|
|
Colapse all |
Post message
FreeBSD Security Advisory FreeBSD-SA-02:42.resolv 2002-11-13 FreeBSD Security Advisories (security-advisories freebsd org) Bind 8 bug experience 2002-11-13 Michael Brennen (mbrennen fni com) Three bugs in bind 4 and 8 were announced this morning, November 12. At least one has the possibility of arbitrary code execution, and the ISC web site lists it as 'Serious'. At 13:02 CST this afternoon per the ISC announcement, about an hour after receiving the bug announcement, I requested bind [ more ] [ reply ] Code Injection in phpBB Advanced Quick Reply Mod 2002-11-13 Hai Nam Luke (hainamluke hotmail com) Software: phpBB Advanced Quick Reply Mod I've found a security hole in this sofware (Code Injection). You can download this software at http://phpbbhacks.com/viewhack.php?id=586 Hackers can exploit this Mod to inject some shell code to hack your forum, your website or your server (local e [ more ] [ reply ] Remote Buffer Overflow vulnerability in Lib HTTPd. 2002-11-13 dong-h0un U (xploit hackermail com) ======================================== INetCop Security Advisory #2002-0x82-003 ======================================== * Title: Remote Buffer Overflow vulnerability in Lib HTTPd. 0x01. Description LibHTTPD can be used to add basic web server capabilities to an application or embedded [ more ] [ reply ] [SECURITY] [DSA 195-1] New Apache-Perl packages fix several vulnerabilities 2002-11-13 joey infodrom org (Martin Schulze) FreeBSD Security Advisory FreeBSD-SA-02:40.kadmind 2002-11-13 FreeBSD Security Advisories (security-advisories freebsd org) Fresh hole in W3Mail (fwd) 2002-11-12 Tim Brown (securityfocus machine org uk) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, The attached advisory supercedes my previous effort regarding W3Mail (NDSA20020719). It seems that in fixing the original holes, CascadeSoft introduced a new one. Their fix for the original hole was as I suggested, to move the MIME attachments da [ more ] [ reply ] IRIX lpd daemon vulnerabilities via sendmail and dns 2002-11-12 SGI Security Coordinator (agent99 sgi com) Security Update: [CSSA-2002-042.0] Linux: libpng progressive image loading vulnerabilities and other buffer overflows 2002-11-12 security caldera com To: bugtraq (at) securityfocus (dot) com [email concealed] announce (at) lists.caldera (dot) com [email concealed] security-alerts (at) linuxsecurity (dot) com [email concealed] full-disclosure (at) lists.netsys (dot) com [email concealed] ________________________________________________________________________ ______ SCO Security Advisory Subject: Linux: libpng progressive image loading vulnerabilities and [ more ] [ reply ] EEYE: Macromedia ColdFusion/JRun Remote SYSTEM Buffer Overflow Vulnerabilities 2002-11-12 Marc Maiffret (marc eeye com) Macromedia ColdFusion/JRun Remote SYSTEM Buffer Overflow Vulnerabilities Release Date: November 12, 2002 Severity: High (Remote SYSTEM level code execution) Systems Affected: Macromedia Coldfusion 6.0 and prior (IIS ISAPI) Macromedia JRun 4.0 and prior (IIS ISAPI) Description: Macromedia JRun an [ more ] [ reply ] APBoard - post threads to protected forums and possibility to hijack forum-password 2002-11-12 ProXy (proxy es-crew de) Product: Another PHP Program - APBoard Versions: tested on 2.02, 2.03 Vulnerability: post threads to protected forums and possibility to hijack forum-password Date: November 12, 2002 Discovered by: ProXy <proxy (at) es-crew (dot) de [email concealed]> Introduction: Normal Users can submit threads to password protec [ more ] [ reply ] Exploit code for IP Smart Spoofing 2002-11-12 Laurent Licour (llicour althes fr) Hello As we reported in our previous article: IP Smartspoofing (http://www.althes.fr/ressources/avis/smartspoofing.htm), we introduced a new method for