-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 527-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Matt Zimmerman
July 3rd, 2004

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 526-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Matt Zimmerman
July 3rd, 2004

[ more ]  [ reply ]

Take the following little link:

http://www.malware.com/punk.html

copy and paste it into either of the following:

http://www.securityfocus.com/bid/10308
http://www.securityfocus.com/bid/10023

construct an authoritative looking email from your favorite
vendor and fire it off to your buddy:

htt

[ more ]  [ reply ]

Indonesia Security Development Team Advisory

Cart32 Input Validation Flaw in 'GetLatestBuilds?cart32=' Permits
Remote Cross-Site Scripting Attacks
========================================================================
==============================

Advisory Name: Cart32 Input Validation Fl

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

The Organization for Internet Safety (OIS) extends an invitation to
the readers of the BugTraq, NTBugtraq, and Full-Disclosure mailing
lists to participate in the ongoing public review of the OIS Security
Vulnerability Reporting and Response Guidelines.

[ more ]  [ reply ]

<!--

The real fault doesn't belong with individual components
(ADODB.Stream included), and I think the almost rant-like posts
of Drew Copeley and HTTP-EQUIV miss this fact. ADODB.Stream
does *not* represent a vulnerability, although it does act to
significantly worsen the impact of an exist

[ more ]  [ reply ]

FROM: Liu Die Yu - http://umbrella.name/
TO : bugtraq (at) securityfocus (dot) com [email concealed], NTBugtraq (at) listserv.ntbugtraq (dot) com [email concealed],
full-disclosure (at) lists.netsys (dot) com [email concealed]
SUBJ: THE INSIDER VULNERABILITY STILL WORKS AFTER TODAY'S PATCH
DATE: 2004/07/03 UTC+800
BODY:

[background]
the latest 0day remote compromise exploit for in

[ more ]  [ reply ]

What an utterly pathetic scenario you present. Obviously you're
blissfully unaware of the current security trend of site
spoofing, 'phishing', url spoofing, DNS spoofing, zone spoofing
and on and on and on.

and of course now very the latest 'security expert spoofing' !

<!--

"Your subject m

[ more ]  [ reply ]

Description: Enterasys XSR Security Routers crash when passing a packet
with the option record route.

System Vulnerable: This vulnerability was found in XSR-1800 series.
(firmware 7.0.0.0)

Proof-of-concept: I've used Hping (http://www.hping.org/) to perform
this example:

hping3 -1 -G www.uol.com.

[ more ]  [ reply ]

About the same time Jelmer found the adodb bug, http-equiv
found a similiar issue with the object "Shell.Application".

This issue has also been unfixed for the past ten months.

Unfortunately, Microsoft has not taken the "hint" and not
fixed this issue either.

Jelmer has noted this and made a proo

[ more ]  [ reply ]

Cross-Site Scripting (XSS) Vulnerability in Netegrity IdentityMinder

Classification:
===============
Level: low-[MED]-high-crit
ID: HEXVIEW*2004*07*02*1

Overview:
=========
IdentityMinder is an identity and role management product developed by
Netegrity (http://www.netegrity.com), a microsoft gold

[ more ]  [ reply ]

Here are the fixes to patch the 2 vulnerability referenced here http://isc.sans.org/diary.php?date=2004-06-27 and here http://www.microsoft.com/security/incident/download_ject.mspx, and stop cross-zone scripting for IE without affecting daily web browsing abilities.

1. Fix the adodb.stream vuln

[ more ]  [ reply ]

Donato Ferrante

Application: Easy Chat Server
http://www.echatserver.com/

Version: 1.2

Bugs: Multiple Vulnerabilities

Date: 02-Jul-2004

Author: Donato Ferrante
e-mail: fdonato (at) autistici (dot) org [email concealed]
web:

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

========================================================================
=====
FreeBSD-SA-04:13.linux Security Advisory
The FreeBSD Project

Topic: Li

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----

________________________________________________________________________
______

SUSE Security Announcement

Package: kernel
Announcement-ID: SUSE-SA:2004:020
Date: Tuesday, Jul

[ more ]  [ reply ]

Brightmail Spamfilter 6.0 offer a possibility to manage mails
identified as spam in a http-driven "control-center" on the
Brightmail-Server via links like
http://SERVER:41080/brightmail/quarantine/viewMsgDetails.do?id=QMsgView-
3;3-0

Simply altering the last numbers in the URL (3;3 to 4;4, eg.) sh

[ more ]  [ reply ]

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200407-01
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -

[ more ]  [ reply ]

Donato Ferrante

Application: SCI Photo Chat Server
http://www.simmcomm.ch/

Version: 3.4.9

Bug: cross site scripting

Date: 02-Jul-2004

Author: Donato Ferrante
e-mail: fdonato (at) autistici (dot) org [email concealed]
web:

[ more ]  [ reply ]

I've set up a quick website and system to crack md5 hashes online using Rainbow tables. The project is using RainbowCrack and currently ~47 Gb of tables. At the moment it can crack hashes of lowercase letters and/or numbers up to 8 characters long.

The cracking service is free

If you are intereste

[ more ]  [ reply ]

I must deal with HIPAA everyday.

In support of the claim that Microsoft is not HIPAA compliant, show me ANY Microsoft machine that actually does Healthcare and show me that I cannot recreate a patient from data stored on the computer in cache or other areas.

The machine does NOT have to be connect

[ more ]  [ reply ]

Rule Set Based Access Control (RSBAC) v1.2.3 has been released! Full
information and downloads are available from http://www.rsbac.org

We are also proud to announce the relaunch of our Website and a set of
worldwide mirrors.

RSBAC Key Features:

* Free Open Source (GPL) Linux kernel securit

[ more ]  [ reply ]

TITLE: Security flaw in DLINK 624 - SOHO routers (http://www.dlink.com)

TYPE: Script injection over DHCP

QUOTE from DLINK:

The D-Link Xtreme G DI-624 wireless router with 108Mbps^* upgrade
employs five cutting-edge hardware-based compression technologies to achieve a
significant boost in perfo

[ more ]  [ reply ]

Summary: [www.miller-group.net] The Miller Group, Inc. announces the release
of Centre, a free student information system for public and non-public
schools. Centre is a web-based, open source, student management product with
features that include scheduling, grade book, attendance, eligibility,

[ more ]  [ reply ]

Hello,

this problem has been reported to IBM Lotus customer support
(PMR 37321,999,724) on Feb 16, 2004 and was reproduced by them.

Affected versions:
Domino 6.5.1 and newer on Linux (other platforms not tested by me, but
Domino 6.5.1 on Windows has been found to be vulnerable too by IBM
suppor

[ more ]  [ reply ]

In-Reply-To: <20040630194311.15169.qmail (at) www.securityfocus (dot) com [email concealed]>

Sorry, I forgot to mention that the fix is available

at the usual place:

http://www.phpmyadmin.net

Marc Delisle, for the team.

[ more ]  [ reply ]

SecurityLab report: The Top 10 Most Critical Vulnerabilities in June 2004

. Firebird Remote Pre-Authentication Database Name Buffer Overrun
Vulnerability, http://www.securitylab.ru/45626.html , Bugtraq ID 10446
. Squid Proxy NTLM Authentication Buffer Overflow Vulnerability,
http://www.securitylab.

[ more ]  [ reply ]