Riched20.DLL attribute label buffer overflow vulnerability

=== = Security Defence Stdio vulnerability announcement [001] Riched20.DLL attribute label buffer overflow vulnerability URL:http:\\www.yoursft.com Author: Thrkdev finds date#65306;2003#24180;2#26376;1#26085;

The First Honeyd Challenge

With the release of Honeyd 0.5 over the weekend, I am pleased to also announce the first Honeyd challenge! Honeyd is a virtual honeypot running as a small daemon to create virtual hosts on a network. The hosts can be configured to run arbitrary services, and their personality can be adapted so

Oracle unauthenticated remote system compromise (#NISR16022003a)

NGSSoftware Insight Security Research Advisory Name:Oracle unauthenticated remote system compromise Systems Affected: All platforms; Oracle9i Database Release 2, 9i Release 1, 8i, 8.1.7, 8.0.6 Severity: Critical Risk Category: Remote System Buffer Overrun Vendor URL:

[immune advisory] Mulitple vulnerabilities found in BisonFTP

[immune advisory] Mulitple vulnerabilities found in BisonFTP BisonFTP is a FTP daemon used on Microsoft Windows 9x/NT systems. -[ DESCRIPTION ] I)

GLSA: mailman

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - - GENTOO LINUX SECURITY ANNOUNCEMENT 200302-05 - - - PACKAGE : mailman SUMMARY : cross site scripting DATE

Oracle TO_TIMESTAMP_TZ Remote System Buffer Overrun (#NISR16022003b)

NGSSoftware Insight Security Research Advisory Name:Oracle TO_TIMESTAMP_TZ Remote System Buffer Overrun Systems Affected: All platforms; Oracle9i Database Release 2, 9i Release 1, 8i, 8.1.7, 8.0.6 Severity: High Risk Category: Remote System Buffer Overrun Vendor URL:

Oracle9i Application Server Format String Vulnerability (#NISR16022003d)

NGSSoftware Insight Security Research Advisory Name:Oracle9i Application Server Format String Vulnerability Systems Affected: All platforms; Oracle9i Application Server Release 9.0.2 Severity: Critical Risk Category: Format String Vulnerability Vendor URL:

Oracle TZ_OFFSET Remote System Buffer Overrun (#NISR16022003c)

NGSSoftware Insight Security Research Advisory Name:Oracle TZ_OFFSET Remote System Buffer Overrun Systems Affected: All platforms; Oracle9i Database Release 2, 9i Release 1, 8i, 8.1.7, 8.0.6 Severity: High Risk Category: Remote System Buffer Overrun Vendor URL:

Lotus Domino Web Server iNotes Overflow (#NISR17022003b)

NGSSoftware Insight Security Research Advisory Name:Lotus Domino Web Server iNotes Overflow Systems Affected: Release 6.0 Severity: Critical Risk Category: Remote System Buffer Overrun Vendor URL: http://www.lotus.com Author: Mark Litchfield ([EMAIL PROTECTED]) Date:

Lotus Domino Web Server Host/Location Buffer Overflow Vulnerability (#NISR17022003a)

NGSSoftware Insight Security Research Advisory Name:Lotus Domino Web Server Host/Location Buffer Overflow Vulnerability Systems Affected: Release 6.0 Severity: Critical Risk Category: Remote System Buffer Overrun Vendor URL: http://www.lotus.com Author: Mark Litchfield ([EMAIL

Lotus iNotes Client ActiveX Control Buffer Overrun (#NISR17022003c)

NGSSoftware Insight Security Research Advisory Name:Lotus iNotes Client ActiveX Control Buffer Overrun Systems Affected: Release 6.0 Severity: Medium Risk Category: Remote System Buffer Overrun Vendor URL: http://www.lotus.com Author: Mark Litchfield ([EMAIL PROTECTED]) Date: 17th

Oracle bfilename function buffer overflow vulnerability (#NISR16022003e)

NGSSoftware Insight Security Research Advisory Name:ORACLE bfilename function buffer overflow vulnerability Systems Affected: All platforms; Oracle9i Database Release 2, 9i Release 1, 8i, 8.1.7, 8.0.6 Severity: High Risk Category: Remote System Buffer Overrun Vendor URL:

Domino Advisories UPDATE

Hi All, Please note the following correction - The Notes Client Up-Date can be found at http://www14.software.ibm.com/webapp/download/search.jsp?q=cat=pf=k=dt=; go=yrs=ESD-NOTECLNTiS_TACT=S_CMP=sb=r The Domino Web Server Update can be found at

Security Update: [CSSA-2003-007.0] Linux: Apache mod_dav module format string vulnerability

To: [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] __ SCO Security Advisory Subject:Linux: Apache mod_dav module format string vulnerability Advisory

Re: Opera Username Buffer Overflow Vulnerability

Hello. I found the little mistake in my exploit source file, Sorry. It is out of the Exploit routine. (about links of Version.lib) And I attached the fixed version of it. Now. OperaSoftwareASA have not fixed this vulnerability, yet. --

GLSA: syslinux

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - - GENTOO LINUX SECURITY ANNOUNCEMENT 200302-06 - - - PACKAGE : syslinux SUMMARY : security issues in installer

GLSA: w3m

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - - GENTOO LINUX SECURITY ANNOUNCEMENT 200302-07 - - - PACKAGE : w3m SUMMARY : missing HTML quoting DATE:

/usr/bin/enq and /usr/bin/X11/aixterm exploit in AIX

/* Title: /usr/bin/enq and /usr/bin/X11/aixterm exploit in AIX Vulnerability found by Esa Etelavoun, iDEFFENSE Author: green([EMAIL PROTECTED]), dragory([EMAIL PROTECTED]) Tested on AIX 4.3.3/RS6000 Reference: lsd-pl.net's exploit Thanks to wowcode overhead team at

[argv] BitchX-353 Vulnerability

-BEGIN PGP SIGNED MESSAGE- Mon Feb 17 15:26:06 EST 2003 1. Topic: BitchX IRC Client 2. Relevant versions: Vulnerable: BitchX-75p3 BitchX-1.0c16 BitchX-1.0c19 BitchX-1.0c20cvs Not Vulnerable:

PHP Security Advisory: CGI vulnerability in PHP version 4.3.0

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 PHP Security Advisory: CGI vulnerability in PHP version 4.3.0 Issued on: February 17, 2003 Software: PHP/CGI version 4.3.0 Platforms: All The PHP Group has learned of a serious security vulnerability in the CGI SAPI of PHP version