-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
KDE Security Advisory: kpf Directory traversal
Original Release Date: 2002-10-08
URL: http://www.kde.org/info/security/advisory-20021008-2.txt
0. References
1. Systems affected:
kpf of any KDE release between KDE 3.0.1 and KDE 3.0.3a.
2.
Issue: Firewalls that support FTP without fully reassembling the FTP
command channel can have their rulesets bypassed. Again.
Also documented as a CERT vulnerability note:
http://www.kb.cert.org/vuls/id/328867
However, the current revision (53) of the vuln note talks about SACK
op
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
KDE Security Advisory: KGhostview Arbitary Code Execution
Original Release Date: 2002-10-08
URL: http://www.kde.org/info/security/advisory-20021008-1.txt
0. References
cve.mitre.org: CAN-2002-0838
BUGTRAQ:20020926 iDEFENSE Security A
Hello Pistone,
thanks a lot for taking your time to test the books module.
I just released a security update for all books module versions
on http://sourceforge.net/projects/pn-mod-books/ to fix the
input NOT validation error.
--
Best regards,
Michaelmailto:michael@;
--
SNS Advisory No.56
TSAC Web package/IIS 5.1 connect.asp Cross-site Scripting Vulnerability
Problem first discovered: Wed, 17 Apr 2002
Published: Fri, 11 Oct 2002
Reference: http://www.lac.co.jp/security/english/snsadv_e/56_e.ht
Outlook Remote Code Execution in Preview Pane (S/MIME)
Article reference:
http://www.securiteam.com/windowsntfocus/6D00B005PU.html
SUMMARY
The S/MIME standard attempts to raise the level of trust of email
messages by enab
Vapid Labs
Larry W. Cashdollar
9/9/02
Summary: OpenOffice 1.0.1 Race condition during installation can overwrite
system files.
Severity: Low
Description: A very simple and easy to exploit race condition exist during the
inst
To: [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED]
[EMAIL PROTECTED]
__
SCO Security Advisory
Subject:OpenServer 5.0.5 OpenServer 5.0.6 : ypxfrd remote file access
vulner
Vulnerable systems:
PHPNuke 6.0 & mabey all
Exploit:
1- go to http://[traget]/modules.php?name=Downloads&d_op=search
2- put in form search this code :
javascript:alert(document.cookie)
3- click "Search"
(without "*")
you can't use it an URL like this
http://[traget]/modules
I tried multiple times.. :(
this is the local exploit. auto search all local addresses.
--
buzheng <[EMAIL PROTECTED]>
ex.c
Description: Binary data
-
Red Hat, Inc. Red Hat Security Advisory
Synopsis: Updated squirrelmail packages close cross-site scripting
vulnerabilities
Advisory ID: RHSA-2002:204-10
Issue date:2002-09-20
Updated o
11 matches
Mail list logo