MS03-028: Flaw in ISA Server Error Pages Could Allow Cross-Site Scripting Attack
MS03-027: Unchecked Buffer in Windows Shell Could Enable System Compromise
MS03-026: Buffer Overrun In RPC Interface Could Allow Code Execution
On looking at Secunia's website at their historic advisories I see they have not published these vulnerabilities and its been 2 days!!! Our company was evaluating their paid-for service, but obvious they dont subscribe to the MS Security Maililing list - duh!
2003-07-18 - IBM U2 UniVerse "uvadmsh" Privilege Escalation Vulnerability - IBM U2 UniVerse "cci_dir" Privilege Escalation Vulnerability
2003-07-17 - eStore Path Disclosure and SQL Injection Vulnerabilities - Citadel/UX Multiple Vulnerabilities - E-mail System Database Download and SQL Injection Vulnerabil... - SGI IRIX scheme Privilege Escalation Vulnerability - SGI IRIX Name Service Daemon Multiple Vulnerabilities - Debian update for php4 - Conectiva update for phpgroupware - Cisco IOS IPv4 Packet Processing Denial of Service Vulnerabi... - Exceed Font Buffer Overflow Vulnerabilities
2003-07-16 - Windows RPC DCOM Interface Buffer Overflow Vulnerability - Windows SMTP Service Invalid Timestamp Denial of Service - .netCART Database Download Vulnerability - Synthigence Forum/Chat Database Download Vulnerability - Asus ADSL Routers Information Disclosure Vulnerabilities - Netscape Client Detection Tool Buffer Overflow Vulnerability - NeoModus Direct Connect Multiple Request Denial of Service - Mandrake update for kernel - Message Foundry Multiple Vulnerabilities - Polycom MGC-25 Control Port Denial of Service Vulnerability - Internet Explorer AutoScan Method Cross-Site Scripting Vulne... - Microsoft JET Database Engine Buffer Overflow Vulnerability - CyberShop ASP Database Download Vulnerability
In there defence they tell us they work 5 days a week, 8 hours a day, European time - but 2 days late is not acceptable!!!
_________________________________________________________________
The new MSN 8: smart spam protection and 2 months FREE* http://join.msn.com/?page=features/junkmail
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
