|
|
Colapse all |
Post message
[Drug and Zip] Buffer Overflow 2003-05-12 subj (r2subj3ct dwclan org) ==================================== - > Product: Drag and Zip - > Version: 3.0 - > Offsite: http://www.canyonsw.com - > Authors: Canyon Software - > Problem: Buffer Overflow ==================================== ** General Description ** The vulnerability found by me in this product, doe [ more ] [ reply ] re: II-Labs Advisory: Remote code execution in YaBBse 1.5.2 (php version) 2003-05-10 Frog Man (leseulfrog hotmail com) A message has been published on BugTraq by DownBload (http://www.securityfocus.com/archive/1/320997/2003-05-07/2003-05-13/0) about an include vulnerabilty in Yabb SE 1.5.2 (the last version). This solution : ------------------------------------------------------------------------ ----------------- [ more ] [ reply ] Opera 7.11 java.util.zip.* Vulnerability 2003-05-10 Marc Schoenefeld (schonef uni-muenster de) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, the just released Opera 7.11j comes with a java vm (1.4.1_01) that is vulnerable to the java.util.zip.* bugs that can cause denial of service via Java Applets like the one with source printed below. Therefore my suggestion towards the Opera de [ more ] [ reply ] BitchX: Crash when channel modes change 2003-05-10 Rob Andrews (randrews relinetworks com) On May 7th 2003, we recieved a bug report through our tracking system which noted a crash problem with BitchX for all versions up to 1.0c20cvs. Certain mode changes would cause BitchX to core consistantly. This problem was resolved in less than 24 hours. The patch was commited to CVS by [ more ] [ reply ] unzip directory traversal revisited 2003-05-09 jelmer (jelmer kuperus xs4all nl) unzip directory traversal revisited problem: well I kinda stumbled over this when i was looking for something else A while back some fuss was made over the use of .. sequences in archives because it allows you to craft an archive which will trojan your system on extraction the creators of unzip fi [ more ] [ reply ] Firebird Local exploit 2003-05-09 bob (moo arktis luxadmin org) -[[Dtors Security Research]]- -[[ www.dtors.net ]]- -[Package: Firebird_1.0.2 [FreeBSD] -[Versions Affected: 1.0.2 < -[Website: http://firebird.sf.net -[Exploit: Local Stack Overflow -[Date: 22/03/2003 -[Author: bob (at) dtors (dot) net [email concealed] && kokanin (at) dtors (dot) net [email concealed] ---[BACKGROUND Firebird is a [ more ] [ reply ] Re: II-Labs Advisory: Remote code execution in YaBBse 1.5.2 (php version) 2003-05-10 ScriptSlave gmx net >SSI.php: >------------------------------------------ >include_once ($sourcedir . '/Errors.php'); >include_once ($sourcedir . '/Subs.php'); >include_once ($sourcedir . '/Load.php'); >------------------------------------------ You should probably quote the lines above this block, too. --------- [ more ] [ reply ] Multiple Buffer Overflow Vulnerabilities Found in CMailServer 4.0 2003-05-10 Dennis Rand (der infowarfare dk) A Phorum's bug... 2003-05-09 WiciU (vviciu poczta onet pl) Hi! I have founded a bug in Phorum (http://phorum.org/). It is possible to inject script code or other html-tag into "subject", "author's name" or "author's e-mail" of a message in Phorum. In the subject (name, e-mail) input of message you need to write any html-tag like this: <<b>script>ale [ more ] [ reply ] PowerLink WAN Aggregator - Vunerability 2003-05-09 morning_wood (se_cur_ity hotmail com) Vendor: AstroCorp Website:http://www.astrocorp.com/ Product:PowerLinkT WAN Aggregator Version: 1.7.3.1 Discoved: 01/10/2003 By: morning_wood Release Date: 05/07/2003 Exploit Type: Arbitrary reading of files / Directory Transversal / Remote Shell? Discription of Product: "PowerLinkT WAN Aggregato [ more ] [ reply ] ttcms and ttforum exploits 2003-05-09 Charles Reinold (creinold hotmail com) hope this is the right place to send this exploit info, I found three diffrent exploits for a forum software / cms software: ------------------------------------------------------------------------ -- ---------------------------------------------------------------------- Affected Product: tt [ more ] [ reply ] II-Labs Advisory: Remote code execution in YaBBse 1.5.2 (php version) 2003-05-09 DownBload (downbload hotmail com) Happymall E-Commerce Remote Command Execution 2003-05-07 SecurityTracker (help securitytracker com) Advisory URL: http://securitytracker.com/alerts/2003/May/1006707.html Vendor: Happycgi.com Product: Happymall Versions: 4.3, 4.4 Title: Happymall E-Commerce Input Validation Flaw