Trivial root compromise in Gateway GS-400 NAS Servers

Overview: The Gateway GS-400 server is an IDE software raid machine backened by a customized Linux distribution. The system is managed by a web-based management console running under an "admin" user context. Problem: The GS-400 servers are shipped with a vendor default root password of "0001

new bugs in MyWebServer

Hi. Bugs founded in MyWebServer v.1.0.2. You can download it from www.mywebserver.org. 1. Buffer overflow in MWS Search Engine. Remote attacker can crash web-server (and run shell-code) by sending keyword with a large size. Xsploit: http://vuln_host/MWS/HandleSearch.html?searchTarget=[990b_of_an

Cisco Security Advisory: Cisco Content Service Switch 11000 Series Web Management Vulnerability

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Cisco Security Advisory: Cisco Content Service Switch 11000 Series Web Management Vulnerability Revision 2.0 For Public Re-release 2002 August 14 at 1500 UTC For Public Release 2001 May 31 at 1500 UTC

MAC address change on SGI Origin 3000

-BEGIN PGP SIGNED MESSAGE- _ SGI Security Advisory Title: MAC address change on Origin 3000 Number: 20020805-01-I Date: August 14, 2002 _

Acrobat Reader symlink vulnerability on IRIX

-BEGIN PGP SIGNED MESSAGE- _ SGI Security Advisory Title: Acrobat Reader symlink vulnerability Number: 20020806-01-I Date: August 14, 2002

L-Forum Vulnerability - SQL Injection

I have discovered an SQL injection flaw in L-Forum which has a recent record (upload spoofing/XSS by Ulf) of security bugs. The problem this time is search.php. It doesn't properly escape the SQL data passed in by the user in the search member. I have provided a SourceForge patch for this vulne

GLSA: xinetd

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - GENTOO LINUX SECURITY ANNOUNCEMENT - - PACKAGE:xinetd SUMMARY:pipe exposure DATE :

Oracle Listener Control Format String Vulnerabilities (#NISR14082002)

NGSSoftware Insight Security Research Advisory Name: Oracle Listener Control Format Strings Systems Affected: Oracle 9i, 8i on all platforms Severity: Medium Category: Format String Vulnerabilities Vendor URL: http://www.oracle.com/ Authors: David Litchfield ([EMAIL PROTECTED]) Advisory URL:

MDKSA-2002:049 - libpng update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Mandrake Linux Security Update Advisory Package name: libpng Advisory ID:

TSLSA-2002-0067 - glibc

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Trustix Secure Linux Security Advisory #2002-0067 Package name: glibc Summary: Remote exploit Date: 2002-08-13 Affected versions: TSL 1.1, 1.2, 1

MDKSA-2002:050 - glibc update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Mandrake Linux Security Update Advisory Package name: glibc Advisory ID:

L-Forum XSS and upload spoofing

L-Forum XSS and upload spoofing PROGRAM: L-Forum VENDOR: Leszek Krupinski <[EMAIL PROTECTED]> HOMEPAGE: http://l-forum.x-php.net/ VULNERABLE VERSIONS: 2.4.0, possibly others IMMUNE VERSIONS: none, but an official patch is available for some issues SEVERITY: high LOGIN REQUIRED:

IRIX ftpd minor vulnerabilities

-BEGIN PGP SIGNED MESSAGE- _ SGI Security Advisory Title: ftpd minor vulnerabilities Number: 20020305-03-I Date: August 13, 2002 Reference