|
|
Colapse all |
Post message
[SNS Advisory No.62] Webmin/Usermin Session ID Spoofing Vulnerability "Episode 2" 2003-02-24 snsadv (at) lac.co (dot) jp [email concealed] (snsadv lac co jp) ---------------------------------------------------------------------- SNS Advisory No.62 Webmin/Usermin Session ID Spoofing Vulnerability "Episode 2" Problem first discovered on: Wed, 19 Feb 2003 Published on: Mon, 24 Feb 2003 Previous Issue: http://www.lac.co.jp/security/english/snsadv_e/53_e.ht [ more ] [ reply ] FreeBSD Security Advisory FreeBSD-SA-03:03.syncookies 2003-02-24 FreeBSD Security Advisories (security-advisories freebsd org) Webmin 1.050 - 1.060 remote exploit 2003-02-24 Carl Livitt (carl learningshophull co uk) Hi all, Attached is an exploit for the latest Webmin vulnerability. It relies on a non-default setting (passdelay) to be enabled. Webmin can verify user authentication by use of a session ID (SID) that is assigned when a user successfully authenticates to Webmin. It is possible to inject a fak [ more ] [ reply ] O UT LO OK E XPRE SS 6 .00 : broken 2003-02-23 http-equiv (at) excite (dot) com [email concealed] (http-equiv malware com) Saturday, February 22, 2003 Technical silent delivery and installation of an executable no client input other than reading an email or viewing a newsgroup message. Outlook Express 6.00 SP1 Cumulative Pack 1 2 3 4 whatever. This should not be possible. When viewing an email message or a newsgr [ more ] [ reply ] [SCSA-006] XSS & Function Execution Vulnerabilities in Nuked-Klan 2003-02-22 Grégory Le Bras (gregory lebras security-corp org) ________________________________________________________________________ Security Corporation Security Advisory [SCSA-006] ________________________________________________________________________ PROGRAM: Nuked-Klan HOMEPAGE: http://www.nuked-klan.org VULNERABLE VERSIONS: beta 1.3 ______ [ more ] [ reply ] [SCSA-007] Cross Site Scripting Vulnerabilities in WWWBoard 2003-02-23 Grégory Le Bras (gregory lebras security-corp org) ________________________________________________________________________ Security Corporation Security Advisory [SCSA-007] ________________________________________________________________________ PROGRAM: WWWBoard HOMEPAGE: http://www.scriptarchive.com VULNERABLE VERSIONS: 2.0A2.1 and pri [ more ] [ reply ] Re: phpBB Security Bugs 2003-02-22 Lucas Armstrong (lucas cgishield com) In-Reply-To: <1045822791.7155.11.camel@fluffy> Konrad, This particular SQL Injection technique makes it possible to isolate each hex digit in the md5 hash, and allows you to guess that digit's particular value. Each digit would be guessed in 16 tries or less. Since there are 32 digits in a [ more ] [ reply ] eject 2.0.10 vulnerability 2003-02-22 nordi (nordi addcom de) ###################################################################### Application: eject Version: 2.0.10 Platforms: Linux Distribution: SuSE 7.3, most likely other versions of SuSE Linux as well also all distributions that make eject SUID root Bugs: verbose error messages reveal l [ more ] [ reply ] RE: Bypassing Personal Firewalls 2003-02-22 John Howie (JHowie securitytoolkit com) Folks, The security model employed by the OS for calls to OpenProcess () and the like is not radically different from that used in calls such as CreateFile (). The true problem is the lack of understanding of process and thread creation on Win32 systems. A process created using CreateProcess () ca [ more ] [ reply ] buffer overrun in zlib 1.1.4 2003-02-22 Richard Kettlewell (rjk greenend org uk) zlib contains a function called gzprintf(). This is similar in behaviour to fprintf() except that by default, this function will smash the stack if called with arguments that expand to more than Z_PRINTF_BUFSIZE (=4096 by default) bytes. There is an internal #define (HAS_vsnprintf) that causes it [ more ] [ reply ] Bypassing Personal Firewalls 2003-02-21 xenophi1e (oliver lavery sympatico ca) (2 replies) [MODERATOR: posted this to vuln-dev where it recieved some interest. Thought it might be interesting to a wider audience. Here's a revised version of the same post] Here's a code snippet that injects code directly into a running process without the need for a DLL etc. I believe that it de [ more ] [ reply ] RE: Bypassing Personal Firewalls 2003-02-21 Drew Copley (dcopley eeye com) (1 replies) Re: twlc advisory: all versions of php nuke are vulnerable... 2003-02-19 Jessica Smith (crystalsinger mail com) In-Reply-To: <000701c1452f$7f3fc670$8119fea9@supergate> >Systems Affected >all the versions ARE vulnerable >except '5.0 RC1' (i wonder why a released c. is ok while the final 5.2 is >bugged) <snip> >conclusions: >yet another bug of php nuke... this software is used by thousands of >peo [ more ] [ reply ] RE: PHPNuke SQL Injection 2003-02-21 Oriol Carreas (uri 7a69ezine org) I don't like to claim for the authory of bugs, because It is not possible to clarify who discovered/exploited first some bug because some times we are too lazy to publish them for any reason. But this is an special reason because the person that claims for the authory of the TWO "PhpNuke SQL Inje [ more ] [ reply ] Myguestbook (PHP) 2003-02-21 Frog Man (leseulfrog hotmail com) Informations : °°°°°°°°°°°°°° Version : 3.0 Website : http://www.tefonline.net/ Problems : - XSS -> admin infos recovery - Access to admin pages PHP Code/Location : °°°°°°°°°°°°°°°°°°° If pseudo = [SCRIPT], e-mail = >[SCRIPT] or message = </textarea>[SCRIPT] [SCRIPT] will be executed on index.ph [ more ] [ reply ] |
|
Privacy Statement |
Hash: SHA1
- - ---------------------------------------------------------------------
GENTOO LINUX SECURITY ANNOUNCEMENT 200302-13
- - ---------------------------------------------------------------------
PACKAGE : apcupsd
SUMMARY : remote root
[ more ] [ reply ]