Multiple Antivirus Scanners DoS attack.

--- [Vulnerable Products] ---
Only tested on...

* Norton Antivirus 2002
* Norton Antivirus 2003
* Mcafee VirusScan 6
* Network Associates (McAfee) VirusScan Enterprise 7.1
* Windows Xp default ZIP manager [report's wrong size of compress ZIP
files.]

[ more ]  [ reply ]

Hello everybody,

I doubt how many Antivirus/Trojan/Spyware scanners will choak to death while having a "manual scan" of this file. Please go ahead and give it a try.

http://www.geocities.com/visitbipin/SERVER_dwn.zip

I was woundering, what would be the results if such file gets stucked in

[ more ]  [ reply ]

Linksys Web Camera version 2.10 (only tested with 2.10) is vulnerable to a cross-site scripting vulnerability.

Example: http://www.host.com/main.cgi?next_file=poop<script>alert('scriptX :P');</script>

Linksys was not notified (I didnt notify them about the file inclusion vuln eit

[ more ]  [ reply ]

New information security web log:

InfoSec News Blog aggregates information and news from 30+ security
related RSS feeds. Only the best and most interesting make it. Updated
daily.

http://infosec.volubis.com/

Categories include the information security aspects of:
* Business
* Encryption
* Gover

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 518-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Martin Schulze
June 14th, 2004

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

e-matters GmbH
www.e-matters.de

-= Security Advisory =-

Advisory: Chora CVS/SVN Viewer remote vulnerability
Release Date: 2004/06/13
Last Modified: 2004/06/13
A

[ more ]  [ reply ]

Thursday, June 10, 2004

The following was presented by 'bitlance winter' of Japan today:

<a href="http://www.microsoft.com%2F redir=www.e-
gold.com">test</a>

Quite inexplicable from these quarters. Perhaps someone with
server 'knowledge' can examine it.

It carries over the address into the ad

[ more ]  [ reply ]

Hi,

At Tue, 8 Jun 2004 10:32:48 -0700,
Matt Zimmerman wrote:
> On Sun, Jun 06, 2004 at 04:28:56PM -0000, lw (at) wszia.edu (dot) pl [email concealed] wrote:
> > In-Reply-To: <20040605203922.GW19402 (at) alcor (dot) net [email concealed]>
> >
> > i didn't bother to check deb package, but this patch:
> > > http://security.debian.org/pool/updates/non-fre

[ more ]  [ reply ]

Here is a cute little URI I found crashing skype on it's latest version (0.98.0.04).

It's proboby a buffer overflow of some sort, so, a special crafted URI culd potentionally lead to remote code execution.

(would probobly be extreamly hard doing it threw a URI, but still an option)

callto://a

[ more ]  [ reply ]

The readme on the v2.07 US firmware (for v2 hardware) carries no such
warning... Apparently they pay more attention to things like this in
Europe! :)

Actually, since my initial problems a few months back - just last week in
fact - they released another version of 2.07 for the v1.1 hardware... Th

[ more ]  [ reply ]

SEC-CONSULT Security Advisory - PHP: Hypertext Preprocessor

Vendor: PHP (http://www.php.net)
Product: PHP 4.3.6 and below (verified in 4.3.5 which was current when
the bug was discovered)
Vendor status: vendor contacted (04-04-2004)
Patch status: Problem fixed in 4.3.7

===========
DESCRIPTION
===

[ more ]  [ reply ]

In-Reply-To: <20040605005326.24937.qmail (at) www.securityfocus (dot) com [email concealed]>

>

>Firmware Version: v1.42.2

>Current Time: Fri, 11 Jan 2002 10:34:54

>MAC Address: 00:0C:41:A9:F8:76

>Router Name: WRT54G

>

Upgraded to WRT54G 2.02.8, it solves the problem. I updated the firmware remotely thro

[ more ]  [ reply ]

There is a sneaking suspicion that you can put the site contents
in the so-called 'local zone' or 'my computer'.

Since it validates the 'front end' of the address and ends up at
the 'back end' this all would seem very similar to:

<object data="ms-its:mhtml:file://C:foo.mhtml!
http://www.malwar

[ more ]  [ reply ]

There is a sneaking suspicion that you can put the site contents
in the so-called 'local zone' or 'my computer'.

Since it validates the 'front end' of the address and ends up at
the 'back end' this all would seem very similar to:

<object data="ms-its:mhtml:file://C:foo.mhtml!
http://www.malwar

[ more ]  [ reply ]

{=======================================================================
=========}

{ [waraxe-2004-SA#032] }

{=======================================================================
=========}

{

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

________________________________________________________________________

OpenPKG Security Advisory The OpenPKG Project
http://www.openpkg.org/security.html http://www.openpkg.org
openpkg-security (at) openpkg (dot) org [email concealed]

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandrakelinux Security Update Advisory
_______________________________________________________________________

Package name: krb5
Advisory ID:

[ more ]  [ reply ]

We wrap this up with a full-on ssl site spoof. It seems limited
how far you can 'shove' the real domain out of the way, but just
enough to make it convincing so we adapt the window to 'cover'
it up. Interestingly [with apologies to e-gold for playing with
their site], they have a secured conne

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

________________________________________________________________________

OpenPKG Security Advisory The OpenPKG Project
http://www.openpkg.org/security.html http://www.openpkg.org
openpkg-security (at) openpkg (dot) org [email concealed]

[ more ]  [ reply ]

I have a client who is seeing large amounts of spam originate inside their organization. I have traced the spam to Windows machines running Eudora 6.1.1 (latest) in paid mode. Apparently, spam messages come in, something is executed in these spam messages, and copies/duplicates (with forged names/he

[ more ]  [ reply ]

The MS Security Initiative is an utter sham.

I commented on the uselessness of the "new, improved" MS Security
Bulletin web pages when they were "upgraded" to .mspx form. In doing
so I rather rudely pinned the blame for the unusability of the new
Security Bulletin pages on the MSRC staff -- as

[ more ]  [ reply ]

Poem:
There once was some open src code,
that claimed it would lighten your load,
it took a little fuzzing,
and i came out buzzing,
as it crashed in svn:// mode.

Introduction (from Subversion.tigris.org):
The goal of the Subversion project is to build a version control system
that is a compelling

[ more ]  [ reply ]

In-Reply-To: <BCEBFFBB.ED1%devnull (at) cox (dot) net [email concealed]>

I have tested this thoughrouly and reproduced the symptoms of the reported issue. When Enforce VPN is enabled for internal wireless traffic on the appliance something interesting happens. The appliance changes the virtual lan mac addresss to that of the

[ more ]  [ reply ]

As a addendum, perhaps, though I wouldn't doubt someone
might make some nice proof of concept code for this...

A similiar issue of this kind was found in IE a few
years ago - remember of course - it is IE's fault that they
are not properly parsing this, regardless of what they need
to parse... so t

[ more ]  [ reply ]

We wrap this up with a full-on ssl site spoof. It seems limited
how far you can 'shove' the real domain out of the way, but just
enough to make it convincing so we adapt the window to 'cover'
it up. Interestingly [with apologies to e-gold for playing with
their site], they have a secured conne

[ more ]  [ reply ]