Bugtraq: [ GLSA 200509-17 ] Webmin, Usermin: Remote code execution through PAM authentication
Bugtraq: [ GLSA 200509-17 ] Webmin, Usermin: Remote code execution through PAM authentication
SecurityFocus - Background Webmin and Usermin are web-based system administration consoles. Webmin allows an administrator to easily configure servers and other features. Usermin allows users to configure their own accounts, execute commands, and read e-mails.
Technorati tags:
bugtraq
Oracle patches fail to cover security risk
Oracle patches fail to cover security risk
ARNnet - Oct 24 3:28 PM
Oracle's most recent set of critical security patches has left some serious problems unfixed, according to a security researcher.Save to My Web
Oracle patches fail to cover security risk
TechWorld - Oct 24 9:42 AM
18 of 88 bugs still exploitable.Save to My Web
Check List for Linux Security
WebProNews - Oct 26 8:28 AM
Linux is an amazing operating system considering how it was originally created. It was a modest program written for one person as a hobby - Linus Torvald of Finland. It has grown into a full-fledge 32-bit operating system. It is solid, stable and provides support for an incredible number of applications. It has very powerful capabilities and runs very fast and rarely crashes.Save to My Web
Technorati tags:
bugtraq
Admins grapple with latest Oracle patch puzzle
Admins grapple with latest Oracle patch puzzle
SearchOracle.com -
Technorati tags:
bugtraq
Bugtraq: [EEYEB20050915] - MDT2DD.DLL COM Object Uninitialized Heap Memory Vulnerability
Bugtraq: [EEYEB20050915] - MDT2DD.DLL COM Object Uninitialized Heap Memory Vulnerability
SecurityFocus - An attacker could design a web page or HTML document that exploits the vulnerability in order to execute arbitrary code on the system of a user who views it.
Technorati tags:
bugtraq
Bugtraq: Re: Antivirus detection bypass by special crafted archive
Bugtraq: Re: Antivirus detection bypass by special crafted archive
SecurityFocus - Antivirus detection bypass by special crafted archive.
Technorati tags:
bugtraq
Vuln: cPanel Chat Message Field HTML Injection Vulnerability cPanel Chat
Vuln: cPanel Chat Message Field HTML Injection Vulnerability
cPanel Chat Message Field HTML Injection Vulnerability
Technorati tags:
bugtraq
Bugtraq: Zoomblog IMG BBCode Tag JavaScript Injection Vulnerability
Bugtraq: Zoomblog IMG BBCode Tag JavaScript Injection Vulnerability
SecurityFocus - Zoomblog is prone to javascript injection attacks. Zoomblog does not adequately filter tags from various fields. It is possible for a malicious Zoomblog user to inject hostile javascript code into the commentary via form fields. :
Technorati tags:
bugtraq
Vuln: MidiCart ASP Search_List.ASP Searchstring Parameter SQL Injection Vulnerability MidiCart
Vuln: MidiCart ASP Search_List.ASP Searchstring Parameter SQL Injection Vulnerability
MidiCart ASP Search_List.ASP Searchstring Parameter SQL Injection Vulnerability
Technorati tags:
bugtraq
Vuln: Snort Back Orifice Preprocessor Remote Stack Buffer Overflow Vulnerability
Vuln: Snort Back Orifice Preprocessor Remote Stack Buffer Overflow Vulnerability
Snort Back Orifice Preprocessor Remote Stack Buffer Overflow Vulnerability
Technorati tags:
bugtraq
Security tester confirms critical QuickTime flaws
Security tester confirms critical QuickTime flaws
VNUNet.com, Netherlands -
Technorati tags:
bugtraq
MX Logic CTO Scott Chasin to Speak at CSI 32nd Annual Conference and Exhibition
MX Logic CTO Scott Chasin to Speak at CSI 32nd Annual Conference and Exhibition
[Press Release] Business Wire via Yahoo! Finance - Nov 14 4:00 AM
DENVER----Nov. 14, 2005--MX Logic Inc., a leading provider of innovative email defense solutions that ensure email protection and security for businesses, service providers, government organizations, resellers and their customers, today announced that its Chief Technology Officer Scott Chasin will present at the CSI 32nd Annual Computer Security Conference and Exhibition, scheduled for Nov. Save to My Web
Technorati tags:
bugtraq
UK team publishes PoC code for IE flaw
UK team publishes PoC code for IE flaw
Sydney Morning Herald - Nov 21 4:48 PM
British researchers have published proof-of-concept code for a vulnerability in Microsoft's Internet Explorer browser that can lead to a potential system compromise. -Save to My Web
Technorati tags:
bugtraq
Inside Symantec's security bunker
Inside Symantec's security bunker
ZDNet Australia - Nov 28 2:28 PM
In one of the rolling hills above Winchester, England, is a decommissioned nuclear bunker that houses Symantec's U.K. Security Operations Center.Save to My Web
Technorati tags:
bugtraq
Vuln: GuppY Multiple Local File Include and Information Disclosure Vulnerabilities
Vuln: GuppY Multiple Local File Include and Information Disclosure Vulnerabilities
GuppY Multiple Local File Include and Information Disclosure Vulnerabilities
Technorati tags:
bugtraq
Inside Symantec's security bunker
Inside Symantec's security bunker
ZDNet.com.au, Australia -
Technorati tags:
bugtraq
Inside Symantec's security bunker
Inside Symantec's security bunker
ZDNet Australia - Nov 28 2:28 PM
In one of the rolling hills above Winchester, England, is a decommissioned nuclear bunker that houses Symantec's U.K. Security Operations Center.Save to My Web
Technorati tags:
bugtraq
Inside Symantec's security bunker
Inside Symantec's security bunker
ZDNet.com.au, Australia -
Technorati tags:
bugtraq
More rss feeds from SecurityFocus News, Infocus, Columns, Vulnerabilities, Bugtraq
More rss feeds from SecurityFocus
News, Infocus, Columns, Vulnerabilities, Bugtraq ...
