|
|
Colapse all |
Post message
Oracle Database Server Buffer Overflow Vulnerability (#NISR29042003) 2003-04-29 NGSSoftware Insight Security Research (nisr nextgenss com) RE: MDaemon SMTP/POP/IMAP server: =>6.0.7: POP remote DoS 2003-04-28 William Pratt (wpratt megapath net) Tested on 6.5.1 on Win2K Server. Does not crash MDaemon and returns a 'no such message' error. Sincerely, William Pratt Unix Systems Engineer MegaPath Networks, Inc. http://www.megapath.net ########################################################* # Damage Hacking Group security advisory [ more ] [ reply ] MDaemon SMTP/POP/IMAP server =>v.6.7.5: IMAP buffer overflow 2003-04-27 D4rkGr3y (grey_1999 mail ru) NII Advisory - Path Disclosure in Cold Fusion MX Server 2003-04-26 Network Intelligence India Pvt. Ltd. (info nii co in) =================================================== Path Disclosure in Macromedia ColdFusion MX Server Vendor: Macromedia http://www.macromedia.com Versions affected: ColdFusion MX Server Operating System: Windows 2000 Date: 26th April 2003 Severity: Low Network Intelligence India Pvt. Ltd. http:// [ more ] [ reply ] Windows 2000 Security Hardening Guide Available 2003-04-28 Michael Howard (mikehow microsoft com) Microsoft is pleased to announce the release of the Windows 2000(tm) Security Hardening Guide for Windows 2000 Professional and the Windows 2000 Server Family. The new guide is a continuing step in Microsoft's efforts to help customers get secure and stay secure. It provides detailed security guid [ more ] [ reply ] Pi3Web 2.0.1 DoS 2003-04-28 aT4r InsaN3 (at4r hotmail com) /* Pi3Web 2.0.1 DoS - Pr00f of concept. * * Vulnerable systems: Pi3Web 2.0.1 (maybe others) * Vendor: www.johnroy.com/pi3 - http://pi3web.sourceforge.net/ * Patch: no yet. * * Info: Pi3Web Server is vulnerable to a denial of Service. * when a malformed HTTP Request is done the webserver hangs due [ more ] [ reply ] CORE-2003-0305-02: Vulnerabilities in Kerio Personal Firewall 2003-04-28 CORE Security Technologies Advisories (advisories coresecurity com) IIS Security and Programming Countermeasures e-book 2003-04-28 Jason Coombs (jasonc science org) My latest book "IIS Security and Programming Countermeasures" can now be downloaded as an e-book: http://forensics.org/IIS_Security_and_Programming_Countermeasures_e-book .zip It is my hope that those administrators and programmers who are presently at-risk due to the use of IIS will learn somethin [ more ] [ reply ] s0h: Remote/Local exploit and patch for regedit.exe. 2003-04-28 descript (descript sv98 s0h cc) Hi, The april 17, 2002, an strange exploit about a new vulnerability of regedit.exe was posted on the NTBugtraq list (http://sv98.s0h.cc/~threat/source/TrapReg.c). This exploit can trapped an local key, that allow users to browse our register localy or _remotely_. Today, the Monday 28 April 2003, [ more ] [ reply ] Buffer overflow in 3D-ftp 2003-04-28 Over_G (overg mail ru) Product: 3D-ftp Client Version: 4.0x OffSite: http://www.sitegallery.net/ Problem: Remote buffer overflow ------------------------------------------ 3D-ftp - Quite good Windows FTP Client. FTP Client have many opportunities Remote buffer overflow will take place if server send long banner >= 8192 [ more ] [ reply ] [Opera 7/6] Long File Extension Heap Buffer Overrun Vulnerability in Download. 