rpcbind/fsr_efs/mv/errhook/uux vulnerabilities

-BEGIN PGP SIGNED MESSAGE- __ SGI Security Advisory Title: rpcbind/fsr_efs/mv/errhook/uux vulnerabilities Number: 20020903-01-P Date: October 3, 2002

[SECURITY] [DSA 169-1] New tomcat packages fix unintended source code disclosure

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA 169-1 [EMAIL PROTECTED] http://www.debian.org/security/ Martin Schulze October, 4th, 2002

RE: Solaris 2.6, 7, 8

This is nothing more than a newly disclosed way of exploiting an old bug, hardly newsworthy unless you're in the dot slash hacking business. In the spirit of giving credit where credit is due, I'd like to note that the bug was originally found by duke (ISS/ADM) of course. This method of

phpLinkat XSS Security Bug

phpLinkat is a free Web-Based link indexing script written in PHP and runs on MySQL.This product is server is vulnerable to the Cross-Site Scripting vulnerability would allow attackers to inject HTML and script codes into the pages and execute it on the clients browser as if it were

[RHSA-2002:212-06] Updated packages fix PostScript and PDF security issue

- Red Hat, Inc. Red Hat Security Advisory Synopsis: Updated packages fix PostScript and PDF security issue Advisory ID: RHSA-2002:212-06 Issue date:2002-09-25 Updated on:

Cisco Secure Content Accelerator vulnerable to SSL worm

Product : Cisco SCA 11000 Series Secure Content Accelerator Product URL : http://www.cisco.com/warp/customer/cc/pd/cxsr/ps2083/ CVE : CAN-2002-0656 Software release: All current releases Vendor status : PSIRT and TAC notified 2002/09/17, last update 2002/09/24 Patch

BearShare Directory Traversal Issue Resurfaces

BearShare Directory Traversal Issue Resurfaces Article reference: http://www.securiteam.com/windowsntfocus/6D0010A5PU.html SUMMARY A while back BearShare 2.2.2 was

Cisco Security Advisory: Predefined Restriction Tables Allow Calls to International Operator

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Cisco Security Advisory: Predefined Restriction Tables Allow Calls to International Operator Revision 1.0: Final For Public Release 2002 October 04 15:30 GMT - ---

SECURITY.NNOV: ikonboard 3.1.1 CSS

Dear bugtraq, Ikonboard CSS bug via [IMG] tag was reported long time ago for 3.0.x. The only change in Ikonboard 3.1.1 (at least on sending private messages) is it checks URL extension to be .gif or .jpg, so [IMG]javascript:alert(document.cookie).gif[/IMG] still

WinXP Pro(Gold) Insecure System Restore File Permissions

WinXP Pro(Gold) Insecure System Restore File Permissions On the Windows XP Professional(Gold), the System Restore files are not protected properly by NTFS ACL, so every local user can access these important files. System Restore files are stored in the System Volume Information directory, and

Re: Cisco Secure Content Accelerator vulnerable to SSL worm

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 We can confirm the finding made by Matt Zimmerman [EMAIL PROTECTED] for all older releases of the Cisco Secure Content Accelerator software. Cisco has released version 3.2.0.20 of Cisco Secure Content Accelerator software on September 27, 2002

vulnerabilities in logsurfer

-BEGIN PGP SIGNED MESSAGE- The program logsurfer was designed to monitor any text-based logfiles on systems in realtime. For more informations about logsurfer we refer to http://www.cert.dfn.de/eng/logsurf/home.html 1. Affected software: All logsurfer versions including

[OpenPKG-SA-2002.009] OpenPKG Security Advisory (apache)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 OpenPKG Security AdvisoryThe OpenPKG Project http://www.openpkg.org/security.html http://www.openpkg.org [EMAIL PROTECTED]

injecting commands on a ptraced telnet/ssh session

proof of concept code demostrating how we can inject commands on a ptraced telnet/ssh session, have fun. [ [EMAIL PROTECTED] ][ http://www.acidlife.com/mayhem/tba/ ] /* * * $Id: onelove.c,v 0.4 2002/10/03 2:10:27 xenion Exp $ * *