Advisory available at:
http://www.securiteam.com/windowsntfocus/6C00C2061A.html

TFTPD32 Buffer Overflow Vulnerability (Long filename)
-------------------------------------------------------

SUMMARY

<http://tftpd32.jounin.net> TFTPD32 is a Freeware TFTP server for
Windows 9x/NT/XP. It provides

[ more ]  [ reply ]

(My first post, please bare with me.)

-/\-About.-/\-

I found this problem auditing a webserver, it?s a standard bufferoverflow

i guess,

but i am not sure how to find all the technical information but if anyone

knows what to do i would

like to know, if some one have the time to send a brief

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
CONECTIVA LINUX SECURITY ANNOUNCEMENT
- ------------------------------------------------------------------------
--

PACKAGE : dhcpcd
SUMMARY : Characters expansion vulnera

[ more ]  [ reply ]

Dear bugtraq (at) securityfocus (dot) com [email concealed],

Proof of concept files for Macromedia Flash ActiveX buffer overflow
(no shellcode) attached.

--
/ZARAZA

[ more ]  [ reply ]

Vulnerable systems:

The Last ver

Exploit:

http://phpbb.com/phpBB/viewtopic.php?

t=17071&highlight=">"<Scr*ipt>javascript:alert(document.cookie)</Scr*ipt
>

(without "*")

Solution:

i think that will work , but im not sure

open viewtopic.php and put this code

$highlight = htmlspecia

[ more ]  [ reply ]

DoxPara Research is proud to announce the release of the Paketto Keiretsu,
Version 1.0, for general use. Paketto presently implements many of the
techniques described during recent "Black Ops of TCP/IP" presentations.
Feedback is intensely sought, and we are working to maximize portability
across al

[ more ]  [ reply ]

In-Reply-To: <118-2136623052.20021118134327 (at) SECURITY.NNOV (dot) RU [email concealed]>

Status on the below posting regarding:

1. zlib 1.1.3 double free() bug

2. Buffer overflow in SWRemote parameter for flash object.

1. zlib 1.1.4 double free() bug

=====================

Flash Player 6 was released with the fix for

[ more ]  [ reply ]

For existing users of PlanetWeb version 1.14, a one-click downloadable

patch is available from one of the following download sites. This patch

corrects the buffer overflow vulnerability and also includes additional

features including integrated support for virtual domain hosting.

Please

[ more ]  [ reply ]

My last patch was _useless_.

Here are lines to add at beginning of /mudoles/webchat/index.php

(you can download patched file from www.phpsecure.org) :

if(is_string($roomid) === TRUE)

$roomid = 1;

Vendor (www.xoopsien.net) has still not answered.

Sorry again for lost time :o|

[ more ]  [ reply ]

Note: The Bugtraq Moderator has informed me that this topic has been closed, but they have graciously allowed me an opportunity to respond to statements made directly at me by mark_sala (at) yahoo (dot) com. [email concealed]

Mark said;
"In the end, I'd rather have a security company find the vulnerabilities and work with the

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Trustix Secure Linux Security Advisory #2002-0077

Package name: kernel
Summary: local DoS
Date: 2002-11-15
Affected versions: TSL 1.1, 1.2, 1.5

-

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
CONECTIVA LINUX SECURITY ANNOUNCEMENT
- ------------------------------------------------------------------------
--

PACKAGE : windowmaker
SUMMARY : Integer buffer overflow

[ more ]  [ reply ]

Author: LOM <lom at lom.spb.ru>
Product: Macromedia Flash ActiveX 6.0 (6,0,47,0) for Microsoft Internet
Explorer
Vendor: Macromedia was contacted on 23 Oct 2002.
Risk: High
Remote: Yes
Exploitable: Yes

Into:

Macromedia flash ActiveX plugin displays .swf files under Internet
Explo

[ more ]  [ reply ]

AIM 5.1.3036 buffer overflow - newest version as of 11/16

If you try and get the info for a screename with 88 or more characters Aim

crashes with a nasty, error reading memory at such and such location.

Tested on Windows XP

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 198-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Martin Schulze
November 18th, 2002

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Trustix Secure Linux Security Advisory #2002-0076

Package name: bind
Summary: Remote exploit
Date: 2002-11-15
Affected versions: TSL 1.1, 1.2, 1.5

[ more ]  [ reply ]

To: bugtraq (at) securityfocus (dot) com [email concealed] announce (at) lists.caldera (dot) com [email concealed] security-alerts (at) linuxsecurity (dot) com [email concealed] full-disclosure (at) lists.netsys (dot) com [email concealed]

________________________________________________________________________
______

SCO Security Advisory

Subject: Linux: buffer overflows and other security issues in squid

[ more ]  [ reply ]

When optimizing code for "dead store removal" the optimizing compiler may

remove code necessary for security.

A programmer could erroneously think that his code is secure, even though

the securing code is removed from the compiled code.

For a full report, including a complete description

[ more ]  [ reply ]

---------- Forwarded message ----------
Date: Fri, 15 Nov 2002 19:40:47 -0500
From: Michael Richardson <mcr (at) sandelman.ottawa.on (dot) ca [email concealed]>
Reply-To: tcpdump-workers (at) sandelman.ottawa.on (dot) ca [email concealed]
To: tcpdump-announce (at) tcpdump (dot) org [email concealed]
Subject: [tcpdump-announce] initial comments on trojan attack

-----BEGIN PGP SIGNED

[ more ]  [ reply ]

---------- Forwarded message ----------
Date: Thu, 14 Nov 2002 19:12:41 -0700
From: Todd C. Miller <Todd.Miller (at) courtesan (dot) com [email concealed]>
To: security-announce (at) openbsd (dot) org [email concealed]
Subject: patch for named buffer overflow now available

A patch for the named buffer overflow is now available. The bug
could allow an at

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
--
Debian Security Advisory DSA 197-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Martin Schulze
November 15th, 2002

[ more ]  [ reply ]

Upfront, Like to recognize that ISS has been doing a
great job at finding very critical but obscure
vulnerabilities in popular services. I'm guessing
that there has been alot of other security experts
that have audited the source code of Bind, SSH, etc
and overlooked the discrepencies that ISS pick

[ more ]  [ reply ]

*******************************
Lorenzo Hernandez garcia-hierro
Webmaster of LORENZOHGH.COM
LHGHPRODS PROGRAMACIÓN TIENDA ONLINE.
*******************************
NBActiveX Sure ActiveX New Vulnerability

Dear firends,

INTODUCTION
This vulnerability is an important failure because the malicious code

[ more ]  [ reply ]