|
|
Colapse all |
Post message
Round One: "DLL Proxy" Attack Easily Hijacks SSL from Internet Explorer 2004-02-09 Disclosure From OSSI (disclosure ossecurity ca) [waraxe-2004-SA#003] - SQL injection in Php-Nuke 7.1.0 2004-02-08 Janek Vind (come2waraxe yahoo com) Apache Http Server Reveals Script Source Code to Remote Users And Any Users Can Access The Forbidden Directory ("/WEB-INF/") 2004-02-05 Wang Yun (wangyun188 hotmail com) TOPIC: ====== Apache + Resin Reveals JSP Source Code to Remote Users And Any Users Can Access Resin Forbidden Directory ("/WEB-INF/") Description: ============ Security vulnerability has been found in Windows NT/2000 Systems that have Apache 1.3.29 + Resin 2.1.12 installed. The vulnerabilit [ more ] [ reply ] Re: Outbreak warning: possibly Mydoom.C (Now Deadhat/Vesser) 2004-02-09 K-OTiK Security (Special-Alerts k-otik com) In-Reply-To: <4027B328.4050305 (at) egotistical.reprehensible (dot) net [email concealed]> it's not mydoom.c - his name is Vesser (W32.HLLW.Deadhat) : Vesser mainly targets computers that have previously been infected with the Mydoom.A or Mydoom.B worms. Vesser scans for the backdoors in those worms on IP addresses. While d [ more ] [ reply ] ptl-2004-01: Multiple vulnerabilities in Nokia phones 2004-02-09 Pentest Security Advisories (alerts pentest co uk) [waraxe-2004-SA#002] - Cross-Site Scripting (XSS) in Php-Nuke 7.1.0 2004-02-08 Janek Vind (come2waraxe yahoo com) clamav 0.65 remote DOS exploit 2004-02-09 Oliver Eikemeier (eikemeier fillmore-labs com) (1 replies) >Description: It is trivial to crash clamd using a malformed uuencoded message, resulting in a denial of service for all programs (e.g. SMTP daemons) relying on clamd running. The message must only contain one uuencoded line with an illegal line lenght, i.e. starting with a small letter. libclamav [ more ] [ reply ] [SECURITY] [DSA 436-1] New mailman packages fix several vulnerabilities 2004-02-08 Matt Zimmerman (mdz debian org) PalmOS httpd accept() queue overflow DoS vulnerability. 2004-02-08 Shaun Colley (shaunige yahoo co uk) Introduction ############# 'httpd' for PalmOS was originally written by Jim Rees, and is a simple webserver for Palm powered PDAs. Since the development of httpd for Palm stopped, I decided to modify 'httpd' slightly, and re-release it on freshmeat.net. However, httpd contains a bug which caus [ more ] [ reply ] TrackMania Demo Denial of Service 2004-02-08 scrap (webmaster securiteinfo com) TrackMania Demo Denial of Service The original document can be found at http://www.securiteinfo.com/attaques/hacking/trackmaniados.shtml .oO Overview Oo. TrackMania Demo Denial of Service Discovered on 2003, November, 30th Vendor: TrackMania Official website http://www.trackmania.com TrackMania [ more ] [ reply ] Eggrop bug 2004-02-08 cyborgirl (at) libero (dot) it [email concealed] (cyborgirl libero it) http://mogan.nonsoloirc.com/egg_advisory.txt ========================== Topic: eggdrop share.mod problem Issue date: 07/02/2004 Severity: remote exploit Affected versions: 1.6.x <= 1.6.15, others? ====================== Eggdrop is a bot written in C. It is highly configurable and can be easily exp [ more ] [ reply ] The Palace 3.x (Client) Stack Overflow Vulnerability 2004-02-07 Peter Winter-Smith (peter4020 hotmail com) The Palace 3.x (Client) Stack Overflow Vulnerability #################################################### Credit: Author : Peter Winter-Smith Software: Packages : The Palace 3.5 (Client) Version : 3.5 and below Vendor : 'Copyright © 1996-2000 Communities.com' Vendor Url : http://www. [ more ] [ reply ] RE: Hacking USB Thumbdrives, Thumprint authentication 2004-02-09 David Brodbeck (DavidB mail interclean com) > -----Original Message----- > From: Dave Aronson [mailto:spamtrap.secfocus (at) dja.mailme (dot) org [email concealed]] > Law enforcement agencies use some kind of algorithm to convert > fingerprints to a numeric value, so that they can be easily > compared. My understanding is that this is only an approximate represen [ more ] [ reply ] [Fwd: zyxel prestige ethernet information leakage] 2004-02-07 DiSToAGe (distoage sbbi net) I sent a mail to the vendor, without response , so here it is. In the exemple here you can see informations about the telnet interface previously connected to. Note the problem do not only exist with icmp packet but seems to be in ACK packet on TCP too. I don't know if the problem exist only on th [ more ] [ reply ] [ GLSA 200402-01 ] PHP setting leaks from .htaccess files on virtual hosts 2004-02-07 Tim Yamin (plasmaroo gentoo org) (1 replies) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200402-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - ~ [ more ] [ reply ] Re: [ GLSA 200402-01 ] PHP setting leaks from .htaccess files on virtual hosts 2004-02-07 Alexander GQ Gerasiov (bugtaq gq pp ru) |
|
Privacy Statement |
LoadLibrary / LoadLibraryEx Weakness
Release Date:
February 9, 2004
Date Reported:
Reported to Microsoft on December 9, 2003
Severity:
Medium (Interception of SSL traffic, RSA encryption, and others)
Systems Affected:
Windows 95, 98, ME;
Windows NT, 2000, XP, 2K3 (ACL limitations apply)
S
[ more ] [ reply ]