Mans == =?ISO-8859-1?Q?M=E5ns Nilsson?= ISO-8859-1 writes:
Many of top level domain (TLD) DNS servers do not implement any
restrictions on AXFR query.
Mans And this is not a problem from an information disclosure
Mans point of view. If you believe you have a security problem
Advisory Information
Name : AN HTTPD
Vendor Homepage: http://www.st.rim.or.jp/~nakata/
Platforms : Windows9x/Me/NT/2000/XP
Vulnerability Type : stack overflow( very easy to exploit )
Vendor Contacted : 17/10/2002
Vendor Replied
On Sun, 20 Oct 2002, ppp-design wrote:
This is an very old issue mentioned by ppp-design arround 05/14/2002.
Seems there has no new version at all, although the author had entered
this issue into bugtraq right after we told him about the bug.
Well, at least I had some new information that you
Think of ECN; should older stacks simply reject a packet with Syn+0x42
because they don't know what 0x42 is?
If I've understood correctly, you were suggesting to drop bad packets.
I agree; only let established traffic through your firewall, and only
let packets with Syn or Syn+Ack set and with
--
ETHEREANET-NCC Security Report EN-NCC-20021014-04
D-Link Access Point DWL-900AP+ TFTP Vulnerability
Date discovered:Fri, 11 Oct 2002
Vendor notified on: Mon, 14 Oct 2002
Date published: Mon, 21 Oct 2002
It throws a permission denied exception on my MSIE 6 SP1 + all patches in
place
MSIE 6.0.2600. is way old
--
jelmer
- Original Message -
From: Liu Die Yu [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Monday, October 21, 2002 4:16 PM
Subject: MSIE:SaveRef cracks
[title]MSIE:SaveRef cracks (VictimWindow).document.write
[digest]
MSIE: you can always call (VictimWindow).document.write regardless its
zone if you have its reference.
(please read [more?] section; i think it's important.)
[tested]MSIEv6(CN version)
{IEXPLORE.EXE file version:
.:: vBulletin XSS Security Bug
+ Solution:
- Forum administrator can add some codes that will check
the referred
URL and filter its inputs or upgrade to vBulletin 3.0.
Incorrect information. vBulletin 3.0 is still in beta and is not
available for download. vBulletin team has
The Brazilian free project LinuxSecurity Brasil
(http://www.linuxsecurity.com.br) announced the second edition of its
online Magazine: the LinuxSecurity Magazine.
It represents the result of several IT Brazilian professionals' effort
to bring FREE knowledged for the community. LinuxSecurity
[INTRO]
Some of you may be familiar with Pafiledb provided by
PHP arena. Well they just released a new version that
fixed a problem with their counting of files. Along
with that they said they fixed a possible security bug
involving using Javascript as a search string. I
checked it on my
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 180-1 [EMAIL PROTECTED]
http://www.debian.org/security/ Martin Schulze
October 21st, 2002
It throws a permission denied exception on my MSIE 6 SP1 + all patches in
place
MSIE 6.0.2600. is way old
--
jelmer
- Original Message -
From: Liu Die Yu [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Monday, October 21, 2002 4:16 PM
Subject: MSIE:SaveRef cracks
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Ulf Harnhammar wrote:
NOCC: XSS
This is an very old issue mentioned by ppp-design arround 05/14/2002.
Seems there has no new version at all, although the author had entered
this issue into bugtraq right after we told him about the bug.
Take a
To: [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED]
[EMAIL PROTECTED]
__
SCO Security Advisory
Subject:UnixWare 7.1.1 Open UNIX 8.0.0 : rcp of /proc causes
Attached to this e-mail is a Java program and a data file which can be used
to manually reproduce the DCE-RPC DOS from SPIKE v2.7.
Compile it first with:
$ javac EtherealReplay.java
Then run it with:
$ java EtherealReplay 192.168.x.x 135 windows_rpc_kill
You may need to wait a few seconds
15 matches
Mail list logo