|
|
Colapse all |
Post message
[OpenPKG-SA-2004.036] OpenPKG Security Advisory (cvstrac) 2004-08-06 OpenPKG (openpkg openpkg org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ________________________________________________________________________ OpenPKG Security Advisory The OpenPKG Project http://www.openpkg.org/security.html http://www.openpkg.org openpkg-security (at) openpkg (dot) org [email concealed] [ more ] [ reply ] RE: [Full-Disclosure] Clear text password exposure in Datakey'stokens and smartcards 2004-08-06 Bart Lansing kohls com Guys... RSA has been doing PIN cards for ages...I don't get the hangup on SmartCards vs "plain old" something you have/something you know two factor http://www.rsasecurity.com/node.asp?id=1311 Cost of entry/ownership is nothing remotely close to the $1000 you mention Lyal...in fact, it's under [ more ] [ reply ] [security bulletin] SSRTSSRT4778 Rev.0 Mozilla Application Suite for HP Tru64 UNIX libpng Potential Overflows 2004-08-06 Boren, Rich (SSRT) (rich boren hp com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 HP SECURITY BULLETIN HPSBTU01063 REVISION: 0 SSRTSSRT4778 - rev.0 Mozilla Application Suite for HP Tru64 UNIX - libpng Potential Overflows NOTICE: There are no restrictions for distribution of this Bulletin provided that it remains complete [ more ] [ reply ] [security bulletin] SSRT4777 HP-UX Apache, PHP remote code execution, Denial of Service 2004-08-06 Boren, Rich (SSRT) (rich boren hp com) Re: Microsoft Internet Explorer 6 Protocol Handler Vulnerability 2004-08-06 Jouko Pynnonen (jouko iki fi) Hi, On Thu, Aug 05, 2004 at 03:33:38PM -0400, Robillard, Nicolas wrote: > Description : Protocol Handler allow arbitrary switch to be passed to the > associated program. I found this vulnerability (or class of them) in July 2003 and described it on several security lists on March 9th, 2004. Fo [ more ] [ reply ] [security bulletin] SSRT4782 rev. 1 HP-UX CIFS Server potential remote root access 2004-08-06 Boren, Rich (SSRT) (rich boren hp com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 HP SECURITY BULLETIN HPSBUX01062 REVISION: 1 SSRT4782 rev. 1 HP-UX CIFS Server potential remote root access ----------------------------------------------------------------- NOTICE: There are no restrictions for distribution of this Bullet [ more ] [ reply ] Opera: Location, Location, Location (GM#008-OP) 2004-08-06 GreyMagic Software (security greymagic com) GreyMagic Security Advisory GM#008-OP ===================================== By GreyMagic Software, 05 Aug 2004. Available in HTML format at http://www.greymagic.com/security/advisories/gm008-op/. Topic: Location, Location, Location. Discovery date: 19 Jul 2004. Affected applications: ========== [ more ] [ reply ] [CLA-2004:856] Conectiva Security Announcement - libpng 2004-08-06 Conectiva Updates (secure conectiva com br) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ -- CONECTIVA LINUX SECURITY ANNOUNCEMENT - ------------------------------------------------------------------------ -- PACKAGE : libpng SUMMARY : Several vulnerabilities in l [ more ] [ reply ] [CLA-2004:857] Conectiva Security Announcement - apache 2004-08-06 Conectiva Updates (secure conectiva com br) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ -- CONECTIVA LINUX SECURITY ANNOUNCEMENT - ------------------------------------------------------------------------ -- PACKAGE : apache SUMMARY : Format string vulnerability [ more ] [ reply ] Microsoft Internet Explorer 6 Protocol Handler Vulnerability 2004-08-05 Robillard, Nicolas (nicolas robillard snclavalin com) (1 replies) Description : Protocol Handler allow arbitrary switch to be passed to the associated program.<BR> Exploit : The protocol handler are defined in HKEY_CLASSES_ROOT. We will use the MMS protocol for this exemple. In the HKEY_CLASSES_ROOT\MMS\SHELL\OPEN\COMMAND Registry key you can see that the prog [ more ] [ reply ] Re: Microsoft Internet Explorer 6 Protocol Handler Vulnerability 2004-08-06 Uday Moorjani (umoorjani wanadoo fr) RE: International DNS compromise? 2004-08-05 travis alexander lacamas org I got six different results, meaning six different server IP's. 1. 64.33.99.47 2. 207.12.88.98 3. 208.56.31.43 4. 216.221.188.182 5. 65.160.219.113 6. 65.104.202.252 All US owned IP addresses. Yes this is very interesting. So what does this mean, or potentially mean...? Travis. -----Original Mes [ more ] [ reply ] CVStrac Remote Arbitrary Code Execution exploit 2004-08-05 Richard Ngo (rtngo yahoo com) Hi, Im Richard Ngo, this is the first time i report an exploit and found a remote exploit that could allow arbitrary code execution in CVStrac. sample exploit filediff?f=CVSROOT/rcsinfo&v1=1.1&v2=1.2;w; All versions vulnerable. I have not contacted cvstrac.org since i cant find their email addres [ more ] [ reply ] local denial of Service, Yellowdog linux to 3.0.1 2004-08-05 pmoses physics ucsd edu Since they are releasing a new version.... Title: Local Denial of Service/render system unusable YelloDog Linux Author: Phil Moses pmoses (at) physics.ucsd (dot) edu [email concealed] Date: June 4, 2004 ------------------------------------------------ Summary: Currently it seems that YellowDog is fairly easy to render [ more ] [ reply ] |
|
Privacy Statement |
Script affected: page.cgi - content/template merging CGI
Author: Andrew Kilpatrick
We can execute arbitrary commands with same id of the webserver:
http://www.vulnerable.com/page.cgi?url=.html|id|
Thanks :)
<Dominus_Vis>
[Infektion Group]
irc.phey.net -j #infektion
[ more ] [ reply ]