|
|
Colapse all |
Post message
Cross-site scripting vulnerability in Crafy Syntax Live Help 2.7.3 and below 2004-06-03 John C. Hennessy (jchennessy hnkts net) NYC Security Shindig Version 2.0 (with punch and pie!) 2004-06-04 Dave Aitel (dave immunitysec com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 New York City Security Shindig 2 Security Shindigs are ways for technical people in the Information Security industry to get together, view an informative technical presentation, and otherwise have a good time. Date/Time: Monday June 14th, 6pm Locatio [ more ] [ reply ] CPANEL Vuln : HTML injection 2004-06-04 qbann targ (web atomicrealms com) Cpanel Resellers just can use an exploit in the /scripts/killacct to delete one of my other customers accounts(only the DNS info) not owned by him. All he had to do was create a fake account then delete it and look at the source code, view his cookies and discovered :2086/scripts/killacct? [ more ] [ reply ] RE: PING: Outlook 2003 Spam 2004-06-04 Spencer, Mark (mspencer evidentdata com) Hello, A coworker and I spent much of the day yesterday trying to replicate this behavior and we were not able to do so. The only time we can get Outlook 2003 to pull anything from our server with this code is when we send the email within our own MS Exchange. We've tried multiple clients, multip [ more ] [ reply ] HERT Relaunch 2004-06-03 gaius (gaius hert org) HERT is please to introduce its new web site http://hert.org Here's the agenda: * Cover cool events such as the Ruxcon in July in Sydney, Australia. * Announce interesting and useful tools and projects from HERT and our friends at VOID, The Hacker's Choice, TESO, w00w00, Phenoelit, K [ more ] [ reply ] [FLSA-2004:1620] Updated cvs resolves security vulnerabilities 2004-06-04 Jesse Keating (jkeating j2solutions net) Re: Format String Vulnerability in Tripwire 2004-06-03 Ron Forrester (rjf tripwire com) In-Reply-To: <20040602234116.9A3674A5B (at) frenchfries (dot) net [email concealed]> Just a quick note that Tripwire confirms this vulnerability exists in our currently shipping commercial versions of Tripwire for Servers as well as the Open Source release on Sourceforge. We have patched our commercial code base and the f [ more ] [ reply ] MDKSA-2004:056 - Updated krb5 packages fix buffer overflow vulnerabilities 2004-06-03 Mandrake Linux Security Team (security linux-mandrake com) NetBSD Security Advisory 2004-008: CVS server vulnerability 2004-06-03 NetBSD Security-Officer (security-officer netbsd org) [SECURITY] [DSA 513-1] New log2mail packages fix format string vulnerabilities 2004-06-03 Matt Zimmerman (mdz debian org) RE: Remote SMTP authentication audit tool? 2004-06-03 Evans, Arian (Arian Evans fishnetsecurity com) Just audit your local Windows accounts (or domain Windows accounts) for password strength, if you're still worried about weak accounts. John the Ripper, LC, etc., are all useful for this. If you do not use SMTP relaying, then disable "allow authenticated users" to relay in Exchange. Your internal [ more ] [ reply ] DOS@Orenosv 2004-06-03 CoolICE (CoolICE China com) DOS_OrenosvHTTPd.bat @echo on :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :Application: Orenosv Server :Vendors: http://home.comcast.net/~makataoka/orenosv060.zip :Version: <=0.6.0 :Platforms: Windows :Bug: D.O.S :Date: 2004-06-02 :Author: CoolICE :E-mail: CoolICE#China [ more ] [ reply ] PHP Include Exploit in Mail Manage EX v3.1.8 and maybe others. 