|
|
Colapse all |
Post message
RE: What is the point here? 2004-01-19 PM Systems - Rick Woehler (RWoehler PMSysCorp com) 1. I'm sorry your software got hacked but I'd be willing to bet that the individuals that did it weren't the ones that posted it to BugTraq. 2. As a pen tester I actually use the POCs and updated POCs. I can't tell a customer that they *may* be vulnerable to this and that. I sometimes have to [ more ] [ reply ] RE: HP printers and currency anti-copying measures 2004-01-17 Kevin E. Casey (kcasey nanoweb com) Any decent counterfeiter would be aware of the rulesforuse.org website and could easily make a tweak to their host files... Say point rulesforuse.org to their own webserver which would then be designed to return data permitting the copying of currency images... As for preventing image copying, it [ more ] [ reply ] More info on blocking the Bagle worm 2004-01-19 Gadi Evron (ge linuxbox org) Since it does not appear on the URL provided (again below, on viruslist, not the Kaspersky web page, oops, sorry). From MooSoft (Daniel): Here is the URL list, all 404 last I checked: http://www.elrasshop.de/1.php http://www.it-msc.de/1.php http://www.getyourfree.net/1.php http://www.dmdesign.de [ more ] [ reply ] [SECURITY] [DSA 425-1] New tcpdump packages fix multiple vulnerabilities 2004-01-16 Matt Zimmerman (mdz debian org) RE: ISA Server 2000 - Vulnerability in H.323 Filter Can Cause Remote Code Execution (816458) 2004-01-16 Alan Monaghan (AlanM Gardnerweb com) Just wanted others to be aware of this one. Usually, when you install a hot fix from Microsoft, there are warning about shutting down services and or it just installs the patch and tells you to reboot the server. This hot fix does not do this but immediately shuts down the services associated with [ more ] [ reply ] a method for bypassing cookie restrictions in web browsers 2004-01-19 Michal Zalewski (lcamtuf ghettot org) (1 replies) Hey, I noticed that in a typical web browser, it is possible to bypass a privacy settings that restrict cookies or disable them altogether. This effectively enables remote entities to track users or otherwise violate their privacy by storing a unique, persistent portion of information on the victim [ more ] [ reply ] Re: a method for bypassing cookie restrictions in web browsers 2004-01-19 Dave McKinney (dm securityfocus com) RE: Bagle worm status + more blocking information 2004-01-19 David Brodbeck (DavidB mail interclean com) > -----Original Message----- > From: Gadi Evron [mailto:ge (at) egotistical.reprehensible (dot) net [email concealed]] > Although some AV firms web pages still call this a "not so serious" > threat, the latest checks and cross-checks between vendors which are > members of TH-Research (The Trojan Horses Research Mailing Lis [ more ] [ reply ] Yabb SE SQL Injection 2004-01-19 backspace (backspace_2k terra es) Summary: YaBB SE is a PHP/MySQL port of the popular forum software YaBB (yet another bulletin board). An SQL Injection vulnerability in the product allows a remote attacker to insert malicious SQL statements. Details: Vulnerable Systems: Yabb Se version 1.5.4 (tested), 1.5.3(tested) maybe others I [ more ] [ reply ] Bagle worm status + more blocking information 2004-01-19 Gadi Evron (ge egotistical reprehensible net) Although some AV firms web pages still call this a "not so serious" threat, the latest checks and cross-checks between vendors which are members of TH-Research (The Trojan Horses Research Mailing List) conclude that this is a serious Outbreak. I believe new threat levels will be posted tomorrow [ more ] [ reply ] Re: Get admin rights using Doro (pdf creator) 2004-01-19 the_sz gmx co uk In-Reply-To: <7814219078.20031214220641 (at) portsonline (dot) net [email concealed]> I'm the author of Doro. Version 1.15 fixes this problem. run.to/sz >Received: (qmail 2135 invoked from network); 15 Dec 2003 20:22:15 -0000 >Received: from outgoing2.securityfocus.com (205.206.231.26) > by mail.securityfocus.com wi [ more ] [ reply ] [ESA-20040119-002] 'tcpdump' multiple vulnerabilities. 