|
|
2003-09-29
Secunia
Security Tracker
Security Focus
Symantec
Secunia
Special Update: Microsoft Internet Explorer Multiple Vulnerabilities
Microsoft has issued a cumulative patch for Internet Explorer, which fixes multiple vulnerabilities. The worst vulnerability can lead to execution of arbitrary code on the client system via HTML emails or web sites.
Microsoft Windows RPCSS Service DCOM Interface Vulnerabilities
Three vulnerabilities have been identified in Microsoft Windows, which can be exploited by malicious people to compromise a vulnerable system or cause a DoS (Denial of Service).
Sun Solaris Sadmind Insecure Default Configuration
Sun has issued a security alert for Sun Solaris to raise awareness of the known insecure default configuration of sadmind (Solstice Administration Daemon) because an exploit has been discovered in the wild.
Latest 15 Secunia Security Advisories:
2003-09-29
- Mandrake update for ProFTPD
- Trustix update for ProFTPD
- Smoothwall update for OpenSSH
- Debian update for freesweep
- Sun Linux update for pam_smb
- Sun Linux update for OpenLDAP
- Sun Cobalt update for IMAP Clients
- Sun Cobalt update for BIND
2003-09-26
- Cfengine Remotely Exploitable Buffer Overflow
- sbox Path Disclosure Vulnerability
- MPlayer ASX Streaming Buffer Overflow Vulnerability
- Savant Web Server Infinite Loop Denial of Service
- OpenPKG update for ProFTPD
- wzdftpd Login Denial of Service Vulnerability
- Tcl Web Server Directory Traversal and Cross Site Scripting
Security Tracker
Geeklog Input Validation Flaws Permit SQL Injection and Cross-Site Scripting Attacks
Lorenzo Hernandez Garcia-Hierro reported several vulnerabilities in Geeklog. A remote user can inject SQL commands. A remote user can also conduct cross-site scripting attacks.
Impact: Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information
Invision Power Board Configuration File Permission Flaw Lets Local Users Inject Malicious Code
f3rm0r of Media Assasins reported a file permission vulnerability in Invision Power Board. A local user can modify a global configuration file.
Impact: Execution of arbitrary code via local system, Modification of user information, User access via local system
A-CART Input Validation Flaw in 'signin.asp' Permits Remote Cross-Site Scripting Attacks
G00db0y from Zone-h Security Team reported an input validation vulnerability in A-CART. A remote user can conduct cross-site scripting attacks.
Impact: Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information
Apache Web Server mod_cgi Error May Let Malicious CGI Scripts Crash the Web Service
A denial of service vulnerability was reported in the Apache 2.0 web server. A user with the ability to place CGI scripts on the server can cause the web service to hang.
Impact: Denial of service via local system
Marbles Game HOME Environment Variable Buffer Overflow Lets Local Users Gain Elevated Privileges
A buffer overflow vulnerability was reported in the Marbles game software. A local user may be able to obtain elevated privileges on the target system.
Impact: Execution of arbitrary code via local system, User access via local system
SecurityFocus BugTraq
SecurityFocus Vulnerabilities
09/27/2003 Marbles v1.0.5 local PoC exploit. demz -
09/27/2003 Re: ICMP pokes holes in firewalls... Darren Reed
09/27/2003 Re: base64 Ilya Teterin
09/27/2003 Re: base64 Greg A. Woods
09/27/2003 UnixWare 7.1.3 Open UNIX 8.0.0 : Sendmail: buffer overflow in versions 8.12.8 and prior. security sco com
09/27/2003 UnixWare 7.1.3 Open UNIX 8.0.0 UnixWare 7.1.1 : OpenSSH: multiple buffer handling problems security sco com
09/27/2003 UnixWare 7.1.3 UnixWare 7.1.1 Open UNIX 8.0.0 : Network device drivers reuse old frame buffer data to pad packets security sco com
09/27/2003 Re: ICMP pokes holes in firewalls... Daniel Hartmeier
09/26/2003 Re: Packetstorm started a try2crack of A.R.C.S. Algorithm markus-1977 gmx net
09/26/2003 Re: ICMP pokes holes in firewalls... Darren Reed
09/26/2003 MDKSA-2003:096 - Updated apache2 packages fix CGI scripting deadlock Mandrake Linux Security Team
09/26/2003 MDKSA-2003:095 - Updated proftpd packages fix remote root vulnerability Mandrake Linux Security Team
09/26/2003 Re: Packetstorm started a try2crack of A.R.C.S. Algorithm mhw netris org (Mark H Weaver)
09/26/2003 Re: base64 Steven M. Christey
09/26/2003 Re: base64 Earl Hood
09/26/2003 Re: Packetstorm started a try2crack of A.R.C.S. Algorithm der Mouse
09/26/2003 RE: base64 Rainer Gerhards
09/26/2003 RE: Ruh-Roh SOBIG.G? James C. Slora, Jr.
09/26/2003 RE: base64 Michael Wojcik
09/26/2003 Packetstorm started a try2crack of A.R.C.S. Algorithm Angelo Rosiello
09/26/2003 Re: base64 Bennett Todd
09/26/2003 Re: base64 Bennett Todd
09/26/2003 Re[2]: base64 3APA3A
09/26/2003 RE: CyberInsecurity: The cost of Monopoly emacdona edmacdonald net
09/26/2003 RE: base64 Louis Erickson
09/26/2003 Re: base64 Bennett Todd
09/26/2003 DCE 1.2.2c Denial of Service Vulnerability on IRIX SGI Security Coordinator
09/26/2003 Re: Does VeriSign's SiteFinder service violate the ECPA? Bob Johnson
09/26/2003 Re: Sanctum AppScan 4 misses potential vulnerabilities in wrapped links Valdis Kletnieks vt edu
09/26/2003 @Stake pulls pin on Geer: Effect on research and publication Patrick J. Kobly
09/26/2003 Re: ICMP pokes holes in firewalls... H D Moore hdm@digitaloffense.net,(by way of Lucio )
09/26/2003 RE: Ruh-Roh SOBIG.G? Larry Seltzer
09/26/2003 Re: ICMP pokes holes in firewalls... Lucio
09/26/2003 McNews 1.3 : File Disclosure Vulnerability Sebastien Lelarge
09/26/2003 RE: Sanctum AppScan 4 misses potential vulnerabilities in wrapped links Dawes, Rogan (ZA - Johannesburg)
09/26/2003 SMC Router Denial of Service exploit res076cf alltel net
09/26/2003 Re: [OpenPKG-SA-2003.042] OpenPKG Security Advisory (openssh) Ralf S. Engelschall
09/26/2003 Re: LanSuite 2003 - Multiple Vulnerabilities Stan Bubrouski
09/26/2003 Re: LanSuite 2003 - Multiple Vulnerabilities Stan Bubrouski
09/26/2003 [SECURITY] [DSA-390-1] New marbles packages fix buffer overflow Matt Zimmerman
09/26/2003 Re: Ruh-Roh SOBIG.G? Valdis Kletnieks vt edu
09/26/2003 Re: LanSuite 2003 - Multiple Vulnerabilities Phuong Nguyen
09/26/2003 RE: [Full-Disclosure] CyberInsecurity: The cost of Monopoly Richard M. Smith
09/26/2003 RE: [Full-Disclosure] CyberInsecurity: The cost of Monopoly Marc Maiffret
09/26/2003 CyberInsecurity: The cost of Monopoly Jonathan A. Zdziarski
09/26/2003 Mplayer Buffer Overflow Otero, Hernan
09/26/2003 Re: ICMP pokes holes in firewalls... Darren Reed
2003-09-25: Athttpd Remote GET Request Buffer Overrun Vulnerability
2003-09-25: myServer File Disclosure Variant Vulnerability
2003-09-25: Apache htpasswd Password Entropy Weakness
2003-09-25: Software602 602Pro LAN SUITE 2003 Multiple Remote Vulnerabilities
2003-09-25: SBox Path Disclosure Vulnerability
2003-09-25: ArGoSoft FTP Server XCWD Command Remote Buffer Overrun Vulnerability
2003-09-25: WodFTPServer FTP Command Buffer Overflow Vulnerability
2003-09-25: Multiple Vendor VPN Implementation Vulnerabilities
2003-09-25: Software602 602Pro LAN SUITE 2003 Directory Traversal Vulnerability
2003-09-25: Software602 602Pro LAN SUITE 2003 Sensitive User Information Storage Vulnerability
2003-09-25: Imatix Xitami Long Header Denial Of Service Vulnerability
2003-09-25: BRS WebWeaver Long URL Request Logging Failure Weakness
Symantec SSR
W32.Smibag.Worm September 26, 2003 September 26, 2003
PWSteal.Lemir.F
Trojan.PSW>Legendmir.aa[AVP] September 26, 2003 September 26, 2003
Backdoor.Zombam.B
Backdoor.Zombam.i[AVP] September 26, 2003 September 26, 2003
Backdoor.Semes September 25, 2003 September 26, 2003
|
|
|
 |
|
No Comments Allowed for Anonymous, please register |
|
| |
|
Login |
|
 |
|
|
|
|
· New User? · Click here to create a registered account.
|
|
|
Article Rating |
|
|
|
|
|
|
Average Score: 0
Votes: 0
|
|
|
