BugTraq Mode:
(Page 1730 of 1748)  < Prev  1725 1726 1727 1728 1729 1730 1731 1732 1733 1734 1735  Next >
MDKSA-2002:082-1 - Updated python packages fix local arbitrary code execution vulnerability 2002-12-09
Mandrake Linux Security Team (security linux-mandrake com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

________________________________________________________________________

Mandrake Linux Security Update Advisory
________________________________________________________________________

Package name: python
Advisory ID:

[ more ]  [ reply ]
KunaniFTP-Server v.1.0.10 allows dictionary traversal 2002-12-10
Zero-X www.lobnan.de Team (zero-x linuxmail org)
KunaniFTP-Server v.1.0.10 allows dictionary traversal:

Some ftp-commands in KunaniFTP-Server allows dictionary traversal.

Example:
######################################################
Verbindung mit server.
220 Kunani FTP Server Ready ( www.kunani.com )
Benutzer (server:(none)): anonymous
331 P

[ more ]  [ reply ]
[SECURITY] [DSA-206-1] tcpdump BGP decoding error 2002-12-10
Wichert Akkerman (wichert wiggy net)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------

Debian Security Advisory DSA-206-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Wichert Akkerman
December 10, 2002
- ------------

[ more ]  [ reply ]
[SECURITY] [DSA-205-1] gtetrinet buffer overflows 2002-12-10
Wichert Akkerman (wichert wiggy net)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------

Debian Security Advisory DSA-205-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Wichert Akkerman
December 10, 2002
- ------------

[ more ]  [ reply ]
TFTP32 DOS 2002-12-10
securma massine (securma caramail com)
hi
tftp32 is a server for Windows 9x/NT/XP
(http://tftpd32.jounin.net)
I found that one could crash th server with "GET com1"
or "GET AUX"
exploit:
tftp -i xxx.xxx.xxx.xxx GET com1
the waiter must be restarted manually
version affected: TFTP32 version 2.21 and prior

NO affected: TFTP32 v2.51

secu

[ more ]  [ reply ]
Remote multiple vulnerability in apt-www-proxy. 2002-12-10
dong-h0un U (xploit hackermail com)


========================================
INetCop Security Advisory #2002-0x82-009
========================================

* Title: Remote multiple vulnerability in apt-www-proxy.

0x01. Description

__
bash$ lynx -dump http://ironsides.terrabox.com/~ahzz/apt-www-proxy/

[ more ]  [ reply ]
Unchecked buffer in PC-cillin 2002-12-10
advisories texonet com (advisories texonet com)
------------------------------------------------------------------------
----
-
Texonet Security Advisory 20021210
------------------------------------------------------------------------
----
-
Advisory ID : TEXONET-20021210
Authors : Joel Soderberg and Christer Oberg (advisories (at) texonet (dot) co [email concealed]

[ more ]  [ reply ]
[RHSA-2002:229-10] Updated wget packages fix directory traversal bug 2002-12-10
bugzilla redhat com
---------------------------------------------------------------------
Red Hat, Inc. Red Hat Security Advisory

Synopsis: Updated wget packages fix directory traversal bug
Advisory ID: RHSA-2002:229-10
Issue date: 2002-12-10
Updated on: 2002-12-04
Produ

[ more ]  [ reply ]
[RHSA-2002:246-18] Updated Canna packages fix vulnerabilities 2002-12-10
bugzilla redhat com
---------------------------------------------------------------------
Red Hat, Inc. Red Hat Security Advisory

Synopsis: Updated Canna packages fix vulnerabilities
Advisory ID: RHSA-2002:246-18
Issue date: 2002-12-10
Updated on: 2002-12-04
Product:

