|
|
Colapse all |
Post message
RE: [Full-Disclosure] Re: IE Shell URI Download and Execute, POC 2004-07-14 Ferruh Mavituna (ferruh mavituna com) [security bulletin] SSRT4704 rev.0 HP-UX wu-ftpd local unauthorized access 2004-07-16 Boren, Rich (SSRT) (rich boren hp com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 HP SECURITY BULLETIN HPSBUX01059 REVISION: 0 SSRT4704 rev.0 HP-UX wu-ftpd local unauthorized access ----------------------------------------------------------------- NOTICE: There are no restrictions for distribution of this Bulletin provi [ more ] [ reply ] [waraxe-2004-SA#034 - XSS and path full path disclosure in PhpBB 2.0.8] 2004-07-16 Janek Vind (come2waraxe yahoo com) MDKSA-2004:069 - Updated ipsec-tools packages fix multiple vulnerabilities 2004-07-14 Mandrake Linux Security Team (security linux-mandrake com) RE: phrack #62 has been released 2004-07-14 Glenn_Everhart bankone com There are interesting articles on overcoming buffer overflow detectors in this issue. However a technique they do not discuss runs something like this: Instrument the program loader so that instead of simply relocating subroutine entry points, it makes up its own code to insert jacket calls aroun [ more ] [ reply ] The Impact of RFC Guidelines on DNS Spoofing Attacks 2004-07-12 have2Banonymous (a637831 yahoo com) EXECUTIVE SUMMARY This paper provides a brief overview of basic Domain Name System (DNS) spoofing attacks against DNS client resolvers. Technical challenges are proposed that should help to both identify attempted attacks and prevent them from being successful. Relevant Request for Comments (RFC [ more ] [ reply ] White Paper: 0x00 vs ASP file upload scripts 2004-07-13 Brett Moore (brett moore security-assessment com) We are proud to announce the release of our latest white paper titled 0x00 vs ASP file upload scripts. .Abstract. The affects of the `Poison NULL byte` have not been widely explored in ASP, but as with other languages the NULL byte can cause problems when ASP passes data to objects. Many upload sy [ more ] [ reply ] Trend Micro Officescan for Win2k strange behaviour 2004-07-14 Marco Monicelli (marco monicelli marcegaglia com) Hello List! I've noticed the following "weird" behaviour of the Trend Micro Officescan client vers. 5.58 update to pattern 1.936.00 Engine 7.100 for WinXP/2k/NT: The AV client is protected for unloading the Realtime Scan agent prompting for a password (which I don't know of course). Moreover I [ more ] [ reply ] RE: Unchecked buffer in mstask.dll 2004-07-14 Thor Larholm (tlarholm pivx com) (1 replies) In MS02-022 the only workaround Microsoft lists is this: "Do not open or save .job files that you receive from untrusted sources." As you mentioned, this vulnerability can be triggered automatically without user interaction and without opening or saving .job files by navigating to an explorer folde [ more ] [ reply ] RE: Unchecked buffer in mstask.dll 2004-07-15 Thor Larholm (tlarholm pivx com) My bad, I meant to say MS04-022 which correctly list a patch for Windows XP. I tried correcting my error in an immediate followup post and wrote bugtraq-owner (at) securityfocus (dot) com [email concealed] to clarify but the original post got approved. Regards Thor Larholm -----Original Message----- From: Mark Litchfield [ [ more ] [ reply ] RE: Unchecked buffer in mstask.dll 2004-07-14 psz maths usyd edu au (Paul Szabo) Thor wrote about IconHandler starting mstask. Are there any other dangerous IconHandler entries: is there a way we can reassure ourselves that the others are safe? Being curious, on Win2k, I copied cmd.exe (from winnt\system32) as xyz.pif; then (right-click) Properties, Program crashes explorer. Is [ more ] [ reply ] [CLA-2004:846] Conectiva Security Announcement - kernel 2004-07-15 Conectiva Updates (secure conectiva com br) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ -- CONECTIVA LINUX SECURITY ANNOUNCEMENT - ------------------------------------------------------------------------ -- PACKAGE : kernel SUMMARY : Fixes for kernel vulnerabili [ more ] [ reply ] [ GLSA 200407-13 ] PHP: Multiple security vulnerabilities 2004-07-15 Kurt Lieber (klieber gentoo org) MDKSA-2004:068 - Updated php packages fix multiple vulnerabilities 2004-07-14 Mandrake Linux Security Team (security linux-mandrake com) MDKSA-2004:070 - Updated freeswan and super-freeswan packages fix certificate chain authentication vulnerability 2004-07-14 Mandrake Linux Security Team (security linux-mandrake com) [HV-MED] DoS in Microsoft SMS Client 2004-07-14 vuln hexview com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Denial of Service (DoS) in Microsoft SMS Client Classification: =============== Level: low-[MED]-high-crit ID: HEXVIEW*2004*07*14*1 Overview: ========= Microsoft Systems Management Server provides configuration management solution for Windows platform [ more ] [ reply ] RE: [Full-Disclosure] Re: IE Shell URI Download and Execute, POC 2004-07-14 Drew Copley (dcopley eEye com) > -----Original Message----- > From: Ferruh Mavituna [mailto:ferruh (at) mavituna (dot) com [email concealed]] > Sent: Wednesday, July 14, 2004 7:52 AM > To: 'L33tPrincess'; bugtraq (at) securityfocus (dot) com [email concealed]; > full-disclosure (at) lists.netsys (dot) com [email concealed] > Subject: RE: [Full-Disclosure] Re: IE Shell URI Download and > Execute, POC > > > Is [ more ] [ reply ] |
|
Privacy Statement |
Ferruh.Mavituna
http://ferruh.mavituna.com
PGPKey : http://ferruh.mavituna.com/PGPKey.asc
> -----Original Message-----
> From: full-disclosure-admin (at) lists.netsys (dot) com [email concealed] [mailto:full-disclosure-
> admin (at) lists.netsys (dot) com [email concealed]] On Behalf Of To
[ more ] [ reply ]