|
|
Colapse all |
Post message
RE: Avaya IP Office Phone Manager - Sensitive Information Cleartext Vulnerability 2005-02-24 PASTOR ADRIAN (M123303 Richmond ac uk) In-game cl_guid crash in Soldier of Fortune II 1.03 2005-02-24 Luigi Auriemma (aluigi autistici org) [Security Bulletin] SSRT4694 HP-UX ftpd remote unauthorized access 2005-02-24 Boren, Rich (SSRT) (rich boren hp com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 HP SECURITY BULLETIN HPSBUX01119 REVISION: 0 SSRT4694 rev.0 - HP-UX ftpd remote unauthorized access NOTICE: There are no restrictions for distribution of this Security Bulletin provided that it remains complete and intact. The information in th [ more ] [ reply ] Cisco Security Advisory: ACNS Denial of Service and Default Admin Password Vulnerabilities 2005-02-24 Cisco Systems Product Security Incident Response Team (psirt cisco com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Cisco Security Advisory: ACNS Denial of Service and Default Admin Password Vulnerabilities ====================================================================== Revision 1.0 For Public Release 2005 February 24 1600 UTC (GMT) [ more ] [ reply ] iDEFENSE Security Advisory 02.23.05: Sun Solaris kcms_configure Arbitrary File Corruption Vulnerability 2005-02-23 iDEFENSE Labs (labs-no-reply idefense com) Sun Solaris kcms_configure Arbitrary File Corruption Vulnerability iDEFENSE Security Advisory 02.23.05 www.idefense.com/application/poi/display?id=206&type=vulnerabilities February 23, 2005 I. BACKGROUND The kcms_configure utility is part of the Kodak Color Management System (KCMS) package that i [ more ] [ reply ] RE: Avaya IP Office Phone Manager - Sensitive Information Cleartext Vulnerability 2005-02-24 Walton, John Michael (John) (jmwalton avaya com) Avaya is aware and currently investigating this issue. Once our investigation is complete we will release an Avaya Security Advisory to address the outlined concerns. In the interim, we've asked Mitre to assign a Common Vulnerability and Exposures (CVE) candidate number for this issue. They have [ more ] [ reply ] Multiple vulnerabilities found in CSGuestbook by CoolSerlets.com 2005-02-24 Josh884 hotmail com Audit of the script: http://www.coolservlets.com/CSGuestbook/ About this script: This is an open source GuestBook script offered by CoolServlets.com About the audit: This audit was performed by Daxgrapol and Dopel for RACAT (a subgroup of CASOS in the cyberarmy.net community). Note in advance: Th [ more ] [ reply ] RE: Incorrect Classification of iDownload's Product as Spyware... 2005-02-24 Roger A. Grimes (roger banneretcs com) I've got a solution for this litigation problem for the anti-spyware companies. Create a new classification called Recognized Software. In the description, tell end users that Recognize software contains both wanted and unwanted software. The software is in this category because many users conside [ more ] [ reply ] Office 10 applications & flashdrives can be used to browse restricted drives 2005-02-23 Discini, Sonny (Sonny Discini montgomerycountymd gov) ************************************************************************ ************* Originally this issue was explained and patched here: http://support.microsoft.com/?id=302753 SYMPTOMS After you establish a group policy to restrict access to a drive by selecting the Hide these specified drive [ more ] [ reply ] [Fwd: [arkeia-announce] Release of Arkeia Network Backup 5.3.5 fixes security issue] 2005-02-23 Maciej Bogucki (maciej bogucki artegence com) Release of Arkeia Network Backup 5.3.5 fixes security issue [bugtraq id 12594] 2005-02-23 Arnaud Spicht (aspicht arkeia com) After carefully examining issues recently discussed in public technical forums, Arkeia Corp. has immediately released a new version to block any potential invasion of Arkeia protected networks. ANB 5.3.5 fixes a buffer overflow bug that could allow a remote attacker to remotely execute arbitrary [ more ] [ reply ] [ GLSA 200502-29 ] Cyrus IMAP Server: Multiple overflow vulnerabilities 2005-02-23 Matthias Geerdsen (vorlon gentoo org) Robustness patch for TWiki, vulnerability in ImageGalleryPlugin 2005-02-23 Florian Weimer (fw deneb enyo de) * TWiki robustness patch After CAN-2004-1037 was discovered in November 2004, I wrote a patch which systematically replaces unsafe subprocess invocation constructs in the TWiki source code. This patch was published, submitted to the TWiki developers, and they ported it into the DEVELOP branch: [ more ] [ reply ] Incorrect Classification of iDownload's Product as Spyware... 