Please forward this to the list.
Security Hole in Shareplex 2.x
--
Summary
---
Shareplex (Quest Software's product for Oracle database replication)
contains a security hole which can allow local users to read any f
At 03/28/2001 06:31 PM, Floydman wrote:
>A little while ago, I was having a conversation with some of my colleagues
>about computer viruses. The "Life Stages" virus was mentionned during the
>conversation. This virus disguises itself via a file with extension .SHS,
>while pretending to be a .T
>
> Considering how frequently most people tend to reuse passwords, this is
> a pretty strong statement. Since Microsoft states that the folder
> password is "not related in any way to the user's network logon
> password" with such confidence, that would seem to imply a mechanism
> that prohibits
I preface this response by first saying that I have great respect for Mr.
Guninski's capabilities in this arena.
That being said, I feel that this bug should be downgraded to Medium. It is
not "high risk" due to too many mitigating factors. First of which, you
have to have active scripting turn
Mariusz Woloszyn wrote:
>
> On Tue, 27 Mar 2001, Wojciech Purczynski wrote:
>
> >
> > Hi,
> >
> > Here is exploit for ptrace/execve race condition bug in Linux kernels up
> > to 2.2.18.
> >
>
> Hi!
>
> I've seen a tool that works better than this, useing different aproach to
> the same bug explits
For an excellent overview of Shell Scraps, see:
http://www.pc-help.org/security/scrap.htm
These can be scary little buggers because they have the functionality of
both batch files and executables (see the example in the link above.) It
appears to be an artifact of Win3.1 OLE that never seemed to
> -Original Message-
> From: Chad Kalmes [mailto:[EMAIL PROTECTED]]
>
> I've tested this out and the query seems to run fine
> and returns the stated information, but only if the
> exchange resources via the web don't require
> authentication. If they do, you need to know the other
>
Background:
Back in February, eWeek and Argus Systems held OpenHack III. "Pitbull vs The
Worlds Toughest". With much hype the contest came and went. The result? "17
days, 40,000 Challengers, 5.4 Million Punches and 1 E-Security Champion". As
'the first product to withstand an OpenHack unscathed'
Hi,
Microsoft has released a security bulletin
http://www.microsoft.com/technet/security/bulletin/ms01-020.asp entitled "Incorrect MIME Header Can Cause IE to
Execute E-mail Attachment".
EML files are MIME multipart files that IE 5 will
parse. There is a vulnerability allowing arbitrary code
The following is a Security Bulletin from the Microsoft Product Security
Notification Service.
Please do not reply to this message, as it was sent from an unattended
mailbox.
-BEGIN PGP SIGNED MESSAGE-
- --
Russ,
Thanks for bringing this up as some of the
responses in this mailing list have noted, the main
issue here is one of configuration, but youve
highlighted an important area of policy what do you
with apparently internal e-mail received at the internet
gateway.
The problem that you
Tried it on AIX 4.3.3 with WebLogic 5.1.0 Service Pack 6 - It works!
Don Elsner
*
CONFIDENTIALITY NOTICE:
This is a transmission from Kohl's Department Stores, Inc.
and may contain information which is confidential and propri
-BEGIN PGP SIGNED MESSAGE-
To those involved in Linux security:
The latest release of "Linux-Magazin", a monthly German magazine that focuses
on Linux, contains an article by Mirko Dölle about security problems in the
Linux kernel.
In particular, the article argues that IP packets could
I've tested this on various Compaq boxes running Netware 5.0 and 5.1, with and without
BorderManager, and found them not to be vulnerable to acting as an anonymous proxy. On
each attempt the Compaq web agent abends without affecting other services.
I guess if I wanted some excitement I'd have
From: Microsoft Product Security <[EMAIL PROTECTED]>
Date: Wed, 28 Mar 2001 07:08:28 -0800
- --
Title: Passwords for Compressed Folders are Recoverable
Date: 28 March 2001
Software: Plus! 98
Meta comment
The reported problem seems to have been fixed in recent versions,
without me talking to BEA. This may indicate that other people have
reported the problem before me (I was unable to find it on
Securityfocus' vulnerability database.) It may also mean that the
problem is
There are times when the LSoft Listserver software interferes with the
signature signing process, so even though the signature may check as valid
when the email is being approved, the email is not valid when it's shipped
from the LSoft server. This is not the first Microsoft Bulletin to suffer
fr
Tomcat may reveal script source code by URL trickery
Sverre H. Huseby advisory 2001-03-29
Systems affected
Tomcat 4.0-b1 (latest milestone) and nighly build as of 2001-03-28
tested. Other versions may be vulnerable too. T
Europe is not affected since daylight saving time switch was last
weekend...so this might be a US-timezones only problem...
Greetz,
Ivo van Dongen
Sysadmin Int.Sg. "Het Westland"
"Gates' Law: Every 18 months, the speed of s
-BEGIN PGP SIGNED MESSAGE-
At 06:34 AM 3/28/01 -0800, Caskey wrote:
>My questions:
>
>Is this a legitimate advisory?
>
>Does anyone posess a valid, signed copy of this advisory?
>
>Am I being unreasonable in expecting advisories published by
>Microsoft (or any vendor) to be signed? (consi
}-Original Message-
}Sent: Tuesday, March 27, 2001 10:40 PM
}Subject: CHINANSL Security Advisory(CSA-200105)
}
}Topic:
}Tomcat 3.0 for win2000 Directory traversal
}Vulnerability
}
This was detailed earlier at:
http://www.securityfocus.com/templates/archive.pike?list=1&mid=164891
.. Tomca
A little while ago, I was having a conversation with some of my colleagues
about computer viruses. The "Life Stages" virus was mentionned during the
conversation. This virus disguises itself via a file with extension .SHS,
while pretending to be a .TXT file. This was possible because the .SHS
e
Dear "lovehacker",
Tomcat 3.0 is an old version and has several known security holes. That is
why we recommend that people run the latest released version which is
currently 3.1.1 or 3.2.1 (depending on the branch you are interested).
Also, Tomcat 3.2.2b2 is also available on our website which f
23 matches
Mail list logo
