-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
++
| EnGarde Secure Linux Security AdvisoryOctober 29, 2002 |
| http://www.engardelinux.org/ ESA-20021029-027
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
++
| EnGarde Secure Linux Security AdvisoryOctober 29, 2002 |
| http://www.engardelinux.org/ ESA-20021029-028
Or place a:
? $subpath = ''; ?
Right above the place where the actual $subpath is being set.
Mark
-Original Message-
From: Frog Man [mailto:leseulfrog;hotmail.com]
Sent: zondag 27 oktober 2002 P 23:53
To: [EMAIL PROTECTED]
Subject:
BACKGROUND
The Arescom NetDSL-800 router is the current choice for MSNs DSL service
as well as several other large DSL providers. Previous issues regarding a
telnet DoS and an authentication vulnerability have been addressed through
firmware updates. The authentication vulnerability
To: [EMAIL PROTECTED] [EMAIL PROTECTED]
[EMAIL PROTECTED] [EMAIL PROTECTED]
__
SCO Security Advisory
Subject:Linux: pam_ldap format string vulnerability
Advisory number:
To: [EMAIL PROTECTED] [EMAIL PROTECTED]
[EMAIL PROTECTED] [EMAIL PROTECTED]
__
SCO Security Advisory
Subject:Linux: bzip2 file creation and symbolic link vulnerabilities
5.0.7 not vulnerable (tested on registered pro server). tested dele and uidl
both with over 40b of 1.
-Karl Pietri
- Original Message -
From: D4rkGr3y [EMAIL PROTECTED]
To: [EMAIL PROTECTED]; [EMAIL PROTECTED];
[EMAIL PROTECTED]
Sent: Sunday, October 27, 2002 11:49 AM
Subject: MDaemon
Hi all,
Bug founded in MDaemon's pop-server. It's possible to kill MDaemon by
sending long arguments (32b and above) with DELE or UIDL commands.
To do this u must have at least mail-account on vulnerable host.
After geting long request from client, all MDaemon's Services will be
closed
In-Reply-To: [EMAIL PROTECTED]
An update to my update:
If you don't have any ACL's applied, it doesn't crash,
just add this line to the config line and see what
happens!!!
access-list 115 (whatever number) deny tcp any host
1.1.1.1 (ip of fe0) range 200 1
(this totally kills
In-Reply-To: [EMAIL PROTECTED]
Received: (qmail 7861 invoked from network); 28 Oct
2002 22:14:00 -
Received: from outgoing2.securityfocus.com (HELO
outgoing.securityfocus.com) (205.206.231.26)
by mail.securityfocus.com with SMTP; 28 Oct 2002
22:14:00 -
I have managed to
I'm running MDaemon 3.1.2 and this does not have any adverse effect.
Here's my log:
+OK daisydata.com POP3 server ready
[EMAIL PROTECTED]
USER myusername
+OK myusername... Recipient ok
PASS mypassword
+OK [EMAIL PROTECTED]'s mailbox has 0 total messages (0 octets).
UIDL 2147483647
-ERR no such
Hi,
In an article available at
http://www.althes.fr/ressources/avis/smartspoofing.htm, we describe a new
technique for spoofing an IP address using ARP cache poisoning and network
translation. The IP smart spoofing allows to run any application with a
spoofed IP address and thus, bypass many
In-Reply-To: [EMAIL PROTECTED]
I was looking at some firewall logs and investigating this port traffic
when i came upon your comments.
After reading them i discovered a microsoft article that may show one more
piece of the puzzle.
Just thought id let you know the article number.
Microsoft
Hi!
I found a little weakness in SonicWall: I turn on the blocking
mechanism for websites (e.g. www.google.com). Now I can't reach
the website using the domainname. But if I choose the IP address of the
host (e.g. http://216.239.53.101/), I can contact the forbidden
website. The same issue I've
There have been earlier issues with UIDL and DoS conditions in MDaemon 2.8.5.0 (to be
specific).
Check bid 1366, http://online.securityfocus.com/bid/1366/
The website still offers 6.0.7 (vulnerable) version for download,
So apparently no workaround exists except for shutting it down until
the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 183-1 [EMAIL PROTECTED]
http://www.debian.org/security/ Martin Schulze
October 29th, 2002
Hardly news/vulnerability since reverse DNS is rarely reliable, and even
when it works people commonly do things like www1, www2, www3, etc. Even if
Sonic wall did everything, any website without reverse DNS would still be
reachable unless you start blocking IP's.
Names are for convenience, they
Hi people.
As part of documenting processes, I take screen captures and then chop
stuff out that I don't want the world to see. I do this within the Gimp
by setting an alpha channel on the screen capture and then _erasing_ the
parts of the image that I want to obscure. An example is at:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Gregory Steuck security advisory #1, 2002
Overview:
XXE (Xml eXternal Entity) attack is an attack on an application that parses
XML input from untrusted sources using incorrectly configured XML parser.
The application may be coerced to open
19 matches
Mail list logo