Technorati tags:
bugtraq
Inside Symantec's security bunker
Inside Symantec's security bunker
ZDNet.com.au, Australia -
Technorati tags:
bugtraq
Bugtraq: MDKSA-2005:216 - Updated fuse packages fix vulnerability
Bugtraq: MDKSA-2005:216 - Updated fuse packages fix vulnerability
SecurityFocus - This could potentially allow the attacker to set unauthorized mount options. This is only possible when fusermount is installed setuid root, which is the case in Mandriva Linux.
Technorati tags:
bugtraq
Bugtraq: APPLE-SA-2005-11-29 Security Update 2005-009 APPLE-SA-2005-11-29 Security Update 2005-009 Technorati
Bugtraq: APPLE-SA-2005-11-29 Security Update 2005-009
APPLE-SA-2005-11-29 Security Update 2005-009
Technorati tags:
bugtraq
Inside Symantec's security bunker
Inside Symantec's security bunker
ZDNet Australia - Nov 28 2:28 PM
In one of the rolling hills above Winchester, England, is a decommissioned nuclear bunker that houses Symantec's U.K. Security Operations Center.Save to My Web
Technorati tags:
bugtraq
Inside Symantec's security bunker
Inside Symantec's security bunker
ZDNet Australia - Nov 28 2:28 PM
In one of the rolling hills above Winchester, England, is a decommissioned nuclear bunker that houses Symantec's U.K. Security Operations Center.Save to My Web
Technorati tags:
bugtraq
Bugtraq: iDEFENSE Security Advisory 11.15.05: Multiple Vendor Insecure Call to CreateProcess() Vulnerability
Bugtraq: iDEFENSE Security Advisory 11.15.05: Multiple Vendor Insecure Call to CreateProcess() Vulnerability
SecurityFocus - Multiple Vendor Insecure Call to Vulnerability iDEFENSE Security Advisory 11.15.05 November 15, 2005 I. BACKGROUND The Microsoft Windows API includes the as a means to create a new process and it's primary thread.
Technorati tags:
bugtraq
Attackers targeting unpatched IE bug, Microsoft warns
Attackers targeting unpatched IE bug, Microsoft warns
Computerworld Australia, Australia -
Technorati tags:
bugtraq
Inside Symantec's security bunker
Inside Symantec's security bunker
ZDNet.com.au, Australia -
Technorati tags:
bugtraq
Inside Symantec's security bunker
Inside Symantec's security bunker
ZDNet.com.au, Australia -
Technorati tags:
bugtraq
Inside Symantec's security bunker
Inside Symantec's security bunker
ZDNet.com.au, Australia -
Technorati tags:
bugtraq
More rss feeds from SecurityFocus News, Infocus, Columns, Vulnerabilities, Bugtraq
More rss feeds from SecurityFocus
News, Infocus, Columns, Vulnerabilities, Bugtraq ...
Technorati tags:
bugtraq
Hackers target unpatched IE bug
Hackers target unpatched IE bug
itWorldCanada.com, Canada -
Technorati tags:
bugtraq
Inside Symantec's security bunker
Inside Symantec's security bunker
ZDNet.com.au, Australia -
Technorati tags:
bugtraq
Inside Symantec's security bunker
Inside Symantec's security bunker
ZDNet Australia - Nov 28 2:28 PM
In one of the rolling hills above Winchester, England, is a decommissioned nuclear bunker that houses Symantec's U.K. Security Operations Center.Save to My Web
Technorati tags:
bugtraq
Hackers target unpatched IE bug
Hackers target unpatched IE bug
itWorldCanada.com, Canada -
Technorati tags:
bugtraq
Bugtraq: APPLE-SA-2005-11-15 iTunes 6 for Windows
Bugtraq: APPLE-SA-2005-11-15 iTunes 6 for Windows
SecurityFocus - This may allow a malicious user on the local system to create an environment where an alternate program will be executed by iTunes.
Technorati tags:
bugtraq
Hackers target unpatched IE bug
Hackers target unpatched IE bug
itWorldCanada.com, Canada -
Technorati tags:
bugtraq
Bugtraq: QNX 4.25 suided dhcp.client binary QNX 4.25 suided dhcp.client
Bugtraq: QNX 4.25 suided dhcp.client binary
QNX 4.25 suided dhcp.client binary
Technorati tags:
bugtraq
Bugtraq: High Risk Flaw in RealPlayer
Bugtraq: High Risk Flaw in RealPlayer
SecurityFocus - RealPlayer.
Technorati tags:
bugtraq
Bugtraq: [security - exponentcms]
Bugtraq: [security - exponentcms]
SecurityFocus - by users it is in most cases possible to craft javascript injections which will be send to the given person. Status: open 2. SQL injections in the navigation module.
