BugTraq Mode:
(Page 1534 of 1748)  < Prev  1529 1530 1531 1532 1533 1534 1535 1536 1537 1538 1539  Next >
Ghost users in Chat Anywhere 2.72 2004-03-09
Luigi Auriemma (aluigi altervista org)

#######################################################################

Luigi Auriemma

Application: Chat Anywhere
http://www.lionmax.com/chatanywhere.htm
Versions: <= 2.72
Platforms: Windows
Bug: users cannot be banned or kicked
Risk:

[ more ]  [ reply ]
[SECURITY] [DSA 457-1] New wu-ftpd packages fix multiple vulnerabilities 2004-03-09
Matt Zimmerman (mdz debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 457-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Matt Zimmerman
March 8th, 2004

[ more ]  [ reply ]
IBM DB2 Remote Command Execution Privilege Upgrade (#NISR09032004) 2004-03-09
NGSSoftware Insight Security Research (nisr nextgenss com)
NGSSoftware Insight Security Research Advisory

Name: IBM DB2 Remote Command Execution Privilege Upgrade
Systems Affected: DB2 8.1 Enterprise Edition on Windows
Severity: High/Low depending on environment
Vendor URL: http://www.ibm.com/
Author: David Litchfield [ david (at) ngssoftware (dot) com [email concealed] ]
Date Vendor

[ more ]  [ reply ]
Invision Power Board v1.3 Final Cross Site Scripting 2 - Addon 2004-03-09
Rafel Ivgi, The-Insider (theinsider 012 net il)
Hi Everyone!
I Just found more XSS at "Invision Power Board v1.3 Final" forum.
This is the new hole:
http://<host>/forum//index.php?s=&act=chat&pop=1;'><script>alert('this could
be your cookie')</script><plaintext>
it is at the "pop" field.

Rafel Ivgi, The-Insider.

[ more ]  [ reply ]
[OpenPKG-SA-2004.005] OpenPKG Security Advisory (mutt) 2004-03-09
OpenPKG (openpkg openpkg org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

________________________________________________________________________

OpenPKG Security Advisory The OpenPKG Project
http://www.openpkg.org/security.html http://www.openpkg.org
openpkg-security (at) openpkg (dot) org [email concealed]

[ more ]  [ reply ]
Antivir for Freebsd doesn't work on 5.X 2004-03-05
George Swentek (george swentek mine nu)


Antivir ( http://www.antivir.de/ ) - a popular antivirus scanner

doesn't work on local file system in Freebsd 5.X

The result from FreeBSD 4.9 system:

root@something:~$antivir -s /var/log/

AntiVir / FreeBSD Version 2.1.0-9

Copyright (c) 1994-2004 by H+BEDV Datentechnik GmbH.

All rights r

[ more ]  [ reply ]
Re: Invision Power Board v1.3 Final Cross Site Scripting Vulnerabillity 2004-03-05
JeiAr (security gulftech org)
In-Reply-To: <001301c402d9$f70623b0$0b3016ac@fucku>

I tested this on my fully patched 1.3 install of IPB with no results. I have seen in the past where people have reported XSS and the like and used http://demo.invisionboard.com as an example. The XSS DOES work there, but did not work on my 1.3 fin

[ more ]  [ reply ]
RE: Desert Rats vs. Afrika Korps (Haegemonia bug) 2004-03-05
Drew Copley (dcopley eeye com)


> -----Original Message-----
> From: Luigi Auriemma [mailto:aluigi (at) altervista (dot) org [email concealed]]
> Sent: Friday, March 05, 2004 10:12 AM
> To: bugtraq (at) securityfocus (dot) com [email concealed]; bugs (at) securitytracker (dot) com [email concealed];
> news (at) securiteam (dot) com [email concealed]
> Subject: Desert Rats vs. Afrika Korps (Haegemonia bug)
>
>
> Yesterday has been release

[ more ]  [ reply ]
RE: "Divide and Conquer" - cross site response header tampering, cookie manipulation, and session fixation 2004-03-07
Amit Klein (amit klein sanctuminc com)
Hi Peter,

Thanks for your message.

