|
|
Colapse all |
Post message
Multiple Vendor SOAP server (XML parser) attribute blowup DoS 2003-12-09 Amit Klein (Amit Klein SanctumInc com) //////////////////////////////////////////////////////////////////////// /////// //==========================>> Security Advisory <<==========================// //////////////////////////////////////////////////////////////////////// /////// ---------------------------------------------------------- [ more ] [ reply ] Is this the first case of a Distributed Denial of Physical Service? 2003-12-09 tonyl s2s ltd uk (1 replies) Hi, Please see: http://www.theregister.co.uk/content/6/34388.html http://www.cambs.police.uk/camops/press_releases/press_releases.asp?ID=1 992 It appears that an individual has successfully socially engineered a distributed denial of physical service (DDoPS?). A (hoax) email had been s [ more ] [ reply ] Re: Is this the first case of a Distributed Denial of Physical Service? 2003-12-09 Nick Johnson (arachnid notdot net) @Mail web interface multiple security vulnerabilities 2003-12-09 S-Quadra Security Research (research s-quadra com) BNCweb File Disclosure Vulnerability 2003-12-09 Matthias Bethke (matthias bethke gmx net) BNCweb is a set of CGI scripts developed at the University of Zürich as a user-friendly query interface to the British National Corpus. It allows linguists to retrieve lexical, grammatical and textual data from this 100 million word collection of english texts using a web browser. For more informa [ more ] [ reply ] Internet Explorer URL parsing vulnerability 2003-12-09 bugtraq zapthedingbat com Internet Explorer URL parsing vulnerability Vendor Notified 09 December, 2003 # Vulnerability ########## There is a flaw in the way that Internet Explorer displays URLs in the address bar. By opening a specially crafted URL an attacker can open a page that appears to be from a different do [ more ] [ reply ] MDKSA-2003:113 - Updated screen packages fix buffer overflow vulnerability 2003-12-09 Mandrake Linux Security Team (security linux-mandrake com) MDKSA-2003:112 - Updated cvs packages fix malformed module request vulnerability 2003-12-09 Mandrake Linux Security Team (security linux-mandrake com) Dell BIOS DoS 2003-12-08 James Evans (jae7 lehigh edu) (1 replies) The Dell BIOS allows users to set several different passwords to protect their machines from unauthorised access. There is 1) a Setup Password, which is required to enter the BIOS setup, as well as 2) a Hard Drive Password, as per the ATA Security Feature Set Specification. Unfortunately, once a [ more ] [ reply ] [SCSA-022] Multiple vulnerabilities in Xoops 2003-12-05 Security Corporation Security Advisory (advisory security-corporation com) ====================================================================== Security Corporation Security Advisory [SCSA-022] Multiple vulnerabilities in Xoops ====================================================================== PROGRAM: Xoops HOMEPAGE: http://www.xoops.org VULNERABLE VERSIONS: 1.3 [ more ] [ reply ] Re: [Fwd: Security Alert; possible buffer overflow in all Mathopd versions] 2003-12-08 Peter Geissler (blasty geekz nl) In-Reply-To: <3FD09747.7010607 (at) mpex (dot) net [email concealed]> Hi, I took a look at the source of Mathopd (1.3pl8 to be exact), and I'm seeing the potiental security risk. but I can assure it isn't THAT high. Let's take a look at some snippets of the source from prepare_replay(): -- char *b, buf[2 * PATHLEN + 400 [ more ] [ reply ] Land Down Under 601 2003-12-08 gdayworld hotmail com Application :- Land Down Under =+++++++++++++++++++++++++= http://ldu.neocrome.net/ Versions Affect: LDU 601 (other versions not checked) Risk Factor - Undertimend Impact - In the least, the attacker could gain access to a users account (unless logged in) Type of Exploit - SQL Injectio [ more ] [ reply ] FAT32 directory auth bypass on Linux Abyssws < 1.2 2003-12-08 Luigi Auriemma (aluigi altervista org) Patchmanagement.org announcement 2003-12-07 Adam Shostack (adam homeport org) PatchManagement.org is the industry's first mailing list dedicated to the discussion of patch management. The PatchManagement mailing list discusses the how-to's and why's of security patch management across a broad spectrum of Operating Systems, Applications, and Network Devices. This list is meant [ more ] [ reply ] eZ Multiple Packages Stack Overflow Vulnerability 2003-12-07 Peter Winter-Smith (peter4020 hotmail com) cdwrite 1.3 insecure tmp file handling vulnerability. 2003-12-06 Shaun Colley (shaunige yahoo co uk) ######################################################### Application: cdwrite 1.3 Versions: 1.3 Vendor: Cezary M. Kruk & H. P. de Vries Impact: Could allow attacker to overwrite/manipulate files as the user running cdwrite. Vendor status: Vendor contacted, no reply yet. Date: 06/12/03 ########### [ more ] [ reply ] Immunix Secured OS 7.3, 7+ rsync update 2003-12-06 Immunix Security Team (security immunix com) [Outlook and Notes users, please ensure your Out Of Office messages are not sent in response to public mail lists. It is annoying. Thank you.] [Virus Scanner administrators: (a) GPG signatures are not an executable format; (b) as most virii forge From: and From_ headers, it makes no sense to rely o [ more ] [ reply ] RE: Websense Blocked Sites XSS 2003-12-05 Hubbard, Dan (dhubbard websense com) All; We now have a fix available for all platforms of version 5.01 also. Please update the entry below to include fixes for 5.1 and 5.01. All Websense customers can receive the fix free of charge through our technical support department. Thanks -----Original Message----- From: Mr. P.Taylor [mai [ more ] [ reply ] |
|
Privacy Statement |
bash-2.05b$ id
uid=333(sweep) gid=333(sweep) gruppi=333(sweep)
bash-2.05b$ pwd
/home/c0wboy/ebola-0.1.4
bash-2.05b$ ./ebola &
[1] 2077
bash-2.05b$ exit
exit
[c0wboy@localhost ebola-0.1.4]$ cd $HOME
[c0wboy@localhost c0wboy]$ gcc 0x3
[ more ] [ reply ]