Zorp is a new-generation modular proxy firewall suite to finetune proxy decisions with its built in script language, fully analyze complex protocols (like SSH with several forwarded TCP connections), and utilize outband authentication techniques (unlike common practices where proxy authentication had to be hacked into the protocol).
5b25a4f0d246f91f91816744cda2ba576cd0c6fd135aa7d0195c1fd74bba27d3
New bugs were discovered in Netscape's implementation of Java has been found which allows a remote site to read any file on the client machine and to set up a Java server which anyone can connect to. Brown Orifice HTTPD starts a Java server which allows others to read files on your machine. Demonstration available here.
831fa6c34ab874498d63a79e305ac506b48fd570f2b5cee4f27851cbe3f12543
Amanda is a Windows remote control trojan which features Hide / Show Desktop icons, Start Button, Clock, Task Bar, Open / Close Cd-Rom, Turn On / Off Screen, Take A Screen Shot, Disable / Enable CTRL + ALT + DEL, Restart, Shutdown, Crash & Destroy System, Gen Blue Screens, Make The Mouse Go Nuts, Upload / Run Files, KeyLogger, List / End All Running Apps, Get All Cached Passwords, Chat Client / Server, and much more. Archive password is set to p4ssw0rd. Use at your own risk.
49892044ee81874889a08b6b036b1e9960d138bed7fe98b6c1dba01a9a50732c
Allaire Security Bulletin (ASB00-22) - The Cerberus Security Team has released an advisory about a security issue in the O'Reilly Website Pro web server. The issue could allow a malicious user to execute arbitrary code. This is not a problem with ColdFusion Server itself, but it is an issue that can affect ColdFusion users. Allaire recommends that customers see O'Reilly's support options for further information about this issue.
2e4dba4b3e3601fabfdae51279f4c30ef7e87c6037ef6c8e010dc33bac2435b9
The Cerberus Security Team has released an advisory about a security issue in the O'Reilly Website Pro web server. The issue could allow a malicious user to execute arbitrary code. This is not a problem with ColdFusion Server itself, but it is an issue that can affect ColdFusion users. Allaire recommends that customers see O'Reilly's support options for further information about this issue.
30697db1811fa4cbf55ba5b89a7168185e239ed8e5c867a77d2f19ea38b70850
Allaire Security Bulletin (ASB00-20) - Microsoft has released a patch for two security vulnerabilities in Microsoft Internet Information Server. In sum, the vulnerabilities could allow a malicious user to stop the web server from providing useful service, or to extract certain types of information from it. This is not a problem with ColdFusion Server itself, but it is an issue that can affect ColdFusion users. Allaire recommends that customers follow the instructions posted on the Microsoft Web site to address this issue.
c452c9f99992333457e1fa65b182fed52baf14b3311afbe5bb5d098e78289dbc
Xitami Webserver v2.4d3 and below are vulnerable to a remote dos attack. Sending malformed data to port 81 will cause the server to stop responding. Tested agasinst Xitami on Win95/98/NT4.0.
653b5e0f1e56431fd83d62fd7b7a396d717022dbc75540f5d88d7313aac195e5
SuSE Security Advisory - Several security issues affecting SuSE machines are noted in this advisory including jpeg buffer overflows in netscape, rpc.kstatd (other vendors named it rpc.statd), user 'nobody's HOME directory set to / and misconfigured webservers, problems around pam_console, gpm DoS, setgid() return value, modes of openldap package files, and the mailman problem. SuSE security site here.
719f4656db59a2596fff860acfda1238b2e51e9f455e962fc306ebf63368ff81
Red Hat Security Advisory - New mailman packages are available which close security holes present in earlier versions of mailman. All sites using the mailman mailing list management software should upgrade.
304e894646d0eadfba6ab8e2607b8518c2116feaeb3d91ab482acfbb50577202