I guess the realistic likelihood for this vulnerability to be exploited
is too low as most of the mail servers, these days, are
blocking/dropping blank-From-address emails.

-----Original Message-----
From: Arman Nayyeri [mailto:arman-n (at) Phreaker (dot) net [email concealed]]
Sent: Sunday, April 11, 2004 11:08 AM
To: bugtra

[ more ]  [ reply ]

#Title: XSS, Admin Access via Cookie and File Upload vulnerability in
NewsPHP.

#Software: NewsPHP (All versions)
#Vendor: http://www.newsphp.com
#Underlying OS: All

#Description:

NewsPHP is a perfect solution for creating web publishing system, like an
online magazine, newspaper, TV/Radio o

[ more ]  [ reply ]

Microsoft Internet Explorer BMP file memory DoS vulnerability

=============================================================

Title: Microsoft Internet Explorer BMP file memory DoS vulnerability

Vuln Name: 58 bytes BMP vs 51,539,607,528 GB memory

Date: Sunday, April 11, 2004

Software:

[ more ]  [ reply ]

http://www.mikenoels.net/matrix.swf/index1.html (do _not_ open.)

Found a new sort of worm, at least I didn't find any information about this on any securitysite;

Creates a registry entry \HKEY_CURRENT_USER\Software\Microsoft\Search Assistant\ACMru\5603 and adds a file called "umcss.exe" to C

[ more ]  [ reply ]

{=======================================================================
=========}

{ [waraxe-2004-SA#016] }

{=======================================================================
=========}

{

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
CONECTIVA LINUX SECURITY ANNOUNCEMENT
- ------------------------------------------------------------------------
--

PACKAGE : mod_python
SUMMARY : Remote denial of service

[ more ]  [ reply ]

Microsoft Outlook Express EML file Crash vulnerability

======================================================

Title: Microsoft Outlook Express EML file Crash vulnerability

HappyName: Who Send?

Date: Sunday, April 11, 2004

Software: Outlook Express 6.0 (i guess perior versions are vu

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
CONECTIVA LINUX SECURITY ANNOUNCEMENT
- ------------------------------------------------------------------------
--

PACKAGE : squid
SUMMARY : ACL bypass vulnerability
DATE

[ more ]  [ reply ]

{=======================================================================
=========}

{ [waraxe-2004-SA#018] }

{=======================================================================
=========}

{

[ more ]  [ reply ]

Adobe Acrobat Reader PDF file DoS vulnerability

===============================================

Title: Adobe Acrobat Reader PDF file DoS vulnerability

HappyName: Too hunger for memory?

Date: Sunday, April 11, 2004

Software: Adobe Acrobat Reader v4.0-v5.0

Vendor: Adobe Corporatio

[ more ]  [ reply ]

Hello Folks,

I tested only versions OpenSSH_3.5p1 (FreeBSD-STABLE), but it also work
on other versions, as published May 01, 2003.
Ok, let's talk about it. First, the /etc/ssh/sshd_config file:
<cut>
PermitRootLogin no
<cut>
As you can see above, is not allowed to root login on that system. Fine.
N

[ more ]  [ reply ]

hello this is kcope,
attached is an emule exploit for the DecodeBase16 stack based buffer
overflow in emule <= 0.42d

have fun!

--
NEU : GMX Internet.FreeDSL
Ab sofort DSL-Tarif ohne Grundgebühr: http://www.gmx.net/info

[ more ]  [ reply ]

{=======================================================================
=========}

{ [waraxe-2004-SA#017] }

{=======================================================================
=========}

{

[ more ]  [ reply ]

#######################################################################

Ben Garvey

Application: Microsoft Internet Explorer

Versions: 6.0
Platforms: Windows
Bugs: IE 6 allows JavaScript to send documents to the printer
without prompting the user.
Exp

[ more ]  [ reply ]

Vendor : TikiWiki Project

URL : http://www.tikiwiki.org

Version : TikiWiki 1.8.1 && Earlier

Risk : Multiple Vulnerabilities

Description:

Tiki CMS/Groupware (aka TikiWiki) is a powerful open-source Content

Management System (CMS) and Groupware that can be used to create all

so

[ more ]  [ reply ]

Application: Gnome nautilus

Versions: 2.2.1 and others

Bug: Buffer Overflow

Exploitation: unknown

Date: 12.04.04

Author: gsicht

e-mail: nothing.king (at) firemail (dot) de [email concealed]

#####################

# the bug: #

#####################

i discovered a

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Cisco Security Notice: Dictionary Attack on Cisco LEAP Vulnerability

Revision 2.0

Last Updated 2004 April 12 1600 UTC (GMT)

For Public Release 2003 August 03 1600 UTC (GMT)

-------------------------------------------------------------

[ more ]  [ reply ]

Citadel/UX Security Advisory 2004-01

1. Topic:

Updated Citadel/UX package fixes permissions problem which could allow
local users direct access to the Citadel/UX database.

2. Relevant releases/architectures:

Citadel/UX 5.00 - 6.14, all architectures

3. Problem description:

Citadel/UX is a hig

[ more ]  [ reply ]

Hello.

We faced a bug (?) in Linux kernel causing different misbehaviours on our
server. After exploration, it seems that we found some security
implications of this issue.

When a process exits, it's parent is notified by SIGCHLD, and finished
child is kept in process table in "zombie" state u

[ more ]  [ reply ]

/*
* THE EYE ON SECURITY RESEARCH GROUP - INDIA
*
* http://www.eos-india.net/poc/305monit.c
* Remote Root Exploit for Monit <= 4.2
* Vulnerability: Buffer overflow in handling of Basic Authentication informations.
* Server authenticates clients through:
* Authentication: Basic Base64Encode[Us

[ more ]  [ reply ]

Backdoor in the X-Micro WLAN 11b Broadband Router

FCC ID: RAFXWL-11BRRG
Firmware Version: 1.2.2, 1.2.2.3 (probably others too)
Remote: yes, easily expoitable
Type: administration password, which always works

The following username and password works in every case, even if you
set an other password

[ more ]  [ reply ]

Sorry mate - you're confusing English common law and the Napoleonic
Code. Under the former, a person is presumed innocent until proven
guilty, placing the burden of proof on the accuser.
Under the latter, a person is presumed guilty until proven otherwise,
and implicitly places the burden of proof

[ more ]  [ reply ]

There's often a lot of discussions on security mailing lists about the
legality of security research, proof-of-concept exploits, penetration
testing, war-driwing, reverse engineering, lack of vendor notification,
patent issues, copy protection circumvention and much more.

Currently, France it outl

[ more ]  [ reply ]