BSD Securelevels: Circumventing protection of files flagged immutable

Advisory: BSD Securelevels: Circumventing protection of files flagged immutable By mounting an arbitrary filesystem, it is possible to mask files flagged immutable with any user-defined files. Details === Product: FreeBSD up to 6.0-STABLE and 7.0-CURRENT OpenBSD up to 3.8

Advisory: XSS attack on Superonline.com email service.

--Security Report-- Advisory: XSS attack on Superonline.com email service. --- Author: Mustafa Can Bjorn "nukedx a.k.a nuker" IPEKCI --- Date: 01/01/06 04:18 AM --- Contacts:{ ICQ: 10072 MSN/Email: nukedx_at_nukedx.com Web: http://www.nukedx.com } --- About: Via this method,the Superonline Mails

MDKSA-2006:010 - Updated cups packages fix several vulnerabilities

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDKSA-2006:010 http://www.mandriva.com/security/

[EEYEB-20051117A] Apple QuickTime STSD Atom Heap Overflow

EEYEB-20051117A Apple QuickTime STSD Atom Heap Overflow Release Date: January 10, 2006 Date Reported: November 17, 2005 Patch Development Time (In Days): 54 Days Severity: High (Code Execution) Vendor: Apple Systems Affected: Quicktime on Windows 2000 Quicktime on Windows XP Quicktime on Mac

[USN-235-2] sudo vulnerability

=== Ubuntu Security Notice USN-235-2 January 09, 2006 sudo vulnerability CVE-2005-4158 === A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog)

[eVuln] MyPhPim Arbitrary File Upload

New eVuln Advisory: MyPhPim Arbitrary File Upload Summary Software: MyPhPim Sowtware's Web Site: http://sourceforge.net/projects/myphpim/ Versions: 01.05 Critical Level: Moderate Type: File Upload Class: Remote Status: Unpatched Exploit: Available Solution: Not

Advisory:XSS vulnerability on WebWiz Forums <= 6.34 (search_form.asp)

--Security Report-- Advisory:XSS vulnerability on WebWiz Forums <= 6.34 (search_form.asp) --- Date: 08/01/06 07:19 PM --- Contacts:{ ICQ: 10072 MSN/Email: nukedx_at_nukedx.com Web: http://www.nukedx.com } --- About: Via this method the WebWiz Forums <= 6.34 are being subjected to an attack namely

[FLSA-2006:167803] Updated mysql packages fix security issues

- Fedora Legacy Update Advisory Synopsis: Updated mysql packages fix security issues Advisory ID: FLSA:167803 Issue date:2006-01-10 Product: Red Hat Linux, Fedora Core Keywords:

Re: Did MS pull an Ilfak? (MS patch bindiff results)

Joe Polk wrote: Actually, Ilfak never tested his patch on a Win 9x machine. Steve Gibson, however, plans to write a patch for 95, 98, and ME if Microsoft doesn't. The patch Ilfak wrote can't work on a Windows 9x machine since it relies on technology that did not exist in Windows 9x. The ide

eStara Softphone SIP stack Buffer Overflow Vulnerability

eStara Softphone is a SIP softphone. There exists a buffer overflow venerability in the SIP stack when a SIP packet with SDP data, and the data length of the attribute filed ("a") large than 4021 bytes. By exploiting this buffer overflow, an attacker can potentially gain control of the return ad

SUSE Security Announcement: xpdf,kpdf,gpdf,kword (SUSE-SA:2006:001)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 __ SUSE Security Announcement Package:xpdf,kpdf,gpdf,kword Announcement ID:SUSE-SA:2006:001 Date:

FreeBSD Security Advisory FreeBSD-SA-06:01.texindex [REVISED]

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 = FreeBSD-SA-06:01.texindex Security Advisory The FreeBSD Project Topic: T

PostgreSQL security releases 8.0.6 and 8.1.2

PostgreSQL versions 8.0.6 and 8.1.2 have been released fixing a remote denial of service vulnerability on the win32 platform. Details --- Vulnerability type: Denial of service Remotely exploitable: Yes Affected versions: PostgreSQL 8.0.0-8.0.5, 8.1.0-8.1.1 Fixed versions: PostgreSQL 8.0.6

FreeBSD Security Advisory FreeBSD-SA-06:01.texindex

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 = FreeBSD-SA-06:01.texindex Security Advisory The FreeBSD Project Topic: T

