just-a-user yandex ru) =:=:=::=:=:=::=:=:=::=:=:=::=:=:=::=:=:=::=:=:=::= topic: Multiple Mambo Site Server sec-weaknesses product: Mambo Site Server 4.0.11 vendor: http://sourceforge.org/projects/mambo risk: high date: 12/12/2k2 discovered by: euronymous /F0KP /HACKRU Team advisory urls: http://f0kp.iplus.ru/bz/010.en.tx [ more ] [ reply ] PNG (Portable Network Graphics) Deflate Heap Corruption Vulnerability 2002-12-12 Marc Maiffret (marc eeye com) PNG (Portable Network Graphics) Deflate Heap Corruption Vulnerability Release Date: December 11, 2002 Severity: High (Code Execution) Systems Affected: We have specifically tested the following software and verified the potential for exploitation: Microsoft Internet Explorer 5.01 Microsoft Intern [ more ] [ reply ] MDKSA-2002:086 - Updated wget packages fix directory traversal vulnerability 2002-12-12 Mandrake Linux Security Team (security linux-mandrake com) CERT Advisory CA-2002-35 Vulnerability in RaQ 4 Servers (fwd) 2002-12-12 Muhammad Faisal Rauf Danka (mfrd attitudex com) Security Update: [CSSA-2002-SCO.44] UnixWare 7.1.1 Open UNIX 8.0.0 : uudecode performs inadequate checks on user-specified output files 2002-12-11 security caldera com To: bugtraq (at) securityfocus (dot) com [email concealed] announce (at) lists.caldera (dot) com [email concealed] scoannmod (at) xenitec.on (dot) ca [email concealed] full-disclosure (at) lists.netsys (dot) com [email concealed] ________________________________________________________________________ ______ SCO Security Advisory Subject: UnixWare 7.1.1 Open UNIX 8.0.0 : uudecode performs inadequate checks [ more ] [ reply ] MTPSR1-120 Firewall Proxy configuration software 2002-12-11 UkR security team? (cuctema ok ru) Product : MTPSR1-120 Firewall Proxy configuration software Version : 3.0 Vendor : Multi-Tech Systems, Inc. (http://www.multitech.com) Remote : Yes Author : UkR-XblP (cuctema (at) ok (dot) ru [email concealed])/ UkR security team Overview: Firewall Proxy configuration software default do not set a [ more ] [ reply ] Enceladus Server Suite traversal directory vulnerability 2002-12-08 luca.ercoli (at) inwind (dot) it [email concealed] (luca ercoli inwind it) Summary: Enceladus Server Suite is an internet/intranet lightweight web and ftp server for windows. Details: The web server has been found to contain a security flaw that allows attackers to travers up the root directory and view/download files on the system. Vulnerable System: Enceladus Se [ more ] [ reply ] proftpd <=1.2.7rc3 DoS 2002-12-08 Rob klein Gunnewiek (rmkleing hio hen nl) Hello, proftpd is vulnerable to denial of service similar to the list */../*/../*/../*. #!/bin/sh # # proftpd <=1.2.7rc3 DoS - Requires anonymous/ftp login at least # might work against many other FTP daemons # consumes nearly all memory and alot of CPU # # tested against slackware 8.1 - proftpd 1 [ more ] [ reply ] Security Update: [CSSA-2002-058.0] Linux: buffer overflow in nss_ldap DNS SRV 2002-12-11 security caldera com To: bugtraq (at) securityfocus (dot) com [email concealed] announce (at) lists.caldera (dot) com [email concealed] security-alerts (at) linuxsecurity (dot) com [email concealed] full-disclosure (at) lists.netsys (dot) com [email concealed] ________________________________________________________________________ ______ SCO Security Advisory Subject: Linux: buffer overflow in nss_ldap DNS SRV Advisory number: [ more ] [ reply ] Directory Traversal Vulnerabilities in FTP Clients 2002-12-11 Steven M. Christey (coley linus mitre org) (1 replies) ___ Summary __________________________________________________________ Title: Directory Traversal Vulnerabilities in FTP Clients Date: December 10, 2002 Author: Steve Christey (coley (at) mitre (dot) org [email concealed]) Revision: 1.3 Product: Multiple FTP and web clients OS/Platform: [ more ] [ reply ] Re: Directory Traversal Vulnerabilities in FTP Clients 2002-12-12 Stephen Samuel (samuel bcgreen com) [SECURITY] [DSA 207-1] New tetex-lib packages fix arbitrary command execution 2002-12-11 joey infodrom org (Martin Schulze) Cisco Security Advisory: OSM Line Card Header Corruption Vulnerability 2002-12-11 Cisco Systems Product Security Incident Response Team (psirt cisco com) -----BEGIN PGP SIGNED MESSAGE----- Cisco Security Advisory: OSM Line Card Header Corruption Vulnerability ======================================================================== Revision 1.0 FINAL For Public Release 2002 December 11 16:00 UTC - ----------------------------------------------- [ more ] [ reply ] Directory traversing bug in 'myServer' webserver. 2002-12-11 dong-h0un U (xploit hackermail com) =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- INetCop Security Advisory #2002-0x82-010 -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= - Our 10th advisory does self-congratulation. * Title: Directory traversing bug in 'myServer' webserver. 0x01. Description It's very useful Windows webserver that is [ more ] [ reply ] RE: Sygate Personal Firewall can be shut down without a need to supply a password - although one is required 2002-12-09 Seth Knox (seth knox sygate com) (1 replies) Eitan, You are welcome. Thank you for taking the time to test Sygate Personal Firewall. However, in this case, I think you are making an issue out something that is trivial to anyone who understands the use of rights and privileges within the Windows Operating Systems. I suggest that in the future [ more ] [ reply ] RE: Sygate Personal Firewall can be shut down without a need to supply a password - although one is required 2002-12-09 Eitan Caspi (eitancaspi yahoo com) Re: XSS and Path Disclosure in UPB 2002-12-09 Frog Man (leseulfrog hotmail com) Anything about UPB was already wrote (1.1 & 1.0beta) : http://www.frogsecure.com/tutos/UPB.txt >From: "euronymous" <just-a-user (at) yandex (dot) ru [email concealed]> >Reply-To: just-a-user (at) yandex (dot) ru [email concealed] >To: bugtraq (at) securityfocus (dot) com [email concealed], vulnwatch (at) vulnwatch (dot) org [email concealed] >Subject: XSS and Path Disclosure in UPB >Date: Sat, 7 Dec 2002 20: [ more ] [ reply ] |
|
Privacy Statement |
Hash: SHA1
- ----------------------------------------------------------------------
- ----
InvisibleNet Security Advisory ISA 1-1a security (at) invisiblenet (dot) com [email concealed]
http://www.invisiblenet.com
December 12th, 2002 - report issued by 0x90
- -----------------------------
[ more ] [ reply ]