2003-04-27 nesumin (nesumin softhome net) [Opera 7] Yet Another Story of "Phantom of the Opera" 2003-04-27 nesumin (nesumin softhome net) Greetings. We, :: Operash :: here release the information about vulnerability of Opera. _________________________________________________ ------------------------------------------------------------------------ --------- SYNOPSIS : [Opera 7] Script Injection Vulnerability in JavaSc [ more ] [ reply ] Qpopper v4.0.x poppassd local root exploit 2003-04-28 dong-h0un U (xploit hackermail com) ======================================== INetCop Security Advisory #2003-0x82-016 ======================================== * Title: Qpopper v4.0.x poppassd local root exploit 0x01. Description Qpopper poppassd is a program that changes system passwords thus allowing users to change their [ more ] [ reply ] ATM on Linux Exploit Code Release (les, local) 2003-04-28 Angelo Rosiello (guilecool usa com) ATM on Linux Exploit Code Release (les, local) by Angelo Rosiello Copyright (c) 2003 DTORS Security All rights reserved. http://dtors.net I. SUMMARY ATM support for Linux is currently in pre-alpha stage. There is an experimental release, which supports raw ATM connections (PVCs and SVCs [ more ] [ reply ] 3com NBX IP Phone Call manager Denial of Service - Update 2003-04-27 Michael Scheidell (scheidell secnap net) Revision Date: April 25, 2003 Reason for Revision: 3com updated nbx firmware to 4_1_21, Add bugtraq-id Systems: 3com NBX IP Phone Call manager, FW Versions through 4_1_21 Severity: Critical Category: Denial of Service Classification: Boundary Condition Error BugTraq-ID: 6297 CERT VU#:[VU#317417] [ more ] [ reply ] Buffer overflow in Internet Explorer's HTTP parsing code 2003-04-26 Jouko Pynnonen (jouko solutions fi) OVERVIEW ======== The code used in Microsoft Internet Explorer to parse web servers' HTTP replies contains a buffer overflow vulnerability. Specifically the faulty code is located in URLMON.DLL. A malicious user may exploit this vulnerability to execute arbitrary code on an IE user's system. [ more ] [ reply ] Album.pl Vulnerability - Remote Command Execution 2003-04-26 aresu bosen net AresU Advisory 04/27/2003 Album.pl Vulnerability Severity : High (CGI Remote Command Execution) Systems Affected: Album.pl up to v6.1 Vendor URL: http://perl.bobbitt.ca/album Vuln Type : CGI Remote Command Execution Status : Vendor contacted, new fixed version available Author : AresU Greetz [ more ] [ reply ] Vulnerability in nsd LDAP Implementation on IRIX 2003-04-25 SGI Security Coordinator (agent99 sgi com) Cross site scripting in Onecenter forum 4.0 2003-04-25 David F. Madrid (conde0 telefonica net) Issue : cross site scripting in Onecenter forum Affected Product : Onecenter forum 4.0 Description : Onecenter offers a free discussion forum hosted in the company's servers ( forum.onecenter.com ) . Any user in the forum is identified by a cookie that contains nick , name , mail address and pas [ more ] [ reply ] Re: Cracking preshared keys 2003-04-25 hank mail iucc ac il In-Reply-To: <4.3.2.7.2.20030423203906.06148110 (at) ca-uk-fs.cisco (dot) com [email concealed]> A friend of mine from Checkpoint has told me that this is not totally correct and due to many political issues within the different IETF task forces CheckPoint's Hybrid mode was never made into an RFC. See: http://www.ietf [ more ] [ reply ] Microsoft IIS Integrated Authentication 2003-04-25 skybristol hotmail com Microsoft's IIS server allows for an integrated authentication method which allows users within an intranet environment to sign-on automatically with "pass-through authentication" to servers set for Integrated Windows Authentication. This works if users are logged into a workstation in the [ more ] [ reply ] Invision Power Board Plaintext Password Disclosure Vuln 2003-04-25 JeiAr (jeiar kmfms com) Invision Power Board Plaintext Password Disclosure Vuln ------------------------------------------------------- Version: All? Problem: Invision Power Board gives an admin the option to create a pass protected forum. The problem with this is that the password is then stored in the cookie ful [ more ] [ reply ] |
|
Privacy Statement |
Name: Oracle Database Link Buffer Overflow
Systems Affected: All platforms; Oracle9i Database Release 2 and 1, 8i all
releases, 8 all releases, 7.3.x
Severity: High Risk
Vendor URL: http://www.oracle.com
Author: David Litchfield (david (at) ngssoftware (dot) com [email concealed])
[ more ] [ reply ]