://securityfocus.com/templates/archive.pike?list=82date=1999-09-8[EMAIL PROTECTED]
To: Exploit-Dev
Subject: Cute little Cisco NAT DoS
Date: Fri Sep 10 1999 17:36:23
Author: Blue Boar
I was doing some research the other day about Network Address Translation
(NAT
---
Periodically, the moderator of of the vuln-dev mailing list will post
summaries of issues discussed there to Bugtraq and possibly other relevant
lists. This will usually happen when an issue has been resolved, or it
appears that
t: Re: Possibly exploitable overflow in Alibaba 2.0
Date: Sat Oct 30 1999 07:01:30
Author: Blue Boar
Message-ID: [EMAIL PROTECTED]
http://www.csm-usa.com/product/alibaba/
"Connect With Confidence !!"
http://www.netcraft.com/whats/?host=www.csm-usa.com%3A80
(Says
---
Periodically, the moderator of of the vuln-dev mailing list will post
summaries of issues discussed there to Bugtraq and possibly other relevant
lists. This will usually happen when an issue has been resolved, or it
appears that
---
Periodically, the moderator of of the vuln-dev mailing list will post
summaries of issues discussed there to Bugtraq and possibly other relevant
lists. This will usually happen when an issue has been resolved, or it
appears that
Stephen White wrote:
Erm, isn't it standard practise not to enable SSI for .html for exactly
this sort of reason?
That would be the smart thing to do.
When a webdesigner/sysadmin/whoever uses .shtml
with CGI enabled they need to be aware that they are giving whoever
generates the HTML a
I noticed Caldera released a patch for mail today on Bugtraq.
"This security fix closes Caldera's internal Problem Report 9327."
http://www.securityfocus.com/archive/1/166232
Quite the coincidence.
Here's the vuln-dev thread:
credit, he has $allow_html variable that can strip ... stuff, but
once again, GOBBLES trademarked JavaScript Entity CSS Technique come to the
rescue. Incidentally, The Blue Boar allows html in his guestbook fields, but
as we just said, the presence of this does not determine whether or not we
can
K F (lists) wrote:
We all know black hats are selling these sploits for =$25k so why
should the legit folks settle for anything less? As an example the guys
at MOAB kicked around selling a Quicktime bug to iDefense but in the end
we decided it was not worth it due to low pay...
Low Pay
Simon Smith wrote:
Blue Boar,
Simply put, and with all due respect, you're wrong.
About? I see basically two assertions in my note; 1) that I would sell
to iDefense or TippingPoint. Surely you're not going to tell me what I
would do? And 2) That iDefense isn't doing the same thing
He compromised the server(s) at the ad network we were using at the
time, and simply served up his ad instead of the usual ones.
BB
Ryan Barnett wrote:
I believe that the SecurityFocus defacement by FluffiBunni a few
years back would be an example of the
11 matches
Mail list logo