iDEFENSE Security Advisory 10.31.02b: Prometheus Application Framework Code Injection

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 iDEFENSE Security Advisory 10.31.02b: http://www.idefense.com/advisory/10.31.02b.txt Prometheus Application Framework Code Injection October 31, 2002 I. BACKGROUND Jason Orcutt's Prometheus is a web application framework written in PHP. It is

iDEFENSE Security Advisory 10.31.02a: Denial of Service Vulnerability in Linksys BEFSR41 EtherFast Cable/DSL Router

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 iDEFENSE Security Advisory 10.31.02a: http://www.idefense.com/advisory/10.31.02a.txt Denial of Service Vulnerability in Linksys BEFSR41 EtherFast Cable/DSL Router October 31, 2002 I. BACKGROUND Linksys Group Inc.’s EtherFast Cable/DSL Router with

iDEFENSE Security Advisory 10.31.02c: PHP-Nuke SQL Injection Vulnerability

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 iDEFENSE Security Advisory 10.31.02c: http://www.idefense.com/advisory/10.31.02c.txt PHP-Nuke SQL Injection Vulnerability October 31, 2002 I. BACKGROUND PHP-Nuke is a news automated system specially designed to be used in Intranets and Internet.

[SECURITY] [DSA 186-1] New log2mail packages fix several vulnerabilities

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA 186-1 [EMAIL PROTECTED] http://www.debian.org/security/ Martin Schulze November 1st, 2002

M$ VPN hole reported

http://zdnet.com.com/2100-1105-964057.html

Re: IP SmartSpoofing : How to bypass all IP filters relying on source IPaddress

The only new is that the attacker relays the packets from the trusted client. This is not needed for the spoof. The solution in the defcon 8 presentation is far more easier. You do not need to arpspoof and NAT. * Spoof trusted client on the same LAN: Just take the MAC and IP of the trusted

Re: Motorola Cable Modem DOS

This is known to be effective on Software Version: SB4200-0.4.4.0-SCM06-NOSH. (possibly others?) I am unable to replicate it against SB4220-0.6.3.0-SCM-01-NOSH Perhaps you could try and get ATT to upgrade your CM and see if it still applies. This might be something Motorola has already fixed

Re: Gimp: Erased sections of images print in some cases

Ok, some examples of how this could be used to have a bit of fun are at: http://c-mills.ctru.auckland.ac.nz/Transparent/ Again I say that it's not a big deal but does demonstrate some of the kind of things people could get up to where the print versus screen displays differ. I reiterate

RE: Motorola Cable Modem DOS

This is known to be effective on Software Version: SB4200-0.4.4.0-SCM06-NOSH. (possibly others?) I am unable to replicate it against SB4220-0.6.3.0-SCM-01-NOSH Perhaps you could try and get ATT to upgrade your CM and see if it still applies. This might be something Motorola has already fixed

Weak Password Encryption Scheme in Integrated Dialer

[Note to Moderator: This vulnerability would probably affect only the 500,000 or so Indian subscribers of the Indian ISP - VSNL. But there being no India-specific forum to post bugs we are posting it here.] Name: Integrated Dialer Software for VSNL

Mindwall Project

-BEGIN PGP SIGNED MESSAGE- Hash: MD5 Mindwall is an advanced network security system. It is a combined software that provides you with information, alerts and controls to protect your system from external attacks and intrusions, and internal abuses. Mindwall major features are: - -

Bug in EventSave

Heysoft Security Bulletin Title: Bug in EventSave and EventSave+ Date: 01 November 2002 Software: EventSave prior to version 5.3 EventSave+ prior to version 5.3 Vendor: Frank

Netscreen SSH1 CRC32 Compensation Denial of service

Discovered by: HD Moore Products Tested: Netscreen-25 (All models expected to be vulnerable) Vendor contacted: October 23rd Vendor confirmed: October 23rd CVE: CVE-2001-0144 covered this bug. Original Bug discovered by: Michal Zalewski of the BindView RAZOR Team. In February of 2001, BindView's

RE: Netscreen SSH1 CRC32 Compensation Denial of service

I was able to duplicate this on 4 different Netscreen-100's with Software Version 3.0.1r2.0 John -Original Message- From: Erik Parker [mailto:erik.parker;digitaldefense.net] Sent: Friday, November 01, 2002 1:31 PM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Netscreen SSH1 CRC32

iDEFENSE Security Advisory 11.01.02: Buffer Overflow Vulnerability in Abuse

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 iDEFENSE Security Advisory 11.01.02: http://www.idefense.com/advisory/11.01.02.txt Buffer Overflow Vulnerability in Abuse October 31, 2002 I. BACKGROUND Abuse is a popular side-scrolling video game. More information can be found at

RE: Bypassing website filter in SonicWall

That weakness would exist in any product that filters by domain name, because many of them will not perform a reverse DNS lookup. This would be the behavior of most home products (such as Cyberpatrol) which allow an administrator to specify forbidden domains, but if I wanted to see the site bad

(Correction) Netscreen SSH1 CRC32 Compensation Denial of service

There is a major correction to this data. Netscreen contacted me a couple of minutes after posting this. When they confirmed it was vulnerable to CRC32, it appears they were actually confirming there was a 'problem', and not the actual CRC32 bug. This DoS is unrelated to the CRC32 bug,

ion-p.exe allows Remote File Retrieving

ion-p.exe allows Remote File Retrieving Exploit Example: www.Server.com/cgi-bin/ion-p.exe?page=c:\winnt\repair\sam Zero X, member of www.lobnan.de -- Powered by Outblaze

Re: ion-p.exe allows Remote File Retrieving

Hi, ion-p.exe allows Remote File Retrieving www.Server.com/cgi-bin/ion-p.exe?page=c:\winnt\repair\sam The 'ion-p' *NIX version is also vulnerable. Directory traversal chars can be used, too: /cgi-bin/ion-p?page=../../../../../etc/hosts Bye, Stuart -- Stuart Moore