|
|
Colapse all |
Post message
Re: [Full-Disclosure] Re: Mozilla Firefox Certificate Spoofing 2004-07-31 Juan Carlos Navea (loconet gmail com) Has anyone tried the proof of concept with a real ssl cert and get it working? I just tried it using two different ssl urls and the page only redirected me to the proper site. I did not see the output generated by document.writeln even after viewing the source. Can anyone confirm this? I haven't [ more ] [ reply ] OpenServer 5.0.6 OpenServer 5.0.7 : Xsco contains a buffer overflow that could be exploited to gain root privileges. 2004-07-30 please_reply_to_security sco com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ________________________________________________________________________ ______ SCO Security Advisory Subject: OpenServer 5.0.6 OpenServer 5.0.7 : Xsco contains a buffer overflow that could be exploited to gain root privileges. Advisory number: [ more ] [ reply ] [VSA0402] OpenFTPD format string vulnerability 2004-07-29 VOID.AT Security (crew void at) [VSA0402 - openftpd - void.at security notice] Overview ======== We have discovered a format string vulnerability in openftpd (http://www.openftpd.org:9673/openftpd). OpenFTPD is a free, open source FTP server implementation for the UNIX platform. FTP4ALL is not vulnerable (it doesnt use that mess [ more ] [ reply ] OpenServer 5.0.6 OpenServer 5.0.7 : uudecode does not check for symlink or pipe 2004-07-30 please_reply_to_security sco com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ________________________________________________________________________ ______ SCO Security Advisory Subject: OpenServer 5.0.6 OpenServer 5.0.7 : uudecode does not check for symlink or pipe Advisory number: SCOSA-2004.12 Issue date: 2004 July [ more ] [ reply ] OpenServer 5.0.6 OpenServer 5.0.7 : OpenSSL Multiple Vulnerabilities 2004-07-30 please_reply_to_security sco com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ________________________________________________________________________ ______ SCO Security Advisory Subject: OpenServer 5.0.6 OpenServer 5.0.7 : OpenSSL Multiple Vulnerabilities Advisory number: SCOSA-2004.10 Issue date: 2004 July 29 Cross r [ more ] [ reply ] UnixWare 7.1.3 Open UNIX 8.0.0 : Xsco contains a buffer overflow that could be exploited to gain root privileges. 2004-07-30 please_reply_to_security sco com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ________________________________________________________________________ ______ SCO Security Advisory Subject: UnixWare 7.1.3 Open UNIX 8.0.0 : Xsco contains a buffer overflow that could be exploited to gain root privileges. Advisory number: SCO [ more ] [ reply ] Fwd: New possible scam method : forged websites using XUL (Firefox) 2004-07-30 David Ahmad (da securityfocus com) (1 replies) ----- Forwarded message from Jeff Smith ----- Mozilla Firefox allows remote sites to render XUL content that mimics the browser's user interface. Using Javascript, the real interface can be turned off and replaced with fake UI components. For spoofing the UI, the effectiveness of XUL is far gr [ more ] [ reply ] Fusion News Yet Another Unauthorized Account Addition Vulnerability 2004-07-29 Joseph Moniz (r3d_5pik3 yahoo com) -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Product: Fusion News vendor: FusionPHP (fusionphp.net) Affected Versions: 3.6.1 and lower Description: A widely used news management system Vulnerabilities: Unauthorized Account Addition Vulnerability Date: July 29, 2004 Vuln Fi [ more ] [ reply ] [CLA-2004:855] Conectiva Security Announcement - sox 2004-07-30 Conectiva Updates (secure conectiva com br) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ -- CONECTIVA LINUX SECURITY ANNOUNCEMENT - ------------------------------------------------------------------------ -- PACKAGE : sox SUMMARY : Buffer overflow vulnerability D [ more ] [ reply ] WpQuiz Gain Admin Rightd Exploit found 