2004-06-03 JvdR (thewarlock home nl) Description: PHP Include Exploit in Mail Manage EX v3.1.8 Compromise: a malicious PHP script from an external host may be included and executed. Vulnerable Systems: all system using mmex.php v3.1.8 and maybe lower (not tested). Details: The PHP Include exploit exist in de folowing code, mmex.php-- [ more ] [ reply ] TREND MICRO: The Protector Becomes The Vector [technical exercise: cross-application-scripting] 2004-06-03 http-equiv (at) excite (dot) com [email concealed] (1 malware com) Thursday, June 03, 2004 The following represents an interesting technical examination when the so-called "Anti-Virus" protector becomes the Virus "Vector". Naturally this is the result of relying on the "plug and play" or "module" of one Internet Explorer browser and operating system from a [ more ] [ reply ] Simple Yahoo! Mail Cross-Site Scripting (GM#006-MC) 2004-06-03 GreyMagic Software (security greymagic com) GreyMagic Security Advisory GM#006-MC ===================================== GreyMagic Software, 03 Jun 2004. Available in HTML format at http://www.greymagic.com/security/advisories/gm006-mc/. Topic: Simple Yahoo! Mail Cross-Site Scripting. Discovery date: 16 May 2004. Affected applications: == [ more ] [ reply ] Phishing for Opera (GM#007-OP) 2004-06-03 GreyMagic Software (security greymagic com) GreyMagic Security Advisory GM#007-OP ===================================== By GreyMagic Software, 03 Jun 2004. Available in HTML format at http://security.greymagic.com/security/advisories/gm007-op/. Topic: Phishing for Opera. Discovery date: 16 May 2004. Affected applications: =============== [ more ] [ reply ] DoS vuln in various versions of Linksys routers. 2004-06-03 b0f www.b0f.net (b0fnet yahoo com) Denial of Service Vulnerability in Linksys BEFSR41 - Router vuln was identified and tested on. Linksys BEFSR41 v3 Linksys BEFSRU31 Linksys BEFSR11 Linksys BEFSX41 Linksys BEFSR81 v2/v3 Linksys BEFW11S4 v3 Linksys BEFW11S4 v4 Available from www.linksys.com October 19, 2003 (Revised No [ more ] [ reply ] Mkdir buffer overflow vulnerability in Unix Seventh Edition. 2004-06-03 Tim Newsham (newsham lava net) [Fwd: Re: [ GLSA 200405-18 ] Buffer Overflow in Firebird] 2004-06-03 KF (lists) (kf_lists secnetops com) Format String Vulnerability in Tripwire 2004-06-02 Paul Herman (pherman frenchfries net) SUMMARY ------- Tripwire(tm) is a Security, Intrusion Detection, Damage Assessment and Recovery, Forensics software. A vulnerability in the product allows a user on the local machine under certain circumstances to execute arbitrary code with the rights of the user running the program (typically roo [ more ] [ reply ] [SECURITY] [DSA 499-2] New rsync packages fix directory traversal bug 2004-06-02 Matt Zimmerman (mdz debian org) Remote SMTP authentication audit tool? 2004-06-02 Byron Pezan (mbp ribbit net) I have found that several spammers are exploiting weak or non-existent passwords on some MS Exchange servers using external SMTP authentication. I have also found out (through Tech Net) how to turn on logging for SMTP authentication and see what account is being abused for this purpose. However, t [ more ] [ reply ] RE: LinkSys WRT54G administration page availble to WAN 2004-06-02 Humes, David G. (David Humes jhuapl edu) (1 replies) I have a WRT54G at home. After seeing all the discussion here about the remote administration vulnerability I tried to access the web interface today on ports 80 and 443 from outside of my home network and was not able to get to the web interface either. But, having said that, I'm still fairly d [ more ] [ reply ] Re: LinkSys WRT54G administration page availble to WAN 2004-06-03 Peter Becker (peter becker oberkassel de) MS KB article suggests turning off encrypted passwords for Mac clients 2004-06-02 Steve Shockley (steve shockley shockley net) |
|
Privacy Statement |
Hash: SHA1
The problem:
Users are able to insert pieces of html both in
their name when they request livehelp and in chat sessions.
For example. If I where to input the following javascript inside a
"<"script">" tag and use it as my name.
window.location("h
[ more ] [ reply ]