Dug Song (author of fragroute) was kind enough to send me a better set
of parameters for masking IIS Unicode Traversals. According to him,
these results will be far more meaningful. After a quick test, this
appears to be true. The scenario is the same as yesterday's, but this
time there is a s
From: "MOD" <[EMAIL PROTECTED]>
> PHP-Survey is an online survey creation and management system written in
> PHP. It uses a MySQL database on backend for all data handling.
> Global.inc holds the database information, and settings for the survey's
> interface. Global.inc on default settings is not
PHP-Survey is an online survey creation and management system written in
PHP. It uses a MySQL database on backend for all data handling.
Global.inc holds the database information, and settings for the survey's
interface. Global.inc on default settings is not interpreted by PHP hence
any user can m
In-Reply-To: <000701c1e6d0$cc7350e0$1f00a8c0@KPMGIRMPGRUNDL>
Usually, the preferred solution will be to use a Site-wide
Error Handler.
ColdFusion provides for a "Site-wide Error Handler"
template. This is located at the bottom of the "Settings"
page in the ColdFusion Administrator. Thi
After trying to locate sources or info to substantiate, including
expressing my concerns to the author of the vulnerability and a reprint
from another newsletter I received the following from Microsoft
--
All these articles are miss-construing the problem and how it has been
addressed.
I
IndiaTimes.com - Email - Session hijacking and Inbox Blocking
---
Name : IndiaTimes.com - Email - Session hijacking and Inbox Blocking
WebSite : http://email.indiatimes.com
Date : April 26, 2002
Vuln Type : Cross site scr
The thing is this is the least of their worries... and as you said the
author IS working dilligently to fix the issues at hand. As for the
patch ... knock your self out heres the errant code.
[root@ghetto ecartis-1.0.0]# grep -n pathname"\[" src/core.c
80:char pathname[BIG_BUF];
[root@ghetto e
On Wednesday 24 April 2002 08:56 pm, KF wrote:
> Heres some code for this post a while back ...
> http://online.securityfocus.com/archive/82/258763
> This is NOT the same issue in the my_strings.c there are MULTIPLE issues
> in ecartis still and the same goes for listar...
> This issue is a strcpy
In-Reply-To: <[EMAIL PROTECTED]>
Actually, the subject message WAS accurate insome respects, however, it is NOT true at
this
point. In February, there was a pre-beta version being used on the XMB support forum,
and that
version DID indeed have the javascript security flaw. When several peop
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
CONECTIVA LINUX SECURITY ANNOUNCEMENT
- --
PACKAGE : webalizer
SUMMARY : Buffer overflow
DATE
-
Red Hat, Inc. Red Hat Security Advisory
Synopsis: Updated sudo packages are available
Advisory ID: RHSA-2002:071-07
Issue date:2002-04-22
Updated on:2002-04-25
Product:
- Sandblad advisory #5 -
---..---..---..---..---..---..---..---..---..---..---..---..
Title: Mp3 file can execute code in Winamp.
Date: [2002-04-26]
Software: Nullsoft Winamp 2.79
Rating: High because mp3 files are widely trusted as safe.
Impact: Specia
This is the 2nd revision of the Advisory.
Buffer overflow in OpenSSH's sshd if AFS has been configured on the
system or if KerberosTgtPassing or AFSTokenPassing has been enabled
in the sshd_config file. Ticket and token passing is not enabled
by default.
1. Systems affected:
All Versio
In-Reply-To: <[EMAIL PROTECTED]>
>In the company that I work for, we use -InterScan Version
>3.6-Build_1142, ... No other versions have been tested.
You didn't indicate the platform on which you were running.
I assume it's Windows, as a reply to your post indicates
that 1207 fixes the pro
Dear Menashe Eliezer,
Sorry for asking, but it's unclear from advisory: is it possible to
access reports with either:
1. ActiveX element marked safe for scripting
2. Javascript or VBscript from "Internet" security zone
Examples you give for scripting will only run in local host content, s
15 matches
Mail list logo