|
|
Colapse all |
Post message
NOT GOOD: Outlook Express 6 + Internet Explorer 6 2004-03-31 http-equiv (at) excite (dot) com [email concealed] (1 malware com) Wednesday, March 31, 2004 This is somewhat disconcerting. Reference the recently disclosed Internet Explorer 'bug' presently in the wild [original discussion: http://www.securityfocus.com/archive/1/358813 with additional input buried thereunder in subsequent threads] allowing for complete rem [ more ] [ reply ] Followup: vuln in WinBlox monitor for winnt 2004-03-30 Oliver Lavery (oliver lavery sympatico ca) The good fellows that moderate this list pointed out to me that my last post regarding Liu Die Yu's winblox utility was a little thin on details and might get percieved as a bit of a pissing competition. That's precisely what I was trying to avoid by being vague, so let's get this clear=85 WinBlo [ more ] [ reply ] RE: security enforcement - new monitor for winnt 2004-03-31 Liu Die Yu (liudieyuinchina yahoo com cn) exploitable buffer overflow when attacker can supply arbitrary data to CreateFileW. thanks for pointing it out. i'll fix it and make winblox open-source later tonight(many other guys suggested me to do this also). you can surely find more when you have source code. please publish all of them - w [ more ] [ reply ] Re: IE ms-its: and mk:@MSITStore: vulnerability 2004-03-31 roozbeh afrasiabi (roozbeh_afrasiabi yahoo com) In-Reply-To: <BAY17-F16uCddQiqWcB0001d6bb (at) hotmail (dot) com [email concealed]> >What, exactly, is new about this? I did my best to explain this with different pocs and giving a lot of detail but it seems i failed to address this well.The fact that internet explorer can access chm files using the two p-handlers when hel [ more ] [ reply ] Re: new internet explorer exploit (was new worm) 2004-03-31 roozbeh afrasiabi (roozbeh_afrasiabi yahoo com) I have made little changes to the exploit jelmer coded,and now it can run any program with parameters on victim's system (executable's path or MUICACHE name must be known)it can download other files to victim's system ,it is also possible to run files using their bond programs( if 1001001.x [ more ] [ reply ] [ GLSA 200403-11 ] Squid ACL [url_regex] bypass vulnerability 2004-03-31 Kurt Lieber (klieber gentoo org) [ GLSA 200403-14 ] Multiple Security Vulnerabilities in Monit 2004-03-31 Aida Escriva-Sammer (aescriva gentoo org) CactuSoft CactuShop v5.x shopping cart software multiple security vulnerabilities 2004-03-31 S-Quadra Security Research (research s-quadra com) S-Quadra Advisory #2004-03-31 Topic: CactuSoft CactuShop v5.x shopping cart software multiple security vulnerabilities Severity: High Vendor URL: http://www.cactushop.com Advisory URL: http://www.s-quadra.com/advisories/Adv-20040331.txt Release date: 31 Mar 2004 1. DESCRIPTION CactuShop is [ more ] [ reply ] MDKSA-2004:025 - Updated squid packages fix vulnerability 2004-03-31 Mandrake Linux Security Team (security linux-mandrake com) MDKSA-2004:024 - Updated ethereal packages fix multiple vulnerabilities 2004-03-31 Mandrake Linux Security Team (security linux-mandrake com) White Paper - Web Application Worms: Myth or Reality? 2004-03-30 Imperva Application Defense Center (adc imperva com) (1 replies) Dear BugTraq List, Imperva(tm)'s Application Defense Center (ADC) has released a new white paper. The new paper demonstrates the feasibility of launching worms that attack custom Web application software automatically. These methodologies leverage common Web search engine technologies to achieve t [ more ] [ reply ] Re: White Paper - Web Application Worms: Myth or Reality? 2004-03-30 Nicholas Weaver (nweaver CS berkeley edu) phpkit suffers (reale stupid) XSS vuln. 2004-03-30 Yanosz (yanosz gmx net) Software: phpkit Version: 1.6.03 others are probably affected as well. Status: Vendor has been notified weeks ago but refuses to answer or take any actions. phpkit[1] is a simple German cms / portal software written in php similar to phpbb / phpnuke and is quite popular in Germany. All session inf [ more ] [ reply ] NetSky.q Virus. Looking for more detailed information on how the DOS will be performed. 2004-03-30 Paul (paul edonkey2000 com) (1 replies) Hi, I work for one of the companies about to be hit with the dDOS attack 7-12 from the NetSky.Q virus. http://securityresponse.symantec.com/avcenter/venc/data/w32.netsky.q@mm. html I am looking for more detailed information on exactly how the dDOS attack will be performed, ports used, request typ [ more ] [ reply ] Re: NetSky.q Virus. Looking for more detailed information on how the DOS will be performed. 2004-03-30 Joe Stewart (jstewart lurhq com) (1 replies) R7-0017: TCPDUMP ISAKMP payload handling denial-of-service vulnerabilities 2004-03-30 advisory rapid7 com Linbit linbox Multiple Vulnerabilities 2004-03-30 Martin Eiszner (martin websec org) ============================================================ SEC-CONSULT Security Advisory - LINBIT LINBOX ============================================================ Vendor: LINBIT Information Technologies GmbH (http://www.linbit.com) Product: LINBOX Vendor status: vendor contacted (22.01.2004 [ more ] [ reply ] Problem with customized login pages for Oracle SSO 2004-03-30 advisories madison-gurkha com Name: Problem with customized login pages for Oracle SSO Id: MG-2004-01 Issued: 2004-03-30 Authors: Guido van Rooij (Madison Gurkha) Arjan de Vet (Madison Gurkha) Application: All known versions Platforms: All supported platforms Reference: http://www.madison-gurkha.com/advisories/MG-2004-01.t [ more ] [ reply ] MPlayer Security Advisory #002 - HTTP parsing vulnerability 2004-03-30 Gabucino (gabucino-nospam mplayerhq hu) MPlayer Security Advisory #002 Remotely exploitable vulnerability in HTTP parser Severity: HIGH (if playing HTTP streaming content) LOW (if playing only normal files) Description: A remotely exploitable buffer overflow vulnerability was found in MPlayer. A malicious host can craft a harmful HTTP [ more ] [ reply ] Re: security enforcement - new monitor for winnt 2004-03-30 http-equiv (at) excite (dot) com [email concealed] (1 malware com) <!-- afaik, i can stop ie 0day exploits by doing these things. so, i made this: http://umbrella.name/winblox/ of course, free. --> This is fantastic. A truly useful effort for the benefit of the so-called "security community". And free. And from security expert who actually finds new a [ more ] [ reply ] Heap overflow in MPlayer 2004-03-30 blexim (blexim hush com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Remote heap overflow in http input module Product: MPlayer (releases previous to 30/03/2004) Impact: Malicious web servers may execute code Bug class: Heap overflow Vendor notified: Yes Fix available: Yes Details: Whilst requesting a file from a webse [ more ] [ reply ] |
|
Privacy Statement |
#######################################################################
Luigi Auriemma
Application: RogerWilco
http://rogerwilco.gamespy.com
Versions: - RogerWilco <= 1.4.1.6
- RogerWilco Base Station <= 0.30a
Platforms:
[ more ] [ reply ]