|
|
Prev week |
Colapse all |
Post message
Re: [Squid 2004-Nuke-001] Inadequate Security Checking in PHPNuke v7.3 and earlier 2004-06-05 Remy Wetzels (r wetzels chello nl) [ GLSA 200406-03 ] sitecopy: Multiple vulnerabilities in included libneon 2004-06-05 Thierry Carrez (koon gentoo org) Re: Format String Vulnerability in Tripwire 2004-06-04 Ron Forrester (rjf tripwire com) In-Reply-To: <20040604175112.23294.qmail (at) www.securityfocus (dot) com [email concealed]> Okay folks, one more time. We've identified a couple more important bits of information regarding this vulnerability, mainly that it is present only in the code for processing email reports when the MAILMETHOD is sendmail. This pr [ more ] [ reply ] [ GLSA 200406-02 ] tripwire: Format string vulnerability 2004-06-04 Thierry Carrez (koon gentoo org) bss-based buffer overflow in l2tpd 2004-06-04 Thomas Walpuski (thomas-bugtraq unproved org) All versions of l2tpd contain a bss-based buffer overflow. After circumventing some minor obstacles (i.e., faking a L2TP tunnel establishment) the overflow can be triggered by sending a specially crafted packet. The crucial code can be found in write_packet() in control.c: static unsigned char [ more ] [ reply ] Re: LinkSys WRT54G administration page availble to WAN 2004-06-04 Jerry Zwanenburg (J Zwanenburg chello nl) In-Reply-To: <019201c4494b$9a3c1460$476ffc50@tera> Peter, I agree on that. For the external loggin. Look at www.wallwatcher.com. Its a great free tool written for linksys. Cheers, Jerry >Received: (qmail 11131 invoked from network); 3 Jun 2004 19:57:09 -0000 >Received: from outgoin [ more ] [ reply ] [SECURITY] [DSA 514-1] New Linux 2.2.20 packages fix local root exploit (sparc) 2004-06-04 joey infodrom org (Martin Schulze) The Linksys WRT54G "security problem" doesn't exist 2004-06-04 David Pipe (David_Pipe bio-rad com) > In a recent client installation I discovered that even if the remote > administration function is turned off, the WRT54G provides the > administration web page to ports 80 and 443 on the WAN. I think the "Independent consultant" quoted in InternetWeek is wrong. I think he either has a defecti [ more ] [ reply ] Integrigy Security Alert - Multiple SQL Injection Vulnerabilities in Oracle E-Business Suite 2004-06-04 Integrigy Security (alerts integrigy com) ______________________________________________________________________ Integrigy Security Alert ______________________________________________________________________ Oracle E-Business Suite - Multiple SQL Injection Vulnerabilities June 3, 2004 ____________________________________________________ [ more ] [ reply ] Re: LinkSys WRT54G administration page availble to WAN 2004-06-03 Paul Wouters (paul xtdnet nl) On Thu, 3 Jun 2004, Peter Becker wrote: > I tested the original firmware before flashing. > And I also wasn't able to access the webinterface from the wan-port. > I've got hardware revision 2. I thought I was mad. I wasted quite some time accidently putting the cable in the wan port instead of the [ more ] [ reply ] RE: PING: Outlook 2003 Spam 2004-06-04 http-equiv (at) excite (dot) com [email concealed] (1 malware com) I think Mark might be onto something both the vml and the copies of named files in the temp folder no longer appear to occur: http://www.securityfocus.com/bid/10323 http://www.securityfocus.com/bid/10307 Those notes are dated 10th and 11th May. On the machine they no longer work on, we have [ more ] [ reply ] Re: Format String Vulnerability in Tripwire 2004-06-04 Ron Forrester (rjf tripwire com) In-Reply-To: <20040603215236.7815.qmail (at) www.securityfocus (dot) com [email concealed]> One more quick note -- I think I had a brain freeze and gave Paul the wrong commerical version numbers. This vulnerability exists in all currently shipping TFS releases, which means <= 4.0.1. Sorry I didn't catch this the first tim [ more ] [ reply ] [openwebmail] Fw: Re: XSS bug. 2004-06-03 A. Ramos (aramosf unsec net) Hello all, Its a forward message from openwebmail bugtraq system with the problem and the solution ;-) ---------- Forwarded Message ----------- From: "openwebmail" <openwebmail (at) turtle.ee.ncku.edu (dot) tw [email concealed]> To: "aramosf" <aramosf (at) unsec (dot) net [email concealed]> Sent: Thu, 3 Jun 2004 20:30:07 +0800 