-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 159-1 [EMAIL PROTECTED]
http://www.debian.org/security/ Martin Schulze
August 28th, 2002
OVERVIEW
Microsoft Internet Explorer contains a flaw which allows the origin of a
file shown in the download dialog to be spoofed. A download can be
initiated automatically by a web site or a mail message. If Internet
Explorer thinks the file isn't suitable to be opened directly,
In-Reply-To: [EMAIL PROTECTED]
Could you use this in say a network environtment?
change this around a bit to get files that someone else has access to, but
you dont?
ie: { IF { INCLUDETEXT { IF { DATE } = {
DATE } \\servername\usershare\a.txt c:\\a.txt } \* MERGEFORMAT }
= \*
All of this brings up a couple of questions for me:
1.
As I understand it, all this can be avoided by applying the simple, longtime standard
maxim of trust no input, correct? (If correct, this leads me to murmur rhetorically
Have today's developers no discipline?)
2.
If the above is
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
iDEFENSE Security Advisory 08.28.2002
Linuxconf locally exploitable buffer overflow vulnerability
DESCRIPTION
A vulnerability exists in linuxconf which if the
LINUXCONF_LANG environment variable processes at least 964
bytes of data, a buffer
Hmm. A default run of sharefuzz finds this bug, which I then told
Mandrake about (as they are one of the few distributions that actually
does distribute it +s) back in January or so. Course, they never fixed
it, which goes to show you that sometimes the Open Source method is NOT
the best method.
-Original Message-
From: Rothe, Greg (G.A.) [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, August 27, 2002 10:00 AM
To: 'Paul Starzetz'; Andrey Kolishak; [EMAIL PROTECTED]
Subject: RE: White paper: Exploiting the Win32 API.
All of this brings up a couple of questions for me:
1.
##
Auriemma Luigi, PivX security advisory
Application: SWServer
(http://www.geocities.com/tlhome2000/swserver.html)
Version: 2.2 and previous
Bug: Directory traversal bug
Risk (high): An attacker can
Reference: http://www.securiteam.com/unixfocus/5CP0R1P80G.html
Webmin Vulnerability Leads to Remote Compromise (RPC CGI)
SUMMARY
http://www.webmin.com Webmin is a web-based interface for system
administration for
Hi All,
I just posted a short white paper on Microsoft SQL Server and SQL
Injection titled Manipulating Microsoft SQL Server Using SQL Injection
at:
http://www.appsecinc.com/news/briefing.html#inject14
The paper was written and researched by Cesar Cerrudo
([EMAIL PROTECTED]).
All comments
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
@stake, Inc.
www.atstake.com
Security Advisory
Advisory Name: Microsoft Terminal Server Client Buffer Overrun
Release Date: 08/28/2002
Application: Microsoft
Hi.
This is a straight forward answer to what Mr. Jaroslav Snajdr of
Kerio.com mail server dev is claiming that kerio mail server is not
vulnerable. To clear things up and let the people judge.
by the way Mr. Snajdr im recieving emails that they confirmed
that the vulnerability in ur
Here is a patch to samba-2.2.5, after patch and compile, you can use
smbclient to test the windows machine.
$ smbclient -L \\IP_ADDR
-huagang
--- source/libsmb/clirap.c.old Tue Aug 27 21:35:58 2002
+++ source/libsmb/clirap.c Tue Aug 27 21:31:28 2002
-237,8 +237,10
13 matches
Mail list logo