|
|
Colapse all |
Post message
Internet Explorer file downloading security alerts bypass 2003-12-22 Hugo Vázquez Caramés (overclocking_a_la_abuela hotmail com) PHP-NUKE version <= 6.9 'cid' sql injection exploit 2003-12-20 r00t rsteam ru PHP-NUKE version <= 6.9 'cid' sql injection exploit ---------------------- RusH security team http://rst.void.ru http://www.rsteam.ru ---------------------- mailto:r00t (at) rsteam (dot) ru [email concealed] -----BEGIN PGP PUBLIC KEY BLOCK----- Version: PGP 8.0.2 mQGiBD8+oMARBADX7sY86saLDTZXF [ more ] [ reply ] [SCSA-024] BES-CMS including file vulnerability 2003-12-20 Security Corporation Security Advisory (advisory security-corporation com) ====================================================================== Security Corporation Security Advisory [SCSA-024] BES-CMS including file vulnerability ====================================================================== PROGRAM: BES-CMS HOMEPAGE: http://bes.h6p.org VULNERABLE VERSIONS: 0. [ more ] [ reply ] Multicast from Orinoco wireless stations 2003-12-20 Andrew Daviel (advax triumf ca) It seems that some Orinoco 802.11 base stations send multicast packets on 224.0.1.76/2313 (IAPP.MCAST.NET). By sending a multicast join (opening a socket with netcat or other tool) to this group, one can discover other base stations on multicast-enabled portions of the Internet, such as the acade [ more ] [ reply ] Re: Security bug in Xerox Document Centre 2003-12-20 brandon pierce (brandonp insynclh com) In-Reply-To: <20031219141657.A1147 (at) shiva.cps.unizar (dot) es [email concealed]> Just tested this out on a few different models of Xerox multifunction devices of ours as well, and all three were vulnerable. Following systems apply: Document Centre 440DC Document Centre 480DC Document Centre 425ST >TECHNICAL INFO [ more ] [ reply ] Remote crash in tcpdump from OpenBSD 2003-12-20 Przemyslaw Frasunek (venglin freebsd lublin pl) (1 replies) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------- Original Message -------- Subject: user/3610: repetable tcpdump remote crash Resent-Date: Sat, 20 Dec 2003 08:55:02 -0700 (MST) Resent-From: gnats (at) cvs.openbsd (dot) org [email concealed] (GNATS Filer) Resent-To: bugs (at) cvs.openbsd (dot) org [email concealed] Date: Sat, 20 Dec 2003 16:42:25 [ more ] [ reply ] MDKSA-2003:118 - Updated XFree86 packages fix xdm vulnerability 2003-12-19 Mandrake Linux Security Team (security linux-mandrake com) RE: Edonkey/Overnet Plugins capable of Virus/Worm behavior 2003-12-19 Andre Lorbach (alorbach ro1 adiscon com) > -----Original Message----- > From: Max [mailto:max (at) maxandcarrie (dot) com [email concealed]] > Sent: Thursday, December 18, 2003 9:32 PM > To: ashton; 'Pavel Kankovsky' > Cc: bugtraq (at) securityfocus (dot) com [email concealed] > Subject: RE: Edonkey/Overnet Plugins capable of Virus/Worm behavior > > Does this same plugin system also apply to em [ more ] [ reply ] Directory traversal and XSS in Active Webcam <= 4.3 2003-12-19 Luigi Auriemma (aluigi altervista org) Re: Buffer overflow/privilege escalation in MacOS X - hfs.util also 2003-12-19 KF (dotslash snosoft com) The funny thing is that I have reported this to apple more than once if I remember correctly... first in 10.1 and recently in 10.3, I have yet to hear back on the issue. As a side note apple has a no talky / no verify policy until the bug is fixed... they just keep you pretty much 100% in the d [ more ] [ reply ] [Exploit]: DameWare Mini Remote Control Server Overflow Exploit 2003-12-19 Adik (netninja hotmail kg) AOL Instant Messanger - Buddy Icon Warn Exploit 2003-12-19 Josh Camacho (sfocus ceromus com) AOL Instant Messanger - Buddy Icon Warn Exploit "Discovered by Robbie Saunders, it allows you to warn somebody if they have a buddy icon, but they don't have to send you an Instant Message. This has to be done using a program though, it just sends the user an IM, but request's their buddy icon [ more ] [ reply ] Security bug in Xerox Document Centre 2003-12-19 J.A. Gutierrez (spd shiva cps unizar es) CONTACT INFORMATION ======================================================================== ======= Name : J.A. Gutierrez E-mail : spd (at) shiva.cps.unizar (dot) es [email concealed] Reported this to the vendor on Mon Dec 15 2003 using feedback form at http://www.xerox.com, since I co [ more ] [ reply ] Re: Edonkey/Overnet Plugins capable of Virus/Worm behavior 2003-12-19 nagual bluemail ch In-Reply-To: <20031217015930.29190.qmail (at) sf-www1-symnsj.securityfocus (dot) com [email concealed]> Once you allow native code on a Windows machine, there is no limit to what it can access within its user rights, same with Unix. Even as a non root process any program can do a lot of obnoxious things. Any native code com [ more ] [ reply ] Subscribe Me Pro/Enterprise - Remote Code Execution via Backticked Perl Variable Injection. 2003-12-18 Paul Craig - Pimp Industries (headpimp pimp-industries com) RE: Edonkey/Overnet Plugins capable of Virus/Worm behavior 2003-12-17 Aaron_Yemm NAI com (1 replies) I do believe that several kazaa virus/plugins are engineered in the same fashion and advertised through the kazaa network as "skins" or "theme pack" plugins. -Aaron -----Original Message----- From: Julian Ashton [mailto:ashton (at) joltmedia (dot) com [email concealed]] Sent: Tuesday, December 16, 2003 9:00 PM To: bugtraq@se [ more ] [ reply ] Multiple Vulnerabilities In ASPapp Products 2003-12-18 JeiAr (security gulftech org) Vendor : ASPapp.com URL : http://www.aspapp.com Version : PortalApp - IntranetApp - ProjectApp Risk : Multiple Vulnerabilities Description: A complete, easy-to-modify .asp portal system. With this portal you can manage users, content, links, files, forums, surveys, product catalog, sho [ more ] [ reply ] |
|
Privacy Statement |
====================================================================
Advisory by Eye On Security Research Group - India www.eos-india.net
====================================================================
1.==============================================================Product
2.====
[ more ] [ reply ]