Nessus security scanner generated the following security report when
scanning the internal address of the linksys befsr11 firmware version
1.43.3, Nov 15 2002.
William Reyor
Topsight.net
NESSUS SECURITY SCAN REPORT
Created 25.11.2002 Sorted by vulnerabilities
Session Name : Session1
Start
The Java implementation of Netscape 4 contains a buffer overflow
vulnerability. Arbitrary code may be run on a Netscape user's system
when a web page containing a malicious applet is viewed.
The buffer overflow happens in the method canConvert() of the class
In case you didn't notice, you're comparing a completely open process
with one that is almost entirely closed. I.E. The total number of remote
roots on Solaris, Windows NT, Irix, and the like is magnitudes higher
than is actually disclosed. Whereas generally on Open Source platforms,
you know and
Bugzilla Security Advisory
November 26th, 2002
Severity: Minor
Summary
===
The Bugzilla team recently discovered a cross-site scripting vulnerability.
The vulnerability, present in Bugzilla's 'quips' feature, affects all
installations who originally installed Bugzilla 2.10 or earlier and
Major AIM Bug Courtesy Of Infested Nexus --- AIM: Infested Nexus. I have =
uncovered a bug in America Online's AIM service, which can allow a =
normal user to be able to transfer any file onto another users computer =
without consent. This works using the 'get file' feature. If a user has =
the
-BEGIN PGP SIGNED MESSAGE-
__
SuSE Security Announcement
Package:pine
Announcement-ID:SuSE-SA:2002:046
Date: Monday, Nov
Netscreen Malicious URL feature can be bypassed by fragmenting the request
http://www.cirt.net/advisories/netscreen.shtml
Product Description:
NetScreen Technologies Inc. is a leading developer of integrated network
security solutions that offer the security, performance and total cost of
Application: phpBB2
Vendor : http://www.phpbb.com
Problem: Insufficient filtering of user input
Usability : Easy
Severity : Medium
Report by : Pete Foster, Sec-Tec Ltd (http://www.sec-tec.com)
The Product (From vendors site):
phpBB is a high powered, fully scalable, and highly
.:: vBulletin XSS Injection Vulnerability
vBulletin is a powerful and widely used bulletin board system, based on
PHP language and MySQL database. I discovered lately a Cross-Site
Scripting issue that would allow attackers to inject maleficent codes
into the pages and execute it on the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Trustix Secure Linux Security Advisory #2002-0080
Package name: samba
Summary: Remote hole
Date: 2002-11-21
Affected versions: TSL 1.5
-
[=]
[...:[ S e c u r i t y F r e a k s ]:...]
[.:[ www.securityfreaks.com ]:..]
[=]
Title
Attacker can use PHP and mySQL to read some local file following this way:
# Create a database (mySQL) and upload this file to your server
PHP Code: viewfile.php (programmed by Luke)
==
?
// config this data
$dbhost = ;
$dbuser = ;
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
SECURITY BULLETIN: SSRT2266 HP Tru64 UNIX IGMP Potential
(DoS) Security
Vulnerability
REVISION: 0
NOTICE: There are no restrictions for distribution of this Bulletin
provided that it
INetCop Security Advisory #2002-0x82-005
* Title: Remote POST Buffer Overflow vulnerability in Pserv (Pico Server).
0x01. Description
Pico server is very small webserver of C language
Informations :
°°
Problem : Include files
a) ---
Product : Freenews
Version : 2.1
Website : http://www.prologin.fr
--
b) ---
Product : News Evolution
Versions : 1.0, 2.0
Website : http://www.phpevolution.net
--
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Mandrake Linux Security Update Advisory
Package name: python
Advisory ID:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Mandrake Linux Security Update Advisory
Package name: samba
Advisory ID:
Dave Ahmad [EMAIL PROTECTED] quotes ISS:
Solaris fs.auto Remote Compromise Vulnerability
This is more or less the standard font server of the X Window System.
ISS X-Force has discovered a vulnerability in the Sun Microsystems
implementation of the X Window Font Service, or XFS.
It appears
I have written a patch for John the Ripper http://www.openwall.com/john/
to allow cracking OpenVMS (Vax and Alpha) passwords. The patch is based on
code from Shawn Clifford, Davide Casale and Mario Ambrogetti.
The sources are in http://jl.gailly.net/security/john-VMS-patch.tar.gz
A README file
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
SECURITY BULLETIN: SSRT2385 OSIS V5.4 LDAP Module for
System Authentication Potential Security
Vulnerability
REVISION: 0
NOTICE: There are no restrictions for distribution of this
Bulletin provided
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
SECURITY BULLETIN: SSRT2301 - HP Tru64 UNIX uudecode
Potential Security
Vulnerability
REVISION: 0
NOTICE: There are no restrictions for distribution
of this Bulletin provided that it
Sybase Adaptive Server buffer overflow in DBCC CHECKVERIFY
http://www.appsecinc.com/resources/alerts/sybase/02-0001.html
To determine if you should apply this hot fix, download AppDetective for
Sybase from http://www.sybasesecurity.net/products/appdetective/sybase/.
Risk level: High
Threat:
Vagner Sacramento wrote:
---
@ Copyright CAIS - Brazilian Research Network CSIRT
Security Incidents Response Center (CAIS/RNP)
Subject : Vulnerability in the sending requests control of BIND
** Moderator note:
Messages with links to technical details outside of the message are not approved.
Because of the potential delay waiting for another submission, the original message
has been modified to include the details.
Details follow:
Solaris's Got Big problem on System Call
Sybase Adaptive Server buffer overflow in xp_freedll extended stored
procedure
http://www.appsecinc.com/resources/alerts/sybase/02-0003.html
To determine if you should apply this hot fix, download AppDetective for
Sybase from http://www.sybasesecurity.net/products/appdetective/sybase/.
Risk
25 matches
Mail list logo