|
|
Colapse all |
Post message
Re: Squirrelmail Chpasswod bof 2004-04-19 Peter Geissler (blasty geekz nl) In-Reply-To: <200404170420.32857.matias (at) neiff.com (dot) ar [email concealed]> Hi, Did u drink to much when writing this `advisory'? No seriously, you even made a typo in the title of your thread! did you inform the people at Squirrelmail about this? I located the exact vuln in chpasspwd.c: ---- char User[STR_MAX]; [ more ] [ reply ] MS Patches last Mon - Recap 2004-04-18 aborg mca org mt Hi all ... Following my post on bugtraq last Fri and after having waded through the deluge of replies, here is a quick recap of things: 1) Thu morning several of my users could not login. WinXP and Win2k complained that the time between the server and client is different. I can workaround th [ more ] [ reply ] LNSA-#2004-0011: CVS Server and Client Vulnerabilities 2004-04-18 Vincenzo Ciaglia (ciaglia netwosix org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ************************************************************************ ************ Netwosix Linux Security Advisory #2004-0011 <http://www.netwosix.org> - ------------------------------------------------------------------------ ----------- Package nam [ more ] [ reply ] phpBB 2.0.8a and lower - IP spoofing vulnerability 2004-04-19 Ready Response (wang mod-x co uk) ##################################################################### Advisory Name : phpBB 2.0.8a and lower - IP spoofing vulnerability Release Date : Apr 18, 2004 Application : phpBB Version : phpBB 2.0.8a and previous versions Platform : PHP Vendor URL : http://www.phpbb.com/ Author [ more ] [ reply ] RE: After Ms patches last Wed ... 2004-04-19 Brito, Nelson (ISS Brazil) (NBrito iss net) (As usual, and obviously: not speaking on behalf of my employer.) I didn't see anything unusual, neither with my Win2k nor with my WinXP boxes. It'd be a machine specific or something conflicts with some DLL(s). It is usual to replace some DLL(s) when install some program(s). Cheers. Nelson B [ more ] [ reply ] [waraxe-2004-SA#019 - Critical sql injection bug in Phorum 3.4.7] 2004-04-18 Janek Vind (come2waraxe yahoo com) LNSA-#2004-0012: Multiple format string vulnerabilities in neon 2004-04-18 Vincenzo Ciaglia (ciaglia netwosix org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ************************************************************************ ************ Netwosix Linux Security Advisory #2004-0012 <http://www.netwosix.org> - ------------------------------------------------------------------------ ----------- Package nam [ more ] [ reply ] MS Patches last Wed - SOLUTION 2004-04-18 aborg mca org mt Hi .. So, after my previous two mails, I managed to solve the problem (I think) 1) I rebooted the PDC and one of the clients started working. It was the only one that worked immediately so I think a reboot was required for the PDC. That set me thinking. 2) I tried rebooting the BDC but that [ more ] [ reply ] ssmtp insecure file creation 2004-04-18 priestmaster sms at Hi, ssmtp 2.50.6 create a logfile /tmp/ssmtp.log. The data in this logfile is user specified. It's possible to overwrite any file with the permissons of the ssmtp program (normally root). The vulnerable call is in log_event. log_event vulnerable call: #ifdef LOGFILE if((fp = fopen("/tmp/s [ more ] [ reply ] New Paper - SQL Injection Signatures Evasion 2004-04-19 Imperva Application Defense Center (adc imperva com) Dear List, Imperva(tm)'s Application Defense Center has released a new white paper. The paper, titled 'SQL Injection Signatues Evasion', is based on research done at Imperva's ADC, and shows that providing protection against SQL injection using signatures alone is not enough. The paper demonstrate [ more ] [ reply ] phpBB modified by Przemo arbitary code execution 2004-04-19 Dariusz 'Officerrr' Kolasinski (ofi poligon com pl) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --====----====----====----====----====----====----====----====----====-- --===-- Product: phpBB modified by Przemo Version: v1.8 Vendor: http://przemo.org/phpBB2/ Discover by: Officerrr <officerrr at poligon.com.pl> Vendor Response: Not contacted yet. [ more ] [ reply ] BitDefender Scan Online(ActiveX) - Remote File Download & Execute & Private Information Disclosure 2004-04-19 Rafel Ivgi, The-Insider (theinsider 012 net il) [ GLSA 200404-16 ] Multiple new security vulnerabilities in monit 2004-04-19 Kurt Lieber (klieber gentoo org) [ GLSA 200404-14 ] Multiple format string vulnerabilities in cadaver 2004-04-19 Kurt Lieber (klieber gentoo org) RE: MS04-011 Break SSL support in IE 6.0.3790.0 with Windows 2003 2004-04-16 Thor Larholm (thor pivx com) This is a functionality regression that has been around for some time. The weird part of the MS04-011 patch is that it only occurs on Windows 2003. KB261328: Cipher Strength Appears as 0-Bit in Internet Explorer http://support.microsoft.com/?kbid=261328 SYMPTOMS In Microsoft Internet Explorer, yo [ more ] [ reply ] Re: Norton AntiVirus nested file manual scan bypass..... 2004-04-18 Bipin Gautam (visitbipin hotmail com) In-Reply-To: <20040417145002.14889.qmail (at) www.securityfocus (dot) com [email concealed]> the bug has been fixed in the latest updates of NAV 2002 [was that a silent patch???] > >Norton AntiVirus nested file manual scan bypass..... > >Product Version: Norton Antivirus 2002 (~Only tested On...~) >Risk Impact: Me [ more ] [ reply ] after ms patches... 2004-04-18 kincses zoli (kincses caesar elte hu) > From: Dan Harkless <bugtraq (at) harkless (dot) org [email concealed]> > No, but I experienced a *third* issue after applying the updates on > my Win2K box. After being up for a couple of minutes, it would > freeze for a moment and then very briefly display a black screen > saying: > > PAGE_FAULT_IN_NONPAGED_<something> t [ more ] [ reply ] [SECURITY] [DSA 492-1] New iproute packages fix denial of service 2004-04-19 Matt Zimmerman (mdz debian org) [slackware-security] tcpdump denial of service (SSA:2004-108-01) 2004-04-17 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] tcpdump denial of service (SSA:2004-108-01) Upgraded tcpdump packages are available for Slackware 8.1, 9.0, 9.1, and -current to fix denial-of-service issues. Sites using tcpdump should upgrade to the new packages. More details [ more ] [ reply ] [SECURITY] [DSA 488-1] New logcheck packages fix insecure temporary directory 2004-04-17 Matt Zimmerman (mdz debian org) |
|
Privacy Statement |
Reinstalling windows probably would fix it but that doesn't tell what is
hanging.
-----Original Message-----
From: Scott Gifford [mailto:sgifford (at) suspectclass (dot) com [email concealed]]
Sent: Saturday, April 17, 2004 1:07 PM
To: phaser-X
Cc: bugtraq@secu
[ more ] [ reply ]