-BEGIN PGP SIGNED MESSAGE-
-
Debian Security Advisory DSA-063-1 [EMAIL PROTECTED]
http://www.debian.org/security/ Wichert Akkerman
June 17, 2001
-
[Sentry Research Labs - ID0201061701]
(c) 2001 by www.sentry-labs.com
Note:
This advisory is for information and educational purpouse only! We
are not responsible for any abuse or damage resulting from these
information.
Author:
Siberian
Topic:
Security Bug in CISCO TFTPD server 1.1
Strumpf Noir Society Advisories
! Public release !
--#
-= Multiple Vulnerabilities In AMLServer =-
Release date: Monday, June 18, 2001
Introduction:
Air Messenger LAN Server is a paging gateway server for MS Windows
that allows you to send and recieve messages to a paging network
over a
udirectory from Microburst Technologies, Inc. http://www.uburst.com/uDirectory/
allows remote command execution
Vulnerable versions: 2.0, possibly earlier versions
uDirectory is an online directory and listing management system that allows you to
easily create,
update, and maintain an on-line
DCShop vulnerability
We have seen several Web shops using your
DCShop product as E-commerce system, where it is
possble for unauthorized persons via a Web browser
to retrieve customer creditcard numbers in cleartext.
Athough the developers on their Web site
recommends not to use the
SP2 does not break MS01-026 because that hotfix is not included in SP2 (see
http://www.microsoft.com/technet/security/w2ksp2.asp). If you look at the
filename it is Q293826_W2K_SP3_x86_en.EXE which means it is going to be an
SP3 (aka post SP2) fix. Any SP3 fix should be installed AFTER SP2 is
SCO has been notified of this issue.
Original Message
Subject: SCO Tarantella Remote file read via ttawebtop.cgi
Date: Mon, 18 Jun 2001 13:06:41 -0400
From: KF [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Mandrake Linux Security Update Advisory
Package name: kdelibs
Date:
Siberian writes:
[Sentry Research Labs - ID0201061701]
(c) 2001 by www.sentry-labs.com
[...]
Topic:
Security Bug in CISCO TFTPD server 1.1
Vendor Status:
Informed (06/17/01)
Just for the record, I checked with my teammates and can't find any
record that you contacted the Cisco
All versions of Microsoft Internet Information Services, Remote buffer
overflow (SYSTEM Level Access)
Release Date:
June 18, 2001
Severity:
High (Remote SYSTEM level code execution)
Systems Affected:
Microsoft Windows NT 4.0 Internet Information Services 4.0
Microsoft Windows 2000 Internet
Unfortunately, using client IP in access controls/sessions will render
your service unusable for some people behind load balanced proxies. In
such environment the source IP is not tied to the user, and will change
every now and then between a set of different IP's (not to mention that
there may
On 15 Jun 01 at 12:52, [EMAIL PROTECTED] wrote:
When the request comes in, check if the incoming ticket matches the
one stored in this user's session. If it does, this particular user
was given the offer by our server, and not by anyone else. To spoof
this system, someone would have to
According to Tim Nowaczyk:
My company implemented this but went one more step. They created a
file that had (IP, ticket) pairs. The ticket was passed around in
URLs, but wasn't valid unless it came from the specific IP. To
pretend to be someone else, one would have to spoof their IP
13 matches
Mail list logo
