KDE Security Advisory: kpf Directory traversal

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 KDE Security Advisory: kpf Directory traversal Original Release Date: 2002-10-08 URL: http://www.kde.org/info/security/advisory-20021008-2.txt 0. References 1. Systems affected: kpf of any KDE release between KDE 3.0.1 and KDE 3.0.3a. 2.

Multiple firewalls ruleset bypass through FTP. Again. (CERT VU#328867)

Issue: Firewalls that support FTP without fully reassembling the FTP command channel can have their rulesets bypassed. Again. Also documented as a CERT vulnerability note: http://www.kb.cert.org/vuls/id/328867 However, the current revision (53) of the vuln note talks about SACK op

KDE Security Advisory: KGhostview Arbitary Code Execution

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 KDE Security Advisory: KGhostview Arbitary Code Execution Original Release Date: 2002-10-08 URL: http://www.kde.org/info/security/advisory-20021008-1.txt 0. References cve.mitre.org: CAN-2002-0838 BUGTRAQ:20020926 iDEFENSE Security A

Re: The Books Module for the PostNuke CMS XSS Vulnerability

Hello Pistone, thanks a lot for taking your time to test the books module. I just released a security update for all books module versions on http://sourceforge.net/projects/pn-mod-books/ to fix the input NOT validation error. -- Best regards, Michaelmailto:michael@;

[SNS Advisory No.56] TSAC Web package/IIS 5.1 connect.asp Cross-site Scripting Vulnerability

-- SNS Advisory No.56 TSAC Web package/IIS 5.1 connect.asp Cross-site Scripting Vulnerability Problem first discovered: Wed, 17 Apr 2002 Published: Fri, 11 Oct 2002 Reference: http://www.lac.co.jp/security/english/snsadv_e/56_e.ht

Outlook Express Remote Code Execution in Preview Pane (S/MIME)

Outlook Remote Code Execution in Preview Pane (S/MIME) Article reference: http://www.securiteam.com/windowsntfocus/6D00B005PU.html SUMMARY The S/MIME standard attempts to raise the level of trust of email messages by enab

OpenOffice 1.0.1 Race condition during installation.

Vapid Labs Larry W. Cashdollar 9/9/02 Summary: OpenOffice 1.0.1 Race condition during installation can overwrite system files. Severity: Low Description: A very simple and easy to exploit race condition exist during the inst

Security Update: [CSSA-2002-SCO.40] OpenServer 5.0.5 OpenServer 5.0.6 : ypxfrd remote file access vulnerability

To: [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] __ SCO Security Advisory Subject:OpenServer 5.0.5 OpenServer 5.0.6 : ypxfrd remote file access vulner

XSS bug in PHPNuke 6.0

Vulnerable systems: PHPNuke 6.0 & mabey all Exploit: 1- go to http://[traget]/modules.php?name=Downloads&d_op=search 2- put in form search this code : javascript:alert(document.cookie) 3- click "Search" (without "*") you can't use it an URL like this http://[traget]/modules

prover of concept code of windows help overflow

I tried multiple times.. :( this is the local exploit. auto search all local addresses. -- buzheng <[EMAIL PROTECTED]> ex.c Description: Binary data

[RHSA-2002:204-10] Updated squirrelmail packages close cross-site scripting vulnerabilities

- Red Hat, Inc. Red Hat Security Advisory Synopsis: Updated squirrelmail packages close cross-site scripting vulnerabilities Advisory ID: RHSA-2002:204-10 Issue date:2002-09-20 Updated o