[ more ]  [ reply ]
Security Update: [CSSA-2002-SCO.43] UnixWare 7.1.1 Open UNIX 8.0.0 : closed file descriptor race vulnerability 2002-12-09
security caldera com
To: bugtraq (at) securityfocus (dot) com [email concealed] announce (at) lists.caldera (dot) com [email concealed] scoannmod (at) xenitec.on (dot) ca [email concealed] full-disclosure (at) lists.netsys (dot) com [email concealed]

________________________________________________________________________
______

SCO Security Advisory

Subject: UnixWare 7.1.1 Open UNIX 8.0.0 : closed file descriptor race vulnerab

[ more ]  [ reply ]
[RHSA-2002:196-19] Updated xinetd packages fix denial of service vulnerability 2002-12-09
Derek Luce (derek powernetcommunications com)
---------------------------------------------------------------------
Red Hat, Inc. Red Hat Security Advisory

Synopsis: Updated xinetd packages fix denial of service vulnerability
Advisory ID: RHSA-2002:196-19
Issue date: 2002-09-06
Updated on: 2002-

[ more ]  [ reply ]
Cyrus SASL library buffer overflows 2002-12-09
Timo Sirainen (tss iki fi) (1 replies)
These overflows are found at least in version 2.1.9, none of them are
present in 1.5.28. 2.1.10 was just released which fixed the problems.

Note that besides the Cyrus project itself, the SASL library is also used
by Postfix-TLS patch, OpenLDAP and probably some other servers.

Problem 1
---------

[ more ]  [ reply ]
Re: Cyrus SASL library buffer overflows 2002-12-10
Matthias Andree (ma dt e-technik uni-dortmund de)
[SecurityOffice] Enceladus Server Suite v3.9 Buffer Overflow Vulnerability 2002-12-09
Tamer Sahin (ts securityoffice net)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: MD5

- --[ Enceladus Server Suite v3.9 Buffer Overflow Vulnerability ]--

- --[ Type

Buffer Overflow

- --[ Release Date

December 09, 2002

- --[ Product / Vendor

Enceladus Server Suite is an Internet/Intranet lightweight Web and FTP Server for
Windows, pr

[ more ]  [ reply ]
SECURITY.NNOV: more Ikonboard 3.1.1 crossite scriptings 2002-12-09
3APA3A (3APA3A SECURITY NNOV RU)

Ikonboard 3.1.1

There are few ways to insert HTML tags into board content.

1. Via Photo URL.

In profile user can set URL of photo. It's possible to insert URL like

javascript:alert(document.cookie)

Javascript will be triggered if someone accesses user's profile.

2. Via X-Forwarded

[ more ]  [ reply ]
XSS and Path Disclosure in UPB 2002-12-07
euronymous (just-a-user yandex ru)
=:=:=::=:=:=::=:=:=::=:=:=::=:=:=::=:=:=::=:=:=::=
topic: XSS and Path Disclosure in UPB
product: Ultimate PHP Board (UPB) final beta 1.0
vendor: http://www.webrc.ca/php/upb.php
risk: middle
date: 12/7/2k2
discovered by: euronymous /F0KP /HACKRU Team
advisory url: http://f0kp.iplus.ru/bz/009.txt
=

[ more ]  [ reply ]
Security Update: [CSSA-2002-057.0] Linux: groff pic buffer overflow 2002-12-07
security caldera com
To: bugtraq (at) securityfocus (dot) com [email concealed] announce (at) lists.caldera (dot) com [email concealed] security-alerts (at) linuxsecurity (dot) com [email concealed] full-disclosure (at) lists.netsys (dot) com [email concealed]

________________________________________________________________________
______

SCO Security Advisory

Subject: Linux: groff pic buffer overflow
Advisory number: CSSA-20

[ more ]  [ reply ]
APBoard-Bug 2002-12-06
DNA ESC (dna http ch)

Product: APBoard-Bug
Versions: tested on 2.02
Vulnerability: users can subscribe a thread in the internal forum
Date: Dezember 5, 2002
Discovered by: DNA <dna (at) es-crew (dot) de [email concealed]>

Introduction:
Normal Users can read new answers to a thread in the internal forum
I have already informed APP about this vul

[ more ]  [ reply ]
[SECURITY] [DSA 192-2] New html2ps packages correct fix against arbitrary code execution 2002-12-06
joey infodrom org (Martin Schulze)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 192-2 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Martin Schulze
December 6th, 2002 ://www.

