Re: Secunia is Missing Recent Microsoft Vulnerabilities

["Carsten H. Eiram" <che () secunia com>]

These three advisories were all sent out within two hours of being
published at Microsoft's website (many therefore received them faster
from our service than Microsoft's own mailing list):

http://www.secunia.com/advisories/9287/
http://www.secunia.com/advisories/8812/
http://www.secunia.com/advisories/8788/

However, since Secunia already had alerted about two of the
vulnerabilities previously, these two were not sent out on our mailing
list but only to customers as updated advisories.

Secunia Security Advisories mailing list:
http://www.secunia.com/secunia_security_advisories/

Free 30 day trial on our Vulnerability Tracking Service:
http://www.secunia.com/free_trial/

For more information about our paid services, please see our website
(http://www.secunia.com) or contact sales () secunia com.

-- 

Best Regards


Carsten H. Eiram
IT Security Specialist

Secunia ApS
Toldbodgade 37B
1253 København K
Denmark

Tlf. +45 7020 5144
Fax: +45 7020 5145


On Fri, 2003-07-18 at 12:02, Curious ByStander wrote:
> On July 16th Microsoft issued three security bulletins:
>
> MS03-028: Flaw in ISA Server Error Pages Could Allow Cross-Site Scripting 
> Attack
> MS03-027: Unchecked Buffer in Windows Shell Could Enable System Compromise
> MS03-026: Buffer Overrun In RPC Interface Could Allow Code Execution
>
> On looking at Secunia's website at their historic advisories I see they have 
> not published these vulnerabilities and its been 2 days!!!  Our company was 
> evaluating their paid-for service, but obvious they dont subscribe to the MS 
> Security Maililing list - duh!
>
> 2003-07-18
> - IBM U2 UniVerse "uvadmsh" Privilege Escalation Vulnerability
> - IBM U2 UniVerse "cci_dir" Privilege Escalation Vulnerability
>
>
> 2003-07-17
> - eStore Path Disclosure and SQL Injection Vulnerabilities
> - Citadel/UX Multiple Vulnerabilities
> - E-mail System Database Download and SQL Injection Vulnerabil...
> - SGI IRIX scheme Privilege Escalation Vulnerability
> - SGI IRIX Name Service Daemon Multiple Vulnerabilities
> - Debian update for php4
> - Conectiva update for phpgroupware
> - Cisco IOS IPv4 Packet Processing Denial of Service Vulnerabi...
> - Exceed Font Buffer Overflow Vulnerabilities
>
>
> 2003-07-16
> - Windows RPC DCOM Interface Buffer Overflow Vulnerability
> - Windows SMTP Service Invalid Timestamp Denial of Service
> - .netCART Database Download Vulnerability
> - Synthigence Forum/Chat Database Download Vulnerability
> - Asus ADSL Routers Information Disclosure Vulnerabilities
> - Netscape Client Detection Tool Buffer Overflow Vulnerability
> - NeoModus Direct Connect Multiple Request Denial of Service
> - Mandrake update for kernel
> - Message Foundry Multiple Vulnerabilities
> - Polycom MGC-25 Control Port Denial of Service Vulnerability
> - Internet Explorer AutoScan Method Cross-Site Scripting Vulne...
> - Microsoft JET Database Engine Buffer Overflow Vulnerability
> - CyberShop ASP Database Download Vulnerability
>
>
> In there defence they tell us they work 5 days a week, 8 hours a day, 
> European time - but 2 days late is not acceptable!!!
>
> _________________________________________________________________
> The new MSN 8: smart spam protection and 2 months FREE*  
> http://join.msn.com/?page=features/junkmail
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html