Jon Mitchell earlier posted information on HP's Secure Web Console (see his post
attached below), speculating that it uses a secret decoder ring type "encryption"
(encoding) method (and not MD5). That's hard to believe, but if so, the below perl
script will encode (and decode) strings passed
At 08:17 PM 12/1/99 -0800, Kris Kennaway wrote:
On Tue, 30 Nov 1999, David LeBlanc wrote:
Regardless of that, how does the patch stop malicious users from
producing AT jobs that have valid signatures and putting them in place?
The signature is based on a unique certificate that is stored in
In message [EMAIL PROTECTED], Gerardo Richarte writes:
To make this clear: in combination with the buffer overflow in rsaglue.
c this makes possible to get
a remote shell on a machine running sshd AND it also makes possible to use a r
everse exploit to gain access on
clients' machines,
Greetings,
OVERVIEW
Most of UnixWare's pkg commands can be exploited to print /etc/shadow, leading
to a probable root compromise.
BACKGROUND
Only tested on UnixWare 7.1.
DETAILS
The permissions for the UnixWare pkg commands are as follows:
bash-2.02$ ls -la /usr/sbin/pkgchk /usr/bin/pkginfo
Remote DoS Attack in GoodTech Telnet Server NT v2.2.1 Vulnerability
PROBLEM
UssrLabs found a Remote DoS Attack in GoodTech Telnet Server NT v2.2.1,
the buffer overflow is caused by a long user name 23870 characters.
There is not much to expand on just a simple hole
Example:
This exploit does not seem to affect the version of Internet Exploder
bundled with Windows Millennium Beta 2 (build 4.90.2419). That version of
IE is reported as 5.50.3825.1300, and the pertinent information for
MSDXM.OCX is as follows:
Version: 6.4.7.1028
Size: 843,536 bytes
Date: Tue, 7 Dec 1999 04:42:06 +0300 (MSK)
From: Matt Conover [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
cc: [EMAIL PROTECTED]
Subject: [w00giving #8] Solaris 2.7's snoop
Message-ID: [EMAIL PROTECTED]
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: [EMAIL PROTECTED]
Precedence: