One year ago I discovered a buffer overflow in the address bar of IE 5.0 using
greek characters, look at:
http://www.cyhackportal.com/modules.php?name=Newsfile=articlesid=81
Today I discover this:
http://www.bestbuy.com.cy/cgi-bin/buy.storefront/aacute;x1388/Product/View/CMPL_00_GDXbox
(do
Raptor Firewall FTP Bounce vulnerability
Summary:
The Raptor Firewall can make an FTP server behind it vulnerable to the
well-known
FTP bounce vulnerability even if the FTP server used is not susceptible to
this issue.
Overview:
While performing a penetration test for a customer, we
Dear Bugtraq readers,
it seems like A LOT of mailscanners treated my post with the subject:
Using the backbutton in IE is dangerous
as a virus and rejected it. In case you didn't receive it you can read it
online at Bugtraq's archive:
http://online.securityfocus.com/archive/1/267561
The most
Demarc PureSecure (http://www.demarc.org) is an
all-inclusive network monitoring solution that allows
you to monitor an entire network of servers from one
powerful web interface.
user can bypass login and get admin status by sql
injection through cookies s_key
- line 319
Hello everyone,
after some frustration with the HP Photosmart printer driver not
being as smart as the name suggests and HP support not as suppor-
tive as I would wish about the issues raised below, I've decided
to bring the following multiple security vulnerabilities of the
HP
This is an update of my original postings about the IP ID handling in
the ICMP and UDP protocols with Linux Kernel 2.4.x.
RFC 791 defines the IP Identification field as:
An identifying value assigned by the sender to aid in assembling the
fragments of a datagram.
RFC 791 identifies the role
w00w00 (http://www.w00w00.org)
Angry Packet Security (http://sec.angrypacket.com)
Vulnerability in Multiple Microsoft Products for Mac OS
HTML format: http://www.w00w00.org/advisories/ms_macos.html
Text format: http://www.w00w00.org/files/advisories/ms_macos.txt
SOFTWARE VERSIONS AFFECTED
-BEGIN PGP SIGNED MESSAGE-
Cisco - Microsoft IIS Vulnerabilities in Cisco Products - MS02-018
Revision 1.0
Public Release 2002 April 15 18:00 (UTC -0400)
- ---
Contents
Summary
Affected Products
Does this vulnerability affect the Linux XFS port? The XFS page has no
information about this or whether there is a fix available:
http://oss.sgi.com/projects/xfs/
-HD
On Monday 15 April 2002 04:49 pm, SGI Security Coordinator wrote:
SGI Security Advisory
Hi all,
I looked briefly in bugtraq archives and I didn't find any reference to this
issue. Please accept my apologies, if it's a known problem.
Norton Personal Firewall 2002 on Windows 2000 is vulnerable to SYN/FIN scan
(SYN/FIN/URG, SYN/FIN/PUSH, SYN/FIN/URG/PUSH are not detected as
Hi all
I thought this list may be interested in this issue, apologies if its
known here already.
Oracle 9i includes the new ANSI outer join syntax. Oracle still supports
the old syntax but in the new syntax there is a serious security issue
that allows any user to view any data.
here is an
On Tue, Apr 16, 2002 at 10:52:02AM +0400, Matt Conover wrote:
w00w00 (http://www.w00w00.org)
Angry Packet Security (http://sec.angrypacket.com)
Vulnerability in Multiple Microsoft Products for Mac OS
HTML format: http://www.w00w00.org/advisories/ms_macos.html
Text format:
-BEGIN PGP SIGNED MESSAGE-
-
Debian Security Advisory DSA-126-1 [EMAIL PROTECTED]
http://www.debian.org/security/ Wichert Akkerman
April 16, 2002
-
You don't need 9i or ansi syntax.
Connected to:
Oracle8i Enterprise Edition Release 8.1.6.0.0 - Production
With the Partitioning option
JServer Release 8.1.6.0.0 - Production
SQL set serveroutput on size 100
SQL sta users
SQL select username, user_id, password from sys.dba_users
2 /
To: [EMAIL PROTECTED] [EMAIL PROTECTED]
[EMAIL PROTECTED]
__
Caldera International, Inc. Security Advisory
Subject:Linux: horde/imp cross scripting vulnerabilities
Advisory number:
-BEGIN PGP SIGNED MESSAGE-
=
FreeBSD-SA-02:20Security Advisory
FreeBSD, Inc.
Topic:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Mandrake Linux Security Update Advisory
Package name: squid
Advisory ID:
-BEGIN PGP SIGNED MESSAGE-
__
SGI Security Advisory
Title: IRIX cron daemon vulnerability
Number: 20020403-01-I
Date: April 16, 2002
hi HD -
I don't believe that Linux is affected. I've been told that the Linux
I/O path was written specifically to avoid this problem, and I have run
some test cases from our original bug report, and did not see the
described behavior. I'll look a bit more and reply when I know for
sure.
-BEGIN PGP SIGNED MESSAGE-
- --
Title: Unchecked Buffer in Internet Explorer and Office for
Mac Can Cause Code to Execute (Q321309)
Date: 16 April 2002
Software: Microsoft Internet Explorer 5.1
Demarc Security Update Advisory
Subject:1.05 login bypass advisory
Date: 16 April, 2002
Tested on
IE 4.0 (4.72.3110.4)
ICQ 2001b #3659
And it did crash my ICQ
But after it I installed the icq web front Add-on it didn't crashed
my icq anymore, but just opened the webfront part...
N|ghtHawk
-Oorspronkelijk bericht-
Van: [EMAIL PROTECTED] [EMAIL PROTECTED]
Aan: [EMAIL
I do not have the ability to try this as I am at work, but if on an NTFS
system, could you not lock down the users screenname directory so only they
have access to it. This would probably solve the problem rather easily.
-Original Message-
From: sunny licious [mailto:[EMAIL PROTECTED]]
Thor Larholm security advisory TL#002
-
By Thor Larholm, Denmark.
16 April 2002
HTML Format: http://jscript.dk/adv/TL002/
Topic: IE allows universal Cross Site Scripting.
Discovery date: 18 March 2002.
Severity: High
Affected applications:
This works even if I add both the res: and javascript: URL types to the
Restricted Sites zone with everything disabled. (Added via
HKLM\Software\Microsoft\Windows\Current Version\Internet
Settings\ZoneMap\ProtocolDefaults)
-Original Message-
From: Andreas Sandblad [mailto:[EMAIL
-BEGIN PGP SIGNED MESSAGE-
-
Debian Security Advisory DSA-127-1 [EMAIL PROTECTED]
http://www.debian.org/security/ Wichert Akkerman
April 17, 2002
-
26 matches
Mail list logo