BugTraq Mode:
(Page 1681 of 1748)  < Prev  1676 1677 1678 1679 1680 1681 1682 1683 1684 1685 1686  Next >
NetBIOS could be used as network flood amplier 2003-04-03
Francesco Vigo (f vigo anti-idle com)


Overview:

Commonly used services, such as NetBIOS Name Server can be used to flood

hosts with UDP data, sending spoofed name requests.

Details:

Sending a Netbios Name Request to a broadcast address on an insecure

network (for 'insecure' I mean a network that does not filter packets

[ more ]  [ reply ]
Using Java from Javascript 2003-04-02
David F. Madrid (conde0 telefonica net)

Opera and Netscape browsers allow you to include java methods calls in your
javascript .
As Javascript has support for objects you can use objects returned by
these calls in your scripts .

I have been looking for information about the possibly security
implications ( and vulnerabilities
publi

[ more ]  [ reply ]
RE: Another security problem in Netgear FM114P ProSafe Wireless Router firmware (also level-one) 2003-04-02
Björn Stickler (stickler rbg informatik tu-darmstadt de)
ADDITION:
°°°°°°°°°

it seems that several routers from level-one are also vulnerable to the
method described.
and another nice feature is adding port mappings for passing through
nat-firewall.

--- sample for passing port 139 (netbios) from internal ip 192.168.0.2: ---

POST /upnp/service/WANPPPC

[ more ]  [ reply ]
SRT2003-04-03-1300 - Interbase ISC_LOCK_ENV overflow 2003-04-03
KF (dotslash snosoft com)


[ more ]  [ reply ]
Sakki's guestbook V.1.01 script injection vulnerability. 2003-04-03
drG4njubas (drG4nj mail ru)
This advisory can be found at www.blacktigerz.org.

Description:
Easy to manage and configure asp powered guestbook.
Works with MS Access database or without it.

Vendor:
http://www.sakki.net

Vulnerability:
gb.asp neglects filtering user input allowing for script injection to
the guestbook via
"na

[ more ]  [ reply ]
Another security problem in Netgear FM114P ProSafe Wireless Router firmware 2003-04-02
Björn Stickler (stickler rbg informatik tu-darmstadt de)
hi,
i found another security problem in netgear prosafe wireless router model
FM114P:
when remote-access and upnp features are enabled, the WAN connection
username and password can be retrieved without any authentication using
upnp. if remote management is enabled anyone can do this from the web. th

[ more ]  [ reply ]
passlogd sniffer remote buffer overflow root exploit. 2003-04-03
dong-h0un U (xploit hackermail com)

Hello.

Exploit confirmed possible truth in OpenBSD.
But, I did not exploit.
Also, did not test in RedHat 8.0.

Thank you.

--

/*
**
** [*] Title: Remote Multiple Buffer Overflow vulnerability in passlogd sniffer.
** [+] Exploit code: 0x82-Remote.passlogd_sniff.xpl.c
**
** [+] Description --
**
**

[ more ]  [ reply ]
SRT2003-04-02-1735 - Progress PROSTARTUP root owned file read 2003-04-02
KF (dotslash snosoft com)
This data can be found at http://www.secnetops.biz/research

-KF

[ more ]  [ reply ]
[SECURITY] [DSA 277-1] New apcupsd packages fix remote root exploit 2003-04-03
joey infodrom org (Martin Schulze)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 277-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Martin Schulze
April 3rd, 2003

[ more ]  [ reply ]
Security Update: [CSSA-2003-016.0] OpenLinux: sendmail sign extension buffer overflow (CERT CA-2003-12) 2003-04-03
security sco com
To: bugtraq (at) securityfocus (dot) com [email concealed] announce (at) lists.caldera (dot) com [email concealed] security-alerts (at) linuxsecurity (dot) com [email concealed]

________________________________________________________________________
______

SCO Security Advisory

Subject: OpenLinux: sendmail sign extension buffer overflow (CERT CA-2003-12)
Advisory number: CSSA

[ more ]  [ reply ]
Sendmail parseaddr security vulnerability on IRIX 2003-04-02
SGI Security Coordinator (agent99 sgi com)
-----BEGIN PGP SIGNED MESSAGE-----

________________________________________________________________________
______
SGI Security Advisory

Title : Sendmail parseaddr security vulnerability
Number : 20030401-01-P
Date : April 2, 2003
Reference: CERT CA-2003-12
Refere

[ more ]  [ reply ]
[RHSA-2003:109-03] Updated balsa and mutt packages fix vulnerabilities 2003-04-03
bugzilla redhat com
---------------------------------------------------------------------
Red Hat Security Advisory

Synopsis: Updated balsa and mutt packages fix vulnerabilities
Advisory ID: RHSA-2003:109-03
Issue date: 2003-04-03
Updated on: 2003-04-03
Product:

[ more ]  [ reply ]
[RHSA-2003:060-01] Updated NetPBM packages fix multiple vulnerabilities 2003-04-03
bugzilla redhat com
---------------------------------------------------------------------
Red Hat Security Advisory

Synopsis: Updated NetPBM packages fix multiple vulnerabilities
Advisory ID: RHSA-2003:060-01
Issue date: 2003-04-03
Updated on: 2003-04-03
Product:

[ more ]  [ reply ]
Multiple vulnerabilities in AutomatedShops WebC shopping cart 2003-04-03
Carl Livitt (carl learningshophull co uk)

See attached advisory.

