|
|
Colapse all |
Post message
MDKSA-2004:015 - Updated kernel packages fix multiple vulnerabilities 2004-02-24 Mandrake Linux Security Team (security linux-mandrake com) Web Crossing 4.x/5.x Denial of Service Vulnerability (FIX) 2004-02-23 Peter Winter-Smith (peter4020 hotmail com) Dear All, I have recently received notification from the WebCrossing Inc. company informing me that the Denial of Service bug which I recently provided information on is now completely fixed, as can be seen from the 'bug fixes' section on the updates section of their web-site. http://wci.webcrossi [ more ] [ reply ] RE: Windows XP explorer.exe heap overflow. 2004-02-23 Michael Wojcik (Michael Wojcik microfocus com) Yep. I suggested that on Vuln-Dev nearly four years ago [1], but I never pursued it, and this is the first time since then that I've seen it come up. In Outlook 2002 (aka Outlook XP, aka Outlook 10) and later, you can disable the automatic display of any kind of non-text content by forcing Outlook [ more ] [ reply ] Re: Windows XP explorer.exe heap overflow. 2004-02-23 Chris Calabrese (chris_calabrese yahoo com) (1 replies) This could actually be much worse since it looks like Internet Explorer and Outlook will happily display WMF files with no questions asked. Has anyone crafted a test WMF file we can use to check whether this could be exploited via an email worm through Outlook? On 2/20/2004 1:45 PM, sunglasses@bay [ more ] [ reply ] Lam3rZ Security Advisory #3/2004: A bug in Confirm leads to remote command execution 2004-02-23 Mariusz Woloszyn (emsi ipartners pl) Lam3rZ Security Advisory #3/2004 23 Feb 2004 Remote command execution in Confirm Name: Confirm <=0.62 Severity: High Software URL: http://freshmeat.net/projects/confirm/ Software author: David Lechnyr <davidrl/at/comcast/dot/net> Advisory author: Mariusz Woloszyn <emsi/AT/GTS/dot/PL> [ more ] [ reply ] Re: Bank of America Contact 2004-02-23 Jon W (jonw ripco com) In-Reply-To: <99322464468.20040223103135 (at) securescience (dot) net [email concealed]> I work at Bank of America. I asked our incident-response team, and they would like the BUGTRAQ community to know that abuse (at) bankofamerica (dot) com [email concealed] is monitored for reports by real security admins. So that would be the main point of contact f [ more ] [ reply ] 3Com DSL Router Long Request DoS exploit. 2004-02-22 Shaun Colley (shaunige yahoo co uk) I have attached a PoC exploit for the DoS vulnerability on 3Com OfficeConnect DSL routers, discovered by David F.Madrid. (vulnerability documented here: <http://www.securityfocus.com/bid/8248/>) Thank you for your time. Shaun. ___________________________________________________________ [ more ] [ reply ] Multiple Remote Buffer Overflow in Avirt Soho 4.3 2004-02-23 Donato Ferrante (fdonato autistici org) ezBoard Cross Site Scripting Vulnerability 2004-02-23 Cheng Peng Su (apple_soup msn com) ######################################################## Advisory Name:ezBoard Cross Site Scripting Vulnerability Release Date: Feb 24,2004 Application: ezBoard Version Affected: 7.3u or lower? Vendor URL: http://www.ezboard.com/ Discover: Cheng Peng Su(apple_soup_at_msn.com) ###### [ more ] [ reply ] Somewhat new SQL Injection concept 2004-02-23 Tõnu Samuel (tonu please do not remove this spam ee) Hi! While I believe I know something about SQL Injection I have not found any publications related to way of abuse I am going to describe here. Somewhat it is not new at all but it seems to work in many weird situations. Currently all penetration testers efforts seem to be focused on "blind hac [ more ] [ reply ] Lam3rZ Security Advisory #1/2004: LSF eauth vulnerability leads to remote code execution 2004-02-23 Tomasz Grabowski (cadence aci com pl) Lam3rZ Security Advisory #2/2004: LSF eauth vulnerability leads to a possibility of controlling cluster jobs on behalf of other users 2004-02-23 Tomasz Grabowski (cadence aci com pl) Re: Bank of America Contact 2004-02-23 Lance James (lancej securescience net) Hello bugtraq, Hi bugtraq, I'd like to thank everyone for their replies, suggestions, and contact information. No two people provided the same information. This suggests to us that Bank of America does not have a central contact for security risks. We received about a half-dozen Bank of America [ more ] [ reply ] [waraxe-2004-SA#004] - Multiple vulnerabilities in XMB 1.8 Partagium Final SP2 2004-02-23 Janek Vind (come2waraxe yahoo com) PSOProxy <= 0.91 remote buffer overflow (exploit) 2004-02-21 li0n7 (li0n7 voila fr) Here's an exploit against PSOProxy <= 0.91 ---- /* * PSOProxy remote stack-based overflow * by Li0n7 (at) voila (dot) fr [email concealed] * Bug found by Donato Ferrante <fdonato (at) autistici (dot) org [email concealed]> * Spawns cmd.exe on port 9191 * * usage: ./PSOProxy-exp -h <victim> -p <port> -t <target> * Platforms supported are: * 0 [ more ] [ reply ] [SECURITY] [DSA 445-1] New lbreakout2 packages fix buffer overflow 2004-02-21 Matt Zimmerman (mdz debian org) Re: APC 9606 SmartSlot Web/SNMP management card "backdoor" 2004-02-18 brandon pierce (brandonp insynclh com) In-Reply-To: <1076930672.19026.88.camel (at) localhost (dot) loca [email concealed]ldomain> Just tested on a client's Symmetra RM 12000 and had some interesting results with the following setup: Model Number: AP9617 Manufacture Date: 12/20/2002 Hardware Revision: A10 Symmetra APP Ver: 120 Sy [ more ] [ reply ] |
|
Privacy Statement |
#######################################################################
Luigi Auriemma
Application: Haegemonia
http://www.haegemonia.com
Versions: <= 1.07
Platforms: Windows
Bug: reading of unallocated memory (crash)
Risk: high
E
[ more ] [ reply ]