14+ CGIscript.net scripts - Path Disclosure
-
Name : 14+ CGIscript.net scripts - Path
Disclosure
Date : May 17, 2002
Product : csBanner.cgi
csCreatePro.cgi
CSDownload.cgi
csFAQ.cgi
It's worse than that. I have two systems running Windows 2000 at home that
I've just upgraded to IE5.5SP2 (since Microsoft are dropping support for
IE5.01SP2 at the end of June). Both have been kept to the same patch level,
as I've checked them with both Windows update and hfnetchk.
One of them r
New OpenSSH with security changes.
--
Favourite pickup line: Hey baby, wanna synchronize sequence numbers?
Warning: not always effective
-- Forwarded message --
Date: Fri, 17 May 2002 00:35:34 +0200
From: Markus Friedl <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: OpenS
I'm forwarding this for people who would like to remain
anonymous.
This case illustrates why software product vendors should be
held legally and financially accountable for the security
problems caused by their reckless and sometimes arrogant
disregard of known problems.
Xerox replied with a do
Just to add to my last post, a new machine that was freshly installed with
Windows 2000 and upgraded to IE5.5SP2 will not install this patch.
This is the batch file that I use to upgrade all packages to the latest
version.
@echo off
rem Windows 2000 SP2
w2ksp2srp1 -m -z
q314147_w2k_sp3_x86_en.e
Target:
Phorum 3.3.2a (prior versions?)
Description:
In Phorum 3.3.2a (a bulletin board) there's a security flaw that lets remote users
include external php scripts and execute arbitary code.
Found by:
Markus Arndt<[EMAIL PROTECTED]>
Vendor:
http://www.phorum.org
Notified Vendor:
Yes, already
Dear Chad Loder,
You're right! causes IE
toconnectto111.111.111.111viaNetBT. Depending on
LMCompatibilityLevel it may cause user's cleartext password or NTLMv1
challenge to leak. It's very serious bug.
--Friday, May 17, 2002, 1:38:16 PM, you wrote to [EMAIL PROTECTED
Affected:
Grsecurity(and maybe other linux hardening patchs).
Description:
Grsecurity (and maybe other linux hardening patchs)
integrates a variant of the patch published in phrack p58-0x07
article supposed to forbid writing to /dev/mem and /dev/kmem by
disabling function do_write_mem(
To: [EMAIL PROTECTED] [EMAIL PROTECTED]
[EMAIL PROTECTED]
__
Caldera International, Inc. Security Advisory
Subject:Linux: PHP multipart/form-data vulnerabilities
Advisory number:
This advisory may be reproduced unmodified.
Sonicwall SOHO Content Blocking Script Injection and Logfile DoS
Test Unit :
Sonicwall SOHO3
Firmware version: 6.3.0.0
ROM version: 5.0.1.0
Severity : Medium
Issue :
Sonicwall Allows administrators to block websites based on a user entered
list of d
-Vulnerable versions: all HC versions.
1.Database directory travelsal:
By adding slash dot dot,the user can view the files,folders
located on the sytem and can add DSN out of user root
directory.
http://www.target.com/admin/dsn/dsnmanager.asp?
DSNAction=ChangeRoot&RootName=D:\webspace\
Thor Larholm <[EMAIL PROTECTED]> wrote:
> The above is merely misinformation on their parts. The Restricted Sites Zone
> tries to disable scripting ( a requisite for the dialogArguments
> vulnerability ), but many vulnerabilities allow you to circumvent this
> setting
Even non-vulnerabilities al
At Wednesday 5/15/2002 03:11 PM +0400, you wrote:
> Title: Special device access and DoS in Microsoft Internet
>Exporer/Outlook Express/Outlook
>
> All versions of Windows have a reserved filenames referred to special
> devices such as prn, aux, nul, etc also called DOS devices.
This
In my comments I wrote that the cssText vulnerability appeared to be
patched. After further testing and research I will have to correct myself,
as the issue is not patched at all.
To sum it up:
On February 18, GreyMagic discovered a vulnerability in the cssText property
of imported stylesheets.
14 matches
Mail list logo
