Advisory: BSD Securelevels: Circumventing protection of files flagged
immutable
By mounting an arbitrary filesystem, it is possible to mask files
flagged immutable with any user-defined files.
Details
===
Product: FreeBSD up to 6.0-STABLE and 7.0-CURRENT
OpenBSD up to 3.8
--Security Report--
Advisory: XSS attack on Superonline.com email service.
---
Author: Mustafa Can Bjorn "nukedx a.k.a nuker" IPEKCI
---
Date: 01/01/06 04:18 AM
---
Contacts:{
ICQ: 10072
MSN/Email: nukedx_at_nukedx.com
Web: http://www.nukedx.com
}
---
About: Via this method,the Superonline Mails
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDKSA-2006:010
http://www.mandriva.com/security/
EEYEB-20051117A Apple QuickTime STSD Atom Heap Overflow
Release Date:
January 10, 2006
Date Reported:
November 17, 2005
Patch Development Time (In Days):
54 Days
Severity:
High (Code Execution)
Vendor:
Apple
Systems Affected:
Quicktime on Windows 2000
Quicktime on Windows XP
Quicktime on Mac
===
Ubuntu Security Notice USN-235-2 January 09, 2006
sudo vulnerability
CVE-2005-4158
===
A security issue affects the following Ubuntu releases:
Ubuntu 4.10 (Warty Warthog)
New eVuln Advisory:
MyPhPim Arbitrary File Upload
Summary
Software: MyPhPim
Sowtware's Web Site: http://sourceforge.net/projects/myphpim/
Versions: 01.05
Critical Level: Moderate
Type: File Upload
Class: Remote
Status: Unpatched
Exploit: Available
Solution: Not
--Security Report--
Advisory:XSS vulnerability on WebWiz Forums <= 6.34 (search_form.asp)
---
Date: 08/01/06 07:19 PM
---
Contacts:{
ICQ: 10072
MSN/Email: nukedx_at_nukedx.com
Web: http://www.nukedx.com
}
---
About: Via this method the WebWiz Forums <= 6.34 are being subjected to an
attack namely
-
Fedora Legacy Update Advisory
Synopsis: Updated mysql packages fix security issues
Advisory ID: FLSA:167803
Issue date:2006-01-10
Product: Red Hat Linux, Fedora Core
Keywords:
Joe Polk wrote:
Actually, Ilfak never tested his patch on a Win 9x machine. Steve
Gibson, however, plans to write a patch for 95, 98, and ME if Microsoft doesn't.
The patch Ilfak wrote can't work on a Windows 9x machine since it relies
on technology that did not exist in Windows 9x.
The ide
eStara Softphone is a SIP softphone. There exists a buffer overflow
venerability in the SIP stack when a SIP packet with SDP data, and the data
length of the attribute filed ("a") large than 4021 bytes.
By exploiting this buffer overflow, an attacker can potentially gain control of
the return ad
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
__
SUSE Security Announcement
Package:xpdf,kpdf,gpdf,kword
Announcement ID:SUSE-SA:2006:001
Date:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
=
FreeBSD-SA-06:01.texindex Security Advisory
The FreeBSD Project
Topic: T
PostgreSQL versions 8.0.6 and 8.1.2 have been released fixing a remote
denial of service vulnerability on the win32 platform.
Details
---
Vulnerability type: Denial of service
Remotely exploitable: Yes
Affected versions: PostgreSQL 8.0.0-8.0.5, 8.1.0-8.1.1 Fixed versions:
PostgreSQL 8.0.6
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
=
FreeBSD-SA-06:01.texindex Security Advisory
The FreeBSD Project
Topic: T
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
=
FreeBSD-SA-06:03.cpio Security Advisory
The FreeBSD Project
Topic: M
Original can be found at http://shellcoders.com/sintigan/slsnif-ploit.pl
# Author: [EMAIL PROTECTED]
# http://www.shellcoders.com/
#
# Program ID: Serial Line Sniffer 0.4.4
#
# [EMAIL PROTECTED]:/home/sintigan$ perl slsnif-ploit.pl
# sh-3.00# id
# uid=0(roo
The only attack vector we know about for Win9x, ME platforms is through
printing. I'm afraid that "fixing" that would break some functionality.
Greg
This post is provided as is and confers no rights or whatever.
-Original Message-
From: Joe Polk [mailto:[EMAIL PROTECTED]
Sen
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200601-06
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- -
Red Hat Security Advisory
Synopsis: Low: struts security update for Red Hat Application Server
Advisory ID: RHSA-2006:0157-01
Advisory URL:
EEYEB-20051117B Apple iTunes (QuickTime.qts) Heap Overflow
Release Date:
January 10, 2006
Date Reported:
November 17, 2005
Patch Development Time (In Days):
54 Days
Severity:
High (Code Execution)
Vendor:
Apple
Systems Affected:
Quicktime on Windows 2000
Quicktime on Windows XP
Quicktime on M
EEYEB-20051229 Apple QuickTime QTIF Stack Overflow
Release Date:
January 10, 2006
Date Reported:
December 29, 2005
Patch Development Time (In Days):
12 days
Severity:
High (Code Execution)
Vendor:
Apple
Systems Affected:
Quicktime on Windows 2000
Quicktime on Windows XP
Quicktime on Mac O
EEYEB-20051031 Apple QuickTime Malformed GIF Heap Overflow
Release Date:
January 10, 2006
Date Reported:
October 31, 2005
Severity:
High (Code Execution)
Patch Development Time (In Days):
71 Days
Severity:
High (Code Execution)
Vendor:
Apple
Systems Affected:
Quicktime on Windows 2000
Quick
)
=
Document ID: 68605
Advisory ID: cisco-sa-20060111-mars
http://www.cisco.com/warp/public/707/cisco-sa-20060111-mars.shtml
Revision 1.0
For Public Release 2006 January 11 1600 UTC (GMT)
- ---
Contents
Summary
Our apologies, the incorrect CVE information was provided with our Apple
advisories today. The correct CVE numbers are;
[EEYEB-20051220] Apple QuickTime QTIF Stack Overflow = CVE-2005-2340
[EEYEB-20051117B] Apple iTunes (QuickTime.qts) Heap Overflow =
CVE-2005-4092
[EEYEB-20051117A] Apple QuickT
John Heasman and Mark Litchfield of NGSSoftware have discovered a critical
vulnerability
affecting Microsoft Outlook. The vulnerable versions include:
Microsoft Outlook 2000 (inc. Microsoft Office 2000 Service Pack 3 and
Multilanguage packs)
Microsoft Outlook 2002 (inc. Microsoft Office XP Ser
John Heasman and Mark Litchfield of NGSSoftware have discovered a critical
vulnerability
affecting Microsoft Exchange. The vulnerable versions include:
Microsoft Exchange Server 5.0 Service Pack 2
Microsoft Exchange Server 5.5 Service Pack 4
Microsoft Exchange 2000 Server Pack 3 with the Post-S
It's known - BID 10913
27 matches
Mail list logo