-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 181-1 [EMAIL PROTECTED]
http://www.debian.org/security/ Martin Schulze
October 22nd, 2002
GreyMagic Security Advisory GM#012-IE
=
By GreyMagic Software, Israel.
22 Oct 2002.
Available in HTML format at http://security.greymagic.com/adv/gm012-ie/.
Topic: Vulnerable cached objects in IE (9 advisories in 1).
Discovery date: 4 Oct 2002, 17 Oct 2002,
Hi folks,
I just verified that a bug I found a while (read: a year) ago was fixed in
Windows 2000 service pack 3. I didn't get a notification from MS about the
fix so apologies for the delay in posting the full details.
The bug is the one referenced at
Description: AOL Instant Messenger version 4.8.2790 will execute
programs when a user clicks on a not-so-specially crafted hypertext
link.
Versions affected: AOL Instant Messenger 4.8.2790. 4.7.2480 is not
vulnerable and neither is 5.0.2938. This bug was confirmed on both
Windows 2000 and Windows
*
* MS WIN RPC DoS CODE FROM SPIKE v2.7
*
* Compile it use:
* cl winnuke.c
*
* Usage:
* winnuke targetip
*
* Code by lion, Welcomde to HUC Website Http://www.cnhonker.com
* 2002/10/22
*
winnuke.c
Description: Binary data
-BEGIN PGP SIGNED MESSAGE-
NetBSD Security Advisory 2002-026
=
Topic: Buffer overflow in kadmind daemon
Version:NetBSD-current: source prior to October 21 2002
NetBSD-1.6: affected
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Mandrake Linux Security Update Advisory
Package name: gv/ggv
Advisory ID:
-BEGIN PGP SIGNED MESSAGE-
- - --
KALIF research group[EMAIL PROTECTED]
October 21st, 2002 Joschka Fischer
- -
The external method flaw also seems to affects my ie6 sp1 browser
--
jelmer
- Original Message -
From: GreyMagic Software [EMAIL PROTECTED]
To: Bugtraq [EMAIL PROTECTED]
Sent: Tuesday, October 22, 2002 5:24 PM
Subject: Vulnerable cached objects in IE (9 advisories in 1)
GreyMagic
Aaron Hopkins [EMAIL PROTECTED] writes:
On Sat, 19 Oct 2002, Florian Weimer wrote:
established in Cisco parlance does not mean SYN unset, but ACK or RST
set. This means that the impact for non-Linux hosts (which do not react
to SYN-RST packets according to Paul's survey) is less severe if
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
++
| EnGarde Secure Linux Security AdvisoryOctober 22, 2002 |
| http://www.engardelinux.org/ ESA-20021022-026
Description: Local users may be able to view passwords for ftp sites.
Versions affected: This was discovered on FlashFXP 1.4 (build 800). It is likely, but
not tested, that any version 1.x is vulnerable. FlashFXP 2.x is not vulnerable.
Vendor Contacted: E-mailed CEDsoft on 8/31/02. They
Informations :
°°
Language : PHP
Tested version : 1.4
Problem : Admin access
PHP Code :
°°
/gb/index.php :
--
?php
include(config.inc.php);
if($action == login) {
if($user == $loginu $pw == $loginpw)
{
setcookie(login,
In response to Juan de la Fuente Costa's bugtraq posting dtd Oct 22, 2002
9:16AM, Sniffing Administrator's Password in Symantec Firewall/VPN
Appliance V. 200R
Message-ID: 005701c279ab$c8bc5730$040110ac@mephisto
Informations :
°°
Language : PHP
Tested version : 1
Problem : bad use of include()
PHP Code :
°°
---Include/variables.php3---
?
$Mac=localhost;
$Uti=root;
$Mot=;
$Bd=phpnews;
$AnneeDeDemarrage=2000;
$MoisDeDemarrage=8;
$NbNouvelles=5;
require($Include/french.inc);
?
There are questions about whether this vulnerability works if you have
large enough amount of free memory. My exploit is tuned for my machine's
amount of free memory (not much), but there are variations that work on
any amount.
For those who are interested, here is my domsrpcfuzz.sh header I used
Whoop! Whoop!
I am pleased to release the Call For Papers Announcement: Black Hat
Briefings: Windows Security
http://www.blackhat.com/html/win-usa-03/win-usa-03-cfp.html
Papers and presentations are now being accepted for The Black Hat
Briefings: Windows Security 2003 event in Seattle,
17 matches
Mail list logo