I recently found out that someone I knew was running this vuln
application. After informing them it was vuln they were dissapointed at
the fact that they could no longer use the program as the author has not
supplied a fix. Anyway, here is a quick fix i threw together to take care
of the
Hello. This is to announce a new class of attack which we have named
'Algorithmic Complexity Attack'. These attacks can perform denial of
service and/or cause the victim to consume more CPU time than
expected. We have a website for our research paper and project and
tentative source code
Hi,
another XSS, now on the ZEUS web admin interface.
The tested software is Zeus 4.2r2 (webadmin-4.2r2) on Linux x86
This is not the same issue as bid 6144 (index.fcgi),
now is on vs_diag.cgi.
Exploit is simple:
http://target:9090/apps/web/vs_diag.cgi?server=YOUR_CODE
I have read this
Multiple Vulnerabilities In P-Synch Password Management
---
The other night I came across a server running P-Synch.
I had never heard of it so i was curious to poke around
on it a bit. Within an hour i found the vulns listed below.
Im pretty
[-]=[-]
P H R A C K
: R E L O A D E D :
CALL FOR PAPERS * CALL FOR PAPERS * CALL FOR PAPERS * CALL FOR PAPERS
-
Products: Geeklog 1.3.7sr1 and below (http://www.geeklog.net)
Date: 29 May 2003
Author: pokleyzz pokleyzz_at_scan-associates.net
Contributors: sk_at_scan-associates.net
shaharil_at_scan-associates.net
munir_at_scan-associates.net
URL: http://www.scan-associates.net
Summary: Geeklog
Products: b2 cafelog 0.6.1 (http://cafelog.com/)
Date: 29 May 2003
Author: pokleyzz pokleyzz_at_scan-associates.net
Contributors: sk_at_scan-associates.net
shaharil_at_scan-associates.net
munir_at_scan-associates.net
URL: http://www.scan-associates.net
Summary: b2
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
[slackware-security] CUPS DoS vulnerability fixed (SSA:2003-149-01)
Upgraded CUPS packages are available for Slackware 8.1, 9.0,
and -current to fix a denial of service attack vulnerability.
Here are the details from the Slackware 9.0 ChangeLog:
Philboard Vulnerability
Severity : High (Possible gain administrator/users access on Forum Board)
Systems Affected: Philboard up to v1.14
Vendor URL: http://www.youngpip.com/philboard.asp
Vuln Type : Cookie Injection
Status: Vendor contacted, fixed version is not available (cause they didn't
dave pointed out dat i forgot to send da attached .c in my first post.
dis proves dat im so bizy dat i forget to send other half of email to bugtraq.
attached is a local root xploit for eterm. and on default install of debian it be a
local gid utmp xploit. hi martin
dis is a nice change up from
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 307-1 [EMAIL PROTECTED]
http://www.debian.org/security/ Matt Zimmerman
May 27th, 2003
bugtraq@,
Title: ICQ Lite executable trojaning
Affected: ICQLite 2003a
Vendor: ICQ Inc
Vendor URL: http://www.icq.com
Risk: Average
Exploitable: Yes
Remote: No
Date: May, 29 2003
Advisory URL: http://www.security.nnov.ru/advisories/icqlite.asp
I. Intro:
ICQ Lite is popular internet
Products: Webfroot Shoutbox v 2.32 and below (http://shoutbox.sf.net)
Date: 09 May 2003
Author: pokleyzz pokleyzz_at_scan-associates.net
Contributors: sk_at_scan-associates.net
shaharil_at_scan-associates.net
munir_at_scan-associates.net
URL: http://www.scan-associates.net
Summary:
13 matches
Mail list logo