Hi All,
I won't bother posting my advisories for the DOS issues here as SPIDynamics
SPI Labs ( http://www.spidynamics.com/spilabs.html ) have already released
theirs. In case you missed their postings, and you have deployed IIS 4.0 /
IIS 5.0 and IIS 5.1 as your chosen web server, to obtain the pa
Microsoft is wrong and misleading customers in this advisory. This Windows
Media Service vulnerability is exploitable, as confirmed in the labs at
eEye, and by the discoverer of this vulnerability, Brett Moore.
I am not sure why Microsoft misidentified this vulnerability... maybe it is
just a typo
See below,
/jonas
-- Forwarded message --
Date: Thu, 29 May 2003 15:05:24 +0300 (EEST)
From: Jani Taskinen <[EMAIL PROTECTED]>
Reply-To: Jani Taskinen <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: [ANNOUNCE] PHP 4.3.2 released
-BEGIN PGP SIGNED ME
Overview: "Activity Monitor 2002 is a monitoring software system for real
time employee
monitoring and continuous tracking of users activities on
networked computers."
More information can be found at www.softactivity.com
Vulnerability Description: By connecting TCP port 1
There is a bug in GCC, prior to version 3.2.3, which meant that
performing an implicit struct copy several times in succession would
result in data from different struct copy operations overwriting each
other.
This problem is present in at least gcc-3.2 and gcc-3.2.2, i.e. the gcc
present in RH8.x
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Mandrake Linux Security Update Advisory
Package name: cups
Advisory ID:
Products: Webfroot Shoutbox v 2.32 and below (http://shoutbox.sf.net)
Date: 09 May 2003
Author: pokleyzz
Contributors: sk_at_scan-associates.net
shaharil_at_scan-associates.net
munir_at_scan-associates.net
URL: http://www.scan-associates.net
Summary: Webfroot Shoutbox 2.32 and below direct
bugtraq@,
Title: ICQ Lite executable trojaning
Affected: ICQLite 2003a
Vendor: ICQ Inc
Vendor URL: http://www.icq.com
Risk: Average
Exploitable: Yes
Remote: No
Date: May, 29 2003
Advisory URL: http://www.security.nnov.ru/advisories/icqlite.asp
I. Intro:
ICQ Lite is popular internet messeng
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 307-1 [EMAIL PROTECTED]
http://www.debian.org/security/ Matt Zimmerman
May 27th, 2003
dave pointed out dat i forgot to send da attached .c in my first post.
dis proves dat im so bizy dat i forget to send other half of email to bugtraq.
attached is a local root xploit for eterm. and on default install of debian it be a
local gid utmp xploit. hi martin
dis is a nice change up from
Philboard Vulnerability
Severity : High (Possible gain administrator/users access on Forum Board)
Systems Affected: Philboard up to v1.14
Vendor URL: http://www.youngpip.com/philboard.asp
Vuln Type : Cookie Injection
Status: Vendor contacted, fixed version is not available (cause they didn't
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
[slackware-security] CUPS DoS vulnerability fixed (SSA:2003-149-01)
Upgraded CUPS packages are available for Slackware 8.1, 9.0,
and -current to fix a denial of service attack vulnerability.
Here are the details from the Slackware 9.0 ChangeLog:
+
Products: b2 cafelog 0.6.1 (http://cafelog.com/)
Date: 29 May 2003
Author: pokleyzz
Contributors: sk_at_scan-associates.net
shaharil_at_scan-associates.net
munir_at_scan-associates.net
URL: http://www.scan-associates.net
Summary: b2 cafelog 0.6.1 remote command execu
Products: Geeklog 1.3.7sr1 and below (http://www.geeklog.net)
Date: 29 May 2003
Author: pokleyzz
Contributors: sk_at_scan-associates.net
shaharil_at_scan-associates.net
munir_at_scan-associates.net
URL: http://www.scan-associates.net
Summary: Geeklog 1.3.7sr1 and below multiple vulnerabili
[-]=[-]
P H R A C K
: R E L O A D E D :
CALL FOR PAPERS * CALL FOR PAPERS * CALL FOR PAPERS * CALL FOR PAPERS
-
Multiple Vulnerabilities In P-Synch Password Management
---
The other night I came across a server running P-Synch.
I had never heard of it so i was curious to poke around
on it a bit. Within an hour i found the vulns listed below.
Im pretty
Hi,
another XSS, now on the ZEUS web admin interface.
The tested software is Zeus 4.2r2 (webadmin-4.2r2) on Linux x86
This is not the same issue as bid 6144 (index.fcgi),
now is on "vs_diag.cgi".
Exploit is simple:
http://:9090/apps/web/vs_diag.cgi?server=
I have read this post: (http://www.
Hello. This is to announce a new class of attack which we have named
'Algorithmic Complexity Attack'. These attacks can perform denial of
service and/or cause the victim to consume more CPU time than
expected. We have a website for our research paper and project and
tentative source code illustrat
I recently found out that someone I knew was running this vuln
application. After informing them it was vuln they were dissapointed at
the fact that they could no longer use the program as the author has not
supplied a fix. Anyway, here is a quick fix i threw together to take care
of the prob
19 matches
Mail list logo