Technorati tags:
bugtraq
Hackers target unpatched IE bug
Hackers target unpatched IE bug
itWorldCanada.com, Canada -
Technorati tags:
bugtraq
Vuln: Alisveristr E-commerce Login Multiple SQL Injection Vulnerabilities Alisveristr E-commerce
Vuln: Alisveristr E-commerce Login Multiple SQL Injection Vulnerabilities
Alisveristr E-commerce Login Multiple SQL Injection Vulnerabilities
Technorati tags:
bugtraq
Vuln: PHP cURL and GD Multiple Safe_Mode and Open_Basedir Restriction
Vuln: PHP cURL and GD Multiple Safe_Mode and Open_Basedir Restriction Bypass Vulnerabilities
PHP cURL and GD Multiple Safe_Mode and Open_Basedir Restriction Bypass Vulnerabilities
Technorati tags:
bugtraq
Vuln: PHPYellowTM Multiple SQL Injection Vulnerabilities PHPYellowTM Multiple SQL Injection
Vuln: PHPYellowTM Multiple SQL Injection Vulnerabilities
PHPYellowTM Multiple SQL Injection Vulnerabilities
Technorati tags:
bugtraq
Vuln: MySQL User-Defined Function Buffer Overflow Vulnerability MySQL User-Defined Function
Vuln: MySQL User-Defined Function Buffer Overflow Vulnerability
MySQL User-Defined Function Buffer Overflow Vulnerability
Technorati tags:
bugtraq
Bugtraq: [security bulletin] HPSBUX01059 SSRT4704 Revised - HP-UX Running wu-ftpd
Bugtraq: [security bulletin] HPSBUX01059 SSRT4704 Revised - HP-UX Running wu-ftpd Local Unauthorized Access
[security bulletin] HPSBUX01059 SSRT4704 Revised - HP-UX Running wu-ftpd Local Unauthorized Access
Technorati tags:
bugtraq
Brief: Unpatched flaw in Cisco IOS
Brief: Unpatched flaw in Cisco IOS
SecurityFocus - Dec 05 3:12 AM
A recent advisory from Cisco details an unpatched flaw in its IOS HTTP server. The flaw could allow execution of malicious code against the device, or other cross-site scripting attacks depending on conditions.Save to My Web
Technorati tags:
bugtraq
Brief: Unpatched flaw in Cisco IOS
Brief: Unpatched flaw in Cisco IOS
SecurityFocus - Dec 05 3:12 AM
A recent advisory from Cisco details an unpatched flaw in its IOS HTTP server. The flaw could allow execution of malicious code against the device, or other cross-site scripting attacks depending on conditions.Save to My Web
Technorati tags:
bugtraq
Bugtraq: iDefense Security Advisory 12.05.05: Multiple Vendor xpdf JPX Stream
Bugtraq: iDefense Security Advisory 12.05.05: Multiple Vendor xpdf JPX Stream Reader Heap Overflow Vulnerability
iDefense Security Advisory 12.05.05: Multiple Vendor xpdf JPX Stream Reader Heap Overflow Vulnerability
Technorati tags:
bugtraq
More rss feeds from SecurityFocus News, Infocus, Columns, Vulnerabilities, Bugtraq
More rss feeds from SecurityFocus
News, Infocus, Columns, Vulnerabilities, Bugtraq ...
Technorati tags:
bugtraq
Brief: Unpatched flaw in Cisco IOS
Brief: Unpatched flaw in Cisco IOS
SecurityFocus - Dec 05 3:12 AM
A recent advisory from Cisco details an unpatched flaw in its IOS HTTP server. The flaw could allow execution of malicious code against the device, or other cross-site scripting attacks depending on conditions.Save to My Web
Technorati tags:
bugtraq
Brief: Unpatched flaw in Cisco IOS
Brief: Unpatched flaw in Cisco IOS
SecurityFocus - Dec 05 3:02 AM
A recent advisory from Cisco details an unpatched flaw in its IOS HTTP server. The flaw could allow execution of malicious code against the device, or other cross-site scripting attacks depending on conditions.Save to My Web
Technorati tags:
bugtraq
Bugtraq: Sunbelt set to acquire Kerio Personal Firewall
Bugtraq: Sunbelt set to acquire Kerio Personal Firewall
SecurityFocus - Kerio lives on -- Paul Laudanski, Microsoft MVP Windows-Security [de] http://de.castlecops.com [en] http://castlecops.com [wiki] http://wiki.castlecops. :
Technorati tags:
bugtraq
SOA Security
SOA Security
SYS-CON Media, NJ -
Technorati tags:
bugtraq
Vuln: XPDF JPX Stream Reader Remote Heap Buffer Overflow Vulnerability
Vuln: XPDF JPX Stream Reader Remote Heap Buffer Overflow Vulnerability
XPDF JPX Stream Reader Remote Heap Buffer Overflow Vulnerability
Technorati tags:
bugtraq
Bugtraq: Secunia Research: Opera Command Line URL Shell Command Injection
Bugtraq: Secunia Research: Opera Command Line URL Shell Command Injection
SecurityFocus - Prior versions may also be affected.
Technorati tags:
bugtraq
Unpatched flaw in Cisco IOS
Unpatched flaw in Cisco IOS
addict3d.org -
Technorati tags:
bugtraq
Bugtraq: Re: - Cisco IOS HTTP Server code injection/execution vulnerability-
Bugtraq: Re: - Cisco IOS HTTP Server code injection/execution vulnerability-
SecurityFocus - Cisco IOS Web Server. An attacker can inject arbitrary code in some of the dynamically generated web pages. To succesfully exploit the vulnerability the attacker only needs to know the IP of the Cisco.
Technorati tags:
bugtraq
Vuln: Cisco IPSec Unspecified IKE Traffic Denial Of Service Vulnerabilities
Vuln: Cisco IPSec Unspecified IKE Traffic Denial Of Service Vulnerabilities
Cisco IPSec Unspecified IKE Traffic Denial Of Service Vulnerabilities
Technorati tags:
bugtraq
SecurityFocus - In certain configurations a remote attacker could perform
SecurityFocus - In certain configurations a remote attacker could perform an XSS attack if a victim can be forced to visit a malicious URL using certain web browsers.
Technorati tags:
bugtraq
Mea Culpa or Tu Culpa?
Mea Culpa or Tu Culpa?
About - News & Issues, NY -
Technorati tags:
bugtraq
Bugtraq: [security bulletin] SSRT051026 rev. 1 - HP-UX running WBEM
Bugtraq: [security bulletin] SSRT051026 rev. 1 - HP-UX running WBEM Services Denial of Service (DoS)
[security bulletin] SSRT051026 rev. 1 - HP-UX running WBEM Services Denial of Service (DoS)
Technorati tags:
bugtraq
Vuln: PHP Arena PAFileDB Extreme Edition SQL Injection Vulnerability PHP
Vuln: PHP Arena PAFileDB Extreme Edition SQL Injection Vulnerability
PHP Arena PAFileDB Extreme Edition SQL Injection Vulnerability
Technorati tags:
bugtraq
SecurityFocus - Topic: Updated PHP packages that fix multiple security
SecurityFocus - Topic: Updated PHP packages that fix multiple security issues are now available. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server. 2.
