[USN-97-1] libxpm vulnerability
Grok Headline matches for [USN-97-1] libxpm vulnerability
CESA-2004-004: libXpm
CESA-2004-004: libXpm
09/16/2004 01:44 AMchris_at_scary.beasts.org (Sep 15 2004)
MDKSA-2004:098 - Updated libxpm4
packages fix libXpm overflow
vulnerabilities
MDKSA-2004:098 - Updated libxpm4
packages fix libXpm overflow
vulnerabilities
09/16/2004 06:53 PMMandrake Linux Security Team (Sep 15 2004)
MDKSA-2004:099 - Updated XFree86
packages fix libXpm overflow
vulnerabilities
MDKSA-2004:099 - Updated XFree86
packages fix libXpm overflow
vulnerabilities
09/16/2004 10:53 PMMandrake Linux Security Team (Sep 15 2004)
Open source outfit releases
vulnerability for IE vulnerability
Open source outfit releases
vulnerability for IE vulnerability
12/19/2003 01:10 PMThe Register Dec 19 2003 11:57AM ET
Re: NISCC Vulnerability Advisory 236929:
Vulnerability Issues in TCP
Re: NISCC Vulnerability Advisory 236929:
Vulnerability Issues in TCP
05/11/2004 06:04 PMFlorian Weimer (May 11 2004)
NISCC Vulnerability Advisory 236929:
Vulnerability Issues in TCP
NISCC Vulnerability Advisory 236929:
Vulnerability Issues in TCP
04/20/2004 02:16 PMDavid Ahmad (Apr 20 2004)
Php Vulnerability N. 2
Php Vulnerability N. 2
09/16/2004 01:29 PMStefano Di Paola (Sep 15 2004)
Vulnerability in man < 1.5l
Vulnerability in man < 1.5l
03/13/2003 10:22 AMJack Lloyd (Mar 11 2003)
[USN-52-1] vim vulnerability
[USN-52-1] vim vulnerability
12/24/2004 12:36 PMMartin Pitt (Dec 23 2004)
IE6 + XP SP2 Vulnerability
IE6 + XP SP2 Vulnerability
09/17/2004 12:37 AMcns (Sep 15 2004)
802.11 Has DoS Vulnerability
802.11 Has DoS Vulnerability
05/13/2004 08:11 PMInternet News May 13 2004 11:39PM GMT
PHP Vulnerability N. 1
PHP Vulnerability N. 1
09/15/2004 03:20 PMStefano Di Paola (Sep 15 2004)
Vulnerability with XP SP2
Vulnerability with XP SP2
08/18/2004 06:29 AMJust to bare in mind, Microsoft are dealing with this and are holding
off SP2s release on
Automatic Update because of it. There's a
bug in the implementation of a new security feature; it'd be hard to
criticize Microsoft too hard for this problem.
"With Service Pack 2, Microsoft introduces a new security feature
which warns users before executing files that originate from an
untrusted location (zone) such as the Internet. There are two flaws in
the implementation of this feature: a cmd issue and the caching of
ZoneIDs in Windows Explorer. The Windows command shell cmd ignores
zone information and starts executables without warnings. Virus
authors could use this to spread viruses despite the new security
features of SP2.
Windows Explorer does not update zone information properly when files
are overwritten. So it can be tricked to execute files from the
internet without warning."
Heise do concede that it would take a fair amount of user interaction
for a virus writer to use this vulnerability. However, as they point
out, the powers of social engineering and playing on less IT adept
people do mean that it's not that in-conceivable it could happen. With
Service Pack 2, Microsoft had clearly been hoping for less
vulnerabilities, and will no doubt be disappointed with this news.
View:
More
info @ Heise.deRead full story...Vulnerability in 2.6 and 2.61
Vulnerability in 2.6 and 2.61
03/13/2003 10:15 AMIf you upgraded to 2.6 or 2.61, you need to upgrade immediately to
2.62. There is a security vulnerability in...
PHP CGI Vulnerability
PHP CGI Vulnerability
02/20/2003 10:46 AMPHP CGI Vulnerability
I don't know how many folks are actually doing php as a CGI but if so
...
