that calls phpinfo(); AND(!) have expose_php on.
I already said at different places that you cannot blame insecure programming
onto the language. There is absolutely NO reason to have a phpinfo() script
on a production server, because it reveals too much information.
Stefan Esser
e-matters GmbH
www.e-matters.de
-= Security Advisory =-
Advisory: Fetchmail remote vulnerability
Release Date: 2002/12/13
Last Modified: 2002/12/13
Author: Stefan Esser [[EMAIL PROTECTED]]
Application
this on sites like
http://www.xbox-scene.com
Stefan
--
--
Stefan Esser[EMAIL PROTECTED]
e-matters Security http://security.e-matters.de/
GPG-Key
e-matters GmbH
www.e-matters.de
-= Security Advisory =-
Advisory: eMule/lmule/xmule multiple remote vulnerabilities
Release Date: 2003/08/17
Last Modified: 2003/08/17
Author: Stefan Esser [EMAIL PROTECTED
Hi,
this is a little bit off topic, but everytime I send out a
security advisory I have to answer the same questions.
No I am not the Stefan Esser from FreeBSD, and I am not the
guy on the photos you can find on google (iirc, that is the
FreeBSD guy). But yes, I am also the XBOX font hacker
by an additional condition in an If clause.
Stefan Esser
--
--
Stefan Esser[EMAIL PROTECTED]
e-matters Security http://security.e-matters.de/
GPG-Key
back. I payed for a black box with specific features
the font hack was one of the features. If they kill this feature, they kill
my property and have to pay for it.
Yours,
Stefan Esser
--
--
Stefan Esser
that says MS monopoly alert,
does only play what MS wants
(ignoring the fact that the XBOX is advertised as playing audio cds
which is not true with all those CD copy protections in .de)
Stefan Esser
--
--
Stefan Esser
sabotage. I have never allowed MS
to modify my dashboard or to auto update my dashboard.
Is any lawyer on the list who can point me to the right paragraphs?
I do not believe this computer sabotage is legal in any european
country.
Yours,
Stefan Esser
e-matters GmbH
www.e-matters.de
-= Security Advisory =-
Advisory: 12 x Gaim remote overflows
Release Date: 2004/01/26
Last Modified: 2004/01/26
Author: Stefan Esser [EMAIL PROTECTED]
Application: Gaim
.
This problem was reported by: Joseph Martin
Cheers,
Stefan Esser
--
--
Stefan Esser[EMAIL PROTECTED]
e-matters Security http://security.e-matters.de/
GPG-Key
IF they exist.
And maybe for the hundreth time: Never trust filenames supplied
by the user. You always have to tripple check them.
Stefan
--
--
Stefan Esser[EMAIL PROTECTED]
e-matters
--
--
Stefan Esser[EMAIL PROTECTED]
e-matters Security http://security.e-matters.de/
GPG-Keygpg --keyserver pgp.mit.edu --recv-key 0xCF6CAE69
Key fingerprint B418 B290 ACC0 C8E5 8292 8B72
--
--
Stefan Esser[EMAIL PROTECTED]
e-matters Security http://security.e-matters.de/
GPG-Keygpg --keyserver pgp.mit.edu --recv-key 0xCF6CAE69
Key fingerprint B418 B290 ACC0 C8E5 8292 8B72 D6B0
Password:foolish
How would that be different from BasicAuth? And I hope your argument is
not that the password is not transfered in plain text with BasicAuth...
Stefan
--
--
Stefan Esser[EMAIL
no rights...
--
--
Stefan Esser[EMAIL PROTECTED]
e-matters Security http://security.e-matters.de/
GPG-Keygpg --keyserver pgp.mit.edu --recv
no right to change standards. If Netscape had introduced
the feature everyone here would cheer. But the big 800 pounds gorilla
has no rights...
--
--
Stefan Esser[EMAIL PROTECTED]
e
anymore... I doubt, I doubt.
Stefan
--
--
Stefan Esser[EMAIL PROTECTED]
e-matters Security http://security.e-matters.de/
GPG-Keygpg --keyserver
server and
supplying a long username:password combination.
Ohh and unlike your crashes this one is preauth.
Stefan Esser
--
--
Stefan Esser[EMAIL PROTECTED]
e-matters Security
e-matters GmbH
www.e-matters.de
-= Security Advisory =-
Advisory: Trillian remote overflows
Release Date: 2004/02/24
Last Modified: 2004/02/24
Author: Stefan Esser [EMAIL PROTECTED]
Application
it is better)
Stefan Esser
--
--
Stefan Esser[EMAIL PROTECTED]
e-matters Security http://security.e-matters.de/
GPG-Keygpg --keyserver
to Trillian and was written by the
Gaim project is in Trillian.
Thank you
Stefan
--
--
Stefan Esser[EMAIL PROTECTED]
e-matters Security http://security.e
chars or so. So why in hell did you both choose coincidently
64 byte... Just one of many examples.
And using atoi() instead of strtol() is still derived code.
Ohh and btw: your parsers are not efficient and it would be trivial to
write a far more efficient one with the use of memchr()
Stefan Esser
e-matters GmbH
www.e-matters.de
-= Security Advisory =-
Advisory: Multiple (13) Ethereal remote overflows
Release Date: 2004/03/23
Last Modified: 2004/03/23
Author: Stefan Esser [EMAIL PROTECTED
Very funny FAKE advisory. Especially funny because bugtraq let it through
while the real NetBSD local root is held back...
