Dear "lovehacker",
Tomcat 3.0 is an old version and has several known security holes. That is
why we recommend that people run the latest released version which is
currently 3.1.1 or 3.2.1 (depending on the branch you are interested).
Also, Tomcat 3.2.2b2 is also available on our website which
A little while ago, I was having a conversation with some of my colleagues
about computer viruses. The "Life Stages" virus was mentionned during the
conversation. This virus disguises itself via a file with extension .SHS,
while pretending to be a .TXT file. This was possible because the .SHS
}-Original Message-
}Sent: Tuesday, March 27, 2001 10:40 PM
}Subject: CHINANSL Security Advisory(CSA-200105)
}
}Topic:
}Tomcat 3.0 for win2000 Directory traversal
}Vulnerability
}
This was detailed earlier at:
http://www.securityfocus.com/templates/archive.pike?list=1mid=164891
..
-BEGIN PGP SIGNED MESSAGE-
At 06:34 AM 3/28/01 -0800, Caskey wrote:
My questions:
Is this a legitimate advisory?
Does anyone posess a valid, signed copy of this advisory?
Am I being unreasonable in expecting advisories published by
Microsoft (or any vendor) to be signed?
Meta comment
The reported problem seems to have been fixed in recent versions,
without me talking to BEA. This may indicate that other people have
reported the problem before me (I was unable to find it on
Securityfocus' vulnerability database.) It may also mean that the
problem
From: Microsoft Product Security [EMAIL PROTECTED]
Date: Wed, 28 Mar 2001 07:08:28 -0800
- --
Title: Passwords for Compressed Folders are Recoverable
Date: 28 March 2001
Software: Plus! 98
I've tested this on various Compaq boxes running Netware 5.0 and 5.1, with and without
BorderManager, and found them not to be vulnerable to acting as an anonymous proxy. On
each attempt the Compaq web agent abends without affecting other services.
sigh I guess if I wanted some excitement I'd
-BEGIN PGP SIGNED MESSAGE-
To those involved in Linux security:
The latest release of "Linux-Magazin", a monthly German magazine that focuses
on Linux, contains an article by Mirko Dlle about security problems in the
Linux kernel.
In particular, the article argues that IP packets could
Tried it on AIX 4.3.3 with WebLogic 5.1.0 Service Pack 6 - It works!
Don Elsner
*
CONFIDENTIALITY NOTICE:
This is a transmission from Kohl's Department Stores, Inc.
and may contain information which is confidential and
Russ,
Thanks for bringing this up as some of the
responses in this mailing list have noted, the main
issue here is one of configuration, but youve
highlighted an important area of policy what do you
with apparently internal e-mail received at the internet
gateway.
The problem that
The following is a Security Bulletin from the Microsoft Product Security
Notification Service.
Please do not reply to this message, as it was sent from an unattended
mailbox.
-BEGIN PGP SIGNED MESSAGE-
-
Background:
Back in February, eWeek and Argus Systems held OpenHack III. "Pitbull vs The
Worlds Toughest". With much hype the contest came and went. The result? "17
days, 40,000 Challengers, 5.4 Million Punches and 1 E-Security Champion". As
'the first product to withstand an OpenHack unscathed'
-Original Message-
From: Chad Kalmes [mailto:[EMAIL PROTECTED]]
I've tested this out and the query seems to run fine
and returns the stated information, but only if the
exchange resources via the web don't require
authentication. If they do, you need to know the other
user's
For an excellent overview of Shell Scraps, see:
http://www.pc-help.org/security/scrap.htm
These can be scary little buggers because they have the functionality of
both batch files and executables (see the example in the link above.) It
appears to be an artifact of Win3.1 OLE that never seemed
Mariusz Woloszyn wrote:
On Tue, 27 Mar 2001, Wojciech Purczynski wrote:
Hi,
Here is exploit for ptrace/execve race condition bug in Linux kernels up
to 2.2.18.
Hi!
I've seen a tool that works better than this, useing different aproach to
the same bug explits it on all
I preface this response by first saying that I have great respect for Mr.
Guninski's capabilities in this arena.
That being said, I feel that this bug should be downgraded to Medium. It is
not "high risk" due to too many mitigating factors. First of which, you
have to have active scripting
Considering how frequently most people tend to reuse passwords, this is
a pretty strong statement. Since Microsoft states that the folder
password is "not related in any way to the user's network logon
password" with such confidence, that would seem to imply a mechanism
that prohibits
At 03/28/2001 06:31 PM, Floydman wrote:
A little while ago, I was having a conversation with some of my colleagues
about computer viruses. The "Life Stages" virus was mentionned during the
conversation. This virus disguises itself via a file with extension .SHS,
while pretending to be a .TXT
Please forward this to the list.
Security Hole in Shareplex 2.x
--
Summary
---
Shareplex (Quest Software's product for Oracle database replication)
contains a security hole which can allow local users to read any
19 matches
Mail list logo
