-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- -
GENTOO LINUX SECURITY ANNOUNCEMENT 200301-7
- -
PACKAGE : libpng
SUMMARY : buffer overflow
DATE :
Hi everybody
Though I dont know if this vulnerability has be discovered previously I
found a buffer overflow in the app uucp of SunOS 5.8 that it could be used
to get privileges of uucp.
Buffer is overflow when the app uucp is executed with the parameter -s
continued of a string
On Wed, 8 Jan 2003, Jouko Pynnonen informed us that:
The vendor has been informed about this bug last month. Although there
hasn't been any direct reply, there was a comment on this on the IMP
mailing list: 2.2.x is officially deprecated/unsupported. This does not
apply to 3.x..
Versions
===
==Shell Security Team==
===
==
Advisory For W-agora==
==
- Product : w-agora
- Tested version : version 4.1.5
- Website : http://www.w-agora.net
- Discovery By Sonyy
- Vendor
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Mandrake Linux Security Update Advisory
Package name: xpdf
Advisory ID:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Mandrake Linux Security Update Advisory
Package name: leafnode
Advisory ID:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 224-1 [EMAIL PROTECTED]
http://www.debian.org/security/ Martin Schulze
January 8th, 2002
I am the owner of a project designed to preserve computer security digests
and I need to ask the community for help locating material relating to the
Zardoz Security Digest. Without this material, I am not able to
comprehensively document the history of this digest.
In particular, I am unable
I suppose that IE's 'automatic font download' support (which is on by
default) would exacerbate this problem, correct?
--dil
On Fri, 10 Jan 2003 11:05:01 -, Greg Bolshaw
[EMAIL PROTECTED] wrote:
Product: Efficient Networks 5861 DSL Router
http://www.efficient.com/ebz/5800.html
Tested version:5.3.80 (Latest firmware)
Advisory date: 10/01/2003
Severity:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 225-1 [EMAIL PROTECTED]
http://www.debian.org/security/ Martin Schulze
January 9th, 2002
-
Red Hat, Inc. Red Hat Security Advisory
Synopsis: Updated CUPS packages fix various vulnerabilities
Advisory ID: RHSA-2002:295-07
Issue date:2003-01-13
Updated on:2003-01-09
-
Red Hat, Inc. Red Hat Security Advisory
Synopsis: Updated cyrus-sasl packages fix buffer overflows
Advisory ID: RHSA-2002:283-09
Issue date:2003-01-07
Updated on:2003-01-06
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Mandrake Linux Security Update Advisory
Package name: kde
Advisory ID:
Informations :
°°
Version : ?
Website : http://www.theni.freesurf.fr
Problems :
- Include file
- phpinfo()
PHP Code/Location :
°°°
/admin_t/include/aff_liste_langue.php :
-
require ($rep_include.para_langue.php);
On Tue, 2003-01-07 at 03:20, Steve Watt wrote:
In article [EMAIL PROTECTED] you
write:
[ snip ]
SOLUTION :
==
[ snip ]
if(!eregi(^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$,
$email) $email !=
) {
Please note that there are many more characters
Tested on Windows NT4 SP6a.
Had to force opening with fontview as it was not associated by default.
No restart, just message Not a valid font file.
-Original Message-
From: Andrew [mailto:[EMAIL PROTECTED]]
Sent: 06 January 2003 15:37
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject:
These vulnerabilities were found / tested on:
WebCollection Plus (TM)
Copyright 2001 Follett Software Company
Version 5.00
Revision 12-01-A Dec 19 2001
Program protects from reading other non-webserver accessible files by
checking for a : or excessive .'s in a string. If the URL has a / at the
On Thu, Jan 09, 2003 at 02:48:30PM +1100, Damien Miller wrote:
Crist J. Clark wrote:
Any program that asks for a password on the command line should have
the common decency to overwrite/obfuscate it, along the lines of,
case 'p':
passwd = optarg;
optarg =
INetCop Security Advisory #2003-0x82-012
* Title: Remote format string vulnerability in Tanne.
0x01. Description
About:
tanne is a small, secure session-management solution for HTTP.
Windows98 - No reboot.
-Original Message-
From: Andrew [mailto:[EMAIL PROTECTED]]
Sent: Monday, January 06, 2003 10:37 AM
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: Opentype font file causes Windows to restart.
Problem
---
The attached OpenType font file will cause Windows
-BEGIN PGP SIGNED MESSAGE-
__
SuSE Security Announcement
Package:libpng
Announcement-ID:SuSE-SA:2003:0004
Date: Tuesday,
-BEGIN PGP SIGNED MESSAGE-
__
SGI Security Advisory
Title: Multiple Vulnerabilities in Sendmail
Number : 20030101-01-P
Date : January 6, 2003
Reference: CVE CAN-2002-1165
[Since my first attempt yesterday was not approved by the BugTraq
moderator, I'm trying it again, this time in a slightly different format
and CC'ing vulnwatch, too.]
The problem is due to incorrect data in the CFF table of this font -
for details, please see the attached message I sent to the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Synopsis:BitKeeper remote shell command execution/local vulnerability
Product: BitKeeper (http://www.bitkeeper.com)
Version: 3.0.x
Author: Maurycy Prodeus [EMAIL PROTECTED]
Date:11 November 2002
Issue:
- --
BitKeeper is
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
QITEST1 SECURITY ADVISORY #006
middleman-1.2 and prior off-by-one bug
PROGRAM DESCRIPTION
Middleman is a powerful proxy server with many features designed to make browsing
the Internet a more pleasant experience. It can do much more than
26 matches
Mail list logo
