BugTraq Mode:
(Page 1654 of 1748)  < Prev  1649 1650 1651 1652 1653 1654 1655 1656 1657 1658 1659  Next >
phpMyAdmin XSS Vulnerabilities, Transversal Directory Attack , Information Encoding Weakness and Path Disclosures 2003-06-18
Lorenzo Manuel Hernandez Garcia-Hierro (security lorenzohgh com)


phpMyAdmin XSS Vulnerabilities, Transversal Directory Attack ,

Information Encoding Weakness and Path Disclosures

--------------------

Product: phpMyAdmin

Vendor: phpMyAdmin Development Team

Versions:

VULNERABLE

- 2.5.2 CVS ( in Development )

- 2.5.x

[ more ]  [ reply ]
Denial of service in Cajun P13x/P33x switch family firmware 3.x 2003-06-18
Jacek Lipkowski (sq5bpf andra com pl)
1. Problem Description

There exists a denial of service attack in the AVAYA Cajun P33x and P13x
switch family with firmware versions 3.x. It is possible to stop the
switch for 30 seconds. By repeating the attack access can be denied for
arbitrarily long periods of time.

2. Tested systems

The foll

[ more ]  [ reply ]
[SECURITY] [DSA-324-1] New ethereal packages fix multiple vulnerabilities 2003-06-18
Matt Zimmerman (mdz debian org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 324-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Matt Zimmerman
June 18th, 2003

[ more ]  [ reply ]
cdrtools exploit 2003-06-17
Claes Nyberg (md0claes mdstud chalmers se)

-- begin cdrtoolsxp.c
/*
* cdrecord, readcd, cdda2wav (cdrtools 2.0) exploit by CMN
*
* <cmn (at) darklab (dot) org [email concealed]>/<md0claes (at) mdstud.chalmers (dot) se [email concealed]>
*/

#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <errno.h>

#define NOP 0x90
#define BUFSIZE 655

[ more ]  [ reply ]
Portmon file arbitrary read/write access vulnerability 2003-06-16
Luca Ercoli (luca ercoli inwind it)


Package: Portmon

Auth: http://www.aboleo.net/

Version(s): 1.7 (prior ?)

Vulnerability: File arbitrary read/write access

vulnerability

Portmon is a network service monitoring daemon

(http://www.aboleo.net/software/portmon/).

"In order to use ping support, Portmon must run

[ more ]  [ reply ]
[SECURITY] [DSA-322-1] New typespeed packages fix buffer overflow 2003-06-17
Matt Zimmerman (mdz debian org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 322-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Matt Zimmerman
June 16th, 2003

[ more ]  [ reply ]
dune[0.6.7+-]: remote buffer overflow exploit. (httpd) 2003-06-17
Vade 79 (v9 fakehalo deadpig org)


automated exploit for dune[0.6.7+-] webserver, source comments explain...

original source:

http://fakehalo.deadpig.org/xdune.c

Vade79 -> v9 (at) fakehalo.deadpig (dot) org [email concealed] -> fakehalo.

----------------- example usage -----------------

[v9@localhost v9]$ ./xdune localhost

[*] dune[0.6.7+-]:

[ more ]  [ reply ]
[SECURITY] [DSA-323-1] New noweb packages fix insecure temporary file creation 2003-06-17
Matt Zimmerman (mdz debian org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 323-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Matt Zimmerman
June 16th, 2003

[ more ]  [ reply ]
ZH2003-2SP Security Patch for atftp 0.6.*-0.7 2003-06-16
Astharot (secfoc email it)
I wrote a patch for atftp, according to BIDs 7902, 7906 and 7907.

