[ESA-20021029-027] mod_ssl cross-site scripting vulnerability.

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ++ | EnGarde Secure Linux Security AdvisoryOctober 29, 2002 | | http://www.engardelinux.org/ ESA-20021029-027

[ESA-20021029-028] syslog-ng: buffer overflow in macro handling code(UPDATED)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ++ | EnGarde Secure Linux Security AdvisoryOctober 29, 2002 | | http://www.engardelinux.org/ ESA-20021029-028

RE: dobermann FORUM (php)

Or place a: ? $subpath = ''; ? Right above the place where the actual $subpath is being set. Mark -Original Message- From: Frog Man [mailto:leseulfrog;hotmail.com] Sent: zondag 27 oktober 2002 P 23:53 To: [EMAIL PROTECTED] Subject:

Further problems with Arescom NetDSL-800 MSN Firmware version 5.4.x and up

BACKGROUND The Arescom NetDSL-800 router is the current choice for MSN’s DSL service as well as several other large DSL providers. Previous issues regarding a telnet DoS and an authentication vulnerability have been addressed through firmware updates. The authentication vulnerability

Security Update: [CSSA-2002-041.0] Linux: pam_ldap format string vulnerability

To: [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] __ SCO Security Advisory Subject:Linux: pam_ldap format string vulnerability Advisory number:

Security Update: [CSSA-2002-039.0] Linux: bzip2 file creation and symbolic link vulnerabilities

To: [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] __ SCO Security Advisory Subject:Linux: bzip2 file creation and symbolic link vulnerabilities

Re: MDaemon SMTP/POP/IMAP server DoS

5.0.7 not vulnerable (tested on registered pro server). tested dele and uidl both with over 40b of 1. -Karl Pietri - Original Message - From: D4rkGr3y [EMAIL PROTECTED] To: [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Sunday, October 27, 2002 11:49 AM Subject: MDaemon

RE: MDaemon SMTP/POP/IMAP server DoS

Hi all, Bug founded in MDaemon's pop-server. It's possible to kill MDaemon by sending long arguments (32b and above) with DELE or UIDL commands. To do this u must have at least mail-account on vulnerable host. After geting long request from client, all MDaemon's Services will be closed

Re: CISCO as5350 crashes with nmap connect scan

In-Reply-To: [EMAIL PROTECTED] An update to my update: If you don't have any ACL's applied, it doesn't crash, just add this line to the config line and see what happens!!! access-list 115 (whatever number) deny tcp any host 1.1.1.1 (ip of fe0) range 200 1 (this totally kills

Re: CISCO as5350 crashes with nmap connect scan

In-Reply-To: [EMAIL PROTECTED] Received: (qmail 7861 invoked from network); 28 Oct 2002 22:14:00 - Received: from outgoing2.securityfocus.com (HELO outgoing.securityfocus.com) (205.206.231.26) by mail.securityfocus.com with SMTP; 28 Oct 2002 22:14:00 - I have managed to

RE: MDaemon SMTP/POP/IMAP server DoS

I'm running MDaemon 3.1.2 and this does not have any adverse effect. Here's my log: +OK daisydata.com POP3 server ready [EMAIL PROTECTED] USER myusername +OK myusername... Recipient ok PASS mypassword +OK [EMAIL PROTECTED]'s mailbox has 0 total messages (0 octets). UIDL 2147483647 -ERR no such

IP SmartSpoofing : How to bypass all IP filters relying on source IP address

Hi, In an article available at http://www.althes.fr/ressources/avis/smartspoofing.htm, we describe a new technique for spoofing an IP address using ARP cache poisoning and network translation. The IP smart spoofing allows to run any application with a spoofed IP address and thus, bypass many

Re: SUMMARY: Disabling Port 445 (SMB) Entirely

In-Reply-To: [EMAIL PROTECTED] I was looking at some firewall logs and investigating this port traffic when i came upon your comments. After reading them i discovered a microsoft article that may show one more piece of the puzzle. Just thought id let you know the article number. Microsoft

Bypassing website filter in SonicWall

Hi! I found a little weakness in SonicWall: I turn on the blocking mechanism for websites (e.g. www.google.com). Now I can't reach the website using the domainname. But if I choose the IP address of the host (e.g. http://216.239.53.101/), I can contact the forbidden website. The same issue I've

Re: MDaemon SMTP/POP/IMAP server DoS

There have been earlier issues with UIDL and DoS conditions in MDaemon 2.8.5.0 (to be specific). Check bid 1366, http://online.securityfocus.com/bid/1366/ The website still offers 6.0.7 (vulnerable) version for download, So apparently no workaround exists except for shutting it down until the

[SECURITY] [DSA 183-1] New krb5 packages fix buffer overflow

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA 183-1 [EMAIL PROTECTED] http://www.debian.org/security/ Martin Schulze October 29th, 2002

Re: Bypassing website filter in SonicWall

Hardly news/vulnerability since reverse DNS is rarely reliable, and even when it works people commonly do things like www1, www2, www3, etc. Even if Sonic wall did everything, any website without reverse DNS would still be reachable unless you start blocking IP's. Names are for convenience, they

Gimp: Erased sections of images print in some cases

Hi people. As part of documenting processes, I take screen captures and then chop stuff out that I don't want the world to see. I do this within the Gimp by setting an alpha channel on the screen capture and then _erasing_ the parts of the image that I want to obscure. An example is at:

XXE (Xml eXternal Entity) attack

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Gregory Steuck security advisory #1, 2002 Overview: XXE (Xml eXternal Entity) attack is an attack on an application that parses XML input from untrusted sources using incorrectly configured XML parser. The application may be coerced to open