Poisonous Style for Dialog window turns the zone off.

("that's all" is the end of file if you are in a hurry)

[tested]

MSIEv6(CN version)

Patch: Q312461,Q328790(MS02-066)

{IEXPLORE.EXE file version: 6.0.2600.0000}

{MSHTML.DLL file version: 6.00.2600.0000}

[demo]

at

http://www16.brin

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

________________________________________________________________________

Mandrake Linux Security Update Advisory
________________________________________________________________________

Package name: WindowMaker
Advisory ID:

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Netfilter Core Team Security Advisory

Subject:

Local Netfilter / IPTables IP Queue PID Wrap Flaw

Released:

December 3, 2002.

Effects:

Under limited circumstances, an unprivileged local user may be able

[ more ]  [ reply ]

CORE Security Technologies
http://www.corest.com

Vulnerability Report For Linksys Devices

Date Published: 2002-12-02

Last Update: 2002-12-02

Advisory ID: CORE-20021005

Bugtraq ID: None currently assigned.

CVE: None currently assigned.

Title: Remotely exploitable Buffer overflows and Authent

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

________________________________________________________________________

Mandrake Linux Security Update Advisory
________________________________________________________________________

Package name: pine
Advisory ID:

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - --------------------------------------------------------------------
GENTOO LINUX SECURITY ANNOUNCEMENT 200212-1
- - --------------------------------------------------------------------

PACKAGE : pine
SUMMARY : remote DOS
DATE    : 2002-12-02 13:12

[ more ]  [ reply ]

+-----------------------------------------------------------------------
+
| Advisory: lawson001 |
| Author(s): John Eisenschmidt <john.w (at) eisenschmidt (dot) org [email concealed]> |
| George Lewis <schvin (at) schvin (dot) net [email concealed]> |
| Release Date: December 02, 2002 |
|

[ more ]  [ reply ]

I have no idea if this went out somehow, but here it is. I completely
apologize if this has been posted in the past. This is the second time
I post this one on Bugtraq. It didn't get through for an unknown reason
and there aren't any records about it on the SecurityFocus website
so I guess it was

[ more ]  [ reply ]

ABSTRACT

Webster HTTP Server is an HTTP/1.0 server written in C++ using Microsoft
Foundation Classes (MFC). It runs on Windows 95, 98, NT, 2000, Me, and XP
platforms. It was first published as a sample application in Microsoft
Journal (MSJ). Multiple security flaws have been identified in Webste

[ more ]  [ reply ]

There are multiple buffer overflow bugs in pServ that could lead to a remote
(root?) compromise of public servers running the daemon:

ABSTRACT

Pico Server (pServ) is a freeware web server available at
pserv.sourceforge.net running on many POSIX compliant platforms. The
package contains several ex

[ more ]  [ reply ]

Hi Ivan,

Ivn Arce wrote:
>>>+ /*
>>>+ * The 16 bit space is very small and brute force attempts are
>>>+ * entirly feasible, we skip a random number of transaction ids
>>>+ * so that an attacker will not get sequential ids.
>>>+ */
>>
>>Using only brute force, the attack is very difficult to b

[ more ]  [ reply ]

---------------------------------------------------------------------
Red Hat, Inc. Red Hat Security Advisory

Synopsis: Updated xinetd packages fix denial of service vulnerability
Advisory ID: RHSA-2002:196-19
Issue date: 2002-09-06
Updated on: 2002-1

[ more ]  [ reply ]

Bypassing Pedestal Software Integrity Protection Driver
(time vulnerability)

Jan K. Rutkowski
jkrutkowski (at) elka.pw.edu (dot) pl [email concealed]

What is IPD?
------------
Taken from the IPD's readme:

"The IPD is an Open Source device driver designed to prohibit the
installation of new services and

[ more ]  [ reply ]

Information:
Name: 3com NBX IP phone system Denial of Service Attack
Systems: 3com NBX IP Phone Call manager, FW Versions through 4_1_4
Severity: Critical
Category: Denial of Service
Classification: Boundary Condition Error
Vendor URL: http://www.3com.com
Author: Michael S. Scheidell (scheide

[ more ]  [ reply ]

problem
-------

Cyrus IMAP server has a a remotely exploitable pre-login buffer overflow. I
checked versions 1.4 (oldest in web page) and 2.1.10 which both had it, so
apparently all versions are affected.

Problem is that literal lengths aren't verified to be in any reasonable
range. The length + 2

[ more ]  [ reply ]

Trust Factory Security Advisory TF20021004

Discovery Date: October 4, 2002
Release Date: December 2, 2002
ID: TF20021004
Title: ShopFactory shopping cart price manipulation
Impact: Customers can modify the price of items at will
Affected

[ more ]  [ reply ]

Hi there,

there is a possible virus break through in Computer Associates E-Trust
Inoculate IT 6.0 Exchange Option German on M$ Exchange 2000 German.

The CA´s E-Trust Inoculate IT 6.0 Exchange-Option is a antivirus product
which can be used to scan incoming email-traffic and background scan of
the

[ more ]  [ reply ]

problem
-------

Cyrus' Sieve implementation contains a couple of classic string based
buffer overflows in script parsing code. Anyone who can execute Sieve
scripts can exploit these bugs. Versions up to libSieve 2.1.2 and Cyrus
IMAP 2.1.10 are affected.

Note that with Cyrus IMAP server exploiting

[ more ]  [ reply ]

Hi all,

Further to my email posting a working exploit for traceroute-nanog on SuSE
boxes, it would appear the the patch provided by SuSE does not address the
overflow my exploit... um... exploits.

On a patched SuSE 7.2 box:

carl@titan:~/exploits/traceroute-nanog > rpm -qa | grep traceroute
tra

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 201-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Martin Schulze
December 2nd, 2002

[ more ]  [ reply ]

Potential security vulnerability in Network Associates McAfee VirusScan
4.5.1sp1 product with ability to run code of attackers choise

BACKGROUND
If Download Scan or Internet Filter is enabled program uses WebScanX.exe
module. When running WebScanX.exe is hooked also in explorer.exe.

If %HOMEDRIVE

[ more ]  [ reply ]

Informations :
°°°°°°°°°°°°°°
Versions : ? -> 0.3 -> 0.5.3
Website : http://www.thatware.org
Problems :
- Include file
- SQL Injection

PHP Code/Location :
°°°°°°°°°°°°°°°°°°°
artlist.php (v0.5.2, 0.5.3) :
-------------------------------------
include $root_path.'thatfile.php';
--------------------

[ more ]  [ reply ]

Hello John,

1. Yes, the downgrading process is made by the "master" admin while the
test user is completely logged off and don't have any current local
login session.
Please read the reproduction steps to follow.

The test user is logged off to make sure its profile has completely and
correctly sav

[ more ]  [ reply ]