Stefan Esser
--
--
Stefan Esser[EMAIL PROTECTED]
e
e-matters GmbH
www.e-matters.de
-= Security Advisory =-
Advisory: Net(Free)BSD Systrace local root vulnerability
Release Date: 2004/05/11
Last Modified: 2004/05/11
Author: Stefan Esser [EMAIL PROTECTED
.
Otherwise you would find several protocol handlers vulnerable...
f.e. IPv6...
Stefan Esser
--
--
Stefan Esser[EMAIL PROTECTED]
e-matters Security http
Author: Stefan Esser [EMAIL PROTECTED]
Application: phpMyFAQ stable release = 1.3.12
phpMyFAQ developer release = 1.4.0-alpha1
Severity: A vulnerability within phpMyFAQ allows inclusion of
arbitrary local files
Risk: Medium
Vendor Status: Vendor has
-matters GmbH - Securityteam
Key fingerprint = 3FFB 7C86 7BE8 6981 D1DA A71A 6F7D 572D 3004 C4BC
Copyright 2004 Stefan Esser. All rights reserved.
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQFAqWRzb31XLTAExLwRAroGAKDWZEjc+4qs
: Stefan Esser [EMAIL PROTECTED]
Application: libneon = 0.24.5
Severity: A vulnerability within a date parsing function
allows arbitrary code execution
Risk: Medium
Vendor Status: Vendor is releasing a bugfixed version.
Reference: http://security.e-matters.de
: Stefan Esser [EMAIL PROTECTED]
Application: Subversion = 1.0.2
Severity: A vulnerability within Subversion allows remote
compromise of Subversion servers.
Risk: Critical
Vendor Status: Vendor is releasing a bugfixed version.
Reference: http://security.e-matters.de
: Stefan Esser [EMAIL PROTECTED]
Application: CVS feature release = 1.12.8
CVS stable release = 1.11.16
Severity: Vulnerabilities within CVS allow remote compromise of
CVS servers.
Risk: Critical
Vendor Status: Vendor has released bugfixed versions
Author: Stefan Esser [EMAIL PROTECTED]
Application: Chora = 1.2.1
Severity: A vulnerability within Chora allows remote shell command
injection
Risk: Critical
Vendor Status: Vendor has released a bugfixed version.
Reference: http://security.e-matters.de/advisories
Author: Stefan Esser [EMAIL PROTECTED]
Application: PHP = 4.3.7
PHP5 = 5.0.0RC3
Severity: A binary safety problem within PHP's strip_tags()
function may allow injection of arbitrary tags
in Internet Explorer and Safari browsers
Risk
Author: Stefan Esser [EMAIL PROTECTED]
Application: PHP = 4.3.7
PHP5 = 5.0.0RC3
Severity: A vulnerability within PHP allows remote code
execution on PHP servers with activated memory_limit
Risk: Critical
Vendor Status: Vendor has released a bugfixed
, where you pay people for vulnerabilities that were already found
and reported by others.
Stefan Esser
--
--
Stefan Esser[EMAIL PROTECTED]
e-matters Security
Nice try Ron,
while PHP indeed had lots of advisories in the past, your
list is FUD.
Many of the listed vulnerabilities are within non standard
or even EXPERIMENTAL extensions, are theoretical vulnerabilities,
are only exploitable if precondition a,b,c,d,e,f,g is fullfilled
or are only affecting
: 2004/11/15
Author: Stefan Esser [EMAIL PROTECTED]
Application: Samba 3 = 3.0.7
Severity: A buffer overflow inside the QFILEPATHINFO request
handler allows remote code execution
Risk: Critical
Vendor Status: Vendor has released a bugfixed version.
Reference
Author: Stefan Esser [EMAIL PROTECTED]
Application: Linux 2.4 = 2.4.27
Linux 2.6 = 2.6.9
Severity: Several vulnerabilities within smbfs allow
crashing the kernel or leaking kernel memory
with the help of the smb server
Risk
/22
Author: Stefan Esser [EMAIL PROTECTED]
Application: Cyrus IMAP Server = 2.2.8
Severity: Several vulnerabilities within Cyrus IMAP Server
allow remote execution of arbitrary code
Risk: Critical
Vendor Status: Vendor has released a bugfixed version
Author: Stefan Esser [EMAIL PROTECTED]
Application: PHP4 = 4.3.9
PHP5 = 5.0.2
Severity: Several vulnerabilities within PHP allow
local and remote execution of arbitrary code
Risk: Critical
Vendor Status: Vendor has released bugfixed versions
Author: Stefan Esser [EMAIL PROTECTED]
Application: PHP4 = 4.3.9
PHP5 = 5.0.2
Severity: Several vulnerabilities within PHP allow
local and remote execution of arbitrary code
Risk: Critical
Vendor Status: Vendor has released bugfixed versions
that lost one of his toys.
And I will most probably face it again and again until you
die by a heart attack.
Yours,
Stefan Esser
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQFB3zGLSuF5XhWr2ngRAsGzAJ90LsGPkTWvDyItnX
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Outsch! My mail was so fast through that I do not believe anymore
that it is moderated at the moment :)
So sorry to Dave. Stays the question why pipermail is too dumb
to generate correct archives ;)
Stefan
-BEGIN PGP SIGNATURE-
Version:
44 matches
Mail list logo