Local file retrieving in QNX Internet Appliance Toolkit http-daemon
(web.server)

Vendor-URL: http://www.qnx.com

Description:
--====--

I recently found a 3,5"-disk labeled with QNX-demo on my desk. This is
the "Take the 1.44M Web Challenge!"-disk I got it in 1998. I couldn't find
the demo on the q

[ more ]  [ reply ]

Hello,

attached a simple prrof of concept for the /proc filesystem disclosing
sensitive information.

I noticed that opening an entry from /proc/self/ and keeping the file
open while executing a setuid binary prevents the opened proc entry from
changing the ownership from the initial user to the

[ more ]  [ reply ]

Intrusec Alert: 55808 Trojan Analysis

Initial Release: 6/19/03 4:30PM EDT
Latest Update: 6/19/03 11:13PM EDT

- Corrected analysis regarding use of sequence numbers to change IP
address.
- Added reference to alternate name "Stumbler" given to trojan by
Internet Security Systems subsequent to the re

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ---------------------------------------------------------------------
Red Hat Security Advisory

Synopsis: Updated Netscape packages are now available
Advisory ID: RHSA-2003:026-01
Issue date: 2003-06-20
Update

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----

A bugtraq posting on July 9, 2003 mentions a
vulnerability in pcltotiff on HP-UX 10.XX.
This is the subject of the security bulletin
HPSBUX0104-149. The main points are:

PROBLEM: /opt/sharedprint/bin/pcltotiff has unsafe permissions.

PLATFORM: HP9000 Series

[ more ]  [ reply ]

local root advisory. bye

_________________________________________________________________
MSN 8 helps eliminate e-mail viruses. Get 2 months FREE*.
http://join.msn.com/?page=features/virus

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 325-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Matt Zimmerman
June 19th, 2003

[ more ]  [ reply ]

http://www.secnetops.biz/research

[ more ]  [ reply ]

Hi

There is sql injection vuln in phpBB. The variable "topic_id" is passed
directly from GET to sql query in /viewtopic.php. It can be used
to get md5 passwords for users. I am attaching details and proof of
concept code. I've only tested this on mysql 4 and pgsql at my home
machines so I might h

[ more ]  [ reply ]

SurfControl Web Filter for Microsoft ISA Server Vulnerability

Package: SurfControl Web Filter for Microsoft ISA

Vendor Web Site: http://www.surfcontrol.com

Version: 4.2.0.21

Platforms: Windows 2000 Server

Local: No

Remote: Yes

Fix Available: No (recommended steps listed belo

[ more ]  [ reply ]

Issue :

Multiple buffer overflows and XSS in Kerio MailServer

Version affected

5.6.3 ( last in kerio website )

Vendor status :

Vendor was notified

Description :

Kerio develop a mail server with support for Imap , Pop3, Smtp and SSL
protocols . Besides , it includes a webmail . This webmail is

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 316-3 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Matt Zimmerman
June 17th, 2003

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

________________________________________________________________________

Mandrake Linux Security Update Advisory
________________________________________________________________________

Package name: BitchX
Advisory ID:

[ more ]  [ reply ]

If a Win NT/2000 Workstation is locked, and a Palm Cradle is connected with
Palm Desktop Software running, information can still be retrieved and
loaded into the Palm device from the PC without logging into the workstation.

Scott R. Patronik
scottrp (at) localnet (dot) com [email concealed]
---------------------------------

[ more ]  [ reply ]

========================================================================
=====
ConnecTalk Inc. Security Advisory

Topic: Qpopper leaks information during authentication

Vendor: Eudora
Product: qpopper 4.0.4 and qpopper 4.0.5
Note: other versions have not been tested.
Problem f

[ more ]  [ reply ]

In an effort to provide customers with greater defense in depth,
Microsoft has released an Active Server Pages (ASP) replacement for the
Internet Information Server 4 and Internet Information Services 5 change
password capability, ISM.DLL. This new script code no longer runs as
SYSTEM, therefore red

[ more ]  [ reply ]

that's a one year old exploit against squid ftp:// parsing heap overflow

--
_
ASCII ribbon campaign ( ) www.eff.org
- against HTML email X GPG key : pgp.mit.edu
& vCards / \ <techieone (at) softhome (dot) net [email concealed]>

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ---------------------------------------------------------------------
Red Hat Security Advisory

Synopsis: Updated Xpdf packages fix security vulnerability
Advisory ID: RHSA-2003:196-01
Issue date: 2003-06-18
U

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----

________________________________________________________________________
______
SGI Security Advisory

Title : Perl "Safe.pm" vulnerability
Number : 20030606-01-A
Date : June 17, 2003
Reference : SGI BUG 876818
Reference

[ more ]  [ reply ]

Following considerable investigations by the HP Team responsible for the
CIM Agents component in Compaq Insight Manager, it has been agreed that this
is not
an issue with CIM, and I am happy to state that this bugtraq post, regarding
ftp over CIM, should be withdrawn.

A combination of testing archi

[ more ]  [ reply ]

In-Reply-To: <20030206045629.9764.qmail (at) mail.securityfocus (dot) com [email concealed]>

Re: thread below, the new LIST defect and long URL buffer overflow defect

have been fixed in version 5.0.2 (released June 9th). This version is

available at:

http://www.globalscape.com/cuteftp and ftp://ftp.cuteftp.com/pub/cuteftp

[ more ]  [ reply ]

hi greymagic,

First off i can't reproduce this on my fully patched ie6

Second you should be able to have ie render any html page as a xml file like
this

<object type="application/xml" data="http://www.yahoo.com" width="500"
height="500">
</object>

Generaly html files are not well formed xml so i

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----

________________________________________________________________________
______
SGI Security Advisory

Title: MIPSPro Compiler Predictable Temp File vulnerability
Number: 20030605-01-A
Date: June 17, 2003
R

[ more ]  [ reply ]

Package: Portmon
Auth: http://www.aboleo.net/
Version(s): 1.7 (prior ?)
Vulnerability: File arbitrary read/write access
vulnerability

Portmon is a network service monitoring daemon
(http://www.aboleo.net/software/portmon/).
"In order to use ping support, Portmon must run as

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] 2.4.21 kernels available (SSA:2003-168-01)

Precompiled Linux 2.4.21 kernels and source packages are now available for
Slackware 9.0 and -current. These provide an improved version of the
ptrace fix that had been applied to 2.4.2

[ more ]  [ reply ]

Product : MidHosting FTPd
Date : 06/18/2003
Author : Frank Denis <j (at) 42-networks (dot) com [email concealed]>

------------------------[ Product description ]------------------------

MidHosting FTPd is an FTP server designed for hosting servers, based upon
virtual ftpd with support for chroot, virtual users and o

[ more ]  [ reply ]