|
|
Colapse all |
Post message
Problems with the Oracle Critical Patch Update for April 2005 2005-07-07 David Litchfield (davidl ngssoftware com) Hey all, Whilst analyzing Oracle's Critical Patch Update for April 2005 I noticed some failures in it, that meant certain issues the patch was supposed to fix were actually left unfixed. One set of vulnerabilities "fixed" by the April CPU is a group of SQL injection bugs in DBMS_SUBSCRIBE and DB [ more ] [ reply ] ICMP vulnerabilities 2005-07-07 Theo de Raadt (deraadt cvs openbsd org) Much more information on the ICMP vulnerabilities that allow you to blindly tear down TCP sessions. http://kerneltrap.org/node/5382 Please note these are not man-in-the-middle attacks. You can do them blind. Totally blind. You do not need to know any information. There are three attacks ou [ more ] [ reply ] Vulnerability in Whatpulse.Org profiles allows XSS and session hijacking 2005-07-06 rift13 charter net Whatpulse.org is a site that provides software to allower users to keep track of how many keystrokes they have entered and 'pulse' them to the website and view who has the most keys to date, etc. Whatpulse has a profile feature that lets a user describe a little bit about themself to otherusers. T [ more ] [ reply ] MDKSA-2005:112 - Updated zlib packages fix vulnerability 2005-07-07 Mandriva Security Team (security mandriva com) [USN-147-2] Fixed php4-pear packages for USN-147-1 2005-07-06 Martin Pitt (martin pitt canonical com) =========================================================== Ubuntu Security Notice USN-147-2 July 06, 2005 php4, php4-universe fixed packages https://bugzilla.ubuntu.com/show_bug.cgi?id=12426 =========================================================== A security issue affects the following Ub [ more ] [ reply ] [USN-148-1] zlib vulnerability 2005-07-06 Martin Pitt (martin pitt canonical com) =========================================================== Ubuntu Security Notice USN-148-1 July 06, 2005 zlib vulnerability CAN-2005-2096 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) Ubuntu 5 [ more ] [ reply ] [ GLSA 200507-04 ] RealPlayer: Heap overflow vulnerability 2005-07-06 Thierry Carrez (koon gentoo org) Re: /dev/random is probably not 2005-07-06 Michael Gnau (MGnau ctr pcusa org) remove >>> Alexey Toptygin <alexeyt (at) freeshell (dot) org [email concealed]> 7/6/2005 7:37:00 AM >>> On Tue, 5 Jul 2005, Jack Lloyd wrote: > Assuming the PRNG is any good, it shouldn't matter if an attacker can > manipulate such timings, because (by definition) a good PRNG will still > behave correctly even if an attacke [ more ] [ reply ] eRoom Multiple Security Issues 2005-07-06 c0ntexb gmail com /* ************************************************************************ ***************************************** $ An open security advisory #9 - eRoom v6.* Vulnerabilities ************************************************************************ ***************************************** [ more ] [ reply ] eRoom Multiple Security Issues 2005-07-06 c0ntexb gmail com /* ************************************************************************ ***************************************** $ An open security advisory #9 - eRoom v6.* Vulnerabilities ************************************************************************ ***************************************** [ more ] [ reply ] [ GLSA 200507-06 ] TikiWiki: Arbitrary command execution through XML-RPC 2005-07-06 Sune Kloppenborg Jeppesen (jaervosz gentoo org) [SECURITY] [DSA 739-1] New trac package fixes upload/download vulnerability 2005-07-06 joey infodrom org (Martin Schulze) Cross site scripting in Lotus Notes web mail 2005-07-06 shalom venera com When an HTML file attachment is opened in a lotus notes account via the web mail interface, the user sees that there is an attachment. Clicking the attachment does not prompt for saving or opening (like in Yahoo), but opens the malicious HTML immediately, allowing for stealing of the LTPA session c [ more ] [ reply ] [SECURITY] [DSA 737-1] New clamav packages fix potential DOS 2005-07-05 Michael Stone (mstone klecker debian org) Re: /dev/random is probably not 2005-07-06 Alexey Toptygin (alexeyt freeshell org) On Tue, 5 Jul 2005, Jack Lloyd wrote: > Assuming the PRNG is any good, it shouldn't matter if an attacker can > manipulate such timings, because (by definition) a good PRNG will still > behave correctly even if an attacker does feed it lots of deliberately > bad data (as long as the PRNG also ha [ more ] [ reply ] PHPXMAIL - Authentication Bypass 2005-07-06 Steve (steve01 chello at) (1 replies) Author: Stefan Lochbihler Date: 6. Juli 2005 Affected Software: PHPXMAIL Software Version: 0.7 -> 1.1 Software URL: http://phpxmail.sourceforge.net/ Attack: Authentication Bypass Overview: PhpXmail is a web based management software for the Xmail mail server written in php. It's main u [ more ] [ reply ] Re: /dev/random is probably not 2005-07-06 Thomas (tom electric-sheep org) (1 replies) > Linux cited using keyboard interrupts. How many of those happen on > a web server in a rack, in an air conditioned computer room somewhere ? > How many happen when you open up your web browser and select your > internet banking web site from your bookmarks? To complete the list, Linux uses: - b [ more ] [ reply ] |
|
Privacy Statement |
1. Open the protected document in Word
2. File / Save As (XML Document)
3. Open XML Document, look for <w:documentProtection w:edit="read-only"
w:enforcement="on" w:unprotectPassword="xxxxxxx"/> The
"unprotectPassword" will be a hex byte string.
4. Open the .doc in your favorite h
[ more ] [ reply ]