2004-01-19 EnGarde Secure Linux (security guardiandigital com) Networker 6.0 - possible symlink attack 2004-01-19 Rene (l0om excluded org) product: networker 6.0 date: 19.01.2003 author: l0om <l0om (at) excluded (dot) org [email concealed]> possible symlink attack in shutdown scribt the networker is a backup and storeage system from fujitsu siemens. the shutdown (nsr_shutdown) scribt from networker version 6.0 contains a the following: zero_wo [ more ] [ reply ] Denial of service in Getware's built-in webserver (Webcam Live and Photohost) 2004-01-19 Luigi Auriemma (aluigi altervista org) Resources consumption in Goahead webserver <= 2.1.8 2004-01-19 Luigi Auriemma (aluigi altervista org) New release of Patchfinder2 (windows rootkit detector) 2004-01-19 Joanna Rutkowska (joanna mailsnare net) Patchfinder is a sophisticated diagnostic utility designed to detected system libraries and kernel compromises. Its primary use is to check if the given machine has been attacked with some modern rootkits. With this tool you should be able to detect even the newest versions of such rootkits like: [ more ] [ reply ] Directories management bypassing in Goahead webserver <= 2.1.8 2004-01-19 Luigi Auriemma (aluigi altervista org) Proof-Of-Concept Denial-Of-Service Pointbase 4.6 Java SQL-DB 2004-01-19 Marc Schoenefeld (schonef uni-muenster de) Hi, the following code crashes the Pointbase 4.6 database that comes with the J2EE reference implementation. It is provided as an ant script for flexibility and to illustrate the involved ressources. This is a cross-platform denial-of-service java exploit, caused by fact that the pointbase install [ more ] [ reply ] [SECURITY] [DSA 427-1] New Linux 2.4.17 packages fix local root exploit (mips+mipsel) 2004-01-19 joey infodrom org (Martin Schulze) [SECURITY] [DSA 426-1] New netpbm-free packages fix insecure temporary file creation 2004-01-18 Matt Zimmerman (mdz debian org) Lame crash in qmail-smtpd and memory overwrite according to gdb, yet still qmail much better than windows 2004-01-18 Serafino Sorrenti (ml ssorrenti com) http://www.guninski.com/qmailcrash.html Georgi Guninski security advisory #65, 2004 Lame crash in qmail-smtpd and memory overwrite according to gdb, yet still qmail much better than windows Systems affected: qmail 1.03 on linux, don't know about other OSes. Risk: Unknown. maybe so, maybe no. [ more ] [ reply ] Pablo Sofware Solutions FTP server can detect if a file exists outside the FTP root directory 2004-01-18 scrap (webmaster securiteinfo com) Pablo Sofware Solutions FTP server can detect if a file exists outside the FTP root directory .oO Overview Oo. Pablo Software Solutions FTP server version 1.77 can detect if a file exists outside the FTP root directory. Discovered on 2004, January, 11th Vendor: Pablo Software Solutions (http:/ [ more ] [ reply ] new outbreak warning - Bagle 2004-01-19 Gadi Evron (ge egotistical reprehensible net) This possible worm outbreak warning was received on TH-Research (The Trojan Horses Research Mailing List) from Moosoft Development (www.moosoft.com) a few hours ago. AV and AT firms have had a few hours to update their databases. Info can be found only on Kaspersky's web page, so far: http://www [ more ] [ reply ] |
|
Privacy Statement |
Application: NETCam webserver running NETCam Viewer 1.0.0.28
Vendor: http://www.aiptek.com/
Versions: <= 1.0.0.28
Platforms: Windows/Unix
Bug: Directory traversal bug
Risk:
[ more ] [ reply ]