-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- -
GENTOO LINUX SECURITY ANNOUNCEMENT
- -
PACKAGE :tar
SUMMARY :directory-traversal vulnerability
"After" Security Advisory
Title: GV Execution of Arbitrary Shell Commands
Affects: gv-3.5.8 and probably older versions
Advisory ID: ASA-
Release Date: 2002-10-01
Author: Marc Bevand
URL: http://www.epita.fr/~bevand_m/asa/asa-0
Zope versions pre 2.5.1b2 do not handle correct some XML-RPC request.
1. Summary:
Zope (www.zope.org) will reveal the complete physical location where the
server and its components are installed if it receives "incorrect" XML-RPC
requests.
In some cases it will reveal also information about the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- -
GENTOO LINUX SECURITY ANNOUNCEMENT
- -
PACKAGE:fetchmail
SUMMARY:remote vulnerabilities
DATE
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
CONECTIVA LINUX SECURITY ANNOUNCEMENT
- --
PACKAGE : python
SUMMARY : os.execvpe() vulnerability
Hi All..
I'm resending this..*without* the failure notice ;)
Attached is an Advisory concerning Netgear's FVS318
Firewall/VPN/Router, and the fact that it stores Usernames and
Passwords in plain text if the config is backed up.
Thanks,
[EMAIL PROTECTED]
http://www.aisec.net
Information
For those of you who have a desire to crash Microsoft's PPTP stack, I
have a pptp .spk script linked off of
http://www.immunitysec.com/spike.html.
It would probably be good to run against other PPTP stacks as well.
(Likewise, SPIKE's msrpcfuzzer takes down free software dce-rpc stacks
just as fa
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- -
GENTOO LINUX SECURITY ANNOUNCEMENT
- -
PACKAGE :unzip
SUMMARY :directory-traversal vulnerabili
On September 27, 2002 at 13:01, Jose Marcio Martins da Cruz wrote:
> What's interesting is that in this case the message and the malicious
> code passes through two different network paths : messages is sent by
> mail and the malicious code will be get by receiver by anonymous ftp.
>
> In the ca
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
iDEFENSE Security Advisory 10.01.02
Sendmail smrsh bypass vulnerabilities
DESCRIPTION
It is possible for an attacker to bypass the restrictions imposed by
The Sendmail Consortiums Restricted Shell (SMRSH) and execute a
binary of his choosing by in
Advisory name: XSS bug in Compaq Insight Manager Http server
Application: Compaq Insight Manager Http server
Date: 01.10.2002
Impact: XSS code execution
[DESCRIPTION]
XSS bug in Compaq Insight Manager Http server
[ISSUE]
The Compaq Insight Manager Http server is vulnerable to the Cross Site
Scr
Bugzilla Security Advisory
October 1st, 2002
All Bugzilla installations are advised to upgrade to the latest versions of
Bugzilla, 2.14.4 and 2.16.1, both released today. Security issues of
varying importance have been fixed in both. These vulnerabilities affect
all previous 2.14 and 2.16 relea
David Ahmad
Symantec
KeyID: 0x26005712
Fingerprint: 8D 9A B1 33 82 3D B3 D0 40 EB AB F0 1E 67 C6 1A 26 00 57 12
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
SECURITY BULLETIN
REVISION: 0
Title: SSRT2371 HP OpenVMS Potential POP server local vulnerability
NOTICE: There are no restri
MSIE:"SaveRef" turns Zone off
[digest]
MSIE: you can execute jscript in any zone by saving the reference
of "(NewWindow).location.assign".
(content after the "[exp]" section is not directly related to the flaw, so
skip it if you are in a hurry;)
[tested]MSIEv6(CN version)
{IEXPLORE
[For Immediate Release]
The PostNuke Security Officer has updated the CVS version of Postnuke and a
patch will be made available today to fix the outstanding issue shown here
http://marc.theaimsgroup.com/?l=bugtraq&m=103306696427569&w=2
It is apparent that the Postnuke developers reviewed the ma
15 matches
Mail list logo