There is a vulnerability in Pipermail (mailing list archiving software
distributed with and integrated with Mailman), that affects you if you
have local users on the machine.
If you have (a) private Mailman mailing lists and (b) user
logins on the same machine, any local user can read the archi
--[ Microsoft IIS 5.0 CodeBrws.asp Source Disclosure
Summary:
Microsoft's IIS 5.0 web server is shipped with a set of
sample files to demonstrate different features of the ASP
language. One of these sample files allows a remote user to
view the source of any file
> any OS although I havent tried linux and Mac yet.
Under Linux (or any Unix), all AIM clients I've tried (AOL AIM for
Linux, Everybuddy, GAIM) put your buddy list into your home directory,
so unless you have world-readable home directories this should not be a
problem.
--
-- Eugene Medynsk
I think this depends on the version of AIM and if it is an upgrade install
or clean install. I've been using AIM on my Win2K Machine at home for 2
years now and it still contunues to use \winnt\aim95 directory.
The newer versions may have taken to using the \documents and settings\
locations, bu
Hello,
I can't find information about the method I find. If I am wrong, I am
sorry.
PRINCIPLE
LKM backdoor plays tricks to hide itself, including its running processes,
loadable kernel module and arbitary files. It changes the kernel behavior,
and hide things.
Because it hides th
Here is a patch to fix the vulnerability (tested against webalizer-2.01-06).
Franck
Spybreak writes:
> Release : April 15 2002
> Author : Spybreak ([EMAIL PROTECTED])
> Software : Webalizer
> Version : 2.01-09, 2.01-06
> URL : http://www.mrunix.net/webalizer/
> Status : vendo
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
SECURITY ADVISORYINTEXXIA(c)
30 01 2002 ID #1052-300102
Multiple Vulnerabilities in PostBoard
-
PostBoard is an add-on module for the PostNuke content
management system which implements a forum system.
The current version of PostBoard is 2.0.1 and can be
found at:
www.nukeaddon.com or ftp.dndresources.com.
I have
I didn't see it posted to these lists, but yesterday Dug Song quietly released a tool
on the focus-ids list which totally blindsides Snort -
http://www.monkey.org/~dugsong/fragroute/index.html. His README.snort file contains
several fragroute scripts which blindside even the current Snort vers
This works even if I add both the res: and javascript: URL types to the
"Restricted Sites" zone with everything disabled. (Added via
HKLM\Software\Microsoft\Windows\Current Version\Internet
Settings\ZoneMap\ProtocolDefaults)
-Original Message-
From: Andreas Sandblad [mailto:[EMAIL PROTECT
-BEGIN PGP SIGNED MESSAGE-
-
Debian Security Advisory DSA-127-1 [EMAIL PROTECTED]
http://www.debian.org/security/ Wichert Akkerman
April 17, 2002
- --
Thor Larholm security advisory TL#002
-
By Thor Larholm, Denmark.
16 April 2002
HTML Format: http://jscript.dk/adv/TL002/
Topic: IE allows universal Cross Site Scripting.
Discovery date: 18 March 2002.
Severity: High
Affected applications:
--
I do not have the ability to try this as I am at work, but if on an NTFS
system, could you not lock down the users screenname directory so only they
have access to it. This would probably solve the problem rather easily.
-Original Message-
From: sunny licious [mailto:[EMAIL PROTECTED]]
Tested on
IE 4.0 (4.72.3110.4)
ICQ 2001b #3659
And it did crash my ICQ
But after it I installed the "icq web front Add-on" it didn't crashed
my icq anymore, but just opened the webfront part...
N|ghtHawk
-Oorspronkelijk bericht-
Van: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
Aan: [EMAIL PR
Demarc Security Update Advisory
Subject:1.05 login bypass advisory
Date: 16 April, 2002
___
Here is POC DOS exploit to Leon Harris's finds
#!/usr/bin/perl
#Melange Chat Server Remote DDOS POC
#By DVDMAN ([EMAIL PROTECTED])
#WWW.L33TSECURITY.COM
#L33T SECURITY
use Getopt::Std;
use IO::Socket;
$|=1;
my %options;
getopt('Hhp',\%options);
$arg2 = shift(@ARGV);
$options{
A copy of this document can be found online at:
http://www.digitaloffense.net/msftpd/advisory.txt
---
--[ Microsoft FTP Service STAT Globbing DoS
Summary:
The Microsoft FTP service is vul
-BEGIN PGP SIGNED MESSAGE-
- --
Title: Unchecked Buffer in Internet Explorer and Office for
Mac Can Cause Code to Execute (Q321309)
Date: 16 April 2002
Software: Microsoft Internet Explorer 5.1 f
hi HD -
I don't believe that Linux is affected. I've been told that the Linux
I/O path was written specifically to avoid this problem, and I have run
some test cases from our original bug report, and did not see the
described behavior. I'll look a bit more and reply when I know for
sure.
