GLSA: mysql

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - GENTOO LINUX SECURITY ANNOUNCEMENT 200212-2 - - PACKAGE : mysql SUMMARY : remote DOS and arbitrary code

GLSA: fetchmail

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - GENTOO LINUX SECURITY ANNOUNCEMENT 200212-3 - - PACKAGE : fetchmail SUMMARY : buffer overflow DATE    :

GLSA: squirrelmail

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - GENTOO LINUX SECURITY ANNOUNCEMENT 200212-4 - - PACKAGE : squirrelmail SUMMARY : cross site scripting DATE   

GLSA: mysql

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - GENTOO LINUX SECURITY ANNOUNCEMENT 200212-2.1 - - PACKAGE : mysql SUMMARY : remote DOS and arbitrary code

Multiple vendors XML parser (and SOAP/WebServices server) Denialof Service attack using DTD

/// Security Advisory /// Multiple

PHP-Nuke code execution and XSS vulnerabilities

PHP-Nuke code execution and XSS vulnerabilities PROGRAM: PHP-Nuke VENDOR: Fransisco Burzi et al. HOMEPAGE: http://phpnuke.org/ VULNERABLE VERSIONS: 6.0 (the only supported version) IMMUNE VERSIONS: 6.0 with my patch applied LOGIN REQUIRED: no DESCRIPTION: PHP-Nuke is a Web portal and online

[OpenPKG-SA-2002.015] OpenPKG Security Advisory (tetex)

Affected Releases: Affected Packages: Corrected Packages: OpenPKG 1.0 = tetex-1.0.7-1.0.0 = tetex-1.0.7-1.0.1 OpenPKG 1.1 = tetex-1.0.7-1.1.0 = tetex-1.0.7-1.1.1 OpenPKG CURRENT = tetex-1.0.7-20021204 = tetex-1.0.7-20021216 Description: A vulnerability [1

GLSA: exim

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - GENTOO LINUX SECURITY ANNOUNCEMENT 200212-5 - - PACKAGE : exim SUMMARY : local root vulnerability DATE    :

[OpenPKG-SA-2002.013] OpenPKG Security Advisory (mysql)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 OpenPKG Security AdvisoryThe OpenPKG Project http://www.openpkg.org/security.html http://www.openpkg.org [EMAIL PROTECTED]

PHP-Nuke 6.0 : Path Disclosure Cross Site Scripting

Informations : °° Product : PHP-Nuke Version : 6.0 Website : http://www.phpnuke.org Problems : - Path Disclosure - XSS Developpement : °°° The majority of the PHPNuke's files are includes in modules.php or index.php. To prevent the direct access, PHPNuke made two kinds

R7-0009: Vulnerabilities in SSH2 Implementations from Multiple Vendors

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Rapid 7, Inc. Security Advisory Visit http://www.rapid7.com/ to download NeXpose(tm), our advanced vulnerability scanner. Linux and Windows

RE: Cross-site scripting vulnerability in CF 5.0

Does anyone have information on whether the same issue affects ColdFusion MX? __ Patrick K. Correia, Web Designer Clough, Harbour Associates LLP http://www.cha-llp.com -Original Message- From: KiLL CoLe [mailto:[EMAIL PROTECTED]] Sent: Monday,

Cross-site scripting vulnerability in CF 5.0

Cross-site scripting vulnerability in CF 5.0. This issue was brought up to macromedia on July 22nd, 2002. Macromedia issued a fix to me, but I have not seen the fix available to the public. the coldfusion administrator allows you to view your application log via your web browser. Under certain

Re: Cross-site scripting vulnerability in CF 5.0

Something to note: The 'view admin log' feature in CF tends to cause stress on the CF process, and also blocks the log file during opening. So, It's generally a better (and safer, with this cross-site scripting problem that's been around for years) to view the logs file via a text viewer on the

zkfingerd 0.9.1 format string vulnerabilities (#NISR16122002A)

NGSSoftware Insight Security Research Advisory Name: zkfingerd Format String vulnerability Systems: zkfingerd version 0.9.1 and earlier Severity: High Risk Vendor URL: http://sourceforge.net/projects/zkfingerd Author: David Litchfield ([EMAIL PROTECTED]) Advisory URL:

PFinger 0.7.8 format string vulnerability (#NISR16122002B)

NGSSoftware Insight Security Research Advisory Name: PFinger Format String vulnerability Systems: PFinger version 0.7.8 and earlier Severity: High Risk Vendor URL: http://www.xelia.ch/unix/pfinger/ Author: David Litchfield ([EMAIL PROTECTED]) Advisory URL:

RE: PFinger 0.7.8 format string vulnerability (#NISR16122002B)

Hello, Due to the way requests are logged the only way to exploit this vulnerability is through setting the DNS name of the fingering host to the attacker supplied format string. I really wonder how you want to exploit this... Last time I checked all tested resolvers (Linux/BSD/Solaris) did

[CLA-2002:554] Conectiva Linux Security Announcement - fetchmail

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- CONECTIVA LINUX SECURITY ANNOUNCEMENT - -- PACKAGE : fetchmail SUMMARY : Remote vulnerability

[CLA-2002:553] Conectiva Linux Security Announcement - kernel 2.4

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- CONECTIVA LINUX SECURITY ANNOUNCEMENT - -- PACKAGE : kernel 2.4 SUMMARY : Local denial of

Security Patchs for PHP Products

PHPSecure made some patchs for security holes in PHP products. Here is the list : - ALP - Banner Ad 2.0 : http://www.phpsecure.org/index.php?id=1zone=pDl More details : http://online.securityfocus.com/search?category=22query=ALP - Tight Auction 3.0 :

Password Disclosure in Cryptainer

=== Advisory: Password Disclosure in Cryptainer Vendor: SecureSoft http://www.cypherix.com Download Location: http://www.cypherix.com/downloads.htm Versions affected: Cryptainer PE and Cryptainer 2.0 Date: 16th December 2002 Type of Vulnerability:

Captaris (Infinite) WebMail XSS

I figured it was about time I hopped on the XSS band-wagon. Captaris (www.captaris.com) Infinite WebMail application is vulnerable to Cross-Site Scripting (XSS) attacks. The application fails to filter the following tags that can both be used to redirect a user to an attack script: Launch on