[17-Feb-2003] The PHP Group today announced the details of a serious
CGI vulnerability in PHP version 4.3.0. A security update, PHP 4.3.1,
fixes the issue. Everyone running affected version of PHP (as CGI) are
encouraged to upgrade immediately. The new 4.3.1 release does not
include any other changes, so upgrading from 4.3.0 is safe and
painless. [_Go_]
I have to commend the php team for NOT including any other changes
thereby making it much more likely that affected systems get patched.
Good going!
Re: [USN-52-1] vim vulnerability
Re: [USN-52-1] vim vulnerability
12/25/2004 05:09 PMLiu Die Yu (Dec 23 2004)
KDE Vulnerability
KDE Vulnerability
08/12/2004 06:18 AMDirect and Related Links for 'KDE
Vulnerability'
“Two vulnerabilities have been discovered in KDE, which can
be exploited by malicious, local users to perform certain actions on a
vulnerable system with escalated privileges. 1) Certain directories
and files are created insecurely when a user runs a KDE application
outside the KDE environment or as another user. This can be exploited
via symlink attacks to overwrite or truncate arbitrary files or
prevent KDE applications from accessing certain directories. This
vulnerability affects KDE 3.2.3…
[USN-108-1] GDK vulnerability
[USN-108-1] GDK vulnerability
04/06/2005 05:45 PMPosted by Martin Pitt, Apr 05 2005
Xine Vulnerability
Xine Vulnerability
08/11/2004 10:30 PMDirect and Related Links for 'Xine
Vulnerability'
“Critical: Highly critical Impact: System access Where: From
remote Software: xine-lib 0.x, xine-lib 1.x c0ntex has reported a
vulnerability in Xine, which can be exploited by malicious people to
compromise a user’s system….The vulnerability reportedly
affects Xine 1-rc5 and prior. Solution: A fix is available in the CVS
repository.”…
[USN-73-1] Python vulnerability
[USN-73-1] Python vulnerability
02/05/2005 09:38 PMMartin Pitt (Feb 03 2005)
[USN-104-1] unshar vulnerability
[USN-104-1] unshar vulnerability
04/05/2005 01:36 AMMartin Pitt
Nasty new IE vulnerability
Nasty new IE vulnerability
12/09/2003 02:34 PMMost people reading are probably aware of the common trick whereby
spammers and other assorted ne'er-do-wells publish URLs with usernames that look like hostnames to fool people in to
trusting a malicious site - for example, http://www.microsoft.com&session%123123123@simon.incutio.com
. This trick is frequently used by spammers to steal people's PayPal
accounts, by tricking them in to "resetting" their password at a site
owned by the spammer but disguised as PayPal.com.
Today's new
Internet Explorer vulnerability makes the problem a hundred times
worse. By including an 0x01 character after the @ symbol in the fake
URL, IE can be tricked in to not
displaying the rest of the URL at all. Don't expect a patch for a while
either; the guy who discovered the bug released it to
BugTraq on the same day he notified the vendor.
[USN-111-1] Squid vulnerability
[USN-111-1] Squid vulnerability
04/14/2005 10:14 PMPosted by Martin Pitt, Apr 14 2005
[USN-74-1] Postfix vulnerability
[USN-74-1] Postfix vulnerability
02/05/2005 09:38 PMMartin Pitt (Feb 04 2005)
[USN-107-1] racoon vulnerability
[USN-107-1] racoon vulnerability
04/05/2005 05:38 PMMartin Pitt
E107 DoS vulnerability
E107 DoS vulnerability
10/29/2003 07:10 PMBlademaster (Oct 29 2003)
Re: ASN.1 vulnerability -is- on Win98
Re: ASN.1 vulnerability -is- on Win98
02/19/2004 06:15 PMJoshua Levitsky (Feb 18 2004)
Vulnerability Issues in TCP
Vulnerability Issues in TCP
04/20/2004 01:57 PMFix for OS X vulnerability released
Fix for OS X vulnerability released
05/18/2004 04:08 PMIsophonic Software has released
Don't Go There, GURLfriend 1.0, a free easy to use fix for the
recently discovered
help: URL
vulnerability which affects all Mac web browsers that can launch
external applications.
