SPS Advisory #48
RealONE Player Gold / RealJukebox2 Buffer Overflow
UNYUN [EMAIL PROTECTED]
Shadow Penguin Security (http://www.shadowpenguin.org)
--
*Date
July. 12, 2002
*vulnerable
RealONE Player Gold Ver. 6.0.10.505
Several problems in CARE 2002
-
# What is CARE 2002?
CARE 2002 is a free software package for hospitals. It's based on php +
mysql. For further information visit http://www.care2x.com/.
include + NULL problem
# Problem description
There are
On Thu, Jul 11, 2002 at 09:31:27AM -0500, Corey J. Steele wrote:
What about modifying the search order of `lookupd` and telling it to use
/etc/hosts and then using an entry in /etc/hosts to statically identify
swquery.apple.com? Might be a viable work-around?
Then I arp flood your router and
SPS Advisory #47
RealONE Player Gold / RealJukebox2 skin file download vulnerability
UNYUN [EMAIL PROTECTED]
Shadow Penguin Security (http://www.shadowpenguin.org)
--
*Date
July. 12, 2002
*vulnerable
RealONE Player Gold Ver.
Portcullis Security Advisory
IIS Microsoft SMTP Service Encapsulated SMTP Address Vulnerability
Update to Microsoft Security Bulletin (MS99-027):
NT Exchange Server Encapsulated SMTP Address Vulnerability.
Vulnerability discovery and development:
Thomas Liam Romanis
Bernardo Pons [EMAIL PROTECTED] wrote:
bugtraq id 3162: When more than one remote node filtering rule is
applied, the first filtering rule is the only one that takes effect.
Although bugtraq id 3162 reports that ZyXel released a firmware update
2.50(AL.1) to fix this vulnerability for the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
QITEST1 SECURITY ADVISORY #004
Multiple vulnerabilities in atphttpd-0.4b
PROGRAM DESCRIPTION
atphttpd is a caching, tiny - and buggy - webserver written by Yann
Ramin [EMAIL PROTECTED].
DETAILS
There are several remotely
I do not understand how increasing the MTU would
be a security vulnerability.
Well, it isn't a raw security vulnerability
-- however there may be side-effects), but an
availability issue. Availability issues,
whose worst form is DoS, deserve being published
in BugTraq, provided they
Advisory: Working Resources BadBlue Multiple Vulnerabilities
Issue: Three vulnerabilities; a denial of service, an insecurity in password
storage, and a file disclosure vulnerability that could allow viewing of the
password file.
Risk: Critical
SecurityFocus: Working Resources BadBlue Invalid
In-Reply-To: 001901c228f4$c963fe20$[EMAIL PROTECTED]
BadBlue (and all vendors who wrote ISAPI extensions with MFC) should
recompile with Visual Studio 6.0 SP4 or later. There were serious
problems with many ISAPI extensions built with earlier versions of the MFC
libraries.
2
I have been working on a piece of test code for the MFC
buffer overflow reported in BID 5188. The code has now
been completed.
The exploit is simply a DoS exploit that will overwrite heap
data in a vulnerable ISAPI with 0x41 characters ('A').
The overwritten data contains pointers accessed by
11 matches
Mail list logo