Security Advisory: FreeBSD local DoS

Systems affected:

FreeBSD 5.1-RELEASE/Alpha. Other versions are probably vulnerable.
FreeBSD 5.1-RELEASE/IA32 is _not_ vulnerable.

Not sure about other FreeBSD/arch but they could be vulnerable too.

Risk: low

Date: 24 June 2004

Legal notice:

1. This Adviso

[ more ]  [ reply ]

Where is Microsoft now "protecting their customers" as they love
to bray? Should not someone in authority of this public company
step forward and explain themselves at this time?

All of sudden panic is being created across the WWW with "IIS
Exploit Infecting Web Site Visitors With Malware", "M

[ more ]  [ reply ]

Good day,

Symantec has made two reports available to the public, listed at
the end of this post. These documents describe instances of
client-side exploitation. At least one instance appears to
involve an attacker with criminal intent targeting an individual
at a financial institution.

I'm g

[ more ]  [ reply ]

It seems that Mac OS X (10.3.4 tested) doesn't bother clearing memory
containing sensitive data, or using mlock() to avoid swapping.

A quick grep of the swapfiles will show up various morsels:

rez:~> sudo strings -8 /var/vm/swapfile0 |grep -A 4 -i longname
longname
password
<user's password here>

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

ZoneAlarm Pro, Security Suite and Integrity products which employ
Mobile Code Protection/ID Lock features do not inspect encrypted
traffic. If mobile code is downloaded via a Secure Sockets Layer
(SSL) session, it will not be inspected by these pro

[ more ]  [ reply ]

Security Advisory : FreeBSD local DoS

Systems affected:

FreeBSD 5.1-RELEASE/Alpha. Other versions are probably vulnerable.
FreeBSD 5.1-RELEASE/IA32 is _not_ vulnerable.

Not sure about other FreeBSD/arch but they could be vulnerable too.

Risk: low

Date: 23 June 2004

Legal notice:

1. This Advis

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

HP SECURITY BULLETIN

HPSBTU01051 REVISION: 0

SSRT4741 rev.0 DCE for HP Tru64 UNIX Potential
RPC Buffer Overrun Attack
--------------------------------------------------------------

NOTICE:
There are no restrictions for distribution of thi

[ more ]  [ reply ]

Good Day,
I don't want this email to detract from the great value of this Bugtraq list
but suspect most of us from time to time are too busy to monitor the list
constantly (surely not!) With this in mind I have just updated the vendor
agnostic list of subscription based vulnerability alert services

[ more ]  [ reply ]

hello , i'm a frenchy boy and excuse me for my bad english...

i decover a bug in the newsletter ZWS ,

http://www.target.com/newsletter/admin.php?f=list_user&uname=test&ulevel
=1

with this , you can list all user register in the newsletter with respective password.

after u log with a ac

[ more ]  [ reply ]

/*

***************** EXPLOIT CODED BY JOCANOR *****************

**************PRIVATE DO NOT DISTRIBUTE*********************

this is a new and functional exploit for de vulnerability

affects to windows xp, at the service UPNP, port 5000.

this exploit is a part of ASQ12 project, same a

[ more ]  [ reply ]

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200406-18
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200406-19
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

[ more ]  [ reply ]

_,'| _.-''``-...___..--';)
/_ \'. __..-' , ,--...--'''
<\ .`--''' ` /'
`-';' ; ; ;
__...--'' ___...--_..' .;.'
fL (,__....----'''

[ more ]  [ reply ]

Moin,

After some hin und her I was able to put the new ssharp version
online which now also properly MiMs the PuTTY SSH client:

http://stealth.openwall.net/SSH

I also put the new adore-ng online which contains small
fixes for Fedora and the LKM build process on 2.6 Kernels:

http://stealth.openwa

[ more ]  [ reply ]

> -----Original Message-----
> From: David F. Skoll [mailto:dfs (at) roaringpenguin (dot) com [email concealed]]

> This is indeed a problem, and it's a loophole that needs to be closed.
> There needs to be a way for an SMTP server to correlate a bounce
> message with a sent message, and reject the bounce message if it
> wasn

[ more ]  [ reply ]

Advisory Name : vBulletin HTML Injection Vulnerability

Release Date : June 24,2004

Application : vBulletin

Test On : 3.0.1 or others?

Vendor : Jelsoft(http://www.vbulletin.com/)

Discover : Cheng Peng Su(apple_soup_at_msn.com)

Intro:

From vendor's we

[ more ]  [ reply ]

Those of you who do not like getting spam might appreciate this
excerpt from the, "Amateur Radio Newsline, June 18, 2004,"
newsletter available at
<a href="http://www.arnewsline.org/">this site.</a>
This conviction should be a heads-up for anyone who is considering
similar techniques to distribute t

[ more ]  [ reply ]

I have tracked it down and Dave, your assessment seems to be correct for my
situation. Ad-aware was scanning an old Palm Attachment folder I had in my
profile which stored the attachments of e-mails I had synced with my Palm,
including my Bugtraq e-mail which contained Jelmer's zip of this IE exploi

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----

________________________________________________________________________
______

SUSE Security Announcement

Package: dhcp/dhcp-server
Announcement-ID: SuSE-SA:2004:019
Date: T

[ more ]  [ reply ]

------------------------------------------------------------------------
--
SNS Advisory No.76
Printing from Internet Explorer Lets Users to Cause DoS

Problem first discovered on: Fri, 28 May 2004
Published on: Wed, 23 Jun 2004
------------------------------------------------------------------------

[ more ]  [ reply ]