===
Ubuntu Security Notice USN-51-1 December 23, 2004
tetex-bin vulnerability
http://bugs.debian.org/286370
===
A security issue affects the following Ubuntu releases:
Ubuntu
===
Ubuntu Security Notice USN-52-1 December 23, 2004
vim vulnerability
CAN-2004-1138
===
A security issue affects the following Ubuntu releases:
Ubuntu 4.10 (Warty Warthog)
Vendor: SW-Soft
URL: http://www.sw-soft.com/
Version: Plesk 7.0.0
Risk: Cross-Site Scripting
Description: Plesk is comprehensive server management software
developed specifically for the Hosting Service Industry with the
assistance of Web hosting professionals. Time tested tough in real
world h
Dear all,
Final Call for Papers & Workshops - BCS Asia 2005
I just wanted to remind you that this is your last chance to send your
proposal
to [EMAIL PROTECTED] (abstract must be sent today; presentation slides
can be sent later.)
The Call for Workshops has been extended until the 1st January 20
Mr. Jansson has expressed his false claims about the ICT security issues of
the Finnish Parliament. Mr. Jansson has expressed his lies now so many times,
for instance http://lists.netsys.
com/pipermail/full-disclosure/2004-December/030078.html, that we will bring a
charge against him in court. We
[EMAIL PROTECTED] Sent: Thursday, December 23, 2004 2:06 AM
On Sat, 18 Dec 2004 21:13:24 +0100, Tamas Feher <[EMAIL PROTECTED]>
wrote:
> Not for the faint of heart.
>
> "http://www.cnn.com/2004/US/12/18/fetus.found.ali
> ve/index.html"
>
> BTW I love capital punishment!
>
> Regards: Tamas Feher.
Mr. Jansson has expressed his false claims about the ICT security issues of
the Finnish Parliament. Mr. Jansson has expressed his lies now so many times,
for instance http://lists.netsys.
com/pipermail/full-disclosure/2004-December/030078.html, that we will bring a
charge against him in court. We
Mr. Jansson has expressed his false claims about the ICT security issues of
the Finnish Parliament. Mr. Jansson has expressed his lies now so many times,
for instance http://lists.netsys.
com/pipermail/full-disclosure/2004-December/030078.html, that we will bring a
charge against him in court. We
Mr. Jansson has expressed his false claims about the ICT security issues of
the Finnish Parliament. Mr. Jansson has expressed his lies now so many times,
for instance http://lists.netsys.
com/pipermail/full-disclosure/2004-December/030078.html, that we will bring a
charge against him in court. We
--- Daniel Guido <[EMAIL PROTECTED]> wrote:
> I signed on eDonkey this afternoon and noticed that
> all the hubs
> running exactly version 16.50 had their server name
> changed to
> "tribes" and their description changed to "all your
> base belong to
> us." At the risk of sounding like an idiot,
Mr. Jansson has expressed his false claims about the ICT security issues of
the Finnish Parliament. Mr. Jansson has expressed his lies now so many times,
for instance http://lists.netsys.
com/pipermail/full-disclosure/2004-December/030078.html, that we will bring a
charge against him in court. We
===
Ubuntu Security Notice USN-48-1 December 23, 2004
xpdf, tetex-bin vulnerabilities
CAN-2004-1125
===
A security issue affects the following Ubuntu releases:
Ubuntu 4.10 (Wa
On Thu, 23 Dec 2004, Patrick Nolan wrote:
> A bot is not uploaded, not sure where that came from.
> And by now, it is not expected to be spreading at all, thanks to the
> interruption in search requests by Google.
There are a couple posts going on about this, for instance take this
article:
htt
On Wed, 22 Dec 2004 17:59:25 -0800, morning_wood <[EMAIL PROTECTED]> wrote:
>
> > What's in that mailbox is/was mine, none of your business unless I chose
> > to share it.
>
> i couldnt agree more... another case of lame, illogical media bullshit
> BRAVO YAHOO
>
> happy hollidays,
>
> m.w
>
>> Successful exploitation does not require authentication thereby allowing
>> any remote attacker to execute arbitrary code under the privileges of
>> the Backup Exec Agent Browser (benetns.exe) process which is usually a
>> domain administrative account.
This is a huge hole, don't backup vendors
> Do read the code carefully though Dan. Right off hand I can see errors
> that were also in the code posted to bugtraq on the 20th; K-OTik may
> have added more, dunno.
It is probable that they have added errors in. To curb the script
kiddies picking things up and modifying it and releasing it.
I
On Fri, 17 Dec 2004, Barrie Dempster wrote:
> On Tue, 2004-12-14 at 15:44 -0800, n30 wrote:
> > Guys,
> >
> > Looking for few interesting security breach stories...
> >
> > Any database / sites that capture these??
There is also http://www.dshield.org/, in addition to what others have
stated:
Hewlett Packard HP-UX ftpd Remote Buffer Overflow Vulnerability
iDEFENSE Security Advisory 12.21.04
www.idefense.com/application/poi/display?id=175&type=vulnerabilities
December 21, 2004
I. BACKGROUND
HP-UX FTP Daemon is a service included in HP-UX that implements the File
Transfer Protocol.
I
Product:WPKontakt (<= 3.0.1)
Vendor: Wirtualna Polska (http://kontakt.wp.pl/index.html)
Impact: Remote script execution in Internet Zone
Severity: Medium
Authors:Blazej Miga <[EMAIL PROTECTED]>,
Jaroslaw Sajko <[EMAIL PROTECTED]>
Advisory:
Product: Microsoft Internet Explorer
Version: 6.0.2800.1106, 6.0.2900
Product: Microsoft Outlook Express
Version: 6 SP1 Win2K (reported by Brian Bruns)
Description:
Internet Explorer can be tricked into sending mail through its FTP
client without any more user interaction than loading a page.
