-BEGIN PGP SIGNED MESSAGE-
Hash: MD5
- --[ Hyperion Ftp Server v2.8.1 Directory Traversal Vulnerability ]--
- --[ Type
Directory Traversal
- --[ Release Date
November 12, 2002
- --[ Product / Vendor
Hyperion FTP Server is a powerful, reliable FTP server for Windows 95/98/NT/2000,
KDE Security Advisory: resLISa / LISa Vulnerabilities
Original Release Date: 2002-11-11
URL: http://www.kde.org/info/security/advisory-2002-2.txt
0. References
iDEFENSE Security Advisory 11.11.02
(http://www.idefense.com/advisory/11.11.02.txt).
1. Systems affected:
Text available at
http://www.phpsecure.org/tutos/webchat.1-5.xoops.rc3.sql.injection.txt
Patch available on phpsecure.org
XOOPS RC3 WebChat Module SQL Injection
Tested with : Xoops RC3
WebChat 1-5
Author :val2 - phpsecure.org for more info and ~patchs~
Lines 291-299 from
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- -
GENTOO LINUX SECURITY ANNOUNCEMENT 200211-003
- -
PACKAGE : apache
SUMMARY : Cross-Site Scripting
INetCop Security Advisory #2002-0x82-002
* Title: Remote Buffer Overflow vulnerability in Light HTTPd.
0x01. Description
Lhttpd that is improved in ghttpd for more convenient and strong
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
For Immediate Disclosure
== Summary ==
Security Alert: NOVL-2002-2963767
Title: Remote Manager Security Issue - eDir 8.6.2
Date: 22-Oct-2002
Revision: Original
-Original Message-
From: Ulf Harnhammar [mailto:ulfh;update.uu.se]
Sent: Sunday, 10 November 2002 2:22 PM
To: Justin King
Subject: Re: A technique to mitigate cookie-stealing XSS attacks
On Thu, 7 Nov 2002, Justin King wrote:
I would be very interested in major browsers
KDE Security Advisory: rlogin.protocol and telnet.protocol URL KIO
Vulnerability
Original Release Date: 2002-11-11
URL: http://www.kde.org/info/security/advisory-2002-1.txt
0. References
None.
1. Systems affected:
All KDE 2 releases starting with KDE 2.1 and all KDE 3
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 194-1 [EMAIL PROTECTED]
http://www.debian.org/security/ Martin Schulze
November 12th, 2002
-BEGIN PGP SIGNED MESSAGE-
__
SuSE Security Announcement
Package:kdenetwork
Announcement-ID:SuSE-SA:2002:042
Date: Tue
Aloha,
Everyone interested in preventing XSS should review and understand
http://www.xwt.org/sop.txt
which is a vulnerability that combines XSS with bad data in DNS to allow an
attacker to hijack a Web browser (IE) and force it to function as a proxy
for requests of the attacker's choosing --
Reposted.
-Original Message-
From: Michael Wojcik
Sent: Wednesday, November 06, 2002 12:25 AM
To: 'Michael Howard'
Cc: [EMAIL PROTECTED]
Subject: RE: When scrubbing secrets in memory doesn't work
From: Michael Howard [mailto:mikehow;microsoft.com]
Sent: Tuesday, November
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
For Immediate Disclosure
== Summary ==
Security Alert: NOVL-2002-2963827
Title: Remote Manager Security Issue - NW5.1
Date: 16-Oct-2002
Revision: Original
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
The attached advisory supercedes my previous effort regarding W3Mail
(NDSA20020719). It seems that in fixing the original holes, CascadeSoft
introduced a new one.
Their fix for the original hole was as I suggested, to move the MIME
attachments
-Forwarded Message-
From: Peter Losher [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Notice of serious vulnerabilities in ISC BIND 4 8
Date: 12 Nov 2002 10:02:25 -0800
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
ISC is aware of several bugs which can result in serious
Product: Another PHP Program - APBoard
Versions: tested on 2.02, 2.03
Vulnerability: post threads to protected forums and possibility to hijack
forum-password
Date: November 12, 2002
Discovered by: ProXy [EMAIL PROTECTED]
Introduction:
Normal Users can submit threads to password
-BEGIN PGP SIGNED MESSAGE-
Hash: MD5
- --[ INweb Mail Server v2.01 Denial of Service Vulnerability ]--
- --[ Type
Denial of Service
- --[ Release Date
November 12, 2002
- --[ Product / Vendor
The INweb Mail Server is a standard Internet POP3 and SMTP mail server that runs
To: [EMAIL PROTECTED] [EMAIL PROTECTED]
[EMAIL PROTECTED] [EMAIL PROTECTED]
__
SCO Security Advisory
Subject:Linux: libpng progressive image loading vulnerabilities and
other
Hello
As we reported in our previous article: IP Smartspoofing
(http://www.althes.fr/ressources/avis/smartspoofing.htm), we introduced a
new method for IP Spoofing, allowing full-connexion from any client
software.
The exploit code smartspoof.pl is a proof of concept (for educational
purpose
19 matches
Mail list logo