-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

+-----------------------------------------------------------------------
-+
| Guardian Digital Security Advisory August 06, 2003 |
| http://www.guardiandigital.com ESA-20030806-020 |
|

[ more ]  [ reply ]

The problem at hand is not one of Notepad or the view-source protocol,
but of the behavior inherant to Internet Explorer on how to handle
certain mimetypes and protocols. Your advisory (good as it is)
highlights an example of the problem, but disregards the larger picture.

Whether or not a specific

[ more ]  [ reply ]

hk-vig of UHAGr and wsxz of Priv8security published a high risk remote

root exploit (if running by root) against Halflife <= 1.1.1.0 (including

all mods like CS, DoD) and dedicated server 3.1.1.1c1/4.1.1.1a.

Exploitation successfully tested on FreeBSD.This code is based upon the

recent hal

[ more ]  [ reply ]

sec-labs team proudly presents:

Local ZoneAlarm Firewall (probably all versions - tested on v3.1)
Device Driver vulnerability.
by Lord YuP
04/08/2003

I. BACKGROUND

ZoneAlarm is a very powerful and very common nowadays firewall for
Windows produced by Zone Labs.

[ more ]  [ reply ]

Hi,

Do Notepad popups represent a security risk or are they simply another
way for spammers and marketers to annoy us? Because of a design flaw in
Internet Explorer, Notepad popup windows can be displayed from an HTML
email message or Web page regardless of browser security settings. In
addition, N

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 358-2 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Matt Zimmerman
August 5th, 2003

[ more ]  [ reply ]

David:

Do you have any plans to release proof of concept code for the Oracle
exploit? The reason I ask is that "due to architectural constraints,"
Oracle is not planning on releasing a patch for 8i releases. We contacted
them about this, but they're sticking to their guns about the exploit
requir

[ more ]  [ reply ]

In-Reply-To: <20030804002946.4431.qmail (at) www.securityfocus (dot) com [email concealed]>

You've got to be kidding me?

>The vendor hasn't been notified because of their

>handling of previous vulnerabilties I found in Invision

>Board

I am extremely responsible with regards to security and in most

cases I've had a fi

[ more ]  [ reply ]

ZH2003-14SA (security advisory): aspBoard XSS Vulnerability

Published: 5 august 2003

Released: 5 august 2003

Name: aspBoard

Affected Systems: 1.2

Issue: Remote attackers can inject XSS script

Author: G00db0y (at) zone-h (dot) org [email concealed]

Vendor: http://www.freezingcold.com

Description

**

[ more ]  [ reply ]

Title: Local Vulnerability in IBM DB2 7.1 - 8.1 all binaries
Date: 27-07-2003
Platform: Only tested in Linux but can be exported to others.
Only versions 7.1 and Enterprise Server Edition v8.1 were checked
but could affect other versions.
Impact: Slight privilege elevation

[ more ]  [ reply ]

Title: Local Vulnerability in IBM DB2 7.1 db2job binary
Date: 27-07-2003
Platform: Only tested in Linux but can be exported to others.
Impact: Users with exec perm over ./db2as/sqllib/adm/db2job can create files
with 770 mode and owned by root.
Author: Juan Manuel Pascual Es

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
CONECTIVA LINUX SECURITY ANNOUNCEMENT
- ------------------------------------------------------------------------
--

PACKAGE : postfix
SUMMARY : Remote denial of service vu

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
CONECTIVA LINUX SECURITY ANNOUNCEMENT
- ------------------------------------------------------------------------
--

PACKAGE : wget
SUMMARY : Buffer overflow vulnerability

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----

NetBSD Security Advisory 2003-010
=================================

Topic: remote panic in OSI networking code

Version: NetBSD-current: source prior to May 26, 2003
NetBSD 1.6.1: affected
NetBSD 1.6: affected
NetBSD-1.5.3: affected
NetBSD-1.5.2:

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

+-----------------------------------------------------------------------
-+
| Guardian Digital Security Advisory August 04, 2003 |
| http://www.guardiandigital.com ESA-20030804-019 |
|

[ more ]  [ reply ]

Originally reported as affecting only WU-FTPD. It seems that the bug
is in code borrowed from the BSD C library. NetBSD, FreeBSD and OpenBSD
announcements attached.

David Mirza Ahmad
Symantec

PGP: 0x26005712
8D 9A B1 33 82 3D B3 D0 40 EB AB F0 1E 67 C6 1A 26 00 57 12
--
The battle for the past

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----

NetBSD Security Advisory 2003-011
=================================

Topic: off-by-one error in realpath(3)

Version: NetBSD-current: source prior to August 4, 2003
NetBSD 1.6.1: affected
NetBSD 1.6: affected
NetBSD-1.5.3: affected
NetBSD-1.5.2:

[ more ]  [ reply ]

-------------------
Product: PHP Authentication Suit for DreamWeaver
Vendor: Macromedia
Versions:
VULNERABLE

- DreamWeaver MX 6.0
- All the PHP Auth systems created with this
- Variables : ALL LIKE accessdenied

NOT VULNERABLE

- ?
---------------------

Description:

The PHP User Authentication

[ more ]  [ reply ]

brought to you by:
--------------------------

kid : ironkid (at) buildtheb0x (dot) com [email concealed]

and

farp : farp (at) buildtheb0x (dot) com [email concealed]

#gcc -o dcom_scanz dcom_scanz.c

# ./dcom_scanz
usage: dcom-isvuln <target-ip> [--debug]

# ./dcom_scanz 10.1.1.25
[+] Connecting to 10.1.1.25
[+] Sending DCERPC, Bind: call_id: 9 UUID: R

[ more ]  [ reply ]

ZH2003-5SA (security advisory): Windows beta webserver for pocket pc: full

remote access.

Published: 03/08/2003

Released: 03/08/2003

Name: Windows beta webserver for pocket pc: full remote access

Issue: Remote attackers have full access to pocket pc.

Author: G00db0y & SyS64738

[ more ]  [ reply ]

-INTRO-

All versions of Invisions Board have a flaw in their

input filtering that allows an attacker to completely

mess up Invision's display and in one case I managed to

change the URL of some of the forums links, which could

be used to refer users to fake login sites to collect

passwords e

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 361-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Matt Zimmerman
August 1st, 2003

[ more ]  [ reply ]

I succeeded in RedHat Linux (x86) wu-2.6.2(1), 2.6.2(2), 2.6.1, 2.6.0. (Most version).
This is never fake.

Excellent Advisory was already announced (2003/07/31):
http://isec.pl/vulnerabilities/isec-0011-wu-ftpd.txt

This information was very useful to me.
I'm thankful to them.

This works well in

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----

________________________________________________________________________
______

SuSE Security Announcement

Package: postfix
Announcement-ID: SuSE-SA:2003:033
Date: Mon Aug 4

[ more ]  [ reply ]

Program description:

---
Password Safe is a tool that allows you to have a different password
for all the different programs and websites that you deal with,
without actually having to remember all those usernames and passwords.

Originally created by Bruce Schneier's Counterpane Labs, Password Saf

[ more ]  [ reply ]