|
|
Colapse all |
Post message
[SECURITY] [DSA 192-1] New html2ps packages fix arbitrary code execution 2002-11-08 joey infodrom org (Martin Schulze) XSS in Postnuke Rogue release (0.72) 2002-11-08 Muhammad Faisal Rauf Danka (mfrd attitudex com) Program: Postnuke Rogue release (0.72) (Latest). HomePage: www.Postnuke.com/.org Description: PostNuke is a weblog/Content Management System (CMS). Whilst PostNuke is a fork of PHP-Nuke, the entire core of the product has been replaced, making it far more secure and stable, and able to work in hig [ more ] [ reply ] Zeus Admin Server v4.1r2 index.fcgi XSS bug 2002-11-08 euronymous (just-a-user yandex ru) =:=:=::=:=:=::=:=:=::=:=:=::=:=:=::=:=:=::=:=:=::= topic: Zeus Admin Server v4.1r2 index.fcgi XSS bug product: Zeus Admin Server v4.1r2 for linux/x86 vendor: http://www.zeus.co.uk risk: very low (authorisation required) date: 11/8/2k2 discovered by: euronymous /F0KP /HACKRU Team advisory urls: http: [ more ] [ reply ] Potential Denial of Service Vulnerability in IRIX RPC-based libc 2002-11-08 SGI Security Coordinator (agent99 sgi com) Re: Motorola Cable Modem DOS 2002-11-04 Peter Arnts (parnts va rr com) In-Reply-To: <1036008147.22818.31.camel@ryans> I wasn't able to reproduce this on an SB4200 running SB4200-0.4.4.0-SCM06- NOSH firmware. What version of NMAP are you using? Also, when you said "Simply nmap'ing the cable user's IP address, ie: ># nmap -sS -p 1-1024 12.x.x.x", which IP address [ more ] [ reply ] Technical information about unpatched MS Java vulnerabilities 2002-11-08 Jouko Pynnonen (jouko solutions fi) These are some technical details about the security vulnerabilities I've found in Microsoft's Java implementatation. They were reported to the vendor mostly during August 2002. Microsoft no longer responds to my inqueries and doesn't seem to react about these severe vulnerabilities which affec [ more ] [ reply ] Cisco PIX SSH/telnet dDOS vulnerability CSCdy51810 2002-11-05 Nils Reichen (nreichen lanexpert ch) Security Advisory 05.11.02: Title : Cisco PIX SSH/telnet DOS vulnerability CSCdy51810 Reporter : Nils Reichen LANexpert SA Affected software : PIX OS 6.2.2 (and probably old version) Risk : High Date : November 5, 2002 URL: Full description should be posted in few days on http://www.giac [ more ] [ reply ] RE: A technique to mitigate cookie-stealing XSS attacks 2002-11-05 NESTING, DAVID M (SBCSI) (dn3723 sbc com) Perhaps JavaScript itself might be a better place to do this? Create a simple security API that allows the author to specify their own site's security policy (under the mask of the user's preferences), so that JavaScript (or any kind of script, depending on how abstract the browser's security model [ more ] [ reply ] Oracle iSQL*Plus buffer Overflow.. 2002-11-04 deadbeat hush com -----BEGIN PGP SIGNED MESSAGE----- Hiya, I was wondering if anyone could post a stack trace of this to me or to the group, as it would be very useful in testing.. Thanks. -----BEGIN PGP SIGNATURE----- Version: Hush 2.2 (Java) Note: This signature can be verified at https://www.hushtools.com/ver [ more ] [ reply ] NetBSD Security Advisory 2002-024: IPFilter FTP proxy 2002-11-04 NetBSD Security Officer (security-officer netbsd org) When scrubbing secrets in memory doesn't work 2002-11-05 Michael Howard (mikehow microsoft com) During the Windows Security Push in Feb/Mar 2002, we noticed an 'interesting' anomaly with code to scrub passwords that looks like this: bool DoSensitiveStuff() { bool fOK = false; const size_t cbPwd = 64; char szPwd[cbPwd]; if (GetUserPassword(szPwd,cbPwd-1)) if (DoSomethingWithPassword(szP [ more ] [ reply ] [SECURITY] [DSA 188-1] New Apache-SSL packages fix several vulnerabilities 2002-11-05 joey infodrom org (Martin Schulze) Re: Accesspoints disclose wep keys, password and mac filter (fwd) 2002-11-07 Alex Harasic (aharasic terra cl) Re: PHP-Nuke SQL Injection Vulnerability 2002-11-04 Predrag Damnjanovic (bugtraq zastita co yu) David Endler wrote: > If the attacker's UID is 2, he or she can then launch the attack by > requesting the following URL: > > modules.php?name=Your_Account&op=saveuser&uid=2&bio=%5c&EditedMessage= > no&pass=xxxxx&vpass=xxxxx&newsletter=,+bio=0,+pass=md5(1)/* > [...] > +--[ bio = '\', Wel [ more ] [ reply ] RE: A technique to mitigate cookie-stealing XSS attacks 2002-11-07 Michael Howard (mikehow microsoft com) We added a feature kinda like this to IE6, you can mark a <FRAME> with: <FRAME SECURITY=RESTRICTED ....> <!-- blah blah --> </FRAME> And this will force all content into the IE Restricted Zone, which, by default will not allow much of anything to work. Cheers, Michael Secure Windows Initiative [ more ] [ reply ] LiteServe Directory Index Cross-Site Scripting 2002-11-08 Matthew Murphy (mattmurphy kc rr com) There are three different places in the directory index of LiteServe where unsanitized user input is returned to the browser. The first is yet another wildcard DNS vulnerability, the second centers around query strings. Write-Up: http://www.techie.hopto.org/vulns/2002-37.txt * DNS Wildcard XSS T [ more ] [ reply ] MDKSA-2002:075 - nss_ldap update 2002-11-07 Mandrake Linux Security Team (security linux-mandrake com) MDKSA-2002:076 - perl-MailTools update 2002-11-07 Mandrake Linux Security Team (security linux-mandrake com) [Security Announce] Re: MDKSA-2002:076 - perl-MailTools update 2002-11-08 Vincent Danen (vdanen mandrakesoft com) |
|
Privacy Statement |
opening word attachment the attachment remain in cache.
The cache is still here even after closing browser.
When accessing confidential documents from public computers this present
security risk.
Any way to prevent this cachin
[ more ] [ reply ]