|
|
Colapse all |
Post message
RE: W2K source "leaked"? 2004-02-13 LordInfidel directionweb com Just a thought: Has anyone given any consideration that maybe this source is trojanized? It's obviously pirated, since MS probably did not release it to the general public. (At least they have not made a public announcement to that effect, unless I am mistaken and that is always a possibility) No [ more ] [ reply ] Misinformation in Security Advisories (ASN.1) 2004-02-16 John Compton (john_compton24 yahoo com) It seems that misinformation is included in security advisories far too often, and for many different reasons. I'd like to point out a couple examples, and promote discussion as to how this misinformation affects the security community and the non-experts who rely on this information to be valid. [ more ] [ reply ] ASP Portal Multiple Vulnerabilities 2004-02-14 Manuel López (mantra gulo org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Title: Asp Portal Multiple Vulnerabilities By: Manuel López Software: Asp Portal Vendor Description: ASP Portal is a an ASP powered portal site which uses an Access database to store all the site info. The script also includes and easy to use A [ more ] [ reply ] [SECURITY] [DSA 429-2] New gnupg packages fix cryptographic weakness 2004-02-14 Matt Zimmerman (mdz debian org) Re: Microsoft ASN.1 (Half a sploit) 2004-02-15 K-OTiK Security (Special-Alerts k-otik com) In-Reply-To: <200402132315.i1DNFYAa067379 (at) mailserver1.hushmail (dot) com [email concealed]> Note that the SANS said "This Exploit appears to work only against Windows 2000 Professional..." We say : works against Windows 2000 & Windows XP other versions ? 2k3 ? References http://www.k-otik.com/exploits/02.14.MS0 [ more ] [ reply ] Buffer overflow in mnoGoSearch 2004-02-15 Jedi/Sector One (j c9x org) Product : mnoGoSearch Date : 02/15/2004 Author : Frank Denis <j (at) pureftpd (dot) org [email concealed]> ------------------------[ Product description ]------------------------ From the web site : mnoGoSearch (formerly known as UdmSearch) is a full-featured web search engine software for intranet and interne [ more ] [ reply ] Broadcast client buffer-overflow in Purge Jihad <= 2.0.1 2004-02-16 Luigi Auriemma (aluigi altervista org) Possible race condition in Symantec AntiVirus Scan Engine for Red Hat Linux during LiveUpdate 2004-02-16 Dr. Peter Bieringer (pbieringer aerasec de) Hi, during evaluation of Symantec AntiVirus Scan Engine for Red Hat Linux (file: Scan_Engine_430-RedHat-1.zip) we found a race condition using default configuration. Like written in "Implementation_Guide.pdf" on page 134 LiveUpdate can be triggered by cron via a shell script: # /opt/SYMCScan/b [ more ] [ reply ] Symantec FireWall/VPN Appliance model 200 leak of security 2004-02-16 Davide Del Vecchio (dante alighieri org) ============================================================ Symantec FireWall/VPN Appliance model 200 leak of security ============================================================ Davide Del Vecchio Adv#9 Discovered in: 15/01/2004 Date: 15/02/2004 Tested on FireWall/VPN Applicance model 200 Ve [ more ] [ reply ] RE: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption 2004-02-12 Bill Gallagher (Bill Gallagher augharue com) ... > In order to trigger the ASN.1 vulnerabilities an attacker has > to be able > to get the target machine to invoke its BER decoding capabilities. I have read a good number of the posts here regarding this vulnerability and have seen references to NTLM etc. as a pathway for attack. What abou [ more ] [ reply ] RE: [Full-Disclosure] Re: W2K source "leaked"? 2004-02-13 Drew Copley (dcopley eeye com) > -----Original Message----- > From: full-disclosure-admin (at) lists.netsys (dot) com [email concealed] > [mailto:full-disclosure-admin (at) lists.netsys (dot) com [email concealed]] On Behalf Of > Gadi Evron > Sent: Friday, February 13, 2004 9:51 AM > To: Drew Copley > Cc: bugtraq (at) securityfocus (dot) com [email concealed]; full-disclosure (at) lists.netsys (dot) com [email concealed] > Subject: [Full- [ more ] [ reply ] Re: Round One: "DLL Proxy" Attack Easily Hijacks SSL from Internet Explorer 2004-02-13 carlo cs dartmouth edu In-Reply-To: <DHELIJMHOLKLHKFHGGGLIEDHCAAA.disclosure (at) ossecurity (dot) ca [email concealed]> It's nice to see this getting some attention. We've been working on some exploits in this area for the last year, and actually have been able to use and/or steal a user's private key from the CSP that IE uses. We used DLL inje [ more ] [ reply ] [FLSA-2004:1232] Updated slocate resolves security vulnerabilites 2004-02-12 Jesse Keating (jkeating j2solutions net) |
|
Privacy Statement |
******** AllMyGuests PHP Code Injection vulnerability ********
Product : AllMyGuests
Vendor : www.php-resource.net
Date : February 14, 2004
Problem : PHP Code Injection
Vendor Contacted ? : No
************************** Source ****************************
in /include/info.inc.php
-
[ more ] [ reply ]