|
|
Colapse all |
Post message
Re: recursive DNS servers DDoS as a growing DDoS problem 2006-03-01 v9 fakehalo us While you're on the subject of the potentials of DOSing using DNS servers, I noticed several months ago some possible abuses myself, although I soon lost interest for some reason or another. I noticed that a portion of the worlds DNS servers for some reason or another send back large amounts of dup [ more ] [ reply ] 4images <=1.7.1 remote code execution 2006-03-01 rgod autistici org ----------------- 4images <=1.7.1 remote code execution ------------------------ software: site: http://www.4homepages.de/ ------------------------------------------------------------------------ -------- i) vulnerable code in index.php at line 35-54: ... if (isset($HTTP_GET_VARS['template']) || iss [ more ] [ reply ] Re: NETGEAR WGT624 ? Wireless DSL router default user name/password vulnerability 2006-03-01 abuse aol com Secunia Research: NetworkActiv Web Server Script Source DisclosureVulnerability 2006-03-01 Secunia Research (remove-vuln secunia com) Evil side of Firefox extensions 2006-03-01 azurIt (azurit pobox sk) (3 replies) Background ---------- Firefox is very popular and secure web browser. Until now, it is used by milions of people and thousands of internet clubs. One of the great features of Firefox are extensions. You can use them to create things inside your browser which are beyond your imagination. But everythi [ more ] [ reply ] Evolution Emailer DoS 2006-03-01 Alan Cox (alan ftp linux org uk) About 7 weeks ago an automated mailing list spewed a large but valid email containing a lot of URLS and other formatting. When this email is fed into evolution the behaviour it causes leads evolution to expand dramatically in size and eat vast amounts of CPU time. If you've got a lot of patience an [ more ] [ reply ] SAP Web Application Server http request url parsing vulnerability 2006-03-01 arnold grossmann gmail com Advisory Name: SAP Web Application Server http request url parsing vulnerability Release Date: 01/03/2006 Affected Applications: SAP WebAS Kernel up to version 7.00 Affected Platforms: Platform-Independant Local / Remote: Remote Severity: Medium to High Author: A. Grossmann arnold.grossmann ( [ more ] [ reply ] Secunia Research: Lighttpd Script Source Disclosure Vulnerability 2006-03-01 Secunia Research (remove-vuln secunia com) Re: Fedex Kinkos Smart Card Authentication Bypass 2006-03-01 Lance James (bugtraq securescience net) Eric B wrote: > Wait, so if I read this right, consumers with existing cards could > dupe their legit cards for fake ones and cash in the fake ones yet > still have credit on the legit card? > > So I'm assuming Fedex has no database/authentication system storing > these serials...brilliant. > Yup. [ more ] [ reply ] [eVuln] Leif M. Wright's Blog Multiple Vulnerabilities 2006-03-01 alex evuln com New eVuln Advisory: Leif M. Wright's Blog Multiple Vulnerabilities http://evuln.com/vulns/82/summary.html --------------------Summary---------------- eVuln ID: EV0082 CVE: CVE-2006-0843 CVE-2006-0844 CVE-2006-0845 CVE-2006 Software: Leif M. Wright's Blog Sowtware's Web Site: http://leifwright.com/s [ more ] [ reply ] Updated Noah Classifieds Component for Joomla!/Mambo 2006-03-01 noahsec1 davidmckinnisconsulting com Updated Noah Classifieds Component for Joomla!/Mambo fixes vulnerabilities Problem: Several vulnerabilities were recently discovered in Noah Classifieds 1.3 which also affect the Joomla!/Mambo component. Details on the vulnerabilities are available at http://www.kapda.ir/advisory-268.html The exp [ more ] [ reply ] FreeBSD Security Advisory FreeBSD-SA-06:09.openssh [REVISED] 2006-03-01 FreeBSD Security Advisories (security-advisories freebsd org) FreeBSD Security Advisory FreeBSD-SA-06:10.nfs 2006-03-01 FreeBSD Security Advisories (security-advisories freebsd org) Re: ArGoSoft FTP server remote heap overflow 2006-03-01 Steven M. Christey (coley mitre org) (1 replies) A buffer overflow in DELE was originally reported to Bugtraq by CorryL in March 2005, for ArGoSoft FTP 1.4.2.8 (CVE-2005-0696): http://www.securityfocus.com/archive/1/392653 According to CorryL's disclosure timeline, no patch had been released by the disclosure date. So, is this a rediscovery [ more ] [ reply ] Limbo CMS code execution 2006-02-28 Alexander Hristov (joffer gmail com) Official page : http://www.limbo-cms.com/ Vulnerable : Limbo 1.* Fix : No Bug : http://somehost/path-to-limbo/index.php?option=frontpage&Itemid=system(C ODE) example : index.php?option=frontpage&Itemid=system(uname) Google search string : inurl:"option=frontpage" -- Best Regards, Aleksander Hri [ more ] [ reply ] FreeBSD Security Advisory FreeBSD-SA-06:09.openssh 2006-03-01 FreeBSD Security Advisories (security-advisories freebsd org) recursive DNS servers DDoS as a growing DDoS problem 2006-02-28 Gadi Evron (ge linuxbox org) Hi guys. We discussed recursive DNS servers before (servers which allow to query anything - including what they are not authoritative for, through them). The attack currently in the wild is a lot bigger and more complicated than this, but to begin, here is an explanation (by metaphor) of that pa [ more ] [ reply ] bttlxeForum 2.* XSS Vulnerability 2006-02-26 stormhacker hotmail com --------------------Summary---------------- Software: bttlxeForum Sowtware's Web Site: http://www.bttlxe.com/ Versions: 2.* Type: Cross-Site Scripting Class: Remote Exploit: Available Solution: Not Available Discovered by: runvirus (worlddefacers.de securitycentra.com) -----------------Description- [ more ] [ reply ] |
|
Privacy Statement |
>compulsory feature (optional would be nice). If more people than just you
>have access to a machine at the end of the day there's no way to guarantee
>security. This is just another method of stealing information like a
>keylogg
[ more ] [ reply ]