Did you even bother notifying the vendor? Or crediting the person who
originally discovered this? Unless you happen to be him, although it
doesn't appear so from your site.
Anyway, this bug has been known about for a while, and is fixed in the next
version. Unfortunately they aren't
Just modified WDAV exploit without netcat or telnet and with pretty magic number as
RET ;P. Create on May, 2003.
Sample action picture from this exploit can check in this link:
http://www.infosekuriti.com/artikel/artikel25_files/image002.jpg
/*
* IIS 5.0 WebDAV Exploit versi Xnuxer Lab
* By
If an admin say this command: '/msg operserv raw
:nickserv join #chan' NickServ join in that chan, ok.
If the command was: '/msg operserv raw : join #chan'
ircd go to SEGFAULT. Why?
Case 1: operserv ordine to a nick (NickServ) to join #chan
Case 2: operserv ordine to server to join #chan
Ircd go
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
@stake, Inc.
www.atstake.com
Security Advisory
Advisory Name: Named Pipe Filename Local Privilege Escalation
Release Date: 07/08/2003
The following example, results in crash:
[Crash.html]
window.moveTo(screen.width,screen.height);
document.all.tags(script)[0].src=Crash.html;
//lt;script src=Crash.htmllt;/scriptgt;
-[End of Crash.html]
The result is
In my testing these security bulleints aren't fixed in Win2k SP4,
but are documented that they are at this link:
http://www.microsoft.com/technet/treeview/default.asp?
url=/technet/security/news/w2kSP4.asp
1. MS02-053. It fixes the FPSE 2000 vulnerability, but
not FPSE 2002.
2. MS03-019. It
-BEGIN PGP SIGNED MESSAGE-
Hash: MD5
Adobe Acrobat and PDF security: no improvements for 2 years.
Software released in 2003 contains vulnerabilities disclosured in 2001
July 8, 2003
SUMMARY
==
In early 2001, we have
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
CONECTIVA LINUX SECURITY ANNOUNCEMENT
- --
PACKAGE : imp
SUMMARY : SQL code injection
Qt libaries works with KDE. Knoppix 3.1 comes with KDE3. A default
installation on hard disk of this live CD linux distribution with the SSHD
daemon running may allow a serious D.o.S. attack and potential root
compromise.
I've found a race condition in knoppix 3.1 live CD. I've confirmed it
On Tue, Jul 08, 2003 at 07:14:22AM -, Lethalman wrote:
If an admin say this command: '/msg operserv raw
:nickserv join #chan' NickServ join in that chan, ok.
If the command was: '/msg operserv raw : join #chan'
ircd go to SEGFAULT. Why?
According to you, the IRC server crashes because :
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Mandrake Linux Security Update Advisory
Package name: unzip
Advisory ID:
#www.bright-shadows.net#
--#theblacksheeperik#--
Ph4nt0m Security Advisory 2#2003--7-7
Title: zkfingerd-2.0.2(the last version)Format String Vulnerabilities
ZH2003-1SA (security advisory): Rockliffe Mailsite Express - mail
attachments retrievable without proper authentication.
Published: 08/07/2003
Released: 08/07/2003
Name: Rockliffe Mailsite Express - mail attachments retrievable without
proper authentication
Affected Systems: Mailsite 5.3.4
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
CONECTIVA LINUX SECURITY ANNOUNCEMENT
- --
PACKAGE : php4
SUMMARY : New PHP4 packages with
On 4 Jul 2003, D. J. Bernstein wrote:
Richard M. Smith writes:
P.S. It's hard for a portable chroot tool to cut off a program's network
access. Kernel designers should provide a disablenetwork() syscall, with
the disabling inherited by children. Other kernel changes would be nice,
but
interesting, in win2ksp4 i can't get it to overflow...
with regular characters.
if i use a lot of %'s it appears to overwrite eip. but if
i tack on any character at the end it won't overflow.
C:\WINNT\system32rundll32.exe
rundll32.exe,
Multiple Buffer Overflows in IglooFTP PRO
Url: http://www.iglooftp.com
IglooFTP PRO is an extremely powerful, easy to use and well designed
FTP client. Perhaps my personal favourite.
It is extremely easy to use, but doesn't lack the configurability
needed for advanced users.
It it this award
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 341-1 [EMAIL PROTECTED]
http://www.debian.org/security/ Matt Zimmerman
July 7th, 2003
Can you confirm that this address [EMAIL PROTECTED] is
being monitored as well.
I once sent a bug to this address and got a response that indicated that it
was Microsoft Security, as in their campus police force. This was a couple
of years ago. I suppose for safety reasons, they might not
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 342-1 [EMAIL PROTECTED]
http://www.debian.org/security/ Matt Zimmerman
July 7th, 2003
- Original Message -
From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Friday, July 04, 2003 7:31 PM
Subject: Re: Contact information for Microsoft Security Response Center [tf]
Why do you people insist on using such an unobvious address? Do you have
a catch-all in place?
By
On 1057360640 seconds since the Beginning of the UNIX epoch
D. J. Bernstein wrote:
P.S. It's hard for a portable chroot tool to cut off a program's network
access. Kernel designers should provide a disablenetwork() syscall, with
the disabling inherited by children. Other kernel changes would be
Hi,
Can you confirm that this address [EMAIL PROTECTED] is being
monitored
as well.
I've sent messages in the past to [EMAIL PROTECTED] and all of them
where properly handled.
Salu2,
David A. Prez
http://www.kamborio.com/
_ _
On my previous post about OWA XSS I talked about Cross
Site Scripting in the attachment field of a mail. The
XSS is not in the attachment, is in the body of the
message.
Sorry, I need to sleep...
Please notice: not in the attachment, in the BODY.
To make it clear to understand I have just
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
FYI This does not appear to be exploitable on an en Windows 2000 SP3
+ all current hotfixes (have not loaded SP4 yet however). advpack32.dll
does not exist on my win2k pro system, however advpack.dll does and this
was attempted, using 499 chars +
Does anyone care to attach a debugger to the screen saver process and
then verify that this is or is not a buffer overflow?
-KF
Adam H. Pendleton wrote:
Delfim Machado wrote:
three days ago i discovered a security issue, with the last MacOSX.
there is a way to crash the screensaver locked with
package:xchat 1.8.11(win binary)
description:irc client
Os tested:winXp pro
author:extraneous
mail:[EMAIL PROTECTED]
the fault:
--- Looking up acn.irc.gr..
--- Connecting to acn.irc.gr (212.89.160.2) port 6667..
--- Connected. Now logging in..
-acn.irc.gr- *** Looking up your hostname...
---
28 matches
Mail list logo