To download and for more details follow this link:
http://www.zone-h.org/en/news/read/id=2912/.

bye

Astharot
--
http://www.zone-h.org

Linux User #292132

[ more ]  [ reply ]
Linux 2.0 remote info leak from too big icmp citation 2003-06-17
Philippe Biondi (biondi cartel-securite fr)
----------------------------------------------------------------------
Cartel Sécurité --- Security Advisory

Advisory Number: CARTSA-20030314
Subject: Linux 2.0 remote info leak from too big icmp citation
Author: Philippe Biondi <biondi (at) cartel-securite (dot) fr [email concealed]>
Discovered:

[ more ]  [ reply ]
Re: pMachine (PHP) : Include() Security Hole 2003-06-15
martin f krafft (madduck madduck net)
also sprach Frog Man <leseulfrog (at) hotmail (dot) com [email concealed]> [2003.06.14.1848 +0200]:
> This will work if register_globals is ON *OR* OFF.

Right, because:

> while(list($var,$val)=each($HTTP_COOKIE_VARS))
> while(list($var,$val)=each($HTTP_GET_VARS))
> while(list($var,$val)=each($HTTP_POST_VARS))
> while(

[ more ]  [ reply ]
Script Injection to Custom HTTP Errors in Local Zone (GM#014-IE) 2003-06-17
GreyMagic Software (security greymagic com)
GreyMagic Security Advisory GM#014-IE
=====================================

By GreyMagic Software, Israel.
17 Jun 2003.

Available in HTML format at http://security.greymagic.com/adv/gm014-ie/.

Topic: Script Injection to Custom HTTP Errors in Local Zone.

Discovery date: 18 Feb 2003.

Affected app

[ more ]  [ reply ]
Cross-Site Scripting in Unparsable XML Files (GM#013-IE) 2003-06-17
GreyMagic Software (security greymagic com) (1 replies)
GreyMagic Security Advisory GM#013-IE
=====================================

By GreyMagic Software, Israel.
17 Jun 2003.

Available in HTML format at http://security.greymagic.com/adv/gm013-ie/.

Topic: Cross-Site Scripting in Unparsable XML Files.

Discovery date: 18 Feb 2003.

Affected application

[ more ]  [ reply ]
Re: Cross-Site Scripting in Unparsable XML Files (GM#013-IE) 2003-06-17
Matt Moore (matt moore pentest-limited com)
[CLA-2003:661] Conectiva Security Announcement - apache 2003-06-16
Conectiva Updates (secure conectiva com br)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
CONECTIVA LINUX SECURITY ANNOUNCEMENT
- ------------------------------------------------------------------------
--

PACKAGE : apache
SUMMARY : Apache 2 vulnerability
DATE

[ more ]  [ reply ]
MDKSA-2003:067 - Updated ethereal packages fix multiple vulnerabilities 2003-06-16
Mandrake Linux Security Team (security linux-mandrake com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

________________________________________________________________________

Mandrake Linux Security Update Advisory
________________________________________________________________________

Package name: ethereal
Advisory ID:

[ more ]  [ reply ]
MDKSA-2003:068 - Updated gzip packages fix insecure temporary file creation 2003-06-16
Mandrake Linux Security Team (security linux-mandrake com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

________________________________________________________________________

Mandrake Linux Security Update Advisory
________________________________________________________________________

Package name: gzip
Advisory ID:

[ more ]  [ reply ]
Dantz Retrospect Client 5.0.540 for Mac OS X - permission issues 2003-06-16
Alan McCarty (amccarty ecornell com)


We recently noticed a serious problem with default permissions of

the Retrospect client software, installed on Jaguar client and

server (older versions of OS X may be vulnerable too). In addition,

previous versions of the Retrospect client installer may be

vulnerable as well. We notified

[ more ]  [ reply ]
Multiple Vulnerabilities Found in Mailtraq (DoS, Password Decryption, Directory Traversal) 2003-06-16
SecurITeam BugTraq Monitoring (bugtraq securiteam com)
The original advisory is available from:
http://www.securiteam.com/windowsntfocus/5HP0G1FAAC.html

Summary:
---------
Mailtraq is a "comprehensive e-mail SMTP/POP3 and proxy server, with a powerful
mailing list server". The product suffered from multiple vulnerabilities that
range from access to fil

[ more ]  [ reply ]
Multiple Vulnerabilities In Snitz Forums 2003-06-16
JeiAr (jeiar kmfms com)


Multiple Vulnerabilities In Snitz 3.4.0.3

-------------------------------------------

Versions Affected: 3.4.0.3 (current) / Others?