Technorati tags:
bugtraq
Bugtraq: Call for Paper - VI National Computer and Information
Bugtraq: Call for Paper - VI National Computer and Information Security Conference - COLOMBIA
Call for Paper - VI National Computer and Information Security Conference - COLOMBIA
Technorati tags:
bugtraq
Vuln: Hylafax Multiple Scripts Remote Command Execution Vulnerability
Vuln: Hylafax Multiple Scripts Remote Command Execution Vulnerability
Hylafax Multiple Scripts Remote Command Execution Vulnerability
Technorati tags:
bugtraq
Red Hat: CERT Linux/Unix vulnerability report misleadingZDNetIndia, India - 18
Red Hat: CERT Linux/Unix vulnerability report misleading
ZDNetIndia, India - 18 hours ago... "In my opinion, refined vulnerability information sources (CVE, Bugtraq, etc) are still a year or two away from being able to produce comparable statistics ...
Technorati tags:
bugtraq
Experts question Windows win in flaw tallyZDNet.com.au, Australia - 22
Experts question Windows win in flaw tally
ZDNet.com.au, Australia - 22 hours ago... "In my opinion, refined vulnerability information sources (CVE, Bugtraq, etc.) are still a year or two away from being able to produce comparable statistics ...
Technorati tags:
bugtraq
Vuln: Cisco CS-MARS Default Administrative Password Vulnerability Cisco
Vuln: Cisco CS-MARS Default Administrative Password Vulnerability
Cisco CS-MARS Default Administrative Password Vulnerability
Technorati tags:
bugtraq
Windows hit by more graphics bugsComputerWeekly.com, UK - Jan 10,
Windows hit by more graphics bugs
ComputerWeekly.com, UK - Jan 10, 2006... arbitrary... The latest flaws were posted on the Bugtraq security mailing list by a hacker going by the name of cocoruder . ...
Technorati tags:
bugtraq
New Vulnerabilities Found in WindowsEnterprise Windows I.T. -
New Vulnerabilities Found in Windows
Enterprise Windows I.T. - The original vulnerability was rated "extremely critical" by Secunia, but the new flaws are far less disconcerting, said the security firm's chief technology officer Thomas Kristensen. "The worst thing that could happen is if someone downloaded the
Technorati tags:
bugtraq
Survey: Open source developers jump on bugs, open
Survey: Open source developers jump on bugs, open to closed tech
NewsForge - Dec 21 7:09 AM
It comes as no surprise that open source software developers are fixing bugs faster and faster, but the majority of Linux developers' willingness to use proprietary products -- a la the Bitkeeper debacle -- may be more likely to raise eyebrows. Both findings -- that open source developers find and repair severe bugs in less than four hours on average and that 64 percent of OSS developers would Save to My Web
Technorati tags:
bugtraq
Bugtraq: MyBB Signature HTML Code Injection MyBB Signature
Bugtraq: MyBB Signature HTML Code Injection
MyBB Signature HTML Code Injection
Technorati tags:
bugtraq
Survey: Open source developers jump on bugs, open
Survey: Open source developers jump on bugs, open to closed tech
NewsForge - Dec 21 7:09 AM
It comes as no surprise that open source software developers are fixing bugs faster and faster, but the majority of Linux developers' willingness to use proprietary products -- a la the Bitkeeper debacle -- may be more likely to raise eyebrows. Both findings -- that open source developers find and repair severe bugs in less than four hours on average and that 64 percent of OSS developers would Save to My Web
Technorati tags:
bugtraq
Microsoft Downplays New WMF Bugs Personal Tech Pipeline
Microsoft Downplays New WMF Bugs
Personal Tech Pipeline - By Gregg Keizer Courtesy of TechWeb News Microsoft late Monday downplayed the risk of newly reported bugs in Windows' graphic rendering engine, and disputed the labeling of the threats as vulnerabilities. According to the Redmond, Wash.-based
Technorati tags:
bugtraq
Windows Still Plagued By WMF Flaw, Despite PatchesPlayfuls
Windows Still Plagued By WMF Flaw, Despite Patches
Playfuls - Just when it thought it was safe, and that the WMF vulnerability had been solved, Microsoft has been hit with yet another report regarding two new vulnerabilities affecting the same type of files. According to eWeek, security researchers
Technorati tags:
bugtraq
Bugtraq: [eVuln] Note-A-Day Weblog Sensitive Information Disclosure [eVuln]
Bugtraq: [eVuln] Note-A-Day Weblog Sensitive Information Disclosure
[eVuln] Note-A-Day Weblog Sensitive Information Disclosure
Technorati tags:
bugtraq
Oracle critiqued again over patching speed CNET - Jan 25
Oracle critiqued again over patching speed
CNET - Jan 25 11:22 PM
Bug hunter David Litchfield releases details on a flaw in Oracle products on a mailing list.Save to My Web
Technorati tags:
bugtraq
2006 phish tales: Flawed and fishy defensesSearch Enterprise
2006 phish tales: Flawed and fishy defenses
Search Enterprise Linux - Jan 25, 2006... It's the same as Bugtraq; in most cases, you report it to the vendor and hope they fix it and then release it. This book publicizes the vulnerabilities. ...