Subject: Re: XSS bug. [ more ] [ reply ] RE: Microsoft Internet Explorer ImageMap URL Spoof Vulnerability 2004-06-03 James C Slora Jr (Jim Slora phra com) > <a onmouseover="window.status='http://www.the-url-you- > see.com;return true" > title="The Link" > onmouseout="window.status='Whatever-you-like-here';return true" > href='http://www.some-other-url.com'>The link</a> > > > --> > > the point of the exercise is that default settings for the > mo [ more ] [ reply ] RE: Remote SMTP authentication audit tool? 2004-06-04 Bojan Zdrnja (Bojan Zdrnja LSS hr) > -----Original Message----- > From: Evans, Arian [mailto:Arian.Evans (at) fishnetsecurity (dot) com [email concealed]] > Sent: Friday, 4 June 2004 3:24 a.m. > To: Byron Pezan > Cc: bugtraq (at) securityfocus (dot) com [email concealed] > Subject: RE: Remote SMTP authentication audit tool? > > If you want to test your server like a spammer via actual [ more ] [ reply ] Cross-site scripting vulnerability in Crafy Syntax Live Help 2.7.3 and below 2004-06-03 John C. Hennessy (jchennessy hnkts net) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The problem: Users are able to insert pieces of html both in their name when they request livehelp and in chat sessions. For example. If I where to input the following javascript inside a "<"script">" tag and use it as my name. window.location("h [ more ] [ reply ] NYC Security Shindig Version 2.0 (with punch and pie!) 2004-06-04 Dave Aitel (dave immunitysec com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 New York City Security Shindig 2 Security Shindigs are ways for technical people in the Information Security industry to get together, view an informative technical presentation, and otherwise have a good time. Date/Time: Monday June 14th, 6pm Locatio [ more ] [ reply ] CPANEL Vuln : HTML injection 2004-06-04 qbann targ (web atomicrealms com) Cpanel Resellers just can use an exploit in the /scripts/killacct to delete one of my other customers accounts(only the DNS info) not owned by him. All he had to do was create a fake account then delete it and look at the source code, view his cookies and discovered :2086/scripts/killacct? [ more ] [ reply ] RE: PING: Outlook 2003 Spam 2004-06-04 Spencer, Mark (mspencer evidentdata com) Hello, A coworker and I spent much of the day yesterday trying to replicate this behavior and we were not able to do so. The only time we can get Outlook 2003 to pull anything from our server with this code is when we send the email within our own MS Exchange. We've tried multiple clients, multip [ more ] [ reply ] Re: Possible bug in PHPNuke and other CMS 2004-06-04 BlueRaven (blue ravenconsulting it) Il giorno 01/giu/04, alle 19:13, Luca Falavigna ha scritto: > File permissions must always permit execution of php pages by web > servers. And symlink is followed and code executed because web servers > must have access to that directory and code. We can operate with php > security options too and [ more ] [ reply ] HERT Relaunch 2004-06-03 gaius (gaius hert org) HERT is please to introduce its new web site http://hert.org Here's the agenda: * Cover cool events such as the Ruxcon in July in Sydney, Australia. * Announce interesting and useful tools and projects from HERT and our friends at VOID, The Hacker's Choice, TESO, w00w00, Phenoelit, K [ more ] [ reply ] [FLSA-2004:1620] Updated cvs resolves security vulnerabilities 2004-06-04 Jesse Keating (jkeating j2solutions net) Re: Format String Vulnerability in Tripwire 2004-06-03 Ron Forrester (rjf tripwire com) In-Reply-To: <20040602234116.9A3674A5B (at) frenchfries (dot) net [email concealed]> Just a quick note that Tripwire confirms this vulnerability exists in our currently shipping commercial versions of Tripwire for Servers as well as the Open Source release on Sourceforge. We have patched our commercial code base and the f [ more ] [ reply ] MDKSA-2004:056 - Updated krb5 packages fix buffer overflow vulnerabilities 2004-06-03 Mandrake Linux Security Team (security linux-mandrake com) |
|
Privacy Statement |
>The process consists of capturing the currently executing script's path and
>filename with the global variable $_SERVER['PHP_SELF']. Using PHP's built-in
>function eregi(), this value is then compared against the script's name
[ more ] [ reply ]