I would like to make a distinction here. The attack I described, HTTP
Response Splitting (or Divide and Conquer), is mostly focused on
crafting an entire new HTTP response message. The direction described
below is manipulation of the HTTP response in such way

[ more ]  [ reply ]
Z***ING EMAILS ! 2004-03-06
http-equiv (at) excite (dot) com [email concealed] (1 malware com)


Saturday, March 06, 2004

The seems to be a lot of excitement at the moment regarding .zip
files and emails. What if the actual .zip file is the email or
the email is the actual .zip file:

MIME-Version: 1.0
Content-Type: application/x-zip-compressed
Content-Transfer-Encoding: b

[ more ]  [ reply ]
[ GLSA 200403-01 ] Libxml2 URI Parsing Buffer Overflow Vulnerabilities 2004-03-06
Tim Yamin (plasmaroo gentoo org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200403-01
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
~

[ more ]  [ reply ]
[ GLSA 200403-02 ] Linux kernel do_mremap local privilege escalation vulnerability 2004-03-06
Tim Yamin (plasmaroo gentoo org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200403-02
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
~

[ more ]  [ reply ]
RE: A new Sanctum white paper: "Divide and Conquer - HTTP Response Splitting, Web Cache Poisoning Attacks, and Related Topics" 2004-03-07
Amit Klein (amit klein sanctuminc com)
Hi Jermiah, lists.

Jeremiah and I exchanged few emails over the weekend, and I would like
to summarize them into this response.

Please see below (my comments are marked with "***").

Thanks,
-Amit

-----Original Message-----
From: Jeremiah Grossman [mailto:jeremiah (at) whitehatsec (dot) com [email concealed]]
Sent: Friday,

[ more ]  [ reply ]
directory traversal in PWebServer 0.3.3 2004-03-08
Donato Ferrante (fdonato autistici org)

Donato Ferrante

Application: PWebServer
http://sourceforge.net/projects/pwebserver/

Version: 0.3.3

Bug: directory traversal bug

Author: Donato Ferrante
e-mail: fdonato (at) autistici (dot) org [email concealed]
web: www.autistici.

[ more ]  [ reply ]
[OpenPKG-SA-2004.004] OpenPKG Security Advisory (libtool) 2004-03-08
OpenPKG (openpkg openpkg org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

________________________________________________________________________

OpenPKG Security Advisory The OpenPKG Project
http://www.openpkg.org/security.html http://www.openpkg.org
openpkg-security (at) openpkg (dot) org [email concealed]

[ more ]  [ reply ]
Symlink Vulnerability in GNU automake <1.8.3 2004-03-08
Stefan Nordhausen (deletethis nordhaus informatik hu-berlin de)
Vulnerable: GNU automake <1.8.3
Not Vulnerable: GNU automake 1.8.3
Project website: http://www.gnu.org/software/automake/

Description of libtool (from website):
"Automake is a tool for automatically generating `Makefile.in' files
compliant with the GNU Coding Standards."

Discussion:
The Mak

[ more ]  [ reply ]
Safari javascript array overflow 2004-03-06
kang (kang insecure ws)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

http://www.insecure.ws/article.php?story=2004021918172533

A problem exists in the way Safari Javascript engine allocates Arrays.
For example, allocating a too big array and writing into it, will
segfault Safari. There is no known way to execute remote

[ more ]  [ reply ]
TSLSA-2004-0009 - nfs-utils 2004-03-06
Trustix Security Advisor (tsl trustix org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Trustix Secure Linux Security Advisory #2004-0009

Package name: nfs-utils
Summary: Denial of service
Date: 2004-03-05
Affected versions: Trustix 2.

[ more ]  [ reply ]
TSLSA-2004-0010 - libxml2 2004-03-06
Trustix Security Advisor (tsl trustix org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Trustix Secure Linux Security Advisory #2004-0010

Package name: libxml2
Summary: buffer overrun in nanohttp
Date: 2004-03-05
Affected versions: Tru

[ more ]  [ reply ]
[SECURITY] [DSA 456-1] New Linux 2.2.19 packages fix local root exploit (arm) 2004-03-06
joey infodrom org (Martin Schulze)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 456-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Martin Schulze
March 6th, 2004

[ more ]  [ reply ]
Re: Norton Antivirus 2002 fails to scan files with ... [2'nd... UPDATED] 2004-03-06
Bipin Gautam. (door_hunt3r blackcodemail com)
In-Reply-To: <20040305183533.17369.qmail (at) www.securityfocus (dot) com [email concealed]>

Subject: Norton Antivirus 2002 fails to scan files with special character(s) properly.

Published: Friday, 05 March, 2004

Updated: 06-Mar-04

Discovered By: Bipin Gautam ( hUNT3R )

Product Version: Norton Antivirus 2002 [ ver: 8.00.

[ more ]  [ reply ]
O-088: Sun passwd(1) Command Vulnerability 2004-03-05
Cy Schubert (Cy Schubert komquats com)
http://www.ciac.org/ciac/bulletins/o-088.shtml

Cheers,
--
Cy Schubert <Cy.Schubert (at) komquats (dot) com [email concealed]> http://www.komquats.com/
BC Government . FreeBSD UNIX
Cy.Schubert (at) osg.gov.bc (dot) ca [email concealed] . cy (at) FreeBSD (dot) org [email concealed]
http://www.gov.bc.ca/

[ more ]  [ reply ]
Norton Antivirus 2002 fails to scan files with special character(s) properly. 2004-03-05
Bipin Gautam. (door_hunt3r blackcodemail com) (1 replies)


Subject: Norton Antivirus 2002 fails to scan files with special character(s) properly.

Published: Friday, 05 March, 2004

Discovered By: Bipin Gautam ( hUNT3R )

Product Version: Norton Antivirus 2002 [ ver: 8.00.58 ] (~Only tested On...~)

Risk Impact: Low-Medium

* * *

Details:

Duri

[ more ]  [ reply ]
Re: Norton Antivirus 2002 fails to scan files with special character(s) properly. 2004-03-06
Marco Marabelli (mm smrt it)
[OpenPKG-SA-2004.003] OpenPKG Security Advisory (libxml) 2004-03-05
OpenPKG (openpkg openpkg org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

________________________________________________________________________

OpenPKG Security Advisory The OpenPKG Project
http://www.openpkg.org/security.html http://www.openpkg.org
openpkg-security (at) openpkg (dot) org [email concealed]

[ more ]  [ reply ]
Invision Power Board v1.3 Final Cross Site Scripting Vulnerabillity 2004-03-05
Rafel Ivgi, The-Insider (theinsider 012 net il)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Software: Invision Power Board
Vendor: http://www.invisionboard.com/
Versions: (U) v1.3 Final
Bug: Cross Site Scripting Vulnerabillity
Risk: Medium
Exploitation: Remote

[ more ]  [ reply ]
Infosecdaily.net: Expanding our blogging community. 2004-03-05
Ejovi Nuwere (ejovi ejovi net)
We are trying to raise awareness about our infosec blogging community,
which I think may be of interest to bugtraq readers. -ejovi

Infosecdaily.net: Expanding our blogging community.

Our focus is on aggregating security news for technologist. The site was
made by security researchers for the publi

[ more ]  [ reply ]
Re: A new Sanctum white paper: "Divide and Conquer - HTTP Response Splitting, Web Cache Poisoning Attacks, and Related Topics" 2004-03-05
Jeremiah Grossman (jeremiah whitehatsec com) (1 replies)
Amit's paper is extensive and very detailed. It contains interesting
results and illustrates clever techniques used to poison web cache. I
am attempting to condense the material to its core concepts. Amit,
please correct me if I make any errors.

This technique builds upon the scenario that u

[ more ]  [ reply ]
Re: "Divide and Conquer" - cross site response header tampering, cookie manipulation, and session fixation 2004-03-05
Peter Watkins (peterw usa net)
(Page 1534 of 1748)  < Prev  1529 1530 1531 1532 1533 1534 1535 1536 1537 1538 1539  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus