-BEGIN PGP SIGNED MESSAGE-
CERT Advisory CA-2002-35 Vulnerability in RaQ 4 Servers
Original release date: December 11, 2002
Last revised: --
Source: CERT/CC
A complete revision history can be found at the end of this file.
Systems Affected
* Sun Cobalt RaQ
-
Red Hat, Inc. Red Hat Security Advisory
Synopsis: Updated apache, httpd, and mod_ssl packages available
Advisory ID: RHSA-2002:222-21
Issue date:2002-12-12
Updated on:2002-11-25
PNG (Portable Network Graphics) Deflate Heap Corruption Vulnerability
Release Date:
December 11, 2002
Severity:
High (Code Execution)
Systems Affected:
We have specifically tested the following software and verified the
potential for exploitation:
Microsoft Internet Explorer 5.01
Microsoft
=:=:=::=:=:=::=:=:=::=:=:=::=:=:=::=:=:=::=:=:=::=
topic: Multiple Mambo Site Server sec-weaknesses
product: Mambo Site Server 4.0.11
vendor: http://sourceforge.org/projects/mambo
risk: high
date: 12/12/2k2
discovered by: euronymous /F0KP /HACKRU Team
advisory urls:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 208-1 [EMAIL PROTECTED]
http://www.debian.org/security/ Martin Schulze
December 12th, 2002
Visnetic WebSite XSS vulnerability through HTTP Referer header
-
= Author: Ory Segal - Sanctum inc. http://www.sanctuminc.com/
= Release date: 09/12/2002
= Vendor: Deerfield ( http://www.deerfield.com )
I have a bone to pick with Sun's classification of the FTP traversal
vulnerability as 'not a bug'
Most notably:
The Solaris ftp mget behaviour is consistent with other BSD derived
ftp clients, for example on Linux and FreeBSD. Changing the
existing behaviour will cause problems.
I
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Mandrake Linux Security Update Advisory
Package name: wget
Advisory ID:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
-
Debian Security Advisory DSA-209-1 [EMAIL PROTECTED]
http://www.debian.org/security/ Wichert Akkerman
December 12, 2002
-
I have descovered a hole in the webshots screensave program. On either
a Win2K or xp machine that has it installed you can bypass the password
on the screen saver by pressing Ctrl+Alt+Del wich brings up the Windows
box that contains logout lockcomputer shutdown ect: Then you will hit
i know bugtraq doesn't accept vulnerability on one site, but the following
info is important; please suggest a forum for me to post.
===--
XSSatEGOLD-Content-Tech
XSS flaw found at https://www.e-gold.com;
technically, it's nothing new.
XSS at E-gold is very
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
-
InvisibleNet Security Advisory ISA 1-1a [EMAIL PROTECTED]
http://www.invisiblenet.com
December 12th, 2002 - report issued by 0x90
-
Hello,
1. I know that the workaround with the DenyFilter works.
Actually it turns out there is no need for DenyFilter.
2. Proftpd by default doesn't have this filter set, neither has the
default proftpd install on slackware 8.1
In any event this is immaterial as we see later since I
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
-
Debian Security Advisory DSA-210-1 [EMAIL PROTECTED]
http://www.debian.org/security/ Wichert Akkerman
December 13, 2002
-
Confirmed. As it is, I don't think Webshots offers much in the way of
securing a user's desktop even though it has the password protection
feature. But it is just that, a screensaver, which just display pretty
images.
I think what Brian is trying to say here is if you want to lock your
desktop,
e-matters GmbH
www.e-matters.de
-= Security Advisory =-
Advisory: Multiple MySQL vulnerabilities
Release Date: 2002/12/12
Last Modified: 2002/12/12
Author: Stefan Esser [[EMAIL PROTECTED]]
Application:
-BEGIN PGP SIGNED MESSAGE-
iDEFENSE Security Advisory 12.13.02:
http://www.idefense.com/advisory/12.13.02.txt
Bufferoverflow in 0verkill Server
December 13, 2002
I. BACKGROUND
0verkill is a client-server 2d deathmatch-like game in ASCII art. It
supports free connecting/disconnecting
17 matches
Mail list logo