|
|
Colapse all |
Post message
sendmail 8.12.8 available 2003-03-03 Claus Assmann ca+bugtraq (at) sendmail (dot) org [email concealed] (ca+bugtraq sendmail org) GTcatalog (PHP) 2003-03-03 Frog Man (leseulfrog hotmail com) Informations : °°°°°°°°°°°°°° Version : 0.9 Website : http://www.geektweaked.com Problem : - Informations Disclosure (Admin Password) - File Including PHP Code/Location : °°°°°°°°°°°°°°°°°°° password.inc : <? $globalpw = "[PASSWORD]"; ?> index.php : ------------------------------------------- [ more ] [ reply ] New HP Jetdirect SNMP password vulnerability when using Web JetAdmin 2003-03-03 Sven Pechler (helpdesk tm tue nl) Hello, During an analysis of some HP Jetdirect cards I discovered a security issue that could lead to full access to a networked printer. It looks like the vulnerability described in http://www.securityfocus.com/bid/5331, but the OID is different and you can only obtain one specific p [ more ] [ reply ] Implementation flaws in Adobe Document Server for Reader Extensions 2003-03-03 info elcomsoft com Summary ======================================================================== ======= Free Adobe Acrobat Reader (version 5.1 or later) has ability to: add notes and attachments, add and check digital signatures, save forms locally, fill them out online, distribute to others for review and commen [ more ] [ reply ] WebChat (PHP) 2003-03-03 Frog Man (leseulfrog hotmail com) Informations : °°°°°°°°°°°°°° Version : 0.77 Website : http://www.webdev.ro Problem : File Including PHP Code/Location : °°°°°°°°°°°°°°°°°°° defines.php : ----------------------------------------------- <? if (!isset($WEBCHATPATH)) { $WEBCHATPATH = './'; } include ($WEBCHATPATH.'db_mysql.php'); [ more ] [ reply ] PHP-Nuke : config.php reveled with php uploaded file.(Affect all uploads implementations in phpnuke).SECURING PHP-NUKE. 2003-03-01 Lorenzo Hernandez Garcia-Hierro (webmaster lorenzohgh com) Hello again friends, Proving in my sites www.novappc.com , i discovered that the PHP-nuke code injection for write the content of config.php in a file have more vulnerabilities than one ,i explain it: PROBLEM: Webmail module is an unsafely mail system , but not all the package, only [ more ] [ reply ] Re: Netscape Communicator 4.x sensitive informations in configuration file 2003-02-28 Neil Dickey (neil geol niu edu) (1 replies) Marc Ruef <marc.ruef (at) computec (dot) ch [email concealed]> wrote: >The following paste shows the IMAP mail part of this configuration file. >You can see that the line 17 shows the unencrypted password >("MyPassword4"). > >[ ... Snip ... ] > >user_pref("mail.imap.server.imap.computec.ch.password", "MyPassword4"); >user_pre [ more ] [ reply ] Re: Netscape Communicator 4.x sensitive informations in configuration file 2003-03-03 MightyE (mightye mightye org) Easy obtaining User+Pass+More on CoffeeCup Password Wizard All Versions 2003-02-28 Rynho Zeros Web (hackargentino gmx net) + Topic: Easy obtaining User+Pass+More on CoffeeCup Password Wizard All Versions + Product: CoffeeCup Password Wizard All Versions + Vendor: CoffeeCup Software, Inc. + Site: http://www.coffeecup.com/java-password/ + About CoffeeCup Password Wizard: Create unlimited password protected pages with [ more ] [ reply ] Re: Self-Executing HTML: Internet Explorer 5.5 and 6.0 Part II -.zipper 2003-03-01 Dror Shalev (drorshalev yahoo com) In-Reply-To: <200302252144.h1PLikH07853 (at) web180.megawebservers (dot) com [email concealed]> .zip is the must importent issue. the Zip is the key point in this Perfect demo by http-equiv . you can do more cool things with Jscript like getting Windows User Name (via document.location) or run even regular EXE (TIF E [ more ] [ reply ] nethack