Telindus 112x ADSL Router - Weak Password Encryption

2002-12-30 Thread eflorio
Telindus Router (series 112x) has a well-know authentication problem, which lets to extract router password from a UDP-dump sniffed over 9833 port. More about this at: http://www.securiteam.com/securitynews/5DP0A2K7GY.html or http://neworder.box.sk/showme.php3?id=6730 New firmware

GLSA: openldap

2002-12-30 Thread Daniel Ahlberg
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - GENTOO LINUX SECURITY ANNOUNCEMENT 200212-12 - - PACKAGE : openldap SUMMARY : remote command execution DATE  

GLSA: cups

2002-12-30 Thread Daniel Ahlberg
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - GENTOO LINUX SECURITY ANNOUNCEMENT 200212-13 - - PACKAGE : cups SUMMARY : multiple cups vulnerbilities DATE  

Potential DOS attack with Web-CyrAdm.

2002-12-30 Thread Casper Aleva
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 DSINet Security Advisory DSINET-SA-02-01 http://www.dsinet.org/textfiles/advisories/dsinet/dsinet-sa-02-01.txt Potential DOS attack with Web-CyrAdm Program: Web-CyrAdm Credits: Remko Lodder ( [EMAIL PROTECTED] - http://www.dsinet.org/ ) Vendor: Luc

Leafnode security announcement SA:2002:01

2002-12-30 Thread Matthias Andree
-BEGIN PGP SIGNED MESSAGE- leafnode-SA-2002:01.versions Topic: vulnerabilities in leafnode Announcement: leafnode-SA-2002:01 Writer: Matthias Andree Version:1.00 Announced: 2002-12-29 Category: main Type: denial of service Impact:

[SECURITY] [DSA 218-1] New bugzilla packages fix cross site scripting problem

2002-12-30 Thread Martin Schulze
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA 218-1 [EMAIL PROTECTED] http://www.debian.org/security/ Martin Schulze December 30th, 2002

CITIBANK [CANADA]: INTERNET EXPLORER BROWSERS

2002-12-30 Thread [EMAIL PROTECTED]
Sunday, December 29, 2002 There is a small silly hitch with CITIBANK CANADA's secured sign in to online banking: https://citibankcanada.ebilling.com/index.jhtml Specifically AUTOCOMPLETE=off in the forms. It is not set. While much explanation is made about SSL connections and fancy digital

Visual SourceSafe - Preliminary Observations

2002-12-30 Thread Joel Maslak
Recently, I evaluated Visual SourceSafe (VSS) 6.0 for an employer. We were comparing it to other network-aware source code control systems. Visual SourceSafe is barely network aware. By barely, it is network aware in the same way an Access Database can be network aware - all program logic

Wired.com: So Many Holes, So Few Hacks

2002-12-30 Thread Richard M. Smith
So Many Holes, So Few Hacks By Michelle Delio http://www.wired.com/news/infostructure/0,1377,56955,00.html Experts who discover and report security holes seem to be far more industrious than the malicious hackers willing or able to exploit those holes. Despite the thousands of hackable holes