2005-02-23 Paul Laudanski (zx castlecops com) In a letter received by CastleCops from a law firm representing iDownload/iSearch Toolbar: http://castlecops.com/article-5762-nested-0-0.html It has been found out that another website has received a similar form. In the next link is our response, with more information on the other website, Sp [ more ] [ reply ] [SECURITY] [DSA 689-1] New mod_python packages fix information leak 2005-02-23 joey infodrom org (Martin Schulze) [SECURITY] [DSA 688-1] New squid packages fix denial of service 2005-02-23 joey infodrom org (Martin Schulze) Re: Cross Site Scripting exploitation via malformed files 2005-02-23 http-equiv (at) excite (dot) com [email concealed] (1 malware com) <!-- On many webmail systems, when the JPG file is downloaded, then the script is executed (you can play with javascript, vbscript,...) It was verified under IE - XP SP2 --> This doesn't seem to be correct [or even work for that matter]. 1. As an attachment in the email and received in y [ more ] [ reply ] Re: Knox Arkeia remote root/system exploit 2005-02-22 Arnaud Spicht (aspicht arkeia com) In-Reply-To: <BAY22-F8E04A402F7FD7B74F1A849C6E0 (at) phx (dot) gbl [email concealed]> >/* >* Knox Arkeia Server Backup >* arkeiad local/remote root exploit >* Targets for Redhat 7.2/8.0, Win2k SP2/SP3/SP4, WinXP SP1, Win 2003 EE >* Works up to current version 5.3.x >* >* --------------- The buffer overflow bug has been fixed [ more ] [ reply ] Re: Arkeia Network Backup Client Remote Access 2005-02-22 Arnaud Spicht (aspicht arkeia com) In-Reply-To: <20050222091943.GM76018 (at) DAPCVA (dot) da [email concealed]> >On Sun, Feb 20, 2005 at 02:41:36PM -0600, H D Moore wrote: >> Anyone able to connect to TCP port 617 can gain read/write access to the >> filesystem of any host running the Arkeia agent software. This appears to >> be an intentional design decision [ more ] [ reply ] iDEFENSE Security Advisory 02.22.05: phpBB Group phpBB2 Arbitrary File Unlink Vulnerability 2005-02-22 iDEFENSE Labs (labs-no-reply idefense com) phpBB Group phpBB2 Arbitrary File Unlink Vulnerability iDEFENSE Security Advisory 02.22.05 www.idefense.com/application/poi/display?id=205&type=vulnerabilities February 22, 2005 I. BACKGROUND phpBB is an open source bulletin board package written in the PHP web scripting language. More informatio [ more ] [ reply ] Cross Site Scripting exploitation via malformed files 2005-02-21 Jerome ATHIAS (jerome athias free fr) It was publicly released on different forums (http://cyruxnet.org/foro/viewtopic.php?t=559); multiple webmail systems and websites are vulnerable to Cross Site Scripting via a malformed file. A basic PoC : Build a text file (ie: photo.txt) <script language="Javascript"> alert('Vulnerable!'); [ more ] [ reply ] [SCAN Associates Security Advisory] vbulletin 3.0.6 and below php code injection 2005-02-21 pokley (pokleyzz scan-associates net) Summary: vbulletin 3.0.6 and below php code injection Description =========== vBulletin is a powerful, scalable and fully customizable forums package for your web site. It has been written using the Web's quickest-growing scripting language; PHP, and is complimented with a highly efficient and [ more ] [ reply ] The WebConnect 6.4.4 and 6.5 contains several vulnerabilities 2005-02-20 CIRT Advisory (advisory cirt dk) The WebConnect 6.4.4 and 6.5 contains several vulnerabilities such as: - Denial of Service when requesting an DOS Device in Path Name - Reading of files outside webroot (Directory traversal) Requesting "DOS Device in Path Name" Denial of Service When requesting a DOS device in the URL the serve [ more ] [ reply ] RE: Windows Firewall Has A Backdoor 2005-02-21 Thor Larholm (thor pivx com) XPSP2 has a software firewall which like any other firewall has a list of exceptions, being that it is host based these exceptions are process based. Having an exceptions list is not a backdoor. There's no vulnerability or backdoor here, just intended functionality. You can't add keys to this regis [ more ] [ reply ] |
|
Privacy Statement |
In my case the key is stored under HKEY_LOCAL_MACHINE
Also, please let's remember that even in the case that the key was stored under HKEY_CURRENT_USER , sensitive information should NEVER be cleartext since an attacker could gain administrative privileges to a single host or even entire Windows
[ more ] [ reply ]