Technorati tags:
bugtraq
Vulnerability Disclosure Cuts Both Ways Enterprise IT Planet - Jan
Vulnerability Disclosure Cuts Both Ways
Enterprise IT Planet - Jan 27 9:43 AM
It seems straightforward: bug discovered, bug fixed, back to your regularly scheduled life. But like many aspects of computer security, things are rarely that simple.Save to My Web
Technorati tags:
bugtraq
More rss feeds from SecurityFocus News, Infocus, Columns,
More rss feeds from SecurityFocus
News, Infocus, Columns, Vulnerabilities, Bugtraq ...
Technorati tags:
bugtraq
Researcher Bares Oracle Zero-Day Flaw at Black Hat
Researcher Bares Oracle Zero-Day Flaw at Black Hat
PC Magazine via Yahoo! News - Jan 25 8:04 AM
Security researcher David Litchfield demands a fix for a "very, very critical" vulnerability in the Oracle PL/SQL Gateway.Save to My Web
Technorati tags:
bugtraq
Oracle fires back at security researcher InfoWorld - Jan 27
Oracle fires back at security researcher
InfoWorld - Jan 27 11:03 AM
( InfoWorld ) - Oracle Corp. and a security researcher are trading heated barbs over a vulnerability in the company's software that has gone unpatched since it was discovered in October. Oracle is warning its customers not to use a workaround written by David Litchfield for a security vulnerability, saying the suggested workaround could break its software. Litchfield, managing director of Save to My Web
Technorati tags:
bugtraq
Vulnerability Disclosure Cuts Both Ways Enterprise IT Planet - Jan
Vulnerability Disclosure Cuts Both Ways
Enterprise IT Planet - Jan 27 9:42 AM
It seems straightforward: bug discovered, bug fixed, back to your regularly scheduled life. But like many aspects of computer security, things are rarely that simple.Save to My Web
Technorati tags:
bugtraq
Vuln: Linux Kernel Coda_Pioctl Local Buffer Overflow Vulnerability
Vuln: Linux Kernel Coda_Pioctl Local Buffer Overflow Vulnerability
Linux Kernel Coda_Pioctl Local Buffer Overflow Vulnerability
Technorati tags:
bugtraq
Oracle and security researcher in patch dispute Computer
Oracle and security researcher in patch dispute
Computer Weekly - Jan 31 2:53 AM
Oracle and a UK security researcher are engaged in a public war of words after the researcher issued an unofficial patch against an Oracle application server flaw.Save to My Web
Technorati tags:
bugtraq
DSA 964-1: Gnocatan buffer overflowZone-H - Security database
DSA 964-1: Gnocatan buffer overflow
Zone-H - Security database references: In the Debian bugtracking system: Bug 350237. In the Bugtraq database (at SecurityFocus): BugTraq ID 16429. In Mitre's CVE dictionary: CVE-2006-0467. More information: A problem has been discovered in gnocatan, the
Technorati tags:
bugtraq
Vulnerability Disclosure Cuts Both WaysIT Management, CT - Feb 2,
Vulnerability Disclosure Cuts Both Ways
IT Management, CT - Feb 2, 2006... Controlled or moderated disclosure is the method presently being employed by the SecurityFocus BugTraq lists. The BugTraq lists ...
Technorati tags:
bugtraq
Oracle denies researcher's security claims IT Observer - Feb 06
Oracle denies researcher's security claims
IT Observer - Feb 06 10:21 AM
Oracle and a security researcher have fallen out over a vulnerability in the company's software that has gone unpatched since it was discovered in October.Save to My Web
Technorati tags:
bugtraq
Vuln: OpenSSH SCP Shell Command Execution Vulnerability OpenSSH
Vuln: OpenSSH SCP Shell Command Execution Vulnerability
OpenSSH SCP Shell Command Execution Vulnerability
Technorati tags:
bugtraq
DSA 965-1: Ipsec-tools Null dereference Zone-H - Security
DSA 965-1: Ipsec-tools Null dereference
Zone-H - Security database references: In the Debian bugtracking system: Bug 340584. In the Bugtraq database (at SecurityFocus): BugTraq ID 15523. In Mitre's CVE dictionary: CVE-2005-3732. More information: The Internet Key Exchange version 1 (IKEv1
Technorati tags:
bugtraq
WMF flaw was sold for $4,000SecurityFocus, CA - Feb 3,
WMF flaw was sold for $4,000
SecurityFocus, CA - Feb 3, 2006... A BugTraq posting in late December was first to show a website actively implementing the WMF flaw, and the flurry of activity that followed sent the security ...
Technorati tags:
bugtraq
More rss feeds from SecurityFocus News, Infocus, Columns,
More rss feeds from SecurityFocus
News, Infocus, Columns, Vulnerabilities, Bugtraq ...
Technorati tags:
bugtraq
Bugtraq: imageVue16.1 upload vulnerability imageVue16.1 upload vulnerability Technorati
Bugtraq: imageVue16.1 upload vulnerability
imageVue16.1 upload vulnerability
Technorati tags:
bugtraq
Oracle denies researcher's security claims IT Observer - Feb 06
Oracle denies researcher's security claims
IT Observer - Feb 06 10:21 AM
Oracle and a security researcher have fallen out over a vulnerability in the company's software that has gone unpatched since it was discovered in October.Save to My Web
Technorati tags:
bugtraq
DSA 963-1: Mydns missing input sanitisingZone-H - Security
DSA 963-1: Mydns missing input sanitising
Zone-H - Security database references: In the Debian bugtracking system: Bug 348826. In the Bugtraq database (at SecurityFocus): BugTraq ID 16431. In Mitre's CVE dictionary: CVE-2006-0351. More information: NISCC reported that MyDNS, a DNS server using an SQL
Technorati tags:
bugtraq
Claim of spyware on Beastie Boys CD denied
Claim of spyware on Beastie Boys CD denied
New Scientist - Feb 08 1:28 PM
Suspicions that the new CD automatically installs sinister software is denied by the music company that released it Save to My Web
Technorati tags:
bugtraq
Claim of spyware on Beastie Boys CD denied
Claim of spyware on Beastie Boys CD denied
New Scientist - Feb 08 1:28 PM
Suspicions that the new CD automatically installs sinister software is denied by the music company that released it Save to My Web
Technorati tags:
bugtraq
WinInfo Short Takes: Week of February 20SQL Server
WinInfo Short Takes: Week of February 20
SQL Server Magazine (subscription), CO - Feb 17, 2006... controlled. The exploit is "minutes or days from being completed," a security researcher wrote on the Bugtraq mailing list. "The ...
