|
|
Colapse all |
Post message
minor apache htpasswd problem 2003-09-25 Andreas Steinmetz (ast domdv de) This is valid for the htpasswd utility of at least apache 1.3.27 and 1.3.28: The salt used for password generation solely depends on the current system time: (void) srand((int) time((time_t *) NULL)); ap_to64(&salt[0], rand(), 8); This causes all passwords generated within the same second to hav [ more ] [ reply ] ICMP pokes holes in firewalls... 2003-09-25 bugtraq hackerfactor com (1 replies) It seems like a fairly obvious hole, but I could find no mention of anyone reporting it. Traceroute uses two protocols: UDP and ICMP The outgoing packet is either UDP or ICMP with variable TTL (time to live). If the packet times out before reaching it's target, then the last router returns [ more ] [ reply ] Verisign's Sitefinder and use of the namespace 2003-09-25 Jeffrey Gorton (jpgorton swbell net) (1 replies) In the U.S., the radio spectrum is considered a public resource owned by the people. The government administers and regulates the use of the radio spectrum in the public interest. I am wondering if the Internet namespace cannot be considered in the same vein. Has Verisign usurped a public resource [ more ] [ reply ] Sanctum AppScan 4 misses potential vulnerabilities in wrapped links 2003-09-24 RAFAEL SAN MIGUEL CARRASCO (rsmc tid es) "AppScan 4.0 Audit Edition, the market leading application vulnerability assessment tool, accurately detects security vulnerabilities automatically as an integrated component of an enterprise security process review." AppScan 4 have a flaw regarding the way the "Explore stage" is implemented when [ more ] [ reply ] Cfengine2 cfservd remote stack overflow 2003-09-25 Nick Cleaton (nick cleaton net) ======================================================================== ====== Background ========== Cfengine (www.cfengine.org) automates the configuration and maintenance of large computer networks. A common setup involves running the cfservd daemon on TCP port 5308 on a central master server, [ more ] [ reply ] RE: Privacy leak in VeriSign's SiteFinder service #2 2003-09-25 Matt Rudge (mrudge hcs ie) What's more, the old MTA was just a dupe - it would return set responses regardless of what was passed to it. As can be seen from the following example posted to the IETF list: ----------snip--------- 220 snubby2-wceast Snubby Mail Rejector Daemon v1.3 ready blah 250 OK blah 250 OK blah 550 User d [ more ] [ reply ] Re: Privacy leak in VeriSign's SiteFinder service #2 2003-09-25 Timothy J. Biggs (tjb bluegravity com) Re: Privacy leak in VeriSign's SiteFinder service #2 2003-09-25 Marco Ivaldi (raptor 0xdeadbeef info) > Up to now, e-mails addressed to misspelled mail domains will not be sent > to Verisign's Fake-SMTP-service as MX records are used for mail-domain > resolving. Verisign did not set up wildcard MX records. That's not entirely correct. Since every host in non-existant domain now resolves to 64.94.11 [ more ] [ reply ] LanSuite 2003 - Multiple Vulnerabilities 2003-09-25 Phuong Nguyen (dphuong yahoo com) (1 replies) TITLE ===== 602Pro Lansuite 2003 - Multiple Vulnerabilities DESCRIPTION =========== ?602Pro LAN SUITE is an easy-to-install and manage all-in-one server application. Its standards-based SMTP/POP3 e-mail server provides effective e-mail communication without the risk of destructive virus infiltratio [ more ] [ reply ] My response to both the analysis of CIPE by Gutmann, Slashdot andthe response by the CIPE list 2003-09-25 Jake Appelbaum (jacob appelbaum net) Please allow me to introduce myself. I am neither a CIPE developer nor a cryptanalysis expert. I am however a security consultant who deals primarily in Free/Open Source Software. I have used CIPE in the past as well as other Free/Open/Non-Free products for use in a VPN solutions. I wanted to con [ more ] [ reply ] FreeBSD Security Advisory FreeBSD-SA-03:14.arp [REVISED] 2003-09-25 FreeBSD Security Advisories (security-advisories freebsd org) RE: Does VeriSign's SiteFinder service violate the ECPA? 2003-09-25 Justin Hahn (jeh profitlogic com) (2 replies) > The point I think Mr. Smith is trying to make is that Verisign seems > to *want* to intercept this private information and use it to their > own commercial advantage. Respectable sysadmins do not wish to receive > form data intended for other sites. As an aside, I find it very curious that peopl [ more ] [ reply ] RE: Does VeriSign's SiteFinder service violate the ECPA? 2003-09-25 Andrea Rimicci (andrea rimicci deltasys it) Re: base64 2003-09-25 MightyE (trash mightye org) (1 replies) Lawrence MacIntyre wrote: >Whatever happened to the strategy: > >Be conservative in what you send and liberal in what you accept. > > > This strategy falls on its face when you're looking at scanning emails for viruses. If you're liberal in what you accept, then someone has the ability to en [ more ] [ reply ] [OpenPKG-SA-2003.043] OpenPKG Security Advisory (proftpd) 2003-09-25 OpenPKG (openpkg openpkg org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ________________________________________________________________________ OpenPKG Security Advisory The OpenPKG Project http://www.openpkg.org/security.html http://www.openpkg.org openpkg-security (at) openpkg (dot) org [email concealed] [ more ] [ reply ] |
|
Privacy Statement |
.oO Overview Oo.
myServer version 0.4.3 shows files and directories that reside outside the
normal web root directory.
Discovered on 2003, August, 23th
Vendor: Myserver (http://myserverweb.sourceforge.net/forum/portal.php)
MyServer is a free, power
[ more ] [ reply ]