Re: Bypassing ZoneAlarm (limited)

2003-07-01 Thread Te Smith
In-Reply-To: [EMAIL PROTECTED] The posting describes test results using older versions of Zone LabsÂ’ ZoneAlarm and also erroneously attributes the problem to a flawed core design. Zone LabsÂ’ Advanced Program Control feature protects PCs from the ShellExecute theoretical exploit. This

ezbounce[v1.0-(1.04a/1.50pre6)]: remote format string exploit.

2003-07-01 Thread Vade 79
just downloaded ezbounce, quick audit yielded this format bug. the bug exists from version 1.0 to current(1.04a-stable/1.50-pre6-beta at the time). the bug occurs inside the sessions command. most of the details are explained in the exploit comments. pretty much explains how to get the

PoC for Internet Explorer =5.0 buffer overflow (trivial exploit for hard case).

2003-07-01 Thread 3APA3A
Dear [EMAIL PROTECTED], Attached exploit for [1] works with ~70% probability on Windows NT 4.0 (I didn't tested on different systems and it may differ, I don't care because I only wanted to show code execution IS possible). It works slow and may require few minutes to complete, see

CyberStrong Shopping Cart - Advisory Exploit Code

2003-07-01 Thread aresu
Advisory Name: Cyberstrong eShop SQL Injection Vulnerability Release Date: 05/07/2003 Application: CyberStrong eShop v4.2 Platform: Win32/MSSQL Severity: High BUG Type: SQL Injection Discover by: AresU [EMAIL PROTECTED] Author: Bosen [EMAIL PROTECTED] Vendor Status: See below. Vendor URL:

[RHSA-2003:199-01] Updated unzip packages fix trojan vulnerability

2003-07-01 Thread bugzilla
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - Red Hat Security Advisory Synopsis: Updated unzip packages fix trojan vulnerability Advisory ID: RHSA-2003:199-01 Issue date:2003-07-01

[Opera 7] Five DoS codes on general web sites

2003-07-01 Thread :: Operash ::
- TITLE :[Opera 7] Five DoS codes on general web sites -= Fastest browser on earth, Fastest crash on earth too =- PRODUCT: Opera for Windows VERSIONS : 7.11b build 2887

[sec-labs] Adobe Acrobat Reader =5.0.7 Buffer OverflowVulnerability + PoC code

2003-07-01 Thread sec-labs team
sec-labs team proudly presents: Buffer overflow vulnerability in Adobe Acrobat Reader 5.0.7 and earlier by mcbethh 29/06/2003 I. BACKGROUND quote from documentation: 'The Acrobat Reader allows anyone to view, navigate, and print documents

[CLA-2003:668] Conectiva Security Announcement - kde

2003-07-01 Thread Conectiva Updates
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- CONECTIVA LINUX SECURITY ANNOUNCEMENT - -- PACKAGE : kde SUMMARY : PS/PDF file handling

[SECURITY] [DSA-336-2] Factual correction for DSA-336-1

2003-07-01 Thread Matt Zimmerman
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA 336-2 [EMAIL PROTECTED] http://www.debian.org/security/ Matt Zimmerman June 29th, 2003

Re: [Symantec Security Advisor] Symantec Security Check ActiveX Buffer Overflow

2003-07-01 Thread J . Warren
In-Reply-To: [EMAIL PROTECTED] This may prevent and configure your PC for -future- prevention of ActiveX problems: Test Your ActiveX Installation http://www.pcpitstop.com/testax.asp This page tests whether you have your browser properly configured to download, authenticate, install, and