De
On Tue, 14 Dec 2004, Paul Starzetz wrote:
> The Linux kernel provides a powerful socket API to user applications.
> Among other functions sockets provide an universal way for IPC and user-
> kernel communication. The socket layer uses several logical sublayers.
> One of the layers, so cal
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
STG Security Advisory: [SSA-20041220-16] PHP source injection and cross-site
scripting vulnerabilities in ZeroBoard
Revision 1.2
Date Published: 2004-12-20 (KST)
Last Update: 2004-12-24
Disclosed by SSR Team ([EMAIL PROTECTED])
Summary
===
ZeroBo
Very funny, nice work.
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf
> Of [EMAIL PROTECTED]
> Sent: Wednesday, December 22, 2004 10:21 AM
> To: bugtraq@securityfocus.com; [EMAIL PROTECTED];
> full-disclosure@lists.netsys.com
> Subject: [Full-Discl
> -Original Message-
> On Behalf Of Willem Koenings
> Subject: Re: [Full-Disclosure] RE: Worm hitting PHPbb2 Forums
>
> Mark wrote:
>
> > This exploit is becoming frequent. Normally uploading a ddos bot.
>
> what kind of a bot is uploaded? does anyone have a sample to
> contribute me?
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
OpenPKG Security AdvisoryThe OpenPKG Project
http://www.openpkg.org/security.html http://www.openpkg.org
[EMAIL PROTECTED]
Perhaps I should clarify about this list thing: A friend
of mine is apparently running a rogue email server and a
rogue ftp server, and none of the virus checkers we have
tried will determine what program or where. I looked for
a windows equivalent to lsof but there doesn't appear to
be one
G'day
I wish to change the email address for this
subscription to [EMAIL PROTECTED]
tia
=
--
Regards
Peter
PBSoft Computer Labs
Expert Data Recovery Services
Australia-Wide
[EMAIL PROTECTED]
http://www.hitcity.com.au/PBSOFT.info
__
Do You
> So, here is it, maybe they'll listen now.
Or maybe not...
Hehe
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
libtiff Directory Entry Count Integer Overflow Vulnerability
iDEFENSE Security Advisory 12.21.04
www.idefense.com/application/poi/display?id=174&type=vulnerabilities
December 21, 2004
I. BACKGROUND
This software provides support for the Tag Image File Format (TIFF), a
widely used format for s
There is a workaround posted http://forums.ir0x0rz.com/viewtopic.php?t=34
I'm hoping this will be enough to protect phpBB installs.
~M
-Original Message-
From: M. Shirk [mailto:[EMAIL PROTECTED]
Sent: Tuesday, December 21, 2004 5:53 PM
To: [EMAIL PROTECTED]
Cc: full-disclosure@lists.net
On Wed, 22 Dec 2004, Willem Koenings wrote:
> On Wed, 22 Dec 2004 02:40:25 -0600 (CST), Ron DuFresne
> <[EMAIL PROTECTED]> wrote:
>
>
> > I'd disagree in that the tools are getting to be well enough defined that
> > we are all targets. Best game is to restrict who has access to the ports
> > bein
--- Forwarded message follows ---
From: lsi <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject:how to filter the xmas virus
Send reply to: [EMAIL PROTECTED]
Date sent: Fri, 17 Dec 2004 12:57:48 -
Hmm, the Xmasc
MPlayer Remote RTSP Heap Overflow Vulnerability
iDEFENSE Security Advisory 12.16.04
http://www.idefense.com/application/poi/display?id=166
December 16, 2004
I. BACKGROUND
MPlayer is a movie player for Linux that also runs on many other Unices,
and non- x86 CPUs. It plays most MPEG, VOB, AVI, Og
-BEGIN PGP SIGNED MESSAGE-
NetBSD Security Advisory 2004-010
=
Topic: Insufficient argument validation in compat code
Version:NetBSD-current: source prior to Oct 27, 2004
NetBSD 2.0:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
OpenPKG Security AdvisoryThe OpenPKG Project
http://www.openpkg.org/security.html http://www.openpkg.org
[EMAIL PROTECTED]
Use IISShield to prevent scenarios like the one you've described.
http://www.kodeit.org/products/iisshield/default.htm
Tiago Halm
KodeIT Development Team
http://www.kodeit.org
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Raoul
Nakhmanson-Kulish
Sent:
> Looking for few interesting security breach stories...
Something to learn from :)
http://www.dataloss.net/papers/how.defaced.apache.org.txt
W.
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
great, so while I'm using hyperterminal on my network connected machine (!)
to update my hardware for the latest exploit, along comes someone with this
and hacks my client laptop. Somehow I'm glad that I only use UNIX...
-- Greg
On or about 2004.12.15 11:59:56 +, Brett Moore ([EMAIL PROTECTED
Not meaning to start a flame war, rather a discussion of what's considered
"state of the art" for "data hygiene" (cute). I've used srm (available in
the FreeBSD ports collection and elsewhere). I'm not familiar with shred
and wipe (Linux tools?) so perhaps those more up to date can suggest what
an
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Linux Security Advisory GLSA 200412-11
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - -
Hello Raoul!
It might of been due to something ELSE running on your server. What
other services/ports are open? (SSH, Telnet, SMTP, VNC, etc) It's
possible another protocol or service was exploited, allowing access.
(Then might of just upped the kit for later retrieval from a malware
infection or
===
Ubuntu Security Notice USN-39-1 December 16, 2004
linux-source-2.6.8.1 vulnerability
CAN-2004-1074, USN-30-1
===
A security issue affects the following Ubuntu releases:
Ub
42 matches
Mail list logo