NGSSoftware Insight Security Research Advisory
Name: Remote System Buffer Overrun WebAdmin.exe
Systems Affected: Windows
Severity: High Risk
Category: Buffer Overrun
Vendor URL: http://www.altn.com/
Author: Mark Litchfield ([EMAIL PROTECTED])
Date: 24th June 2003
Advisory number:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 330-1 [EMAIL PROTECTED]
http://www.debian.org/security/ Matt Zimmerman
June 23rd, 2003
This is GNATS local exploits. :-}
--
___
Get your free email from http://www.hackermail.com
Powered by Outblaze
0x82-GNATS.tgz
Description: Binary data
this exploits lbreakout2server[v2-2.5+], the new one.
the exploit header explains most of it. i made a
function to find the pop/memory location on the server.
since this is a bit much work manually: you can only
see 1-2 returns at a time, and need to know the server
code dealios. the example
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
GuestBookHost : Cross Site Scripting
~
Program: GuestBookHost
Url vendor : http://www.nukedweb.com/phpscripts/guestbookhost.php
Problem: Multiple Cross Site
This bug is old. All Tripbit have managed to do is find a new way of
exploiting an old/known bug. Eg by sending the '../' string in
unicode format rather than sending it normally.
The bug was originally found by subversive from the Security Freaks
and the original advisory can be located at:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Title:Symantec Security Check ActiveX Buffer Overflow
Date: Monday, June 23, 2003 09:15:19 PM
Threat: Moderate
Impact: System Access
Product: Symantec Security Check
Situation Overview:
Symantec Security Check is a free web-based tool
Dear Jonathan Angliss,
This problem is related to imap-uw only. Of cause, this is not
SquirrelMail bug. There is a set of utilities to manage files (list
directories, retrieve files, remove files, create directories) via
imap-uw directly:
The Sharp Zaurus is a linux-based PDA running Embedix. In the May
version of the Sharp Zaurus newsletter, version 3.1 of the flash
ROM was announced with various new versions of software and added
OS functionality. The linux kernel went from 2.4.6 to 2.4.18.
The Zaurus docking station comes
This is true for my 5600 as well, but oddly enough it doesn't appear when
hooked into my Linux partition - only when using the Zaurus Manager with
Windows. That could be some idiosyncracy with my setup, however.
Also listening to all interfaces on the 5600 is qpe...not sure if that has
been
werd to mark litchfield for finding this gem.
can also be downloaded from:
http://sh0dan.org/files/wa_exp.c
/* wa_exp.c
WebAdmin.dll remote proof of concept 2.0.4 version.. tried
finding 2.0.5 but all versions
were already patched from the dl sites... this was tested
on a win2ksp2 server, i
Aloha, Symantec Security.
Two questions:
1) Does this ActiveX control bear a digital signature? If so, the problem it
causes does not go away simply because there is a new version available from
Symantec. An attacker in possession of the bad code with its attached digital
signature can fool a
On Tue, 24 Jun 2003, Jason Coombs wrote:
1) Does this ActiveX control bear a digital signature? If so, the problem it
causes does not go away simply because there is a new version available from
Symantec. An attacker in possession of the bad code with its attached digital
signature can fool
Haven't seen this mentioned, so for what it's worth :
phpBB 2.0.5 released
http://www.phpbb.com/phpBB/viewtopic.php?t=56
(Posted: Mon Jun 16, 2003 4:12 am)
Quote:
What has changed in this release?
This edition includes a significant number of fixes for bugs
and a minor
To further restrict the potential impact of coding flaws in ActiveX
controls, consider sitelocking.
Sitelocking can help prevent your control from being illegitimately used
elsewhere.
http://msdn.microsoft.com/downloads/samples/internet/default.asp?url=/do
Matt Moore said:
I also reported this to Microsoft - sometime around May or June
2002... I copied Steve Christey at Mitre on a couple of the emails
I can confirm that on July 19, 2002, Matt CC'ed me on an email to the
Microsoft Security Response Center in which Matt asked about when his
-BEGIN PGP SIGNED MESSAGE-
__
SGI Security Advisory
Title : Multiple IPv6-Induced Bugs Vulnerabilities
Number: 20030607-01-P
Date : June 24, 2003
Reference : SGI BUGS
NGSSoftware Insight Security Research Advisory
Name: Remote System Buffer Overrun WebAdmin.exe
Systems Affected: Windows
Severity: High Risk
Category: Buffer Overrun
Vendor URL: http://www.altn.com/
Author: Mark Litchfield ([EMAIL PROTECTED])
Date: 24th June 2003
Advisory
18 matches
Mail list logo
