-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Denial-Of-Service holes in
JDK 1.4.1_01
Security Alert
by
Marc Schoenefeld
(html version at http://www.illegalaccess.org)
Several Java distributions (like the popular JDK 1.4.1 JRE from Sun)
have been found to contain several locally
Denial of
Confirmed. Time to configure your web application proxies to block the
naughty strings. Doing a google search for texis.exe turns up some
interesting sites, all of which respond to ?-dump and ?-version. The
information provided is significant including local ip and forwarding IP (so
you can
-BEGIN PGP SIGNED MESSAGE-
//@(#) Mordred Security Labs advisory
Release date: March 14, 2003
Name: RSA ClearTrust Cross Site Scripting issues
Risk: low
Author: Sir Mordred ([EMAIL PROTECTED], http://mslabs.iwebland.com)
I. Description:
The RSA ClearTrust is a Web access management
PROBLEMS WITH WINDOWS SHORTCUTS
==
Topic: Problems with Windows Shortcuts
Tested With: Windows 98, Windows 2000 Server
Author: S.G.Masood ([EMAIL PROTECTED])
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
-
Debian Security Advisory DSA-262-1 [EMAIL PROTECTED]
http://www.debian.org/security/ Wichert Akkerman
March 15, 2003
-
Hello,
during development of a pop3 tool I found an issue that makes it possible
for any user to check the validity of a user on a target system. If a user
is valid and an invalid password has been supplied, then the system waits
~10 seconds until it sends a disconnect message and disconnect.
-Original Message-
From: Jason Coombs [mailto:[EMAIL PROTECTED]
Sent: Sunday, February 16, 2003 10:31 AM
To: Bruce Schneier
Subject: RE: CRYPTO-GRAM, February 15, 2003
Aloha, Bruce.
This is in response to your Crypto-Gram discussion of the Sapphire/SQL
Slammer worm that struck
Hello!
The problem with the unencrypted files is not new. In 2000 we made a test
of common financial office programs, including MS Money, Quicken, Lexware,
Quickbooks etc. -- in most cases, we were able to disable a password
protection by just changing one byte in the (mostly unencrypted)
Business::OnlinePayment::WorldPay::Junior is a perl module providing a
backend for perl scripts to manage credit/debit card payments through the
WorldPay Select Junior service.
I am the author of the module.
There is a bug in all version of Business::OnlinePayment::WorldPay::Junior
prior to
//@(#) Mordred Security Labs advisory
Release date: March 15, 2003
Name: Texis sensitive information leak
Versions affected: all versions
Risk: average
Author: Sir Mordred ([EMAIL PROTECTED], http://mslabs.iwebland.com)
III. Exploit:
http://victim.com/texis.exe/?-version
Hello Andrew,
1. Thanks a lot for your note about the way to remove users from the
welcome screen.
I am sorry I was not aware of this workaround when the advisory was
published.
It is a shame MS don't add this procedure to its KB (as far as I
searched there).
I have tested this and, as
I've been battling this for a couple of days now too ...
I have one thing to add to what Ken said, and that is ... If you turn on
the Prompt for Unsigned ActiveX Controls, then I've found that you get a
prompt to install and run http://codecs.microsoft.com/objects/ocget.dll
Which clearly is a
12 matches
Mail list logo