|
|
Colapse all |
Post message
exwormshoucast part of PTjob project: SHOUTcast v1.9.4 remote exploit 2005-02-19 yan feng (jsk ph4nt0m net) 3com 3CDaemon FTP Unauthorized "USER" Remote BOverflow 2005-02-18 class 101 (class101 hat-squad com) Hat-Squad.com set a proper on that 5years old hole. Clean code class101.org, class101.hat-squad.com Here it is for a quick view on the list: /* 3com 3CDaemon FTP Unauthorized "USER" Remote BOverflow The particularity of this exploit is to exploits a FTP server without the need of any authorization [ more ] [ reply ] Thomson TCW690 POST Password Validation Vulnerability 2005-02-19 MurDoK (murdok lnx gmail com) I found a vulnerability in this cablemodem which a malicious user inside *LAN can get the control of the cablemodem easily. This cablemodem model is given by the spanish ISP "AUNA". Details ======= Product: Thomson TCW690 cablemodem Affected Version: ST42.03.0a (not tested in minor versions [ more ] [ reply ] [FLSA-2005:2137] Updated cyrus-sasl resolves security vulnerabilities 2005-02-17 Dominic Hargreaves (dom earth li) Knox Arkeia remote root/system exploit 2005-02-18 John Doe (guldens111 hotmail com) 0day cuz i'm bored /* * Knox Arkeia Server Backup * arkeiad local/remote root exploit * Targets for Redhat 7.2/8.0, Win2k SP2/SP3/SP4, WinXP SP1, Win 2003 EE * Works up to current version 5.3.x * * --------------- * * Linux x86: * ./arksink2 <arkeia_host> <target_type> <display> * * Exports an xter [ more ] [ reply ] [ GLSA 200502-27 ] gFTP: Directory traversal vulnerability 2005-02-19 Matthias Geerdsen (vorlon gentoo org) Joint encryption? 2005-02-18 John Richard Moser (nigelenki comcast net) (3 replies) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I'd post this to security-basics, but I've tried subscribing to that list through the web interface 3 times and still only managed to get linux-focus and bugtraq. I'm trying to solve a problem where I want to control access to highly sensitive data in [ more ] [ reply ] Multiple vulnerabilities in Glftpd v1.26 - v2.00 default zip based plug-ins 2005-02-18 headpimp pimp-industries com MDKSA-2005:041 - Updated cups packages fix vulnerabilities on 64 bit platforms 2005-02-18 Mandrakelinux Security Team (security linux-mandrake com) Re: AWStats <= 6.4 Multiple vulnerabilities - can't reproduce in 6.3? 2005-02-18 newbug Tseng (newbug chroot org) In-Reply-To: <eb743f98050217110164a4bcc8 (at) mail.gmail (dot) com [email concealed]> Hi. Please check http://packetstormsecurity.org/0501-exploits/AWStatsVulnAnalysis.pdf there're some code analysis for awstats. >Received: (qmail 27381 invoked from network); 17 Feb 2005 23:09:56 -0000 >Received: from outgoing.securityfocus.c [ more ] [ reply ] [ GLSA 200502-25 ] Squid: Denial of Service through DNS responses 2005-02-18 Sune Kloppenborg Jeppesen (jaervosz gentoo org) MDKSA-2005:044 - Updated tetex packages fix vulnerabilities on 64 bit platforms 2005-02-18 Mandrakelinux Security Team (security linux-mandrake com) Re: SHA-1 broken 2005-02-18 Michael Silk (michaelsilk gmail com) Michael, But with such functions the point is that "input" isn't a function, it's a string - and it can only be the inverse of one, not both; i.e. the result of "invHashFunc1( foo )" _wont_ equal "invHashFunc2( foo )". So if the user is attempting to break a login screen with his invHashFunc's, [ more ] [ reply ] |
|
Privacy Statement |
/* _ ________ _____ ______
*
* cfengine rsa heap remote exploit part of PTjob project / \ / "fuck mm"
* by jsk:exworm(http://exworm.hostrocket.com) \/
* bug found by core
* yep ta mei dayong ..hehe..so pub it..
* my home: www.ph4nt0m.
[ more ] [ reply ]