-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- -
GENTOO LINUX SECURITY ANNOUNCEMENT
- -
PACKAGE:postgresql
SUMMARY:buffer overruns
DATE
NGSSoftware Insight Security Research Advisory
Name:Microsoft Internet Explorer BufferOverrun
Systems Affected: All versions IE
Severity: Critical
Category: Indirect Remote Buffer Overrun
Vendor URL: http://www.mircosoft.com
Author: Mark Litchfield ([EMAIL PROTECTED])
Date: 26th
phpReactor has recently been updated to eliminate several known cross-site
scripting vulnerabilities. Among these changes was to reduce the tags
allowed in posts, profiles, etc. down to B, I, and FONT. However, using the
STYLE attribute, one can still defeat this:
b
OmniHTTPd's Test.shtml sample is also vulnerable to a similar issue:
http://localhost/test.shtml?%3CSCRIPT%3Ealert(document.URL)%3C%2FSCRIPT%3E=x
Will pop up an alert containing the above URL. Of course, this has other
uses (cookie theft, faking sources, etc.)
Just picked one of these AP's up the other day and during a quick fiddle
noticed a remote DoS.
It is possible to disable the Belkin F5D6130 802.11b AP by issuing a small
number of SNMP GetNextRequest requests to the AP.
The attack results in the AP dropping all wireless connections and ceasing
I've discovered another vulnerability in one of the OmniHTTPd sample apps.
This time, the culprit is /cgi-bin/redir.exe. This app is vulnerable to a
newline injection issue. The vulnerability occurs because the URL query
parameter (case sensitive) is decoded and placed directly into the
NSSI-Research Labs Security Advisory
http://www.nssolution.com (Philippines/.ph)
Maximum e-security
http://nssilabs.nssolution.com
Kerio Personal Firewall 2.x.x Denial of Service Vulnerability
Author: Abraham Lincoln Hao / SunNinja
e-Mail: [EMAIL PROTECTED] / [EMAIL PROTECTED]
Advisory
In-Reply-To: 000601c24b06$379e3f80$[EMAIL PROTECTED]
The previously reported AOL Instant Messenger heap overflow is restricted
to the goim handler. The unchecked escaping is performed on the
screenname query string parameter. The vulnerability is exploited
when the user clicks Get
In-Reply-To: 015601c244d2$fa6f8a30$2500a8c0@HEPHAESTUS
IMHO - This is more a human error driven feature than a high risk
vulnerability.
Whilst what David says is true - the assumption has been made that a login
has access to the msdb database by default - this assumption is
incorrect.
I don't know if this is related, but I know WinRoute 2.x had hard coded built in
connection throttling, even doing an nmap SYN scan from INSIDE the firewall would DoS
yourself. I don't know how much of the codebase is shared between the two products,
but I'd expect they mostly are the same.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 147-2 [EMAIL PROTECTED]
http://www.debian.org/security/ Martin Schulze
August 26th, 2002
In-Reply-To: 015601c244d2$fa6f8a30$2500a8c0@HEPHAESTUS
IMHO - This is more a human error driven feature than a high risk
vulnerability.
Whilst what David says is true - the assumption has been made that a login
has access to the msdb database by default - this assumption is
incorrect.
I have stumbled onto a couple potential security issue in Microsoft Word. In both
cases the adversary (mis)uses fields to perpetrate the attack. It's important to note
that fields are not macros and, as far as I know, cannot be disabled by the user. I
am providing a basic description
13 matches
Mail list logo