|
|
Colapse all |
Post message
Sharp Zaurus SL-5500 upgrade ROM v3.1 - serious Samba issue 2003-06-24 Bjorn Tore Sund (bjornts mi uib no) (1 replies) The Sharp Zaurus is a linux-based PDA running Embedix. In the May version of the Sharp Zaurus newsletter, version 3.1 of the flash ROM was announced with various new versions of software and added OS functionality. The linux kernel went from 2.4.6 to 2.4.18. The Zaurus docking station comes with [ more ] [ reply ] [Symantec Security Advisor] Symantec Security Check ActiveX Buffer Overflow 2003-06-24 Sym Security (symsecurity symantec com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Title: Symantec Security Check ActiveX Buffer Overflow Date: Monday, June 23, 2003 09:15:19 PM Threat: Moderate Impact: System Access Product: Symantec Security Check Situation Overview: Symantec Security Check is a free web-based tool th [ more ] [ reply ] Re: TA-2003-06 Directory Transversal Vulnerability in iWeb Server 2 2003-06-24 akcess . (akcss linuxmail org) This bug is old. All Tripbit have managed to do is find a new way of exploiting an old/known bug. Eg by sending the '../' string in unicode format rather than sending it normally. The bug was originally found by subversive from the Security Freaks and the original advisory can be located at: http:/ [ more ] [ reply ] lbreakout2server[v2-2.5+]: remote format string exploit. 2003-06-24 Vade 79 (v9 fakehalo deadpig org) this exploits lbreakout2server[v2-2.5+], the new one. the exploit header explains most of it. i made a function to find the pop/memory location on the server. since this is a bit much work manually: you can only see 1-2 returns at a time, and need to know the server code dealios. the exampl [ more ] [ reply ] Re: GNATS (The GNU bug-tracking system) multiple buffer overflow vulnerabilities. 2003-06-24 dong-h0un U (xploit hackermail com) [SECURITY] [DSA-330-1] New tcptraceroute packages fix failure to drop root privileges 2003-06-24 Matt Zimmerman (mdz debian org) Remote Buffer Overrun WebAdmin.exe 2003-06-24 Mark Litchfield (mark ngssoftware com) NGSSoftware Insight Security Research Advisory Name: Remote System Buffer Overrun WebAdmin.exe Systems Affected: Windows Severity: High Risk Category: Buffer Overrun Vendor URL: http://www.altn.com/ Author: Mark Litchfield (mark (at) ngssoftware (dot) com [email concealed]) Date: 24th June 2003 Advisory number: # [ more ] [ reply ] MDKSA-2003:070 - Updated ethereal packages fix multiple vulnerabilities 2003-06-23 Mandrake Linux Security Team (security linux-mandrake com) Sambar Server : Crashing service with search.pl 2003-06-21 Lorenzo Manuel Hernandez Garcia-Hierro (security lorenzohgh com) Invalid SquirrelMail Exploit 2003-06-23 Jonathan Angliss (jon squirrelmail org) (1 replies) Hi, I'm writing to correct a fatal reporting that was posted to one of the security focus mailing lists about SquirrelMail. It discusses files being accessible via the SquirrelMail website, and criticizes SquirrelMail to be at fault. The details for the exploit can be seen on the bugtraq website [ more ] [ reply ] TA-2003-06 Directory Transversal Vulnerability in iWeb Server 2 2003-06-23 Rushjo (at) tripbit (dot) org [email concealed] (rushjo tripbit org) TA-2003-06 Directory Transversal Vulnerability in iWeb Server 2 contributed by: rushjo ======================================================================== ============== Tripbit Security Advisory TA-2003-06 Directory Transversal Vulnerability in iWeb Server 2 ================================ [ more ] [ reply ] TA-2003-06 php-form-misconfiguration in VisNetic WebMail v.5.8.6.6 2003-06-23 Rushjo (at) tripbit (dot) org [email concealed] (rushjo tripbit org) TA-2003-06 php-form-misconfiguration in VisNetic WebMail v.5.8.6.6 contributed by: rushjo ======================================================================== = Tripbit Security Advisory TA-2003-06 php-form-misconfiguration in VisNetic WebMail v.5.8.6.6 ========================================== [ more ] [ reply ] XSS Exploit In phpBB viewtopic.php 2003-06-21 silent needle (silentneedle hotmail com) XSS Exploit In phpBB viewtopic.php A: BACKGROUND [from phpbb.com] phpBB is a high powered, fully scalable, and highly customisable open- source bulletin board package. phpBB has a user-friendly interface, simple and straightforward administration panel, and helpful FAQ. Based on the power [ more ] [ reply ] TA-2003-06 Denial of Service Attack against Armida Databased Web Server v1.0 2003-06-23 Rushjo (at) tripbit (dot) org [email concealed] (rushjo tripbit org) TA-2003-06 Denial of Service Attack against Armida Databased Web Server v1.0 contributed by: rushjo ======================================================================== ==== Tripbit Security Advisory TA-2003-06 Denial of Service Attack against Armida Databased Web Server v1.0 =================== [ more ] [ reply ] gid bin from /usr/ports/korean/elm (FreeBSD) 2003-06-23 Knud Erik Højgaard (kain ircop dk) (1 replies) Bypassing ZoneAlarm (limited) 2003-06-23 aceh gyuvetch bg Hi everyone. I don't know if this is a new issue but it is a simple way to bypass (in some limited form) ZoneAlarm's Application level Internet access blocking. Windows dll shell32.dll exports a well known and documented function called ShellExecute. From Win32 Programmer's refference: [ more ] [ reply ] [KSA-001] Multiple vulnerabilities in Tutos 2003-06-23 François SORIN (francois sorin kereval com) ================================================= Kereval Security Advisory [KSA-001] Multiple vulnerabilities in Tutos ================================================= PROGRAM: Tutos HOMEPAGE: http://www.tutos.org VULNERABLE VERSIONS: 1.1 RISK: Medium/High IMPACT: Cross Site Scripting RELEASE DA [ more ] [ reply ] GNATS (The GNU bug-tracking system) multiple buffer overflow vulnerabilities. 2003-06-21 dong-h0un U (xploit hackermail com) ======================================== INetCop Security Advisory #2003-0x82-018 ======================================== Title: GNATS (The GNU bug-tracking system) multiple buffer overflow vulnerabilities. 0x01. Description About: GNATS is a portable incident/bug report/help request- [ more ] [ reply ] pMachine (PHP) : Include() Security Hole 2003-06-23 Frog Man (leseulfrog hotmail com) Informations : °°°°°°°°°°°°° Language : PHP Version : Free 2.2.1 Website : http://www.pmachine.com Problem : Include() Security Hole PHP Code/Location : °°°°°°°°°°°°°°°°°°° This will work if register_globals is ON *OR* OFF. /pm/lib.inc.php : -------------------------------------------------------- [ more ] [ reply ] Myserver 0.4.1 DOS.. 2003-06-21 eip oakey no-ip com hi... Topic: MyServer 0.4.1 DOS Product: Myserver 0.4.1 (http://myserverweb.sourceforge.net) Note: yep, I'm on the dole, anyone wanna give me a job :) Vendor Notification: Woooops, sorry i forgot ;) Background: (from homepage) MyServer is a free and easy to configure web server. MyServ [ more ] [ reply ] |
|
Privacy Statement |
can also be downloaded from:
http://sh0dan.org/files/wa_exp.c
/* wa_exp.c
WebAdmin.dll remote proof of concept 2.0.4 version.. tried
finding 2.0.5 but all versions
were already patched from the dl sites... this was tested
on a win2ksp2 server, i sugg
[ more ] [ reply ]