|
|
Colapse all |
Post message
Defeating HTML "Encryption" 2003-04-22 rjfix yahoo com There are quite a few HTML Encryptors that can be found online which promise to "encrypt" the user's HTML code disable printing, right mouse clicks and other "protections". Examples of such tools are: http://www.protecthtml.com/ http://www.protware.com/ This exploit will not focus o [ more ] [ reply ] [CLA-2003:630] Conectiva Security Announcement - balsa 2003-04-22 Conectiva Updates (secure conectiva com br) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ -- CONECTIVA LINUX SECURITY ANNOUNCEMENT - ------------------------------------------------------------------------ -- PACKAGE : balsa SUMMARY : Buffer overflow in IMAP code [ more ] [ reply ] Stealth DMCA. Be afraid. Be very afraid... 2003-04-21 alaskan telusplanet net (2 replies) Not sure if this is alarmist, or even the correct venue to address this issue, but I would think it worthy of mention to everyone who reads this list. http://www.eff.org/IP/DMCA/states/200304_sdmca_eff_analysis.php The proposed super-DMCA statutes reverse this traditional rule. Under these statut [ more ] [ reply ] [SECURITY] [DSA 292-1] New mime-support packages fix temporary file race conditions 2003-04-22 joey infodrom org (Martin Schulze) [CLA-2003:629] Conectiva Security Announcement - tcpdump 2003-04-22 Conectiva Updates (secure conectiva com br) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ -- CONECTIVA LINUX SECURITY ANNOUNCEMENT - ------------------------------------------------------------------------ -- PACKAGE : tcpdump SUMMARY : Several vulnerabilities DAT [ more ] [ reply ] [SECURITY] [DSA 291-1] New ircII packages fix DoS and arbitrary code execution 2003-04-22 joey infodrom org (Martin Schulze) AN HTTPd Sample Script File Truncation 2003-04-21 Matthew Murphy (mattmurphy kc rr com) Product Description AN HTTPd is a relatively small, powerful web server designed for Windows systems. It supports ISAPI, CGI, SSI, and several other powerful technologies (such as isolated worker processes) usually only seen in production servers. More information on AN HTTPd is available at http [ more ] [ reply ] RE: Authentication flaw in microsoft SMB protocol 2003-04-21 Jesper Johansson (jesperjo microsoft com) > -----Original Message----- > From: Dave Aitel [mailto:dave (at) immunitysec (dot) com [email concealed]] > Also found and demonstrated by dildog at defcon 3 years ago. So don't > hold your breath waiting for that patch. You don't need to wait. This is prevented with NTLM v.2, which shipped with Windows NT 4.0 SP4 in Octobe [ more ] [ reply ] PTNews v1.7.7 - Access to administrator functions without authentification 2003-04-21 scrap (webmaster securiteinfo com) PTNews v1.7.7 - Access to administrator functions without authentification .oO Overview Oo. PTNews v1.7.7 - Access to administrator functions without authentification Discovered on 2003, April, 7th Vendor: PTNews - http://www.openbg.net/ptsite/ PT News is a simple news system. This is lite solut [ more ] [ reply ] Re: Exploit/DoS in MS Internet Explorer 6.0 (OBJECT Tag) 2003-04-21 mattmurphy kc rr com In-Reply-To: <20030416195550.2126.qmail (at) www.securityfocus (dot) com [email concealed]> >*Description* >Microsoft Internet Explorer 6.0 (other versions not tested) is >vulnerable to a DoS when specially crafted html is present on a page. >The vulnerability is in the processing of the OBJECT tag. A *year-old* DoS. [ more ] [ reply ] Remote Vulnerabilties in mod_ntlm 2003-04-21 Matthew Murphy (mattmurphy kc rr com) Product Description mod_ntlm is an Apache module (originially designed for Apache 1.3, now available for Apache 2.0) that provides the ability for Apache services to authenticate users via the NTLM authentication technology that is largely specific to Microsoft IIS. Home page: http://www.sourcefor [ more ] [ reply ] MPCSoftWeb Guest Book vulnerabilities. 