Re: David Litchfield talks about the SQL Worm in the Washington Post

> Perhaps David can put together a longer message for Bugtraq and > Full-Disclosure on his changing views of publishing proof-of-concept > code for security vulnerabilities. On analysis of the code of the Slammer worm it is apparent that my code was used as its template. It uses the same addresse

Re: Local root vuln in SuSE 8.0 plptools package

Also hi, > > Hi, > > There is a vulnerability in the plptools (Psion tools) package of SuSE 8.0 > (possibly others; this has not been researched). > > Please see attached advisory for more details. > > Regards, > Carl SuSE Security would like to thank Carl Livitt for his early notice to us on tha

Re[2]: Zorum Portal (PHP)

Hello MGHz, >>From: MGhz <[EMAIL PROTECTED]> >>To: [EMAIL PROTECTED] >>Subject: Zorum Portal (PHP) >>Date: 22 Jan 2003 19:45:26 - >> >> >> >>Version : 3.0;3.1;3.2 >>Website : http://zorum.phpoutsourcing.com/ >>Problem : Include file >> >> >>File: >>- >>include.

iDEFENSE Security Advisory 01.28.03: SSH2 Clients Insecurely Store Passwords

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 iDEFENSE Security Advisory 01.28.03: SSH2 Clients Insecurely Store Passwords (AbsoluteTelnet, SecureCRT, Entunnel, SecureFx, and PuTTY) http://www.idefense.com/advisory/01.28.03.txt January 28, 2003 I. BACKGROUND PuTTY is a free implementation of Tel

David Litchfield talks about the SQL Worm in the Washington Post

Hi, The following quote from David Litchfield appeared in a front-page article in today's Washington Post: http://www.washingtonpost.com/wp-dyn/articles/A57550-2003Jan28.html "You have this ideal vision of doing something for the greater good," said David Litchfield, managing direc

Re: dotproject Remote Code Execution Vulnerability : Patch

A non-official patch has been created for this hole and is published on http://www.phpsecure.org/index.php?zone=pPatchA&sAlpha=d&l=us (english version) . From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: dotproject Remote Code Execution Vulnerability Date: Wed, 29 Jan 2003 04:02:24 -080

Re: MSDE contained in...

I'm using at work in my company Websense Reporter for Websense Enterprise and McAfee Policy Orchestrator, which, under some circumstances (usually the default installation) may install MSDE as storage/query engine. It's shipped as third-party/redistribution packs. There may be also other

[OpenPKG-SA-2003.008] OpenPKG Security Advisory (mysql)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 OpenPKG Security AdvisoryThe OpenPKG Project http://www.openpkg.org/security.html http://www.openpkg.org [EMAIL PROTECTED]

dotproject Remote Code Execution Vulnerability

dotproject Remote Code Execution Vulnerability (By Mindwarper) <--- ---> -- Vendor Information: -- Homepage : http://www.dotproject.net Vendor : informed Mailed advisory: 28/01/03 Vender Response : None -- Affected