The vulnerabilities' list is accessible even by unprivileged user account.
The ability of active content to access this report depends on
security setting of the browser.
For example, signed ActiveX that runs in browser with low security
setting, doesn't need user's approval. User can also choose
To: [EMAIL PROTECTED] [EMAIL PROTECTED]
[EMAIL PROTECTED]
__
Caldera International, Inc. Security Advisory
Subject:Linux: squid compressed DNS answer message boundary failure
Advisory
-
Red Hat, Inc. Red Hat Security Advisory
Synopsis: Updated sudo packages are available
Advisory ID: RHSA-2002:072-07
Issue date:2002-04-22
Updated on:2002-04-25
Product:
New sudo packages are available to fix a security problem which may allow
users to become root, or to execute arbitrary code as root.
Here's the information from the Slackware 8.0 ChangeLog:
Thu Apr 25 12:00:50 PDT 2002
patches/packages/sudo.tgz: Upgraded to sudo-1
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
At 01:51 AM 4/25/2002, 3APA3A wrote:
>Dear Menashe Eliezer,
>
>Sorry for asking, but it's unclear from advisory: is it possible to
>access reports with either:
>
>1. ActiveX element marked safe for scripting
>2. Javascript or VBscript from "Inte
In-Reply-To: <254c01c1eb18$7af4f1a0$2e58a8c0@ffornicario>
The MS /GS switch has an equally fatal flaw in its stack
layout that makes it unnecessary to deal with the random
canary: the Structured Exception Handler frame (which has a
function pointer) comes after the canary (or cookie in MS
The new Fragroute and its interactions with Snort and related
software pieces has been getting a lot of exposure over on Bugtraq.
This is great -- Snort is a fantastic tool, but there is also a rather
large installed base of ISS products, and thus far (to my knowledge) ISS
has not releas
>Subject: More Cross site Scripting in PHPNuke
>Date: 23 Apr 2002 09:50:48 +0200
>
>Cross site scripting is a serious problem, (even if some people
>doesn't believe it), On this second round i'll show 8 new XSS
>vulnerabilities in PHP Nuke (most of them are also path disclosure
>vulns)
u can do o
Heres an exploit for the slrnpull -d post ...
http://online.securityfocus.com/archive/1/268963. Much thanks to
[EMAIL PROTECTED] / safemode.org. Can anyone point me at some generic
sparc64 linux execve shellcode?
-KF
#!/bin/sh
echo DEFANGED.5
exit
#!/usr/bin/perl
#
# Credits for the vuln
On Wed, Apr 24, 2002 at 10:49:08AM +0200, Ishay Sommer ([EMAIL PROTECTED])
wrote:
> Hello.
>
> The problem is that, each one of the recipients receives to his mailbox
> the spam warning message,
> including all addresses of which the original message was sent to, even
> if they were sent as Bcc:
Heres some code for this post a while back ...
http://online.securityfocus.com/archive/82/258763
This is NOT the same issue in the my_strings.c there are MULTIPLE issues
in ecartis still and the same goes for listar...
This issue is a strcpy from argv to a fixed buffer nothing special.
eca
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Mandrake Linux Security Update Advisory
Package name: imlib
Advisory ID:
-BEGIN PGP SIGNED MESSAGE-
-
Debian Security Advisory DSA-128-1 [EMAIL PROTECTED]
http://www.debian.org/security/ Wichert Akkerman
April 26, 2002
- --
Affected systems:
Intel D845HV / WN (tested on BIOS revisions P05-0022,
P09-0035, P10-0038)
and D845PT (tested on BIOS P01-0012) Pentium 4 motherboards
Problem:
If the user hits the F8 key during the POST they are
presented with a "Please select boot device" dialog,
enabling them to
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Mandrake Linux Security Update Advisory
Package name: sudo
Advisory ID:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hello,
The current version for interscan solaris is 1207 and correct your
issue.
regards
>> -Message d'origine-
>> De : Ishay Sommer [mailto:[EMAIL PROTECTED]]
>> Envoye : mercredi, 24. avril 2002 10:49
>> A : [EMAIL PROTECTED]
>> Objet
-
Red Hat, Inc. Red Hat Security Advisory
Synopsis: Updated icecast packages are available
Advisory ID: RHSA-2002:063-05
Issue date:2002-04-11
Updated on:2002-04-24
Product:
Jonas Eriksson <[EMAIL PROTECTED]> napisal(a):
> o Fixed a security hole in prompt rewriting found by Global InterSec.
Looks like, it won't be easy to exploit.
There are possible few scenarios: using a unlink() or frontlink()
macro in chunk_alloc() or chunk_free(). In both cases we can control
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
CONECTIVA LINUX SECURITY ANNOUNCEMENT
- --
PACKAGE : ethereal
SUMMARY : Packet handling vulnerab
-- Forwarded message --
Date: Thu, 25 Apr 2002 10:34:13 -0600
From: Todd C. Miller <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: Sudo version 1.6.6 now available
Sudo version 1.6.6 is now available (ftp sites listed at the end).
Changes since Sudo 1.6.5p2:
o Fixed compila
Global InterSec LLC
http://www.globalintersec.com
GIS Advisory ID: 2002041701
Changed: 25/04/2002
Author: [EMAIL PROTECTED]
Reference: http://www.globalintersec.com/adv/sudo-2002041701.txt
Summary:
Sudo - A popular utility for allowing users to execute
commands as other users contains a
21 matches
Mail list logo