Lets Remote Users Execute Arbitrary Commands Description: Revin Aldi reported an input validation vulnerabili [ more ] [ reply ] Flooding Internet Explorer 6.0.2800 (6.x?) security zones ! [CRITICAL] 2003-05-08 Marek Bialoglowy (mb systemintegra com) (1 replies) Systems Affected : Internet Explorer 6.0.2800 (6.x?) Remotely exploitable: Yes Author: Marek Bialoglowy (System Integra - mb (at) systemintegra (dot) com [email concealed]) Attached files: dmz2.rar (archive password:zones) Note: This is part of my research and the purpose of this post is to consult results and potential vulner [ more ] [ reply ] Re: Flooding Internet Explorer 6.0.2800 (6.x?) security zones ! [CRITICAL] 2003-05-09 Andreas Marx (amarx gega-it de) Netbus 1.x exploit 2003-05-09 sKyZ (sKyZ Root3d Tk) Netbus 1.x server is able to be connected to without a password. you will need to open two clients that are compatable with the server being connected to. With one client connect to the server and wait until the password screen appears. once this happens connect to the same server with the [ more ] [ reply ] s0h: Kerio Personal Firewall and Tiny Personal Firewall remote exploit/patch. 2003-05-08 descript (descript sv98 s0h cc) Hello, April 28, 2003, the CoreSecurity team publishes security advisory concerning 2 holes in Kiero Personal Firewall, of which one of both is Remote Buffer Overflow in the process of connection of the remote admin module. Kiero Personal Firewall using PFEngine, an common firewall engine, it prove [ more ] [ reply ] MDKSA-2003:055 - Updated kopete packages fix vulnerability with GnuPG plugin 2003-05-08 Mandrake Linux Security Team (security linux-mandrake com) Re: Remote Stack Overflow exploit for Personal FTPD 2003-05-08 subj (r2subj3ct dwclan org) In-Reply-To: <20030508081123.13047.qmail (at) www.securityfocus (dot) com [email concealed]> >Received: (qmail 20952 invoked from network); 8 May 2003 14:15:36 -0000 >Received: from outgoing2.securityfocus.com (205.206.231.26) > by mail.securityfocus.com with SMTP; 8 May 2003 14:15:36 -0000 >Received: from lists.securityfo [ more ] [ reply ] SRT2003-05-08-1137 - ListProc mailing list ULISTPROC_UMASK overflow 2003-05-08 KF (dotslash globalintersec com) Fw: [rt-users] [rt-announce] RT 1.0.7 vulnerable to Cross Site Scripting attacks 2003-05-08 Chris Knipe (savage savage za org) ----- Original Message ----- From: "Jesse Vincent" <jesse (at) bestpractical (dot) com [email concealed]> To: <rt-announce (at) fsck (dot) com [email concealed]> Sent: Thursday, May 08, 2003 1:14 PM Subject: [rt-users] [rt-announce] RT 1.0.7 vulnerable to Cross Site Scripting attacks > > All versions of RT 1.0, up to and including RT 1.0.7 are vulnerabl [ more ] [ reply ] miniPortail (PHP) : Admin Access 2003-05-08 Frog Man (leseulfrog hotmail com) Informations : °°°°°°°°°°°°°° Language : PHP Website : http://www.aldweb.com/ Version : 1.9, 2.0, 2.1, 2.2 (and less ?) Problem : Admin Access PHP Code/Location : °°°°°°°°°°°°°°°°°°° admin/admin.php : ------------------------------------------------------------------------ --------------------- [ more ] [ reply ] [CLA-2003:643] Conectiva Security Announcement - slocate 2003-05-08 Conectiva Updates (secure conectiva com br) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ -- CONECTIVA LINUX SECURITY ANNOUNCEMENT - ------------------------------------------------------------------------ -- PACKAGE : slocate SUMMARY : Buffer overflow vulnerabili [ more ] [ reply ] why i love xs4all + mediaplayer thingie 2003-05-08 jelmer (jelmer kuperus xs4all nl) Why i love xs4all rant (you'll probably wanna skip this but i need to get this out of my system): a few weeks back i was unpleasantly suprised by the fact that my internet wasn't working the support desk employee after making me reset my modem a dozen times and tripple checking my setti [ more ] [ reply ] Multiple Vulnerabilities found in Microsoft .Net Passport Services 2003-05-08 Qazi Ahmed (qa pakcert org) PakCERT Security Advisory PC-080503 http://www.pakcert.org/advisory/PC-080503.html Multiple Vulnerabilities found in Microsoft .Net Passport Services May 08, 2003 BACKGROUND ?Microsoft® .NET Passport is a Web-based service designed to make signing in to Web sites fast and easy. .NET Passport enabl [ more ] [ reply ] |
|
Privacy Statement |
infrastructure. The revised makeunicode2.py can be found linked off of
http://www.immunitysec.com/CANVAS/ . This python module should allow
exploit developers to quickly and easily convert any shellcode into
unicode - expedia
[ more ] [ reply ]