Ipswitch WhatsUp Gold Remote Buffer Overflow Vulnerability

iDEFENSE Security Advisory 08.25.04

http://www.idefense.com/application/poi/display?type=vulnerabilities

August 25, 2004

I. BACKGROUND

Ipswitch WhatsUp Gold is a Microsoft Windows based network monitoring

application. More info

[ more ]  [ reply ]

i dont know if iDEFENSE will post it out of his mailing-list. so...

CDE libDtHelp LOGNAME Buffer Overflow Vulnerability

iDEFENSE Security Advisory 08.25.04

www.idefense.com/application/poi/display?id=134&type=vulnerabilities

August 25, 2004

I. BACKGROUND

The libDtHelp library is a

[ more ]  [ reply ]

Anonymous Surfing Via Gmail Login Window - Poor
Sanitization

User can do anonymous surfing (apart form other cool
tricks) from Gmail login window. The window is small,
still checking your mails via google is phun. :)
1. Open
https://gmail.google.com/?dest=http%3A%2F%2Fblablabla.
2. The login window

[ more ]  [ reply ]

Bipin, what you're bringing up is a very interesting point.

It turns out that, despite the lax NTFS permissions, the
safePrograms.xml file is apparantly quite well protected from tampering.
The TrueVector driver, which runs kernel-mode, holds a lock on the file
that prevents any other process fr

[ more ]  [ reply ]

Hi All,
As a great believer in being able to track emerging vulnerabilities with
minimal effort, I have created another "Alert State" image.
http://securitywizardry.com/radar.htm However, I have tried to make it a
lot more granular dividing the image up into OS and Applications and
reducing the ale

[ more ]  [ reply ]

/*

** PST_chpasswd_exp-v_b.c:

**

** Squirrelmail chpasswd local root bruteforce exploit

** Author:

** Bytes<Bytes[at]ph4nt0m.net> || <Bytes[at]ph4nt0m.org>

** http://www.ph4nt0m.net/

** Notice:

** v_b: Local bruteforce version

** v_R: remote bruteforce version

**

*

[ more ]  [ reply ]

In-Reply-To: <20040812173908.5199.qmail (at) www.securityfocus (dot) com [email concealed]>

My DG834 (non-wireless) also appears vulnerable to the ZEBRA problem, but only on port 2602.

How does one go about changing this password from the default?

And what does this ZEBRA service offer?

Unable to find documentation on t

[ more ]  [ reply ]

> From: Geoff Vass [mailto:geoff (at) cadzow.com (dot) au [email concealed]]
> Sent: Saturday, 21 August, 2004 07:43
>

[Your messages would be easier to read if you kept them to a reasonable line
length.]

> A while ago I "discovered" that CMD.EXE would launch renamed
> executables. I
> felt that this was a security problem

[ more ]  [ reply ]

It will cause RealVNC server die if there are more than 60 connections.

Tested against RealVNC serveron W2k using the following script:

for i in `seq 1 61`

do

nc <server_ip> 5900

done

This will impact version before 4.0 also.

Thanks

Allan

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Cisco Security Advisory: Multiple Vulnerabilities in Cisco Secure
Access Control Server

Revision 1.1

Last Updated 2004 August 25 1630 UTC (GMT)

For Public Release 2004 August 25 1600 UTC (GMT)

- ------------------------------------------------------

[ more ]  [ reply ]

The Russian news agency, Novosti, has reported Kaspersky Labs has warned about a large-scale virus attack on the Internet that might be delivered by Islamic terrorists on August 26.

http://en.rian.ru/rian/index.cfm?prd_id=160&msg_id=4759214&startrow=11&d
ate=2004-08-24&do_alert=0

Anyone have

[ more ]  [ reply ]

------------------------------------------------------------------------
----

IRM Security Advisory No. 010

Top Layer Attack Mitigator IPS 5500 Denial of Service

Vulnerability Type / Importance: DoS / High

Problem discovered: July 22nd 2004
Vendor contacted: July 23rd 2004
Advisory published

[ more ]  [ reply ]

Hello everyone,

I made a new search(http://search.dav1d.org)beta on my website.It includes hundreds of exploits under windows. If you want to find some exploits, please try it. For example: input keywords like "MS03-026"，"RPC DCOM",etc.

And if you have a new exploit, or have goo

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA1

Next Generation Security Technologies

http://www.ngsec.com

Security Advisory

Title: NtRegmon, local system denial of service.

ID: NGSEC-2004-7

[ more ]  [ reply ]

Hi, I have posted this vulnerability note to CERT and gotten no
response. It is remotely exploitable, but since it requires commands

to be executed as root on the gateway machine, it is unlikely to cause

any unplanned disruption.

OpenBSD was contacted, and they provided a patch within 12 hours.

[ more ]  [ reply ]

Hello,

We are proud to announce the release of the VulnDisco
RADIUS protocol
testsuite to the public.

This testsuite is a part of VulnDisco testsuite, which is
available to
VulnDisco clients.

The purpose of this testsuite is to evaluate RADIUS
protocol implementations from the security point o

[ more ]  [ reply ]

NetworkEverywhere router Model NR041 (latest firmware rev 1.2 Release 03)
suffers a "script injection over dhcp" vulnerability.

The NR041 does not filter DHCP HOSTNAME options coming from its clients.
Because of that, we can inject a web script into the web based
administrative interface and w

[ more ]  [ reply ]

##########################################################
# GulfTech Security Research August, 24th 2004
##########################################################
# Vendor : EFS Software Inc.
# URL : http://www.sharing-file.com
# Version : Easy File Sharing Webserver v1.25
# Risk

[ more ]  [ reply ]

#######################################################################

Luigi Auriemma

Application: Painkiller
http://www.painkillergame.com
Versions: <= 1.3.1
Platforms: Windows
Bug: memory corruption with limited code execution
Risk:

[ more ]  [ reply ]

[Nikkyt0x Advisory]

#0000-0001

[PHP Code Snippet Library Multiple Cross-Site Scripting (XSS) Vulnerabilities]

Software: PHP Code Snippet Library

Vendor: http://www.php-csl.com/

Date: 24/08/2004

Author: Nikyt0x [ nikyt0x (at) hotmail (dot) com [email concealed] ]

Site: http://nikyt0x.webcindario.com

Advisory UR

[ more ]  [ reply ]

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200408-23
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 541-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Martin Schulze
August 24th, 2004

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi!

I think that the isprint() check is NOT limiting the exploitation of
this bug at all. You can still exploit this vulnerability by overwriting
stack frames (you can read more about it here: http://www.phrack.org/show.php?p=59&a=7)
and by using the s

[ more ]  [ reply ]

##########################################################
# GulfTech Security Research August, 23rd 2004
##########################################################
# Vendor : LiveWorld, Inc.
# URL : http://www.liveworld.com
# Version : Multiple Products
# Risk : Cross Site Scriptin

[ more ]  [ reply ]

Dear lists,

Sorry for additional noise.

Microsoft published Q884776 "Configuring the Windows Time service
against a large time offset"

http://support.microsoft.com/default.aspx?scid=kb;en-us;884776

In addition to clear description on new registry keys in Windows 2000
SP4 and

[ more ]  [ reply ]