Le lundi 12 février 2007 à 22:51 +0100, Raphaël HUCK a écrit :
They should check that a certain variable is defined for example, and if
not, do not display anything... even if the hosted website is configured
to display errors, and you cannot change this.
Exactly my point: you may not have
Hewlett-Packard HP-UX SLSd Arbitrary File Creation Vulnerability
iDefense Security Advisory 02.13.07
http://labs.idefense.com/intelligence/vulnerabilities/
Feb 13, 2007
I. BACKGROUND
Hewlett-Packard's HP-UX introduced Single Logical Screen (SLS) in 1995 to
facilitate using multiple graphics
Title:Jupiter CMS 1.1.5 Multiple Vulnerabilities
Advisory ID:12070214
Risk level:High
Author:DarkFig [EMAIL PROTECTED]
URL:http://www.acid-root.new.fr/advisories/12070214.txt
.: [ OVERVIEW ]
Jupiter CMS 1.1.5 is a powerful user-friendly Community
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Cisco Security Advisory:
Multiple Vulnerabilities in Cisco PIX and ASA Appliances
Advisory ID: cisco-sa-20070214-pix
http://www.cisco.com/warp/public/707/cisco-sa-20070214-pix.shtml
Revision 1.0
For Public Release 2007 February 14 1600 UTC (GMT
==
Secunia Research 14/02/2007
- MailEnable Web Mail Client Multiple Vulnerabilities -
==
Table of Contents
Affected
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c00863839
Version: 1
HPSBUX02192 SSRT061233 rev.1 - HP-UX Running ARPA Transport, Local Denial of
Service (DoS)
NOTICE: The information in this Security Bulletin should be acted upon as soon
In a Solaris telnet vulnerability thread, Casper Dik said:
It's not still in Solaris; it's the first time it occurred in
Solaris; it is stupid it did but it's a typical programming error:
passing unchecked arguments to a program without escaping special
characters.
The emerging terminology for
Of course, there are multiple ways to secure software after their setup,
provided you know a minimum about computer security.
But I think many people just do the default setup the easy way via the
setup wizard.
That's why I believe the developers should take great care securing
their
Application: WebTester
Web Site: http://www.webtester.us/
Versions: 5.0.20060927 and below
Platform: linux, windows, freebsd, sun
Bug: Cross Site Scripting and SQL Injection
Severity: high
Fix Available: No
---
1) Introduction
2) Bug
3) The Code
Little error for the file upload vulnerability.
Updated, see http://www.acid-root.new.fr/advisories/12070214.txt.
Sorry for the inconvenience :(.
An attacker can access to this script, simply by sending a request
which not contains the is_guest and is_user variables.
The simplest possible fix on such short notice:
http://cvs.opensolaris.org/source/diff/onnv/onnv-gate/usr/src/cmd/cmd-inet/usr.sbin/in.telnetd.c
?r2=3629r1=2923
Casper
How about just uncommenting the following from /etc/default/login
# If CONSOLE is set, root can only login on that
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200702-04
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - -
[EMAIL PROTECTED] wrote:
On Tue, 13 Feb 2007 [EMAIL PROTECTED] wrote:
On Tue, 13 Feb 2007 [EMAIL PROTECTED] wrote:
Am I missing something? This vulnerability is close to 10 years old.
It was in one of the first versions of Solaris after Sun moved off of
the SunOS BSD platform and over to
A couple of updates and a summary digest of useful information shared from
all around on this vulnerability, for those of us trying to make sense of
what it means to our networks:
1. Sun released a patch (although it is not a final one). It can be found
on their site (
Spectulation over whether Microsoft, Sun, or any other vendor
intentionally put in backdoors just makes our industry seem
unprofessional. The likelihood that either vendor did is near zero.
Could be, but most likely not. Unless you find a hard coded password,
code comments indicating a built-in
On Tue, 13 Feb 2007, Michael Wojcik wrote:
From: Thierry Zoller [mailto:[EMAIL PROTECTED]
Sent: Monday, 12 February, 2007 07:52
GE telnet -l -froot [hostname]
Should we really consider this a BUG ? With all due respect, this
reads, smells and probably tastes like a backdoor
On Monday 12 February 2007 07:00, Gadi Evron wrote:
Update from HD Moore:
but this bug isnt -froot, its -fanythingbutroot =P
Confirmed.
If the server permits logins from outside (maybe via SSH only - protection
provided by a local or network) and has telnetd enabled any user can login
as
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Cisco Security Advisory:
Multiple Vulnerabilities in Firewall Services Module
Advisory ID: cisco-sa-20070214-fwsm
http://www.cisco.com/warp/public/707/cisco-sa-20070214-fwsm.shtml
Revision 1.0
For Public Release 2007 February 14 1600 UTC (GMT
18 matches
Mail list logo