|
|
Colapse all |
Post message
CyberStrong Shopping Cart - Advisory & Exploit Code 2003-07-01 aresu bosen net Advisory Name: Cyberstrong eShop SQL Injection Vulnerability Release Date: 05/07/2003 Application: CyberStrong eShop v4.2 Platform: Win32/MSSQL Severity: High BUG Type: SQL Injection Discover by: AresU <aresu (at) bosen (dot) net [email concealed]> Author: Bosen <mobile (at) bosen (dot) net [email concealed]> Vendor Status: See below. Vendor URL: http://ww [ more ] [ reply ] Re: [Symantec Security Advisor] Symantec Security Check ActiveX Buffer Overflow 2003-07-01 J.Warren (webmaster apluswebmaster net) In-Reply-To: <OF1E6BC23E.1E3EF540-ON88256D4F.005E0C2F-87256D4F.005EE98F (at) symantec (dot) com [email concealed]> This may prevent and configure your PC for -future- prevention of "ActiveX" problems: Test Your ActiveX Installation http://www.pcpitstop.com/testax.asp "This page tests whether you have your browser prope [ more ] [ reply ] PoC for Internet Explorer >=5.0 buffer overflow (trivial exploit for hard case). 2003-07-01 3APA3A (3APA3A SECURITY NNOV RU) Dear bugtraq (at) securityfocus (dot) com [email concealed], Attached exploit for [1] works with ~70% probability on Windows NT 4.0 (I didn't tested on different systems and it may differ, I don't care because I only wanted to show code execution IS possible). It works slow and may require few minutes to complete [ more ] [ reply ] ezbounce[v1.0-(1.04a/1.50pre6)]: remote format string exploit. 2003-07-01 Vade 79 (v9 fakehalo deadpig org) just downloaded ezbounce, quick audit yielded this format bug. the bug exists from version 1.0 to current(1.04a-stable/1.50-pre6-beta at the time). the bug occurs inside the "sessions" command. most of the details are explained in the exploit comments. pretty much explains how to get the ad [ more ] [ reply ] Re: Bypassing ZoneAlarm (limited) 2003-07-01 Te Smith (tsmith zonelabs com) In-Reply-To: <20030623061246.7134.qmail (at) www.securityfocus (dot) com [email concealed]> The posting describes test results using older versions of Zone Labs? ZoneAlarm and also erroneously attributes the problem to a flawed core design. Zone Labs? Advanced Program Control feature protects PCs from the ShellExecu [ more ] [ reply ] [SECURITY] [DSA-335-1] New mantis packages fix insecure file permissions 2003-06-29 Matt Zimmerman (mdz debian org) [SECURITY] [DSA-334-1] New xgalaga packages fix buffer overflow 2003-06-29 Matt Zimmerman (mdz debian org) [SECURITY] [DSA-333-1] New acm packages fix integer overflow 2003-06-29 Matt Zimmerman (mdz debian org) [SECURITY] [DSA-332-1] New Linux 2.4.17 source code and MIPS kernel images fix several vulnerabilities 2003-06-29 Matt Zimmerman (mdz debian org) [SECURITY] [DSA-331-1] New imagemagick packages fix insecure temporary file creation 2003-06-29 Matt Zimmerman (mdz debian org) Aprelium Abyss webserver X1 arbitrary code execution and header injection 2003-06-29 Fozzy (fozzy dmpfrance com) --[ Description ]-- Abyss Web Server is a free, closed-source, personal web server for Windows and Linux operating systems. Homepage : http://www.aprelium.com The Hackademy Audit team has found two remote security holes in Abyss Webserver X1, allowing arbitrary code execution and header injection. [ more ] [ reply ] Re: VMware Workstation 4.0: Possible privilege escalation on the host via symlink manipulation 2003-06-27 VMware (vmware-security-alert vmware com) In-Reply-To: <20030626220825.12388.qmail (at) www.securityfocus (dot) com [email concealed]> VMware have posted a knowledge base article on 2003-06-27 that describes the workaround to protect a system against potential priviledge escalation. It is at: http://www.vmware.com/support/kb/enduser/std_adp.php?p_faqid=1019 [ more ] [ reply ] Let's have fun with EICAR test file 2003-06-27 keepitsecret hush com (1 replies) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Let's have fun with EICAR test file This text is about eicar.com, a famous industry-standard test file designed to check antivirus software working status. We'll first discuss fairly in detail of what it's made, after which we'll "play" a little with [ more ] [ reply ] [CLA-2003:665] Conectiva Security Announcement - kopete 2003-06-27 Conectiva Updates (secure conectiva com br) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ -- CONECTIVA LINUX SECURITY ANNOUNCEMENT - ------------------------------------------------------------------------ -- PACKAGE : kopete SUMMARY : Remote command execution vul [ more ] [ reply ] Re: TA-2003-06 Directory Transversal Vulnerability in iWeb Server 2003-06-27 Steven M. Christey (coley mitre org) There are so many variants to directory traversal vulnerabilities, especially in web servers and other software where encoding and canonicalization is such a factor, that I have seen a number of confusing cases such as this. It definitely helps when the researcher who discovers a new variant speci [ more ] [ reply ] MDKSA-2003:071 - Updated xpdf packages fix arbitrary code execution vulnerability 2003-06-27 Mandrake Linux Security Team (security linux-mandrake com) wzdftpd remote DoS 2003-06-27 Roman Bogorodskiy (bogorodskiy inbox ru) Title: wzdftpd remote DoS Affected: wzdftpd <= 0.1rc4 URL: http://www.wzdftpd.net Risk: High Exploitable: Yes Remote: Yes Date: June, 27 2003 Overview: "A portable, modular and efficient ftp server, supporting SSL, winsock, multithreaded, modules ,externals scripts. unix-like permissions+acls, vir [ more ] [ reply ] MDKSA-2003:072 - Updated ypserv packages fix DoS vulnerability 2003-06-27 Mandrake Linux Security Team (security linux-mandrake com) VMware Workstation 4.0: Possible privilege escalation on the host via symlink manipulation 2003-06-26 VMware (vmware-security-alert vmware com) It is possible for a user to gain an esclation in privileges on a system running VMware Workstation 4.0 for Linux systems by symlink manipulation in a world-writable directory such as /tmp. Affected systems: VMware Workstation 4.0 for Linux systems Dates: This was reported to VMware on 2 [ more ] [ reply ] Development Impacts of Security Changes in Windows Server 2003 2003-06-27 Michael Howard (mikehow microsoft com) During the development of Windows Server 2003 we spent a great deal of time reducing the default installation attack surface. The changes we made may have an impact on software you develop for the product. A new article, "Development Impacts of Security Changes in Windows Server 2003" outlines some [ more ] [ reply ] hello-exploit.c 2003-06-26 Lucas (lgates terra com br) Hello ppl!! This is my debut on bugtraq!! A few days ago someone posted a vulnerability in securecode.c (from Tidbit^H^H^HTripBit) ... Anyway I decided to code the exploit for learning purposes... (this is my first exploit!!) Have fun!! (note: you can't take over the world with this exploit....) [ more ] [ reply ] |
|
Privacy Statement |
---------
TITLE :[Opera 7] Five DoS codes on general web sites
-= Fastest browser on earth, Fastest crash on earth too =-
PRODUCT : Opera for Windows
VERSIONS : 7.11b build 2887
[ more ] [ reply ]