Issue :

Memory leak in 3COM DSL routers

Affected product :

OfficeConnect Remote 812 ADSL Router

Affected Firware :

1.1.7

Inmune firwamre :

1.1.9

Description :

3Com develops OfficeConnect 812 DSL routers that are widely used in
Spanish ADSL lines . There is a flaw in the 1.1.7 firmware that

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

/-----------------------------------------------------------------------
------| 7 A 6 9 - A d v C: 011
|-----------------------------------------------------------------------
------|
|
|

[ more ]  [ reply ]

Priv8security.com

Hi, here it is local root exploit cdrecord format string bug

Cdrecord come suid root by default on mandrake distro and it can be

executed by anybody.

[wsxz@localhost wsxz]$ ls -l /usr/bin/cdrecord

-rwsr-sr-x 1 root cdwriter 278156 Jan 6 07:2 /usr/bin/cdrecord*

[ more ]  [ reply ]

To: bugtraq (at) securityfocus (dot) com [email concealed] announce (at) lists.caldera (dot) com [email concealed] security-alerts (at) linuxsecurity (dot) com [email concealed]

________________________________________________________________________
______

SCO Security Advisory

Subject: OpenLinux: mgetty caller ID buffer overflow and spool perm vulnerabilities
Advisory number:

[ more ]  [ reply ]

I have written an exploit about another effect of the "Negative sign bug" I
discovered some months ago in the Unreal engine
(http://www.pivx.com/luigi/adv/ueng-adv.txt).

The vulnerable softwares are ONLY the clients of the retail UnrealTournament
2003 v2199 and the demo v2206.

The patch v2225 fix

[ more ]  [ reply ]

---------------------------------------------------------------------
Red Hat Security Advisory

Synopsis: Updated xinetd packages fix a denial-of-service attack and other bugs
Advisory ID: RHSA-2003:160-01
Issue date: 2003-05-13
Updated on: 2003-05-13

[ more ]  [ reply ]

------------------------------------------------------
PHPNuke "Your Account" XSS Vulnerability
------------------------------------------------------

------------------------------------------------------
Vulnerable;
------------------------------------------------------
Francisco Burzi PHP-Nuke 6

[ more ]  [ reply ]

In-Reply-To: <000a01c316d1$a7b15ae0$1601a8c0@pc1441>

Hi, i found a buffer overflow in CMailServer 4.0 a few weeks ago that

already had been discovered in CMailServer 3.3 in May 2002. It seems that

this bug has not been fixed in the current version. The buffer overflow is

in the USER command m

[ more ]  [ reply ]

Phorum.org have acknowledged the flaws below and have released version

3.4.3 which corrects them.

1) The Phorum download program (download.php) is vulnerable to directory

transversal attack and is able to read arbitrary files from anywhere within

the root directory - with permissions of the

[ more ]  [ reply ]

This is a relatively minor problem as things go, but after almost 4
years and at IBM's unofficial request (see the last para.)...

-----BEGIN PGP SIGNED MESSAGE-----

SDSC Security Note - March 13, 2003
IBM AIX sendmail an open-relay by default
http://security.sdsc.edu/advisories/2003.05.13-AIX-se

[ more ]  [ reply ]

eServ Memory Leak Enables Denial of Service Attacks

I. Product Description

eServ is a hybrid Web server (HTTP), FTP server, mail server (POP3, SMTP,
Finger), news server (NNTP), and proxy server. It provides all these
services in a single package, so that administrators are not required to run
mu

[ more ]  [ reply ]

In-Reply-To: <20030512182659.16940.qmail (at) www.securityfocus (dot) com [email concealed]>

I pasted your example code (< > converted to < >

and the cr's removed ) into the name and text fields on

my blog (ver 2.62 +patch) under the 2 basic security

settings for comments -- with 'Allow html' off and with

'Allow html

[ more ]  [ reply ]

After discussion with Andrey Cherezov, the cause and solution of the eServ
memory "leak" has been identified. Delayed de-allocation associated with
thread creation and destruction caused the issue. eServ 2.9x was
vulnerable to my attacks because during the delay (up to a few minutes), it
continued

[ more ]  [ reply ]

Hi, there:

We were able to duplicate what was reported by Kristopher Matthews and aT4r
InsaN3. Actually, if you have the following test scenario:

File/Dir Explanation
C:C:\temp\desktop.ini Overflowing text file
C:\test directory

The c:\temp\desktop.ini is the buffer-overflowing text file.

[ more ]  [ reply ]

fake location bar

("that's all" is end of file if you are in a hurry)

[tested]

Browser Ver:"Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.0.2)

Gecko/20030208 Netscape/7.02 "

OS Ver: "Windows XP Cn ver"

[demo]

http://liudieyuinchina.vip.sina.com/NSNVBackFake/NSNVBackFake-MyPage.

[ more ]  [ reply ]

----------------------------------------------------------------------
SNS Advisory No.64
IP Messenger for Win Buffer Overflow Vulnerability

Problem first discovered on: Mon, 24 Mar 2003
Published on: Tue, 13 May 2003
----------------------------------------------------------------------

Overview:

[ more ]  [ reply ]

Note to Moderator:

In light of some recent cross-site scripting posts allowed through to Bugtraq recently, grateful
if you would pass this one onto the list....thanks. -d.

------------------------------------------------------------------------
----------------------------=<sMax.
Security Advisory

[ more ]  [ reply ]

In-Reply-To: <20030512182659.16940.qmail (at) www.securityfocus (dot) com [email concealed]>

Regarding the potential XSS vulnerability discussed in

DarkHunter's message, Movable Type was updated to prevent this

possible exploit on February 13, with the release of version 2.6 of

the sofware. In addition, all of our users

[ more ]  [ reply ]

Overview:
Snitz Forums 2000, one of the best ASP based bulletin board systems on
the market. Getting better every day! A complete board system (forum)
that allows the user access to a friendly and intuitive interface.
http://forum.snitz.com

Problem Description:
Snitz Forums 3.3.03 has an SQL in

[ more ]  [ reply ]

Summary:

Movable Type is a decentralized web-based personal publishing system

designed to ease maintenance of regularly-updated content. This content

can consist of, but is not limited to, entries in a weblog or online

journal, photographs in an online photo gallery, news headlines on a

n

[ more ]  [ reply ]

To: bugtraq (at) securityfocus (dot) com [email concealed] announce (at) lists.caldera (dot) com [email concealed] security-alerts (at) linuxsecurity (dot) com [email concealed]

________________________________________________________________________
______

SCO Security Advisory

Subject: OpenLinux: kernel kmod/ptrace root exploit
Advisory number: CSSA-2003-020.0
Issue date:

[ more ]  [ reply ]

Happymall E-Commerce Directory Transversal Bug and Cross-site scripting

Vendor: Happycgi.com

Product: Happymall

Versions: 4.3, 4.4 (patched version too)

'normal_html.cgi' doesn't filter user-supplied input. The well-known

directory transversal

and cross-site scripting (XSS) vulnerab

[ more ]  [ reply ]

/-----------------------------------------------------------------------
------| 7 A 6 9 - A d v C: 010
|-----------------------------------------------------------------------
------|
|
| [ PHP-Nuke SQL injection ]
|
\-------

[ more ]  [ reply ]

---------------------------------------------------------------------
Red Hat Security Advisory

Synopsis: Updated KDE packages fix security issues
Advisory ID: RHSA-2003:002-01
Issue date: 2003-05-12
Updated on: 2003-05-12
Product: Red Hat L

[ more ]  [ reply ]

http://www.rosiello.org

Rosiello Security

* Unix Version of the Pi3web DoS.

* ----------------------------------------------------------

* Info: Pi3Web Server is vulnerable to a denial of Service.

* ----------------------------------------------------------

* VULNERABILITY:

* GET

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

@stake, Inc.
www.atstake.com

Security Advisory

Advisory Name: Apple AirPort Administrative Password Obfuscation
Release Date: 05/12/2003
Application: AirPo

[ more ]  [ reply ]