Response from the Okena Team
Background: StormWatch is a security product that uses a central database to
hold security configuration information that is used to control a number of
security agents. In the text below, the server refers to the StormWatch
central database server.
The issue
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
CONECTIVA LINUX SECURITY ANNOUNCEMENT
- --
PACKAGE : openldap
SUMMARY : Several vulnerabilities
Informations :
°°
Website : http://www.phpcodeur.net
Versions : 2.0beta - 2.1.0
Problem : Include file
PHP Code/Location :
°°°
newsletter.php 2.1beta - 2.1.0 :
if( !empty($HTTP_POST_VARS['action']) )
{
$action =
-BEGIN PGP SIGNED MESSAGE-
Hash: MD5
Security Advisory 12.18.02
Software : Openwebmail (http://openwebmail.org)
Version : ?.?? - 1.71 (current)
Type : Arbitrary commands execution
Remote : yes
Root : yes (!!!)
Date : December 18, 2002
I. BACKGROUND
Openwebmail is a
hi
Enceladus Server Suite is an Internet/Intranet lightweight Web and
FTP Server for
Windows, the version 3.9 according to mollensoft Includes a fix to
the directory traversal vulnerability... ( This is a CRITICAL
SECURITY UPDATE)
http://www.mollensoft.com/
I found several vulnerability critical
-BEGIN PGP SIGNED MESSAGE-
We can confirm the statement made by FX from Phenoelit in his message
Cisco IOS EIGRP Network DoS posted on 2002-Dec-19. The EIGRP
implementation in all versions of IOS is vulnerable to a denial of
service if it receives a flood of neighbor announcements.
It's not always obvious that an archive shouldn't be trusted --
for example, the breakins at the BSD and Sendmail sites.
Trusting directory traversal strings (absolute paths and ../) should
require an explicit request on the part of the user. Just because a
user 'should' be wary of a trojan
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Trustix Secure Linux Security Advisory #2002-0086
Package name: mysql
Summary: Multiple issues
Date: 2002-12-19
Affected versions: TSL 1.5
-
at Thursday, December 19, 2002 12:31 AM, Dave Ahmad
[EMAIL PROTECTED] was seen to say:
Solution:
For Winamp 2.81 users
We recommend either upgrading to Winamp 3.0 or redownloading Winamp
2.81 (which has since been fixed) from: http://www.winamp.com
Does anyone have a more direct URL or a MD5
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Trustix Secure Linux Security Advisory #2002-0089
Package name: wget
Summary: directory traversal bug
Date: 2002-12-19
Affected versions: TSL 1.5
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Trustix Secure Linux Security Advisory #2002-0085
Package name: lynx-ssl
Summary: HTTP headers injection
Date: 2002-12-19
Affected versions: TSL
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Trustix Secure Linux Security Advisory #2002-0087
Package name: perl
Summary: Safe compartments not being safe
Date: 2002-12-19
Affected
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Trustix Secure Linux Security Advisory #2002-0084
Package name: tcpdump
Summary: Incorrect bounds checking
Date: 2002-12-19
Affected versions:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Trustix Secure Linux Security Advisory #2002-0083
Package name: kernel
Summary: Local DoS
Date: 2002-19-12
Affected versions: TSL 1.01, 1.1, 1.2,
From Webshots (confirmed):
-Original Message-
From: [EMAIL PROTECTED] [SMTP:[EMAIL PROTECTED]]
Sent: Wednesday, December 18, 2002 9:33 AM
To: Shutters, Mike
Subject:Re: Password Hole Found In Webshots [T200212130039]
Hello Mike,
Thank you for contacting Webshots!
Hi there,
please find attached an advisory about an issue with the Cisco IOS Enhanced
IGRP implementation that can be used to cause a network segment wide denial of
service condition.
Regards
FX
--
FX [EMAIL PROTECTED]
Phenoelit (http://www.phenoelit.de)
672D 64B2
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
iDEFENSE Security Advisory 12.19.02:
http://www.idefense.com/advisory/12.19.02.txt
Multiple Security Vulnerabilities in Common Unix Printing System (CUPS)
December 19, 2002
I. BACKGROUND
Easy Software Products' Common Unix Printing System (CUPS) is
17 matches
Mail list logo
