|
|
Colapse all |
Post message
DoS in popclient 3.0b6 2004-06-29 Dean White (incidents oneguard com) DoS in popclient 3.0b6 ---------------------- Release Date: 29th June 2004 Discovery: Dean White <incidents (at) oneguard (dot) com [email concealed]> Research: John Cartwright <johnc (at) grok.org (dot) uk [email concealed]> Overview -------- "popclient is a Post Office Protocol compliant mail retrieval client which supports both POP2 (as [ more ] [ reply ] Java applet crashing with native assertion 2004-06-28 Marc Schoenefeld (schonef uni-muenster de) (1 replies) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, this is a Java One special: Three months ago I informed Sun Microsystems about an applet alerting with a native win32 assertion (Expression: offset < fFileSize For information on how your program can cause an assertion failure, see the Visual C++ [ more ] [ reply ] Scob infection statistics, etc.. 2004-06-28 Hubbard, Dan (dhubbard websense com) If anyone is interested we have some information on the Scob Trojan "released" last week. * we saw customers visiting the Russian URL's starting June 22. All the sites are down but here is a list of the sites visited with frequency counters. http://217.107.218.147:80/redir.php 2 http://217.107.2 [ more ] [ reply ] MPlayer MeMPlayer.c 2004-06-27 c0ntex open-security org /* ************************************************************************ ***************************************** $ An open security advisory #5 - MPlayer GUI filename handling overflow ************************************************************************ **************************** [ more ] [ reply ] DLINK 614+ - SOHO routers, DHCP service DOS 2004-06-28 Gregory Duchemin (c3rb3r sympatico ca) TITLE: DLINK 614+ - SOHO routers, DHCP service DOS (http://www.dlink.com) TYPE: signedness bug QUOTE from DLINK: The AirPlus DI-614+ combines the latest advancements in 802.11b silicon chip design from Texas Instruments, utilizing their patented Digital Signal ProcessingTM technology, and D-Link [ more ] [ reply ] ZH2004-14SA (security advisory):Sql Injection in Infinity WEB 2004-06-27 D'Amato Luigi (admin securitywireless info) 06/27/2004 Vendor contacted: June 1st 2004 Published: June 26th 2004 Title: Infinity WEB Vulnerable versions :1.0 unpatched Type: Sql Injection Author: D'Amato Luigi from Zone-h Security Labs - securitywireless (at) zone-h (dot) it [email concealed] - admin (at) securitywireless (dot) info [email concealed] Vendor: http://www.websoft.it/ Description [ more ] [ reply ] DLINK 614+ - SOHO routers, system DOS 2004-06-28 Gregory Duchemin (c3rb3r sympatico ca) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 TITLE: DLINK 614+ - SOHO routers, system DOS (http://www.dlink.com) TYPE: ressources starvation / system denial of service QUOTE from DLINK: The AirPlus DI-614+ combines the latest advancements in 802.11b silicon chip design from Texas Instruments, [ more ] [ reply ] ISC DHCP overflows 2004-06-28 Gregory Duchemin (c3rb3r sympatico ca) Hi, for those interested to reproduce the recent DOS attacks against ISC DHCPD 3.0.1 rc12 and rc13 as described in: http://www.kb.cert.org/vuls/id/317350 , i'm forwarding the first email i sent to ISC describing several stack based buffer overflows occuring during the creation of log messages and [ more ] [ reply ] Lotus Notes URL argument injection vulnerability 2004-06-27 Jouko Pynnonen (jouko iki fi) OVERVIEW ======== Lotus Notes is a groupware/e-mail system developed by Lotus Software. Due to its security and collaboration features it's used particularly by large organizations, government agencies, etc. IBM estimates it is used by 60 million people. During the client-side Windows install [ more ] [ reply ] nCipher Advisory #10: Pass phrases are exposed in netHSM log files 2004-06-21 nCipher Support (technotifications us ncipher com) Zone Labs response to "ZoneAlarm Pro 'Mobile Code' Bypass Vulnerability" 2004-06-25 Zone Labs Product Security (Product-Security zonelabs com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZoneAlarm Pro, Security Suite and Integrity products which employ Mobile Code Protection/ID Lock features do not inspect encrypted traffic. If mobile code is downloaded via a Secure Sockets Layer (SSL) session, it will not be inspected by these produc [ more ] [ reply ] RE: Is predictable spam filtering a vulnerability? 2004-06-25 David Brodbeck (DavidB mail interclean com) > -----Original Message----- > From: PSE-L (at) mail.professional (dot) org [email concealed] [mailto:PSE-L (at) mail.professional (dot) org [email concealed]] > Many sites employ SpamAssassin and the like to simply FLAG > messages and pass them along to the intended recipient, who can then > employ their own filter process within their email client [ more ] [ reply ] RE: Microsoft and Security 2004-06-25 Drew Copley (dcopley eEye com) > -----Original Message----- > From: http-equiv (at) excite (dot) com [email concealed] [mailto:1 (at) malware (dot) com [email concealed]] > Sent: Friday, June 25, 2004 11:53 AM > To: bugtraq (at) securityfocus (dot) com [email concealed] > Subject: Microsoft and Security <snip> > A vulnerability: > > http://www.microsoft.com/technet/archive/community/columns/securi > ty/essa [ more ] [ reply ] [SECURITY] [DSA 525-1] New apache packages fix buffer overflow in mod_proxy 2004-06-25 Matt Zimmerman (mdz debian org) [ GLSA 200406-20 ] FreeS/WAN, Openswan, strongSwan: Vulnerabilities in certificate handling 2004-06-25 Thierry Carrez (koon gentoo org) artmedic_links5 PHP Script (include path) vuln 2004-06-25 Adam n30n Simuntis (n30n satfilm net pl) There's a possilbity of looking at files (with apache priviliges) using artmedic_links5 (php script). (http://www.artmedic-phpscripts.de/artmedic_links.php). Vulnerability (include path) is in index.php, standard use: hostname/artmedic_links5/index.php?id=[file] or index.php?id=[url] I n [ more ] [ reply ] multiple remote & local buffer overflows discovered in Drcatd 2004-06-25 Khan Shirani (khan_shirani yahoo com) Zone-h Security Advisory Date of discovery : 24 june 2004 Date of release : 25 june 2004 Bug found by Khan Shirani <shirani (at) zone-h (dot) org [email concealed]> http://www.zone-h.org --------------------------------------- Software : Drcatd Bugs : Buffer Overflows , Remote and local (multiple) Risk [ more ] [ reply ] format string vulnerability in Gnats 2004-06-25 Khan Shirani (khan_shirani yahoo com) Zone-h Security Advisory Date of discovery : 21 june 2004 Date of release : 24 june 2004 Bug found by Khan Shirani <shirani (at) zone-h (dot) org [email concealed]> http://www.zone-h.org --------------------------------------- Software : GNU Gnats 4.00 Bugs : formats string bug(s) Risk : low/medium Platform : *ni [ more ] [ reply ] |
|
Privacy Statement |
hello,
here is some full disclosure : below the source code of the Scob trojan downloader, if you want to know more about it.
Best Regards.
Franck Olivel - Security Engineer
K-OTik Security Survey 24/7
http://www.k-otik.com
--------------------------------------------------------------
[ more ] [ reply ]