BroadBoard Instant ASP Message Board

URL: http://www.broadboard.com/

1. software does not properly validate user-supplied input in the 'keywords'
parameter in search.asp:
http://broadboard/forum/search.asp?archives=1&action=1&keywords=['SQL
code]&method=1&method=1&body=1&subject=1&board=1&result

[ more ]  [ reply ]

Hat-Squad Advisory: Remote Buffer overflow Vulnerability in YahooPOPS

September 22, 2004

Product: YahooPOPS!

Vendor URL: http://yahoopops.sourceforge.net

Version: YahooPOPS v0.4 up to v0.6

Vulnerability: Remote Buffer overflows

Release Date: 27 September 2004

Vendor Status:

Informe

[ more ]  [ reply ]

Greetings and Salutations:

While this discussion pertains to IPv4, IPv6 also allows fragmentation and I
suspect IPv6 will also be affected by this attack.

This is an extension of the "Rose Attack" previously posted to the Bugtraq
mailing list. I have decided to call this attack the "New Dawn atta

[ more ]  [ reply ]

for those who are interested, a joint project by caltech and mit have
been working on these very issues

http://www.vote.caltech.edu/

lots of good information about the current problems with electronic
voting and suggested solutions.

cheers,

nick

ps i'm not involved in the project

[ more ]  [ reply ]

Hello bugtraq,

-= Unl0ck Team Security Advisory =-

____ ___ __ _______ __ ___________
| | \____ | | \ _ \ ____ | | __ \__ ___/___ _____ _____
| | / \| | / /_\ \_ / ___\| |/ / | |_/ __

[ more ]  [ reply ]

How did you test this (and on what platform), and why do you propose
that the SANS tool is delivering more accurate results than the GDI tool
delivered by Microsoft?

I tested the SANS tool against a properly patched XP system on Friday
and found it to false positive on many of the locations it said

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
CONECTIVA LINUX SECURITY ANNOUNCEMENT
- ------------------------------------------------------------------------
--

PACKAGE : kernel
SUMMARY : Fix for kernel vulnerability

[ more ]  [ reply ]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
IMPORTANT:

Several security issues that may affect ColdFusionMX customers
have come to our attention recently.

To learn about this new issue and what actions you can take
to address it, please visit the Macromedia Security Zone:

[ more ]  [ reply ]

It is impossible for a company to be non-partisan. That is why it would
be nice to develop an open source solution. That would be non-partisan.
Having being created by democrats, republicans, anarchists, whoever
wanted to contribute.

-JP

-----Original Message-----
From: Barry Fitzgerald [mailto:b

[ more ]  [ reply ]

------------------------------------------------------------------------
-
| Motorola Wireless Router WR850G Authentication Circumvention |
------------------------------------------------------------------------
-

Date: 09-23-2004
Author: Daniel Fabian
Product: Motorola Wireless Router WR85

[ more ]  [ reply ]

I think if major vendors used signed emails, it would be a good step.
However, I'm not sure in the long run it will do much good.

First, the real problem isn't technical, it's educational. Most users
sophisticated enough to download a public key, verify the fingerprint, and
install it on their ke

[ more ]  [ reply ]

As someone who's been involved in the electronic voting controversy, I'd
like to add a few points:

(1) I agree that source code should be inspected by someone truly
independent and competent, and that the standards for approving voting
machines should be stronger. However, that's NOT the same as o

[ more ]  [ reply ]

------------------------------------------------------------------------
-
| Motorola Wireless Router WR850G Authentication Circumvention |
------------------------------------------------------------------------
-

Date: 09-23-2004
Author: Daniel Fabian
Product: Motorola Wireless Router WR85

[ more ]  [ reply ]

In-Reply-To: <20040922203047.GA16153 (at) nenya (dot) lan [email concealed]>

>On Wed, Sep 22, 2004 at 10:06:40AM -1000, Tim Newsham wrote:

>> How does this give anonymity? When sending to the server, I must use the

>> servers address as a source address. When the server replies to me, it

>> must use my address as a source

[ more ]  [ reply ]

Another XSS Vulnerability has been found in paFileDB!

paFileDB is designed to allow webmasters have a
database of files for download on their site.

Vulnerable:

Software: email & category & file paFileDB modules

Just Tested on: paFileDB 3.1 Final , but likely works
on another versions.

Exploit

[ more ]  [ reply ]

# This has been re-sent several times in the last week, but for whatever
reason, my email hasn't been getting to the bugtraq list.

> In this case, you canonicalize by picking just one of the fields.
> As long as you pick something unambiguous, you will be OK.

However this is not possible; as I ha

[ more ]  [ reply ]

# This has been re-sent several times in the last week, but for whatever
reason, my email hasn't been getting to the bugtraq list.

> I presume that these are nine of the
> "top 10 content providers".

Actually, no. Our internal testing covered a limited collection of what we
considered the most pr

[ more ]  [ reply ]

In-Reply-To: <20040924141725.13699.qmail (at) www.securityfocus (dot) com [email concealed]>

>Received: (qmail 18580 invoked from network); 25 Sep 2004 02:57:58 -0000

>Received: from outgoing.securityfocus.com (HELO outgoing2.securityfocus.com) (205.206.231.26)

> by mail.securityfocus.com with SMTP; 25 Sep 2004 02:57:58 -00

[ more ]  [ reply ]