Re: RCA cable modem Deny of Service

Problem: --- [...] If you connect to the second device (10.x.x.x) on port 80, RCA cable modem reset the user connection with inet. I proved it with my own wan ip 10.1.1 .x and with other cablemodem users IP's in the same wan. All of them reset when I remotly connect

Citrix Nfuse directory traversal with boilerplate.asp

This vulnerability is based on being an authenticated user (as opposed to a prior bug someone put out for an unauthenticated users). Disclaimer: My ability to find a resource at Citrix via their web site was not successful, thus the post here. They have been notified thanks to some contacts

Re: 1024-bit RSA keys in danger of compromise

Lucky Green [EMAIL PROTECTED] writes: In light of the above, I reluctantly revoked all my personal 1024-bit PGP keys and the large web-of-trust that these keys have acquired over time. And this is certainly the wrong thing to do. Key revocations are not the proper way to deal with

OpenSSH channel_lookup() off by one exploit

OpenSSH 2.9* Proof of Concept exploit.. note to moderator: read LICENCE agreement. osshchan.tgz Description: application/compressed

vuln in wwwisis: remote command execution and get files

Name : wwwisis remote command execution and get files Software Package : wwwisis possibly affected : JavaISIS and other tools based on wwwisis Vendor Homepage: http://www.bireme.br/isis/I/wwwi.htm Vulnerable Versions: 3.45 verified, probably others Platforms : Linux

JS embedding @ yahoo.com

Any user can embed JavaScript into there yahoo profiles. When the user selects to change his picture then selects point to a photo on the Web. They can then embed javascript on the end of the url. An example of this can be viewed here http://uk.profiles.yahoo.com/embeddedjs This has

A possible buffer overflow in libnewt

Hi! When I am debugging my little program which used libnewt,I found a possible buffer overflow in libnewt. libnewt is widely used by configuration program in redhat.Because there is no suid program use libnewt in my redhat 6.2 environment,it seems this bug can't be used to gain

Authentication with RSA SecurID and Outlook web access

I've found a strange authentication problem using SecurId and Outlook Web Access (OWA) on windows 2k in a client company. this is the normal procedure for reading the OWA mailbox: - SecurId Authentication, RSA token, username, pin - Logon page for OWA - OWA Authentication using username/password

[SECURITY] [DSA 125-1] New analog packages fix cross-site scripting vulnerability

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA 125-1 [EMAIL PROTECTED] http://www.debian.org/security/ Martin Schulze March 28th, 2002 -

Oracle9i TSN DoS Attack

name: Oracle date: 28/3/2002 description : Oracle9i TSN DoS Attack severity: High risk homepage: www.oracle.com versions: 9.0.1.1 (another version may be too) Bug description : For crash Oracle9i you need sent ONE TCP packet (#$00 =