Technorati tags:
bugtraq
Windows Media Player Worm Set To Strike TechWeb
Windows Media Player Worm Set To Strike
TechWeb via Yahoo! News - Feb 16 10:13 AM
An exploit against the Windows Media Player vulnerability disclosed by Microsoft two days ago may be only hours away from hitting unpatched users, a security company said Thursday.Save to My Web
Technorati tags:
bugtraq
WinInfo Short Takes: Week of February 20SQL Server
WinInfo Short Takes: Week of February 20
SQL Server Magazine (subscription), CO - Feb 17, 2006... controlled. The exploit is "minutes or days from being completed," a security researcher wrote on the Bugtraq mailing list. "The ...
Technorati tags:
bugtraq
Vuln: Todd Miller Sudo Local Race Condition Vulnerability
Vuln: Todd Miller Sudo Local Race Condition Vulnerability
Todd Miller Sudo Local Race Condition Vulnerability
Technorati tags:
bugtraq
Vuln: PerlBlog Multiple Input Validation and Information Disclosure
Vuln: PerlBlog Multiple Input Validation and Information Disclosure Vulnerabilities
PerlBlog Multiple Input Validation and Information Disclosure Vulnerabilities
Technorati tags:
bugtraq
DSA 973-1: Otrs Several vulnerabilitiesZone-H - Security database
DSA 973-1: Otrs Several vulnerabilities
Zone-H - Security database references: In the Debian bugtracking system: Bug 340352. In the Bugtraq database (at SecurityFocus): BugTraq ID 15537. In Mitre's CVE dictionary: CVE-2005-3893, CVE-2005-3894, CVE-2005-3895. More information: Several
Technorati tags:
bugtraq
Cyber Criminals Launching Higher Numbers of Sophisticated AttacksComputerworld
Cyber Criminals Launching Higher Numbers of Sophisticated Attacks
Computerworld Australia, Australia - Mar 6, 2006... 4,000 vendors. In addition to the vulnerability database, Symantec operates BugTraq(tm); and, the Symantec Probe Network. These ...
Technorati tags:
bugtraq
DSA 985-1: Libtasn1-2 Buffer OverflowsZone-H - Security database
DSA 985-1: Libtasn1-2 Buffer Overflows
Zone-H - Security database references: In the Bugtraq database (at SecurityFocus): BugTraq ID 16568. In Mitre's CVE dictionary: CVE-2006-0645. More information: Evgeny Legerov discovered several out-of-bounds memory accesses in the DER decoding component of
Technorati tags:
bugtraq
Cyber Criminals Launching Higher Numbers of Sophisticated AttacksComputerworld
Cyber Criminals Launching Higher Numbers of Sophisticated Attacks
Computerworld Australia - Symantec Internet Security Threat Report - the industry's "State of the Internet" analysis, confirms shift from hacking for fame to hacking for fortune Online security threats are moving away from widespread, chaotic nuisances to smaller, more
Technorati tags:
bugtraq
DSA 997-1: Bomberclone Buffer overflowsZone-H - Security database
DSA 997-1: Bomberclone Buffer overflows
Zone-H - Security database references: In the Bugtraq database (at SecurityFocus): BugTraq ID 16697. In Mitre's CVE dictionary: CVE-2006-0460. More information: Stefan Cornelius of Gentoo Security discovered that bomberclone, a free Bomberman-like game
Technorati tags:
bugtraq
Symantec Internet Security Threat Report Tracks Notable Rise
Symantec Internet Security Threat Report Tracks Notable Rise in
Market Wire - CUPERTINO, CA -- (MARKET WIRE) -- 03/07/2006 -- Symantec Corp. (NASDAQ: SYMC ) today released its ninth volume of the Internet Security Threat Report, one of the most comprehensive sources of Internet threat data in the world. The semiannual report
Technorati tags:
bugtraq
New zero-day bug crashes IECMPnetAsia, Singapore - Mar 19, 2006...
New zero-day bug crashes IE
CMPnetAsia, Singapore - Mar 19, 2006... According to the researcher who posted the initial description to the Bugtraq security mailing list, attackers can easily crash IE by flooding its buffer. ...
Technorati tags:
bugtraq
The value of vulnerabilitiesThe Register - There is
The value of vulnerabilities
The Register - There is value in finding vulnerabilities. Yet many people believe that a vulnerability doesn't exist until it is disclosed to the public. We know that vulnerabilities need to be disclosed, but what role do vendors have to make these issues public
Technorati tags:
bugtraq
Microsoft investigates two IE flawsSearchWin2000.com, MA - 1 hour ago...
Microsoft investigates two IE flaws
SearchWin2000.com, MA - 1 hour ago... exploitation. Meanwhile, the second flaw was discovered by researcher Michal Zalewski, who posted an analysis on the BugTraq forum. ...
Technorati tags:
bugtraq
Microsoft investigates two IE flawsSearchWin2000.com, MA - 4 hours ago...
Microsoft investigates two IE flaws
SearchWin2000.com, MA - 4 hours ago... exploitation. Meanwhile, the second flaw was discovered by researcher Michal Zalewski, who posted an analysis on the BugTraq forum. ...
Technorati tags:
bugtraq
New Zero-Day Bug Crashes IE TechWeb via Yahoo!
