This bug is identical to malware's, which he posted five days
ago.

http://securityfocus.com/archive/1/362800/2004-05-07/2004-05-13/0

They both utilize the map object to the same end.

This "finding" even uses the same name for the same gif as Malware's
did.

It does appear to have obfuscated the

[ more ]  [ reply ]

l0om - l0om[at]excluded.org - www.excluded.org

greets,

while i was "warsearching" with google i suddenly

have been on the admin interfaces of many oscommerce

sites. i made a:

allinurl:admin/file_manager.php

for nomal you can only view your oscommerce

directorys, but if you type

[ more ]  [ reply ]

> -----Original Message-----
> From: Thor Larholm [mailto:thor (at) pivx (dot) com [email concealed]]
> Sent: Friday, May 14, 2004 3:45 PM
> To: Greg Kujawa; bugtraq (at) securityfocus (dot) com [email concealed]
> Subject: RE: Still Vulnerable in MSIE
>

<snip>

>
> which uses the Object Data vulnerability to change your startpage to
>
> http://def

[ more ]  [ reply ]

{=======================================================================
=========}

{ [waraxe-2004-SA#029] }

{=======================================================================
=========}

{

[ more ]  [ reply ]

Microsoft Internet Explorer ImageMap URL Spoof Vulnerability

http://www.kurczaba.com/securityadvisories/0405132.htm
-------------------------------------------------------------

Vulnerability ID Number:
0405132

Overview:
A vulnerability has been found in Microsoft Internet Explorer. A
specially

[ more ]  [ reply ]

Adv: safari_0x04

Release Date: 10/05/04
Affected Products: Safari =< 1.2
Fixed in: Not fixed.
Impact: Remote code execution.
Severity: High.
Vendor: Notified (23/02/04)
Author: fundisom.com

Apple uses a special function to execute scripts and applications from
his Help system. Unfortunatly, this

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

KDE Security Advisory: URI Handler Vulnerabilities
Original Release Date: 2004-05-17
URL: http://www.kde.org/info/security/advisory-20040517-1.txt

0. References

http://www.idefense.com/application/poi/display?id=104
http://cve.mitre.org/cgi-b

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] mc (SSA:2004-136-01)

New mc packages are available for Slackware 9.0, 9.1, and -current to
fix security issues that These could lead to a denial of service or the
execution of arbitrary code as the user running mc.

Sites that us

[ more ]  [ reply ]

--------------------------------------------------------

Subject: Multiple TTT-C (Turbo Traffic Trader C) XSS vulnerabilityes.

Author: Kaloyan Olegov Georgiev (ICEFIRE)

Package name: Turbo Traffic Trader C (TTT-C or TTT3)

Sumary: Multiple XSS issues

Date: 2004-05-16

Affected versions: Latest

[ more ]  [ reply ]

Vendor : WEBCT
URL : http://webct.com/
Version : WebCT Campus Edition
Risk : Cross site scripting

Description: WebCT is the world's leading provider of e-learning systems for
educational institutions.

WebCT's vision is to deliver innovative e-learning solutions to help
institutions improve educ

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

NetChat HTTP Server Stack Overflow

RELEASE DATE: May 16, 2004

DATE REPORTED: May 12, 2004

RISK: Medium

IMPACT: Attackers may be able to execute
arbitrary code with the privileges
of the user running the applicaton.

VERSIONS: <= 7.3

OVERVIEW:

[ more ]  [ reply ]

Tested software: Wget 1.9, Wget 1.9.1

Wget checks for the presence of a file with the same name of the one invoqued at the command line, if the file exists, then it saves the downloaded file with a different name. The problem is that Wget does not lock the file, and directly writes to it. So th

[ more ]  [ reply ]

Hi,

Thanks for the email. This error was not an overflow issue but a bug in the
service (i.e. the error would cause the service to stop, but could the
exploiter could not exploit this further or run code on the server).

A fix for the bug can be found at:

http://www.mailenable.com/hotfix

Thanks
P

[ more ]  [ reply ]

More information (in Russian, of course) and some little stolen code can be
found here:

http://www.securitylab.ru/45221.html

[ more ]  [ reply ]

SUBJECT : more simple and flexible WinBlox(GET CONTROL OF WINNT SYSTEM)
TO : bugtraq and dm (at) securityfocus (dot) com [email concealed]
FROM : Liu Die Yu

tell me why the following message didn't get thru and there is no notification about rejection.

***** ***** ***** ***** *****

expected readers
================

[ more ]  [ reply ]

i posted it yesterday to bugs (at) redhat (dot) com [email concealed] but mailbox is disabled for that recipient :-/

Date: Sat, 15 May 2004 00:24:09 +0200 (CEST)

From: Lukasz Wojtow <gnz (at) student.wszia.edu (dot) pl [email concealed]>

To: bugs (at) redhat (dot) com [email concealed]

Subject: LHA buffer overflow (not the last one already fixed)

it seems that lha is quite

[ more ]  [ reply ]

As requeste I repost it as attachment with the AUSCert PGP Pubblic Key.

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200405-06
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

[ more ]  [ reply ]

Nothing new here, it's just one of the remaining IE vulnerabilities that
are not yet patched. If I dare allow a small product pitch, the publicly
available version of Qwik-Fix ( http://qwik-fix.net ) has protected
against threats such as this for more than half a year now, without
requiring any sign

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200405-07
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

[ more ]  [ reply ]