2004-07-30 jonathan tough (j eyeimpressions com) Ok so here is what I found Authors website wireplastik.com (currently down) php script I found exploit in wpquiz version 2.60b8 ( also tested on 2.60b 1-7) Exploit: by default wpquiz comes with a folder called extras. This folder is not password protected nor does it require any sort [ more ] [ reply ] Citadel/UX Remote DoS Vulnerability 2004-07-29 CoKi (coki nosystem com ar) ------------------------------------------------- No System Group - Advisory #04 - 28/07/04 ------------------------------------------------- Program: Citadel/UX Homepage: http://www.citadel.org Operating System: Linux and Unix-Compatible Vulnerable Versions: Citadel/UX v6.23 and prior Risk [ more ] [ reply ] MDKSA-2004:077 - Updated wv packages fix vulnerability 2004-07-30 Mandrake Linux Security Team (security linux-mandrake com) [CLA-2004:854] Conectiva Security Announcement - samba 2004-07-30 Conectiva Updates (secure conectiva com br) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ -- CONECTIVA LINUX SECURITY ANNOUNCEMENT - ------------------------------------------------------------------------ -- PACKAGE : samba SUMMARY : Multiple potential buffer ove [ more ] [ reply ] Jaws 0.4: authentication bypass 2004-07-29 Rubén Molina (ruben udea edu co) ///////////////////////////////////////////////////// //// Vulnerable Program: JAWS //// //// Version : 0.4 //// //// Url: http://www.jaws.com.mx //// //// The Bug: SQL injection to allows bypass the auth. //// //// Date: Today, July 28 off 2004 //// //// Author: Fernando Quintero (a.k.a [ more ] [ reply ] File downloads in Opera at known locations 2004-07-29 Rohit Dube (rohit kritikalsolutions com) (1 replies) Hi, This is just a question. While using opera, I observed that as soon as it prompts you for file download, it simultaneously starts the download with same file extension in its %USERPROFILE/application data/opera/cache. Even if the user afterwards chooses cancel, this temporary file does not get [ more ] [ reply ] MDKSA-2004:076 - Updated sox packages fix buffer overflows with malicious .wav files 2004-07-28 Mandrake Linux Security Team (security linux-mandrake com) RE: Forward:FullDisclosure/IE - Possible Address Spoofing 2004-07-28 Michael Silk (michaels phg com au) (1 replies) Hello, Without knowing, it may treat some sites differently due to the time required it physically takes to download the data. -- Michael -----Original Message----- From: Chenghuai Lu [mailto:luchenghuai (at) yahoo (dot) com [email concealed]] Sent: Tuesday, 27 July 2004 1:00 AM To: bugtraq (at) securityfocus (dot) com [email concealed] Subject: RE: Fo [ more ] [ reply ] RE: Forward:FullDisclosure/IE - Possible Address Spoofing 2004-07-28 Chenghuai Lu (luchenghuai yahoo com) lostBook v1.1 Javascript Execution 2004-07-29 Joseph Moniz (r3d_5pik3 yahoo com) -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Product: lostBook vendor: veryLost (verylost.tk) Affected Versions: 1.1 and lower Description: A simple flat db guestbook Vulnerabilities: XSS Date: July 29, 2004 Vuln Finder: r3d5pik3 (me) -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- [ more ] [ reply ] Linpha 0.9.4: authentication bypass 2004-07-29 Rubén Molina (ruben udea edu co) ///////////////////////////////////////////////////// //// Vulnerable Program: Linpha //// //// Url: http://linpha.sf.net //// //// Version: 0.9.4 Latest version //// //// Date: Today, July 28 of 2004 //// //// Author: Fernando Quintero (a.k.a nonroot) //// Email: nando (at) udea (dot) edu. [email concealed] [ more ] [ reply ] |
|
Privacy Statement |
Our Sonicwall Pro 300 firewall appliance includes a diagnostic tool called "Tech Support Report", which dumps the current configuration info to a plain text file. I have been asked by Sonicwall personnel to email this file as an attachment during several tech. support calls, without any additional
[ more ] [ reply ]