[SPSadvisory#48]RealONE Player Gold / RealJukebox2 Buffer Overflow

SPS Advisory #48 RealONE Player Gold / RealJukebox2 Buffer Overflow UNYUN [EMAIL PROTECTED] Shadow Penguin Security (http://www.shadowpenguin.org) -- *Date July. 12, 2002 *vulnerable RealONE Player Gold Ver. 6.0.10.505

Several problems in CARE 2002

Several problems in CARE 2002 - # What is CARE 2002? CARE 2002 is a free software package for hospitals. It's based on php + mysql. For further information visit http://www.care2x.com/. include + NULL problem # Problem description There are

Re: MacOS X SoftwareUpdate Vulnerability

On Thu, Jul 11, 2002 at 09:31:27AM -0500, Corey J. Steele wrote: What about modifying the search order of `lookupd` and telling it to use /etc/hosts and then using an entry in /etc/hosts to statically identify swquery.apple.com? Might be a viable work-around? Then I arp flood your router and

[SPSadvisory#47]RealONE Player Gold / RealJukebox2 skin file download vulnerability

SPS Advisory #47 RealONE Player Gold / RealJukebox2 skin file download vulnerability UNYUN [EMAIL PROTECTED] Shadow Penguin Security (http://www.shadowpenguin.org) -- *Date July. 12, 2002 *vulnerable RealONE Player Gold Ver.

Portcullis Security Advisory - IIS Microsoft SMTP Service Encapsulated SMTP Address Vulnerability

Portcullis Security Advisory IIS Microsoft SMTP Service Encapsulated SMTP Address Vulnerability Update to Microsoft Security Bulletin (MS99-027): NT Exchange Server Encapsulated SMTP Address Vulnerability. Vulnerability discovery and development: Thomas Liam Romanis

Re: ZyXEL Prestige Router Remote Node Filtering Vulnerability still present

Bernardo Pons [EMAIL PROTECTED] wrote: bugtraq id 3162: When more than one remote node filtering rule is applied, the first filtering rule is the only one that takes effect. Although bugtraq id 3162 reports that ZyXel released a firmware update 2.50(AL.1) to fix this vulnerability for the

Multiple vulnerabilities in atphttpd-0.4b

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 QITEST1 SECURITY ADVISORY #004 Multiple vulnerabilities in atphttpd-0.4b PROGRAM DESCRIPTION atphttpd is a caching, tiny - and buggy - webserver written by Yann Ramin [EMAIL PROTECTED]. DETAILS There are several remotely

Re: Cisco VPN3000 MTU overflow (fragmentation issue)

I do not understand how increasing the MTU would be a security vulnerability. Well, it isn't a raw security vulnerability -- however there may be side-effects), but an availability issue. Availability issues, whose worst form is DoS, deserve being published in BugTraq, provided they

Three BadBlue Vulnerabilities

Advisory: Working Resources BadBlue Multiple Vulnerabilities Issue: Three vulnerabilities; a denial of service, an insecurity in password storage, and a file disclosure vulnerability that could allow viewing of the password file. Risk: Critical SecurityFocus: Working Resources BadBlue Invalid

Re: MFC ISAPI Framework Buffer Overflow

In-Reply-To: 001901c228f4$c963fe20$[EMAIL PROTECTED] BadBlue (and all vendors who wrote ISAPI extensions with MFC) should recompile with Visual Studio 6.0 SP4 or later. There were serious problems with many ISAPI extensions built with earlier versions of the MFC libraries. 2

MFC Overflow Test Code

I have been working on a piece of test code for the MFC buffer overflow reported in BID 5188. The code has now been completed. The exploit is simply a DoS exploit that will overwrite heap data in a vulnerable ISAPI with 0x41 characters ('A'). The overwritten data contains pointers accessed by