Vendor Notification: Informed

Vendor Website: http://www.snitz.com

Product Description

-------------------------------------------

Snitz Forums is a fu

[ more ]  [ reply ]
XSS Vulnerability in LedNews (CGI/Perl) v0.7 2003-06-15
gilbert vilvoorde (gilbert_vilvoorde hotmail com)
XSS Vulnerability in LedNews (CGI/Perl) v0.7

URL: http://www.ledscripts.com/index.php?page=free:perl:lednews

Description
=======

LedNews is a CGI application written entirely in perl. Its designed to be as
simple as possible, but very powerful at the same thing.

Vulnerability
========

The scri

[ more ]  [ reply ]
Directory traversal vulnerability on Xoops/E-xoops CMS module "tutorials" 2003-06-16
ac3 (ac3 www security-lab org)
An attacker can use this flaw to execute arbitrary code of his choice on the
remote system, run with the privileges of httpd.
The code can be written in any scripting language whose parser is run in the
remote system in cooporation with httpd, whether as module or executable.

Details:

This vul

[ more ]  [ reply ]
Improving Web Application Security: Threats and Countermeasures 2003-06-16
Michael Howard (mikehow microsoft com)
Microsoft is pleased to announce the release of _Improving Web
Application Security: Threats and Countermeasures_

This guide helps you build hack-resilient applications. A hack-resilient
application is one that reduces the likelihood of a successful attack
and mitigates the extent of damage if an a

[ more ]  [ reply ]
Next kon2root - Redhat 9 2003-06-16
c0ntex (c0ntex hushmail com)


/*

* Buffer overflow in /usr/bin/kon v0.3.9b for RedHat 9.0

*

* http://www.mail-archive.com/bugtraq (at) securityfocus (dot) com [email concealed]/msg11681.html

*

* The original bug was found by wszx for RedHat 8.0 - Ported to C

*

* Compile: gcc -Wall kon2root kon2root.c

*

*/

#include <stdio.h>

#inclu

[ more ]  [ reply ]
FW: iDEFENSE Security Advisory 06.16.03: Linux-PAM getlogin() Spoofing Vulnerability 2003-06-16
Dave Ahmad (da securityfocus com)

David Mirza Ahmad
Symantec

0x26005712
8D 9A B1 33 82 3D B3 D0 40 EB AB F0 1E 67 C6 1A 26 00 57 12
Sabbe Dhamma Anatta

[ more ]  [ reply ]
[SECURITY] [DSA-321-1] New radiusd-cistron packages fix buffer overflow 2003-06-14
Matt Zimmerman (mdz debian org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 321-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Matt Zimmerman
June 13th, 2003

[ more ]  [ reply ]
SRT2003-06-13-1009 - Progress _dbagent -installdir dlopen() issue 2003-06-14
KF (dotslash snosoft com)
http://www.secnetops.biz/research

[ more ]  [ reply ]
SRT2003-06-13-0945 - Progress PATH based dlopen() issue 2003-06-14
KF (dotslash snosoft com)
http://www.secnetops.biz/research

[ more ]  [ reply ]
[SECURITY] [DSA-320-1] New mikmod packages fix buffer overflow 2003-06-13
Matt Zimmerman (mdz debian org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 320-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Matt Zimmerman
June 13th, 2003

[ more ]  [ reply ]
BAZARR THUG LIFE , DONT READ OR VIRUS INFECT YOU 2003-06-12
bazarr (at) ziplip (dot) com [email concealed] (bazarr ziplip com)
read da attached advisory for remote vulnerability in popular used application.

-bazarr

[ more ]  [ reply ]
(Page 1654 of 1748)  < Prev  1649 1650 1651 1652 1653 1654 1655 1656 1657 1658 1659  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus