IRIX XFS filesystem denial of service attack

-BEGIN PGP SIGNED MESSAGE- _ SGI Security Advisory Title: IRIX XFS filesystem denial of service attack Number: 20020402-01-P Date: April 15, 2002

wbboard 1.1.1 Cross Site Scripting Vulnerability

wbboard 1.1.1 Cross Site Scripting Vulnerability - - Affected program: wbboard 1.1.1 is a phpBB-like PHP forum Vendor : http://www.woltlab.de/ Vulnerability-Class : Cross Site Scripting (CSS) OS specific : No Problem-Type: Joke severity

Several x-dev.de Guestbook and xNewsletter Vulnerabilities ( www.x-dev.de )

- itcp advisory 12 [EMAIL PROTECTED] http://www.it-checkpoint.net/advisory/12.html April 14th, 2002 - Several x-dev.de Guestbook and xNewsletter Vulnerabilities ( www.x-de

Re: local root compromise in openbsd 3.0 and below

At 01:25 PM 4/12/2002, Manuel Bouyer wrote: >NetBSD isn't vulnerable either. What about Solaris? Its /bin/mail does not appear to have the -I option. --Brett Glass

Re: local root compromise in openbsd 3.0 and below

On Fri, Apr 12, 2002 at 09:25:54PM -0600, Brett Glass wrote: > At 01:25 PM 4/12/2002, Manuel Bouyer wrote: > > >NetBSD isn't vulnerable either. > > What about Solaris? Its /bin/mail does not appear to have the -I > option. >From my 2.7 install, it seems that /bin/mail desn't have any shell-esca

Nortel CVX 1800s will dump all local user names and passwords via SNMP

The Nortel CVX 1800 is a modem bank containing up to 2600 modems per box. Many ISP's are using them for their dial-up customers. While querying the CVX-1800 for SNMP codes to use in a modem statistics program I was writing, I discovered the CVX-1800 will spill out all user names and password

Vulnerabilities in the Melange Chat Server

There are a number of vulnerabilities in the Melange chat system. I sent the following email over a month ago to its author, who is not actively maintaining it. I include some fixes for the problems encountered, but caution that I am no longer working on it, and that there are probably others

Re: Ability to read buddy list of AIM users

Actually on my Win2k install (AIM version 4.7.2480), the file is in: C:\Documents and Settings\\Application Data\Aim\ which would not be accessable by anyone but the user or someone with Administrator's rights - Original Message - From: "sunny licious" <[EMAIL PROTECTED]> To: <[EMAIL P

SunSop: cross-site-scripting bug

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ppp-design found the following cross-site-scripting bug in SunShop Shopping Cart: Details - --- Product: SunShop Shopping Cart Version: 2.5 and maybe all versions before OS affected: all OS with php and mysql Vendor-URL: http://www.turnkeywebtoo

Ability to read buddy list of AIM users

Ive been able to do this on publicly accessible computers...such as university labs...You can see the buddy list of other people who have signed on to AIM on that computer. On win2k in the folder named winnt/AIM95/"screenname" there is a file called userinfo.bag which stores all the na

Security Update: [CSSA-2002-SCO.16] UnixWare 7.1.1 : Multiple Vulnerabilities in BIND

To: [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] __ Caldera International, Inc. Security Advisory Subject:UnixWare 7.1.1 : Multiple Vulnerabilities in BIND Advisory number:

More fun with html mail: Outlook Express, Internet Explorer, Other etc

Sunday, April 14, 2002 1. Not Possible Technically it cannot be possible to create an html mail message from a mailto url scheme without user input. However shoe-horning html in through insertion of script tags does make it possible. Default installation of Outlook Express and probably Outloo

Remote buffer overflow in Webalizer

Release : April 15 2002 Author : Spybreak ([EMAIL PROTECTED]) Software : Webalizer Version : 2.01-09, 2.01-06 URL : http://www.mrunix.net/webalizer/ Status : vendor contacted Problems : remote buffer overflow --- INTRO --- The Webalizer is a web server log file analysis program whi