|
|
Colapse all |
Post message
[PHP Bug] How to hide a HTTP request in the apache logs 2004-08-06 Anthony Debhian (anthony debhian only-for info) Author: Debhian ( anthony.debhian -AT- only-for.info ) PHP Bug #29370 Description: With a certain code, PHP causes a segfault in Apache and the request is not logged. This bug (under Windows) causes an error fatal of apache BUT the server is not stopped with this code. The bug seems [ more ] [ reply ] EXPLOIT Re: Pavuk Digest Authentication Buffer Overflow 2004-08-07 infamous41md hotpop com /* * exploit for pavuk web spider - infamous42md AT hotpop DOT com * * shouts to mitakeet, skullandcircle, and thanks to matt murphy for making me * realize a n00bish mistake i made. * * this exploit probably deserves a bit of an explanation as it was not exactly * straight forward. the v [ more ] [ reply ] Type xxs 2004-08-06 root spiffomatic64 com Vendor : typepad.com URL : http://typepad.com Risk : Cross site scripting Description: TypePad is a powerful, hosted weblogging service that gives users the richest set of features to immediately share and publish information -- like travel logs, journals and digital scrapbooks -- on the Web. TypeP [ more ] [ reply ] Re: [Full-Disclosure] Clear text password exposure in Datakey's tokens and smartcards 2004-08-06 Kevin Sheldrake (kev electriccat co uk) I don't doubt the widespread inherent nature of this vulnerability. Smart cards used with PCs as the man-machine-interface is simply asking for trouble IMHO. Unless I'm mistaken, there is very little that can be done about this without redesigning/replacing current smart cards. Obviously, b [ more ] [ reply ] SuSE Linux K-Menu YAST Control Center Priviledge Escalation Vulnerability 2004-08-06 Jordan Pilat (cacophony syncreate org) (1 replies) A vulnerability exists in the implementation of placing the SuSE YAST Control Center in the K Menu. Normally, one would be required to authenticate as root before being granted access to the YAST Control Center. When placing the 'preferences' submenu in the K Menu (in the 'submenu' sec [ more ] [ reply ] Re: SuSE Linux K-Menu YAST Control Center Priviledge Escalation Vulnerability 2004-08-07 Stefan Seifert (nine detonation org) Re: International DNS compromise? 2004-08-06 Troy (tjk tksoft com) Caching DNS (i.e. doing transparent proxying for DNS) means that the ISP intercepts all DNS traffic. The caching you refer to only applies when users are using the ISP's name servers. I don't know of any ISP who would be intercepting DNS queries. When you use nslookup and specify a server, the qu [ more ] [ reply ] RE: International DNS compromise? 2004-08-06 Johan Nilsson (johan nilsson axis com) Hi, Did a little test, from a small isp in Sweden - First, look up all records for www.rfa.com # dig www.rfa.com any ; <<>> DiG 9.2.1 <<>> www.rfa.com any ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43829 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1 [ more ] [ reply ] Winmx Software making calls to Port 25 2004-08-06 Retro Granny (retrogranny netscape net) I have been involved as a chatroom admin within the Winmx program for quite awhile now and have been the one to make whatever security updates were needed to keep the room a pleasant place for folks who visit. A couple of months ago, I installed Zone Alarm. While running a temp room, ZA popped u [ more ] [ reply ] Re: Remote crash in tcpdump from OpenBSD 2004-08-06 Balaram Amgoth (ramgoth yahoo com) In-Reply-To: <20031221174837.14808.qmail (at) sf-www3-symnsj.securityfocus (dot) com [email concealed]> Hi Mike, Will the following packet be enough to reproduce this problem. char packet[] = "\x82\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"; Thanks for your time in advance Balaram >Received: (qmail 9162 in [ more ] [ reply ] RE: International DNS compromise? 2004-08-06 Mike Clark (mclark Clearpathnet com) I've seen this before with companies that provide content for people in China. The last company I talked to about this used proxy servers and had people hosting content all over the country(US)to avoid the filtering/blocking by the Chinese government. It seemed to work pretty well. -Mike -----Orig [ more ] [ reply ] Anyone know IBM's security address? 2004-08-06 Michael Scheidell (scheidell secnap net) (1 replies) Have a vulnerability in an IBM product. sent alert to security (at) ibm (dot) com [email concealed] secure (at) ibm (dot) com [email concealed] and cert (at) ibm (dot) com [email concealed], all three bounced. Can anyone tell me the official address or procedure to notify IBM? -- Michael Scheidell SECNAP Network Security 561-999-5000 x 1131 www.secnap.com [ more ] [ reply ] Re: International DNS compromise? 2004-08-06 bill dit-inc us In-Reply-To: <20040805192243.7826e6b9.john (at) pond-weed (dot) com [email concealed]> This is from China's "Great Firewall" sniffering their 54Gbps International traffic. I presented some detailes at the HOPE conference in NYC last month. I posted the presentaion here: http://www.dit-inc.us/report/hope2004/cover.htm (clic [ more ] [ reply ] Re: CVStrac Remote Arbitrary Code Execution exploit 2004-08-06 Richard Hipp (drh hwaci com) In-Reply-To: <20040805175709.6995.qmail (at) web50508.mail.yahoo (dot) com [email concealed]> >Received: (qmail 8445 invoked from network); 5 Aug 2004 19:10:40 -0000 >Received: from outgoing.securityfocus.com (HELO outgoing2.securityfocus.com) (205.206.231.26) > by mail.securityfocus.com with SMTP; 5 Aug 2004 19:10:40 -0000 [ more ] [ reply ] |
|
Privacy Statement |
more than just crashing the system yet?
I was trying to figure if airpwn
(https://sourceforge.net/projects/airpwn/) could be used to do much
more than simply annoy people, and it occured to me that if anyone has
managed to craft
[ more ] [ reply ]