[ more ]  [ reply ]
[SECURITY] [DSA 202-2] New IM packages correct hidden architecture dependency 2002-12-06
joey infodrom org (Martin Schulze)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 202-2 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Martin Schulze
December 6th, 2002

[ more ]  [ reply ]
WebReflex Directory Traversal Vulnerability 2002-12-06
luca.ercoli (at) inwind (dot) it [email concealed] (luca ercoli inwind it)
Summary: WebReflex is a web server that is specially designed for use

on cd-rom.

Details: Remote attackers can view any file on the server simply

sending a specially crafted request to it. Exploit: http://target/../

tested on version 1.53

From: Luca Ercoli luca.ercoli (at) inwind (dot) it [email concealed]

[ more ]  [ reply ]
SuSE Security Announcement: OpenLDAP2 (SuSE-SA:2002:047) 2002-12-06
Sebastian Krahmer (krahmer suse de)

-----BEGIN PGP SIGNED MESSAGE-----

________________________________________________________________________
______

SuSE Security Announcement

Package: OpenLDAP2
Announcement-ID: SuSE-SA:2002:047
Date: Fri Dec

[ more ]  [ reply ]
Security Update: [CSSA-2002-056.0] Linux: apache vulnerabilities in shared memory, DNS, and ApacheBench 2002-12-06
security caldera com
To: bugtraq (at) securityfocus (dot) com [email concealed] announce (at) lists.caldera (dot) com [email concealed] security-alerts (at) linuxsecurity (dot) com [email concealed] full-disclosure (at) lists.netsys (dot) com [email concealed]

________________________________________________________________________
______

SCO Security Advisory

Subject: Linux: apache vulnerabilities in shared memory, DNS, and Ap

[ more ]  [ reply ]
RE: Sygate Personal Firewall can be shut down without a need to supply a password - although one is required 2002-12-06
Russ (Russ Cooper rc on ca)
Eitan said;
"Privileged users CAN START the procedure of stopping the service - BUT, the application vendor CAN (as part of the overall procedures performed when an application is being shut down) place a code section that forces a password prompt at the beginning of the stopping process and if the

[ more ]  [ reply ]
Sygate Personal Firewall can be shut down without a need to supply 2002-12-05
Seth Knox (seth knox sygate com)
If you are an Administrator of a computer, you have the absolute right to
stop any service, including the Sygate Personal Firewall Service, using the
services window or "net stop" command.  This is not a vulnerability but
rather the intended implementation of the Microsoft operating system.  If
the

[ more ]  [ reply ]
RE: Sygate Personal Firewall can be shut down without a need to supply 2002-12-05
Eitan Caspi (eitancaspi yahoo com)
Hello Seth,

Thanks for taking the time to comment about this issue.

1. As you may noticed, I used the term "privileged users". Stopping
service is enabled for the members of the local power users as well, so
the problem range is wider.

2. I will sharpen my point: You are absolutely correct about

[ more ]  [ reply ]
Cobalt RaQ4 Remote root exploit 2002-12-05
grazer digit-labs org
Hello,

I've attached an exploit that will allow an attacker to gain remote
root access on Cobalt RaQ's which have the security hardening package
installed (SHP).

the official patch for this problem can be found here :
http://ftp.cobalt.sun.com/pub/packages/raq4/eng/RaQ4-en-Security-2.0.1-S
HP_REM.p

[ more ]  [ reply ]
(Page 1730 of 1748)  < Prev  1725 1726 1727 1728 1729 1730 1731 1732 1733 1734 1735  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus