|
|
Colapse all |
Post message
Virus exploits workaround in Windows Mobile/Pocket PC architecture (Includes Source Code) 2004-09-18 kers0r (root asylum-nz com) Airscanner Mobile Security Advisory *Title* Virus exploits workaround in Windows Mobile/Pocket PC architecture (Includes Source Code) *Introduction* Airscanner Corp. has obtained and published the complete, annotated source code to CE.Dust, the first virus to infect the Windows Mobile/ [ more ] [ reply ] Re: Multiple Vulnerabilities in phpScheduleIt 2004-09-17 Nick Korbel (nkorbel hotmail com) In-Reply-To: <20040831195301.5769.qmail (at) www.securityfocus (dot) com [email concealed]> This vulnerability has been fixed in version 1.0.0. Please download and upgrade http://sourceforge.net/project/showfiles.php?group_id=95547&package_id=1 01920&release_id=267509 >------------------------------------------------------- [ more ] [ reply ] Mambo Portal lasted version 4.5.1 (1.09) and lower vesion : SQL injection Vulnerability. 2004-09-18 khoaimi (kh0aimi yahoo com) Vendor www.mamboportal.com Message from vendor : Mambo is one of the most powerful Open Source Content Management Systems on the planet. It is used all over the world for everything from simple websites to complex corporate applications. Mambo is easy to install, simple to manage, and reliable. [ more ] [ reply ] Re:[2] Corsaire Security Advisory - Multiple vendor MIME RFC2047 encoding issue 2004-09-17 advisories (advisories corsaire com) (1 replies) > This method alone guarantees [for software that correctly > interprets well-formed MIME] that the security product > has exactly the same interpretation of the message as any > other software that subsequently receives it. There are a number of logical flaws in your reply, but lets focus on the s [ more ] [ reply ] Re:[2] Corsaire Security Advisory - Multiple vendor MIME RFC2047 encoding issue 2004-09-18 David F. Skoll (dfs roaringpenguin com) Important message to Bugtraq Subscribers! 2004-09-17 Daniel Bertrand (danb securityfocus com) To all Bugtraq Subscribers, Please note that due to a loss of mail on one of our outbound servers, you may or may not receive some Securityfocus Bugtraq email that you are subscribed to. We apologize for the inconvenience and would suggest that you visit the securityfocus archives soon to keep yo [ more ] [ reply ] [exploitwatch.org] ALERT: Windows XP JPEG Buffer Overflow POC Exploit 2004-09-17 admin exploitwatch org A PoC for the Windows XP JPEG has been published. Because of the potential impact, it is anticipated that this exploit will be widely used by worms and other malware within a short period of time. http://www.gulftech.org/?node=downloads Regards, admin (at) exploitwatch (dot) org [email concealed] http://exploitwatch.org [ more ] [ reply ] MDKSA-2004:095-1 - Updated gdk-pixbuf and gtk+2 packages fix image loading vulnerabilities 2004-09-17 Mandrake Linux Security Team (security linux-mandrake com) GoogleToolbar:About -- Allows Script Injection 2004-09-17 ViPeR (viper31337 yahoo co in) Affection Software : GoogleToolbar Version : Tested on 2.0.114.1-big/en (GGLD) Notes: GoogleToolbar's About section allows injection of script, since it lacks any checking. The following code is a Proof Of Concept. <s c r i p t> window.showModalDialog("res://C:\\Program%20Files\\Google\\GoogleTool [ more ] [ reply ] RE: JPEG Processing BOF Proof Of Concept 2004-09-17 Cassidy Macfarlane (cmacfarlane Drummond-Miller co uk) That was me. Nearly two years ago to the week :) http://www.securityfocus.com/archive/82/290856 /snip -----Original Message----- From: cassidy macfarlane Sent: Friday, September 06, 2002 7:57 AM To: vuln-dev securityfocus com Subject: old netscape vuln - affecting XP/explorer? -----BEGIN PGP SIG [ more ] [ reply ] Re: www.proboards.com / YaBB XSS Vuln 2004-09-17 Patrick Clinger (pclinger proboards com) In-Reply-To: <20040915231242.3251.qmail (at) www.securityfocus (dot) com [email concealed]> This flaw has been fixed. I would like to take this opportunity to first state that ProBoards does not run on YaBB software as the author of this thread implies. We run on our own in-house developed software, which the YaBB team wil [ more ] [ reply ] FreeBSD kernel buffer overflow 2004-09-16 gerarra tin it (2 replies) Topic: Buffer Overflow in FreeBSD Versions: All the versions of FreeBSD are broken (4.x, 5.x, 6.0) Arch: x86 Date: 16/09/2004 All discussion refers to CURRENT-6.0, for other versions some things could change (btw bugged). Discussion involves a lot of arch x32 dependant mechanisms, so, in some point [ more ] [ reply ] RsyncX vulnerabilities 2004-09-17 Matt Johnston (matt ucc asn au) Product: RsyncX is a frontend for rsync running on OS X, with additional features such as crontab editing. http://www.macosxlabs.org/rsyncx/rsyncx.html Problems: 1) RsyncX is installed setuid root and setgid wheel. Upon execution, the program drops root privileges (only via seteuid(getuid()) ). [ more ] [ reply ] Re: Corsaire Security Advisory - Multiple vendor MIME RFC2047 encoding issue 2004-09-17 Borja Marcos (borjam sarenet es) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > 2. Your logic sounds convincing, but interposing a proxy that > systematically changes incoming messages raises red flags in my mind. Digital signatures would not work, obviously. However, which is the reason to keep a malformed message? It's like [ more ] [ reply ] [security bulletin] SSRT4739 rev.0 HP WebJetadmin arbitrary command execution 2004-09-16 Boren, Rich (SSRT) (rich boren hp com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 HP SECURITY BULLETIN HPSBPI01078 REVISION: 0 SSRT4739 rev.0 HP Web Jetadmin arbitrary command execution ----------------------------------------------------------------- NOTICE: There are no restrictions for distribution of this Bulletin pro [ more ] [ reply ] [ GLSA 200409-21 ] Apache 2, mod_dav: Multiple vulnerabilities 2004-09-16 Thierry Carrez (koon gentoo org) RE: Microsoft GDIPlus.DLL JPEG Parsing Engine Buffer Overflow 2004-09-16 Polazzo Justin (Justin Polazzo facilities gatech edu) >Lastly, there is no all-in-one patch, MSFT said that this would create a package >that was too large for people to download. I am not sure why they didn't do >this, I don't think it has anything to do with the size, but I can only >speculate. I would have to agree with your assessment, seeing [ more ] [ reply ] [ GLSA 200409-20 ] mpg123: Buffer overflow vulnerability 2004-09-16 Thierry Carrez (koon gentoo org) IE6 + XP SP2 Vulnerability 2004-09-15 cns (cns free fr) Background information ====================== Windows XP Service Pack 2 has introduced new features that improve browsing security in Internet Explorer. Most of them are additional messages that force the user to validate everything that is done by the browser. Most of these messages are displayed [ more ] [ reply ] XSA-2004-4: multiple string overflows 2004-09-07 Michael Roitzsch (mroi users sourceforge net) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 xine security announcement ========================== Announcement-ID: XSA-2004-4 Summary: Several string overflows on the stack have been fixed in xine-lib, some of them can be used for remote buffer overflow exploits leading to the execution of arbi [ more ] [ reply ] XSA-2004-5: heap overflow in DVD subpicture decoder 2004-09-06 Michael Roitzsch (mroi users sourceforge net) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 xine security announcement ========================== Announcement-ID: XSA-2004-5 Summary: A heap overflow has been found in the DVD subpicture decoder of xine-lib. This can be used for a remote heap overflow exploit, which can, on some systems, lea [ more ] [ reply ] |
|
Privacy Statement |
# GulfTech Security Research September, 16th 2004
##########################################################
# Vendor : RhinoSoft
# URL : http://www.dns4me.com/
# Version : RhinoSoft.com DNS4Me Web Server/3.0.0.4
# Risk : Cross
[ more ] [ reply ]