-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
FYI starting today, Linksys has created the address
[EMAIL PROTECTED] to receive information on vulnerabilities within
any of their products.
Additionally the iDEFENSE advisory, 10.31.02a: Denial of Service
Vulnerability in Linksys BEFSR41 EtherFast
-BEGIN PGP SIGNED MESSAGE-
-
Debian Security Advisory DSA-190-1 [EMAIL PROTECTED]
http://www.debian.org/security/ Wichert Akkerman
November 7, 2002
-
Security Advisory
23rd October 2002
Remote pine version 4.44 denial of service
Name: Pine version 4.44
Arch: Redhat 7.2 i386
Severity: Medium
Vendor URL: http://www.washington.edu/pine/
Unless I am missing something, this is definitely not a vulnerability in
itself but just a practical demonstration of the assign method caching
vulnerability.
Executing programs with or without parameters also become pointless once you
have complete access to a local security zone (in this case,
In-Reply-To: [EMAIL PROTECTED]
Possibly vulnerable, not tested, OEM Version from GlobalSunTech:
D-Link DWL-900AP+ B1 version 2.1 and 2.2
ALLOY GL-2422AP-S
EUSSO GL2422-AP
LINKSYS WAP11-V2.2
The D-Link DWL-900AP+ B1 2.1
On Wed, Oct 30, 2002 at 02:02:27PM -0600, Ryan Sweat wrote:
(192.168.100.1). Simply nmap'ing the cable user's IP address, ie:
# nmap -sS -p 1-1024 12.x.x.x
...
the same result. This is known to be effective on Software Version:
SB4200-0.4.4.0-SCM06-NOSH. (possibly others?)
No effect on
Yahoo! has been informed of this information, but has not yet responded.
Yahoo Messenger: Invisible User Detect
Vulnerable Versions:
Yahoo Messenger/MyYahoo Module
5,0,0,1046/3,0,0,423
5,0,0,1232/5,5,0,449
Note: These are the only versions tested, probably works on all versions.
On Tue, 2002-11-05 at 22:13, Michael Howard wrote:
On the surface, this looks fine, until you look at the ASM output, and
you see the call to memset has been removed by the optimizer because
szPwd is not read once the function completes. Hence, the secret data is
still floating in memory.
-
Red Hat, Inc. Red Hat Security Advisory
Synopsis: Updated kerberos packages available
Advisory ID: RHSA-2002:242-06
Issue date:2002-11-07
Updated on:2002-11-06
Product:
Lotus Domino http (version) banner will appear despite
notes.ini 'DominoNoBanner=1' setting. To recreate:
formulate a URL requesting a non-existing nsf database.
Example: 'http://serverAddress/nosuchdb.nsf'
Has been verified on Lotus Domino 5.0.8, 5.0.9 and
5.0.9a. IBM Support is
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 191-1 [EMAIL PROTECTED]
http://www.debian.org/security/ Martin Schulze
November 7th, 2002
-
Red Hat, Inc. Red Hat Security Advisory
Synopsis: Updated glibc packages fix vulnerabilities in resolver
Advisory ID: RHSA-2002:197-09
Issue date:2002-09-10
Updated on:
Does any one have or know of a security contact within www.real.com, as I
have a serious issue to report. Tried the website, only have technical
support and the web forms don't allow for much content.
Any help in this regard would be most appreciated.
Regards
Mark Litchfield
NGS Software Ltd
On Tue, 05 Nov 2002 22:38:32 +0100, Florian Weimer [EMAIL PROTECTED]
said:
What about HTTP headers which advise user agents to disable some
features, e.g. read/write access to the document or parts of it via
scripting or other Internet Explorer interfaces?
Is anybody interested in writing
In-Reply-To: [EMAIL PROTECTED]
Possibly vulnerable, not tested, OEM Version from GlobalSunTech:
D-Link DWL-900AP+ B1 version 2.1 and 2.2
ALLOY GL-2422AP-S
EUSSO GL2422-AP
LINKSYS WAP11-V2.2
The D-Link DWL-900AP+ B1 2.1
On Sun, 3 Nov 2002, Tom Knienieder wrote:
Tom Knienieder Possibly vulnerable, not tested, OEM Version from
GlobalSunTech:
Tom Knienieder D-Link DWL-900AP+ B1 version 2.1 and 2.2
DWL-900AP+ ver 2.2 is vunerable. After changing the test prog (attached)
it returned:
16 matches
Mail list logo