|
|
Colapse all |
Post message
Microsoft's plans for making XP more secure 2003-12-16 Richard M. Smith (rms computerbytesman com) Microsoft has just released a document describing the changes they will be making in service pack 2 to make Windows XP more secure. Many of the interesting changes are in Internet Explorer. The attached links provide the details. Richard M. Smith http://www.ComputerBytesMan.com ================= [ more ] [ reply ] Re: Buffer overflow/privilege escalation in MacOS X 2003-12-16 Max (rusmir tula net) In-Reply-To: <Pine.LNX.4.58.0312151132450.13512 (at) fsj.fqfubzr (dot) arg [email concealed]> Hi, It seems that my original message needs some clarification. Firstly, the demonstration quoted below does not give you a root shell. It shows that there is a segmentation fault caused by access to invalid memory region. The r [ more ] [ reply ] J2EE 1.4 reference implementation: database component allows remote code execution 2003-12-16 Marc Schoenefeld (schonef uni-muenster de) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Illegalaccess.org security advisory i/12-2003 (www.illegalaccess.org) J2EE 1.4 reference implementation: database component allows remote code execution Brief ===== Product : J2EE reference implementation (java.sun.com/j2ee/download.html) Component [ more ] [ reply ] Self-signed certs unrestricted in Windows XP 2003-12-14 Andrew Daviel (advax triumf ca) It appears that if a self-signed (test) certificate is installed under Windows XP, that it acquires all (or an unreasonable number of) privileges by default. I was testing a webserver and Java applet which I had signed with a self-signed cert (https://andrew.triumf.ca/mterm/) I notice that under [ more ] [ reply ] Re: Buffer overflow/privilege escalation in MacOS X 2003-12-15 Dave G. (daveg atstake com) (1 replies) > Date: Mon, 15 Dec 2003 11:54:02 -0800 > From: Max <rusmir (at) tula (dot) net [email concealed]> > To: bugtraq (at) securityfocus (dot) com [email concealed] > Subject: Buffer overflow/privilege escalation in MacOS X > > Hi, > > It appears that parts of MacOSX that didn't come from BSD are > not very well written and have significant security issues. > > [ more ] [ reply ] MDKSA-2003:116 - Updated lftp packages fix buffer overflow vulnerability 2003-12-15 Mandrake Linux Security Team (security linux-mandrake com) lftp buffer overflows 2003-12-13 Härnhammar, Ulf (Ulf Harnhammar 9485 student uu se) lftp buffer overflows --------------------- PROGRAM: lftp VENDOR: Alexander V. Lukyanov et al. HOMEPAGE: http://lftp.yar.ru/ VULNERABLE VERSIONS: 2.3.0, 2.4.9, 2.6.6, 2.6.7, 2.6.8, 2.6.9, probably all versions inbetween IMMUNE VERSIONS: 2.6.10, older versions with my patch applied * PROGRAM DESC [ more ] [ reply ] re: Breaking the checksum (a new TCP/IP blind data injection technique) 2003-12-15 anon (anonpoet inconnu isu edu) re:Breaking the checksum (a new TCP/IP blind data injection technique 2003-12-15 Michal Zalewski (lcamtuf ghettot org) On Mon, 15 Dec 2003 LARSJ (at) inel (dot) gov [email concealed] wrote: > This is a good line of thought that needs to be re-addressed every now > and then, but I can remember discussing this exact attack ten years ago. > There's even an RFC on it. RFC 1858 if memory serves. Lars, Nope. The set of attacks discussed in RFC1858 [ more ] [ reply ] Get admin rights using Doro (pdf creator) 2003-12-14 Ramon Kukla (ml portsonline net) Hi, a few days ago i discovered a bug in Doro[1]. Doro is a free tool to create pdf files from any windows program. After installing Doro you have a new printer called 'Doro PDF Writer'. If you select 'Print' the spooler calls the printer filter 'doro.dll'. The 'doro.dll' then starts 'doro.exe' and [ more ] [ reply ] Buffer overflow/privilege escalation in MacOS X 2003-12-15 Max (rusmir tula net) Hi, It appears that parts of MacOSX that didn't come from BSD are not very well written and have significant security issues. An example is a /System/Library/Filesystems/cd9660.fs/cd9660.util utility. It is suid root and it is vulnerable to a classic buffer overflow due to the lack of input valida [ more ] [ reply ] GLSA: Malformed dcc send requests in xchat-2.0.6 lead to a denial of service 2003-12-14 Kurt Lieber (klieber gentoo org) ------------------------------------------------------------------------ --- GENTOO LINUX SECURITY ANNOUNCEMENT 200312-06 ------------------------------------------------------------------------ --- GLSA: 200312-06 Package: net-irc/xchat Summary: Malformed dcc send requests in xchat-2 [ more ] [ reply ] DameWare Mini Remote Control Server <= 3.72 Buffer Overflow 2003-12-14 wirepair (wirepair roguemail net) Product: DameWare Mini Remote Control <= 3.72.0.0 Vulnerability: Pre-Authentication Buffer Overflow Severity: High Risk Status: Vendor responded very quickly and has resolved the issue in 3.73 and later. The new version can be downloaded from http://www.dameware.com/downloads. Description: A buffe [ more ] [ reply ] Re: Several Things about IE bugs 2003-12-15 http-equiv (at) excite (dot) com [email concealed] (1 malware com) Unbelievable. Yet another 'silent delivery and installation of an executable on a target computer. No client input other than viewing a web page ' fully patched XP and Internet Explorer 6 series of browsers: http://www.safecenter.net/UMBRELLAWEBV4/1stCleanRc/1stCleanRc- Xp/index.html All one [ more ] [ reply ] |
|
Privacy Statement |
Vendor : Aardvarkind
URL : http://www.aardvarkind.com
Version : Aardvark Topsites PHP 4.1.0
Risk : Multiple Vulnerabilities
Description:
Aardvark Topsites is a popular free PHP topsites script. See URL
for details.
Plaintext Database Pass Weakness:
The login info for t
[ more ] [ reply ]