New Zero-Day Bug Crashes IE
TechWeb via Yahoo! News - Mar 17 11:51 AM
Security firms are warning about another zero-day bug. Apparently, Microsoft's Internet Explorer browser crashes when attacked through a new unpatched vulnerability.Save to My Web
Technorati tags:
bugtraq
New Zero-Day Bug Crashes Internet Explorer Network Computing - Mar
New Zero-Day Bug Crashes Internet Explorer
Network Computing - Mar 20 1:18 PM
Because the vulnerability can be exploited by a single malicious HTML tag, IE could be brought to its knees if its user simply surfs to a nasty Web site.Save to My Web
Technorati tags:
bugtraq
Symantec Internet Security Threat Report Tracks Notable Rise in Cybercrime Activity
Symantec Internet Security Threat Report Tracks Notable Rise in Cybercrime Activity
Symantec Corp. (NASDAQ: SYMC) today releasedits ninth volume of the Internet Security Threat Report, one of the mostcomprehensive sources of Internet threat data in the world. The semiannualreport, covering the six-month period from July 1, 2005 to Dec. 31, 2005,marks an increase in threats designed to facilitate cybercrime.
Technorati tags:
bugtraq
Vuln: O2PHP Oxygen Post.PHP SQL Injection Vulnerability
Vuln: O2PHP Oxygen Post.PHP SQL Injection Vulnerability
O2PHP Oxygen Post.PHP SQL Injection Vulnerability
Technorati tags:
bugtraq
New Zero-Day Bug Crashes Internet Explorer
New Zero-Day Bug Crashes Internet Explorer
Information Week - The zero-day bug occurs within the "mshtml" library when a malformed HTML tag with an abnormally large number of script handlers is fed to the browser. According to the researcher who posted the initial description to the Bugtraq security mailing
Technorati tags:
bugtraq
Symantec Internet Security Threat Report Tracks Notable Rise in Cybercrime Activity
Symantec Internet Security Threat Report Tracks Notable Rise in Cybercrime Activity
Symantec Corp. (NASDAQ: SYMC) today released its ninth volume of the Internet Security Threat Report, one of the most comprehensive sources of Internet threat data in the world. The semiannual report, covering the six-month period from July 1, 2005 to Dec.
Technorati tags:
bugtraq
Symantec Internet Security Threat Report Tracks Notable Rise in Cybercrime Activity
Symantec Internet Security Threat Report Tracks Notable Rise in Cybercrime Activity
Symantec Corp. today released its ninth volume of the Internet Security Threat Report, one of the most comprehensive sources of Internet threat data in the world. The semiannual report, covering the six-month period from July 1, 2005 to Dec. 31, 2005, marks an increase in threats designed to facilitate cybercrime.
Technorati tags:
bugtraq
Solaris x86 experience predicts security disaster for Mactel
Solaris x86 experience predicts security disaster for Mactel
ZDNet - 10 hours agoReference: BUGTRAQ:20000427 Re: Solaris/SPARC 2.7 lpset exploit (well not likely !). Dik> there's a lot of confusion in this one. ...
Technorati tags:
bugtraq
Bugtraq: Exploiting out of memory crashes and null pointers [was: Re: function *() php/apache Crash PHP 4.4.2 and 5.1.2]
Bugtraq: Exploiting out of memory crashes and null pointers [was: Re: function *() php/apache Crash PHP 4.4.2 and 5.1.2]
Exploiting out of memory crashes and null pointers [was: Re: function *() php/apache Crash PHP 4.4.2 and 5.1.2]
>> Advertisement <<
ALERT: Hackerproof your Web Apps with WebInspect
Hackers exploiting Web applications gain entry to backend data via Port 80 and 443! Firewalls and IDS don't stop these attacks because hackers using the Web App Layer are NOT seen as intruders. Run a FREE Test of your Web Apps via our 15 Day WebInspect Product Trial that delivers a comprehensive vulnerability report.
https://download.spidynamics.com/1/ad/fwi.asp?Campaign_ID=70130000000CAh0
Technorati tags:
bugtraq
Security analysis
Security analysis
ZDNet Blogs - The way to counter religious arguments in IT is with the almighty dollar. This was how Microsoft created a beach head in the data center. I remember hearing Reliability? Heck we can just buy two NT servers and swap one out if it fails
Technorati tags:
bugtraq
Vuln: IP3 Networks IP3 NetAccess Appliance SQL Injection Vulnerability
Vuln: IP3 Networks IP3 NetAccess Appliance SQL Injection Vulnerability
IP3 Networks IP3 NetAccess Appliance SQL Injection Vulnerability
>> Advertisement <<
ALERT: Hackerproof your Web Apps with WebInspect
Hackers exploiting Web applications gain entry to backend data via Port 80 and 443! Firewalls and IDS don't stop these attacks because hackers using the Web App Layer are NOT seen as intruders. Run a FREE Test of your Web Apps via our 15 Day WebInspect Product Trial that delivers a comprehensive vulnerability report.
https://download.spidynamics.com/1/ad/fwi.asp?Campaign_ID=70130000000CAh0
Technorati tags:
bugtraq
Oracle Bug Exploit Loose
Oracle Bug Exploit Loose
According to an alert sent by Symantec to customers of its DeepSight system, an exploit for one of the Oracle flaws was published on the Bugtraq security mailing list . The exploit, which targets one of the Oracle Database 10g bugs, escalates privileges of existing users to give them total access to the database.
Technorati tags:
bugtraq
Researcher: Oracle Needs To Patch 44 More Bugs
Researcher: Oracle Needs To Patch 44 More Bugs
A German security researcher says that Oracle products, particularly its flagship database, are vulnerable to 44 bugs.
