Hello,

We have implemented an instant windows password cracker named RainbowCrack.

It is based on Philippe Oechslin's faster time-memory trade-off technique.

(http://lasecwww.epfl.ch/php_code/publications/search.php?ref=Oech03)

This tool is an specialized LanManager hash cracker. On an 666MH

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I forgot to attach the programs to reproduce the condition in the previous
post, they are attached to this mail.

blexim
-----BEGIN PGP SIGNATURE-----
Note: This signature can be verified at https://www.hushtools.com/verify
Charset: UTF8
Version: Hush 2

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Local security bug in OpenBSD semaphore handling

Product: OpenBSD kernel (3.3-release, -current before 10/09/2003)
Impact: Root may bypass securelevel
Bug class: Integer overflow
Vendor notified: Yes
Fix available: Yes

Details

[ more ]  [ reply ]

>I found possibility to run Script (java Script, VBScript) on the system

>Invision Power Board...

>It's possible to do if it much {many} things like a withdrawal of

>cookie,

>advertising ....

>

>

>For example:

>

>http://forums.invisionpower.com/admin.php?

>adsess='><script>windo

[ more ]  [ reply ]

In-Reply-To: <20030909171006.23428.qmail (at) sf-www1-symnsj.securityfocus (dot) com [email concealed]>

Excuse me, i've made a little error in my example.

This will not work:

[url=www.google.fr" onclick="alert('Hello')]text[/url]

but this will work (on phbb 2.0.6):

[url=http://www.google.fr" onclick="alert('Hello')]text[/u

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----

________________________________________________________________________
______
SGI Security Advisory

Title : Denial of Service Vulnerability in NFS XDR decoding Update
Number : 20030801-02-P
Date : September 9, 2003
Ref

[ more ]  [ reply ]

Dan Stromberg wrote:
> So DJB's program basically has a large listen queue, and goes
> into queue-only mode after 40 concurrent connections?

tcpserver -c n ...
where n is the number of simultaneous connections. Defaults to 40.

> If that's the case, then there's still a DOS
> - just fill the liste

[ more ]  [ reply ]

Good day,

We here at SecurityFocus value the community and would like to
involve you, the Bugtraq subscribers, in its operation. As part of that
effort, we are considering implementing a more democratic process for
making important decisions on the future of Bugtraq and the
Security Focus website

[ more ]  [ reply ]

Hello,

You xss didnt work to me, but this "variant" did:

[url=http://www.izhal.com" onclick=alert("bug");"]test[/url]

thanks for pointing the bug :)
asphixia

----------
Hello, i've just found a new xss vulnerability in phpBB 2.0.6 (i'm not
sure but i don't think that others versions are vulne

[ more ]  [ reply ]

In-Reply-To: <19084321117.20030909100957 (at) mail (dot) ru [email concealed]>

>Tuesday, September 9, 2003, 1:43:59 AM, you wrote:

>

>kyf> Hello, i've just found a new xss vulnerability in

phpBB 2.0.6 (i'm not

>kyf> sure but i don't think that others versions are

vulnerable).

>kyf> This vulnerability is located in the [u

[ more ]  [ reply ]

Updated antivirus will only catch specific instances of POC code, not
any actual reallife exploitation which easily differ significantly in
footprint and signature.

It's been a constant nuisance the last few years that whenever you
release any kind of POC the AV vendors will label it as a virus and

[ more ]  [ reply ]

As was the case with Windows Media Player, when you install Winamp the
registry settings for MIDI files are set to automatically open the file
in the associated program. As such, this is also automatically
exploitable through webpages and HTML mail.

Regards
Thor Larholm
PivX Solutions, LLC - Seni

[ more ]  [ reply ]

Windows 98 no longer receive any security updates, so the behavior of
using WindowsUpdate under Windows 98 is undefined at best.

http://msgs.securepoint.com/cgi-bin/get/bugtraq0309/70.html

Regards
Thor Larholm
PivX Solutions, LLC - Senior Security Researcher

-----Original Message-----
From: Gu

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ---------------------------------------------------------------------
Red Hat Security Advisory

Synopsis: Updated gtkhtml packages fix vulnerability
Advisory ID: RHSA-2003:264-01
Issue date: 2003-09-09
Updated

[ more ]  [ reply ]

Escapade Scripting Engine XSS Vulnerability and Path Disclosure

Published: 9 September 2003

Released: 9 September 2003

Affected Systems: Escapade Scripting Engine

Vendor: http://www.escapade.org , http://www.squishedmosquito.com

Issue: Remote attackers can inject XSS script and kn

[ more ]  [ reply ]

Hello, i've just found a new xss vulnerability in phpBB 2.0.6 (i'm not

sure but i don't think that others versions are vulnerable).

This vulnerability is located in the [url][/url] bbcode.

You can insert javascript by doing a thing like that:

[url=www.google.fr" onclick=alert('Hello')]text[/u

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----

CERT Summary CS-2003-03

September 8, 2003

Each quarter, the CERT Coordination Center (CERT/CC) issues the CERT
Summary to draw attention to the types of attacks reported to our
incident response team, as well as other noteworthy incident

[ more ]  [ reply ]

> The microsoft security update for MS03-023 downloaded via the windows
update web site appears to be broken. Either the patch does not
properly install or is not able to be detected by the web based update
scan after install.
>
> Symptoms: running the update-scan at www.windowsupdate.com after

[ more ]  [ reply ]

#######################################################################

Luigi Auriemma

Applications: RogerWilco (http://www.rogerwilco.com)
Versions: 1.4.1.2 (server and client buffer-overflow)
1.4.1.6 (server freeze bug; server and client crash)
Platf

[ more ]  [ reply ]