Apache/Tomcat Denial Of Service And Information Leakage Vulnerability

-- __ Qualys Security Advisory QSA-2002-12-04 December 4th, 2002 Apache/Tomcat Denial Of Service And Information Leakage Vulnerability

[SECURITY] [DSA 204-1] New kdlibs packages fix arbitrary program execution

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA 204-1 [EMAIL PROTECTED] http://www.debian.org/security/ Martin Schulze December 5th, 2002

Notes on MS02-068, extensive downplaying of severity

Following the release of the cumulative MS02-066 patch from the previous week, Microsoft has released yet another cumulative patch for Internet Explorer - MS02-068, which can be found at http://www.microsoft.com/technet/security/bulletin/MS02-068.asp The sole vulnerability that MS02-068 patches

Re: Fw: CERT Advisory CA-2002-34 Buffer Overflow in Solaris X Window Font Service

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Circa 2002-12-02 10:03:20 -0800 dixit Muhammad Faisal Rauf Danka: : CERT Advisory CA-2002-34 Buffer Overflow in Solaris X Window Font Service : :Original release date: November 25, 2002 :Last revised: -- :Source: CERT/CC : :A

Multiple vulnerabilities in akfingerd

INSERT ASCII BANNER AND ADVERTISING HERE PRODUCT. akfingerd (http://synflood.at/akfingerd/) EXPLOIT-ID. ECSC Ltd. Official K-R4d E-Security Advertisory. KR4D-VULN-ID-0-000-000-000-000-000-000-000-001 IMPORTANT SOUNDING DESCRIPTION. Akfingerd is a 'secure' finger server used by noone blah blah..

Proxy vulnerability in TrendMicro InterScan-VirusWall V3.6

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Greetings! A quite well known (i.e. ancient) type of proxy vulnerability was found for TrendMicro's InterScan VirusWall V3.6 This general problem has been known to be an issue with plain HTTP proxies like the Squid for ages (e.g.

BIND Name Server DNS Spoofing Vulnerability on IRIX

-BEGIN PGP SIGNED MESSAGE- __ SGI Security Advisory Title: BIND Name Server DNS Spoofing Vulnerability Number : 20021203-01-A Date : December 5, 2002 Reference: CERT

Samba Security Vulnerability on IRIX

-BEGIN PGP SIGNED MESSAGE- __ SGI Security Advisory Title: Samba Security Vulnerability Number : 20021204-01-I Date : December 5, 2002 Reference: CVE CAN-2002-1318 Reference:

Cross-site Scripting Vulnerability in phpBB 2.0.3

Hello :) here is the code html body form method=post name=search action=http://target/search.php?mode=searchuser; input type=hidden name=search_username value=/ /form SCRIPT

Re: SquirrelMail v1.2.9 XSS bugs

Hello Euronymous, On Monday, December 02, 2002, euronymous wrote... topic: SquirrelMail v1.2.9 XSS bugs product: SquirrelMail v1.2.9 vendor: www.squirrelmail.org risk: low date: 12/3/2k2 discovered by: euronymous /F0KP /HACKRU Team advisory url: http://f0kp.iplus.ru/bz/008.txt

[Fwd: [RHSA-2002:196-09] Updated xinetd packages fix denial ofservice vulnerability]

On October 15th, Redhat sent a post to BugTraq advising users of Xinetd to upgrade to 2.3.9-0.xx Their latest post (3rd December) advises people to upgrade to 2.3.7-4.xx Can anyone from RedHat please comment on what people who have already got 2.3.9 installed should do from here? Do we need to

Cobalt RaQ4 Remote root exploit

Hello, I've attached an exploit that will allow an attacker to gain remote root access on Cobalt RaQ's which have the security hardening package installed (SHP). the official patch for this problem can be found here :

Re: TracerouteNG - never ending story

Hi everyone, Hi. I want to provide some additional information about the recently discovered traceroute-ng flaw. I decided to disclose to details right now because I do not believe that the flaw is easily exploitable. 1) The vulnerablilty. The patch provided by vendors like SuSE is not

Re: [Fwd: [RHSA-2002:196-09] Updated xinetd packages fix denial ofservice vulnerability]

On 4 Dec 2002, Dan Rowles wrote: On October 15th, Redhat sent a post to BugTraq advising users of Xinetd to upgrade to 2.3.9-0.xx Their latest post (3rd December) advises people to upgrade to 2.3.7-4.xx Can anyone from RedHat please comment on what people who have already got 2.3.9

RE: Sygate Personal Firewall can be shut down without a need to supply

Hello Seth, Thanks for taking the time to comment about this issue. 1. As you may noticed, I used the term privileged users. Stopping service is enabled for the members of the local power users as well, so the problem range is wider. 2. I will sharpen my point: You are absolutely correct about

Re: Local root vulnerability found in exim 4.x (and 3.x)

On Wed, Dec 04, 2002 at 04:40:29PM +0100, Wana Thomas [EMAIL PROTECTED] is thought to have said: Solution Exim developers have been informed and a patch will be ready shortly. Philip Hazel, the author of Exim, released patches for 4.10 and 3.36 on the exim-users list earlier

Re: Local root vulnerability found in exim 4.x (and 3.x)

[Bugtraq moderator: Please approve this post rather than my previous one. The archive link in that post munges the patches. Thanks] On Wed, Dec 04, 2002 at 04:40:29PM +0100, Wana Thomas [EMAIL PROTECTED] is thought to have said: Solution Exim developers have been informed and a