-Eri
-BEGIN PGP SIGNED MESSAGE-
__
SGI Security Advisory
Title: IRIX cron daemon vulnerability
Number: 20020403-01-I
Date: April 16, 2002
Refer
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Mandrake Linux Security Update Advisory
Package name: squid
Advisory ID:
-BEGIN PGP SIGNED MESSAGE-
=
FreeBSD-SA-02:20Security Advisory
FreeBSD, Inc.
Topic: syncache/sy
To: [EMAIL PROTECTED] [EMAIL PROTECTED]
[EMAIL PROTECTED]
__
Caldera International, Inc. Security Advisory
Subject:Linux: horde/imp cross scripting vulnerabilities
Advisory number:
You don't need 9i or ansi syntax.
Connected to:
Oracle8i Enterprise Edition Release 8.1.6.0.0 - Production
With the Partitioning option
JServer Release 8.1.6.0.0 - Production
SQL> set serveroutput on size 100
SQL> sta users
SQL> select username, user_id, password from sys.dba_users
2 /
-BEGIN PGP SIGNED MESSAGE-
-
Debian Security Advisory DSA-126-1 [EMAIL PROTECTED]
http://www.debian.org/security/ Wichert Akkerman
April 16, 2002
- --
On Tue, Apr 16, 2002 at 10:52:02AM +0400, Matt Conover wrote:
> w00w00 (http://www.w00w00.org)
> Angry Packet Security (http://sec.angrypacket.com)
>
> Vulnerability in Multiple Microsoft Products for Mac OS
> HTML format: http://www.w00w00.org/advisories/ms_macos.html
> Text format: http://www.w
Hi all
I thought this list may be interested in this issue, apologies if its
known here already.
Oracle 9i includes the new ANSI outer join syntax. Oracle still supports
the old syntax but in the new syntax there is a serious security issue
that allows any user to view any data.
here is an exa
Hi all,
I looked briefly in bugtraq archives and I didn't find any reference to this
issue. Please accept my apologies, if it's a known problem.
Norton Personal Firewall 2002 on Windows 2000 is vulnerable to SYN/FIN scan
(SYN/FIN/URG, SYN/FIN/PUSH, SYN/FIN/URG/PUSH are not detected as well)
Does this vulnerability affect the Linux XFS port? The XFS page has no
information about this or whether there is a fix available:
http://oss.sgi.com/projects/xfs/
-HD
On Monday 15 April 2002 04:49 pm, SGI Security Coordinator wrote:
>
> SGI Security Advisory
>
>
-BEGIN PGP SIGNED MESSAGE-
Cisco - Microsoft IIS Vulnerabilities in Cisco Products - MS02-018
Revision 1.0
Public Release 2002 April 15 18:00 (UTC -0400)
- ---
Contents
Summary
Affected Products
w00w00 (http://www.w00w00.org)
Angry Packet Security (http://sec.angrypacket.com)
Vulnerability in Multiple Microsoft Products for Mac OS
HTML format: http://www.w00w00.org/advisories/ms_macos.html
Text format: http://www.w00w00.org/files/advisories/ms_macos.txt
SOFTWARE VERSIONS AFFECTED
Micro
This is an update of my original postings about the IP ID handling in
the ICMP and UDP protocols with Linux Kernel 2.4.x.
RFC 791 defines the IP Identification field as:
"An identifying value assigned by the sender to aid in assembling the
fragments of a datagram."
RFC 791 identifies the role
Hello everyone,
after some frustration with the HP Photosmart printer driver not
being as smart as the name suggests and HP support not as suppor-
tive as I would wish about the issues raised below, I've decided
to bring the following multiple security vulnerabilities of the
HP Photosmart/Des
Demarc PureSecure (http://www.demarc.org) is an
all-inclusive network monitoring solution that allows
you to monitor an entire network of servers from one
powerful web interface.
user can bypass login and get admin status by sql
injection through cookies s_key
- line 319 --
Dear Bugtraq readers,
it seems like A LOT of mailscanners treated my post with the subject:
"Using the backbutton in IE is dangerous"
as a virus and rejected it. In case you didn't receive it you can read it
online at Bugtraq's archive:
http://online.securityfocus.com/archive/1/267561
The most c
Raptor Firewall FTP Bounce vulnerability
Summary:
The Raptor Firewall can make an FTP server behind it vulnerable to the
well-known
FTP bounce vulnerability even if the FTP server used is not susceptible to
this issue.
Overview:
While performing a penetration test for a customer, we discover
One year ago I discovered a buffer overflow in the address bar of IE 5.0 using
greek characters, look at:
http://www.cyhackportal.com/modules.php?name=News&file=article&sid=81
Today I discover this:
http://www.bestbuy.com.cy/cgi-bin/buy.storefront/<<<áx1388>>>/Product/View/CMPL_00_GDXbox
(do n
37 matches
Mail list logo