C340-137: security issue fixed 2003-03-01 devteam nethack org Recently, a security issue affecting shared installations of nethack 3.4.0 where the game was installed setuid or setgid was discovered. This bug has now been fixed. This issue was reported to bugtraq by tsao_4sh0 (at) hushmail (dot) com [email concealed] on 2/8/03 as "Subject: #!ICadv-02.09.03: nethack 3.4.0 local buffer ove [ more ] [ reply ] Security responsible at AOL 2003-03-02 Michael Schwartzkopff (misch multinet de) Hi, I tried for a long time to contact a security responsible at AOL. I had no chance with the telephone or via web. Is here anybody to tell me whom to contact at AOL. Thanks. -- Dr. Michael Schwartzkopff MultiNET Services GmbH Bretonischer Ring 7 85630 Grasbrunn Tel: (089) 456 911 50 Fax: (08 [ more ] [ reply ] web-erp 0.1.4 database access vulnerability 2003-03-01 Ryan Fox (rfox amerisuk com) ================================== Security REPORT web-erp 0.1.4 and earlier ================================== Product: web-erp 0.1.4 and earlier Vulnerabilities: full database access Vendor: Phil Daintree (http://web-erp.sourceforge.net/) Vendor-Status: E-Mail to "p.daintree (at) xtra.co (dot) nz [email concealed]" date: 27.0 [ more ] [ reply ] Re: Netscape Communicator 4.x sensitive informations in configuration file 2003-02-28 psz maths usyd edu au (Paul Szabo) Byron York <byron (at) benefitrecovery (dot) com [email concealed]> wrote: >> ... I've checked a file named prefs.js ... >> the IMAP mail part ... shows the unencrypted password ... >> >> user_pref("mail.imap.server.imap.computec.ch.password", "MyPassword4"); >> user_pref("mail.imap.server.imap.computec.ch.remember_password", [ more ] [ reply ] Re: PHP code injection in CuteNews 2003-02-28 Steve Grubb (linux_4ever yahoo com) In-Reply-To: <E18ndJT-000JS2-00 (at) f19.mail (dot) ru [email concealed]> Hello, If the cutenews website is running apache 2.x which leaks descriptors to all kinds of things http://marc.theaimsgroup.com/?l=vuln-dev&m=104585997219471&w=2 Then you can do this: config.php = <html><head><title>File List</title></he [ more ] [ reply ] re: Security contact at SMC 2003-02-28 Gshively (gshively pivx com) Charles, You can try the below contacts, I hope they help. Cheers, Geoff Shively North America ------------------------- SMC Networks public.relations (at) smc (dot) com [email concealed] Agency Contact NetPR 850-835-2694 Kimberly Maxwell, ext. 301 kimberly (at) netpr (dot) net [email concealed] Trisha King, ext. 303 trish (at) netpr (dot) net [email concealed] Germany ------- [ more ] [ reply ] Re: QuickTime/Darwin Streaming Administration Server Multiple vulnerabilities 2003-02-28 Joe Testa (Joe_Testa rapid7 com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Word. I've found two other issues in QuickTime Streaming Server v4.1.1 that seem to be fixed in the newest v4.1.3: 1.) File probing: Request: http://localhost:1220/parse_xml.cgi?filename=../nonexistent Response: 'Can't access HTML file '../ [ more ] [ reply ] Security contact at SMC 2003-02-28 Charles M. Richmond (cmr iisc com) Folks; I am looking for a security contact at SMC as I have found a fairly serious issue with one of their products. Since security (at) smc (dot) com [email concealed] doesn't work and I don't feel like playing with web forms... I was hoping someone here has an email address. Charles Richmond --- ************************** [ more ] [ reply ] |
|
Privacy Statement |
Sendmail, Inc., and the Sendmail Consortium announce the availability
of sendmail 8.12.8. It contains a fix for a critical security
problem discovered by Mark Dowd of ISS X-Force; we thank ISS X-Force
for bringing this problem to our attention. Sendmail urges al
[ more ] [ reply ]