|
|
Colapse all |
Post message
iDEFENSE Security Advisory 03.28.05: Multiple Telnet Client env_opt_add() Buffer Overflow Vulnerability 2005-03-28 iDEFENSE Labs (labs-no-reply idefense com) FreeBSD Security Advisory FreeBSD-SA-05:01.telnet 2005-03-28 FreeBSD Security Advisories (security-advisories freebsd org) Brute-Force scanning the entire 32-bit IP space using Javascript. 2005-03-25 cyber_flash hotmail com Ever wonder how many HTTP web servers are running on the internet? Last night I decided to write a Distributed IP Scanning tool using only plain Javascript. No special exe downloads are required. It runs right within the IE browser. For a demo on flash/warhol worms, please visit: http://warhol.s [ more ] [ reply ] RE: TCP timestamp & advanced fingerprinting 2005-03-25 Bruce Klein (bruce klein iovation com) How does this compare with [Prs2002] Clock Deviation/Skew as a Forensics/Tracking Tool research done by Tadayoshi Kohno. http://www.cse.ucsd.edu/users/tkohno/ Bruce Klein iovation, Inc. -----Original Message----- From: Erwan Arzur [mailto:erwan (at) lse.epita (dot) fr [email concealed]] Sent: Friday, March 25, 2005 6:05 AM [ more ] [ reply ] Re: smail remote and local root holes (no, not really ;-) 2005-03-25 Greg A. Woods (woods-smail planix com) (1 replies) Sean you can't send me mail because hotpop.com is blacklisted: $ host -a hotpop.com.postmaster.rfc-ignorant.org hotpop.com.postmaster.rfc-ignorant.org A 127.0.0.3 hotpop.com.postmaster.rfc-ignorant.org TXT "Not supporting postmaster (at) hotpop (dot) com [email concealed]" You'll have to find a diffe [ more ] [ reply ] File inclusion and XSS vulnerability in E-Store Kit-2 PayPal Edition 2005-03-25 dcrab hackerscenter com Dcrab 's Security Advisory http://icis.digitalparadox.org/~dcrab http://www.hackerscenter.com/ Severity: High Title: File inclusion and XSS vulnerability in E-Store Kit-2 PayPal Edition Date: March 26, 2005 Summary: There are file include and xss vulnerabilities in E-Store Kit-2 PayPal Editio [ more ] [ reply ] QuickTime malformed JPEG buffer overflow 2005-03-26 liquid cyberspace org When fuzzing some application with malformed input files, if we want to discover some vulnerability we have to create input file which is very close to valid file but yet malformed in some way. In that way chances for discovery are greater. Now let's play with JPEG format. We concentrate on Huffma [ more ] [ reply ] AS/400 LDAP user accounts disclosure 2005-03-26 Shalom Carmel (shalom venera com) AS/400 LDAP user accounts disclosure Overview ------------- By default, a new iSeries server comes with a pre-installed directory server,better known as an LDAP server.LDAP, or Lightweight Directory Access Protocol, is the industry standard for enterprise directory services, and forms the basis for [ more ] [ reply ] ZH2005-03SA -- multiple vulnerabilities in NukeBookmarks .6 2005-03-26 Gerardo Astharot Di Giacomo (astharot zone-h org) ZH2005-03SA -- multiple vulnerabilities in NukeBookmarks .6 Author: Gerardo 'Astharot' Di Giacomo Date: 26 March 2005 Product: NukeBookmarks .6 URL: http://nukebookmarks.sourceforge.net/ About the product ----------------- From the home page: "Nuke Bookmarks is a module for PHP-Nuke that allows [ more ] [ reply ] phpbb 2.0.13 Exploit (bug) 2005-03-25 tOnk3r (m spywire net) ------------------------------------------------------------------------ # phpBB 2.0.13 failure to reset user level after failed exploit # discovered By : tOnk3r # e-mail : m[at]spywire[dot]net # date : 22-march-05 # shouts: pureone, spywire.net crew , and everybody i know! # Versions affected : AL [ more ] [ reply ] TCP timestamp & advanced fingerprinting 2005-03-25 Erwan Arzur (erwan lse epita fr) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello, attached is a paper from one of our students about using the TCP timestamps in TCP headers as a fingerprinting tip, which can ultimately be used for mapping networks behind firewalls. Erwan Arzur EPITA/EPITECH systems Laboratory http://www.lse. [ more ] [ reply ] [ GLSA 200503-33 ] IPsec-Tools: racoon Denial of Service 2005-03-25 Matthias Geerdsen (vorlon gentoo org) [ GLSA 200503-30 ] Mozilla Suite: Multiple vulnerabilities 2005-03-25 Thierry Carrez (koon gentoo org) [FLSA-2005:2268] Updated spamassassin package fixes security issues 2005-03-24 Marc Deslauriers (marcdeslauriers videotron ca) [FLSA-2005:2129] Updated mysql packages fix security issues 2005-03-24 Marc Deslauriers (marcdeslauriers videotron ca) (2 replies) --------------------------------------------------------------------- Fedora Legacy Update Advisory Synopsis: Updated mysql packages fix security issues Advisory ID: FLSA:2129 Issue date: 2005-03-24 Product: Red Hat Linux, Fedora Core Keywords: [ more ] [ reply ] Re: [FLSA-2005:2129] Updated mysql packages fix security issues 2005-03-25 Ventsislav Genchev (vigour atlantis bg) Re: [FLSA-2005:2129] Updated mysql packages fix security issues 2005-03-25 Ventsislav Genchev (vigour atlantis bg) [FLSA-2005:2155] Updated sharutils package fixes security issues 2005-03-24 Marc Deslauriers (marcdeslauriers videotron ca) Netcomm 1300NB DSL Modem Denial of Service 2005-03-25 Chris Rock (chris kustodian com) There is an issue with the Netcomm 1300NB DSL Modem in regards to a Denial of Service attack. By sending off the following ping command in four seperate shells or windows the WAN interface on the Netcomm DSL Modem locks up and the device must be rebooted to get Internet Activity. The Netcomm ADSL [ more ] [ reply ] smail remote and local root holes 2005-03-25 sean (infamous41md hotpop com) -- I've been trying to send an email to greg woods, the maintainer of smail, to 3 different email addresses now. They have all bounced. My email to the smail user list bounced as well. I didn't want to just release this 0day, but I'm not hunting these people down, so here it is. No exploit for [ more ] [ reply ] |
|
Privacy Statement |
iDEFENSE Security Advisory 03.28.05
www.idefense.com/application/poi/display?id=221&type=vulnerabilities
March 28, 2005
I. BACKGROUND
The TELNET protocol allows virtual network terminals to be connected to
over the internet. The
[ more ] [ reply ]