SecurityFocus

New AIM Expliot/Worm/Adware-script (realphx.com related) 2003-10-10
Michael A. Nunes (p pcmike net)

There appears to be some sort of a new AIM exploit/worm/adware-script that
advertises the website www.realphx.com. It sets people's AIM profiles to an
advertisement for www.realphx.com and it also changes their default homepage
in IE to the same thing.. I have no idea what *ELSE* it does. I'm not

[ more ] [ reply ]

Gallery 1.4 including file vulnerability 2003-10-11
Peter Stöckli (pcs rootquest com)

Gallery 1.4 including file vulnerability

-Background Information-

Gallery is a Web-based software product that lets you manage photos on any Web site that offers PHP support. With Gallery you can easily create and maintain albums of photos via an intuitive interface. Photo management includes

[ more ] [ reply ]

TRACKtheCLICK Script Injection Vulnerabilities 2003-10-11
BrainRawt (brainrawt haxworx com)

Scripts4webmasters.com TRACKtheCLICK Script Injection Vulnerabilities
Discovered By Chris Rahm (aka: BrainRawt) (brainrawt (at) haxworx (dot) com [email concealed])

About TRACKtheCLICK:
--------------------
A perl coded CGI that tracks your email, ezine, banner, and web site
links. TRACKtheCLICK outputs log informatio

[ more ] [ reply ]

SA-20031006 slocate buffer overflow - exploitation proof 2003-10-11
Patrik Hornik (patrik hornik ebitech sk)

Concern about Checkpoint and SSL Vulnerability 2003-10-10
seeker hush ai

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Found the following in Checkpoint

libcpopenssl.so
>ASN.1 part of OpenSSL 0.9.6c 21 dec 2001
>asn1_lib.c

This is from Solaris. Friends have confirmed
similar in other *nix and M$. Nearly all
executables link to these libraries.

Nothing on Checkpoint w

[ more ] [ reply ]

RE: Bad news on RPC DCOM vulnerability 2003-10-11
VigilantMinds Security Operations Center (soc rpc vigilantminds com)

Security Community,

The following information references a serious security threat to you or
your organization if the proper measures have not been taken to prevent
its destructive intent.

Description of Issue
--------------------
VigilantMinds has successfully validated the claims regarding the

[ more ] [ reply ]

[SECURITY] [DSA 394-1] New openssl095 packages fix denial of service 2003-10-11
joey infodrom org (Martin Schulze)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 394-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Martin Schulze
October 11th, 2003

[ more ] [ reply ]

MDKSA-2003:099 - Updated sane packages fix remote vulnerabilities 2003-10-09
Mandrake Linux Security Team (security linux-mandrake com)

Bad news on RPC DCOM vulnerability 2003-10-10
3APA3A (3APA3A SECURITY NNOV RU)

Dear bugtraq (at) securityfocus (dot) com [email concealed],

There are few bad news on RPC DCOM vulnerability:

1. Universal exploit for MS03-039 exists in-the-wild, PINK FLOYD is
again actual.
2. It was reported by exploit author (and confirmed), Windows XP SP1
with all security fixes installed still vulnerable t

[ more ] [ reply ]

Shattering By Example 2003-10-10
Brett Moore (brett moore security-assessment com)

A new white paper on shatter attcks has been released and is available
from our website;

www.security-assessment.com/Papers/Shattering_By_Example-V1_03102003.pdf

This white paper includes information from both shatterseh2.txt and
shatterseh3.txt.

It also includes a shatter attack exploit agains

[ more ] [ reply ]

NetBSD Security Advisory 2003-015: Remote and local vulnerabilities in XFree86 font libraries 2003-10-09
NetBSD Security Officer (security-officer NetBSD org)

-----BEGIN PGP SIGNED MESSAGE-----

NetBSD Security Advisory 2003-015
=================================

Topic: Remote and local vulnerabilities in XFree86 font libraries

Version: NetBSD-current: source prior to August 31, 2003
NetBSD 1.6.1: affected
NetBSD 1.6: affected
NetBSD-1.5.

[ more ] [ reply ]

NetBSD Security Advisory 2003-016: Sendmail - another prescan() bug CAN-2003-0694 2003-10-09
NetBSD Security Officer (security-officer NetBSD org)

-----BEGIN PGP SIGNED MESSAGE-----

NetBSD Security Advisory 2003-016
=================================

Topic: Sendmail - another prescan() bug CAN-2003-0694

Version: NetBSD-current: source prior to September 18, 2003
NetBSD 1.6.1: affected
NetBSD 1.6: affected
NetBSD-1.5.3: affect

[ more ] [ reply ]

NetBSD Security Advisory 2003-017: OpenSSL multiple vulnerabilities 2003-10-09
NetBSD Security Officer (security-officer NetBSD org)

-----BEGIN PGP SIGNED MESSAGE-----

NetBSD Security Advisory 2003-017
=================================

Topic: OpenSSL multiple vulnerabilities

Version: NetBSD-current: sources prior to October 3, 2003
NetBSD 1.6.1: affected
NetBSD 1.6: affected
NetBSD-1.5.3: affected
NetBSD-1.5.2

[ more ] [ reply ]

[RHSA-2003:281-01] Updated MySQL packages fix vulnerability 2003-10-09
bugzilla redhat com

Re: [PAPER] Juggling with packets: floating data storage 2003-10-09
Adeel Hussain (ad33lh hotmail com) (1 replies)

In-Reply-To: <75a101c38dd8$40064170$1200a70a@watdougmoen>

Show me another

>> method that can delete 6.5 GB a data in a completely unrecoverable manner

>> that quickly.

>

>A ramdisk.

>

>Doug Moen.

>

>

Section 7 of Peter Gutman's paper "Secure Deletion of Data from Magnetic and Solid-State

[ more ] [ reply ]

Re: [PAPER] Juggling with packets: floating data storage 2003-10-10
Brandon Eisenmann (beisenmann earthlink net)

Re: [Full-Disclosure] RE: [PAPER] Juggling with packets: floating data storage 2003-10-08
Michal Zalewski (lcamtuf ghettot org)

On Wed, 8 Oct 2003, Alun Jones wrote:

>> A real juggler would focus on a different kind of outsourced data
> Of course, a real network engineer would remind you that you face two
> immediate problems regarding this technique:
>
> 1. [UDP] Jugglers don't usually have to deal with oranges suddenly

[ more ] [ reply ]