2003-04-20 drG4njubas (drG4nj mail ru) Date: 20.04.2003 Subject: MPCSoftWeb Guest Book vulnerabilities. Description: This Guest Book is designed to be easy to use and configure, it uses a Microsoft Access 2000 database to store the messages. It has a number of features: emoticons and text formatting, a profanity or unwanted word fil [ more ] [ reply ] ACER Travelmate 600 and 800 series - Smartcard flawed Implementation 2003-04-21 Leonard Ong nokia com Background ------------------- Acer Travelmate 600, 800 series notebooks include a smartcard reader, two smartcards and a security application called Platinum Secure. The smart card security system should prevent access to the console while the smartcard is not present or when password has not b [ more ] [ reply ] Monkey HTTPd Remote Buffer Overflow 2003-04-20 Matthew Murphy (mattmurphy kc rr com) Monkey HTTP Daemon Remote Buffer Overflow ABSTRACT "Monkey is a Web server written in C that works under Linux. This is an open source project based on the HTTP/1.1 protocol. The objective is to develop a fast, efficient, small and easy to configure web server." (quote from http://monkeyd.source [ more ] [ reply ] BadBlue Remote Administrative Access Vulnerability 2003-04-20 Matthew Murphy (mattmurphy kc rr com) BadBlue Arbitrary Administrative Actions Vulnerability I. Synopsis Author: Matthew Murphy (mattmurphy (at) kc.rr (dot) com [email concealed]) Release Date: April 20, 2003 Vendor References: * http://www.badblue.com * http://www.badblue.com/down.htm Affected Systems: BadBlue 2.15 and prior Risk: High Issue: A vulnerability e [ more ] [ reply ] Race in XP SCM Service Shutdown Mechanism 2003-04-20 Matthew Murphy (mattmurphy kc rr com) Race Condition in Windows XP Service Control Manager Service Shutdown Mechanism ABSTRACT "The Windows XP Professional operating system is the best choice for businesses of all sizes. Windows XP Professional integrates the strengths of Windows 2000 Professional, such as standards-based security, ma [ more ] [ reply ] IE 6.0 - trivial crash - part II 2003-04-18 Adam [ckkl] (ckkl poczta wp pl) (1 replies) Hello, Nothing to add again, just a trivial IE crash. http://www.sztolnia.pl/hack/TrivialIECrash2/TrivialIECrash2.html I checked the net and haven't found any other sysmon.ocx vulnerability, except this one http://www.ussrback.com/labs57.html but this one uses different CLSID. Thx to Richard Mo [ more ] [ reply ] IE / Outlook / MS SHLWAPI Render - more trivial crash 2003-04-21 Ramon Pinuaga Cascales (rpinuaga s21sec com) (1 replies) RE : IE / Outlook / MS SHLWAPI Render - more trivial crash 2003-04-22 Gervaize Maquard (freestyler tiscali fr) Authentication flaw in microsoft SMB protocol 2003-04-19 seclab ce aut ac ir (1 replies) Detailed information: http://seclab.ce.aut.ac.ir/vreport.htm Summary ======= Microsoft uses SMB Protocol for ?File and Printer sharing service? in all versions of Windows. Upon accessing a network resource, NTLM Authentication is used to authenticate the client on the server. When a lo [ more ] [ reply ] Exploit for PoPToP PPTP server 2003-04-18 einstein, dhtm (einstein_dhtm front ru) hello bugtraq, Here is an exploit for a recently discovered vulnerability in PoPToP PPTP server under Linux. Versions affected are all prior to 1.1.4-b3 and 1.1.3-20030409. The exploit is capable of bruteforcing the RET address to find our buffer in the stack. Upon a successfull run it brings up a [ more ] [ reply ] Xinetd 2.3.10 Memory Leaks 2003-04-18 Steve Grubb (linux_4ever yahoo com) BACKGROUND ----------- Xinetd is a popular inetd replacement. Shortly after the 2.3.9 release in September 2002, it was realized that xinetd was leaking file descriptors. That problem turned out to be that file descriptors were not always being closed whenever a connection was rejected. [ more ] [ reply ] |
|
Privacy Statement |
oft.com>
On Mon, 21 Apr 2003, Jesper Johansson wrote:
>You don't need to wait. This is prevented with NTLM v.2, which shipped
>with Windows NT 4.0 SP4 in October 1998. This type of attack is also
>foiled wit
[ more ] [ reply ]