------------------------------------------------------------------------
---

Mantis Bugtracker Remote PHP Code

Execution Vulnerability

------------------------------------------------------------------------
---

Author: Joxean Koret

Date: 08-01-2004

Location: Basque Country

[ more ]  [ reply ]

------------------------------------------------------------------------
---

Cross Site Scripting Vulnerability in

Sympa

------------------------------------------------------------------------
---

Author: Joxean Koret

Date: 2004

Location: Basque Country

---------

[ more ]  [ reply ]

/*
* heap overflow exploit for qt bmp parsing bug
* infamous42md AT hotpop DOT com
*
* shouts to mitakeet, MB, and peeps @hackaholic
*
* ok, pretty standard heap overflow here. we spill across our chunk and
* overwrite the boundary tag for next chunk. the only problems i had was
* f

[ more ]  [ reply ]

------------------------------------------------------------------------
---

Multiple vulnerabilities in Mantis

Bugtracker

------------------------------------------------------------------------
---

Author: Joxean Koret

Date: This year, 2004 :) between June and

August

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandrakelinux Security Update Advisory
_______________________________________________________________________

Package name: kdelibs/kdebase
Advisor

[ more ]  [ reply ]

##########################################################
# GulfTech Security Research August, 18th 2004
##########################################################
# Vendor : BadBlue
# URL : http://www.badblue.com
# Version : BadBlue Webserver v2.5
# Risk : Denial of Service
######

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ---------------------------- Original Message ----------------------------
Subject: Re: [vchkpw] vpopmail <= 5.4.2 (sybase vulnerability) (fwd) From:
"Tom Collins" <tom (at) tomlogic (dot) com [email concealed]>
Date: Thu, August 19, 2004 9:12 am
To: vchkpw (at) inter7 (dot) com [email concealed]

[ more ]  [ reply ]

Internet Explorer supports a fantastic variety of "styles"
and "behaviors" amongst other 'unique capabilities'. A lovely
demonstration of that can be found here:

http://www.malware.com/wottapoop.html

--
http://www.malware.com

[ more ]  [ reply ]

------------------------------------------------------------------------
---

Cross-Site Scripting (XSS) in Nihuo Web Log Analyzer

------------------------------------------------------------------------
---

Author: Audun Larsen (larsen at xqus dot com)

Date: Aug 20, 2004

Affecte

[ more ]  [ reply ]

In-Reply-To: <200408180941.16239.radoslav.dejanovic (at) opsus (dot) hr [email concealed]>

>This basically tells the user to open CMD and then execute the attachment in command line. Now, someone has to be really, really dumb to do that.

People might forget that dragging and dropping to a command prompt actually executes

[ more ]  [ reply ]

Internet Explorer supports a fantastic variety of "styles"
and "behaviors" amongst other 'unique capabilities'. A lovely
demonstration of that can be found here:

http://www.malware.com/wottapoop.html

--
http://www.malware.com

[ more ]  [ reply ]

Hello list,

Zone Alarm stores its config. files in %windir%\Internet Logs\* . But strangely,

ZoneAlarm sets the folder/file permission (NTFS) of %windir%\Internet Logs\* to,

EVERYONE: Full

after its first started.

Even If you try to change the permission to...

Administrator (s)

[ more ]  [ reply ]

Program Description:

xv is an interactive image manipulation program for the X Window System. It can
operate on images in the GIF, JPEG, TIFF, PBM, PGM, PPM, XPM, X11 bitmap, Sun
Rasterfile, Targa, RLE, RGB, BMP, PCX, FITS, and PM formats on all known types
of X displays. It can generate PostScrip

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----

NetBSD Security Advisory 2004-009
=================================

Topic: ftpd root escalation

Version: NetBSD-current: source prior to Aug 10, 2004
NetBSD 2.0 branch: source prior to Aug 15, 2004
NetBSD 1.6.2: affected
NetBSD 1.6.1: affected
N

[ more ]  [ reply ]

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200408-19
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -

[ more ]  [ reply ]

I have found several buffer overflows in the sarad program used to serve
the British National Corpus (http://www.natcorp.ox.ac.uk/SARA/). At
least one (I didn't check the others too closely) allows execution of
arbitrary code over the network with the rights of the daemon which is
supposed to be a d

[ more ]  [ reply ]

In the interest of yet more completeness, I tested this on a few different
machines here at my office, here are the results:

Test image was 10000000px by 10000000px - ~11kb in size

It appears as all black in Mozilla of any version/platform/arch I tried.

Mozilla Firefox 0.9.3 operates slowly (not

[ more ]  [ reply ]

/*

************************************************************************
*****************************************

$ An open security advisory #6 - Xine vcd MRL input identifier management overflow

************************************************************************
******************

[ more ]  [ reply ]