|
|
Colapse all |
Post message
msblast.d and a review of defensive worms 2003-08-18 David J. Meltzer (djm intrusec com) As many people have undoubtably already seen, the newest variant of msblast (dubbed msblast.d, see http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MSB LAST.D) is one of a growing group of "good/defensive worms." As every previous "good" worm has, this will of course touch off [ more ] [ reply ] [SCSA-020] Multiple vulnerabilities in AttilaPHP 2003-08-18 Gregory LEBRAS (gregory lebras security-corporation com) ====================================================================== Security Corporation Security Advisory [SCSA-020] Multiple vulnerabilities in AttilaPHP ====================================================================== PROGRAM: AttilaPHP HOMEPAGE: http://www.attila-php.net VUL [ more ] [ reply ] Re: PointGuard: It's not the Size of the Buffer, it's the Address 2003-08-18 pageexec freemail hu Subject: Re: PointGuard: It's not the Size of the Buffer, it's the Address From: Crispin Cowan <crispin () immunix ! com> Date: 2003-08-15 18:00:04 > Please address technical commentary to the paper (which addresses this > point) and not to the cute tag line. Here we go then (all quotes [ more ] [ reply ] Re: Buffer overflow prevention 2003-08-18 pageexec freemail hu Subject: Buffer overflow prevention From: "Eygene A. Ryabinkin" <rea () rea ! mbslab ! kiae ! ru> Date: 2003-08-13 10:28:33 > So, my suggestion: let us organise two segments: one for normal > stack, growing downwards, referenced by SS:ESP pair and the second > one, for local variables, ref [ more ] [ reply ] FW: [gopher] UMN Gopher 3.0.6 released 2003-08-18 John Goerzen (jgoerzen complete org) Recently, a security bug in UMN gopherd was reported to this list. However, the submitter of this bug made no effort to notify me (the maintainer of this program) of the bug, either before or after the discovery of the bug. I heard about it some time later by a bugtraq reader that submitted a bug [ more ] [ reply ] OpenSLP initscript symlink vulnerability 2003-08-18 Ademar de Souza Reis Jr. (ademar conectiva com br) Hello. OpenSLP is an implementation of the "Service Location Protocol V2", an IETF standards track protocol that provides a framework to allow networking applications to discover the existence, location, and configuration of networked services in enterprise networks. (http://www.openslp.org) There [ more ] [ reply ] Re: Buffer overflow prevention 2003-08-18 pageexec freemail hu > There is only one thing I have found the various PAX people to have in > common; they are very persistant at calling other people liars. Can > you people please grow up? Can you provide the evidence where we called you or other people a liar? Does your calling other people's ideas ridiculous (a [ more ] [ reply ] RE: Need help. Proof of concept 100% security. 2003-08-18 Joyce, MP (Matthew) (M P Joyce rl ac uk) (1 replies) Some issues for these types of systems: EFC has to build the behavioural model for each application. For simple applications, it may be possible to build the behavioural model in a test environment, then use that model in production. However complex applications will have behaviour that may be very [ more ] [ reply ] Re: Buffer overflow prevention 2003-08-18 pageexec freemail hu (1 replies) Subject: Re: Buffer overflow prevention From: Theo de Raadt <deraadt () cvs ! openbsd ! org> Date: 2003-08-14 21:43:10 > > It's not difficult at all on x86, but having non-overlapping Segments > > for Code and Data/Stack would limit the virtual address space. > > I am not sure if you have [ more ] [ reply ] OpenServer 5.0.x : Samba security update available avaliable for download. 2003-08-16 security sco com To: full-disclosure (at) lists.netsys (dot) com [email concealed] bugtraq (at) securityfocus (dot) com [email concealed] announce (at) lists.caldera (dot) com [email concealed] scoannmod (at) xenitec.on (dot) ca [email concealed] -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ________________________________________________________________________ ______ SCO Security Advisory Subject: UnixWare 7.1.2 Open [ more ] [ reply ] [Full-Disclosure] [SECURITY] [DSA-373-1] New autorespond packages fix buffer overflow 2003-08-17 debian-security-announce lists debian org Dropbear SSH Server <= 0.34 2003-08-16 Joel Eriksson (je bitnux com) ======================================================================== == 0xbadc0ded Advisory #02 - 2003/08/17 - Dropbear SSH Server <= 0.34 ======================================================================== == Reference http://0xbadc0ded.org/advisories/0302.txt PGP-key http://0x [ more ] [ reply ] [Full-Disclosure] [SECURITY] [DSA-372-1] New netris packages fix buffer overflow 2003-08-17 debian-security-announce lists debian org |
|
Privacy Statement |
I have found a dangerous vunlerability in phpBB.
I've verified that versions 2.0.5 and 2.0.4 (AFAIK the two latest versions)
are affected, but probably more versions are vulnerable.
If HTML is enabled for postings, a user can post a link like this:
<a
href="javascript:document.location.repla
[ more ] [ reply ]