|
|
Colapse all |
Post message
SGI Advanced Linux Environment 2.4 security update #24 2004-08-13 SGI Security Coordinator (agent99 sgi com) SGI Advanced Linux Environment 3 Security Update #9 2004-08-13 SGI Security Coordinator (agent99 sgi com) Re: JS/Zerolin 2004-08-13 K-OTiK Security (Special-Alerts k-otik com) In-Reply-To: <1092386306.752.36.camel (at) bobby.exaprobe (dot) com [email concealed]> >Nicolas Gregoire wrote : >I've seen theses emails since last Friday, and my gateway has since >received around 200 of them. KAV and ClamAV detect them as >"TrojanDropper.VBS.Zerolin" > >It appears that a small Jscript.Encoded code is [ more ] [ reply ] Corsaire Security Advisory - Clearswift MAILsweeper multiple encoding/compression issues 2004-08-13 advisories (advisories corsaire com) -- Corsaire Security Advisory -- Title: Clearswift MAILsweeper multiple encoding/compression issues Date: 07.08.03 Application: Clearswift MAILsweeper prior to 4.3.15 Environment: Windows 2000 Author: Martin O'Neal [martin.oneal (at) corsaire (dot) com [email concealed]] Audience: General distribution Reference: c030807-001 [ more ] [ reply ] Re: NETGEAR DG834G SPECIAL FEATURES 2004-08-13 thanasonic hack gr (1 replies) In-Reply-To: <005e01c48141$4e82f880$0701a8c0@COOKIE> Sorry for not mentioning that.Thats why the subject is called "SPECIAL FEATURE" and not a bug. By the way, the second issue about zebra its true and as i informed about it ,it can be exploited localy or remotely. Thanks for your reply, Thana [ more ] [ reply ] RE: NETGEAR DG834G SPECIAL FEATURES 2004-08-13 Andre Lorbach (alorbach ro1 adiscon com) > -----Original Message----- > From: thanasonic (at) hack (dot) gr [email concealed] [mailto:thanasonic (at) hack (dot) gr [email concealed]] > > By opening http://192.168.0.1/setup.cgi?todo=debug you enable > the router's debug mode.Then you just telnet at 192.168.0.1 > at port 23 and then you have a root shell. > > Also i found that if you just teln [ more ] [ reply ] MDKSA-2004:082 - Updated mozilla packages fix multiple vulnerabilities 2004-08-13 Mandrake Linux Security Team (security linux-mandrake com) recent gaim advisory 2004-08-13 infamous41md hotpop com if anyone else was looking for some of the overflows mentioned in the rather cryptic advisory, i found one of them in: /gaim-0.81/src/protocols/msn/slp.c :648 in the function msn_slp_sip_recv(). an improper use of strncpy(). [---------------------------------------------] not very interesting [ more ] [ reply ] MDKSA-2004:081 - Updated gaim packages fix remotely exploitable vulnerabilities 2004-08-13 Mandrake Linux Security Team (security linux-mandrake com) New Paper: Microsoft Windows, a lower Total Cost of Ownership 2004-08-13 Dave Aitel (dave immunitysec com) NGSEC's response to Idefense overflow protections whitepaper. (PART II) 2004-08-12 lists@NGSEC (lists ngsec com) Mr Johnson, We have made available a paper conatining several (unpublished by iDefense's paper) tests agains PAX-like solutions in WIN32. Only tests not deep information on how this products works. Grab it at: [264 KB] http://www.ngsec.com/docs/whitepapers/NGSEC-Windows_overflow_protec [ more ] [ reply ] [ GLSA 200408-12 ] Gaim: MSN protocol parsing function buffer overflow 2004-08-12 Sune Kloppenborg Jeppesen (jaervosz gentoo org) Re: Driver for display goes to a infinite loop by viewing a html! 2004-08-12 Frank Nospam (fuy1 umbc edu) For the sake of completeness: Mac OS X 10.3.5 doesn't crash or consume excess CPU cycles at your test page. The only notable quirk was a failure to scale the test image: Safari 1.2.3 (KHTML) displayed a blank space 999999 pixels tall and Mozilla 1.8a displayed a 999999x999999 black box. > O [ more ] [ reply ] [ GLSA 200408-13 ] kdebase, kdelibs: Multiple security issues 2004-08-12 Sune Kloppenborg Jeppesen (jaervosz gentoo org) JS/Zerolin 2004-08-12 T.H. Haymore (bonk webchat chatsystems com) (1 replies) There are incoming reports of a JS/Zerolin (java script virus). Anyone else seeing this ? (I have no further information yet). ================================================= Travis www.cyberabuse.org/crimewatch Email: Bonk (at) chatsystems (dot) com [email concealed] | Bonk (at) cyberabuse (dot) org [email concealed] ========================== [ more ] [ reply ] NETGEAR DG834G SPECIAL FEATURES 2004-08-12 thanasonic hack gr (1 replies) By opening http://192.168.0.1/setup.cgi?todo=debug you enable the router's debug mode.Then you just telnet at 192.168.0.1 at port 23 and then you have a root shell. Also i found that if you just telnet to 192.168.0.1 2602 you will get a prompt from the service ZEBRA that is running on the route [ more ] [ reply ] RE: NGSEC's response to Idefense overflow protections whitepaper. 2004-08-12 Richard Johnson (rjohnson iDefense com) Mr. Serna, We respect your wish to defend the integrity of your product, however, your comments to the list do not reflect our previous conversations nor do they speak to the proper version of the test platform which was released to the public during the conferences. I'll try to address your concer [ more ] [ reply ] |
|
Privacy Statement |
Affects:
<= QuiXplorer 2.3
Effect: file disclosure, web server's user read access
Id: cbsa-0003
Release Date: 2004 08 14
Author: Cyrille Barthelemy <cb-publicbox (at) ifrance (dot) com [email concealed]>
-- 1. Introduction
------------------
From QuiXplorer documentation :
"QuiXplorer
[ more ] [ reply ]