LDU (land down under) xss vulnerability
LDU (land down under) xss vulnerability
05/29/2004 03:25 PMtim de gier (May 29 2004)
WebArtFactory CMS Vulnerability
WebArtFactory CMS Vulnerability
12/17/2003 02:31 PMNoticias (Dec 16 2003)
OS X security vulnerability
OS X security vulnerability
12/16/2003 06:33 PMA new Mac OS X security vulnerability has been discovered. Apparantly
this vulnerability can allow execution of arbitrary code with "root"
priviledges. The issue is considered a "Less Critical" vulnerability,
and affects Mac OS X 10.3.1 and possibly other versions of the
operating system.
Defending against the OS X help:
vulnerability
Defending against the OS X help:
vulnerability
05/18/2004 03:05 PMThere's a nasty OS X
vulnerability under discussion at the moment which lets a web page
run a program on your drive by taking advantage of a flaw in the
"help:" protocol. There's a non-malicious demonstration of the exploit
on this page, and Jay
Allen is hosting a discussion on the exploit and ways to avoid
it.
To save you from digging through the discussion, the quickest way
to defend yourself is to install the More
Internet preference pane (mount the DMG, then copy the More
Internet.prefPane file to your /Library/PreferencePanes folder
or run the "install prefpane" script). Then go to system preferences,
launch the "More Internet" panel, select the "help" protocol and use
the Change button to assign it to some non-harmful application such as
Chess (simply deleting the protocols will not solve the problem).
While you're there it's a good idea to add a new protocol called
"disk" and assign it to a non-harmful application as well - this
prevents malicious sites from being able to auto-mount networked disk
images on your system, something which while not exploitable on its
own can be used in conjunction with other exploits (like the help:
one) to execute arbitrary code.
For those who are interested, it seems the exploit itself is as
simple as this:
<a
href="help:runscript=MacHelp.help/Contents/Resources/English.lproj/shr
d/OpnApp.scpt string=usr:bin:top">click to run 'top'</a>
XSS vulnerability in XOOPS 2.0.5.1
XSS vulnerability in XOOPS 2.0.5.1
12/22/2003 05:21 PMChintan Trivedi (Dec 21 2003)
IMWheel Vulnerability
IMWheel Vulnerability
08/27/2004 09:14 PMDirect and Related Links for 'IMWheel
Vulnerability'
“I)ruid has reported a vulnerability in IMWheel, which can be
exploited by malicious, local users to perform certain actions on a
vulnerable system with escalated privileges or cause a DoS (Denial of
Service)….
TCP Vulnerability Published
TCP Vulnerability Published
04/20/2004 03:23 PMThe vulnerability of Macs
The vulnerability of Macs
12/11/2003 10:49 AMDiscussing what it calls a "significant hole," ABCnews asserts that a
security issue affecting both Jaguar and Panther versions of OS X
announced last month means that the "Mac OS is just as vulnerable as
Microsoft Windows." While no operating system can claim to be
perfectly secure, OS X and Unix variants in general are more secure
than Windows by design, because Unix was created for a networked,
multiple user environment, and Windows was created to operate on...
[USN-75-1] cpio vulnerability
[USN-75-1] cpio vulnerability
02/05/2005 09:38 PMMartin Pitt (Feb 04 2005)
[USN-71-1] PostgreSQL vulnerability
[USN-71-1] PostgreSQL vulnerability
02/01/2005 09:28 PMMartin Pitt (Feb 01 2005)
Grok Description matches for [USN-97-1] libxpm vulnerability
GrokA matches for [USN-97-1] libxpm vulnerability
[USN-97-1] libxpm vulnerability
