|
|
Colapse all |
Post message
Internet explorer 6 execution of arbitrary code (An analysis of the 180 Solutions Trojan) 2004-06-07 Jelmer (jkuperus planet nl) TREND MICRO: The Protector Becomes The Vector Take II 2004-06-07 http-equiv (at) excite (dot) com [email concealed] (1 malware com) Monday, June 07, 2004 <!-- 1. When the product alerts it creates an html file in the temporary file of the user's machine [the so-called "local zone"] [screen shot: http://www.malware.com/weallcar.png 29KB ] This html file is viewed from an Internet Explorer "browser object" and indicate [ more ] [ reply ] Re: Netgear WG602 Accesspoint vulnerability 2004-06-05 Jaco Swart (jaco iblocks co uk) (1 replies) In-Reply-To: <Pine.GSO.4.33.0406031903380.14119-100000 (at) shamal.khamsin (dot) ch [email concealed]> I can confirm that this vulnerability still exists in the latest firmware upgrade(1.7.14) for the WG602. They've simply gone and changed the username to superman and password to 21241036. [ more ] [ reply ] [SECURITY] [DSA 515-1] New lha packages fix several vulnerabilities 2004-06-05 Matt Zimmerman (mdz debian org) Re: The Linksys WRT54G "security problem" doesn't exist 2004-06-05 caldcv students fccj org In-Reply-To: <OF573D37A2.8E5427F6-ON87256EA9.00668BEB-87256EA9.0066B037 (at) bio-rad (dot) com [email concealed]> >> In a recent client installation I discovered that even if the remote >> administration function is turned off, the WRT54G provides the >> administration web page to ports 80 and 443 on the WAN. > >I think [ more ] [ reply ] Re: [Squid 2004-Nuke-001] Inadequate Security Checking in PHPNuke v7.3 and earlier 2004-06-05 Remy Wetzels (r wetzels chello nl) In-Reply-To: <20040601184035.31371.qmail (at) www.securityfocus (dot) com [email concealed]> >The process consists of capturing the currently executing script's path and >filename with the global variable $_SERVER['PHP_SELF']. Using PHP's built-in >function eregi(), this value is then compared against the script's name [ more ] [ reply ] [ GLSA 200406-03 ] sitecopy: Multiple vulnerabilities in included libneon 2004-06-05 Thierry Carrez (koon gentoo org) Re: Format String Vulnerability in Tripwire 2004-06-04 Ron Forrester (rjf tripwire com) In-Reply-To: <20040604175112.23294.qmail (at) www.securityfocus (dot) com [email concealed]> Okay folks, one more time. We've identified a couple more important bits of information regarding this vulnerability, mainly that it is present only in the code for processing email reports when the MAILMETHOD is sendmail. This pr [ more ] [ reply ] [ GLSA 200406-02 ] tripwire: Format string vulnerability 2004-06-04 Thierry Carrez (koon gentoo org) bss-based buffer overflow in l2tpd 2004-06-04 Thomas Walpuski (thomas-bugtraq unproved org) All versions of l2tpd contain a bss-based buffer overflow. After circumventing some minor obstacles (i.e., faking a L2TP tunnel establishment) the overflow can be triggered by sending a specially crafted packet. The crucial code can be found in write_packet() in control.c: static unsigned char [ more ] [ reply ] Re: LinkSys WRT54G administration page availble to WAN 2004-06-04 Jerry Zwanenburg (J Zwanenburg chello nl) In-Reply-To: <019201c4494b$9a3c1460$476ffc50@tera> Peter, I agree on that. For the external loggin. Look at www.wallwatcher.com. Its a great free tool written for linksys. Cheers, Jerry >Received: (qmail 11131 invoked from network); 3 Jun 2004 19:57:09 -0000 >Received: from outgoin [ more ] [ reply ] [SECURITY] [DSA 514-1] New Linux 2.2.20 packages fix local root exploit (sparc) 2004-06-04 joey infodrom org (Martin Schulze) The Linksys WRT54G "security problem" doesn't exist 2004-06-04 David Pipe (David_Pipe bio-rad com) (2 replies) > In a recent client installation I discovered that even if the remote > administration function is turned off, the WRT54G provides the > administration web page to ports 80 and 443 on the WAN. I think the "Independent consultant" quoted in InternetWeek is wrong. I think he either has a defecti [ more ] [ reply ] RE: The Linksys WRT54G "security problem" doesn't exist 2004-06-05 Alan W. Rateliff, II (lists rateliff net) Re: The Linksys WRT54G "security problem" doesn't exist 2004-06-04 insecure (insecure ameritech net) Integrigy Security Alert - Multiple SQL Injection Vulnerabilities in Oracle E-Business Suite 2004-06-04 Integrigy Security (alerts integrigy com) ______________________________________________________________________ Integrigy Security Alert ______________________________________________________________________ Oracle E-Business Suite - Multiple SQL Injection Vulnerabilities June 3, 2004 ____________________________________________________ [ more ] [ reply ] Re: Format String Vulnerability in Tripwire 2004-06-04 Ron Forrester (rjf tripwire com) In-Reply-To: <20040603215236.7815.qmail (at) www.securityfocus (dot) com [email concealed]> One more quick note -- I think I had a brain freeze and gave Paul the wrong commerical version numbers. This vulnerability exists in all currently shipping TFS releases, which means <= 4.0.1. Sorry I didn't catch this the first tim [ more ] [ reply ] [openwebmail] Fw: Re: XSS bug. 2004-06-03 A. Ramos (aramosf unsec net) Hello all, Its a forward message from openwebmail bugtraq system with the problem and the solution ;-) ---------- Forwarded Message ----------- From: "openwebmail" <openwebmail (at) turtle.ee.ncku.edu (dot) tw [email concealed]> To: "aramosf" <aramosf (at) unsec (dot) net [email concealed]> Sent: Thu, 3 Jun 2004 20:30:07 +0800 Subject: Re: XSS bug. [ more ] [ reply ] |
|
Privacy Statement |
an email bringing my attention to this webpage
http://216.130.188.219/ei2/installer.htm that according to him used an
exploit that affected fully patched internet explorer 6 browsers. Being
rather skeptical I carelessly c
[ more ] [ reply ]