|
|
Colapse all |
Post message
Netscape and Opera crash via java 2003-03-28 Marc Schoenefeld (schonef uni-muenster de) (2 replies) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, executing <scr1pt language="Javascript"> t = new Packages.sun.plugin.javascript.navig5.JSObject(1,1); </scr1pt> crashes Netscape 7.02 and Opera 7 on Windows XP. The active JVM in both tested browsers is Java 1.4.1_02 from Sun. This liveconnect ( [ more ] [ reply ] Clearswift MAILsweeper hotfix 2003-03-28 fwegwg dfbndebndebner (erwin_lists hotmail com) Dear mailinglist readers, On the 17th of March 2003 Clearswift released a hotfix (4.3.7) for MAILsweeper version 4.3. In the accompanied Readme file (http://www.mimesweeper.com/download/bin/Patches/MAILsweeper_Patches_301 _ReadMe.htm) three vulnerabilities are reported. The first vulnerability is t [ more ] [ reply ] Re: [SCSA-011] Path Disclosure Vulnerability in XOOPS 2003-03-28 Grégory Le Bras (gregory lebras security-corporation com) In-Reply-To: <20030320195855.20555.qmail (at) www.securityfocus (dot) com [email concealed]> You can fix the path disclosure problem by adding this code in all the affected files : ---snip--- error_reporting(0); ---snip--- Greetz : Magistrat (http://www.blocus-zone.com) >From: "Grégory" Le Bras <gregory.leb [ more ] [ reply ] CORE-2003-0306: RealPlayer PNG deflate heap corruption vulnerability 2003-03-28 CORE Security Technologies Advisories (advisories coresecurity com) Re: SNMP security issues in D-Link DSL Broadband Modem/Router 2003-03-28 Maslov, Snowy (Snowy Maslov fujitsu com au) > From: Arhont Information Security [mailto:infosec (at) arhont (dot) com [email concealed]] > Sent: Friday, March 28, 2003 1:32 AM > To: bugtraq (at) securityfocus (dot) com [email concealed] > Subject: SNMP security issues in D-Link DSL Broadband Modem/Router > > While performing a general security testing of a > network, we have found several security [ more ] [ reply ] Mod_Survey ENV tag vulnerability 2003-03-28 Joel Palmius (joel palmius mh se) Attached is a security advisory for Mod_Survey, which is a mod_perl module for apache (see attachment). The advisory was first published 2003-03-23 at http://gathering.itm.mh.se/modsurvey/SA20030323.txt More info about Mod_Survey can be found on its home page, which is available at http://gatherin [ more ] [ reply ] MDKSA-2003:039 - Updated kernel22 packages fix multiple vulnerabilities 2003-03-28 Mandrake Linux Security Team (security linux-mandrake com) [SECURITY] [DSA 272-1] New dietlibc packages fix arbitrary code execution 2003-03-28 joey infodrom org (Martin Schulze) [SECURITY] [DSA 273-1] New krb4 packages fix authentication failure 2003-03-28 joey infodrom org (Martin Schulze) Fate Research Labs Presents: Analysis of the NTDLL.DLL Exploit 2003-03-28 Eric Hines (eric hines fatelabs com) (1 replies) Lists: I have written a 13 page analysis of NTDLL.DLL webdav exploit, which is located at http://www.fatelabs.com/library/fatelabs-ntdll-analysis.pdf . This paper provides granular detail on the affected component, log traces for log analysis, exploit output, and packet traces for those looking to [ more ] [ reply ] Re: Fate Research Labs Presents: Analysis of the NTDLL.DLL Exploit 2003-03-28 Dave Aitel (dave immunitysec com) RE: FUD-ALARM: @(#)Mordred Labs advisory - Integer overflow in PHP memory allocator 2003-03-28 sir mordred hushmail com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Stefan nicely asked me to provide real examples in the PHP source code in which was used something like - emalloc(userinput). In the advisory has been 2 examples, first used emalloc(userinput +1), second - emalloc(userinput + 2). Guess that was en [ more ] [ reply ] Re: D-Link DI-614 wiresless router crash/reboots 2003-03-28 Thierry Zoller (thierry sniff-em com) >A user of ours has reported that the D-Link DI-614+ Thomas forgot to include the Firmware that machine is running. I am a user of the above mentioned device, new firmware for EUROPEAN (important as the european distributors are lagging a few versions behind) and US versions can be found here (2) [ more ] [ reply ] MDKSA-2003:038 - Updated 2,4 kernel packages fix ptrace vulnerability 2003-03-28 Mandrake Linux Security Team (security linux-mandrake com) CORE-2003-0304-03: Vulnerability in GNOME's Eye of Gnome 2003-03-28 CORE Security Technologies Advisories (advisories coresecurity com) RE: D-Link DI-614 wiresless router crash/reboots 2003-03-28 Rick Koenig (rk4028 exchange concordia edu) Thomas, I have a DI-614+ that I use at home and I have noticed a significant number spontaneous reboots lately. A few weeks ago, I installed the beta firmware of Dlink's website thinking that that would solve the issue but that did not work either. I have not run any scanner on my device just eve [ more ] [ reply ] [SECURITY] [DSA 274-1] New mutt packages fix arbitrary code execution 2003-03-28 joey infodrom org (Martin Schulze) Problems with Snort-1.9.1 2003-03-27 Toby Miller (toby_miller adelphia net) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Problem: Snort-1.9.1 using a default snort.conf configuration does not detect certain crafted packets. Details: Snort-1.9.1 does not detect packets when the SYN,FIN and ECN echo bits set. The following is an example of a packet: 12:37:12.386797 10.1.1 [ more ] [ reply ] Re: PHPNuke viewpage.php allows Remote File retrieving 2003-03-26 admin gaylenandmargie com In-Reply-To: <1048644704.1429.19.camel (at) localhost (dot) loca [email concealed]ldomain> >From: Christopher Warner <zanee (at) kernelcode (dot) com [email concealed]> > >If you could follow up on this and give more details (versions affected) >etc etc; as it stands I'm gonna confirm that viewpage.php hasn't existed >for quite some time and that this [ more ] [ reply ] PostNuke Sensitive Information Disclosure 2003-03-26 rkc (rkc uncompiled com) (1 replies) Title: PostNuke path disclosure, and... (db name). Version: 0.7.2.3-Phoenix (other) Problem: A vulnerability have been found in Postnuke (v0.7.2.3-Phoenix) which allow users to determine the physical path of this cms. This vulnerability would allow a remote user to determine the full path to t [ more ] [ reply ] Re: Check Point FW-1: attack against syslog daemon possible 2003-03-27 Dr. Peter Bieringer (pbieringer aerasec de) Hi again, now we are finished the investigation of FW-1 4.1 (SP6) with following result: In our lab the syslog daemon of Check Point FW-1 4.1 didn't crash in case of sending "/dev/urandom" via "nc", but this floods the log without any rate limiting. Also the syslog messages were not filtered. [ more ] [ reply ] [SCSA-012] Multiple vulnerabilities in Sambar Server 2003-03-27 Grégory Le Bras (gregory lebras security-corporation com) ________________________________________________________________________ Security Corporation Security Advisory [SCSA-012] ________________________________________________________________________ PROGRAM: Sambar Server HOMEPAGE: http://www.sambar.com/ VULNERABLE VERSIONS: 5.3 and prior [ more ] [ reply ] |
|
Privacy Statement |
=:=:=::=:=:=::=:=:=::=:=:=::=:=:=::=:=:=::=:=:=::=
topic: Beanwebb Guestbook v1.0 vulnerabilities
product: Beanwebb Guestbook v1.0
vendor: http://www.adam.orientfans.co.uk
risk: high
date: 03/29/2k3
discovered by: euronymous /F0KP
advisory urls: http://f0kp.iplus.ru/bz/016.en.txt
[ more ] [ reply ]