|
|
Colapse all |
Post message
[New Research Paper] Bound by Tradition: A sampling of the security posture of the Internet's DNS servers 2003-03-06 Mike Schiffman (mike infonexus com) Hello. I just put the finishing touches on a whitepaper detailing the security posture of the Internet's DNS infrastructure. To wit: "DNS servers across the Internet running BIND are not up to date with security patches and software updates. As a result, a significant fraction of the Internet's DNS [ more ] [ reply ] New HP Jetdirect SNMP password vulnerability when using Web JetAdmin 2003-03-06 Sven Pechler (helpdesk tm tue nl) Hello, During an analysis of some HP Jetdirect cards I discovered a security issue that could lead to full access to a networked printer. It looks like the vulnerability described in http://www.securityfocus.com/bid/5331, but the OID is different and you can only obtain one specific p [ more ] [ reply ] Security Update: [CSSA-2003-SCO.4] UnixWare 7.1.1 Open UNIX 8.0.0 UnixWare 7.1.3 : Lax permissions on /dev/X 2003-03-05 security caldera com To: bugtraq (at) securityfocus (dot) com [email concealed] announce (at) lists.caldera (dot) com [email concealed] scoannmod (at) xenitec.on (dot) ca [email concealed] full-disclosure (at) lists.netsys (dot) com [email concealed] ________________________________________________________________________ ______ SCO Security Advisory Subject: UnixWare 7.1.1 Open UNIX 8.0.0 UnixWare 7.1.3 : Lax permissions on /d [ more ] [ reply ] ILLC 2003-03-06 Hugo Vázquez Caramés (overclocking_a_la_abuela hotmail com) We would like to clarify some points on our previous post about Inverse Lookup Log Corruption. "ILLC" has nothing to do with CERT advisory "CA-2000-02" (http://www.cert.org/advisories/CA-2000-02.html). With our technique an attacker can spoof the IP on web server logs...(completely on Ip [ more ] [ reply ] [SCSA-009] Remote Command Execution Vulnerability in PHP Ping 2003-03-06 Grégory Le Bras (gregory lebras security-corp org) ________________________________________________________________________ Security Corporation Security Advisory [SCSA-009] ________________________________________________________________________ PROGRAM: PHP Ping HOMEPAGE: http://www.phpapps.org/ VULNERABLE VERSIONS: v0.1 and prior ____ [ more ] [ reply ] [RHSA-2003:039-06] Updated im packages fix insecure handling of temporary files 2003-03-06 bugzilla redhat com PHP-Nuke 6.0 (& 6.5?) : Serious SQL Injection Security Holes 2003-03-06 Frog Man (leseulfrog hotmail com) Informations : °°°°°°°°°°°°°° Language : PHP Website : http://www.phpnuke.org Versions : 6.0 (& 6.5?) Modules : Members_List, Your_Account Problem : SQL Injection PHP Configuration : This will work if magic_quotes_gpc=OFF. PHP Code/Location : °°°°°°°°°°°°°°°°°°° /modules/Members_List/index.php : [ more ] [ reply ] Re: SA-03:04.sendmail Bin Update 2003-03-05 Charles M. Richmond (cmr iisc com) The following exchange covers a method of upgrading the sendmail binaries while postponing redoing the CFs. If you have a bunch of systems with varying configs then it might be a useful way of getting the security fix in place with your old CFs. It will also allow you to test the install of the n [ more ] [ reply ] 3Com SuperStack 3 Firewall Content Filter Exploitable Via Telnet 2003-03-04 bit_logic s-mail com (2 replies) The following exploit presumably applies to all versions of the 3COM web content filtering software, and possibly web filtering devices of other makers. Many businesses, schools, libraries, and other public places providing Internet access to customers implement web content filters to min [ more ] [ reply ] Re: 3Com SuperStack 3 Firewall Content Filter Exploitable Via Telnet 2003-03-05 Niels Bakker (niels=bugtraq bakker net) (1 replies) Re: 3Com SuperStack 3 Firewall Content Filter Exploitable Via Telnet 2003-03-06 der Mouse (mouse Rodents Montreal QC CA) Re: 3Com SuperStack 3 Firewall Content Filter Exploitable Via Telnet 2003-03-05 David G. Andersen (dga lcs mit edu) Sendmail exploit released??? 2003-03-05 Kryptik Logik (kryptiklogik hushmail com) Folks: Refer to this article in ComputerWorld http://www.computerworld.com/securitytopics/security/holes/story/0,10801 ,79 021,00.html about some Russian Hacker site releasing Sendmail exploit code. Is it any different than the LSD exploit code or is is a "security- guru-security-know-all" [ more ] [ reply ] |
|
Privacy Statement |
I think you don't need other comments:
/*
**
** Tested on rh 7.3 using XFree86
** xscreensaver vulnerability
** AUTHORS: Angelo Rosiello (Guilecool) & deka
** REQUIRES: X must be run!
** EFFECTS: local root exploit!
**
** deka is leet brother, thank you :>
** MAIL: guilecool (at) usa (dot) com [email concealed]
*
[ more ] [ reply ]