Technorati tags:
bugtraq
Bugtraq: ERRATA: [ GLSA 200605-07 ] Nagios: Buffer overflow
Bugtraq: ERRATA: [ GLSA 200605-07 ] Nagios: Buffer overflow
ERRATA: [ GLSA 200605-07 ] Nagios: Buffer overflow
Technorati tags:
bugtraq
Debian Security Advisory - awstats (DSA 1058-1)
Debian Security Advisory - awstats (DSA 1058-1)
Help Net Security, Croatia - May 18, 2006... Package : awstats Vulnerability : missing input sanitising Problem type : remote Debian-specific: no CVE ID : CVE-2006-2237 BugTraq ID : 17844 Debian Bugs ...
Technorati tags:
bugtraq
Bugtraq: Re: New Snort Bypass - Patch - Bypass of Patch
Bugtraq: Re: New Snort Bypass - Patch - Bypass of Patch
Re: New Snort Bypass - Patch - Bypass of Patch
Technorati tags:
bugtraq
Vuln: FreeType LWFN Files Buffer Overflow Vulnerability
Vuln: FreeType LWFN Files Buffer Overflow Vulnerability
FreeType LWFN Files Buffer Overflow Vulnerability
Technorati tags:
bugtraq
Vista plays hide-and-seek with hackers
Vista plays hide-and-seek with hackers
CNET News - Windows Vista Beta 2, released last week , includes a new security feature designed to protect against buffer overrun exploits. Called Address Space Layout Randomization (ASLR), the feature loads key system files in different memory locations each
Technorati tags:
bugtraq
Vuln: PHPNuke Module's Name Multiple SQL Injection Vulnerabilities
Vuln: PHPNuke Module's Name Multiple SQL Injection Vulnerabilities
PHPNuke Module's Name Multiple SQL Injection Vulnerabilities
Technorati tags:
bugtraq
Vista plays hide-and-seek with hackers
Vista plays hide-and-seek with hackers
ZDNet - Remote exploitation of overflows has just got a lot harder," David Litchfield, a researcher at Next Generation Security Software, wrote in an e-mail to the BugTraq mailing list. But there is also skepticism. Somebody using the alias "c0ntex" wrote
Technorati tags:
bugtraq
New Windows Bugs "Critical," Lack Patches
New Windows Bugs "Critical," Lack Patches
TechWeb - The vulnerabilities, first reported by a Chinese group and then posted to the Bugtraq mailing list, are in Windows' LoadImage API function, its animated cursor files, and in the way it handles help files. All of the bugs are as yet unpatched. All
Technorati tags:
bugtraq
Debian Security Advisory - sitebar (DSA 1130-1)
Debian Security Advisory - sitebar (DSA 1130-1)
Help Net Security, Croatia - Aug 2, 2006... Package : sitebar Vulnerability : missing input validation Problem type : remote Debian-specific: no CVE ID : CVE-2006-3320 BugTraq ID : 18680 Debian Bug ...
Technorati tags:
bugtraq
Debian Security Advisory - clamav (DSA 1153-1)
Debian Security Advisory - clamav (DSA 1153-1)
Help Net Security, Croatia - Aug 18, 2006... Package : clamav Vulnerability : buffer overflow Problem type : remote Debian-specific: no CVE ID : CVE-2006-4018 BugTraq ID : 19381 Damian Put discovered a ...
Technorati tags:
bugtraq
Web Apps Come Under Attack In Perverse Coming Of Age
Web Apps Come Under Attack In Perverse Coming Of Age
With the launch last week of Google's hosted application suite and availability of Microsoft Office Live, online application delivery appears ready to challenge the desktop computing model. As Web applications become more mainstream, the inevitable question arises: Are they vulnerable?
Technorati tags:
bugtraq
Vuln: OpenSSL PKCS Padding RSA Signature Forgery Vulnerability
Vuln: OpenSSL PKCS Padding RSA Signature Forgery Vulnerability
OpenSSL PKCS Padding RSA Signature Forgery Vulnerability
Technorati tags:
bugtraq
More rss feeds from SecurityFocus
More rss feeds from SecurityFocus
News, Infocus, Columns, Vulnerabilities, Bugtraq ...
Technorati tags:
bugtraq
Web Apps Come Under Attack In Perverse Coming Of Age
Web Apps Come Under Attack In Perverse Coming Of Age
The growth in hosted software, plus attacks on AT&T's site and others, has IT managers worried about the vulnerability of Web applications.
Technorati tags:
bugtraq
What you should know now about the latest IE bug
What you should know now about the latest IE bug
PC World Canada, Canada - Sep 21, 2006... probable Russian origin. SecurityFocus assigns it a Bugtraq ID of 20096. Which programs and versions are affected? Internet Security ...
Technorati tags:
bugtraq
Cenzic Intelligent Analysis Lab Identifies Potentially Threatening Application Vulnerabilities in Blog Technology
Cenzic Intelligent Analysis Lab Identifies Potentially Threatening Application Vulnerabilities in Blog Technology
Cenzic, Inc., a leading provider of automated application security assessment and compliance solutions, today announced that researchers in the company's CIA Lab have discovered a vulnerability in Roller, the open source blog server that drives thousands of internal employee blogs at Sun, IBM and other blogs worldwide.
Technorati tags:
bugtraq
Bugtraq: Multiple XSS Vulnerabilities in Zend Google Data Client Library Preview 0.2.0
Bugtraq: Multiple XSS Vulnerabilities in Zend Google Data Client Library Preview 0.2.0
Multiple XSS Vulnerabilities in Zend Google Data Client Library Preview 0.2.0
Technorati tags:
bugtraq
OpenPKG Security Advisory - libwmf (OpenPKG-SA-2006.031)
OpenPKG Security Advisory - libwmf (OpenPKG-SA-2006.031)
Help Net Security, Croatia - Nov 5, 2006... 0.2.8.4-2.20061018 >= libwmf-0.2.8.4-2.20061104 CURRENT <= libwmf-0.2.8.4-20061016 >= libwmf-0.2.8.4-20061104 Description: According to a BUGTRAQ posting [0 ...
Technorati tags:
bugtraq