Updated Epiphany packages to match Mozilla security update
30 Jul
Posted by Exploitx as Exploits and Bugs
A security issue affects the following Ubuntu releases:
Ubuntu 4.10 (Warty Warthog)
The following packages are affected:
epiphany-browser
The problem can be corrected by upgrading the affected package to
version 1.4.4-0ubuntu2.1. After a standard system upgrade you need to
restart Epiphany to effect the necessary changes.
Details follow:
USN-155-1 fixed some security vulnerabilities of the Mozilla suite.
Unfortunately this update caused regressions in [...]
Security Notice: Anonymous Web Attacks via Dedicated Mobile Services
Security Risk: UNKNOWN
Publish Data: 2005 July 16
Security Researcher: Petko Petkov
Contact Information: ppetkov@gnucitizen.org
PGP Key: http://pdp.gnucitizen.org/ppetkov.asc
Synopsis
- ———
Various Mobile Services provide malicious users with an intermediate
point to anonymously browse Web Resources and execute attacks against
them.
Affected Applications
- ———————-
* Google’s WMLProxy
* IYHY
Background
- ————
WAP stands for Wireless Application Protocol, a communication [...]
Vulnerabilities
—————
1) admin/media/browse.php
The “dir” parameter is vulnerable to xss. Also the script blocks ../ but if a non-existant
directory is chosen the script tries to read it and the error gives path disclosure.
2) 25 accounts of path disclosure when a file is directly accessed. There is too many too list so
I will just leave them out.
3) In [...]
I just got another phishing scam (targeting eBay).
The twist is that the subject line included my eBay username,
and it was sent to my eBay e-mail address. The Phishers have
figured out how to get one from the other, I don’t know how.
I sent it on to eBay but just got a standard form letter
back.
Is this happening [...]
Author: Jose Antonio Coret (Joxean Koret)
Date: 2005
Location: Basque Country
—————————————————————————
Affected software description:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
GForge - 4.5 (Current)
GForge has tools to help your team collaborate, like message forums and
mailing lists; tools to create and control access to Source Code
Management
repositories like CVS and Subversion. GForge automatically creates a
repository
and controls access to it depending on the role settings of the project.
Web [...]
Debian Security Advisory DSA 769-1 security@debian.org
http://www.debian.org/security/ Martin [...]
