|
|
Colapse all |
Post message
Directory traversal bug in Communigate Pro 4's Webmail service 2003-01-06 G.P.de.Boer (g p de boer st hanze nl) Directory traversal bug in Communigate Pro 4.0b to 4.0.2 -------------------------------------------------------- Overview -------- When experimenting a bit with Communigate Pro's webmail service I found a directory traversal bug by which attackers can read any file readable by the user Communiga [ more ] [ reply ] Fw: Opentype font file causes Windows to restart. 2003-01-06 Leonardo Rodrigues ( listas ) (leolistas solucoesip net) i've confirmed it here. I'm running Windows XP Corporate Edition ( English ) with SP1 applied and all other fixes available on windowsupdate.microsoft.com. Opening the file you sent causes an immediately reboot of the machine. That's very strange, for sure :) Sincerily, Leonardo Rodri [ more ] [ reply ] Bookmar4U and Active PHP Bookmarks Vulnerabilities 2003-01-06 itzhak 2500hz net Program: Bookmark4U V.1.8.3 website: http://bookmark4u.sourceforge.net/ Vendor status: Informed (30 days ago) Problem: Source injection Files affected: inc/dbase.php inc/config.php inc/common.load.php (?) Proof of concept: dbase.php?prefix=http://... Solution: The security of the inc/ directory [ more ] [ reply ] Opentype font file causes Windows to restart. 2003-01-06 Andrew (aconnell xtra co nz) (1 replies) Problem ------- The attached OpenType font file will cause Windows to restart immediately when the file is opened by the default viewer (fontview). I doubt anyone would suspect a "harmless" little font file of being able to cause such a thing to happen! Software affected ----------------- It has b [ more ] [ reply ] E-theni (PHP) 2003-01-06 Frog Man (leseulfrog hotmail com) Informations : °°°°°°°°°°°°°° Version : ? Website : http://www.theni.freesurf.fr Problems : - Include file - phpinfo() PHP Code/Location : °°°°°°°°°°°°°°°°°°° /admin_t/include/aff_liste_langue.php : ----------------------------------------- require ($rep_include."para_langue.php"); ------------- [ more ] [ reply ] GLSA: libmcrypt 2003-01-05 Daniel Ahlberg (aliz gentoo org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - -------------------------------------------------------------------- GENTOO LINUX SECURITY ANNOUNCEMENT 200301-4 - - -------------------------------------------------------------------- PACKAGE : libmcrypt SUMMARY : buffer overflows and memory exha [ more ] [ reply ] phpmynuke css and phpinfo() vuls 2003-01-05 Mindwarper (logger hehe com) myphpnuke version 1.8.8_final_7 and prior that contain sysinfo are vulnerable to both css attack and phpinfo() Disclosure. The problem is that unlike the rest of the scripts under /admin/, sysinfo's footer script called system_footer.php does not check who the user is. Inside system_footer.php the [ more ] [ reply ] DCP-Portal (PHP) 2003-01-04 Frog Man (leseulfrog hotmail com) Informations : °°°°°°°°°°°°°° Version : 5.0.1 Website : http://www.dcp-portal.org Problems : - Include file - Access to users' accounts - Access to the administration PHP Code/ Location : °°°°°°°°°°°°°°°°°°°° The first & second hole will work if register_globals is ON. /library/editor/editor.php : [ more ] [ reply ] ps information leak in FreeBSD 2003-01-06 Cache (cache sowatech com pl) Nothing special, lame :) Hi, 0x01 About 0x02 Practical 0x03 Conclusion 0x04 Install 0x05 End 0x06 Greetz 0x01 About: Autor: Rafael Lesniak / 05012003 Hannover / cache (at) irc (dot) pl [email concealed] Sorry for My English All: files are on: http://www.sowatech.com.pl/cache/soft/proc-patch.tar.gz This is a little inform [ more ] [ reply ] ipfilter denial of service problem 2003-01-06 Yiming Gong (yiming security zz ha cn) (2 replies) Below is an ipfilter security issue, and my previous mail to author Darren was bounced back, so I think maybe I should mail it to this mailing list. Overview -- Anytime ipfilter see a packet with ACK bit set without the previous SYN, it will marked it as TCPS_ESTABLISHED in it's state table, and fo [ more ] [ reply ] Longshine WLAN Access-Point LCS-883R VU#310201 2003-01-06 Lukas Grunwald (lukas dnx de) (1 replies) Hardware: Longshine LCS-883R-AC-B External WLAN Access Point 22 Mbps Software: ThreadX ARM7/Green Hills Version G3.0f.3.0c from Express Logic Inc. Description: Get Superuser Privileges and view the devices password and password and other passwords Versions affected: tested with 03.01.0b and [ more ] [ reply ] S-plus /tmp usage 2003-01-05 psz maths usyd edu au (Paul Szabo) INTRODUCTION S-PLUS is a Statistical analysis, graphics and programming tool http://www.statsci.com/ http://www.insightful.com/ PROBLEM As installed on UNIX machines, Splus uses files in /tmp in an unsafe way. DETAILS The main Sqpe binary, and various shell script modules, use files in /tmp: [ more ] [ reply ] [INetCop Security Advisory] Buffer Overflow vulnerability in HTTP Fetcher Library. 2003-01-06 dong-h0un yoU (xploit hackermail com) ======================================== INetCop Security Advisory #2003-0x82-011 ======================================== * Title: Buffer Overflow vulnerability in HTTP Fetcher Library. 0x01. Description HTTP Fetcher is a small library that downloads files via HTTP. More detailed informa [ more ] [ reply ] Etherleak: Ethernet frame padding information leakage (A010603-1) 2003-01-06 @stake Advisories (advisories atstake com) Remote root vuln in HSphere WebShell 2003-01-06 Carl Livitt (carl learningshophull co uk) Hi all, Below is an advisory on a remote (and local) root vulnerability in the HSphere product by Positive Software which is used by many web-hosting providers. The vulnerability is in the WebShell component (installed by default). Proof of concept exploits are provided and links to patched versi [ more ] [ reply ] OPENSSH REMOTE ROOT COMPROMISE ALL VERSIONS 2003-01-05 mmhs hushmail com (1 replies) -----BEGIN PGP SIGNED MESSAGE----- *********** OPENSSH REMOTE ROOT COMPROMISE ALL VERSIONS *********** MICKEY MOUSE HACKING SQUADRON ADVISORY #2 DISCLAIMER - ---------- The nation's zeroth private security intelligence firm, Mickey Mouse Hacking Squadron uniquely addresses the challenges faced [ more ] [ reply ] Re: OPENSSH REMOTE ROOT COMPROMISE ALL VERSIONS 2003-01-06 Global InterSec Research (lists globalintersec com) ps information leak in FreeBSD 2003-01-05 Cache (cache sowatech com pl) (1 replies) Nothing special, lame :) Hi, 0x01 About 0x02 Practical 0x03 Conclusion 0x04 Install 0x05 End 0x06 Greetz 0x01 About: Autor: Rafael Lesniak / 05012003 Hannover / cache (at) irc (dot) pl [email concealed] Sorry for My English This is a little information leak. This bug(?) is not dangerous, but normal user can see all proce [ more ] [ reply ] Re: [IPS] PUTTY SSH-Client Exploit 2003-01-04 Owen Dunn (owend chiark greenend org uk) Daniel Alcántara de la Hoz <seguridad (at) iproyectos (dot) net [email concealed]> writes: > In December 16, 2002 Rapid 7.Inc released a security alert about > vulnerabilities in ssh2 implementations from multiple vendors. We > have used the concept to code this exploit/proof of concept. > > It's a fake server to exploit the [ more ] [ reply ] |
|
Privacy Statement |
Hash: SHA1
- - --------------------------------------------------------------------
GENTOO LINUX SECURITY ANNOUNCEMENT 200301-3
- - --------------------------------------------------------------------
PACKAGE : dhcpcd
SUMMARY : remote command execution
DATE :
[ more ] [ reply ]