BugTraq Mode:
(Page 1553 of 1748)  < Prev  1548 1549 1550 1551 1552 1553 1554 1555 1556 1557 1558  Next >
[SECURITY] [DSA 435-1] New mpg123 packages fix heap overflow 2004-02-06
Matt Zimmerman (mdz debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 435-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Matt Zimmerman
February 6th, 2004

[ more ]  [ reply ]
Dotnetnuke Multiple Vulnerabilities 2004-02-06
Ferruh Mavituna (ferruh mavituna com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - ------------------------------------------------------
DOTNETNUKE MULTIPLE VULNBERABILITIES
- - ------------------------------------------------------
Online URL : http://ferruh.mavituna.com/?429

1) Source Code & File Access;
Severity : Highly Cri

[ more ]  [ reply ]
Apache-SSL security advisory - apache_1.3.28+ssl_1.52 and prior 2004-02-06
Adam Laurie (adam algroup co uk)
Apache-SSL optional client certificate vulnerability
----------------------------------------------------

Synopsis
--------

If configured with SSLVerifyClient set to 1 or 3 (client certificates
optional) and SSLFakeBasicAuth, Apache-SSL 1.3.28+1.52 and all earlier
versions would permit a client to

[ more ]  [ reply ]
CactuSoft CactuShop 5.0 Lite shopping cart software backdoor 2004-02-06
S-Quadra Security Research (research s-quadra com)
S-Quadra Advisory #2004-02-06

Topic: CactuSoft CactuShop 5.0 Lite shopping cart software backdoor
Severity: High
Vendor URL: http://www.cactushop.com
Advisory URL: http://www.s-quadra.com/advisories/Adv-20040206.txt
Release date: 06 Feb 2004

1. DESCRIPTION

CactuShop is an ASP application

[ more ]  [ reply ]
Re: Decompression Bombs [...missed something] 2004-02-06
Bipin Gautam. (door_hunt3r blackcodemail com)
In-Reply-To: <401FD489.8070602 (at) aerasec (dot) de [email concealed]>

isn't the concept same as the one I produced 3 months ago in...

http://www.securityfocus.com/bid/8572/info/

indeed the replica... of my old concept!

[... fine, A new class of bug! & in the wild AGAIN ]

>As a followup to http://www.securityfoc

[ more ]  [ reply ]
Linux 2.4.24 with vserver 1.24 exploit 2004-02-06
Markus Müller (unknown priv de)
Hi securityfocus,

a small exploit from me which brakes out of a vserver, also if secured
with "chmod 000 /vservers". It is a modification of the known
"chroot-again" exploit. It belongs to chroots but also to the vserver
project. Tested with linux 2.4.24 and vserver 1.24. The bug was posted
to

[ more ]  [ reply ]
RE: getting rid of outbreaks and spam (junk) 2004-02-05
Paul Murphy (pmurphy ionixpharma com)

James Riden wrote:

> Not my area, but I believe most backbone networks are designed to get
> packets from A to B as fast as possible. Egress filtering at ISPs,
> for both spoofed addresses and email-borne viruses would be a start
> though.

Checking for spoofed addresses is fine in theory, and it

[ more ]  [ reply ]
Open Journal Blog Authenticaion Bypassing Vulnerability 2004-02-06
Tri Huynh (trihuynh zeeup com)
Open Journal Blog Authenticaion Bypassing Vulnerability
=================================================

PROGRAM: Open Journal
HOMEPAGE: http://www.grohol.com/downloads/oj/
VULNERABLE VERSIONS: 2.5 and below

DESCRIPTION
=================================================

OpenJournal

[ more ]  [ reply ]
formmail (PHP) Upload file using CSS 2004-02-06
Himeur Nourredine (lostnoobs security-challenge com)


Informations :

°°°°°°°°°°°°°°

Website : http://www.dtheatre.com/scripts/

Version : all

Problem : Upload file

PHP Code/Location :

°°°°°°°°°°°°°°°°°°°

formmail.php :

------------------------------------------------------------------

function check_referer($referers) {

if (co

[ more ]  [ reply ]
RE: Decompression Bombs 2004-02-05
David Bachtel (dave realtimegaming com)
Wow, This is a very interesting concept. Any vendor that relies on any decompresion library could be vulnerable. Anything from something like Photoshop to IE to virus scanners.

The example files given on the website seem to require a password. Can you provide it?

Nice work and thanks!

D

[ more ]  [ reply ]
US-CERT Technical Cyber Security Alert TA04-036A -- HTTP Parsing Vulnerabilities in Check Point Firewall-1 2004-02-05
CERT Advisory (cert-advisory cert org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

HTTP Parsing Vulnerabilities in Check Point Firewall-1

Original release date: February 05, 2004
Last revised: --
Source: US-CERT

A complete revision history can be found at the end of this file.

Systems Affected

* Check Point Firew

[ more ]  [ reply ]
Re: BUG IN APACHE HTTPD SERVER 2.0.47/48 (to who replied me) 2004-02-05
William A. Rowe, Jr. (wrowe rowe-clan net)
Finally the gist of a very effective question:

Q. Should Apache require that the .htaccess-permitted web content
allow the user to control the ErrorDocument directive?

A. Yes, provided that AllowOverride FileInfo (or AllowOverride All) is given
in the httpd.conf file for the web content's d

[ more ]  [ reply ]
Re: BUG IN APACHE HTTPD SERVER 2.0.47/48 (to who replied me) 2004-02-05
langtuhaohoa caothuvolam (trungonly yahoo com)
In-Reply-To: <20040204190737.7cbb8939.nd (at) perlig (dot) de [email concealed]>

Hi Reagan Blundell, Andre Malo, Rafael D'Avila...

Thanks for your comment. But let's think a bit more carefully and reply to me your opnion.

Suppose that the *root user* set a directory to Deny From All, so in fact all web users should not

[ more ]  [ reply ]
(Page 1553 of 1748)  < Prev  1548 1549 1550 1551 1552 1553 1554 1555 1556 1557 1558  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus