BugTraq Mode:
(Page 1673 of 1748)  < Prev  1668 1669 1670 1671 1672 1673 1674 1675 1676 1677 1678  Next >
DNS vulnerabilities in shared host environments 2003-04-23
Chris Leishman (chris leishman org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

== Overview

A potential vulnerability in the use of DNS exists in some shared
hosting environments. Specifically, shared hosting services that
allow users to add domains to their account (so-called multi-domain
hosting or domain parking), usually via

[ more ]  [ reply ]
An Implementation of a Birthday Attack in a DNS Spoofing 2003-04-24
Ramon Izaguirre (ramontxo hotpop com)

An Implementation of a Birthday Attack in a DNS Spoofing.

By Ramon Izaguirre.

0.- Introduction,

In november 2002 Vagner Sacramento discovered that a dns server would reply
with n responses to n queries made
from different ip addresses for the same domain
(http://www.rnp.br/cais/alertas/2002

[ more ]  [ reply ]
Permanent crash in Opera 7.10 2003-04-24
David F. Madrid (conde0 telefonica net)

I have found that if you try to open in Opera 7.10 url bar a very large
news url like this ( not too many or Opera will do nothing , near the
limit )
news:AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA...

Opera crashes with an acess violation . EIP is not overwritten but the
program won´t work any more un

[ more ]  [ reply ]
Positive Technologies SA2003-0310: DoS-attack in VisNetic ActiveDefense 2003-04-24
Dmitry Maksimov (dmaksimov ptsecurity ru)
Positive Technologies Security Advisory
http://www.ptsecurity.com

Title: DoS-attack in VisNetic ActiveDefense
Date: March, 10 2003
Severity: High
Application: VisNetic ActiveDefense 1.3.1 and early
Platform: Windows 95/98/ME/NT/2000/

[ more ]  [ reply ]
Internet Explorer Plugin.ocx heap overflow (#NISR24042003) 2003-04-24
NGSSoftware Insight Security Research (nisr nextgenss com)
NGSSoftware Insight Security Research Advisory

Name: Internet Explorer ActiveX Control Heap Overflow
Systems Affected: IE 5.01 SP3, 5.5 SP2, 6.0 Gold, 6.0 SP1
Severity: Critical Risk
Category: Heap Overflow
Vendor URL: http://www.microsoft.com
Author: Mark Litchfield (mark@ng

[ more ]  [ reply ]
SuSE Security Announcement: KDE (SuSE-SA:2003:026) 2003-04-24
Sebastian Krahmer (krahmer suse de)

-----BEGIN PGP SIGNED MESSAGE-----

________________________________________________________________________
______

SuSE Security Announcement

Package: KDE
Announcement-ID: SuSE-SA:2003:0026
Date: Thu Apr 24 12

[ more ]  [ reply ]
BRS WebWeaver: Ftpd Lockdown via RETR cmd 2003-04-23
euronymous (just-a-user yandex ru)

=:=:=::=:=:=::=:=:=::=:=:=::=:=:=::=:=:=::=:=:=::=
topic: BRS WebWeaver: Ftpd Lockdown via RETR cmd
product: BRS WebWeaver 1.04 and prior
vendor: http://www.brswebweaver.com
risk: high
date: 04/23/2k3
tested platform: Windows 98 Second Edition
discovered by: euronymous /F0KP
advisory urls: http://

[ more ]  [ reply ]
SQL injection in BttlxeForum 2003-04-24
SecurityTracker (help securitytracker com)
Hi,

SAUDI_DEFACERZ reported an input validation vulnerability in the 'bttlxeForum' forum
software earlier today. A remote user can gain full control over the application.

You can see the original message from SAUDI_DEFACERZ at:

http://securitytracker.com/alerts/2003/Apr/1006632.html

The vendor

[ more ]  [ reply ]
NSFOCUS SA2003-04 : Remote Buffer Overflow Vulnerability in Web Management Interface of Cisco Secure ACS 2003-04-24
NSFOCUS Security Team (security nsfocus com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

NSFOCUS Security Advisory(SA2003-04)

Topic: Remote Buffer Overflow Vulnerability in Web Management Interface of
Cisco Secure ACS

Release Date: 2003-04-24

CVE CAN ID: CAN-2003-0210

Affected system:
===================

Cisco Secure ACS 2.6.4 f

[ more ]  [ reply ]
Nokia IPSO Vulnerability 2003-04-23
Jonas Eriksson (je sekure net) (1 replies)


There is a remote security vulnerability in the Nokia IPSO operating
system.

Anyone with access to the webgui (Voyager) on the Nokia IP-box
can read any file on the system.

For example, login as the user 'monitor' (disabled by default)
and use the readfile.tcl to read any file:

http://x.x.x.x/c

[ more ]  [ reply ]
RE: Nokia IPSO Vulnerability 2003-04-24
Jorge Merlino (jmerlino easynet com uy)
Cisco Security Advisory: Cisco Catalyst Enable Password Bypass Vulnerability 2003-04-24
Cisco Systems Product Security Incident Response Team (psirt cisco com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Cisco Security Advisory: Cisco Catalyst Enable Password Bypass
Vulnerability
=======================================================================

Revision 1.0

For Public Release 2003 April 24 08:00 (GMT)

- -------------------------------------

[ more ]  [ reply ]
[RHSA-2003:076-01] Updated ethereal packages fix security vulnerabilities 2003-04-23
bugzilla redhat com
---------------------------------------------------------------------
Red Hat Security Advisory

Synopsis: Updated ethereal packages fix security vulnerabilities
Advisory ID: RHSA-2003:076-01
Issue date: 2003-04-23
Updated on: 2003-04-23
Product:

[ more ]  [ reply ]
RE: [cgiwrap-users] RE: Format strings vuln in CGIwrap 2003-04-23
Neulinger, Nathan (nneul umr edu)
In any case, I've changed this in cvs so as to avoid setting off any
future false-alarms.

------------------------------------------------------------
Nathan Neulinger EMail: nneul (at) umr (dot) edu [email concealed]
University of Missouri - Rolla Phone: (573) 341-4841
Computing Services

[ more ]  [ reply ]
RE: Format strings vuln in CGIwrap 2003-04-23
Neulinger, Nathan (nneul umr edu)
This is not a security problem. This is a case of using an automated
tool to find these vulnerabilites and not attempting to understand the
code itself.

Nowhere in the code is MSG_Error_General() passed anything other than a
static compiled-into-the-executable string. It's purely a utility
functio

[ more ]  [ reply ]
[SECURITY] [DSA 294-1] New gkrellm-newsticker packages fix DoS and arbitrary command execution 2003-04-23
joey infodrom org (Martin Schulze)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 294-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Martin Schulze
April 23rd, 2003

[ more ]  [ reply ]
Format strings vuln in CGIwrap 2003-04-23
b0f www.b0f.net (b0fnet yahoo com)


A locally and possibly remotely exploitable format

strings bug exists

in cgiwrap available from

http://cgiwrap.sourceforge.net/

http://sourceforge.net/projects/cgiwrap

http://www.freebsd.org/ports/security.html

I. BACKGROUND

This is CGIWrap - a gateway that allows more secure

user

[ more ]  [ reply ]
[SECURITY] [DSA 293-1] New kdelibs packages fix arbitrary command execution 2003-04-23
joey infodrom org (Martin Schulze)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 293-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Martin Schulze
April 23rd, 2003

[ more ]  [ reply ]
Security problems in gkrellm-newsticker 2003-04-23
Martin Schulze (joey infodrom org)
Brian Campbell discovered two security-related problems in
gkrellm-newsticker, a plugin for the gkrellm system monitor program,
which provides a news ticker from RDF feeds. The following IDs were
assigned:

CAN-2003-0205

gkrellm-newsticker can launch a web browser of the user's choice
when the

[ more ]  [ reply ]
[SECURITY] [DSA 292-2] New mime-support packages fix temporary file race conditions 2003-04-23
joey infodrom org (Martin Schulze)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 292-2 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Martin Schulze
April 23rd, 2003

[ more ]  [ reply ]
Cracking preshared keys 2003-04-23
Michael Thumann (mthumann ernw de) (2 replies)
Hi,

we would like to announce the publication of a proof of concept paper 'PSK
cracking using IKE Aggressive Mode'. Paper can be downloaded from
www.ernw.de/download/pskattack.pdf .

The theoretical vulnerability about this topic is not new. While we were
preparing a talk about VPN hacking we co

[ more ]  [ reply ]
Re: Cracking preshared keys 2003-04-24
daw mozart cs berkeley edu (David Wagner)
Re: Cracking preshared keys 2003-04-23
Damir Rajnovic (gaus cisco com) (1 replies)
Re: Cracking preshared keys 2003-04-24
Derek (derekm rogers com)
Cisco Security Advisory: Cisco Secure Access Control Server for Windows Admin Buffer Overflow Vulnerability 2003-04-23
Cisco Systems Product Security Incident Response Team (psirt cisco com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Cisco Security Advisory: Cisco Secure Access Control Server for
Windows Admin Buffer Overflow Vulnerability
=======================================================================

Revision 1.0

For Public Release 2003 April 23 08:00 (GMT)

- ---------

[ more ]  [ reply ]
Snort <=1.9.1 exploit 2003-04-23
truff (truff projet7 org)
Here is some proof of concept code for the snort <=1.9.1 vuln.

--
/* truff (truff (at) projet7 (dot) org [email concealed])
* pgp public key: http://projet7.tuxfamily.org/pgp/truff.pgp
* http://www.projet7.org (Security Researchs)
*/

[ more ]  [ reply ]
[RHSA-2003:032-01] Updated tcpdump packages fix various vulnerabilities 2003-04-23
bugzilla redhat com
---------------------------------------------------------------------
Red Hat Security Advisory

Synopsis: Updated tcpdump packages fix various vulnerabilities
Advisory ID: RHSA-2003:032-01
Issue date: 2003-04-23
Updated on: 2003-04-23
Product:

[ more ]  [ reply ]
(Page 1673 of 1748)  < Prev  1668 1669 1670 1671 1672 1673 1674 1675 1676 1677 1678  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus