Re: Apache 1.3.27 mod_proxy security issue

The Security Team responded 13 minutes after Jason's initial report, attempting to explain how he had misconfigured his server. While we acknowledge that new directives might be desirable in limited cases, the team determined that this is clearly a user configuration error. The Apache HTTP Serve

Re: CGI.pm vulnerable to Cross-site Scripting

Le 22/07/2003 18:57, Lincoln Stein a écrit : But this was fixed long ago in version 2.94. We're at version 2.98 now. The most up-to-date copy is always in CPAN. Please find attached the patch against CGI.pm version 2.98. -- Erwann Corvellec --- CGI.pm.ori 2003-06-18 21:57:21.0 +0200 +

Denial of service in 3COM 812 DSL routers

Product affected : 3COM 812 OfficeConnect DSL routers_ __ Firware affected : __ 1.1.9___

Vulnerability in the mail client in Opera 7.20 beta 1.

A vulnerability has been discovered in M2, the mail client in Opera 7.20, beta 1. Impact of vulnerability: Minor. Versions affected: -- Opera 7.20 Beta 1, build 2981 only. All other Opera versions are safe. Description: Opera’s mail client, M2

NOVL-2003-2966549 - Enterprise Web Server PERL Buffer Overflow

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 For Immediate Disclosure == Summary == Security Alert: NOVL-2003-2966549 Title: Enterprise Web Server PERL Handler Buffer Overflow Date: 23-Jul-2003 Revision: Origin

R7-0015: Multiple Vulnerabilities Apple QuickTime/Darwin Streaming Server

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Rapid7, Inc. Security Advisory Visit http://www.rapid7.com/ to download NeXpose, the world's most advanced vulnerability scanner. Linux an

[SECURITY] [DSA-352-1] New fdclone packages fix insecure temporary directory usage

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA 352-1 [EMAIL PROTECTED] http://www.debian.org/security/ Matt Zimmerman July 22nd, 2003

MDKSA-2003:077 - Updated phpgroupware packages fix multiple vulnerabilities

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Mandrake Linux Security Update Advisory Package name: phpgroupware Advisory ID

Buffer Overflow in Netware Web Server PERL Handler

Topic: Buffer Overflow in Netware Web Server PERL Handler Platform : Netware 5.1 SP6, Netware 6 under certain conditions. Application : NetWare Enterprise Web Server Advisory URL: http://www.protego.dk/advisories/200301.html Identifiers: CERT: VU# 185593, CVE: CAN-2003-0562 Vendor Name: Novell, Inc

[RHSA-2003:234-01] Updated semi packages fix vulnerability

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - Red Hat Security Advisory Synopsis: Updated semi packages fix vulnerability Advisory ID: RHSA-2003:234-01 Issue date:2003-07-23 Updated o

[CLA-2003:703] Conectiva Security Announcement - phpgroupware

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- CONECTIVA LINUX SECURITY ANNOUNCEMENT - -- PACKAGE : phpgroupware SUMMARY : Remote vulnerability

MDKSA-2003:077 correction

The advisory announced this morning (MDKSA-2003:077 for phpgroupware) contains an incorrect CVE name which referenced a mpg123 vulnerability. The correct CVE names are CAN-2003-0504 and CAN-2003-0582. My apologies for the confusion. -- MandrakeSoft Security; http://www.mandrakesecure.net/ Onlin

Drivial Pursuit: Internet Explorer Browser & Your Files and Folders !

Wednesday, 23 July, 2003 Yet another quaint lead-up to "silent delivery and installation of an executable on a target computer. No client input other than viewing a web page" ! This is getting boring. A myriad of technical hurdles have been recently placed to disallow access to files and fo

Microsoft SQL Server DoS

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 @stake Inc. www.atstake.com Security Advisory Advisory Name: Microsoft SQL Server DoS Release Date: 07/23/2003 Application: Microsoft SQL Server 7, 2000, MSDE Platfor

Windows NT 4.0 with IBM JVM Denial of Service

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 @stake, Inc. www.atstake.com Security Advisory Advisory Name: Windows NT 4.0 with IBM JVM Denial of Service Release Date: 07/23/2003 Application: Any Java application

Microsoft SQL Server local code execution

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 @stake Inc. www.atstake.com Security Advisory Advisory Name: Microsoft SQL Server local code execution Release Date: 07/23/2003 Application: Microsoft SQL Server 7, 2000,

Re: ODBC Login information saved as plain text... :(

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 At 01:30 AM 7/22/2003, hanez wrote: >(this is my second post of this mail because the first didn't >arrived to the list...) > >Hello All, > >i have found an interesting thing in Windows XP. When i create an >ODBC SYSTEM-DSN (Datasource available for a

EEYE: Windows MIDI Decoder (QUARTZ.DLL) Heap Corruption

Windows MIDI Decoder (QUARTZ.DLL) Heap Corruption Release Date: July 23, 2003 Severity: High (Remote Code Execution) Systems Affected: Windows 98 Windows 98 SE Windows Millennium Edition Windows NT 4.0 Windows NT 4.0, Terminal Server Edition Windows 2000 Windows XP Windows Server 2003 Descript

VMware GSX Server 2.5.1 / Workstation 4.0 (for Linux systems)vulnerability

David Mirza Ahmad Symantec PGP: 0x26005712 8D 9A B1 33 82 3D B3 D0 40 EB AB F0 1E 67 C6 1A 26 00 57 12 -- The battle for the past is for the future. We must be the winners of the memory war.-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Description - --- The following products