|
|
Colapse all |
Post message
a litle bypass with IE 2004-05-10 Nuno Costa (webcenter sapo pt) hello im not a expert in this area, but i work in a intranet that haves the Squid/2.3.STABLE5 filtring all access's to the internet.. so i don't have access to the internet directaly, but i know that this proxy allow access to especific web sites.. so, in the past if i us this: http:// [ more ] [ reply ] PaX DoS proof-of-concept 2004-05-09 Michel Blomgren (michel cycom se) /* PaX w/ CONFIG_PAX_RANDMMAP for Linux 2.6.x DoS proof-of-concept by Shadowinteger <shadowinteger (at) sentinix (dot) org [email concealed]> 2004-05-04 Written after reading the security advisory posted by borg (ChrisR-) on Bugtraq 2004-05-03 (my time). ChrisR -> www.cr-secure.net Acknowledgments: sabu (www.sabu. [ more ] [ reply ] OUTLOOK 2003: OuchLook 2004-05-09 http-equiv (at) excite (dot) com [email concealed] (1 malware com) Sunday, May 09, 2004 Outlook 2003 the premier mail client from the company called 'Microsoft' certainly appears to have a lot of security features built into it. Curosry examination shows excellent thought into 'spam' containment, 'security' consideration and many other little 'things'. How [ more ] [ reply ] [ GLSA 200405-01 ] Multiple format string vulnerabilities in neon 0.24.4 and earlier 2004-05-09 Kurt Lieber (klieber gentoo org) Arbitrary code inclusion in phpShop 2004-05-09 Calum Power (enune hush ai) A vulnerability has been discovered in the popular E-Commerce package 'phpShop'. The vulnerability's details are available in the attached advisory, or at http://www.fribble.net/advisories/phpshop_29-04-04.txt Due to the nature of this vulnerability, I notified the lead programmer for this package [ more ] [ reply ] [waraxe-2004-SA#028 - Multiple vulnerabilities in NukeJokes module for PhpNuke] 2004-05-08 Janek Vind (come2waraxe yahoo com) [FLSA-2004:1395] Updated OpenSSL resolves security vulnerability 2004-05-08 Jesse Keating (jkeating j2solutions net) FW: [security bulletin] SSRT4717 Management Agents for HP-UX Remote DoS 2004-05-08 Boren, Rich (SSRT) (rich boren hp com) [OpenPKG-SA-2004.020] OpenPKG Security Advisory (ssmtp) 2004-05-07 OpenPKG (openpkg openpkg org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ________________________________________________________________________ OpenPKG Security Advisory The OpenPKG Project http://www.openpkg.org/security.html http://www.openpkg.org openpkg-security (at) openpkg (dot) org [email concealed] [ more ] [ reply ] Streaming Video and Audio 2004-05-06 security lists (lists28 yahoo com) I have a question that hopefully the list can assist me with. I have a web application that provides for on-demand viewing of training sessions. The audio and video is streamed in Windows Media format via HTTP. They can use SSL to encrypt authentication to the site, however, no encryption is used [ more ] [ reply ] [CLA-2004:840] Conectiva Security Announcement - lha 2004-05-06 Conectiva Updates (secure conectiva com br) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ -- CONECTIVA LINUX SECURITY ANNOUNCEMENT - ------------------------------------------------------------------------ -- PACKAGE : lha SUMMARY : Buffer overflow and directory t [ more ] [ reply ] Eudora file URL buffer overflow 2004-05-07 psz maths usyd edu au (Paul Szabo) (1 replies) There is a buffer overflow in Eudora for Windows, verified on versions 6.1, 6.0.3 and 5.2.1. This is easily exploitable to run arbitrary code. I do not know if this issue affects Eudora for Macs. Demo: #!/usr/bin/perl -- print "From: me\n"; print "To: you\n"; print "Subject: Eudora file URL buffer [ more ] [ reply ] Status bar exploit hides spoofed URLs Eudora, possibly other e-mail clients 2004-05-08 Brett Glass (brett lariat org) Windows IPSec Vulnerabilty 2004-05-07 Steffen Pfendtner (steffen wh-netz de) Hello, After recent experiment I noticed that there is a man-in-the-middle vulnerability in Microsoft Windows IPSec implementation when using certificates for authentication. This also includes the Windows L2TP/IPSec VPN. It seems that this is a known problem as there where posts mentioning this o [ more ] [ reply ] [SECURITY] [DSA 501-1] New exim packages fix buffer overflows 2004-05-07 joey infodrom org (Martin Schulze) Security issue with Trend OfficeScan Corporate Edition 2004-05-07 Matt (matt_will_fix_it hotmail com) Fwd: [Re: cvs commit: src/sys/vm vm_map.c] 2004-05-05 Jacques A. Vidrine (nectar FreeBSD org) Hello, FYI: A FreeBSD user suggested that this issue requires a security advisory. The issue has been public for some time, but currently, FreeBSD does not issue advisories for local denial-of-service issues. It is expected that this bug will soon be fixed in FreeBSD 4.x (it is already fixed in Fr [ more ] [ reply ] Will a smart worm be made in the near future? 2004-05-05 Taeho Oh (ohhara postech edu) (1 replies) Will a smart worm be made in the near future? Nowadays, many bugs are found in the software and many worms are made in a short time. Foutunately, the worm usually doesn't destroy any data in the PC until now. And it's very easy to know something is wrong in the PC or network. Because the net [ more ] [ reply ] SUSE Security Announcement: Live CD 9.1 (SuSE-SA:2004:011) 2004-05-06 Roman Drahtmueller (draht suse de) [0xbadc0ded #03] DeleGate (SSL-filter) <= 8.9.2 2004-05-06 Joel Eriksson (je-secfocus bitnux com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ======================================================================== == 0xbadc0ded Advisory #03 - 2004/05/06 - DeleGate <= 8.9.2 (SSL-filter) ======================================================================== == Reference http://0xbadc0ded [ more ] [ reply ] [AppSecInc Security Alert] Microsoft Active Server Pages Cookie Retrieval Issue 2004-05-05 Aaron C. Newman (Application Security, Inc.) (anewman appsecinc com) Microsoft Active Server Pages Cookie Retrieval Issue 5 May 2004 Risk Level: Low Summary: The Active Server Pages (ASP) engine does not properly handle special cookie values when they are retrieved. Because of this, an unhandled error is returned to the client. This behavior can be used maliciousl [ more ] [ reply ] Advisory: Heimdal kadmind version4 remote heap overflow 2004-05-05 Evgeny Demidov (demidov gleg net) FreeBSD Security Advisory FreeBSD-SA-04:09.kadmind 2004-05-05 FreeBSD Security Advisories (security-advisories freebsd org) FreeBSD Security Advisory FreeBSD-SA-04:08.heimdal 2004-05-05 FreeBSD Security Advisories (security-advisories freebsd org) |
|
Privacy Statement |
Read the security advisory for more info:
http://www.securityfocus.com/bid/9099/discussion/
If I've been correctly informed, the public exploit out there
only DoSes (I haven't tested it, so I really can't say). Anyway,
this one's an over-hacked re
[ more ] [ reply ]