[ more ]  [ reply ]
Re: Phorum 3.4 Cross Site Scripting 2003-04-03
Brian Moon (brian phorum org)
In-Reply-To: <20030402131944.18760.qmail (at) www.securityfocus (dot) com [email concealed]>

FYI, the versions prior to 3.4 did not have this problem.

Brian.

Phorum Dev Team

>From: Peter "Stöckli" <pcs (at) pcsmedia (dot) net [email concealed]>

>To: bugtraq (at) securityfocus (dot) com [email concealed]

>Subject: Phorum 3.4 Cross Site Scripting

>

>

>

>Description:

>It i

[ more ]  [ reply ]
[SECURITY] [DSA 276-1] New Linux kernel packages (s390) fix local root exploit 2003-04-03
joey infodrom org (Martin Schulze)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 276-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Martin Schulze
April 3rd, 2003

[ more ]  [ reply ]
[RHSA-2003:128-01] Updated Eye of GNOME packages fix vulnerability 2003-04-03
bugzilla redhat com
---------------------------------------------------------------------
Red Hat Security Advisory

Synopsis: Updated Eye of GNOME packages fix vulnerability
Advisory ID: RHSA-2003:128-01
Issue date: 2003-04-03
Updated on: 2003-04-03
Product: Re

[ more ]  [ reply ]
OpenSSH 3.6.1 released 2003-04-01
Markus Friedl (markus openbsd org)
OpenSSH 3.6.1 has just been released. It will be available from the
mirrors listed at http://www.openssh.com/ shortly.

OpenSSH is a 100% complete SSH protocol version 1.3, 1.5 and 2.0
implementation and includes sftp client and server support.

We would like to thank the OpenSSH community for their

[ more ]  [ reply ]
MDKSA-2003:040 - Updated Eterm packages fix escape sequence insecurities 2003-04-01
Mandrake Linux Security Team (security linux-mandrake com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

________________________________________________________________________

Mandrake Linux Security Update Advisory
________________________________________________________________________

Package name: Eterm
Advisory ID:

[ more ]  [ reply ]
Microsoft Terminal Services vulnerable to MITM-attacks. 2003-04-01
Erik Forsberg forsberg+btq (at) cendio (dot) se [email concealed] (forsberg+btq cendio se) (1 replies)

During extensive investigation of the Remote Desktop Protocol (RDP),
the protocol used to connect to Windows Terminal Services, we (Cendio
Systems) have found that although the information sent over the network is
encrypted, there is no verification of the identity of the server when
setting up the

[ more ]  [ reply ]
RE: Microsoft Terminal Services vulnerable to MITM-attacks. 2003-04-03
Larry Seltzer (larry larryseltzer com)
Java and Javascript 2003-04-02
David F. Madrid (conde0 telefonica net)


Opera and Netscape browsers allow you to include java methods calls in your
javascript .
As Javascript has support for objects you can use objects returned by
these calls in your scripts .

I have been looking for information about the possibly security
implications ( and vulnerabilities
publ

[ more ]  [ reply ]
[RHSA-2003:091-01] Updated kerberos packages fix various vulnerabilities 2003-04-02
bugzilla redhat com
---------------------------------------------------------------------
Red Hat Security Advisory

Synopsis: Updated kerberos packages fix various vulnerabilities
Advisory ID: RHSA-2003:091-01
Issue date: 2003-04-02
Updated on: 2003-04-02
Product:

[ more ]  [ reply ]
[INetCop Security Advisory] Remote Multiple Buffer Overflow vulnerability in passlogd sniffer. 2003-04-02
dong-h0un U (xploit hackermail com)


========================================
INetCop Security Advisory #2003-0x82-015
========================================

* Title: Remote Multiple Buffer Overflow vulnerability in passlogd sniffer.

0x01. Description

About:
passlogd(passive syslog capture daemon) is a purpose-built sniffe

[ more ]  [ reply ]
IkonBoard v3.1.1: arbitrary command execution 2003-04-01
Nick Cleaton (nick cleaton net)

========================================================================
====

Vulnerable: IkonBoard 3.1.1 (and probably earlier)
Category: Perl/CGI coding errors
Impact: Arbitrary command execution
Date: 1st April 2003
Vendor: The Jarvis Group
Homepage: htt

[ more ]  [ reply ]
(Page 1681 of 1748)  < Prev  1676 1677 1678 1679 1680 1681 1682 1683 1684 1685 1686  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus