-BEGIN PGP SIGNED MESSAGE-
CERT Advisory CA-2002-17 Apache Web Server Chunk Handling Vulnerability
Original release date: June 17, 2002
Last revised: --
Source: CERT/CC
A complete revision history can be found at the end of this file.
Systems Affected
* Web servers
Greetings,
Attached is exploit code for the local format string vulnerability in TrACESroute 6.0
GOLD.
- stringz
#!/usr/bin/perl
## ---/ tracesex.pl /---
##
## TrACESroute 6.0 GOLD local format string exploit
## * tested on Red Ha
Summary
MetaCart2.sql is an ASP based shopping Cart
application with SQL database. A security
vulnerability in the product allows attackers to
access the database used for storing user provided
data (Credit cart numbers, Names, Surnames, Addresses,
E-mails, etc).
Details Exploit:
Accessing any
"David Litchfield" <[EMAIL PROTECTED]> writes:
> With more people and organisations doing security research, perhaps it is
> time for a Vulnerability Co-ordinator Center (a VCC) - some trusted third
> party like an off-shoot of CERT. I know this is not a new idea and one which
> has been brought
Morris,
The install instructions tells you to DELETE the install.php. :)
Quoting the Installing instructions (INSTALL.html)
"6. Important post-Install tasks for all installation methods
Once you have succssfully installed phpBB 2.0.0 you MUST ensure you remove
install.php, upgrade.php
Wow. What an interesting set of colourful responses I got after suggesting
the creation of a vulnerability coordination centre. This is obviously
something that people feel very strongly about and the general perception I
get is that such a group would be something to fear like Big Brother.
What
-BEGIN PGP SIGNED MESSAGE-
__
SGI Security Advisory
Title: Apache Web Server Chunk Handling vulnerability
Number: 20020605-01-A
Date: June 18, 2002
Re
As usual this update will be posted to http://www.snosoft.com/research
-KF
#!/usr/bin/perl -w
#
# gds_drop exploit for Interbase 6.0 linux beta
#
# - tested on redhat 7.2
#
# - Developed in the Snosoft Cerebrum test labs
# - (http://www.snosoft.com) - overflow found by KF
#
# coded by stripey
Background:
DeepMetrix (formerly MediaHouse) LiveStats is server
software that provides an interactive web based summary
of website traffic based on HTTP server logs.
Details:
By crafting special user-agent or referer headers on
HTTP requests to a web site that is monitored by
LiveStats
Vulnerability Summary
-
Problem:The 4D 6.7 webserver has a buffer overflow condition.
Threat: An attacker could make the webserver crash and possibly execute
arbitrary code.
Affected Software: 4D Webserver version 6.7.3 verified.
Platform:Windows verifie
-BEGIN PGP SIGNED MESSAGE-
The MAC address learning rate in a Cisco Catalyst 4000 series switch depends
on a variety of factors such as Switch load and traffic patterns. Under
certain circumstances, such as a large layer 2 network deployment where a
many to many traffic pattern is
==> Macromedia ColdFusion MX Cross site scripting vulnerability <==
=> Author: Ory Segal, Sanctum Inc.
=> Release date: 18/06/2002 (vendor was notified at: 03/06/2002)
=> Vendor: Macromedia ( http://www.macromedia.com )
=> Product:
- Macromedia ColdFusion MX (ColdFusion Server version
Hi folks,
I've written another SQL injection whitepaper; it can be found at
http://www.ngssoftware.com/papers/more_advanced_sql_injection.pdf
I'm aware that I'm running the risk of becoming a one-topic poster; if
anyone's bored, I apologise. Other stuff is in the pipeline, I promise. :o)
The pa
Hi,
external policy enforcement is a mechanism to prevent system
compromise due to exploitable vulnerabilities in complicated
applications like the Apache web server.
A separate process enforces what kind of access an application has to
the system. For a simple Apache configuration that might i
Note... The suggested fix for this in the php code below is very
incorrect and will in fact leave install.php even more wide open
than it currently is...
The correct fix to the php code should be to change the line on
or about line 28 which reads...
include($phpbb_root_dir . 'includes/function
On Mon, Jun 17, 2002 at 07:26:33PM +0200, Andreas Beck wrote:
> Allowed domain names should be within [a-zA-z-.]* - right?
Don't forget digits, please.
--
__ /*- Frank DENIS (Jedi/Sector One) <[EMAIL PROTECTED]> -*\ __
\ '/http://www.PureFTPd.Org/";> Secure FTP Server \'
Title
=
Mandrake 8.2 msec security issue
Author
==
Spot
spot @ getlinuxonline.com
Affected
The msec security system in Mandrake 8.2 Download Edition, 8.2 Boxed
Edition, and possibly other Mandrake 8.2 releases
Effect
==
Default security settings leave users'
--== Nerf gr0up: adv #7 ==--
WebBBS remote command execution
Vulnerable:
WebBBS by Darryl Burgdorf
(http://awsd.com/scripts/webbbs/).
All versions are vulnerable.
WebBBS is a Web-based bulletin board. WebBBS stores
messages as simple text files.
Hey all,
Jay Dyson reported earlier that Apache httpd 2.0.39 was available for
download. Version 1.3.26 is now available:
http://httpd.apache.org/dist
See also:
http://www.apache.org/dist/httpd/Announcement.html
On Tue, 18 Jun 2002, Jay D. Dyson wrote:
> >The Apache Software Foundation
To: [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED]
__
Caldera International, Inc. Security Advisory
Subject:UnixWare 7.1.1 Open UNIX 8.0.0 : ppptalk root privilege
vulnerability
Now all we need is for mod_ssl to come out for this version.
Anyone have any timeframe about this?
On Tuesday 18 June 2002 03:26 pm, Dave Ahmad wrote:
> Hey all,
>
> Jay Dyson reported earlier that Apache httpd 2.0.39 was available for
> download. Version 1.3.26 is now available:
>
> http://htt
21 matches
Mail list logo
