BugTraq Mode:
(Page 1376 of 1748)  < Prev  1371 1372 1373 1374 1375 1376 1377 1378 1379 1380 1381  Next >
Combining Hashes 2005-02-18
Kent Borg (kentborg borg org)
Concatenating two different hashes, for example SHA-1 and MD5,
apparently does not add as much security as one might hope.

What about more complicated compositions? For example, a reader
comment posted on Bruce Schneier's blog
(http://www.schneier.com/blog/archives/2005/02/sha1_broken.html)
sugges

[ more ]  [ reply ]
3com 3CDaemon FTP "USER" Remote BOverflow POC 2005-02-18
Hat-Squad Security Team (bugtraq hat-squad com)


Hat-Squad Security Team
http://www.hat-squad.com

/*
3com 3CDaemon FTP Unauthorized "USER" Remote BOverflow

The particularity of this exploit is to exploits a FTP server
without the need of any authorization.

Homepage: www.3com.com
version: 3CDaemon v2.0 rev1

[ more ]  [ reply ]
[ GLSA 200502-26 ] GProFTPD: gprostats format string vulnerability 2005-02-18
Sune Kloppenborg Jeppesen (jaervosz gentoo org)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200502-26
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -

[ more ]  [ reply ]
MDKSA-2005:045 - Updated kdelibs packages fix vulnerabilities 2005-02-18
Mandrakelinux Security Team (security linux-mandrake com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandrakelinux Security Update Advisory
_______________________________________________________________________

Package name: kdelibs
Advisory ID:

[ more ]  [ reply ]
[SECURITY] [DSA 687-1] New bidwatcher packages fix format string vulnerability 2005-02-18
joey infodrom org (Martin Schulze)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 687-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Martin Schulze
February 18th, 2005

[ more ]  [ reply ]
MDKSA-2005:040 - Updated PostgreSQL packages fix multiple vulnerabilities 2005-02-18
Mandrakelinux Security Team (security linux-mandrake com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandrakelinux Security Update Advisory
_______________________________________________________________________

Package name: postgresql
Advisory ID:

[ more ]  [ reply ]
BizMail 2.1 Spam Exploit 2005-02-18
Jason Frisvold (xenophage0 gmail com)
Greetings all,

Over the course of the last few months I've been the victim of
repeated abuses of a web-based form commonly used for customer
requests. This form can be downloaded here :
http://www.bizmailform.com

This form allowed a hacker to directly call the cgi, forge a referer
url, and, with

[ more ]  [ reply ]
Re: Possible phpBB <=2.0.11 bug or sql injection? 2005-02-18
Exoduks (exoduks gmail com)
In-Reply-To: <20050217095457.23821.qmail (at) www.securityfocus (dot) com [email concealed]>

>
>http://www.phpbb.com/phpBB/search.php?search_author=\*\'fnfnfffffa,'\*\
*\cdf
>
>or
>
>http://www.phpbb.com/phpBB/search.php?search_author=\*\*\*\*\*\*\*\*\*

I have notice that this only works is php.ini is set like this:

; Magic q

[ more ]  [ reply ]
MDKSA-2005:043 - Updated xpdf packages fix vulnerabilities on 64 bit platforms 2005-02-18
Mandrakelinux Security Team (security linux-mandrake com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandrakelinux Security Update Advisory
_______________________________________________________________________

Package name: xpdf
Advisory ID:

[ more ]  [ reply ]
RE: SHA-1 broken 2005-02-18
Michael Silk (michaelsilk gmail com)
Michael,

But wouldn't it render a login-based hashing system resistant to the
current hashing problems if it is implemented something like:

--
result = hashFunc1( input + hashFunc1(input) + salt )
//
// instead of
//
result = hashFunc1( input + salt )
--

We can see that the input to the

[ more ]  [ reply ]
MDKSA-2005:042 - Updated gpdf packages fix vulnerabilities on 64 bit platforms 2005-02-18
Mandrakelinux Security Team (security linux-mandrake com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandrakelinux Security Update Advisory
_______________________________________________________________________

Package name: gpdf
Advisory ID:

[ more ]  [ reply ]
Adobe Reader invalid root page node Count value DOS 2005-02-18
Hongzhen Zhou (felix__zhou hotmail com)


Adobe Reader invalid root page node Count value DOS

Author
======
Fortinet,inc (hongzhen zhou <felix__zhou _at_ hotmail _dot_ com>)

Vulnerable
==========
Acrobat Reader 7.0.0 for Windows (English Version) -- latest version
Acrobat Reader 6.0.3 for Windows (Simplied Chinese V

[ more ]  [ reply ]
Re: NetSec Security Advisory: Multiple Vulnerabilities Resulting From Use Of Apple OSX HFS+ 2005-02-18
Vade 79 (v9 fakehalo deadpig org)
In-Reply-To: <DBA4F9D89F7DD54DB5E33F41D90DD3E003277F3A (at) shq-exu1.netsec (dot) net [email concealed]>

>VULNERABILITY DETAILS
>
>Name: Multiple Vulnerabilities Resulting From Use Of Apple
OSX
>HFS+=20
>Impact: HIGH
>Platform: Apple OS X (Darwin) <=3D 10.2
>Method: Possible unauthorized access to file system data
>Ide

[ more ]  [ reply ]
[USN-66-2] PHP vulnerability 2005-02-17
Martin Pitt (martin pitt canonical com)
===========================================================
Ubuntu Security Notice USN-66-2 February 17, 2005
php4 vulnerability
http://www.securitytracker.com/alerts/2004/Oct/1011984.html
===========================================================

A security issue affects the following Ubuntu r

[ more ]  [ reply ]
[USN-78-2] Fixed mailman packages for USN-78-1 2005-02-17
Martin Pitt (martin pitt canonical com)
===========================================================
Ubuntu Security Notice USN-78-2 February 17, 2005
mailman vulnerabilities
CAN-2005-0202
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)

Th

[ more ]  [ reply ]
RE: SHA-1 broken 2005-02-17
Scovetta, Michael V (Michael Scovetta ca com)
Kent--

Compositions won't really help very much. Lets say (I'm sure the exact
numbers are wrong here) that it takes brute-forcing MD5 takes 2**80, and
brute-forcing SHA-1 takes 2**90. And due to recent discoveries, we can
push those down to 2**50 and 2**55 respectively. Breaking a composition
would

[ more ]  [ reply ]
Phishing hole found in IE and OE 2005-02-17
Jay Calvert (jcalvert habaneronetworks com) (1 replies)


Another major vulnerability has been found in Microsoft's Internet Explorer and Outlook Express. The flaw is in the way that these applications can be manipulated in simple HTML code to display an URL other than the one specified in a link, to be displayed in the status bar.

The status bar is the

[ more ]  [ reply ]
Re: Phishing hole found in IE and OE 2005-02-18
Greg Merideth (gmerideth forwardtechnology net)
Re: IE6 SP1 - Click N Crash 2005-02-17
Robert ONeal (rob rebelworks com)
In-Reply-To: <20050215152129.38866.qmail (at) web8503.mail.in.yahoo (dot) com [email concealed]>

Hi,

I have tested this issue and it is known to also affect IE 6 SP2 on Windows XP.

Thanks

[ more ]  [ reply ]
(Page 1376 of 1748)  < Prev  1371 1372 1373 1374 1375 1376 1377 1378 1379 1380 1381  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus