Hello,
I've found a bug in the Interbase gds_lock_mgr binary which is shipped
with all versions of the Sun Cobalt RAQ (XTR/4/550 etc.) and is suid by
default.
Borland did not respond to my emails. The exploit is attached.
Note: other bug than disclosed by snosoft some weeks ago.
Sincerely yours
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Well, Gossi,
I agree with your standpoint. Some "project leaders"
easily turn into "project defenders" when one takes
a closer look at their project. .o)
So the advice for any server with "Invision Board" installed
is to disable phpinfo() in the p
looks like you can now just update just the ActiveX control (as long as you
have quicktime 3 or newer) instead of upgrading to quicktime 6.
marc
=
Date: Wed, 25 Sep 2002 09:59:46 -0700
Subject: QuickTime for Windows ActiveX security advisory
From: Ron Dumont <[EMAIL PROTECTED]>
To: [EMAIL PR
Hello,
All PHP-Nuke versions, including the just released 6.0, are vulnerable to a
very simple SQL injection that may lead to a basic DoS attack.
For instance, if you create a short script, to send a few requests, (I have
tested with just 6) similar to this:
http://www.nukesite.com/mo
As I was severely bitten by this issue lately, this caught my
interest, but the "bug" reported in this so-called advisory is in fact not
a bug at all. Observe:
>int wmprintf(const char *format, ...)/* <--- INTERESTING FUNCTION */
>{
> char buffer[1024];
> va_list ap;
>
>
--
| IMG Attack in the news : 6 CMS vulnerables |
--
PROGRAM: XOOPS, PHP-NUKE, NPDS, daCode, Drupal, phpWebSite
VULNERABLE VERSIONS: I believe that all versions are vulnerables
IMMUNE VERSIONS: no immune cur
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- -
GENTOO LINUX SECURITY ANNOUNCEMENT
- -
PACKAGE:tomcat
SUMMARY:source exposure
DATE
Akita Security Advisory 27/09/2002
OpenVMS UCX$POP_SERVER.EXE vulnerability
Advisory:
http://www.akita-security.co.uk/VMS/ucx_pop_server.txt
VMS security tool
http://www.akita-security.co.uk/stoat
Overview
UCX is the main TCP/IP stack for OpenVMS. Akita Security have
discovered a vu
[ Illegal Instruction Labs Advisory ]
[-]
Advisory name: Vulnerabilities in acWEB HTTP server
Advisory number: 13
Application: acWEB HTTP server
Author e-mail: [EMAIL PROTECTED]
Homepage: somewher
Well, the developers have responded;
http://forums.invisionboard.com/index.php?act=ST&f=30&t=23569
>From Matt, "IBF Project Leader"
- snip -
"Whilst disclosing phpinfo.php to the world does expose installed modules,
paths and such - it's hardly
[ Illegal Instruction Labs Advisory ]
[-]
Advisory name: Format String bug in Null Webmail (0.6.3)
Advisory number: 7
Application: Null Webmail 0.6.3
Author: Dan Cahill
E-mail: [EMAIL PROTECTED]
Hom
Shana Informed v3.05 stores random data in clear text
http://www.cirt.net/advisories/shana.shtml
Product Description:
Shana Corporation provides eForm solutions and is the developer of Informed.
Their solution is used by more than two million people around the world.
Shana's Informed has been
No your best bet is to comment out the following line (and no it won't
be all on one line) from your web.xml file then schedule to upgrade to
Tomcat 4.1.12 Stable or Tomcat 4.0.5.
invoker
/servlet/*
The Jakarta Team has already posted a response to this bug, it can be
viewed here: http://jak
-
Red Hat, Inc. Red Hat Security Advisory
Synopsis: Updated Zope packages are available
Advisory ID: RHSA-2002:060-17
Issue date:2002-04-11
Updated on:2002-09-24
Product:
[ Illegal Instruction Labs Advisory ]
[-]
Advisory name: Reverse traversal vulnerability in Monkey (0.1.4) HTTP
server
Advisory number: 12
Application: Monkey (0.1.4) HTTP server
Application auth
15 matches
Mail list logo
