IIS WEBDAV Denial of Service attacks

Hi All, I won't bother posting my advisories for the DOS issues here as SPIDynamics SPI Labs ( http://www.spidynamics.com/spilabs.html ) have already released theirs. In case you missed their postings, and you have deployed IIS 4.0 / IIS 5.0 and IIS 5.1 as your chosen web server, to obtain the pa

RE: Alert: MS03-019, Microsoft... wrong, again.

Microsoft is wrong and misleading customers in this advisory. This Windows Media Service vulnerability is exploitable, as confirmed in the labs at eEye, and by the discoverer of this vulnerability, Brett Moore. I am not sure why Microsoft misidentified this vulnerability... maybe it is just a typo

New php release with security fixes

See below, /jonas -- Forwarded message -- Date: Thu, 29 May 2003 15:05:24 +0300 (EEST) From: Jani Taskinen <[EMAIL PROTECTED]> Reply-To: Jani Taskinen <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: [ANNOUNCE] PHP 4.3.2 released -BEGIN PGP SIGNED ME

Activity Monitor 2002 remote Denial of Service

Overview: "Activity Monitor 2002 is a monitoring software system for real time employee monitoring and continuous tracking of users activities on networked computers." More information can be found at www.softactivity.com Vulnerability Description: By connecting TCP port 1

gcc (<3.2.3) implicit struct copy exploit

There is a bug in GCC, prior to version 3.2.3, which meant that performing an implicit struct copy several times in succession would result in data from different struct copy operations overwriting each other. This problem is present in at least gcc-3.2 and gcc-3.2.2, i.e. the gcc present in RH8.x

MDKSA-2003:062 - Updated cups packages fix Denial of Service vulnerability

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Mandrake Linux Security Update Advisory Package name: cups Advisory ID:

Webfroot Shoutbox 2.32 directory traversal and code injection.

Products: Webfroot Shoutbox v 2.32 and below (http://shoutbox.sf.net) Date: 09 May 2003 Author: pokleyzz Contributors: sk_at_scan-associates.net shaharil_at_scan-associates.net munir_at_scan-associates.net URL: http://www.scan-associates.net Summary: Webfroot Shoutbox 2.32 and below direct

ICQLite executable trojaning

bugtraq@, Title: ICQ Lite executable trojaning Affected: ICQLite 2003a Vendor: ICQ Inc Vendor URL: http://www.icq.com Risk: Average Exploitable: Yes Remote: No Date: May, 29 2003 Advisory URL: http://www.security.nnov.ru/advisories/icqlite.asp I. Intro: ICQ Lite is popular internet messeng

[SECURITY] [DSA-307-1] New gps packages fix multiple vulnerabilities

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA 307-1 [EMAIL PROTECTED] http://www.debian.org/security/ Matt Zimmerman May 27th, 2003

BAZARR CODE NINER PINK TEAM GO GO GO

dave pointed out dat i forgot to send da attached .c in my first post. dis proves dat im so bizy dat i forget to send other half of email to bugtraq. attached is a local root xploit for eterm. and on default install of debian it be a local gid utmp xploit. hi martin dis is a nice change up from

Philboard Forum Vulnerability

Philboard Vulnerability Severity : High (Possible gain administrator/users access on Forum Board) Systems Affected: Philboard up to v1.14 Vendor URL: http://www.youngpip.com/philboard.asp Vuln Type : Cookie Injection Status: Vendor contacted, fixed version is not available (cause they didn't

[slackware-security] CUPS DoS vulnerability fixed (SSA:2003-149-01)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [slackware-security] CUPS DoS vulnerability fixed (SSA:2003-149-01) Upgraded CUPS packages are available for Slackware 8.1, 9.0, and -current to fix a denial of service attack vulnerability. Here are the details from the Slackware 9.0 ChangeLog: +

b2 cafelog 0.6.1 remote command execution.

Products: b2 cafelog 0.6.1 (http://cafelog.com/) Date: 29 May 2003 Author: pokleyzz Contributors: sk_at_scan-associates.net shaharil_at_scan-associates.net munir_at_scan-associates.net URL: http://www.scan-associates.net Summary: b2 cafelog 0.6.1 remote command execu

Geeklog 1.3.7sr1 and below multiple vulnerabilities.

Products: Geeklog 1.3.7sr1 and below (http://www.geeklog.net) Date: 29 May 2003 Author: pokleyzz Contributors: sk_at_scan-associates.net shaharil_at_scan-associates.net munir_at_scan-associates.net URL: http://www.scan-associates.net Summary: Geeklog 1.3.7sr1 and below multiple vulnerabili

PHRACK MAGAZINE Call for Papers (#61)

[-]=[-] P H R A C K : R E L O A D E D : CALL FOR PAPERS * CALL FOR PAPERS * CALL FOR PAPERS * CALL FOR PAPERS -

Multiple Vulnerabilities In P-Synch Password Management

Multiple Vulnerabilities In P-Synch Password Management --- The other night I came across a server running P-Synch. I had never heard of it so i was curious to poke around on it a bit. Within an hour i found the vulns listed below. Im pretty

Another ZEUS Server web admin XSS!

Hi, another XSS, now on the ZEUS web admin interface. The tested software is Zeus 4.2r2 (webadmin-4.2r2) on Linux x86 This is not the same issue as bid 6144 (index.fcgi), now is on "vs_diag.cgi". Exploit is simple: http://:9090/apps/web/vs_diag.cgi?server= I have read this post: (http://www.

Algorimic Complexity Attacks

Hello. This is to announce a new class of attack which we have named 'Algorithmic Complexity Attack'. These attacks can perform denial of service and/or cause the victim to consume more CPU time than expected. We have a website for our research paper and project and tentative source code illustrat

PAFileDB SQL Injection Vulnerability & Ratings Cheat Fix

I recently found out that someone I knew was running this vuln application. After informing them it was vuln they were dissapointed at the fact that they could no longer use the program as the author has not supplied a fix. Anyway, here is a quick fix i threw together to take care of the prob