|
|
Colapse all |
Post message
RE: Cobalt RaQ Control Panel Cross Site Scripting 2003-10-05 Steve Manzuik (steve entrenchtech com) > it is a security hole because it demonstrates that the message.cgi script > does not have > an input validation system. This isn't a security hole but more of a scripting mistake. You don't gain any additional access, you don't r00t the box, you don't even steal another users session. Commo [ more ] [ reply ] GuppY : XSS, Files Reading/Writing 2003-10-05 Frog Man (leseulfrog hotmail com) Informations : °°°°°°°°°°°°° Language : PHP Bugged Version : 2.4p3 (and less ?) Patched version : 2.4p4 Website : http://www.freeguppy.org Problems : - Permanent XSS - Files Reading - Files Writing PHP Code/Location : °°°°°°°°°°°°°°°°°°° postguest.php : ------------------------------------------- [ more ] [ reply ] RE: New IE crash: CSS + HTML 2003-10-05 psz maths usyd edu au (Paul Szabo) "Russ Uhte (Lists)" <russlists (at) mailtest.parallax (dot) ws [email concealed]> and Sherlock <sherl0ck (at) comcast (dot) net [email concealed]> wrote: > ... It also crashes Eudora version 6.0.0.22 ... > ... Eudora crashed with a MSHTML.DLL error. ... You need to disable "Use Microsoft's viewer" in Tools > Options > Viewing Mail. This, and other Eudora [ more ] [ reply ] FreeBSD Security Advisory FreeBSD-SA-03:15.openssh 2003-10-05 FreeBSD Security Advisories (security-advisories freebsd org) Re: I have fixes for the Geeklog vulnerabilities 2003-10-05 Dirk Haun (dirk haun-online de) This is in response to "Geeklog Multiple Versions Vulnerabilities", <http://www.securityfocus.com/archive/1/339494> and a follow-up post to Full Disclosure which, I assume, was also sent to BugTraq: Lorenzo Hernandez Garcia-Hierro wrote: >Due to the completely incorrect treatment and work of the [ more ] [ reply ] Weaknesses in LEAP Challenge/Response 2003-10-06 Joshua Wright (Joshua Wright jwu edu) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 In August 2003, I sent a tool I had written to the Cisco PSIRT team that exploited weaknesses in the LEAP challenge/response authentication mechanism. This tool leveraged large password lists to efficiently launch offline dictionary attacks against LEA [ more ] [ reply ] [PAPER] Juggling with packets: floating data storage 2003-10-06 Wojciech Purczynski (cliph isec pl) The following paper explores the possibilities of using certain properties of the Internet or any other large network to create a reliable, volatile distributed data storage of a large capacity. ============================================== Juggling with packets: floating data storage === [ more ] [ reply ] Local root exploit in SuSE Linux 7.3Pro 2003-10-06 Stefan Nordhausen (deletethis nordhaus informatik hu-berlin de) Local root exploit in SuSE Linux 8.2Pro 2003-10-06 Stefan Nordhausen (deletethis nordhaus informatik hu-berlin de) [CLA-2003:760] Conectiva Security Announcement - mplayer 2003-10-06 Conectiva Updates (secure conectiva com br) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ -- CONECTIVA LINUX SECURITY ANNOUNCEMENT - ------------------------------------------------------------------------ -- PACKAGE : mplayer SUMMARY : Remote buffer overflow vuln [ more ] [ reply ] Conexant Access Runner DSL Console login bypass vulnerability 2003-10-04 Chris Norton (kicktd hotmail com) A vulnerability has been discovered in the Conexant Access Runner DSL Console Port 3.21. This vulnerability will let a remote attacker bypass the login screen and have full admin rights even if admin password is set. The login bypass works in the following way: When at login screen you may pres [ more ] [ reply ] Re: New IE crash: CSS + HTML 2003-10-04 Sherlock (sherl0ck comcast net) Greetings, I use Eudora v6 for e-mail, and when it processed the e-mail from arachnid__notdot_net (at) meta.net (dot) nz [email concealed] re: "New IE crash: CSS + HTML," Eudora crashed with a MSHTML.DLL error. Since the e-mail was then selected by default, Eudora continued to crash on startup until I renamed the MSHTML.D [ more ] [ reply ] PHP-Nuke v 6.7 + Windows = File Upload 2003-10-04 Frog Man (leseulfrog hotmail com) Informations : °°°°°°°°°°°°° Language : PHP Version : 6.7 Website : http://www.phpnuke.org Problem : File Upload PHP Code/Location : °°°°°°°°°°°°°°°°°°° modules/WebMail/mailattach.php : ------------------------------------------------------------------------ ---------------------------------------- [ more ] [ reply ] EMML, EMGB : Include() hole 2003-10-04 Frog Man (leseulfrog hotmail com) Informations : °°°°°°°°°°°°° Language : PHP ------------------------------------------------- Produit : EMML (EternalMart Mailing List Manager) Version : 1.32 ------------------------------------------------- Produit : EMGB (EternalMart Guestbook) Version : 1.1 -------------------------------------- [ more ] [ reply ] OpenLinux: wu-ftpd fb_realpath() off-by-one bug 2003-10-03 security sco com To: announce (at) lists.sco (dot) com [email concealed] bugtraq (at) securityfocus (dot) com [email concealed] security-alerts (at) linuxsecurity (dot) com [email concealed] full-disclosure (at) lists.netsys (dot) com [email concealed] -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ________________________________________________________________________ ______ SCO Security Advisory Subject: OpenLinux: wu- [ more ] [ reply ] FreeBSD Security Advisory FreeBSD-SA-03:18.openssl 2003-10-03 FreeBSD Security Advisories (security-advisories freebsd org) Cobalt RaQ Control Panel Cross Site Scripting 2003-10-04 Lorenzo Hernandez Garcia-Hierro (lorenzohgh nsrg-security com) Cisco 6509 switch telnet vulnerability 2003-10-03 Chris Norton (kicktd hotmail com) (2 replies) A vulnerability has been found on Cisco 6509 switches. The vulnerability was found to work on 2 different Cisco 6509 switches running CATOS 5.4(2) and 5.5(2). The vulnerability can lead to information and commands being exectued on the remote switch from the login prompt. Commands can be exectued [ more ] [ reply ] RE: Half-Life 2 source code stolen through IE exploit 2003-10-03 Thor Larholm (thor pivx com) (1 replies) There hasn't been an Outlook vulnerability for years, the only vulnerabilities you can exploit these days in Outlook are the ones that are caused by the fact that Outlook uses IE to render HTML mails. Hence the speculation on my part ;) Thor -----Original Message----- From: spackard (at) fastlink (dot) com [email concealed] [ more ] [ reply ] RE: Half-Life 2 source code stolen through IE exploit 2003-10-03 Mattox, Norman (NMattox scor com) Maybe not true. Hard to tell from their web site. -----Original Message----- From: Thor Larholm [mailto:thor (at) pivx (dot) com [email concealed]] Sent: Friday, October 03, 2003 3:19 AM To: bugtraq (at) securityfocus (dot) com [email concealed] Subject: Half-Life 2 source code stolen through IE exploit http://www.halflife2.net/forums/showthread.php?s= [ more ] [ reply ] |
|
Privacy Statement |
Eiffel Tower to sell, if you're interested.
According to Verisign, ICANN is an organization whose sole existance seems to be
to invade your privacy and spam you to death.
http://www.verisign.com/corporate/news/2003/pr_200
[ more ] [ reply ]