FreeBSD Security Advisory FreeBSD-SA-06:03.cpio

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 = FreeBSD-SA-06:03.cpio Security Advisory The FreeBSD Project Topic: M

Serial Line Sniffer 0.4.4 Buffer Overflow

Original can be found at http://shellcoders.com/sintigan/slsnif-ploit.pl # Author: [EMAIL PROTECTED] # http://www.shellcoders.com/ # # Program ID: Serial Line Sniffer 0.4.4 # # [EMAIL PROTECTED]:/home/sintigan$ perl slsnif-ploit.pl # sh-3.00# id # uid=0(roo

RE: Did MS pull an Ilfak? (MS patch bindiff results)

The only attack vector we know about for Win9x, ME platforms is through printing. I'm afraid that "fixing" that would break some functionality. Greg This post is provided as is and confers no rights or whatever. -Original Message- From: Joe Polk [mailto:[EMAIL PROTECTED] Sen

[ GLSA 200601-06 ] xine-lib, FFmpeg: Heap-based buffer overflow

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200601-06 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - -

[RHSA-2006:0157-01] Low: struts security update for Red Hat Application Server

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - Red Hat Security Advisory Synopsis: Low: struts security update for Red Hat Application Server Advisory ID: RHSA-2006:0157-01 Advisory URL:

[EEYEB-20051117B] Apple iTunes (QuickTime.qts) Heap Overflow

EEYEB-20051117B Apple iTunes (QuickTime.qts) Heap Overflow Release Date: January 10, 2006 Date Reported: November 17, 2005 Patch Development Time (In Days): 54 Days Severity: High (Code Execution) Vendor: Apple Systems Affected: Quicktime on Windows 2000 Quicktime on Windows XP Quicktime on M

[EEYEB-20051220] Apple QuickTime QTIF Stack Overflow

EEYEB-20051229 Apple QuickTime QTIF Stack Overflow Release Date: January 10, 2006 Date Reported: December 29, 2005 Patch Development Time (In Days): 12 days Severity: High (Code Execution) Vendor: Apple Systems Affected: Quicktime on Windows 2000 Quicktime on Windows XP Quicktime on Mac O

[EEYEB-20051031] Apple QuickTime Malformed GIF Heap Overflow

EEYEB-20051031 Apple QuickTime Malformed GIF Heap Overflow Release Date: January 10, 2006 Date Reported: October 31, 2005 Severity: High (Code Execution) Patch Development Time (In Days): 71 Days Severity: High (Code Execution) Vendor: Apple Systems Affected: Quicktime on Windows 2000 Quick

Cisco Security Advisory: Default Administrative Password in Cisco Security Monitoring, Analysis and Response System (CS-MARS)

) = Document ID: 68605 Advisory ID: cisco-sa-20060111-mars http://www.cisco.com/warp/public/707/cisco-sa-20060111-mars.shtml Revision 1.0 For Public Release 2006 January 11 1600 UTC (GMT) - --- Contents Summary

Updated Advisories - Incorrect CVE Information

Our apologies, the incorrect CVE information was provided with our Apple advisories today. The correct CVE numbers are; [EEYEB-20051220] Apple QuickTime QTIF Stack Overflow = CVE-2005-2340 [EEYEB-20051117B] Apple iTunes (QuickTime.qts) Heap Overflow = CVE-2005-4092 [EEYEB-20051117A] Apple QuickT

Microsoft Outlook Critical Vulnerability

John Heasman and Mark Litchfield of NGSSoftware have discovered a critical vulnerability affecting Microsoft Outlook. The vulnerable versions include: Microsoft Outlook 2000 (inc. Microsoft Office 2000 Service Pack 3 and Multilanguage packs) Microsoft Outlook 2002 (inc. Microsoft Office XP Ser

Microsoft Exchange Critical Vulnerability

John Heasman and Mark Litchfield of NGSSoftware have discovered a critical vulnerability affecting Microsoft Exchange. The vulnerable versions include: Microsoft Exchange Server 5.0 Service Pack 2 Microsoft Exchange Server 5.5 Service Pack 4 Microsoft Exchange 2000 Server Pack 3 with the Post-S

Re: Dumb IE6/XP denial of service found on the web

It's known - BID 10913