The following is a Security Bulletin from the Microsoft Product Security
Notification Service.
Please do not reply to this message, as it was sent from an unattended
mailbox.
Microsoft Security Bulletin (MS00-003)
-
MySQL 3.22.30 has been released for all available platforms. To quote the
CHANGELOG, "Fixed critical problem with the WITH GRANT OPTION option."
Someone can clean up this post but I wanted to get it out there so all of us
MySQL and website administrators can get upgraded.
Scott
BindView Security Advisory
Local Promotion Vulnerability in Windows NT 4
Issue Date: January 13, 2000
Contact: Todd Sabin <[EMAIL PROTECTED]>
Topic:
Problem in NtImpersonateClientOfPort system call on NT 4
Overview:
Due to a flaw in the NtImpersonateClientOfPort Windows NT 4 system
ca
Greetings,
Recent Bugtraq posts have exposed security holes with a couple
packages distributed with SCO's Skunkware CD. These packages
are:
majordomo (wrapper, resend)
orion (pis, mkpis)
These issues are security holes in the distributed versions of these
packages, and are not S
In my opinion this is a big deal. Forgot the RDS exploit found by Greg
Gonzalez?
In the past months a great deal of webpages have been defaced. A majority of
theme were hosted on IIS4 servers.
r.f.p. wrote an exploit I think was called msadc.pl. What this exploit did
was letting you into a cmd /c
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Local / Remote D.o.S Attack in Super Mail Transfer Package (SMTP)
Server for WinNT Version 1.9x
USSR Advisory Code: USSR-231
Release Date:
January 13, 2000
Systems Affected:
Nosque Workshop, Super Mail Transfer Package (PORT 25) Server for
Wi
David Komanek wrote:
> I'm just playing with XML around and have noticed strange behavior of MS
> Internet Explorer 5.0 :
>
> - if I let the MS IE display SMALL xml-file, everything seems to be O.K.
>
> - if I let the MS IE display A BIT BIGGER xml-file, everything goes
> wrong [symptoms of a memo
-BEGIN PGP SIGNED MESSAGE-
lcamtuf> a) Sendmail (tested with 8.9.3 and previous) allows you to put
lcamtuf>mail addressed to eg. '|/bin/sh' (or any file) into mail
lcamtuf>queue. Fortunately, this queue file should contain also line
lcamtuf>like 'Croot' to be processed properl
Two things:
1. I am not able to verify this vulnerability under Windows98, running ICQ
99b Beta 3.19 Build 2569. I tried sending excessively long URL's using
the URL message send (I could not find a way of sending a URL during chat,
other than typing it in the window, you might send out the inst
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Date sent: Tue, 11 Jan 2000 17:18:16 -
Send reply to: Bacano <[EMAIL PROTECTED]>
From: Bacano <[EMAIL PROTECTED]>
Subject:NIS2k
Originally to: [EMAIL PROTECTED]
To:
Axent's latest release of its ESM product was redesigned and supposedly
revamped around it's new "Management Console". The new management console
is based on an underlying Access Database. The console is password
protected each time the application is launched. However, when the user
wants to c
Hi!
After 3 days of furious programming, here is the half-finished code of
the ssh gateway: http://www.linux.hu/~mag/openssh.prepared.tar.gz
[No, it isn't even quarter finished, but I am forking to background again,
and have no time/whatever to end it in the foreseeable future (except
if one says
Vanja Hrustic wrote:
>
> This has been mentioned before, but it's probably good to remind
> Microsoft about some outstanding issues.
>
> Request : http://www.microsoft.com/anything.ida
> Response: The IDQ file d:\http\anything.ida could not be found.
>
> Request : http://www.microsoft.com/anything
I have received a lot of emails about a "product" being announced with no
source. Let me make it clear: source IS public and IS available. Perhaps
my announcement wasn't clear but the source archive can be downloaded at
http://www.w00w00.org/files/SRS.tgz and the source tree can be viewed
online
Please note that such wrappers should produce normal HTML pages with
hyperlinks and HTTP-EQUIV "client pull" tags. If the wrapper simply uses a
Location: redirect, many clients will send the URL of the original page,
not the URL of the intermediate wrapper (verified in Netscape 4.7 and MSIE
4.0).
Dan,
Correct me if I'm wrong, but if I understand the problem here correctly,
this bug can be avoided if at least one of the new victim.dom
nameservers are not in the victim.dom domain but rather in a domain with
uncached or unchanged nameservers. This way the caching server would
retain correct
Manfuacturer: CyberCash (http://www.cybercash.com)
Software: Merchant Connection Kit
Version:3.2.0.4
There is a serious security hole in the CyberCash Merchant
Connection Kit version 3 due to inappropriate use of
temporary files. The result is that local users are
Dear Bugtraqers,
Description:
WebSite Pro is also revealing the webdirectory of
each Website by a simple command line.
This bug is similar to the "IIS revealing
webdirectories" bug reported on bugtraq.
On WebSitePro the diference ist the way you
retrieve the path.
Example:
(Made wit
Wired recently ran an article on the fact that someone
recently hijacked a number of domains in the Network
Solutions database using email spoofing.
At first I thought this had to be a joke. After thinking
about it, I realized that its no joke at all, and in
fact quite easy to do.
Step 1: Send a
19 matches
Mail list logo