|
|
Colapse all |
Post message
Multiple libmcrypt vulnerabilities 2003-01-03 Ilia A. (ilia prohost org) limbcrypt versions prior to 2.5.5 contain a number of buffer overflow vulnerabilities that stem from imporper or lacking input validation. By passing a longer then expected input to a number of functions (multiple functions are affected) the user can successful make libmcrypt crash. Another vuln [ more ] [ reply ] Another way to bypass Integrity Protection Driver ('subst' vuln) 2003-01-03 Jan Rutkowski (jkrutkowski elka pw edu pl) Another Way To Bypass Pedestal Software Integrity Protection Driver ('subst' vulnerability) Jan K. Rutkowski jkrutkowski (at) elka.pw.edu (dot) pl [email concealed] About IPD ---------- IPD is an Open Source program to protect Windows 2000 kernel integrity. Check the following page for more in [ more ] [ reply ] Solaris 2.x /usr/sbin/wall Advisory 2003-01-03 Brant Roman (broman apollo gti net) Affected Operating System(s): Solaris 2.x-9 Possibly others derived from AT&T source code. Affected Program: /usr/sbin/wall Synopsis: Wall is a setgid tty program that broadcasts a message to every user currently logged into the system. It can also receive messages from remote hosts, via [ more ] [ reply ] [SECURITY] [DSA 221-1] New mhonarc packages fix cross site scripting 2003-01-03 joey infodrom org (Martin Schulze) Re: JS Bug makes it possible to deliberately crash Pocket PC IE (fwd) 2003-01-03 angus onnow net Can you be specific about what version of PIE you tested this vulnerability on? If you look at the following web pages you will see that PIE only supports a few HTML tags. http://support.microsoft.com/default.aspx?scid=kb;en-us;Q161319 http://support.microsoft.com/default.aspx?scid=kb;EN-US;158479 [ more ] [ reply ] JS Bug makes it possible to deliberately crash Pocket PC IE 2003-01-03 Christopher Sogge Røtnes (crotnes student sv uio no) PROBLEM DESCRIPTION: Calling a javascript from an object written to same page with the object.innerHTML function causes Pocket Internet Explorer (PIE from now on) to crash. SOFTWARE AFFECTED: Only PIE is affected, "regular" IE will show the pages as intented. EXAMPLE: <html> <head> <title>Crash [ more ] [ reply ] ical 3.7 remote dos 2003-01-03 securma massine (securma caramail com) hi iCal (http://www.brownbearsw.com)is a web-based calendar that can be used to show meetings, events, or other schedules. calendars can be viewed, edited, and administered totally through the web. iCal is build for thin-clients, so access calendar without any plug-ins or java interpreters. I fo [ more ] [ reply ] Re: Potential disclosure of sensitive information in Netscape 7.0 email client 2003-01-02 Blud Clot (bludclot hellokitty com) (1 replies) I noticed this a while ago with netscape 4.x and those versions are still vulnerable as well. I've never checked 6.x. -BludClot -- ____________________________________________________ Get your own Hello Kitty email @ www.sanriotown.com Powered by Outblaze [ more ] [ reply ] Re: Potential disclosure of sensitive information in Netscape 7.0 email client 2003-01-04 Markus Gaugusch (markus gaugusch at) [BUGZILLA] Security Advisory - remote database password disclosure 2003-01-02 David Miller (justdave syndicomm com) Bugzilla Security Advisory January 2nd, 2002 Severity: major (remote database password disclosure, bug 186383) minor (local file permissions, bug 183188) Summary ======= All Bugzilla installations are advised to upgrade to the latest versions of Bugzilla, 2.14.5 and 2.16.2, both releas [ more ] [ reply ] N/X (PHP) 2003-01-02 Frog Man (leseulfrog hotmail com) Informations : °°°°°°°°°°°°°° Website : http://nxwcms.sourceforge.net/ Version : 2002 PreRelease 1 Problem : Include file PHP Code/Location : °°°°°°°°°°°°°°°°°°° nx/common/cds/menu.inc.php : ----------------------------------------------------------- [...] require_once $c_path."common/lib/launch.i [ more ] [ reply ] [SECURITY] [DSA 220-1] New squirrelmail packages fix cross site scripting problem 2003-01-02 joey infodrom org (Martin Schulze) GLSA: leafnode 2003-01-02 Daniel Ahlberg (aliz gentoo org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - -------------------------------------------------------------------- GENTOO LINUX SECURITY ANNOUNCEMENT 200301-2 - - -------------------------------------------------------------------- PACKAGE : leafnode SUMMARY : denial of service DATE : 2003- [ more ] [ reply ] GLSA: xpdf 2003-01-02 Daniel Ahlberg (aliz gentoo org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - -------------------------------------------------------------------- GENTOO LINUX SECURITY ANNOUNCEMENT 200301-1 - - -------------------------------------------------------------------- PACKAGE : xpdf SUMMARY : integer overflow DATE : 2003-01-02 [ more ] [ reply ] Potential disclosure of sensitive information in Netscape 7.0 email client 2003-01-01 Michael Puchol (mpuchol sonar-security com) (1 replies) Potential disclosure of sensitive information in Netscape 7.0 email client. Overview: ================= Netscape 7.0 includes, as part of it's release, an email client, capable of handling POP3 and IMAP accounts. The method that the email client utilizes to permanently delete email messages is not [ more ] [ reply ] Re: Potential disclosure of sensitive information in Netscape 7.0 email client 2003-01-01 Bartek Raszczyk (crayfish underground org pl) Filtering devices spotting 2003-01-01 Ed3f (ed3f overminder com) (1 replies) ************************ SECURITY ALERT ************************ Systems Affected 100% of packet filtering systems included commercial embedded devices (no unaffected system known at the moment) Risk low Overview Multiple vendors' implementations of a packet filtering engine doesn't [ more ] [ reply ] PEEL (PHP) 2002-12-31 Frog Man (leseulfrog hotmail com) Informations : °°°°°°°°°°°°°° Version : 1.0b Website : http://www.mapetite-entreprise.com Problem : Include file PHP Code/Location : °°°°°°°°°°°°°°°°°°° modeles/haut.php : ----------------------------------------------------------- <? $langfile = $dirroot."/lang/".$SESSION["lang"]."/lang.php"; re [ more ] [ reply ] [SECURITY] [DSA 219-1] New dhcpcd packages fix remote command execution vulnerability 2002-12-31 joey infodrom org (Martin Schulze) Updated "Secure Programming for Linux and Unix HOWTO" now available. 2002-12-30 David Wheeler (dwheeler ida org) The latest version of my book, "Secure Programming for Linux and Unix HOWTO", is now available! You can freely download it in a variety of formats at: http://www.dwheeler.com/secure-programs This book provides a set of design and implementation guidelines for writing secure programs for Linux a [ more ] [ reply ] Wired.com: So Many Holes, So Few Hacks 2002-12-30 Richard M. Smith (rms computerbytesman com) So Many Holes, So Few Hacks By Michelle Delio http://www.wired.com/news/infostructure/0,1377,56955,00.html Experts who discover and report security holes seem to be far more industrious than the malicious hackers willing or able to exploit those holes. Despite the thousands of hackable holes th [ more ] [ reply ] |
|
Privacy Statement |
°°°°°°°°°°°°°°
Product : OpenTopic
Website : http://www.infopop.com
Version : 2.3.1
Problem : XSS (script injection) -> Cookies recovery
Location/Exploit :
°°°°°°°°°°°°°°°°°°
The XSS hole is in the private messages area (
http://[target]/OpenTopic?a=ugtpc ).
XSS to get cookie :
[IM
[ more ] [ reply ]