IP Spoofing, allowing full-connexion from any client software. The exploit code smartspoof.pl is a proof of concept (for educational purpose only [ more ] [ reply ] [Fwd: Notice of serious vulnerabilities in ISC BIND 4 & 8] 2002-11-12 Aaron Howell (aaronh amerion net) -----Forwarded Message----- From: Peter Losher <Peter_Losher (at) isc (dot) org [email concealed]> To: bind-announce (at) isc (dot) org [email concealed] Subject: Notice of serious vulnerabilities in ISC BIND 4 & 8 Date: 12 Nov 2002 10:02:25 -0800 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ISC is aware of several bugs which can result in serious vul [ more ] [ reply ] RE: When scrubbing secrets in memory doesn't work 2002-11-12 Michael Wojcik (Michael Wojcik microfocus com) Reposted. > -----Original Message----- > From: Michael Wojcik > Sent: Wednesday, November 06, 2002 12:25 AM > To: 'Michael Howard' > Cc: bugtraq (at) securityfocus (dot) com [email concealed] > Subject: RE: When scrubbing secrets in memory doesn't work > > > > From: Michael Howard [mailto:mikehow (at) microsoft (dot) com [email concealed]] > > Sent: Tu [ more ] [ reply ] Remote Buffer Overflow vulnerability in Light HTTPd 2002-11-12 dong-h0un U (xploit hackermail com) ======================================== INetCop Security Advisory #2002-0x82-002 ======================================== * Title: Remote Buffer Overflow vulnerability in Light HTTPd. 0x01. Description Lhttpd that is improved in ghttpd for more convenient and strong webserver, is webserve [ more ] [ reply ] [SECURITY] [DSA 194-1] New masqmail packages fix buffer overflows 2002-11-12 joey infodrom org (Martin Schulze) GLSA: apache 2002-11-12 Daniel Ahlberg (aliz gentoo org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - -------------------------------------------------------------------- GENTOO LINUX SECURITY ANNOUNCEMENT 200211-003 - - -------------------------------------------------------------------- PACKAGE : apache SUMMARY : Cross-Site Scripting Vulnerabilit [ more ] [ reply ] KDE Security Advisory: rlogin.protocol and telnet.protocol URL KIO Vulnerability 2002-11-12 Andreas Pour (pour mieterra com) NOVL-2002-2963767 - Remote Manager Security Issue - eDir 8.6.2 2002-11-12 Ed Reed (ereed novell com) WebChat for XOOPS RC3 SQL INJECTION 2002-11-12 vALDEUx aol com Text available at http://www.phpsecure.org/tutos/webchat.1-5.xoops.rc3.sql.injection.txt Patch available on phpsecure.org XOOPS RC3 WebChat Module SQL Injection Tested with : Xoops RC3 WebChat 1-5 Author : val2 - phpsecure.org for more info and ~patchs~ Lines 291-299 from modules/W [ more ] [ reply ] SuSE Security Announcement: SuSE-SA:2002:043 (traceroute-nanog/nkitb) 2002-11-12 Thomas Biege (thomas suse de) [SecurityOffice] Hyperion Ftp Server v2.8.1 Directory Traversal Vulnerability 2002-11-12 Tamer Sahin (ts securityoffice net) -----BEGIN PGP SIGNED MESSAGE----- Hash: MD5 - --[ Hyperion Ftp Server v2.8.1 Directory Traversal Vulnerability ]-- - --[ Type Directory Traversal - --[ Release Date November 12, 2002 - --[ Product / Vendor Hyperion FTP Server is a powerful, reliable FTP server for Windows 95/98/NT/2000, and [ more ] [ reply ] [SecurityOffice] INweb Mail Server v2.01 Denial of Service Vulnerability 2002-11-12 Tamer Sahin (ts securityoffice net) -----BEGIN PGP SIGNED MESSAGE----- Hash: MD5 - --[ INweb Mail Server v2.01 Denial of Service Vulnerability ]-- - --[ Type Denial of Service - --[ Release Date November 12, 2002 - --[ Product / Vendor The INweb Mail Server is a standard Internet POP3 and SMTP mail server that runs flawlessly u [ more ] [ reply ] |
|
Privacy Statement |
========================================================================
=====
FreeBSD-SA-02:42.resolv Security Advisory
The FreeBSD Project
Topic: buffer overru
[ more ] [ reply ]